package org.alfresco.repo.security.sync;

import java.text.DateFormat;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import org.alfresco.repo.attributes.Attribute;
import org.alfresco.repo.attributes.LongAttributeValue;
import org.alfresco.repo.attributes.MapAttributeValue;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.management.subsystems.ChildApplicationContextManager;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.attributes.AttributeService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.util.AbstractLifecycleBean;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.ApplicationEvent;

/* loaded from: input_file:WEB-INF/lib/alfresco-repository-3.2r.jar:org/alfresco/repo/security/sync/ChainingUserRegistrySynchronizer.class */
public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean implements UserRegistrySynchronizer {
    private static final int BATCH_SIZE = 10;
    private static final Log logger = LogFactory.getLog(ChainingUserRegistrySynchronizer.class);
    private static final String ROOT_ATTRIBUTE_PATH = ".ChainingUserRegistrySynchronizer";
    private static final String GROUP_LAST_MODIFIED_ATTRIBUTE = "GROUP";
    private static final String PERSON_LAST_MODIFIED_ATTRIBUTE = "PERSON";
    private ChildApplicationContextManager applicationContextManager;
    private String sourceBeanName;
    private AuthorityService authorityService;
    private PersonService personService;
    private AttributeService attributeService;
    private RetryingTransactionHelper retryingTransactionHelper;
    private boolean syncWhenMissingPeopleLogIn = true;
    private boolean syncOnStartup = true;
    private boolean autoCreatePeopleOnLogin = true;

    public void setApplicationContextManager(ChildApplicationContextManager childApplicationContextManager) {
        this.applicationContextManager = childApplicationContextManager;
    }

    public void setSourceBeanName(String str) {
        this.sourceBeanName = str;
    }

    public void setAuthorityService(AuthorityService authorityService) {
        this.authorityService = authorityService;
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    public void setAttributeService(AttributeService attributeService) {
        this.attributeService = attributeService;
    }

    public void setRetryingTransactionHelper(RetryingTransactionHelper retryingTransactionHelper) {
        this.retryingTransactionHelper = retryingTransactionHelper;
    }

    public void setAutoCreatePeopleOnLogin(boolean z) {
        this.autoCreatePeopleOnLogin = z;
    }

    public void setSyncWhenMissingPeopleLogIn(boolean z) {
        this.syncWhenMissingPeopleLogIn = z;
    }

    public void setSyncOnStartup(boolean z) {
        this.syncOnStartup = z;
    }

    @Override // org.alfresco.repo.security.sync.UserRegistrySynchronizer
    public void synchronize(boolean z, boolean z2) {
        TreeSet treeSet = new TreeSet();
        Collection<String> instanceIds = this.applicationContextManager.getInstanceIds();
        TreeSet treeSet2 = new TreeSet();
        Iterator<String> it = instanceIds.iterator();
        while (it.hasNext()) {
            treeSet2.add(AuthorityService.ZONE_AUTH_EXT_PREFIX + it.next());
        }
        for (String str : instanceIds) {
            try {
                UserRegistry userRegistry = (UserRegistry) this.applicationContextManager.getApplicationContext(str).getBean(this.sourceBeanName);
                if (!(userRegistry instanceof ActivateableBean) || ((ActivateableBean) userRegistry).isActive()) {
                    if (logger.isInfoEnabled()) {
                        logger.info("Synchronizing users and groups with user registry '" + str + "'");
                    }
                    if (z && logger.isWarnEnabled()) {
                        logger.warn("Forced synchronization with user registry '" + str + "'; some users and groups previously created by synchronization with this user registry may be removed.");
                    }
                    boolean z3 = z2 || AlfrescoTransactionSupport.getTransactionReadState() == AlfrescoTransactionSupport.TxnReadState.TXN_READ_ONLY;
                    int syncPersonsWithPlugin = syncPersonsWithPlugin(str, userRegistry, z, z3, treeSet, treeSet2);
                    int syncGroupsWithPlugin = syncGroupsWithPlugin(str, userRegistry, z, z3, treeSet, treeSet2);
                    if (logger.isInfoEnabled()) {
                        logger.info("Finished synchronizing users and groups with user registry '" + str + "'");
                        logger.info(syncPersonsWithPlugin + " user(s) and " + syncGroupsWithPlugin + " group(s) processed");
                    }
                }
            } catch (NoSuchBeanDefinitionException e) {
            }
        }
    }

    @Override // org.alfresco.repo.security.sync.UserRegistrySynchronizer
    public boolean createMissingPerson(String str) {
        if (str == null || str.equals(AuthenticationUtil.getSystemUserName())) {
            return false;
        }
        if (this.syncWhenMissingPeopleLogIn) {
            try {
                synchronize(false, false);
            } catch (Exception e) {
                logger.warn("User authenticated but failed to sync with user registry", e);
            }
            if (this.personService.personExists(str)) {
                return true;
            }
        }
        if (!this.autoCreatePeopleOnLogin || !this.personService.createMissingPeople() || AuthorityType.getAuthorityType(str) != AuthorityType.USER) {
            return false;
        }
        this.personService.getPerson(str);
        return true;
    }

    /* JADX WARN: Type inference failed for: r0v19, types: [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$1CreationWorker, org.alfresco.repo.transaction.RetryingTransactionHelper$RetryingTransactionCallback] */
    private int syncPersonsWithPlugin(final String str, UserRegistry userRegistry, boolean z, boolean z2, final Set<String> set, final Set<String> set2) {
        int i;
        final String str2 = AuthorityService.ZONE_AUTH_EXT_PREFIX + str;
        final Set<String> zones = getZones(str2);
        final long mostRecentUpdateTime = z ? -1L : getMostRecentUpdateTime(PERSON_LAST_MODIFIED_ATTRIBUTE, str2);
        Date date = mostRecentUpdateTime == -1 ? null : new Date(mostRecentUpdateTime);
        if (logger.isInfoEnabled()) {
            if (date == null) {
                logger.info("Retrieving all users from user registry '" + str + "'");
            } else {
                logger.info("Retrieving users changed since " + DateFormat.getDateTimeInstance().format(date) + " from user registry '" + str + "'");
            }
        }
        final Iterator<NodeDescription> persons = userRegistry.getPersons(date);
        final TreeSet treeSet = new TreeSet();
        ?? r0 = new RetryingTransactionHelper.RetryingTransactionCallback<Integer>() { // from class: org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.1CreationWorker
            private long latestTime;

            {
                this.latestTime = mostRecentUpdateTime;
            }

            public long getLatestTime() {
                return this.latestTime;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            /* JADX WARN: Removed duplicated region for block: B:13:0x01ea  */
            /* JADX WARN: Removed duplicated region for block: B:20:0x01f0 A[EDGE_INSN: B:20:0x01f0->B:16:0x01f0 BREAK  A[LOOP:0: B:2:0x0002->B:19:?], SYNTHETIC] */
            @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
            /*
                Code decompiled incorrectly, please refer to instructions dump.
                To view partially-correct add '--show-bad-code' argument
            */
            public java.lang.Integer execute() throws java.lang.Throwable {
                /*
                    Method dump skipped, instructions count: 501
                    To view this dump add '--comments-level debug' option
                */
                throw new UnsupportedOperationException("Method not decompiled: org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.C1CreationWorker.execute():java.lang.Integer");
            }
        };
        int i2 = 0;
        while (true) {
            i = i2;
            if (!persons.hasNext()) {
                break;
            }
            i2 = i + ((Integer) this.retryingTransactionHelper.doInTransaction(r0, false, z2)).intValue();
        }
        long latestTime = r0.getLatestTime();
        if (latestTime != -1) {
            setMostRecentUpdateTime(PERSON_LAST_MODIFIED_ATTRIBUTE, str2, latestTime);
        }
        if (z) {
            i += ((Integer) this.retryingTransactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Integer>() { // from class: org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.1DeletionWorker
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
                public Integer execute() throws Throwable {
                    int i3 = 0;
                    Set<String> allAuthoritiesInZone = ChainingUserRegistrySynchronizer.this.authorityService.getAllAuthoritiesInZone(str2, AuthorityType.USER);
                    allAuthoritiesInZone.removeAll(treeSet);
                    for (String str3 : allAuthoritiesInZone) {
                        if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled()) {
                            ChainingUserRegistrySynchronizer.logger.warn("Deleting user '" + str3 + "'");
                        }
                        ChainingUserRegistrySynchronizer.this.personService.deletePerson(str3);
                        i3++;
                    }
                    return Integer.valueOf(i3);
                }
            }, false, z2)).intValue();
        }
        set.add(str2);
        return i;
    }

    /* JADX WARN: Type inference failed for: r0v20, types: [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$2CreationWorker, org.alfresco.repo.transaction.RetryingTransactionHelper$RetryingTransactionCallback] */
    private int syncGroupsWithPlugin(final String str, UserRegistry userRegistry, boolean z, boolean z2, final Set<String> set, final Set<String> set2) {
        int i;
        final String str2 = AuthorityService.ZONE_AUTH_EXT_PREFIX + str;
        final Set<String> zones = getZones(str2);
        final long mostRecentUpdateTime = z ? -1L : getMostRecentUpdateTime(GROUP_LAST_MODIFIED_ATTRIBUTE, str2);
        Date date = mostRecentUpdateTime == -1 ? null : new Date(mostRecentUpdateTime);
        if (logger.isInfoEnabled()) {
            if (date == null) {
                logger.info("Retrieving all groups from user registry '" + str + "'");
            } else {
                logger.info("Retrieving groups changed since " + DateFormat.getDateTimeInstance().format(date) + " from user registry '" + str + "'");
            }
        }
        final Iterator<NodeDescription> groups = userRegistry.getGroups(date);
        final TreeMap treeMap = new TreeMap();
        final TreeSet treeSet = new TreeSet();
        ?? r0 = new RetryingTransactionHelper.RetryingTransactionCallback<Integer>() { // from class: org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.2CreationWorker
            private long latestTime;

            {
                this.latestTime = mostRecentUpdateTime;
            }

            public long getLatestTime() {
                return this.latestTime;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            /* JADX WARN: Removed duplicated region for block: B:15:0x02e1  */
            /* JADX WARN: Removed duplicated region for block: B:22:0x02e7 A[EDGE_INSN: B:22:0x02e7->B:18:0x02e7 BREAK  A[LOOP:0: B:2:0x0002->B:21:?], SYNTHETIC] */
            @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
            /*
                Code decompiled incorrectly, please refer to instructions dump.
                To view partially-correct add '--show-bad-code' argument
            */
            public java.lang.Integer execute() throws java.lang.Throwable {
                /*
                    Method dump skipped, instructions count: 748
                    To view this dump add '--comments-level debug' option
                */
                throw new UnsupportedOperationException("Method not decompiled: org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.C2CreationWorker.execute():java.lang.Integer");
            }
        };
        int i2 = 0;
        while (true) {
            i = i2;
            if (!groups.hasNext()) {
                break;
            }
            i2 = i + ((Integer) this.retryingTransactionHelper.doInTransaction(r0, false, z2)).intValue();
        }
        long latestTime = r0.getLatestTime();
        if (latestTime != -1) {
            setMostRecentUpdateTime(GROUP_LAST_MODIFIED_ATTRIBUTE, str2, latestTime);
        }
        final Iterator it = treeMap.entrySet().iterator();
        RetryingTransactionHelper.RetryingTransactionCallback<Integer> retryingTransactionCallback = new RetryingTransactionHelper.RetryingTransactionCallback<Integer>() { // from class: org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.1AssocWorker
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
            public Integer execute() throws Throwable {
                do {
                    Map.Entry entry = (Map.Entry) it.next();
                    for (String str3 : (Set) entry.getValue()) {
                        String str4 = (String) entry.getKey();
                        if (ChainingUserRegistrySynchronizer.logger.isInfoEnabled()) {
                            ChainingUserRegistrySynchronizer.logger.info("Adding '" + ChainingUserRegistrySynchronizer.this.authorityService.getShortName(str3) + "' to group '" + ChainingUserRegistrySynchronizer.this.authorityService.getShortName(str4) + "'");
                        }
                        try {
                            ChainingUserRegistrySynchronizer.this.authorityService.addAuthority(str4, str3);
                        } catch (Exception e) {
                            if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled()) {
                                ChainingUserRegistrySynchronizer.logger.warn("Failed to add '" + ChainingUserRegistrySynchronizer.this.authorityService.getShortName(str3) + "' to group '" + ChainingUserRegistrySynchronizer.this.authorityService.getShortName(str4) + "'", e);
                            }
                        }
                    }
                    if (!it.hasNext()) {
                        break;
                    }
                } while (0 < 10);
                return 0;
            }
        };
        while (it.hasNext()) {
            this.retryingTransactionHelper.doInTransaction(retryingTransactionCallback, false, z2);
        }
        if (z) {
            i += ((Integer) this.retryingTransactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Integer>() { // from class: org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.2DeletionWorker
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
                public Integer execute() throws Throwable {
                    int i3 = 0;
                    Set<String> allAuthoritiesInZone = ChainingUserRegistrySynchronizer.this.authorityService.getAllAuthoritiesInZone(str2, AuthorityType.GROUP);
                    allAuthoritiesInZone.removeAll(treeSet);
                    for (String str3 : allAuthoritiesInZone) {
                        if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled()) {
                            ChainingUserRegistrySynchronizer.logger.warn("Deleting group '" + ChainingUserRegistrySynchronizer.this.authorityService.getShortName(str3) + "'");
                        }
                        ChainingUserRegistrySynchronizer.this.authorityService.deleteAuthority(str3);
                        i3++;
                    }
                    return Integer.valueOf(i3);
                }
            }, false, z2)).intValue();
        }
        set.add(str2);
        return i;
    }

    private long getMostRecentUpdateTime(String str, String str2) {
        Attribute attribute = this.attributeService.getAttribute(".ChainingUserRegistrySynchronizer/" + str + '/' + str2);
        if (attribute == null) {
            return -1L;
        }
        return attribute.getLongValue();
    }

    private void setMostRecentUpdateTime(String str, String str2, long j) {
        String str3 = ".ChainingUserRegistrySynchronizer/" + str;
        if (!this.attributeService.exists(str3)) {
            if (!this.attributeService.exists(ROOT_ATTRIBUTE_PATH)) {
                this.attributeService.setAttribute("", ROOT_ATTRIBUTE_PATH, new MapAttributeValue());
            }
            this.attributeService.setAttribute(ROOT_ATTRIBUTE_PATH, str, new MapAttributeValue());
        }
        this.attributeService.setAttribute(str3, str2, new LongAttributeValue(j));
    }

    private Set<String> getZones(String str) {
        HashSet hashSet = new HashSet(2, 1.0f);
        hashSet.add(AuthorityService.ZONE_APP_DEFAULT);
        hashSet.add(str);
        return hashSet;
    }

    @Override // org.alfresco.util.AbstractLifecycleBean
    protected void onBootstrap(ApplicationEvent applicationEvent) {
        if (this.syncOnStartup) {
            AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() { // from class: org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.1
                @Override // org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork
                /* renamed from: doWork */
                public Object doWork2() throws Exception {
                    return ChainingUserRegistrySynchronizer.this.retryingTransactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Object>() { // from class: org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.1.1
                        @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
                        public Object execute() throws Throwable {
                            try {
                                ChainingUserRegistrySynchronizer.this.synchronize(false, true);
                                return null;
                            } catch (Exception e) {
                                ChainingUserRegistrySynchronizer.logger.warn("Failed initial synchronize with user registries", e);
                                return null;
                            }
                        }
                    });
                }
            }, AuthenticationUtil.getSystemUserName());
        }
    }

    @Override // org.alfresco.util.AbstractLifecycleBean
    protected void onShutdown(ApplicationEvent applicationEvent) {
    }
}
