package com.cloudera.server.cmf.components;

import com.cloudera.cmf.AuthorityAware;
import com.cloudera.cmf.model.DbUser;
import com.cloudera.cmf.model.DbUserRole;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.cmf.user.UserRole;
import com.cloudera.server.cmf.CurrentUserManager;
import com.cloudera.server.web.cmf.AuthScope;
import com.cloudera.server.web.cmf.AuthScopeContext;
import com.cloudera.server.web.cmf.CMFUserDetailsService;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Sets;
import com.google.common.collect.UnmodifiableIterator;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.joda.time.Instant;
import org.python.google.common.collect.Maps;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

@Component
/* loaded from: input_file:com/cloudera/server/cmf/components/CurrentUserManagerImpl.class */
public class CurrentUserManagerImpl implements CurrentUserManager {
    private static final List<GrantedAuthority> ADMIN_GRANTS = ImmutableList.copyOf(AuthorityUtils.createAuthorityList((String[]) UserRole.ROLE_ADMIN.auth.toArray(new String[0])));
    private static final Logger LOG = LoggerFactory.getLogger(CurrentUserManagerImpl.class);
    private static final DbUser CM_USER = new DbUser("clouderaManager", "passwordHash", 1L, true);

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public boolean isAuthenticated() {
        return getSecurityContext().getAuthentication() != null;
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public boolean hasAuthority(AuthScope authScope, String str) {
        return hasAnyAuthority(authScope, str);
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public boolean hasAnyAuthority(AuthScope authScope, String... strArr) {
        return hasAnyAuthority(authScope, (Set<String>) ImmutableSet.copyOf(strArr));
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public boolean hasAnyAuthority(AuthScope authScope, Set<String> set) {
        return !Sets.intersection(getAuthorities(authScope), set).isEmpty();
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public boolean hasAllAuthorities(AuthScope authScope, Set<String> set) {
        return getAuthorities(authScope).containsAll(set);
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public boolean hasAuthoritiesAnyScope(Set<String> set) {
        return getAuthorities(null).containsAll(set);
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public Set<String> getAuthorities(AuthScope authScope) {
        return authScope == null ? AuthorityUtils.authorityListToSet(getGrantedAuthoritiesAnyScope()) : AuthorityUtils.authorityListToSet(getGrantedAuthorities(AuthScope.global(), authScope));
    }

    private Collection<GrantedAuthority> getGrantedAuthoritiesAnyScope() {
        if (AuthScopeContext.inPriviledgedMode()) {
            return ADMIN_GRANTS;
        }
        if (!isAuthenticated()) {
            return AuthorityUtils.createAuthorityList((String[]) ((UserRole) Iterables.getOnlyElement(internalGetAllRolesAllScopes())).auth.toArray(new String[0]));
        }
        if (getCurrentUser() == null) {
            return ImmutableSet.of();
        }
        HashSet newHashSet = Sets.newHashSet();
        Iterator<UserRole> it = internalGetAllRolesAllScopes().iterator();
        while (it.hasNext()) {
            newHashSet.addAll(AuthorityUtils.createAuthorityList((String[]) it.next().auth.toArray(new String[0])));
        }
        return newHashSet;
    }

    private Collection<GrantedAuthority> getGrantedAuthorities(AuthScope... authScopeArr) {
        if (AuthScopeContext.inPriviledgedMode()) {
            return ADMIN_GRANTS;
        }
        if (!isAuthenticated()) {
            return AuthorityUtils.createAuthorityList((String[]) ((UserRole) Iterables.getOnlyElement(internalGetRoles(authScopeArr))).auth.toArray(new String[0]));
        }
        CMFUserDetailsService.CMFUser currentUser = getCurrentUser();
        if (currentUser == null) {
            return ImmutableSet.of();
        }
        HashSet newHashSet = Sets.newHashSet();
        for (AuthScope authScope : authScopeArr) {
            ImmutableSet<GrantedAuthority> grantedAuthorities = authScope.getGrantedAuthorities(currentUser);
            if (grantedAuthorities != null) {
                newHashSet.addAll(grantedAuthorities);
            }
        }
        return ImmutableSet.copyOf(newHashSet);
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public boolean isInternallyManagedUser() {
        CMFUserDetailsService.CMFUser currentUser = getCurrentUser();
        if (currentUser != null) {
            return currentUser.isInternal();
        }
        return false;
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public String getUsername() {
        if (!isAuthenticated()) {
            return CM_USER.getName();
        }
        CMFUserDetailsService.CMFUser currentUser = getCurrentUser();
        return currentUser != null ? currentUser.getUsername() : CommandUtils.CONFIG_TOP_LEVEL_DIR;
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public Set<UserRole> getRoles(AuthScope authScope) {
        return internalGetRoles(AuthScope.global(), authScope);
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public Set<UserRole> getUniqueRoles(AuthScope authScope) {
        HashSet newHashSet = Sets.newHashSet();
        for (UserRole userRole : getRoles(authScope)) {
            boolean z = true;
            UnmodifiableIterator it = ImmutableSet.copyOf(newHashSet).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                UserRole userRole2 = (UserRole) it.next();
                Set authorities = userRole2.getAuthorities();
                Set authorities2 = userRole.getAuthorities();
                Sets.SetView intersection = Sets.intersection(authorities, authorities2);
                if (intersection.equals(authorities2)) {
                    z = false;
                    break;
                }
                if (intersection.equals(authorities)) {
                    newHashSet.remove(userRole2);
                }
            }
            if (z) {
                newHashSet.add(userRole);
            }
        }
        return newHashSet;
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public boolean isExternal() {
        CMFUserDetailsService.CMFUser currentUser = getCurrentUser();
        if (currentUser != null) {
            return currentUser.isExternal();
        }
        return false;
    }

    @VisibleForTesting
    public CMFUserDetailsService.CMFUser getCurrentUser() {
        try {
            Object principal = getSecurityContext().getAuthentication().getPrincipal();
            if (principal instanceof CMFUserDetailsService.CMFUser) {
                return (CMFUserDetailsService.CMFUser) principal;
            }
            return null;
        } catch (RuntimeException e) {
            return null;
        }
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public DbUser getLoggedInUser(CmfEntityManager cmfEntityManager) {
        Authentication authentication = getSecurityContext().getAuthentication();
        if (authentication == null) {
            LOG.debug("No authentication information available for logged in user");
            return CM_USER;
        }
        Object principal = authentication.getPrincipal();
        String username = principal instanceof UserDetails ? ((UserDetails) principal).getUsername() : principal.toString();
        DbUser findUserByName = cmfEntityManager.findUserByName(username);
        if (findUserByName == null) {
            if (System.getProperties().containsKey("cmf.disable.security")) {
                LOG.debug("User " + username + " has not logged in. Creating clouderaTester user.");
                findUserByName = new DbUser("clouderaTester", "passwordHash", 1L, true);
                findUserByName.setId(-1L);
            } else {
                if (!"anonymousUser".equals(username)) {
                    throw new UsernameNotFoundException("User " + username + " not found.");
                }
                findUserByName = new DbUser(username, "passwordHash", 1L, true);
                findUserByName.setId(-1L);
            }
        }
        return findUserByName;
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public String getLoggedInUserIP() {
        HttpServletRequest request;
        try {
            ServletRequestAttributes currentRequestAttributes = RequestContextHolder.currentRequestAttributes();
            if (currentRequestAttributes == null || (request = currentRequestAttributes.getRequest()) == null) {
                return null;
            }
            return request.getRemoteAddr();
        } catch (IllegalStateException e) {
            return null;
        }
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public DbUser getCmUser() {
        return CM_USER;
    }

    public String toString() {
        return isAuthenticated() ? String.format("%s ", getUsername()) : "<unauthenticated>";
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public boolean isDeletableLastFullAdmin(Collection<DbUser> collection) {
        return isDeletableLastFullAdminInCollection(collection) && hasAuthority(AuthScope.global(), "AUTH_FULL_ADMIN_CONFIG");
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public void check(AuthScope authScope, AuthorityAware authorityAware) {
        Preconditions.checkNotNull(authorityAware);
        String authority = authorityAware.getAuthority();
        if (authority != null && !hasAuthority(authScope, authority)) {
            throw new SecurityException();
        }
    }

    @VisibleForTesting
    boolean isDeletableLastFullAdminInCollection(Collection<DbUser> collection) {
        HashSet newHashSet = Sets.newHashSet();
        HashSet newHashSet2 = Sets.newHashSet();
        for (DbUser dbUser : collection) {
            if (!dbUser.isInternal() && dbUser.getPasswordLogin().booleanValue()) {
                if (dbUser.hasRole(UserRole.ROLE_ADMIN)) {
                    newHashSet.add(dbUser);
                }
                if (dbUser.hasRole(UserRole.ROLE_USER_ADMIN)) {
                    newHashSet2.add(dbUser);
                }
            }
        }
        return newHashSet.size() == 1 && !newHashSet2.isEmpty() && Sets.intersection(newHashSet2, newHashSet).isEmpty();
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public Instant getLastLoginTime() {
        List<Instant> lastNLogins;
        CMFUserDetailsService.CMFUser currentUser = getCurrentUser();
        if (currentUser == null || (lastNLogins = currentUser.getLastNLogins()) == null || lastNLogins.size() <= 0) {
            return null;
        }
        return lastNLogins.get(0);
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public boolean hasAuthority(String str) {
        return hasAuthority(AuthScopeContext.get(), str);
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public boolean hasAnyAuthority(String... strArr) {
        return hasAnyAuthority(AuthScopeContext.get(), strArr);
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public boolean hasAnyAuthority(Set<String> set) {
        return hasAnyAuthority(AuthScopeContext.get(), set);
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public boolean hasAllAuthorities(Set<String> set) {
        return hasAllAuthorities(AuthScopeContext.get(), set);
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public Set<String> getAuthorities() {
        return getAuthorities(AuthScopeContext.get());
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public Set<UserRole> getRoles() {
        return getRoles(AuthScopeContext.get());
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public Set<UserRole> getUniqueRoles() {
        return getUniqueRoles(AuthScopeContext.get());
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public void check(AuthorityAware authorityAware) throws SecurityException {
        check(AuthScopeContext.get(), authorityAware);
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public ImmutableMap<AuthScope, ImmutableSet<UserRole>> getUserPrivileges() {
        if (!isAuthenticated()) {
            return ImmutableMap.of(AuthScope.global(), ImmutableSet.of(((DbUserRole) Iterables.getOnlyElement(CM_USER.getUserRoles())).getUserRole()));
        }
        CMFUserDetailsService.CMFUser currentUser = getCurrentUser();
        return currentUser == null ? ImmutableMap.of() : ImmutableMap.copyOf(currentUser.getRoles());
    }

    private Set<UserRole> internalGetAllRolesAllScopes() {
        if (!isAuthenticated()) {
            HashMap newHashMap = Maps.newHashMap();
            HashSet newHashSet = Sets.newHashSet();
            newHashMap.put(AuthScope.global(), Sets.newHashSet(new UserRole[]{((DbUserRole) Iterables.getOnlyElement(CM_USER.getUserRoles())).getUserRole()}));
            Iterator it = newHashMap.entrySet().iterator();
            while (it.hasNext()) {
                newHashSet.addAll((Collection) ((Map.Entry) it.next()).getValue());
            }
            return newHashSet;
        }
        CMFUserDetailsService.CMFUser currentUser = getCurrentUser();
        if (currentUser == null) {
            return ImmutableSet.of();
        }
        HashSet newHashSet2 = Sets.newHashSet();
        Iterator<Map.Entry<AuthScope, ImmutableSet<UserRole>>> it2 = currentUser.getRoles().entrySet().iterator();
        while (it2.hasNext()) {
            newHashSet2.addAll(it2.next().getValue());
        }
        return newHashSet2;
    }

    private Set<UserRole> internalGetRoles(AuthScope... authScopeArr) {
        if (!isAuthenticated()) {
            return ImmutableSet.of(((DbUserRole) Iterables.getOnlyElement(CM_USER.getUserRoles())).getUserRole());
        }
        CMFUserDetailsService.CMFUser currentUser = getCurrentUser();
        if (currentUser == null) {
            return ImmutableSet.of();
        }
        HashSet newHashSet = Sets.newHashSet();
        for (AuthScope authScope : authScopeArr) {
            ImmutableSet<UserRole> immutableSet = currentUser.getRoles().get(authScope);
            if (immutableSet != null) {
                newHashSet.addAll(immutableSet);
            }
        }
        return ImmutableSet.copyOf(newHashSet);
    }

    @VisibleForTesting
    protected SecurityContext getSecurityContext() {
        return SecurityContextHolder.getContext();
    }

    @Override // com.cloudera.server.cmf.CurrentUserManager
    public <T> ImmutableList<T> filter(Collection<? extends T> collection, Function<? super T, AuthScope> function, String... strArr) {
        return CurrentUserManager.helperFilter(this, collection, function, strArr);
    }

    static {
        CM_USER.setId(-1L);
        CM_USER.setUserRoles(ImmutableSet.of(new DbUserRole(CM_USER, UserRole.ROLE_ADMIN)));
    }
}
