package org.sonar.server.authentication;

import com.google.common.base.Function;
import com.google.common.collect.FluentIterable;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserGroupDto;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
import org.sonar.server.organization.DefaultOrganizationProvider;
import org.sonar.server.user.ExternalIdentity;
import org.sonar.server.user.NewUser;
import org.sonar.server.user.UpdateUser;
import org.sonar.server.user.UserUpdater;

/* loaded from: input_file:org/sonar/server/authentication/UserIdentityAuthenticator.class */
public class UserIdentityAuthenticator {
    private static final Logger LOGGER = Loggers.get(UserIdentityAuthenticator.class);
    private final DbClient dbClient;
    private final UserUpdater userUpdater;
    private final DefaultOrganizationProvider defaultOrganizationProvider;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/server/authentication/UserIdentityAuthenticator$GroupDtoToName.class */
    public enum GroupDtoToName implements Function<GroupDto, String> {
        INSTANCE;

        public String apply(@Nonnull GroupDto groupDto) {
            return groupDto.getName();
        }
    }

    public UserIdentityAuthenticator(DbClient dbClient, UserUpdater userUpdater, DefaultOrganizationProvider defaultOrganizationProvider) {
        this.dbClient = dbClient;
        this.userUpdater = userUpdater;
        this.defaultOrganizationProvider = defaultOrganizationProvider;
    }

    public UserDto authenticate(UserIdentity userIdentity, IdentityProvider identityProvider, AuthenticationEvent.Source source) {
        return register(userIdentity, identityProvider, source);
    }

    private UserDto register(UserIdentity userIdentity, IdentityProvider identityProvider, AuthenticationEvent.Source source) {
        DbSession openSession = this.dbClient.openSession(false);
        try {
            UserDto selectByLogin = this.dbClient.userDao().selectByLogin(openSession, userIdentity.getLogin());
            if (selectByLogin == null || !selectByLogin.isActive()) {
                UserDto registerNewUser = registerNewUser(openSession, userIdentity, identityProvider, source);
                this.dbClient.closeSession(openSession);
                return registerNewUser;
            }
            registerExistingUser(openSession, selectByLogin, userIdentity, identityProvider);
            this.dbClient.closeSession(openSession);
            return selectByLogin;
        } catch (Throwable th) {
            this.dbClient.closeSession(openSession);
            throw th;
        }
    }

    private UserDto registerNewUser(DbSession dbSession, UserIdentity userIdentity, IdentityProvider identityProvider, AuthenticationEvent.Source source) {
        if (!identityProvider.allowsUsersToSignUp()) {
            throw AuthenticationException.newBuilder().setSource(source).setLogin(userIdentity.getLogin()).setMessage("User signup disabled for provider '" + identityProvider.getKey() + "'").setPublicMessage(String.format("'%s' users are not allowed to sign up", identityProvider.getKey())).build();
        }
        String email = userIdentity.getEmail();
        if (email != null && this.dbClient.userDao().doesEmailExist(dbSession, email)) {
            throw AuthenticationException.newBuilder().setSource(source).setLogin(userIdentity.getLogin()).setMessage(String.format("Email '%s' is already used", email)).setPublicMessage(String.format("You can't sign up because email '%s' is already used by an existing user. This means that you probably already registered with another account.", email)).build();
        }
        String login = userIdentity.getLogin();
        this.userUpdater.create(dbSession, NewUser.create().setLogin(login).setEmail(userIdentity.getEmail()).setName(userIdentity.getName()).setExternalIdentity(new ExternalIdentity(identityProvider.getKey(), userIdentity.getProviderLogin())));
        UserDto selectOrFailByLogin = this.dbClient.userDao().selectOrFailByLogin(dbSession, login);
        syncGroups(dbSession, userIdentity, selectOrFailByLogin);
        updateRootFlag(dbSession, selectOrFailByLogin);
        return selectOrFailByLogin;
    }

    private void registerExistingUser(DbSession dbSession, UserDto userDto, UserIdentity userIdentity, IdentityProvider identityProvider) {
        this.userUpdater.update(dbSession, UpdateUser.create(userDto.getLogin()).setEmail(userIdentity.getEmail()).setName(userIdentity.getName()).setExternalIdentity(new ExternalIdentity(identityProvider.getKey(), userIdentity.getProviderLogin())).setPassword(null));
        syncGroups(dbSession, userIdentity, userDto);
        updateRootFlag(dbSession, userDto);
    }

    private void syncGroups(DbSession dbSession, UserIdentity userIdentity, UserDto userDto) {
        if (userIdentity.shouldSyncGroups()) {
            String login = userIdentity.getLogin();
            HashSet hashSet = new HashSet(this.dbClient.groupMembershipDao().selectGroupsByLogins(dbSession, Collections.singletonList(login)).get(login));
            Set groups = userIdentity.getGroups();
            LOGGER.debug("List of groups returned by the identity provider '{}'", groups);
            Sets.SetView difference = Sets.difference(groups, hashSet);
            Sets.SetView difference2 = Sets.difference(hashSet, groups);
            ArrayList arrayList = new ArrayList((Collection) difference);
            arrayList.addAll(difference2);
            ImmutableMap uniqueIndex = FluentIterable.from(this.dbClient.groupDao().selectByNames(dbSession, this.defaultOrganizationProvider.get().getUuid(), arrayList)).uniqueIndex(GroupDtoToName.INSTANCE);
            addGroups(dbSession, userDto, difference, uniqueIndex);
            removeGroups(dbSession, userDto, difference2, uniqueIndex);
            dbSession.commit();
        }
    }

    private void addGroups(DbSession dbSession, UserDto userDto, Collection<String> collection, Map<String, GroupDto> map) {
        Stream<String> stream = collection.stream();
        map.getClass();
        stream.map((v1) -> {
            return r1.get(v1);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).forEach(groupDto -> {
            LOGGER.debug("Adding group '{}' to user '{}'", groupDto.getName(), userDto.getLogin());
            this.dbClient.userGroupDao().insert(dbSession, new UserGroupDto().setGroupId(groupDto.getId()).setUserId(userDto.getId()));
        });
    }

    private void removeGroups(DbSession dbSession, UserDto userDto, Collection<String> collection, Map<String, GroupDto> map) {
        Stream<String> stream = collection.stream();
        map.getClass();
        stream.map((v1) -> {
            return r1.get(v1);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).forEach(groupDto -> {
            LOGGER.debug("Removing group '{}' from user '{}'", groupDto.getName(), userDto.getLogin());
            this.dbClient.userGroupDao().delete(dbSession, groupDto.getId().longValue(), userDto.getId().longValue());
        });
    }

    private void updateRootFlag(DbSession dbSession, UserDto userDto) {
        this.dbClient.userDao().updateRootFlagFromPermissions(dbSession, userDto.getId().longValue(), this.defaultOrganizationProvider.get().getUuid());
        dbSession.commit();
    }
}
