package com.cloudera.server.web.cmf;

import com.cloudera.cmf.model.DbUser;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.scm.ScmHandler;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.user.UserRole;
import com.cloudera.parcel.ParcelIdentity;
import com.cloudera.server.cmf.OperationsManager;
import com.cloudera.server.web.cmf.CMFUserDetailsService;
import com.google.common.base.Preconditions;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.ImmutableSet;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.persistence.EntityManagerFactory;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:com/cloudera/server/web/cmf/UserMapper.class */
public class UserMapper {
    private final EntityManagerFactory emf;
    private final OperationsManager om;

    public UserMapper(EntityManagerFactory entityManagerFactory, OperationsManager operationsManager) {
        this.emf = entityManagerFactory;
        this.om = operationsManager;
    }

    public CMFUserDetailsService.CMFUser mapUser(String str, Map<AuthScope, ? extends Set<UserRole>> map) {
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(map);
        CmfEntityManager cmfEntityManager = new CmfEntityManager(this.emf);
        try {
            try {
                try {
                    cmfEntityManager.begin();
                    DbUser findUserByName = cmfEntityManager.findUserByName(str);
                    if (findUserByName == null) {
                        findUserByName = this.om.addUser(cmfEntityManager, str, ParcelIdentity.SEP, false);
                    }
                    HashMultimap<AuthScope, UserRole> create = HashMultimap.create();
                    for (Map.Entry<AuthScope, Set<UserRole>> entry : CMFUserDetailsService.getRoles(findUserByName).entrySet()) {
                        create.putAll(entry.getKey(), entry.getValue());
                    }
                    HashMultimap<AuthScope, UserRole> create2 = HashMultimap.create();
                    HashMultimap<AuthScope, GrantedAuthority> create3 = HashMultimap.create();
                    mergeCmAndExternalRoles(map, create, (ScmParams.AuthorizationBackendOrder) ScmHandler.getScmConfigValue(ScmParams.AUTHOR_BACKEND, cmfEntityManager.getScmConfigProvider()), create2, create3);
                    cmfEntityManager.commit();
                    CMFUserDetailsService.CMFUser build = CMFUserDetailsService.CMFUser.newBuilder().setUsername(str).setPasswordHash(findUserByName.getPasswordHash()).setAuthorities(create3.asMap()).setSalt(findUserByName.getPasswordSalt().longValue()).setIsExternal(true).setRoles(create2.asMap()).setLastNLogins(CMFUserDetailsService.getLastNLogins(findUserByName, cmfEntityManager)).build();
                    cmfEntityManager.close();
                    return build;
                } catch (AuthenticationServiceException e) {
                    cmfEntityManager.rollback();
                    throw e;
                }
            } catch (Exception e2) {
                cmfEntityManager.rollback();
                throw new AuthenticationServiceException("Authentication failed. Please try again.", e2);
            }
        } catch (Throwable th) {
            cmfEntityManager.close();
            throw th;
        }
    }

    private void mergeCmAndExternalRoles(Map<AuthScope, ? extends Set<UserRole>> map, HashMultimap<AuthScope, UserRole> hashMultimap, ScmParams.AuthorizationBackendOrder authorizationBackendOrder, HashMultimap<AuthScope, UserRole> hashMultimap2, HashMultimap<AuthScope, GrantedAuthority> hashMultimap3) {
        if (authorizationBackendOrder == ScmParams.AuthorizationBackendOrder.EXTERNAL_ONLY) {
            fillFromSingleSource(map, hashMultimap2, hashMultimap3);
            return;
        }
        if (authorizationBackendOrder == ScmParams.AuthorizationBackendOrder.DB_ONLY) {
            fillFromSingleSource(hashMultimap.asMap(), hashMultimap2, hashMultimap3);
            return;
        }
        hashMultimap2.putAll(hashMultimap);
        for (Map.Entry<AuthScope, ? extends Set<UserRole>> entry : map.entrySet()) {
            hashMultimap2.putAll(entry.getKey(), entry.getValue());
        }
        for (Map.Entry entry2 : hashMultimap2.asMap().entrySet()) {
            hashMultimap3.putAll(entry2.getKey(), getAuthSet((Iterable) entry2.getValue()));
        }
    }

    private void fillFromSingleSource(Map<AuthScope, ? extends Collection<UserRole>> map, HashMultimap<AuthScope, UserRole> hashMultimap, HashMultimap<AuthScope, GrantedAuthority> hashMultimap2) {
        for (Map.Entry<AuthScope, ? extends Collection<UserRole>> entry : map.entrySet()) {
            hashMultimap.putAll(entry.getKey(), entry.getValue());
            hashMultimap2.putAll(entry.getKey(), getAuthSet(entry.getValue()));
        }
    }

    private ImmutableSet<GrantedAuthority> getAuthSet(Iterable<UserRole> iterable) {
        ImmutableSet.Builder builder = ImmutableSet.builder();
        Iterator<UserRole> it = iterable.iterator();
        while (it.hasNext()) {
            builder.addAll(CMFUserDetailsService.createAuthoritySet(it.next().getAuthorities()));
        }
        return builder.build();
    }
}
