package com.google.enterprise.cloudsearch.sdk.identity;

import com.google.api.services.admin.directory.model.User;
import com.google.api.services.cloudidentity.v1beta1.model.Group;
import com.google.api.services.cloudidentity.v1beta1.model.Membership;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListeningExecutorService;
import com.google.common.util.concurrent.MoreExecutors;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import com.google.enterprise.cloudsearch.sdk.AbortCountExceptionHandler;
import com.google.enterprise.cloudsearch.sdk.CheckpointCloseableIterable;
import com.google.enterprise.cloudsearch.sdk.ExceptionHandler;
import com.google.enterprise.cloudsearch.sdk.InvalidConfigurationException;
import com.google.enterprise.cloudsearch.sdk.PaginationIterable;
import com.google.enterprise.cloudsearch.sdk.config.Configuration;
import com.google.enterprise.cloudsearch.sdk.identity.IdentityGroup;
import com.google.enterprise.cloudsearch.sdk.identity.IdentityState;
import com.google.enterprise.cloudsearch.sdk.identity.IdentityUser;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/google/enterprise/cloudsearch/sdk/identity/FullSyncIdentityConnector.class */
public class FullSyncIdentityConnector implements IdentityConnector {
    private static final Logger logger = Logger.getLogger(FullSyncIdentityConnector.class.getName());
    private static final String TRAVERSE_EXCEPTION_HANDLER = "traverse.exceptionHandler";
    private static final String IDENTITY_SYNC_TYPE = "connector.IdentitySyncType";
    private static final String IGNORE = "ignore";
    private final Repository identityRepository;
    private final Optional<IdentityStateLoader> identityStateLoader;
    private final StateManager stateManager;
    private ListeningExecutorService listeningExecutorService;
    private RepositoryContext repositoryContext;
    private IdentityService service;
    private ExceptionHandler traversalExceptionHandler;
    private IdentitySyncType identitySyncType;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/google/enterprise/cloudsearch/sdk/identity/FullSyncIdentityConnector$ExceptionHandlerParser.class */
    public static class ExceptionHandlerParser implements Configuration.Parser<ExceptionHandler> {
        private ExceptionHandlerParser() {
        }

        /* renamed from: parse, reason: merged with bridge method [inline-methods] */
        public ExceptionHandler m1parse(String str) throws InvalidConfigurationException {
            if (FullSyncIdentityConnector.IGNORE.equalsIgnoreCase(str)) {
                return new AbortCountExceptionHandler(Integer.MAX_VALUE, 0L, TimeUnit.SECONDS);
            }
            try {
                return new AbortCountExceptionHandler(Integer.parseInt(str), 0L, TimeUnit.SECONDS);
            } catch (NumberFormatException e) {
                throw new InvalidConfigurationException("Unrecognized value for traversal exception handler: " + str, e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/google/enterprise/cloudsearch/sdk/identity/FullSyncIdentityConnector$FromGoogleIdentityStateLoader.class */
    public static class FromGoogleIdentityStateLoader implements IdentityStateLoader {
        private final IdentityService service;
        private final IdentitySourceConfiguration sourceConfiguration;
        private final ListeningExecutorService listeningExecutor;
        private final IdentitySyncType identitySyncType;

        private FromGoogleIdentityStateLoader(IdentityService identityService, IdentitySourceConfiguration identitySourceConfiguration, ListeningExecutorService listeningExecutorService, IdentitySyncType identitySyncType) {
            this.service = identityService;
            this.sourceConfiguration = identitySourceConfiguration;
            this.listeningExecutor = listeningExecutorService;
            this.identitySyncType = identitySyncType;
        }

        @Override // com.google.enterprise.cloudsearch.sdk.identity.IdentityStateLoader
        public IdentityState getInitialIdentityState() throws IOException {
            FullSyncIdentityConnector.logger.info("Initializing IdentityState");
            IdentityState.Builder builder = new IdentityState.Builder();
            if (this.identitySyncType.syncUsers) {
                for (User user : this.service.listUsers(this.sourceConfiguration.getIdentitySourceSchema())) {
                    Optional<IdentityUser> buildIdentityUser = buildIdentityUser(user);
                    if (buildIdentityUser.isPresent()) {
                        builder.addUser(buildIdentityUser.get());
                    } else {
                        builder.addUnmappedUser(user.getPrimaryEmail());
                    }
                }
            }
            if (this.identitySyncType.syncGroups) {
                ArrayList arrayList = new ArrayList();
                for (Group group : this.service.listGroups(this.sourceConfiguration.getGroupNamespace())) {
                    arrayList.add(this.listeningExecutor.submit(() -> {
                        return buildGroup(group);
                    }));
                }
                try {
                    ((List) Futures.allAsList(arrayList).get()).forEach(identityGroup -> {
                        builder.addGroup(identityGroup);
                    });
                } catch (InterruptedException e) {
                    Thread.currentThread().interrupt();
                    throw new IOException("Interrupted while building StateManagerImpl", e);
                } catch (ExecutionException e2) {
                    throw new IOException(e2.getCause());
                }
            }
            return builder.build();
        }

        private Optional<IdentityUser> buildIdentityUser(User user) {
            Map map;
            Object obj;
            Map customSchemas = user.getCustomSchemas();
            if (customSchemas != null && (map = (Map) customSchemas.get(this.sourceConfiguration.getIdentitySourceSchema())) != null && (obj = map.get(this.sourceConfiguration.getIdentitySourceSchemaAttribute())) != null) {
                String obj2 = obj.toString();
                return obj2.isEmpty() ? Optional.empty() : Optional.of(new IdentityUser.Builder().setGoogleIdentity(user.getPrimaryEmail()).setSchema(this.sourceConfiguration.getIdentitySourceSchema()).setAttribute(this.sourceConfiguration.getIdentitySourceSchemaAttribute()).setUserIdentity(obj2).build());
            }
            return Optional.empty();
        }

        private IdentityGroup buildGroup(Group group) throws IOException {
            ArrayList arrayList = new ArrayList();
            Iterables.addAll(arrayList, this.service.listMembers(group.getName()));
            FullSyncIdentityConnector.logger.log(Level.INFO, "Created Identity Group for previously synced group {0}", group);
            return new IdentityGroup.Builder().setGroupIdentity(group.getGroupKey().getId()).setGroupKey(group.getGroupKey()).setGroupResourceName(group.getName()).setMembers((Set<Membership>) ImmutableSet.copyOf(arrayList)).build();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/google/enterprise/cloudsearch/sdk/identity/FullSyncIdentityConnector$GroupsIterable.class */
    public static class GroupsIterable extends PaginatingClosableIterable<IdentityGroup> {
        private final Repository repository;

        public GroupsIterable(Repository repository) {
            super(Optional.empty());
            this.repository = repository;
        }

        @Override // com.google.enterprise.cloudsearch.sdk.identity.FullSyncIdentityConnector.PaginatingClosableIterable
        CheckpointCloseableIterable<IdentityGroup> getNextBatch(byte[] bArr) throws IOException {
            return this.repository.listGroups(bArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/google/enterprise/cloudsearch/sdk/identity/FullSyncIdentityConnector$IdentitySyncType.class */
    public enum IdentitySyncType {
        USERS_AND_GROUPS(true, true),
        USERS(true, false),
        GROUPS(false, true);

        final boolean syncUsers;
        final boolean syncGroups;

        IdentitySyncType(boolean z, boolean z2) {
            this.syncUsers = z;
            this.syncGroups = z2;
        }
    }

    /* loaded from: input_file:com/google/enterprise/cloudsearch/sdk/identity/FullSyncIdentityConnector$PaginatingClosableIterable.class */
    private static abstract class PaginatingClosableIterable<T> extends PaginationIterable<T, byte[]> {
        public PaginatingClosableIterable(Optional<byte[]> optional) {
            super(optional);
        }

        public PaginationIterable.Page<T, byte[]> getPage(Optional<byte[]> optional) throws IOException {
            CheckpointCloseableIterable<T> nextBatch = getNextBatch(optional.orElse(null));
            Throwable th = null;
            try {
                try {
                    ArrayList arrayList = new ArrayList();
                    Iterables.addAll(arrayList, nextBatch);
                    PaginationIterable.Page<T, byte[]> page = new PaginationIterable.Page<>(arrayList, nextBatch.hasMore() ? Optional.of(nextBatch.getCheckpoint()) : Optional.empty());
                    if (nextBatch != null) {
                        if (0 != 0) {
                            try {
                                nextBatch.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            nextBatch.close();
                        }
                    }
                    return page;
                } finally {
                }
            } catch (Throwable th3) {
                if (nextBatch != null) {
                    if (th != null) {
                        try {
                            nextBatch.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        nextBatch.close();
                    }
                }
                throw th3;
            }
        }

        abstract CheckpointCloseableIterable<T> getNextBatch(byte[] bArr) throws IOException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/google/enterprise/cloudsearch/sdk/identity/FullSyncIdentityConnector$UsersIterable.class */
    public static class UsersIterable extends PaginatingClosableIterable<IdentityUser> {
        private final Repository repository;

        public UsersIterable(Repository repository) {
            super(Optional.empty());
            this.repository = repository;
        }

        @Override // com.google.enterprise.cloudsearch.sdk.identity.FullSyncIdentityConnector.PaginatingClosableIterable
        CheckpointCloseableIterable<IdentityUser> getNextBatch(byte[] bArr) throws IOException {
            return this.repository.listUsers(bArr);
        }
    }

    public FullSyncIdentityConnector(Repository repository) {
        this(repository, null);
    }

    public FullSyncIdentityConnector(Repository repository, IdentityStateLoader identityStateLoader) {
        this(repository, identityStateLoader, new StateManagerImpl());
    }

    @VisibleForTesting
    FullSyncIdentityConnector(Repository repository, IdentityStateLoader identityStateLoader, StateManager stateManager) {
        this.identityRepository = (Repository) Preconditions.checkNotNull(repository);
        this.identityStateLoader = Optional.ofNullable(identityStateLoader);
        this.stateManager = (StateManager) Preconditions.checkNotNull(stateManager);
    }

    @Override // com.google.enterprise.cloudsearch.sdk.identity.IdentityConnector
    public void init(IdentityConnectorContext identityConnectorContext) throws Exception {
        this.service = (IdentityService) Preconditions.checkNotNull(identityConnectorContext.getIdentityService());
        this.repositoryContext = RepositoryContext.fromConfiguration();
        this.identitySyncType = (IdentitySyncType) Configuration.getValue(IDENTITY_SYNC_TYPE, IdentitySyncType.USERS_AND_GROUPS, IdentitySyncType::valueOf).get();
        logger.log(Level.CONFIG, "Identity Connector configured to sync [{0}]", this.identitySyncType);
        this.listeningExecutorService = MoreExecutors.listeningDecorator(Executors.newCachedThreadPool(new ThreadFactoryBuilder().setDaemon(false).setNameFormat("FullSyncIdentityConnector").build()));
        this.stateManager.init(this.identityStateLoader.orElse(new FromGoogleIdentityStateLoader(this.service, this.repositoryContext.getIdentitySourceConfiguration(), this.listeningExecutorService, this.identitySyncType)));
        this.identityRepository.init(this.repositoryContext);
        this.traversalExceptionHandler = (ExceptionHandler) Configuration.getValue(TRAVERSE_EXCEPTION_HANDLER, new AbortCountExceptionHandler(0, 0L, TimeUnit.SECONDS), new ExceptionHandlerParser()).get();
    }

    public void traverse() throws IOException, InterruptedException {
        if (this.identitySyncType.syncUsers) {
            traverseUsers();
        } else {
            logger.log(Level.INFO, "Connector is not configured to sync users. IdentitySyncType is [{0}]", this.identitySyncType);
        }
        if (this.identitySyncType.syncGroups) {
            traverseGroups();
        } else {
            logger.log(Level.INFO, "Connector is not configured to sync Groups. IdentitySyncType is [{0}]", this.identitySyncType);
        }
    }

    public void saveCheckpoint(boolean z) throws IOException, InterruptedException {
    }

    public void destroy() {
        this.identityRepository.close();
        try {
            this.stateManager.close();
        } catch (IOException e) {
            logger.log(Level.WARNING, "Failed to close identity state sucessfully", (Throwable) e);
        }
        if (this.listeningExecutorService != null) {
            MoreExecutors.shutdownAndAwaitTermination(this.listeningExecutorService, 5L, TimeUnit.MINUTES);
        }
    }

    private void traverseUsers() throws IOException {
        this.stateManager.syncAllUsers(new UsersIterable(this.identityRepository), this.service, this.traversalExceptionHandler);
    }

    private void traverseGroups() throws IOException {
        this.stateManager.syncAllGroups(new GroupsIterable(this.identityRepository), this.service, this.traversalExceptionHandler);
    }
}
