package com.cloudera.server.web.cmf;

import com.cloudera.cmf.cdhclient.util.ThrottlingLogger;
import com.cloudera.cmf.model.DbExternalMapping;
import com.cloudera.cmf.model.ExternalMappingType;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.scm.ScmParamTrackerStore;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.user.UserRole;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.persistence.EntityManagerFactory;
import org.joda.time.Duration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;

/* loaded from: input_file:com/cloudera/server/web/cmf/CmfLdapUserDetailsContextMapper.class */
public class CmfLdapUserDetailsContextMapper implements UserDetailsContextMapper {
    private LdapUserDetailsMapper udm = new LdapUserDetailsMapper();
    private UserMapper userMapper = null;
    private EntityManagerFactory emf;
    private static final Logger LOG = LoggerFactory.getLogger(CmfLdapUserDetailsContextMapper.class);
    private static ThrottlingLogger THROTTLED_LOG = new ThrottlingLogger(LOG, Duration.standardMinutes(5));

    @VisibleForTesting
    static final Function<ExternalMappingType, Boolean> MAPPING_MATCHER = new Function<ExternalMappingType, Boolean>() { // from class: com.cloudera.server.web.cmf.CmfLdapUserDetailsContextMapper.1
        public Boolean apply(ExternalMappingType externalMappingType) {
            return Boolean.valueOf(externalMappingType == ExternalMappingType.LDAP);
        }
    };

    @VisibleForTesting
    static final Map<ParamSpec<List<String>>, UserRole> PARAMS_TO_ROLE = ImmutableMap.builder().put(ScmParams.LDAP_ADMIN_GROUPS, UserRole.ROLE_ADMIN).put(ScmParams.LDAP_CLUSTER_ADMIN_GROUPS, UserRole.ROLE_CLUSTER_ADMIN).put(ScmParams.LDAP_CONFIGURATOR_GROUPS, UserRole.ROLE_CONFIGURATOR).put(ScmParams.LDAP_OPERATOR_GROUPS, UserRole.ROLE_OPERATOR).put(ScmParams.LDAP_LIMITED_GROUPS, UserRole.ROLE_LIMITED).put(ScmParams.LDAP_BDR_ADMIN_GROUPS, UserRole.ROLE_BDR_ADMIN).put(ScmParams.LDAP_NAVIGATOR_ADMIN_GROUPS, UserRole.ROLE_NAVIGATOR_ADMIN).put(ScmParams.LDAP_USER_ADMIN_GROUPS, UserRole.ROLE_USER_ADMIN).put(ScmParams.LDAP_AUDITOR_GROUPS, UserRole.ROLE_AUDITOR).put(ScmParams.LDAP_KEY_ADMIN_GROUPS, UserRole.ROLE_KEY_ADMIN).put(ScmParams.LDAP_DASHBOARD_USER_GROUPS, UserRole.ROLE_DASHBOARD_USER).build();

    public void initialize(EntityManagerFactory entityManagerFactory, UserMapper userMapper, ScmParamTrackerStore scmParamTrackerStore) {
        this.userMapper = userMapper;
        this.emf = entityManagerFactory;
    }

    public UserDetails mapUserFromContext(DirContextOperations dirContextOperations, String str, Collection<? extends GrantedAuthority> collection) {
        Preconditions.checkNotNull(this.userMapper);
        UserDetails mapUserFromContext = this.udm.mapUserFromContext(dirContextOperations, str, collection);
        HashSet newHashSet = Sets.newHashSet();
        try {
            String username = mapUserFromContext.getUsername();
            newHashSet.add(username.toLowerCase());
            Iterator it = mapUserFromContext.getAuthorities().iterator();
            while (it.hasNext()) {
                String authority = ((GrantedAuthority) it.next()).getAuthority();
                if (authority != null) {
                    newHashSet.add(authority.trim().toLowerCase());
                }
            }
            HashMultimap<AuthScope, UserRole> fetchMapping = createStrategyInstance(newHashSet).fetchMapping(this.emf);
            if (fetchMapping.isEmpty()) {
                THROTTLED_LOG.info(String.format("External user %s logged in without any roles.", username));
            }
            return this.userMapper.mapUser(username, fetchMapping.asMap());
        } catch (RuntimeException e) {
            throw new AuthenticationServiceException("Authentication failed. Please try again.", e);
        }
    }

    @VisibleForTesting
    protected ExternalMapperStrategy createStrategyInstance(final Set<String> set) {
        return new ExternalMapperStrategy(MAPPING_MATCHER, new Function<DbExternalMapping, Boolean>() { // from class: com.cloudera.server.web.cmf.CmfLdapUserDetailsContextMapper.2
            public Boolean apply(DbExternalMapping dbExternalMapping) {
                return Boolean.valueOf(set.contains(dbExternalMapping.getCode().toLowerCase()));
            }
        });
    }

    public void mapUserToContext(UserDetails userDetails, DirContextAdapter dirContextAdapter) {
        this.udm.mapUserToContext(userDetails, dirContextAdapter);
    }

    @VisibleForTesting
    void setLdapUserDetailsMapper(LdapUserDetailsMapper ldapUserDetailsMapper) {
        this.udm = ldapUserDetailsMapper;
    }
}
