package org.apache.kylin.rest.service;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Locale;
import javax.annotation.PostConstruct;
import org.apache.commons.lang.StringUtils;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.KylinVersion;
import org.apache.kylin.common.persistence.JsonSerializer;
import org.apache.kylin.common.persistence.ResourceStore;
import org.apache.kylin.common.persistence.Serializer;
import org.apache.kylin.rest.constant.Constant;
import org.apache.kylin.rest.exception.InternalErrorException;
import org.apache.kylin.rest.msg.Message;
import org.apache.kylin.rest.msg.MsgPicker;
import org.apache.kylin.rest.security.KylinUserManager;
import org.apache.kylin.rest.security.ManagedUser;
import org.apache.kylin.rest.util.AclEvaluate;
import org.apache.kylin.shaded.com.google.common.base.Preconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

/* loaded from: input_file:WEB-INF/lib/kylin-server-base-4.0.1.jar:org/apache/kylin/rest/service/KylinUserService.class */
public class KylinUserService implements UserService {
    private Logger logger;

    @Autowired
    private AclEvaluate aclEvaluate;
    public static final String DIR_PREFIX = "/user/";
    public static final String SUPER_ADMIN = "ADMIN";
    public static final Serializer<ManagedUser> SERIALIZER = new JsonSerializer(ManagedUser.class);
    private static final String ADMIN = "ADMIN";
    private static final String MODELER = "MODELER";
    private static final String ANALYST = "ANALYST";
    private static final String ADMIN_DEFAULT = "KYLIN";
    private BCryptPasswordEncoder pwdEncoder;
    public List<User> configUsers;
    protected ResourceStore aclStore;

    public KylinUserService() {
        this.logger = LoggerFactory.getLogger((Class<?>) KylinUserService.class);
    }

    public KylinUserService(List<User> list) throws IOException {
        this.logger = LoggerFactory.getLogger((Class<?>) KylinUserService.class);
        this.pwdEncoder = new BCryptPasswordEncoder();
        synchronized (KylinUserService.class) {
            if (StringUtils.equals("testing", KylinConfig.getInstanceFromEnv().getSecurityProfile())) {
                List<ManagedUser> listUsers = listUsers();
                this.configUsers = list;
                if (!this.configUsers.isEmpty()) {
                    for (User user : this.configUsers) {
                        try {
                            ManagedUser managedUser = (ManagedUser) loadUserByUsername(user.getUsername());
                            if (managedUser != null && new KylinVersion(managedUser.getVersion()).major < KylinVersion.getCurrentVersion().major) {
                                updateUser(new ManagedUser(user.getUsername(), user.getPassword(), (Boolean) false, (Collection<? extends GrantedAuthority>) user.getAuthorities()));
                            }
                        } catch (UsernameNotFoundException e) {
                            createUser(new ManagedUser(user.getUsername(), user.getPassword(), (Boolean) false, (Collection<? extends GrantedAuthority>) user.getAuthorities()));
                        }
                    }
                }
                if (listUsers.isEmpty() && this.configUsers.isEmpty()) {
                    createUser(new ManagedUser("ADMIN", this.pwdEncoder.encode(ADMIN_DEFAULT), (Boolean) true, Constant.ROLE_ADMIN, Constant.GROUP_ALL_USERS));
                    createUser(new ManagedUser(ANALYST, this.pwdEncoder.encode(ANALYST), (Boolean) true, Constant.GROUP_ALL_USERS));
                    createUser(new ManagedUser(MODELER, this.pwdEncoder.encode(MODELER), (Boolean) true, Constant.GROUP_ALL_USERS));
                }
            }
        }
    }

    @PostConstruct
    public void init() throws IOException {
        this.aclStore = ResourceStore.getStore(KylinConfig.getInstanceFromEnv());
        if (this.pwdEncoder == null) {
            this.pwdEncoder = new BCryptPasswordEncoder();
        }
        if (KylinConfig.getInstanceFromEnv().createAdminWhenAbsent() && listAdminUsers().isEmpty()) {
            this.logger.info("default admin user created: username=ADMIN, password=*****");
            createUser(new ManagedUser("ADMIN", this.pwdEncoder.encode(ADMIN_DEFAULT), (Boolean) true, Constant.ROLE_ADMIN, Constant.GROUP_ALL_USERS));
        }
    }

    @Override // org.springframework.security.provisioning.UserDetailsManager
    public void createUser(UserDetails userDetails) {
        updateUser(userDetails);
    }

    @Override // org.springframework.security.provisioning.UserDetailsManager
    public void updateUser(UserDetails userDetails) {
        Preconditions.checkState(userDetails instanceof ManagedUser, "User {} is not ManagedUser", userDetails);
        ManagedUser managedUser = (ManagedUser) userDetails;
        if (!managedUser.getAuthorities().contains(new SimpleGrantedAuthority(Constant.GROUP_ALL_USERS))) {
            managedUser.addAuthorities(Constant.GROUP_ALL_USERS);
        }
        getKylinUserManager().update(managedUser);
        this.logger.trace("update user : {}", userDetails.getUsername());
    }

    @Override // org.springframework.security.provisioning.UserDetailsManager
    public void deleteUser(String str) {
        if (str.equalsIgnoreCase("ADMIN")) {
            throw new InternalErrorException("User " + str + " is not allowed to be deleted.");
        }
        getKylinUserManager().delete(str);
        this.logger.trace("delete user : {}", str);
    }

    @Override // org.springframework.security.provisioning.UserDetailsManager
    public void changePassword(String str, String str2) {
        throw new UnsupportedOperationException();
    }

    @Override // org.springframework.security.provisioning.UserDetailsManager
    public boolean userExists(String str) {
        this.logger.trace("judge user exist: {}", str);
        return getKylinUserManager().exists(str);
    }

    @Override // org.springframework.security.core.userdetails.UserDetailsService
    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
        Message msg = MsgPicker.getMsg();
        ManagedUser managedUser = getKylinUserManager().get(str);
        if (managedUser == null) {
            throw new UsernameNotFoundException(String.format(Locale.ROOT, msg.getUSER_NOT_FOUND(), str));
        }
        this.logger.trace("load user : {}", str);
        return managedUser;
    }

    @Override // org.apache.kylin.rest.service.UserService
    public List<ManagedUser> listUsers() throws IOException {
        return getKylinUserManager().list();
    }

    @Override // org.apache.kylin.rest.service.UserService
    public List<ManagedUser> listUsers(String str, Boolean bool) throws IOException {
        return getManagedUsersByFuzzMatching(str, bool.booleanValue(), getKylinUserManager().list(), null);
    }

    @Override // org.apache.kylin.rest.service.UserService
    public List<ManagedUser> listUsers(String str, String str2, Boolean bool) throws IOException {
        return getManagedUsersByFuzzMatching(str, bool.booleanValue(), getKylinUserManager().list(), str2);
    }

    @Override // org.apache.kylin.rest.service.UserService
    public List<String> listAdminUsers() throws IOException {
        ArrayList arrayList = new ArrayList();
        for (ManagedUser managedUser : listUsers()) {
            if (managedUser.getAuthorities().contains(new SimpleGrantedAuthority(Constant.ROLE_ADMIN))) {
                arrayList.add(managedUser.getUsername());
            }
        }
        return arrayList;
    }

    @Override // org.apache.kylin.rest.service.UserService
    public void completeUserInfo(ManagedUser managedUser) {
    }

    public static String getId(String str) {
        return DIR_PREFIX + str;
    }

    private KylinUserManager getKylinUserManager() {
        return KylinUserManager.getInstance(KylinConfig.getInstanceFromEnv());
    }

    private List<ManagedUser> getManagedUsersByFuzzMatching(String str, boolean z, List<ManagedUser> list, String str2) {
        this.aclEvaluate.checkIsGlobalAdmin();
        if (StringUtils.isBlank(str) && StringUtils.isBlank(str2)) {
            return list;
        }
        ArrayList arrayList = new ArrayList();
        for (ManagedUser managedUser : list) {
            if (!z && StringUtils.equals(managedUser.getUsername(), str) && isUserInGroup(managedUser, str2)) {
                arrayList.add(managedUser);
            }
            if (z && StringUtils.containsIgnoreCase(managedUser.getUsername(), str) && isUserInGroup(managedUser, str2)) {
                arrayList.add(managedUser);
            }
        }
        return arrayList;
    }

    private boolean isUserInGroup(ManagedUser managedUser, String str) {
        return StringUtils.isBlank(str) || managedUser.getAuthorities().contains(new SimpleGrantedAuthority(str));
    }
}
