package org.alfresco.an2.server.security;

import com.datastax.driver.core.BatchStatement;
import com.datastax.driver.core.ResultSet;
import com.datastax.driver.core.Row;
import com.datastax.driver.core.Session;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import java.util.UUID;
import org.alfresco.an2.api.VersionCheckException;
import org.alfresco.an2.api.paging.PageData;
import org.alfresco.an2.api.paging.PageRequest;
import org.alfresco.an2.api.security.GroupExistsException;
import org.alfresco.an2.api.security.GroupMemberExistsException;
import org.alfresco.an2.api.security.GroupService;
import org.alfresco.an2.api.security.UserService;
import org.alfresco.an2.events.security.UsernameChangedEvent;
import org.alfresco.an2.spi.security.GroupServiceSPI;
import org.alfresco.an2.spi.security.UserServiceSPI;
import org.alfresco.cassandra.StatementStore;
import org.alfresco.error.AlfrescoRuntimeException;
import org.apache.camel.Body;
import org.apache.camel.Consume;
import org.apache.camel.ExchangePattern;
import org.apache.camel.Header;
import org.apache.camel.LoggingLevel;
import org.apache.camel.Route;
import org.apache.camel.builder.PredicateBuilder;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.model.dataformat.JsonLibrary;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.transaction.interceptor.RuleBasedTransactionAttribute;

/* loaded from: input_file:WEB-INF/classes/org/alfresco/an2/server/security/Cx1GroupService.class */
public class Cx1GroupService implements GroupServiceSPI {
    private static final String INSERT_DATA_GROUPS = "INSERT INTO alf_data_groups (tenant, id, version, group, roles) VALUES (?, ?, ?, ?, ?) IF NOT EXISTS";
    private static final String SELECT_DATA_GROUPS = "SELECT version, group, roles FROM alf_data_groups WHERE tenant = ? AND id = ?";
    private static final String INSERT_LOOKUP_DATA_GROUP_IDS = "INSERT INTO alf_lookup_group_ids (tenant, group, id) VALUES (?, ?, ?) IF NOT EXISTS";
    private static final String SELECT_LOOKUP_GROUP_IDS = "SELECT id FROM alf_lookup_group_ids WHERE tenant = ? AND group = ?";
    private static final String INSERT_DATA_GROUP_MEMBERS = "INSERT INTO alf_data_group_members (tenant, group_id, user_id) VALUES (?, ?, ?) IF NOT EXISTS";
    private static final String DELETE_DATA_GROUP_MEMBERS = "DELETE FROM alf_data_group_members WHERE tenant = ? AND group_id = ? and user_id = ?";
    private static final String INSERT_QUERY_GROUP_MEMBERS_WITH_USERNAME = "INSERT INTO alf_query_group_members_with_username (tenant, group_id, username, user_id) VALUES (?, ?, ?, ?) ";
    private static final String SELECT_QUERY_GROUP_MEMBERS_WITH_USERNAME = "SELECT username, user_id FROM alf_query_group_members_with_username WHERE tenant = ? AND group_id = ?";
    private static final String DELETE_QUERY_GROUP_MEMBERS_WITH_USERNAME = "DELETE FROM alf_query_group_members_with_username WHERE tenant = ? AND group_id = ? AND username = ? ";
    private static final String INSERT_QUERY_GROUPS_BY_USER = "INSERT INTO alf_query_groups_by_user (tenant, user_id, group_id) VALUES (?, ?, ?) ";
    private static final String SELECT_QUERY_GROUPS_BY_USER = "SELECT group_id FROM alf_query_groups_by_user WHERE tenant = ? AND user_id = ?";
    private static final String DELETE_QUERY_GROUPS_BY_USER = "DELETE FROM alf_query_groups_by_user WHERE tenant = ? AND user_id = ? AND group_id = ?";
    private static Log logger = LogFactory.getLog(Cx1GroupService.class);
    private final StatementStore stmts;
    private final UserServiceSPI userServiceSPI;
    public static final String CX1_GROUPSERVICE_QUEUE = "jms:queue:org.alfresco.an2.Cx1GroupService";
    private static final String ENDPOINT_DIRECT_USERNAME_CHANGED = "direct:Cx1GroupService.UsernameChanged";

    /* loaded from: input_file:WEB-INF/classes/org/alfresco/an2/server/security/Cx1GroupService$UserServiceSpiListener.class */
    public static class UserServiceSpiListener extends RouteBuilder {
        @Override // org.apache.camel.builder.RouteBuilder
        public void configure() throws Exception {
            from(UserServiceSPI.QUEUE).routeId(getClass().getSimpleName()).setExchangePattern(ExchangePattern.InOnly).handleFault().choice().when(PredicateBuilder.and(header("event").isEqualTo(UserService.EVENT_USERNAME_CHANGED), header("version").isEqualTo("1"))).unmarshal().json(JsonLibrary.Jackson, UsernameChangedEvent.UsernameChangedEventV1.class, true).to(Cx1GroupService.ENDPOINT_DIRECT_USERNAME_CHANGED).endChoice().otherwise().log(LoggingLevel.ERROR, "Unhandled message.");
        }
    }

    public static void initKeySpace(Session session) {
        session.execute("CREATE TABLE alf_data_groups(   tenant TEXT,   id UUID,   version UUID,   group TEXT,   roles SET<TEXT>,   PRIMARY KEY ((tenant), id))");
        session.execute("CREATE TABLE alf_data_group_members(   tenant TEXT,   group_id UUID,   user_id UUID,   PRIMARY KEY ((tenant), group_id, user_id))");
        session.execute("CREATE TABLE alf_lookup_group_ids(   tenant TEXT,   group TEXT,   id UUID,   PRIMARY KEY ((tenant), group))");
        session.execute("CREATE TABLE alf_query_group_members_with_username(   tenant TEXT,   group_id UUID,   username TEXT,   user_id UUID,   PRIMARY KEY ((tenant, group_id), username))");
        session.execute("CREATE TABLE alf_query_groups_by_user(   tenant TEXT,   user_id UUID,   group_id UUID,   PRIMARY KEY ((tenant, user_id), group_id))");
    }

    public Cx1GroupService(Session session, UserServiceSPI userServiceSPI) {
        this.stmts = new StatementStore(session);
        this.userServiceSPI = userServiceSPI;
    }

    @Override // org.alfresco.an2.spi.security.GroupServiceSPI
    public void createGroup(ServiceCallContext serviceCallContext, String str, Set<String> set) {
        String schema = serviceCallContext.getSchema();
        String tenant = serviceCallContext.getTenant();
        UUID randomUUID = UUID.randomUUID();
        UUID randomUUID2 = UUID.randomUUID();
        if (!this.stmts.executeInsert(schema, INSERT_LOOKUP_DATA_GROUP_IDS, tenant, str, randomUUID)) {
            throw new GroupExistsException(tenant, str);
        }
        if (!this.stmts.executeInsert(schema, INSERT_DATA_GROUPS, tenant, randomUUID, randomUUID2, str, set)) {
            throw new AlfrescoRuntimeException("Failed to insert new group '" + str + "' with randomly-generated ID '" + randomUUID + "' in tenant '" + tenant + "'.");
        }
        if (logger.isDebugEnabled()) {
            logger.debug(String.format("Created group %s (ID %s) in tenant %s (schema %s)", str, randomUUID, tenant, schema));
        }
    }

    @Override // org.alfresco.an2.spi.security.GroupServiceSPI
    public String getGroupId(ServiceCallContext serviceCallContext, String str) {
        Row one = this.stmts.executeStatement(serviceCallContext.getSchema(), SELECT_LOOKUP_GROUP_IDS, serviceCallContext.getTenant(), str).one();
        if (one == null) {
            return null;
        }
        return one.getUUID("id").toString();
    }

    @Override // org.alfresco.an2.spi.security.GroupServiceSPI
    public GroupServiceSPI.GroupDetails getGroup(ServiceCallContext serviceCallContext, String str) {
        String schema = serviceCallContext.getSchema();
        String tenant = serviceCallContext.getTenant();
        Row one = this.stmts.executeStatement(schema, SELECT_DATA_GROUPS, tenant, UUID.fromString(str)).one();
        if (one == null) {
            return null;
        }
        return new GroupServiceSPI.GroupDetails(tenant, str, one.getUUID("version").toString(), one.getString(Route.GROUP_PROPERTY), one.getSet("roles", String.class));
    }

    @Override // org.alfresco.an2.spi.security.GroupServiceSPI
    public void addUserToGroup(ServiceCallContext serviceCallContext, String str, String str2) {
        UserServiceSPI.UserAuthenticationDetails userAuthenticationDetails = this.userServiceSPI.getUserAuthenticationDetails(serviceCallContext, str2);
        if (userAuthenticationDetails == null) {
            throw new VersionCheckException("user", str2, RuleBasedTransactionAttribute.PREFIX_ROLLBACK_RULE);
        }
        String username = userAuthenticationDetails.getUsername();
        String schema = serviceCallContext.getSchema();
        String tenant = serviceCallContext.getTenant();
        if (!this.stmts.executeInsert(schema, INSERT_DATA_GROUP_MEMBERS, tenant, UUID.fromString(str), UUID.fromString(str2))) {
            throw new GroupMemberExistsException(str2, str, tenant);
        }
        StatementStore.StatementBatch batch = this.stmts.getBatch(schema, BatchStatement.Type.UNLOGGED);
        batch.addStatement(INSERT_QUERY_GROUP_MEMBERS_WITH_USERNAME, tenant, UUID.fromString(str), username, UUID.fromString(str2));
        batch.addStatement(INSERT_QUERY_GROUPS_BY_USER, tenant, UUID.fromString(str2), UUID.fromString(str));
        batch.execute();
        if (logger.isDebugEnabled()) {
            logger.debug(String.format("Added user %s to group %s in tenant %s (schema %s)", str2, str, tenant, schema));
        }
    }

    @Override // org.alfresco.an2.spi.security.GroupServiceSPI
    public void removeUserFromGroup(ServiceCallContext serviceCallContext, String str, String str2) {
        UserServiceSPI.UserAuthenticationDetails userAuthenticationDetails = this.userServiceSPI.getUserAuthenticationDetails(serviceCallContext, str2);
        if (userAuthenticationDetails == null) {
            throw new VersionCheckException("user", str2, RuleBasedTransactionAttribute.PREFIX_ROLLBACK_RULE);
        }
        String username = userAuthenticationDetails.getUsername();
        String schema = serviceCallContext.getSchema();
        String tenant = serviceCallContext.getTenant();
        StatementStore.StatementBatch batch = this.stmts.getBatch(schema, BatchStatement.Type.UNLOGGED);
        batch.addStatement(DELETE_DATA_GROUP_MEMBERS, tenant, UUID.fromString(str), UUID.fromString(str2));
        batch.addStatement(DELETE_QUERY_GROUP_MEMBERS_WITH_USERNAME, tenant, UUID.fromString(str), username);
        batch.addStatement(DELETE_QUERY_GROUPS_BY_USER, tenant, UUID.fromString(str2), UUID.fromString(str));
        batch.execute();
        if (logger.isDebugEnabled()) {
            logger.debug(String.format("Removed user %s from group %s in tenant %s (schema %s)", str2, str, tenant, schema));
        }
    }

    @Override // org.alfresco.an2.spi.security.GroupServiceSPI
    public PageData<GroupService.GroupMembership> getGroupMembers(ServiceCallContext serviceCallContext, String str, PageRequest pageRequest) {
        GroupServiceSPI.GroupDetails group = getGroup(serviceCallContext, str);
        if (group == null) {
            return new PageData<>(Collections.emptyList(), null);
        }
        String schema = serviceCallContext.getSchema();
        String tenant = serviceCallContext.getTenant();
        int pageSize = pageRequest.getPageSize();
        ResultSet executeStatement = this.stmts.executeStatement(schema, pageSize, pageRequest.getNextPageState(), SELECT_QUERY_GROUP_MEMBERS_WITH_USERNAME, tenant, UUID.fromString(str));
        ArrayList arrayList = new ArrayList(pageRequest.getPageSize());
        for (Row row : executeStatement) {
            String uuid = row.getUUID("user_id").toString();
            String str2 = row.getString("username").toString();
            if (this.userServiceSPI.getUserAuthenticationDetails(serviceCallContext, uuid) != null) {
                arrayList.add(new GroupService.GroupMembership(group.getGroup(), str2));
                if (arrayList.size() == pageSize) {
                    break;
                }
            } else {
                removeUserFromGroup(serviceCallContext, str, uuid);
            }
        }
        PageData<GroupService.GroupMembership> pageData = new PageData<>(arrayList, executeStatement.isFullyFetched() ? null : executeStatement.getExecutionInfo().getPagingState().toString());
        if (logger.isDebugEnabled()) {
            logger.debug(String.format("Retrieved %d group members for group %s in tenant %s (schema %s)", str, tenant, schema));
        }
        return pageData;
    }

    private void updateUsername(ServiceCallContext serviceCallContext, String str, String str2, String str3) {
        String schema = serviceCallContext.getSchema();
        String tenant = serviceCallContext.getTenant();
        if (schema.equals("an2")) {
            return;
        }
        StatementStore.StatementBatch batch = this.stmts.getBatch(schema, BatchStatement.Type.UNLOGGED);
        int i = 0;
        Iterator<Row> it = this.stmts.executeStatement(schema, SELECT_QUERY_GROUPS_BY_USER, tenant, UUID.fromString(str)).iterator();
        while (it.hasNext()) {
            i++;
            String uuid = it.next().getUUID("group_id").toString();
            batch.addStatement(DELETE_QUERY_GROUP_MEMBERS_WITH_USERNAME, tenant, UUID.fromString(uuid), str2);
            batch.addStatement(INSERT_QUERY_GROUP_MEMBERS_WITH_USERNAME, tenant, UUID.fromString(uuid), str3, UUID.fromString(str));
        }
        batch.execute();
        if (logger.isDebugEnabled()) {
            logger.debug(String.format("Updated %d usernames from %s to %s in tenant %s (schema %s)", Integer.valueOf(i), str2, str3, tenant, schema));
        }
    }

    @Consume(uri = ENDPOINT_DIRECT_USERNAME_CHANGED)
    public void onUsernameChanged(@Header("event") String str, @Header("version") String str2, @Body UsernameChangedEvent.UsernameChangedEventV1 usernameChangedEventV1) {
        updateUsername(new ServiceCallContext(usernameChangedEventV1.getSchema(), usernameChangedEventV1.getTenant(), null), usernameChangedEventV1.getUserId(), usernameChangedEventV1.getUsername(), usernameChangedEventV1.getNewUsername());
    }
}
