package com.appiancorp.object.action.security;

import com.appiancorp.common.monitoring.ProductMetricsAggregatedDataCollector;
import com.appiancorp.core.expr.portable.PortableTypedValue;
import com.appiancorp.core.expr.portable.Type;
import com.appiancorp.object.AppianObjectServiceThreadPool;
import com.appiancorp.object.SpringSecurityCallable;
import com.appiancorp.object.action.security.RoleMapDefinitionFacade;
import com.appiancorp.object.action.security.warnings.LoggedInUserMissingAdminPrivilegeWarning;
import com.appiancorp.object.action.security.warnings.RoleMapSecurityWarning;
import com.appiancorp.object.exceptions.AppianObjectActionException;
import com.appiancorp.object.query.ObjectQuerySupportProvider;
import com.appiancorp.services.spring.ServiceContextProvider;
import com.appiancorp.suiteapi.personalization.GroupService;
import com.appiancorp.suiteapi.type.TypedValue;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.google.common.primitives.Booleans;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Future;
import java.util.stream.Collectors;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/appiancorp/object/action/security/ConsolidatedSecurityServiceImpl.class */
public final class ConsolidatedSecurityServiceImpl implements ConsolidatedSecurityService {
    private static final Logger LOG = Logger.getLogger(ConsolidatedSecurityServiceImpl.class);
    private final RoleMapCollectorAndTransformerMapProvider mapProvider;
    private final ServiceContextProvider serviceContextProvider;
    private final int providerCount;
    private final List<RoleMapSecurityWarning> roleMapSecurityWarnings;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/appiancorp/object/action/security/ConsolidatedSecurityServiceImpl$CollectAndTransformCallable.class */
    public static class CollectAndTransformCallable implements Callable<RoleMapResult> {
        private RoleMapCollectorAndTransformer transformer;
        private final boolean refreshFromDatabase;

        public CollectAndTransformCallable(RoleMapCollectorAndTransformer roleMapCollectorAndTransformer, boolean z) {
            this.transformer = roleMapCollectorAndTransformer;
            this.refreshFromDatabase = z;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public RoleMapResult call() throws Exception {
            return this.transformer.collectAndTransform(this.refreshFromDatabase);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConsolidatedSecurityServiceImpl(RoleMapCollectorAndTransformerMapProvider roleMapCollectorAndTransformerMapProvider, ServiceContextProvider serviceContextProvider, ObjectQuerySupportProvider objectQuerySupportProvider, List<RoleMapSecurityWarning> list) {
        this(roleMapCollectorAndTransformerMapProvider, serviceContextProvider, objectQuerySupportProvider.getCount(), list);
    }

    public ConsolidatedSecurityServiceImpl(RoleMapCollectorAndTransformerMapProvider roleMapCollectorAndTransformerMapProvider, ServiceContextProvider serviceContextProvider, int i, List<RoleMapSecurityWarning> list) {
        this.mapProvider = roleMapCollectorAndTransformerMapProvider;
        this.serviceContextProvider = serviceContextProvider;
        this.providerCount = i;
        this.roleMapSecurityWarnings = list;
    }

    @Override // com.appiancorp.object.action.security.ConsolidatedSecurityService
    public RoleMapResult getRoleMaps(Collection<TypedValue> collection) {
        return getRoleMaps(collection, false);
    }

    @Override // com.appiancorp.object.action.security.ConsolidatedSecurityService
    public RoleMapResult getRoleMaps(Collection<TypedValue> collection, boolean z) {
        if (collection == null || collection.isEmpty()) {
            return new RoleMapResult();
        }
        Map<Long, RoleMapCollectorAndTransformer> map = this.mapProvider.get();
        for (TypedValue typedValue : collection) {
            RoleMapCollectorAndTransformer roleMapCollectorAndTransformer = map.get(typedValue.getInstanceType());
            if (roleMapCollectorAndTransformer != null) {
                roleMapCollectorAndTransformer.addIdentifier(typedValue);
            }
        }
        HashSet<RoleMapCollectorAndTransformer> newHashSet = Sets.newHashSet(map.values());
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(newHashSet.size());
        String identity = this.serviceContextProvider.get().getIdentity().getIdentity();
        ExecutorService executorServicePool = AppianObjectServiceThreadPool.getExecutorServicePool(this.providerCount);
        for (RoleMapCollectorAndTransformer roleMapCollectorAndTransformer2 : newHashSet) {
            if (roleMapCollectorAndTransformer2.hasIdentifiers()) {
                newArrayListWithCapacity.add(executorServicePool.submit(new SpringSecurityCallable(identity, new CollectAndTransformCallable(roleMapCollectorAndTransformer2, z))));
            }
        }
        ArrayList newArrayListWithCapacity2 = Lists.newArrayListWithCapacity(newHashSet.size());
        Iterator it = newArrayListWithCapacity.iterator();
        while (it.hasNext()) {
            try {
                newArrayListWithCapacity2.add(((Future) it.next()).get());
            } catch (InterruptedException | ExecutionException e) {
                LOG.error("Failure to obtain security summary rolemaps", e);
            }
        }
        return RoleMapResult.combineRoleMapResults(newArrayListWithCapacity2);
    }

    @Override // com.appiancorp.object.action.security.ConsolidatedSecurityService
    public RoleMapWriteResult setRoleMaps(Collection<TypedValue> collection, RoleMapDefinitionFacade roleMapDefinitionFacade) throws AppianObjectActionException {
        RoleMapWriteResult roleMapWriteResult = new RoleMapWriteResult();
        if (collection == null || collection.isEmpty()) {
            return roleMapWriteResult;
        }
        Map<Long, RoleMapCollectorAndTransformer> map = this.mapProvider.get();
        for (TypedValue typedValue : collection) {
            RoleMapCollectorAndTransformer roleMapCollectorAndTransformer = map.get(typedValue.getInstanceType());
            if (roleMapCollectorAndTransformer != null) {
                roleMapCollectorAndTransformer.addIdentifier(typedValue);
            }
        }
        for (RoleMapCollectorAndTransformer roleMapCollectorAndTransformer2 : Sets.newHashSet(map.values())) {
            if (roleMapCollectorAndTransformer2.hasIdentifiers()) {
                roleMapWriteResult.append(roleMapCollectorAndTransformer2.reverseTransformAndSave(roleMapDefinitionFacade));
            }
        }
        return roleMapWriteResult;
    }

    @Override // com.appiancorp.object.action.security.ConsolidatedSecurityService
    public EquivalentObjectSecurity getEquivalentObjectSecurity(Collection<TypedValue> collection) {
        return EquivalentObjectSecurity.get(getRoleMaps(collection));
    }

    @Override // com.appiancorp.object.action.security.ConsolidatedSecurityService
    public RoleMapWriteResult removeCurrentUserFromRoleMapIfAdmin(TypedValue typedValue, String str, boolean z, GroupService groupService) throws AppianObjectActionException {
        ImmutableSet<TypedValue> identifierSet = getIdentifierSet(typedValue);
        RoleMapResult roleMaps = getRoleMaps(identifierSet);
        List roleMapDefinitionFacades = roleMaps.getRoleMapDefinitionFacades();
        if (!roleMapDefinitionFacades.isEmpty()) {
            RoleMapDefinitionFacade roleMapDefinitionFacade = (RoleMapDefinitionFacade) roleMapDefinitionFacades.get(0);
            Boolean inherit = roleMapDefinitionFacade.getInherit();
            if (z || (Boolean.TRUE.equals(inherit) && hasInheritedAdminPrivilege(roleMaps, groupService, str))) {
                RoleMapDefinitionFacade removeUsers = roleMapDefinitionFacade.removeUsers(ImmutableList.of(str));
                if (!z) {
                    ProductMetricsAggregatedDataCollector.recordData("appdesigner.securityDialog.createNewObject.inheriting.basicUserNotAddedAsAdmin", 1L);
                }
                return setRoleMaps(identifierSet, removeUsers);
            }
            if (Boolean.TRUE.equals(inherit)) {
                ProductMetricsAggregatedDataCollector.recordData("appdesigner.securityDialog.createNewObject.inheriting.basicUserAddedAsAdmin", 1L);
            }
        }
        return RoleMapWriteResult.getResultWithExpectedSize(0);
    }

    private boolean hasInheritedAdminPrivilege(RoleMapResult roleMapResult, GroupService groupService, String str) {
        RoleMapDefinitionFacade roleMapDefinitionFacade = (RoleMapDefinitionFacade) roleMapResult.getInheritedRoleMapDefinitionFacades().get(0);
        return isInInheritedAdminGroups(roleMapDefinitionFacade.getGroupsInRole(RoleMapDefinitionFacade.RoleKey.ADMINISTRATOR), groupService) || isInInheritedAdminGroups(roleMapDefinitionFacade.getInheritedGroupsInRole(RoleMapDefinitionFacade.RoleKey.ADMINISTRATOR), groupService) || roleMapDefinitionFacade.getUsersInRole(RoleMapDefinitionFacade.RoleKey.ADMINISTRATOR).contains(str) || roleMapDefinitionFacade.getInheritedUsersInRole(RoleMapDefinitionFacade.RoleKey.ADMINISTRATOR).contains(str);
    }

    private ImmutableSet<TypedValue> getIdentifierSet(TypedValue typedValue) {
        Long instanceType = typedValue.getInstanceType();
        if (instanceType.longValue() == -1 || !Type.getType(instanceType).isListType()) {
            return ImmutableSet.of(typedValue);
        }
        Long typeId = Type.getType(instanceType).typeOf().getTypeId();
        return ImmutableSet.copyOf((Collection) Arrays.stream((Object[]) typedValue.getValue()).map(obj -> {
            return new TypedValue(typeId, obj);
        }).collect(Collectors.toSet()));
    }

    private boolean isInInheritedAdminGroups(List<Long> list, GroupService groupService) {
        return Booleans.asList(groupService.isMemberOfGroups((Long[]) list.toArray(new Long[0]))).stream().anyMatch(bool -> {
            return bool.booleanValue();
        });
    }

    @Override // com.appiancorp.object.action.security.ConsolidatedSecurityService
    public Map<String, Set<String>> getWarnings(RoleMapDefinitionFacade roleMapDefinitionFacade, List<PortableTypedValue> list, boolean z) {
        HashMap hashMap = new HashMap();
        for (RoleMapSecurityWarning roleMapSecurityWarning : this.roleMapSecurityWarnings) {
            if (!z || !(roleMapSecurityWarning instanceof LoggedInUserMissingAdminPrivilegeWarning)) {
                for (Map.Entry<String, Set<String>> entry : roleMapSecurityWarning.getWarnings(roleMapDefinitionFacade, list).entrySet()) {
                    if (z) {
                        entry.getValue().remove(RoleMapSecurityWarning.PARENT_HAS_SECURITY_WARNING_KEY);
                    }
                    Set set = (Set) hashMap.get(entry.getKey());
                    if (set != null) {
                        set.addAll(entry.getValue());
                        hashMap.put(entry.getKey(), set);
                    } else if (!entry.getValue().isEmpty()) {
                        hashMap.put(entry.getKey(), entry.getValue());
                    }
                }
            }
        }
        return hashMap;
    }
}
