package com.appiancorp.security.auth.phpmyadmin;

import com.appiancorp.ag.constant.Constants;
import com.appiancorp.core.expr.portable.string.Strings;
import com.appiancorp.features.FeatureToggleClient;
import com.appiancorp.ix.Type;
import com.appiancorp.ix.binding.Binding;
import com.appiancorp.ix.binding.ImportBinderMap;
import com.appiancorp.ix.binding.UnresolvedException;
import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.security.authz.SystemRoleAeImpl;
import com.appiancorp.services.WebServiceContextFactory;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.appiancorp.suiteapi.common.ServiceLocator;
import com.appiancorp.suiteapi.common.exceptions.InvalidGroupException;
import com.appiancorp.suiteapi.common.exceptions.InvalidGroupTypeException;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import com.appiancorp.suiteapi.personalization.Attribute;
import com.appiancorp.suiteapi.personalization.Group;
import com.appiancorp.suiteapi.personalization.GroupService;
import com.appiancorp.suiteapi.personalization.GroupType;
import com.appiancorp.suiteapi.personalization.GroupTypeService;
import com.google.common.annotations.VisibleForTesting;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/appiancorp/security/auth/phpmyadmin/PhpMyAdminUserGroupResolver.class */
public class PhpMyAdminUserGroupResolver {
    private static final Logger LOG = Logger.getLogger(PhpMyAdminUserGroupResolver.class);
    private static final String DATABASE_ADMINISTRATOR_USERNAME = "dbadmin";
    private static final String APPIAN_DB_USER = "appian";
    private static final String APPIAN_DB_RO_USER = "appianRO";
    private static final String SCHEMA_USER_SUFFIX = ".dsuser";
    private static final String SCHEMA_RO_USER_SUFFIX = ".dsuserRO";
    private final GroupService groupService;
    private final GroupTypeService groupTypeService;
    private final PhpMyAdminUserHelper phpMyAdminUserHelper;
    private final FeatureToggleClient featureToggleClient;
    private final SuiteConfiguration suiteConfiguration;
    private final PhpMyAdminAuthConfiguration phpMyAdminAuthConfig = (PhpMyAdminAuthConfiguration) ConfigurationFactory.getConfiguration(PhpMyAdminAuthConfiguration.class);
    private final PhpMyAdminSessionUtils phpMyAdminSessionUtils = PhpMyAdminSessionUtils.getInstance();
    private final GroupType schemaViewerGroupType = (GroupType) SpringSecurityContextHelper.runAsAdmin(() -> {
        return getOrCreateSchemaGroupType(Constants.GROUP_TYPE_DATABASE_SCHEMA_VIEWER_NAME, Constants.GROUP_TYPE_DATABASE_SCHEMA_VIEWER_DESC, Constants.GROUP_TYPE_DATABASE_SCHEMA_VIEWER_UUID);
    });
    private final GroupType schemaEditorGroupType = (GroupType) SpringSecurityContextHelper.runAsAdmin(() -> {
        return getOrCreateSchemaGroupType(Constants.GROUP_TYPE_DATABASE_SCHEMA_EDITOR_NAME, Constants.GROUP_TYPE_DATABASE_SCHEMA_EDITOR_DESC, Constants.GROUP_TYPE_DATABASE_SCHEMA_EDITOR_UUID);
    });

    public PhpMyAdminUserGroupResolver(GroupService groupService, GroupTypeService groupTypeService, FeatureToggleClient featureToggleClient, PhpMyAdminUserHelper phpMyAdminUserHelper, SuiteConfiguration suiteConfiguration) {
        this.groupService = groupService;
        this.groupTypeService = groupTypeService;
        this.phpMyAdminUserHelper = phpMyAdminUserHelper;
        this.featureToggleClient = featureToggleClient;
        this.suiteConfiguration = suiteConfiguration;
    }

    public String getDatabaseUsername(String str, String str2) {
        if (isUserDbAdmin(str)) {
            return DATABASE_ADMINISTRATOR_USERNAME;
        }
        if (!userHasAccessToSchema(str2, str)) {
            return isUserDatabaseEditor(str) || doesUserHaveWriteAccess(str, this.phpMyAdminUserHelper.getCloudProvidedSchemaName()) ? "appian" : APPIAN_DB_RO_USER;
        }
        boolean doesUserHaveWriteAccess = doesUserHaveWriteAccess(str, str2);
        if (this.phpMyAdminSessionUtils.isDefaultAppianSchema(str2)) {
            return doesUserHaveWriteAccess ? "appian" : APPIAN_DB_RO_USER;
        }
        return str2 + (doesUserHaveWriteAccess ? SCHEMA_USER_SUFFIX : SCHEMA_RO_USER_SUFFIX);
    }

    public boolean doesUserHaveDatabaseAccess(String str) {
        if (isUserDbAdmin(str)) {
            return true;
        }
        Long groupId = getGroupId(SystemRoleAeImpl.DATABASE_EDITOR);
        Long groupId2 = getGroupId(SystemRoleAeImpl.DATABASE_VIEWER);
        try {
            GroupService adminContextGroupService = getAdminContextGroupService();
            if (!adminContextGroupService.isUserMember(str, groupId) && !adminContextGroupService.isUserMember(str, groupId2)) {
                if (!isUserInAnySchemaSpecificGroup(str)) {
                    return false;
                }
            }
            return true;
        } catch (InvalidGroupException | PrivilegeException e) {
            LOG.error("Database Editor or Database Viewer group not found: " + groupId + ", " + groupId2, e);
            return false;
        }
    }

    @VisibleForTesting
    boolean isUserInSchemaEditorGroup(String str, String str2) {
        Long groupId = getGroupId(SystemRoleAeImpl.DATABASE_USERS);
        try {
            return Arrays.stream(this.groupService.getGroupsOfType(this.groupTypeService.getGroupTypeId(Constants.GROUP_TYPE_DATABASE_SCHEMA_EDITOR_NAME))).filter(group -> {
                return isUserInValidPhpMyAdminAccessGroup(str2, group, groupId);
            }).flatMap(group2 -> {
                return Arrays.stream(group2.getAttributes());
            }).filter(attribute -> {
                return attribute.getName().equals(PhpMyAdminSessionUtils.SCHEMA_NAME_ATTRIBUTE_NAME);
            }).map(attribute2 -> {
                return attribute2.getValue();
            }).anyMatch(obj -> {
                return obj.equals(str);
            });
        } catch (InvalidGroupTypeException e) {
            LOG.error("Error occurred determining group membership", e);
            return false;
        }
    }

    @VisibleForTesting
    boolean isUserInAnySchemaSpecificGroup(String str) {
        if (!isGroupBasedAuthenticationEnabled()) {
            return false;
        }
        Long groupId = getGroupId(SystemRoleAeImpl.DATABASE_USERS);
        try {
            Iterator it = Arrays.asList(this.groupService.getGroupsOfType(this.groupTypeService.getGroupTypeId(Constants.GROUP_TYPE_DATABASE_SCHEMA_EDITOR_NAME))).iterator();
            while (it.hasNext()) {
                if (isUserInValidPhpMyAdminAccessGroup(str, (Group) it.next(), groupId)) {
                    return true;
                }
            }
            Iterator it2 = Arrays.asList(this.groupService.getGroupsOfType(this.groupTypeService.getGroupTypeId(Constants.GROUP_TYPE_DATABASE_SCHEMA_VIEWER_NAME))).iterator();
            while (it2.hasNext()) {
                if (isUserInValidPhpMyAdminAccessGroup(str, (Group) it2.next(), groupId)) {
                    return true;
                }
            }
            return false;
        } catch (InvalidGroupTypeException e) {
            LOG.error("Error occurred determining group membership", e);
            return false;
        }
    }

    @VisibleForTesting
    boolean isUserDatabaseEditor(String str) {
        return ((Boolean) SpringSecurityContextHelper.runAsAdmin(() -> {
            Long groupId = getGroupId(SystemRoleAeImpl.DATABASE_EDITOR);
            try {
                return Boolean.valueOf(this.groupService.isUserMember(str, groupId));
            } catch (InvalidGroupException e) {
                LOG.error("Database Editor group not found: " + groupId, e);
                return false;
            }
        })).booleanValue();
    }

    @VisibleForTesting
    boolean isUserDbAdmin(String str) {
        Long databaseAdminGroupId = getDatabaseAdminGroupId();
        if (databaseAdminGroupId == null) {
            return false;
        }
        try {
            return this.groupService.isUserMember(str, databaseAdminGroupId);
        } catch (PrivilegeException e) {
            LOG.error("Unexpected PrivilegeException in retrieving if user [" + str + "] is member of group [" + databaseAdminGroupId + "] for UUID " + this.phpMyAdminAuthConfig.getDatabaseAdminGroupUuid() + " not found", e);
            return false;
        } catch (InvalidGroupException e2) {
            LOG.error("Group for UUID " + this.phpMyAdminAuthConfig.getDatabaseAdminGroupUuid() + " not found", e2);
            return false;
        }
    }

    @VisibleForTesting
    Long getDatabaseAdminGroupId() {
        try {
            return (Long) new ImportBinderMap(WebServiceContextFactory.getAdministratorServiceContext()).get((Type) Type.GROUP).bind((Binding) this.phpMyAdminAuthConfig.getDatabaseAdminGroupUuid());
        } catch (UnresolvedException e) {
            LOG.error("Group with UUID " + this.phpMyAdminAuthConfig.getDatabaseAdminGroupUuid() + " not found.", e);
            return null;
        }
    }

    @VisibleForTesting
    boolean isUserInValidPhpMyAdminAccessGroup(String str, Group group, Long l) {
        try {
            if (this.groupService.isUserMember(str, group.getId())) {
                if (this.groupService.isGroupDescendant(group.getId(), l)) {
                    return true;
                }
            }
            return false;
        } catch (InvalidGroupException | PrivilegeException e) {
            return false;
        }
    }

    @VisibleForTesting
    boolean doesUserHaveWriteAccess(String str, String str2) {
        if (this.phpMyAdminUserHelper.getCloudProvidedSchemaName().equals(str2)) {
            return doesUserHaveAnyEditAccess(str);
        }
        if (this.phpMyAdminUserHelper.getDscsSchemasForUser(str).contains(str2) && isUserDatabaseEditor(str)) {
            return true;
        }
        return isGroupBasedAuthenticationEnabled() && ((List) SpringSecurityContextHelper.runAsAdmin(() -> {
            return this.phpMyAdminUserHelper.getGroupSchemasForUser(str);
        })).contains(str2) && isUserInSchemaEditorGroup(str2, str);
    }

    @VisibleForTesting
    Long getGroupId(SystemRoleAeImpl systemRoleAeImpl) {
        return systemRoleAeImpl.getGroupId();
    }

    @VisibleForTesting
    GroupService getAdminContextGroupService() {
        return ServiceLocator.getGroupService(WebServiceContextFactory.getAdministratorServiceContext());
    }

    @VisibleForTesting
    boolean isGroupBasedAuthenticationEnabled() {
        return this.featureToggleClient.isFeatureEnabled(PhpMyAdminSessionUtils.PHPMYADMIN_SCHEMA_SPECIFIC_ACCESS_ENABLED);
    }

    private boolean userHasAccessToSchema(String str, String str2) {
        return !Strings.isNullOrEmpty(str) && this.phpMyAdminUserHelper.getSchemasForUser(str2).contains(str);
    }

    private boolean doesUserHaveAnyEditAccess(String str) {
        if (isUserDatabaseEditor(str)) {
            return true;
        }
        if (!isGroupBasedAuthenticationEnabled()) {
            return false;
        }
        Long groupId = getGroupId(SystemRoleAeImpl.DATABASE_USERS);
        try {
            Iterator it = Arrays.asList(this.groupService.getGroupsOfType(this.groupTypeService.getGroupTypeId(Constants.GROUP_TYPE_DATABASE_SCHEMA_EDITOR_NAME))).iterator();
            while (it.hasNext()) {
                if (isUserInValidPhpMyAdminAccessGroup(str, (Group) it.next(), groupId)) {
                    return true;
                }
            }
            return false;
        } catch (InvalidGroupTypeException e) {
            LOG.error("Error occurred determining group membership", e);
            return false;
        }
    }

    private GroupType getOrCreateSchemaGroupType(String str, String str2, String str3) {
        if (!this.suiteConfiguration.isCloudSite()) {
            return null;
        }
        try {
            Long groupTypeId = this.groupTypeService.getGroupTypeId(str);
            return groupTypeId.longValue() < 0 ? createSchemaGroupType(str, str2, str3) : this.groupTypeService.getGroupType(groupTypeId);
        } catch (Exception e) {
            LOG.error("Unexpected error encountered retrieving or creating the schema GroupType object:", e);
            return null;
        }
    }

    private GroupType createSchemaGroupType(String str, String str2, String str3) throws Exception {
        GroupType groupType = new GroupType(str, ServiceLocator.getAdministratorUser().getUsername());
        groupType.setDescription(str2);
        groupType.setUuid(str3);
        this.groupTypeService.addAttribute(this.groupTypeService.createGroupType(groupType), new Attribute(PhpMyAdminSessionUtils.SCHEMA_NAME_ATTRIBUTE_NAME, 1, PhpMyAdminSessionUtils.SCHEMA_NAME_ATTRIBUTE_DEFAULT));
        return groupType;
    }
}
