package com.appiancorp.object.remote;

import com.appiancorp.ag.ExtendedUserService;
import com.appiancorp.core.API;
import com.appiancorp.core.expr.portable.Value;
import com.appiancorp.features.FeatureToggleClient;
import com.appiancorp.object.action.security.ObjectSecuritySupport;
import com.appiancorp.object.action.security.RoleMapDefinitionFacade;
import com.appiancorp.object.action.security.RoleMapResult;
import com.appiancorp.object.action.security.RoleMapWriteResult;
import com.appiancorp.object.exceptions.AppianObjectActionException;
import com.appiancorp.object.remote.ia.RemoteObjectIaUpdater;
import com.appiancorp.object.remote.id.RemoteDesignObjectIdService;
import com.appiancorp.object.remote.id.UUIDMappingException;
import com.appiancorp.object.remote.id.UnrecognizedIdException;
import com.appiancorp.rdo.client.api.IaApi;
import com.appiancorp.rdo.client.api.ObjectQuerySupportApi;
import com.appiancorp.rdo.client.api.ObjectSecuritySupportApi;
import com.appiancorp.rdo.client.invoker.ApiClient;
import com.appiancorp.rdo.client.invoker.ApiException;
import com.appiancorp.rdo.client.model.RemoteDesignObjectQuery;
import com.appiancorp.rdo.client.model.RemotePagingInfo;
import com.appiancorp.rdo.client.model.RemoteQueryResult;
import com.appiancorp.rdo.client.model.RemoteQueryResultItem;
import com.appiancorp.rdo.client.model.RemoteRoleMap;
import com.appiancorp.rdo.client.model.RemoteRoleMapEntry;
import com.appiancorp.rdo.client.model.RemoteRoleMapResult;
import com.appiancorp.rdo.client.model.RemoteRoleMapSetRequest;
import com.appiancorp.rdo.client.model.RemoteRoleMapWithId;
import com.appiancorp.rdo.client.model.RemoteRoleMapWriteResult;
import com.appiancorp.security.auth.SecurityContextProvider;
import com.appiancorp.security.changelog.SecurityAuditLogger;
import com.appiancorp.suiteapi.common.exceptions.AppianRuntimeException;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import com.appiancorp.suiteapi.personalization.User;
import com.appiancorp.suiteapi.type.TypeService;
import com.appiancorp.suiteapi.type.TypedValue;
import com.appiancorp.type.cdt.value.RoleMapDefinition;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@SuppressFBWarnings({"EI_EXPOSE_REP2"})
/* loaded from: input_file:com/appiancorp/object/remote/RemoteObjectSecuritySupport.class */
public class RemoteObjectSecuritySupport implements ObjectSecuritySupport {
    private static final Logger LOG = LoggerFactory.getLogger(RemoteObjectSecuritySupport.class);
    public static final Map<RemoteRoleMapEntry.RoleEnum, RoleMapDefinitionFacade.RoleKey> REMOTE_TO_LOCAL_ROLE = ImmutableMap.builder().put(RemoteRoleMapEntry.RoleEnum.ADMINISTRATOR, RoleMapDefinitionFacade.RoleKey.ADMINISTRATOR).put(RemoteRoleMapEntry.RoleEnum.EDITOR, RoleMapDefinitionFacade.RoleKey.EDITOR).put(RemoteRoleMapEntry.RoleEnum.VIEWER, RoleMapDefinitionFacade.RoleKey.VIEWER).put(RemoteRoleMapEntry.RoleEnum.DENY, RoleMapDefinitionFacade.RoleKey.DENY).put(RemoteRoleMapEntry.RoleEnum.INITIATOR, RoleMapDefinitionFacade.RoleKey.INITIATOR).put(RemoteRoleMapEntry.RoleEnum.MANAGER, RoleMapDefinitionFacade.RoleKey.MANAGER).build();
    private final RemoteDesignObjectDefinition remoteDesignObjectDefinition;
    private final RemoteDesignObjectIdService rdoIdService;
    private final ApiClientSupplier<ApiClient, RemoteDesignObjectDefinition> apiClientSupplier;
    private final TypeService typeService;
    private final ExtendedUserService extendedUserService;
    private final RemoteObjectIaUpdater iaUpdater;
    private final FeatureToggleClient featureToggleClient;
    private final SecurityAuditLogger securityAuditLogger;
    private final SecurityContextProvider securityContextProvider;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.appiancorp.object.remote.RemoteObjectSecuritySupport$1, reason: invalid class name */
    /* loaded from: input_file:com/appiancorp/object/remote/RemoteObjectSecuritySupport$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$appiancorp$object$action$security$RoleMapDefinitionFacade$DefaultRoleKey = new int[RoleMapDefinitionFacade.DefaultRoleKey.values().length];

        static {
            try {
                $SwitchMap$com$appiancorp$object$action$security$RoleMapDefinitionFacade$DefaultRoleKey[RoleMapDefinitionFacade.DefaultRoleKey.ADMINISTRATOR.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$appiancorp$object$action$security$RoleMapDefinitionFacade$DefaultRoleKey[RoleMapDefinitionFacade.DefaultRoleKey.EDITOR.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$appiancorp$object$action$security$RoleMapDefinitionFacade$DefaultRoleKey[RoleMapDefinitionFacade.DefaultRoleKey.VIEWER.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public RemoteObjectSecuritySupport(RemoteDesignObjectDefinition remoteDesignObjectDefinition, RemoteDesignObjectIdService remoteDesignObjectIdService, ApiClientSupplier<ApiClient, RemoteDesignObjectDefinition> apiClientSupplier, TypeService typeService, ExtendedUserService extendedUserService, RemoteObjectIaUpdater remoteObjectIaUpdater, FeatureToggleClient featureToggleClient, SecurityAuditLogger securityAuditLogger, SecurityContextProvider securityContextProvider) {
        this.remoteDesignObjectDefinition = remoteDesignObjectDefinition;
        this.rdoIdService = remoteDesignObjectIdService;
        this.apiClientSupplier = apiClientSupplier;
        this.typeService = typeService;
        this.extendedUserService = extendedUserService;
        this.iaUpdater = remoteObjectIaUpdater;
        this.featureToggleClient = featureToggleClient;
        this.securityAuditLogger = securityAuditLogger;
        this.securityContextProvider = securityContextProvider;
    }

    public RoleMapWriteResult setRoleMap(Collection<Value> collection, RoleMapDefinitionFacade roleMapDefinitionFacade) throws AppianObjectActionException {
        long j = -1;
        if (this.featureToggleClient.isFeatureEnabled(RemoteJwtSupplierImpl.REDUCE_JWT_FEATURE_TOGGLE_KEY)) {
            try {
                j = getMaxTxnId();
            } catch (ApiException e) {
                LOG.warn("Failed to get max txn id. Will skip synchronous IA.", e);
            }
        }
        RoleMapResult roleMaps = getRoleMaps((Set) collection.stream().collect(Collectors.toSet()));
        RemoteRoleMapSetRequest constructSetRoleMapRequest = constructSetRoleMapRequest(collection, roleMapDefinitionFacade);
        RoleMapWriteResult executeSetRequest = executeSetRequest(constructSetRoleMapRequest);
        Timestamp timestamp = new Timestamp(System.currentTimeMillis());
        if (this.featureToggleClient.isFeatureEnabled(RemoteJwtSupplierImpl.REDUCE_JWT_FEATURE_TOGGLE_KEY) && j >= 0) {
            try {
                this.iaUpdater.updateIa(constructSetRoleMapRequest.getIdentifiers(), j);
            } catch (Exception e2) {
                LOG.warn("Failed to update IA for RDO.", e2);
            }
        }
        Map<UUID, String> remoteObjectNames = getRemoteObjectNames(executeSetRequest.getSuccessIds());
        for (Value value : executeSetRequest.getSuccessIds()) {
            try {
                UUID fromString = UUID.fromString(this.rdoIdService.getUuid(Long.valueOf(value.longValue()), this.remoteDesignObjectDefinition.getType()));
                RoleMapDefinition build = ((RoleMapDefinitionFacade) roleMaps.getIdToFacadeMap().get(value)).build();
                RoleMapDefinition build2 = roleMapDefinitionFacade.build();
                if (!build.equals(build2)) {
                    RemoteRoleMapUpdateResult remoteRoleMapUpdateResult = new RemoteRoleMapUpdateResult();
                    remoteRoleMapUpdateResult.setHasUpdated(true);
                    remoteRoleMapUpdateResult.setPreviousRoleMap(build);
                    remoteRoleMapUpdateResult.setNewRoleMap(build2);
                    remoteRoleMapUpdateResult.setName(remoteObjectNames.get(fromString));
                    remoteRoleMapUpdateResult.setObjectUuid(fromString.toString());
                    remoteRoleMapUpdateResult.setIsSystem(false);
                    remoteRoleMapUpdateResult.setType(this.remoteDesignObjectDefinition.getType().getTypeId());
                    remoteRoleMapUpdateResult.setUser(this.securityContextProvider.get().getName());
                    remoteRoleMapUpdateResult.setTimestamp(timestamp);
                    this.securityAuditLogger.logUpdate(remoteRoleMapUpdateResult);
                }
            } catch (UnrecognizedIdException e3) {
            }
        }
        return executeSetRequest;
    }

    private RemoteRoleMapSetRequest constructSetRoleMapRequest(Collection<Value> collection, RoleMapDefinitionFacade roleMapDefinitionFacade) throws AppianObjectActionException {
        RemoteRoleMapSetRequest remoteRoleMapSetRequest = new RemoteRoleMapSetRequest();
        List<UUID> mapToUuids = mapToUuids(collection);
        if (mapToUuids.size() < collection.size()) {
            throw new AppianRuntimeException(ErrorCode.APP_DESIGNER_ACTION_OBJECT_DOES_NOT_EXIST, new Object[0]);
        }
        remoteRoleMapSetRequest.setIdentifiers(mapToUuids);
        RemoteRoleMap remoteRoleMap = new RemoteRoleMap(defaultRoleKeyToRemote(roleMapDefinitionFacade.getDefaultForAllUsers()));
        remoteRoleMap.setEntries(new ArrayList());
        for (Map.Entry<RemoteRoleMapEntry.RoleEnum, RoleMapDefinitionFacade.RoleKey> entry : REMOTE_TO_LOCAL_ROLE.entrySet()) {
            RemoteRoleMapEntry.RoleEnum key = entry.getKey();
            RoleMapDefinitionFacade.RoleKey value = entry.getValue();
            RemoteRoleMapEntry remoteRoleMapEntry = new RemoteRoleMapEntry();
            remoteRoleMapEntry.setRole(key);
            List list = (List) Stream.of((Object[]) this.extendedUserService.getUsers((String[]) roleMapDefinitionFacade.getUsersInRole(value).toArray(new String[0]))).map(user -> {
                return user.getUuid();
            }).collect(Collectors.toList());
            remoteRoleMapEntry.setUsers(list);
            List list2 = (List) roleMapDefinitionFacade.getGroupsInRole(value).stream().map((v0) -> {
                return String.valueOf(v0);
            }).collect(Collectors.toList());
            remoteRoleMapEntry.setGroups(list2);
            if (!list.isEmpty() || !list2.isEmpty()) {
                remoteRoleMap.addEntriesItem(remoteRoleMapEntry);
            }
        }
        remoteRoleMapSetRequest.setRoleMap(remoteRoleMap);
        return remoteRoleMapSetRequest;
    }

    private RemoteRoleMap.DefaultRoleEnum defaultRoleKeyToRemote(RoleMapDefinitionFacade.DefaultRoleKey defaultRoleKey) {
        switch (AnonymousClass1.$SwitchMap$com$appiancorp$object$action$security$RoleMapDefinitionFacade$DefaultRoleKey[defaultRoleKey.ordinal()]) {
            case 1:
                return RemoteRoleMap.DefaultRoleEnum.ADMINISTRATOR;
            case 2:
                return RemoteRoleMap.DefaultRoleEnum.EDITOR;
            case 3:
                return RemoteRoleMap.DefaultRoleEnum.VIEWER;
            default:
                return RemoteRoleMap.DefaultRoleEnum.NONE;
        }
    }

    private RoleMapWriteResult executeSetRequest(RemoteRoleMapSetRequest remoteRoleMapSetRequest) throws AppianObjectActionException {
        ObjectSecuritySupportApi objectSecuritySupportApi = (ObjectSecuritySupportApi) this.apiClientSupplier.getApi(ObjectSecuritySupportApi.class, (Class) this.remoteDesignObjectDefinition).orElseThrow(() -> {
            return new AppianObjectActionException(ErrorCode.APP_DESIGNER_ACTION_UNEXPECTED_ERROR, new Object[]{"ApiClient not found for " + this.remoteDesignObjectDefinition.getUserFriendlyTypeName()});
        });
        RoleMapWriteResult resultWithExpectedSize = RoleMapWriteResult.getResultWithExpectedSize(remoteRoleMapSetRequest.getIdentifiers().size());
        try {
            RemoteRoleMapWriteResult designObjectsObjectSecuritySupportV1Put = objectSecuritySupportApi.designObjectsObjectSecuritySupportV1Put(remoteRoleMapSetRequest);
            convertToTvAndConsume(designObjectsObjectSecuritySupportV1Put.getInsufficientPrivilegesIds(), typedValue -> {
                resultWithExpectedSize.addInsufficientPrivilegesId(API.typedValueToValue(typedValue));
            });
            convertToTvAndConsume(designObjectsObjectSecuritySupportV1Put.getInvalidIds(), typedValue2 -> {
                resultWithExpectedSize.addInvalidId(API.typedValueToValue(typedValue2));
            });
            convertToTvAndConsume(designObjectsObjectSecuritySupportV1Put.getSuccessIds(), typedValue3 -> {
                resultWithExpectedSize.addSuccessId(API.typedValueToValue(typedValue3));
            });
            return resultWithExpectedSize;
        } catch (ApiException e) {
            throw new AppianObjectActionException(ErrorCode.GENERIC_RUNTIME_ERROR, e, new Object[0]);
        }
    }

    private void convertToTvAndConsume(List<UUID> list, Consumer<TypedValue> consumer) {
        if (list == null || list.isEmpty()) {
            return;
        }
        try {
            Iterator<UUID> it = list.iterator();
            while (it.hasNext()) {
                consumer.accept(new TypedValue(this.remoteDesignObjectDefinition.getType().getTypeId(), this.rdoIdService.getOrCreateId(it.next().toString(), this.remoteDesignObjectDefinition.getType())));
            }
        } catch (UUIDMappingException e) {
            throw new AppianRuntimeException(ErrorCode.APP_DESIGNER_ACTION_OBJECT_DOES_NOT_EXIST, new Object[]{e});
        }
    }

    public RoleMapResult getRoleMaps(Set<Value> set) {
        ObjectSecuritySupportApi objectSecuritySupportApi = (ObjectSecuritySupportApi) this.apiClientSupplier.getApiOrThrow(ObjectSecuritySupportApi.class, this.remoteDesignObjectDefinition);
        try {
            List<UUID> mapToUuids = mapToUuids(set);
            RoleMapResult resultWithExpectedSize = RoleMapResult.getResultWithExpectedSize(set.size());
            RemoteRoleMapResult designObjectsObjectSecuritySupportV1Get = objectSecuritySupportApi.designObjectsObjectSecuritySupportV1Get(mapToUuids);
            convertToTvAndConsume(designObjectsObjectSecuritySupportV1Get.getInsufficientPrivilegesIds(), typedValue -> {
                resultWithExpectedSize.addInsufficientPrivilegesId(API.typedValueToValue(typedValue));
            });
            convertToTvAndConsume(designObjectsObjectSecuritySupportV1Get.getInvalidIds(), typedValue2 -> {
                resultWithExpectedSize.addInvalidId(API.typedValueToValue(typedValue2));
            });
            convertToTvRmdFacadeAndConsume(designObjectsObjectSecuritySupportV1Get.getDefinitionRoleMaps(), (typedValue3, roleMapDefinitionFacade) -> {
                resultWithExpectedSize.addRoleMapDefinitionFacade(API.typedValueToValue(typedValue3), roleMapDefinitionFacade);
            });
            convertToTvRmdFacadeAndConsume(designObjectsObjectSecuritySupportV1Get.getInheritedRoleMaps(), (typedValue4, roleMapDefinitionFacade2) -> {
                resultWithExpectedSize.addInheritedRoleMapDefinitionFacade(API.typedValueToValue(typedValue4), roleMapDefinitionFacade2);
            });
            return resultWithExpectedSize;
        } catch (ApiException e) {
            throw new AppianRuntimeException(ErrorCode.GENERIC_RUNTIME_ERROR, new Object[]{e});
        }
    }

    private Map<UUID, String> getRemoteObjectNames(List<Value> list) {
        try {
            RemoteQueryResult designObjectsObjectQuerySupportV1Post = ((ObjectQuerySupportApi) this.apiClientSupplier.getApiOrThrow(ObjectQuerySupportApi.class, this.remoteDesignObjectDefinition)).designObjectsObjectQuerySupportV1Post(new RemoteDesignObjectQuery().uuids(mapToUuids(list)).pagingInfo(new RemotePagingInfo().batchSize(-1).startIndex(0).listOfSorts(Collections.EMPTY_LIST)).propertyNames(ImmutableList.of("uuid", "name")));
            HashMap hashMap = new HashMap();
            for (RemoteQueryResultItem remoteQueryResultItem : designObjectsObjectQuerySupportV1Post.getResultList()) {
                hashMap.put(UUID.fromString((String) remoteQueryResultItem.get("uuid")), (String) remoteQueryResultItem.get("name"));
            }
            return hashMap;
        } catch (ApiException e) {
            throw new AppianRuntimeException(ErrorCode.GENERIC_RUNTIME_ERROR, new Object[]{e});
        }
    }

    private void convertToTvRmdFacadeAndConsume(List<RemoteRoleMapWithId> list, BiConsumer<TypedValue, RoleMapDefinitionFacade> biConsumer) {
        if (list == null || list.isEmpty()) {
            return;
        }
        for (RemoteRoleMapWithId remoteRoleMapWithId : list) {
            try {
                RemoteRoleMap roleMap = remoteRoleMapWithId.getRoleMap();
                UUID uuid = remoteRoleMapWithId.getUuid();
                RoleMapDefinitionFacade remoteRoleMapToFacade = remoteRoleMapToFacade(this.typeService, this.extendedUserService, roleMap);
                remoteRoleMapToFacade.setInherit(false);
                biConsumer.accept(new TypedValue(this.remoteDesignObjectDefinition.getType().getTypeId(), this.rdoIdService.getOrCreateId(uuid.toString(), this.remoteDesignObjectDefinition.getType())), remoteRoleMapToFacade);
            } catch (UUIDMappingException e) {
                throw new AppianRuntimeException(ErrorCode.GENERIC_RUNTIME_ERROR, new Object[]{e});
            }
        }
    }

    private List<UUID> mapToUuids(Collection<Value> collection) {
        return (List) this.rdoIdService.getUuids((List) collection.stream().map(value -> {
            return Long.valueOf(value.longValue());
        }).collect(Collectors.toList())).stream().map(UUID::fromString).collect(Collectors.toList());
    }

    private RoleMapDefinitionFacade remoteRoleMapToFacade(TypeService typeService, ExtendedUserService extendedUserService, RemoteRoleMap remoteRoleMap) {
        RoleMapDefinitionFacade facade = RoleMapDefinitionFacade.facade();
        facade.setInherit(false);
        if (remoteRoleMap == null || remoteRoleMap.getEntries() == null || remoteRoleMap.getEntries().isEmpty()) {
            return facade;
        }
        for (RemoteRoleMapEntry remoteRoleMapEntry : remoteRoleMap.getEntries()) {
            RoleMapDefinitionFacade.RoleKey roleKey = REMOTE_TO_LOCAL_ROLE.get(remoteRoleMapEntry.getRole());
            List list = (List) remoteRoleMapEntry.getGroups().stream().map(Long::valueOf).collect(Collectors.toList());
            User[] usersByUuid = extendedUserService.getUsersByUuid((String[]) remoteRoleMapEntry.getUsers().stream().toArray(i -> {
                return new String[i];
            }));
            facade.addGroupsToRole(roleKey, list);
            facade.addUsersToRole(roleKey, (List) Arrays.stream(usersByUuid).map((v0) -> {
                return v0.getUsername();
            }).collect(Collectors.toList()));
        }
        return facade;
    }

    public Collection<Long> getTypeIds() {
        return Collections.singleton(this.remoteDesignObjectDefinition.getType().getTypeId());
    }

    private long getMaxTxnId() throws ApiException {
        return ((IaApi) this.apiClientSupplier.getApiOrThrow(IaApi.class, this.remoteDesignObjectDefinition)).designObjectsIAMaxTransactionV1Get().getId().longValue();
    }
}
