package org.alfresco.repo.security.sync;

import java.text.DateFormat;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.attributes.Attribute;
import org.alfresco.repo.attributes.LongAttributeValue;
import org.alfresco.repo.attributes.MapAttributeValue;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.management.subsystems.ChildApplicationContextManager;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.attributes.AttributeService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.util.PropertyMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;

/* loaded from: input_file:WEB-INF/lib/alfresco-repository-3.2.jar:org/alfresco/repo/security/sync/ChainingUserRegistrySynchronizer.class */
public class ChainingUserRegistrySynchronizer implements UserRegistrySynchronizer {
    private static final Log logger = LogFactory.getLog(ChainingUserRegistrySynchronizer.class);
    private static final String ROOT_ATTRIBUTE_PATH = ".ChainingUserRegistrySynchronizer";
    private static final String GROUP_LAST_MODIFIED_ATTRIBUTE = "GROUP";
    private static final String PERSON_LAST_MODIFIED_ATTRIBUTE = "PERSON";
    private ChildApplicationContextManager applicationContextManager;
    private String sourceBeanName;
    private AuthorityService authorityService;
    private PersonService personService;
    private AttributeService attributeService;
    private boolean syncWhenMissingPeopleLogIn = true;
    private boolean autoCreatePeopleOnLogin = true;

    public void setApplicationContextManager(ChildApplicationContextManager childApplicationContextManager) {
        this.applicationContextManager = childApplicationContextManager;
    }

    public void setSourceBeanName(String str) {
        this.sourceBeanName = str;
    }

    public void setAuthorityService(AuthorityService authorityService) {
        this.authorityService = authorityService;
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    public void setAttributeService(AttributeService attributeService) {
        this.attributeService = attributeService;
    }

    public void setAutoCreatePeopleOnLogin(boolean z) {
        this.autoCreatePeopleOnLogin = z;
    }

    public void setSyncWhenMissingPeopleLogIn(boolean z) {
        this.syncWhenMissingPeopleLogIn = z;
    }

    @Override // org.alfresco.repo.security.sync.UserRegistrySynchronizer
    public void synchronize(boolean z) {
        TreeSet treeSet = new TreeSet();
        for (String str : this.applicationContextManager.getInstanceIds()) {
            try {
                UserRegistry userRegistry = (UserRegistry) this.applicationContextManager.getApplicationContext(str).getBean(this.sourceBeanName);
                if (!(userRegistry instanceof ActivateableBean) || ((ActivateableBean) userRegistry).isActive()) {
                    if (logger.isInfoEnabled()) {
                        logger.info("Synchronizing users and groups with user registry '" + str + "'");
                    }
                    if (z && logger.isWarnEnabled()) {
                        logger.warn("Forced synchronization with user registry '" + str + "'; some users and groups previously created by synchronization with this user registry may be removed.");
                    }
                    int syncPersonsWithPlugin = syncPersonsWithPlugin(str, userRegistry, z, treeSet);
                    int syncGroupsWithPlugin = syncGroupsWithPlugin(str, userRegistry, z, treeSet);
                    if (logger.isInfoEnabled()) {
                        logger.info("Finished synchronizing users and groups with user registry '" + str + "'");
                        logger.info(syncPersonsWithPlugin + " user(s) and " + syncGroupsWithPlugin + " group(s) processed");
                    }
                }
            } catch (NoSuchBeanDefinitionException e) {
            }
        }
    }

    @Override // org.alfresco.repo.security.sync.UserRegistrySynchronizer
    public boolean createMissingPerson(String str) {
        if (str == null || str.equals(AuthenticationUtil.getSystemUserName())) {
            return false;
        }
        if (this.syncWhenMissingPeopleLogIn) {
            synchronize(false);
            if (this.personService.personExists(str)) {
                return true;
            }
        }
        if (!this.autoCreatePeopleOnLogin || !this.personService.createMissingPeople() || AuthorityType.getAuthorityType(str) != AuthorityType.USER) {
            return false;
        }
        this.personService.getPerson(str);
        return true;
    }

    private int syncPersonsWithPlugin(String str, UserRegistry userRegistry, boolean z, Set<String> set) {
        String str2 = AuthorityService.ZONE_AUTH_EXT_PREFIX + str;
        int i = 0;
        long mostRecentUpdateTime = z ? -1L : getMostRecentUpdateTime(PERSON_LAST_MODIFIED_ATTRIBUTE, str2);
        Date date = mostRecentUpdateTime == -1 ? null : new Date(mostRecentUpdateTime);
        if (logger.isInfoEnabled()) {
            if (date == null) {
                logger.info("Retrieving all users from user registry '" + str + "'");
            } else {
                logger.info("Retrieving users changed since " + DateFormat.getDateTimeInstance().format(date) + " from user registry '" + str + "'");
            }
        }
        Iterator<NodeDescription> persons = userRegistry.getPersons(date);
        Set<String> allAuthoritiesInZone = this.authorityService.getAllAuthoritiesInZone(str2, AuthorityType.USER);
        while (persons.hasNext()) {
            NodeDescription next = persons.next();
            PropertyMap properties = next.getProperties();
            String str3 = (String) properties.get(ContentModel.PROP_USERNAME);
            if (allAuthoritiesInZone.remove(str3)) {
                if (logger.isInfoEnabled()) {
                    logger.info("Updating user '" + str3 + "'");
                }
                this.personService.setPersonProperties(str3, properties);
            } else {
                Set<String> authorityZones = this.authorityService.getAuthorityZones(str3);
                if (authorityZones != null) {
                    authorityZones.retainAll(set);
                    if (authorityZones.size() <= 0) {
                        if (logger.isWarnEnabled()) {
                            logger.warn("Recreating occluded user '" + str3 + "'. This user was previously created manually or through synchronization with a lower priority user registry.");
                        }
                        this.personService.deletePerson(str3);
                    }
                } else if (logger.isInfoEnabled()) {
                    logger.info("Creating user '" + str3 + "'");
                }
                this.personService.createPerson(properties, getZones(str2));
            }
            i++;
            Date lastModified = next.getLastModified();
            if (lastModified != null) {
                mostRecentUpdateTime = Math.max(mostRecentUpdateTime, lastModified.getTime());
            }
        }
        if (z && !allAuthoritiesInZone.isEmpty()) {
            for (String str4 : allAuthoritiesInZone) {
                if (logger.isWarnEnabled()) {
                    logger.warn("Deleting user '" + str4 + "'");
                }
                this.personService.deletePerson(str4);
                i++;
            }
        }
        if (mostRecentUpdateTime != -1) {
            setMostRecentUpdateTime(PERSON_LAST_MODIFIED_ATTRIBUTE, str2, mostRecentUpdateTime);
        }
        set.add(str2);
        return i;
    }

    private int syncGroupsWithPlugin(String str, UserRegistry userRegistry, boolean z, Set<String> set) {
        String str2 = AuthorityService.ZONE_AUTH_EXT_PREFIX + str;
        int i = 0;
        long mostRecentUpdateTime = z ? -1L : getMostRecentUpdateTime(GROUP_LAST_MODIFIED_ATTRIBUTE, str2);
        Date date = mostRecentUpdateTime == -1 ? null : new Date(mostRecentUpdateTime);
        if (logger.isInfoEnabled()) {
            if (date == null) {
                logger.info("Retrieving all groups from user registry '" + str + "'");
            } else {
                logger.info("Retrieving groups changed since " + DateFormat.getDateTimeInstance().format(date) + " from user registry '" + str + "'");
            }
        }
        Iterator<NodeDescription> groups = userRegistry.getGroups(date);
        TreeMap treeMap = new TreeMap();
        Set<String> allAuthoritiesInZone = this.authorityService.getAllAuthoritiesInZone(str2, AuthorityType.GROUP);
        while (groups.hasNext()) {
            NodeDescription next = groups.next();
            PropertyMap properties = next.getProperties();
            String str3 = (String) properties.get(ContentModel.PROP_AUTHORITY_NAME);
            if (allAuthoritiesInZone.remove(str3)) {
                Set<String> containedAuthorities = this.authorityService.getContainedAuthorities(null, str3, true);
                Set<String> childAssociations = next.getChildAssociations();
                TreeSet<String> treeSet = new TreeSet(containedAuthorities);
                TreeSet treeSet2 = new TreeSet(childAssociations);
                treeSet.removeAll(childAssociations);
                treeSet2.removeAll(containedAuthorities);
                if (!treeSet2.isEmpty()) {
                    treeMap.put(str3, treeSet2);
                }
                for (String str4 : treeSet) {
                    if (logger.isInfoEnabled()) {
                        logger.info("Removing '" + this.authorityService.getShortName(str4) + "' from group '" + this.authorityService.getShortName(str3) + "'");
                    }
                    this.authorityService.removeAuthority(str3, str4);
                }
            } else {
                String shortName = this.authorityService.getShortName(str3);
                Set<String> authorityZones = this.authorityService.getAuthorityZones(str3);
                if (authorityZones != null) {
                    authorityZones.retainAll(set);
                    if (authorityZones.size() <= 0) {
                        if (logger.isWarnEnabled()) {
                            logger.warn("Recreating occluded group '" + shortName + "'. This group was previously created manually or through synchronization with a lower priority user registry.");
                        }
                        this.authorityService.deleteAuthority(str3);
                    }
                } else if (logger.isInfoEnabled()) {
                    logger.info("Creating group '" + shortName + "'");
                }
                this.authorityService.createAuthority(AuthorityType.getAuthorityType(str3), shortName, (String) properties.get(ContentModel.PROP_AUTHORITY_DISPLAY_NAME), getZones(str2));
                Set<String> childAssociations2 = next.getChildAssociations();
                if (!childAssociations2.isEmpty()) {
                    treeMap.put(str3, childAssociations2);
                }
            }
            i++;
            Date lastModified = next.getLastModified();
            if (lastModified != null) {
                mostRecentUpdateTime = Math.max(mostRecentUpdateTime, lastModified.getTime());
            }
        }
        for (Map.Entry entry : treeMap.entrySet()) {
            for (String str5 : (Set) entry.getValue()) {
                String str6 = (String) entry.getKey();
                if (logger.isInfoEnabled()) {
                    logger.info("Adding '" + this.authorityService.getShortName(str5) + "' to group '" + this.authorityService.getShortName(str6) + "'");
                }
                try {
                    this.authorityService.addAuthority(str6, str5);
                } catch (Exception e) {
                    if (logger.isWarnEnabled()) {
                        logger.warn("Failed to add '" + this.authorityService.getShortName(str5) + "' to group '" + this.authorityService.getShortName(str6) + "'", e);
                    }
                }
            }
        }
        if (z && !allAuthoritiesInZone.isEmpty()) {
            for (String str7 : allAuthoritiesInZone) {
                if (logger.isWarnEnabled()) {
                    logger.warn("Deleting group '" + this.authorityService.getShortName(str7) + "'");
                }
                this.authorityService.deleteAuthority(str7);
                i++;
            }
        }
        if (mostRecentUpdateTime != -1) {
            setMostRecentUpdateTime(GROUP_LAST_MODIFIED_ATTRIBUTE, str2, mostRecentUpdateTime);
        }
        set.add(str2);
        return i;
    }

    private long getMostRecentUpdateTime(String str, String str2) {
        Attribute attribute = this.attributeService.getAttribute(".ChainingUserRegistrySynchronizer/" + str + '/' + str2);
        if (attribute == null) {
            return -1L;
        }
        return attribute.getLongValue();
    }

    private void setMostRecentUpdateTime(String str, String str2, long j) {
        String str3 = ".ChainingUserRegistrySynchronizer/" + str;
        if (!this.attributeService.exists(str3)) {
            if (!this.attributeService.exists(ROOT_ATTRIBUTE_PATH)) {
                this.attributeService.setAttribute("", ROOT_ATTRIBUTE_PATH, new MapAttributeValue());
            }
            this.attributeService.setAttribute(ROOT_ATTRIBUTE_PATH, str, new MapAttributeValue());
        }
        this.attributeService.setAttribute(str3, str2, new LongAttributeValue(j));
    }

    private Set<String> getZones(String str) {
        HashSet hashSet = new HashSet(2, 1.0f);
        hashSet.add(AuthorityService.ZONE_APP_DEFAULT);
        hashSet.add(str);
        return hashSet;
    }
}
