package org.cloudfoundry.identity.uaa.scim.jdbc;

import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.scim.ScimGroup;
import org.cloudfoundry.identity.uaa.scim.ScimGroupMember;
import org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager;
import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning;
import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning;
import org.cloudfoundry.identity.uaa.scim.exception.InvalidScimResourceException;
import org.cloudfoundry.identity.uaa.scim.exception.MemberAlreadyExistsException;
import org.cloudfoundry.identity.uaa.scim.exception.MemberNotFoundException;
import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceConstraintFailedException;
import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException;
import org.cloudfoundry.identity.uaa.util.TimeBasedExpiringValueMap;
import org.cloudfoundry.identity.uaa.util.TimeService;
import org.cloudfoundry.identity.uaa.util.TimeServiceImpl;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.dao.DuplicateKeyException;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.dao.IncorrectResultSizeDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.PreparedStatementSetter;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.jdbc.core.SingleColumnRowMapper;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.24.0.jar:org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManager.class */
public class JdbcScimGroupMembershipManager implements ScimGroupMembershipManager, InitializingBean {
    private JdbcTemplate jdbcTemplate;
    public static final String MEMBERSHIP_TABLE = "group_membership";
    public static final String GROUP_TABLE = "groups";
    private ScimUserProvisioning userProvisioning;
    private ScimGroupProvisioning groupProvisioning;
    private IdentityZoneProvisioning zoneProvisioning;
    private ScimGroupMemberRowMapper rowMapper;
    public static final String ADD_MEMBER_SQL = String.format("insert into %s ( %s ) values (?,?,?,?,?,?,?)", "group_membership", "group_id,member_id,member_type,authorities,added,origin,identity_zone_id");
    public static final String GET_GROUPS_BY_MEMBER_SQL = String.format("select distinct(group_id) from %s where member_id=? and identity_zone_id=?", "group_membership");
    public static final String MEMBERSHIP_FIELDS = "group_id,member_id,member_type,authorities,added,origin";
    public static final String GET_MEMBERS_SQL = String.format("select %s from %s where group_id=? and identity_zone_id=?", MEMBERSHIP_FIELDS, "group_membership");
    public static final String GET_MEMBER_SQL = String.format("select %s from %s where member_id=? and group_id=? and identity_zone_id=?", MEMBERSHIP_FIELDS, "group_membership");
    public static final String DELETE_MEMBER_WITH_ORIGIN_SQL = String.format("delete from %s where member_id=? and origin = ? and identity_zone_id=?", "group_membership");
    public static final String DELETE_MEMBER_SQL = String.format("delete from %s where member_id=? and group_id = ? and identity_zone_id=?", "group_membership");
    public static final String DELETE_MEMBERS_WITH_ORIGIN_GROUP_SQL = String.format("delete from %s where origin=? and identity_zone_id=?", "group_membership");
    public static final String DELETE_MEMBERS_IN_GROUP_SQL = String.format("delete from %s where group_id=? and identity_zone_id=?", "group_membership");
    public static final String DELETE_MEMBER_IN_GROUPS_SQL_USER = String.format("delete from %s where member_id=? and member_type='USER' and identity_zone_id=?", "group_membership");
    public static final String DELETE_MEMBER_IN_GROUPS_SQL_GROUP = String.format("delete from %s where member_id=? and member_type='GROUP' and identity_zone_id=?", "group_membership");
    public static final String GET_GROUPS_BY_EXTERNAL_MEMBER_SQL = String.format("select g.id, g.displayName, g.description, g.created, g.lastModified, g.version, g.identity_zone_id from %s m, %s g where m.group_id = g.id and g.identity_zone_id = ? and m.member_id = ? and m.origin = ?", "group_membership", "groups");
    private TimeService timeService = new TimeServiceImpl();
    private final Log logger = LogFactory.getLog(getClass());
    private TimeBasedExpiringValueMap<String, ScimGroup> defaultGroupCache = new TimeBasedExpiringValueMap<>(this.timeService);

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.24.0.jar:org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManager$ScimGroupMemberRowMapper.class */
    public static final class ScimGroupMemberRowMapper implements RowMapper<ScimGroupMember> {
        protected ScimGroupMemberRowMapper() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.jdbc.core.RowMapper
        public ScimGroupMember mapRow(ResultSet resultSet, int i) throws SQLException {
            String string = resultSet.getString(2);
            String string2 = resultSet.getString(3);
            String string3 = resultSet.getString(6);
            ScimGroupMember scimGroupMember = new ScimGroupMember(string, ScimGroupMember.Type.valueOf(string2));
            scimGroupMember.setOrigin(string3);
            return scimGroupMember;
        }
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        this.defaultGroupCache = new TimeBasedExpiringValueMap<>(this.timeService);
    }

    public Set<ScimGroup> getDefaultUserGroups(String str) {
        if (!StringUtils.hasText(str)) {
            return Collections.emptySet();
        }
        IdentityZone identityZone = IdentityZoneHolder.get();
        List<String> defaultGroups = identityZone.getConfig().getUserConfig().getDefaultGroups();
        if (!str.equals(identityZone.getId())) {
            defaultGroups = this.zoneProvisioning.retrieve(str).getConfig().getUserConfig().getDefaultGroups();
        }
        return (Set) defaultGroups.stream().map(str2 -> {
            return createOrGetGroup(str2, str);
        }).collect(Collectors.toSet());
    }

    public ScimGroup createOrGetGroup(String str, String str2) {
        String str3 = str2 + str;
        ScimGroup scimGroup = this.defaultGroupCache.get(str3);
        if (scimGroup == null) {
            scimGroup = this.groupProvisioning.createOrGet(new ScimGroup(null, str, str2), str2);
            this.defaultGroupCache.put(str3, scimGroup);
        }
        return scimGroup;
    }

    public void setZoneProvisioning(IdentityZoneProvisioning identityZoneProvisioning) {
        this.zoneProvisioning = identityZoneProvisioning;
    }

    public void setScimUserProvisioning(ScimUserProvisioning scimUserProvisioning) {
        this.userProvisioning = scimUserProvisioning;
    }

    public void setScimGroupProvisioning(ScimGroupProvisioning scimGroupProvisioning) {
        this.groupProvisioning = scimGroupProvisioning;
    }

    public void setTimeService(TimeService timeService) {
        this.timeService = timeService;
    }

    public JdbcScimGroupMembershipManager(JdbcTemplate jdbcTemplate) {
        Assert.notNull(jdbcTemplate);
        this.jdbcTemplate = jdbcTemplate;
        this.rowMapper = new ScimGroupMemberRowMapper();
    }

    public boolean isDefaultGroup(String str, String str2) {
        Iterator<ScimGroup> it = getDefaultUserGroups(str2).iterator();
        while (it.hasNext()) {
            if (it.next().getId().equals(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public ScimGroupMember addMember(String str, ScimGroupMember scimGroupMember, String str2) throws ScimResourceNotFoundException, MemberAlreadyExistsException {
        if (isDefaultGroup(str, str2)) {
            throw new MemberAlreadyExistsException("Trying to add member to default group");
        }
        validateRequest(str, scimGroupMember, str2);
        String type = (scimGroupMember.getType() == null ? ScimGroupMember.Type.USER : scimGroupMember.getType()).toString();
        try {
            this.logger.debug("Associating group:" + str + " with member:" + scimGroupMember);
            this.jdbcTemplate.update(ADD_MEMBER_SQL, preparedStatement -> {
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, scimGroupMember.getMemberId());
                preparedStatement.setString(3, type);
                preparedStatement.setNull(4, 12);
                preparedStatement.setTimestamp(5, new Timestamp(new Date().getTime()));
                preparedStatement.setString(6, scimGroupMember.getOrigin());
                preparedStatement.setString(7, str2);
            });
            return getMemberById(str, scimGroupMember.getMemberId(), str2);
        } catch (DuplicateKeyException e) {
            throw new MemberAlreadyExistsException(scimGroupMember.getMemberId() + " is already part of the group: " + str);
        }
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public List<ScimGroupMember> getMembers(String str, boolean z, String str2) throws ScimResourceNotFoundException {
        List<ScimGroupMember> query = this.jdbcTemplate.query(GET_MEMBERS_SQL, this.rowMapper, str, str2);
        if (z) {
            for (ScimGroupMember scimGroupMember : query) {
                if (scimGroupMember.getType().equals(ScimGroupMember.Type.USER)) {
                    scimGroupMember.setEntity(this.userProvisioning.retrieve(scimGroupMember.getMemberId(), IdentityZoneHolder.get().getId()));
                } else if (scimGroupMember.getType().equals(ScimGroupMember.Type.GROUP)) {
                    scimGroupMember.setEntity(this.groupProvisioning.retrieve(scimGroupMember.getMemberId(), IdentityZoneHolder.get().getId()));
                }
            }
        }
        return new ArrayList(query);
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public Set<ScimGroup> getGroupsWithMember(String str, boolean z, String str2) throws ScimResourceNotFoundException {
        ArrayList arrayList = new ArrayList();
        getGroupsWithMember(arrayList, str, z, str2);
        if (isUser(str)) {
            arrayList.addAll(getDefaultUserGroups(str2));
        }
        return new HashSet(arrayList);
    }

    private void getGroupsWithMember(List<ScimGroup> list, final String str, boolean z, final String str2) {
        List<String> list2;
        if (list == null) {
            return;
        }
        try {
            list2 = this.jdbcTemplate.query(GET_GROUPS_BY_MEMBER_SQL, new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupMembershipManager.1
                @Override // org.springframework.jdbc.core.PreparedStatementSetter
                public void setValues(PreparedStatement preparedStatement) throws SQLException {
                    preparedStatement.setString(1, str);
                    preparedStatement.setString(2, str2);
                }
            }, new SingleColumnRowMapper(String.class));
        } catch (EmptyResultDataAccessException e) {
            list2 = Collections.EMPTY_LIST;
        }
        for (String str3 : list2) {
            try {
                ScimGroup retrieve = this.groupProvisioning.retrieve(str3, IdentityZoneHolder.get().getId());
                if (!list.contains(retrieve)) {
                    list.add(retrieve);
                    if (z) {
                        getGroupsWithMember(list, str3, z, str2);
                    }
                }
            } catch (ScimResourceNotFoundException e2) {
            }
        }
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public Set<ScimGroup> getGroupsWithExternalMember(String str, String str2) throws ScimResourceNotFoundException {
        List emptyList;
        try {
            emptyList = this.jdbcTemplate.query(GET_GROUPS_BY_EXTERNAL_MEMBER_SQL, preparedStatement -> {
                preparedStatement.setString(1, IdentityZoneHolder.get().getId());
                preparedStatement.setString(2, str);
                preparedStatement.setString(3, str2);
            }, new ScimGroupRowMapper());
        } catch (EmptyResultDataAccessException e) {
            emptyList = Collections.emptyList();
        }
        return new HashSet(emptyList);
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public ScimGroupMember getMemberById(String str, String str2, String str3) throws ScimResourceNotFoundException, MemberNotFoundException {
        try {
            return (ScimGroupMember) this.jdbcTemplate.queryForObject(GET_MEMBER_SQL, this.rowMapper, str2, str, str3);
        } catch (EmptyResultDataAccessException e) {
            throw new MemberNotFoundException("Member " + str2 + " does not exist in group " + str);
        }
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public List<ScimGroupMember> updateOrAddMembers(String str, List<ScimGroupMember> list, String str2) throws ScimResourceNotFoundException {
        List<ScimGroupMember> members = getMembers(str, false, str2);
        this.logger.debug("current-members: " + members + ", in request: " + list);
        ArrayList arrayList = new ArrayList(members);
        arrayList.removeAll(list);
        this.logger.debug("removing members: " + arrayList);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            removeMemberById(str, ((ScimGroupMember) it.next()).getMemberId(), str2);
        }
        ArrayList arrayList2 = new ArrayList(list);
        arrayList2.removeAll(members);
        this.logger.debug("adding new members: " + arrayList2);
        Iterator it2 = arrayList2.iterator();
        while (it2.hasNext()) {
            addMember(str, (ScimGroupMember) it2.next(), str2);
        }
        return getMembers(str, false, str2);
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public ScimGroupMember removeMemberById(final String str, final String str2, final String str3) throws ScimResourceNotFoundException, MemberNotFoundException {
        ScimGroupMember memberById = getMemberById(str, str2, str3);
        int update = this.jdbcTemplate.update(DELETE_MEMBER_SQL, new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupMembershipManager.2
            @Override // org.springframework.jdbc.core.PreparedStatementSetter
            public void setValues(PreparedStatement preparedStatement) throws SQLException {
                preparedStatement.setString(2, str);
                preparedStatement.setString(1, str2);
                preparedStatement.setString(3, str3);
            }
        });
        if (update != 1) {
            throw new IncorrectResultSizeDataAccessException("unexpected number of members removed", 1, update);
        }
        return memberById;
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public List<ScimGroupMember> removeMembersByGroupId(final String str, final String str2) throws ScimResourceNotFoundException {
        List<ScimGroupMember> members = getMembers(str, false, str2);
        this.logger.debug("removing " + members + " members from group: " + str);
        int update = this.jdbcTemplate.update(DELETE_MEMBERS_IN_GROUP_SQL, new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupMembershipManager.3
            @Override // org.springframework.jdbc.core.PreparedStatementSetter
            public void setValues(PreparedStatement preparedStatement) throws SQLException {
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, str2);
            }
        });
        if (update != members.size()) {
            throw new IncorrectResultSizeDataAccessException("unexpected number of members removed", members.size(), update);
        }
        return members;
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public Set<ScimGroup> removeMembersByMemberId(String str, String str2) throws ScimResourceNotFoundException {
        Set<ScimGroup> groupsWithMember = getGroupsWithMember(str, false, str2);
        this.logger.debug("removing " + str + " from groups: " + groupsWithMember);
        String str3 = DELETE_MEMBER_IN_GROUPS_SQL_GROUP;
        if (isUser(str)) {
            str3 = DELETE_MEMBER_IN_GROUPS_SQL_USER;
        }
        int update = this.jdbcTemplate.update(str3, preparedStatement -> {
            preparedStatement.setString(1, str);
            preparedStatement.setString(2, str2);
        });
        int size = isUser(str) ? groupsWithMember.size() - getDefaultUserGroups(str2).size() : groupsWithMember.size();
        if (update != size) {
            throw new IncorrectResultSizeDataAccessException("unexpected number of members removed", size, update);
        }
        return groupsWithMember;
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public Set<ScimGroup> removeMembersByMemberId(String str, String str2, String str3) throws ScimResourceNotFoundException {
        Set<ScimGroup> groupsWithMember = getGroupsWithMember(str, false, str3);
        this.logger.debug("removing " + str + " from groups: " + groupsWithMember);
        this.logger.debug(String.format("Deleted %s memberships for member %s", Integer.valueOf(this.jdbcTemplate.update(DELETE_MEMBER_WITH_ORIGIN_SQL, preparedStatement -> {
            preparedStatement.setString(1, str);
            preparedStatement.setString(2, str2);
            preparedStatement.setString(3, str3);
        })), str));
        return groupsWithMember;
    }

    private boolean isUser(String str) {
        try {
            this.userProvisioning.retrieve(str, IdentityZoneHolder.get().getId());
            return true;
        } catch (ScimResourceNotFoundException e) {
            return false;
        }
    }

    private void validateRequest(String str, ScimGroupMember scimGroupMember, String str2) {
        if (!StringUtils.hasText(str) || !StringUtils.hasText(scimGroupMember.getMemberId()) || !StringUtils.hasText(scimGroupMember.getOrigin())) {
            throw new InvalidScimResourceException("group-id, member-id, origin and member-type must be non-empty");
        }
        if (str.equals(scimGroupMember.getMemberId())) {
            throw new InvalidScimResourceException("trying to nest group within itself, aborting");
        }
        ScimGroup retrieve = this.groupProvisioning.retrieve(str, IdentityZoneHolder.get().getId());
        String zoneId = scimGroupMember.getType() == ScimGroupMember.Type.GROUP ? this.groupProvisioning.retrieve(scimGroupMember.getMemberId(), IdentityZoneHolder.get().getId()).getZoneId() : this.userProvisioning.retrieve(scimGroupMember.getMemberId(), IdentityZoneHolder.get().getId()).getZoneId();
        if (!zoneId.equals(retrieve.getZoneId())) {
            throw new ScimResourceConstraintFailedException("The zone of the group and the member must be the same.");
        }
        if (!zoneId.equals(str2)) {
            throw new ScimResourceConstraintFailedException("Unable to make membership changes in a different zone");
        }
    }

    @Override // org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager
    public void deleteMembersByOrigin(String str, String str2) throws ScimResourceNotFoundException {
        this.jdbcTemplate.update(DELETE_MEMBERS_WITH_ORIGIN_GROUP_SQL, str, str2);
    }
}
