package de.acosix.alfresco.mtsupport.repo.sync;

import java.io.IOException;
import java.io.Serializable;
import java.net.URLDecoder;
import java.text.DateFormat;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.management.AttributeNotFoundException;
import javax.management.InstanceNotFoundException;
import javax.management.IntrospectionException;
import javax.management.MBeanAttributeInfo;
import javax.management.MBeanException;
import javax.management.MBeanServerConnection;
import javax.management.MalformedObjectNameException;
import javax.management.ObjectName;
import javax.management.ReflectionException;
import org.alfresco.repo.admin.SysAdminParams;
import org.alfresco.repo.batch.BatchProcessor;
import org.alfresco.repo.dictionary.constraint.NameChecker;
import org.alfresco.repo.lock.JobLockService;
import org.alfresco.repo.lock.LockAcquisitionException;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.management.subsystems.ChildApplicationContextManager;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizerStatus;
import org.alfresco.repo.security.sync.SyncStatus;
import org.alfresco.repo.security.sync.SynchronizeDiagnostic;
import org.alfresco.repo.security.sync.SynchronizeDiagnosticImpl;
import org.alfresco.repo.security.sync.SynchronizeDirectoryEndEvent;
import org.alfresco.repo.security.sync.SynchronizeDirectoryStartEvent;
import org.alfresco.repo.security.sync.SynchronizeEndEvent;
import org.alfresco.repo.security.sync.SynchronizeStartEvent;
import org.alfresco.repo.security.sync.TestableChainingUserRegistrySynchronizer;
import org.alfresco.repo.security.sync.UserRegistry;
import org.alfresco.repo.security.sync.UserRegistrySynchronizer;
import org.alfresco.repo.tenant.TenantAdminService;
import org.alfresco.repo.tenant.TenantDeployer;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.repo.tenant.TenantUtil;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.attributes.AttributeService;
import org.alfresco.service.cmr.repository.ContentService;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.EqualsHelper;
import org.alfresco.util.Pair;
import org.alfresco.util.ParameterCheck;
import org.alfresco.util.PropertyCheck;
import org.apache.commons.logging.LogFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.extensions.surf.util.AbstractLifecycleBean;
import org.springframework.extensions.surf.util.I18NUtil;

/* loaded from: input_file:de/acosix/alfresco/mtsupport/repo/sync/TenantAwareChainingUserRegistrySynchronizer.class */
public class TenantAwareChainingUserRegistrySynchronizer extends AbstractLifecycleBean implements UserRegistrySynchronizer, ChainingUserRegistrySynchronizerStatus, TestableChainingUserRegistrySynchronizer, InitializingBean, ApplicationEventPublisherAware, TenantDeployer {
    private static final String ALFRESCO_M_BEAN_SERVER = "alfrescoMBeanServer";
    private static final long LOCK_TTL = 120000;
    public static final int USER_REGISTRY_ENTITY_BATCH_SIZE = 20;
    public static final String ROOT_ATTRIBUTE_PATH = ".ChainingUserRegistrySynchronizer";
    public static final String ROOT_MT_ATTRIBUTE_PATH = ".TenantAwareChainingUserRegistrySynchronizer";
    public static final String GROUP_LAST_MODIFIED_ATTRIBUTE = "GROUP";
    public static final String PERSON_LAST_MODIFIED_ATTRIBUTE = "PERSON";
    public static final String STATUS_ATTRIBUTE = "STATUS";
    public static final String LAST_ERROR_ATTRIBUTE = "LAST_ERROR";
    public static final String START_TIME_ATTRIBUTE = "START_TIME";
    public static final String END_TIME_ATTRIBUTE = "END_TIME";
    public static final String SERVER_ATTRIBUTE = "LAST_RUN_HOST";
    public static final String SUMMARY_ATTRIBUTE = "SUMMARY";
    protected ApplicationContext applicationContext;
    protected ChildApplicationContextManager applicationContextManager;
    protected String userRegistrySourceBeanName;
    protected AuthorityService authorityService;
    protected NodeService nodeService;
    protected ContentService contentService;
    protected PersonService personService;
    protected AttributeService attributeService;
    protected TransactionService transactionService;
    protected JobLockService jobLockService;
    protected ApplicationEventPublisher applicationEventPublisher;
    protected Map<String, Boolean> syncWhenMissingPeopleLogIn;
    protected Map<String, Boolean> syncOnStartup;
    protected Map<String, Boolean> autoCreatePeopleOnLogin;
    protected MBeanServerConnection mbeanServer;
    protected Map<String, Boolean> syncDelete;
    protected Map<String, Boolean> allowDeletions;
    protected NameChecker nameChecker;
    protected SysAdminParams sysAdminParams;
    protected TenantService tenantService;
    protected TenantAdminService tenantAdminService;
    private static final Logger LOGGER = LoggerFactory.getLogger(TenantAwareChainingUserRegistrySynchronizer.class);
    private static final QName DEFAULT_LOCK_QNAME = QName.createQName("http://www.alfresco.org/model/system/1.0", "ChainingUserRegistrySynchronizer");
    protected int loggingInterval = 100;
    protected int workerThreads = 2;
    protected Map<String, String> externalUserControl = Collections.emptyMap();
    protected Map<String, String> externalUserControlSubsystemName = Collections.emptyMap();

    @FunctionalInterface
    /* loaded from: input_file:de/acosix/alfresco/mtsupport/repo/sync/TenantAwareChainingUserRegistrySynchronizer$ComponentLookupCallback.class */
    public interface ComponentLookupCallback {
        Object getComponent(String str);

        default <T> T getComponent(String str, Class<T> cls) {
            return cls.cast(getComponent(str));
        }
    }

    public void init() {
    }

    public void destroy() {
    }

    public void onEnableTenant() {
        String currentDomain = TenantUtil.getCurrentDomain();
        boolean equals = Boolean.TRUE.equals(this.syncOnStartup.get(currentDomain));
        LOGGER.debug("Tenant {} enabled - syncOnStartup is {}", currentDomain, Boolean.valueOf(equals));
        if (equals) {
            try {
                synchronize(false, false, true);
            } catch (RuntimeException e) {
                LOGGER.warn("Failed startup synchronisation with user registries in {} tenant", currentDomain, e);
            }
        }
    }

    public void onDisableTenant() {
    }

    public void afterPropertiesSet() {
        PropertyCheck.mandatory(this, "applicationContextManager", this.applicationContextManager);
        PropertyCheck.mandatory(this, "userRegistrySourceBeanName", this.userRegistrySourceBeanName);
        PropertyCheck.mandatory(this, "authorityService", this.authorityService);
        PropertyCheck.mandatory(this, "nodeService", this.nodeService);
        PropertyCheck.mandatory(this, "contentService", this.contentService);
        PropertyCheck.mandatory(this, "personService", this.personService);
        PropertyCheck.mandatory(this, "attributeService", this.attributeService);
        PropertyCheck.mandatory(this, "transactionService", this.transactionService);
        PropertyCheck.mandatory(this, "jobLockService", this.jobLockService);
        PropertyCheck.mandatory(this, "applicationEventPublisher", this.applicationEventPublisher);
        PropertyCheck.mandatory(this, "nameChecker", this.nameChecker);
        PropertyCheck.mandatory(this, "sysAdminParams", this.sysAdminParams);
        PropertyCheck.mandatory(this, "tenantService", this.tenantService);
        PropertyCheck.mandatory(this, "tenantAdminService", this.tenantAdminService);
        PropertyCheck.mandatory(this, "syncOnStartup", this.syncOnStartup);
        PropertyCheck.mandatory(this, "syncWhenMissingPeopleLogIn", this.syncWhenMissingPeopleLogIn);
        PropertyCheck.mandatory(this, "allowDeletions", this.allowDeletions);
        PropertyCheck.mandatory(this, "syncDelete", this.syncDelete);
        PropertyCheck.mandatory(this, "autoCreatePeopleOnLogin", this.autoCreatePeopleOnLogin);
        if (this.mbeanServer == null && this.applicationContext.containsBean(ALFRESCO_M_BEAN_SERVER)) {
            this.mbeanServer = (MBeanServerConnection) this.applicationContext.getBean(ALFRESCO_M_BEAN_SERVER);
        }
        this.tenantAdminService.register(this);
    }

    public void setApplicationContext(ApplicationContext applicationContext) {
        super.setApplicationContext(applicationContext);
        this.applicationContext = applicationContext;
    }

    public void setApplicationContextManager(ChildApplicationContextManager childApplicationContextManager) {
        this.applicationContextManager = childApplicationContextManager;
    }

    public void setUserRegistrySourceBeanName(String str) {
        this.userRegistrySourceBeanName = str;
    }

    public void setSourceBeanName(String str) {
        this.userRegistrySourceBeanName = str;
    }

    public void setAuthorityService(AuthorityService authorityService) {
        this.authorityService = authorityService;
    }

    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    public void setContentService(ContentService contentService) {
        this.contentService = contentService;
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    public void setAttributeService(AttributeService attributeService) {
        this.attributeService = attributeService;
    }

    public void setTransactionService(TransactionService transactionService) {
        this.transactionService = transactionService;
    }

    public void setJobLockService(JobLockService jobLockService) {
        this.jobLockService = jobLockService;
    }

    public void setSyncWhenMissingPeopleLogIn(Map<String, Boolean> map) {
        this.syncWhenMissingPeopleLogIn = map;
    }

    public void setSyncOnStartup(Map<String, Boolean> map) {
        this.syncOnStartup = map;
    }

    public void setAutoCreatePeopleOnLogin(Map<String, Boolean> map) {
        this.autoCreatePeopleOnLogin = map;
    }

    public void setLoggingInterval(int i) {
        if (i <= 0) {
            throw new IllegalArgumentException("loggingInterval must be a positive integer");
        }
        this.loggingInterval = i;
    }

    public void setWorkerThreads(int i) {
        if (i <= 0) {
            throw new IllegalArgumentException("workerThreads must be a positive integer");
        }
        this.workerThreads = i;
    }

    public void setAllowDeletions(Map<String, Boolean> map) {
        this.allowDeletions = map;
    }

    public void setSyncDelete(Map<String, Boolean> map) {
        this.syncDelete = map;
    }

    public void setNameChecker(NameChecker nameChecker) {
        this.nameChecker = nameChecker;
    }

    public void setSysAdminParams(SysAdminParams sysAdminParams) {
        this.sysAdminParams = sysAdminParams;
    }

    public void setExternalUserControl(Map<String, String> map) {
        this.externalUserControl = map;
    }

    public void setExternalUserControlSubsystemName(Map<String, String> map) {
        this.externalUserControlSubsystemName = map;
    }

    public void setTenantService(TenantService tenantService) {
        this.tenantService = tenantService;
    }

    public void setTenantAdminService(TenantAdminService tenantAdminService) {
        this.tenantAdminService = tenantAdminService;
    }

    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.applicationEventPublisher = applicationEventPublisher;
    }

    public SynchronizeDiagnostic testSynchronize(String str) {
        ParameterCheck.mandatoryString("authenticatorName", str);
        SynchronizeDiagnosticImpl synchronizeDiagnosticImpl = new SynchronizeDiagnosticImpl();
        if (!this.applicationContextManager.getInstanceIds().contains(str)) {
            throw new AuthenticationException("authentication.err.validation.authenticator.notfound", new Object[]{str});
        }
        UserRegistry userRegistry = (UserRegistry) this.applicationContextManager.getApplicationContext(str).getBean(this.userRegistrySourceBeanName);
        boolean checkPluginIsActive = checkPluginIsActive(userRegistry);
        synchronizeDiagnosticImpl.setActive(checkPluginIsActive);
        Date mostRecentUpdateTime = getMostRecentUpdateTime(GROUP_LAST_MODIFIED_ATTRIBUTE, str, false);
        Date mostRecentUpdateTime2 = getMostRecentUpdateTime(PERSON_LAST_MODIFIED_ATTRIBUTE, str, false);
        synchronizeDiagnosticImpl.setGroupLastSynced(mostRecentUpdateTime);
        synchronizeDiagnosticImpl.setPersonLastSynced(mostRecentUpdateTime2);
        if (checkPluginIsActive) {
            testSynchronize(userRegistry, synchronizeDiagnosticImpl);
        }
        return synchronizeDiagnosticImpl;
    }

    public void synchronize(boolean z, boolean z2) {
        if (this.transactionService.isReadOnly()) {
            LOGGER.warn("Unable to proceed with user registry synchronization. Repository is read only.");
        } else {
            synchronize(z, z2, true);
        }
    }

    public Set<QName> getPersonMappedProperties(String str) {
        Set authorityZones = this.authorityService.getAuthorityZones(str);
        Set<QName> emptySet = Collections.emptySet();
        if (authorityZones != null) {
            for (String str2 : this.applicationContextManager.getInstanceIds()) {
                if (authorityZones.contains("AUTH.EXT." + str2)) {
                    try {
                        UserRegistry userRegistry = (UserRegistry) this.applicationContextManager.getApplicationContext(str2).getBean(this.userRegistrySourceBeanName);
                        if (checkPluginIsActive(userRegistry)) {
                            emptySet = userRegistry.getPersonMappedProperties();
                        }
                    } catch (RuntimeException e) {
                        LOGGER.debug("Subsystem {} cannot be used in synchronisation", e);
                    }
                }
            }
        }
        return emptySet;
    }

    public boolean createMissingPerson(String str) {
        ParameterCheck.mandatoryString("userName", str);
        String currentDomain = TenantUtil.getCurrentDomain();
        boolean equals = Boolean.TRUE.equals(this.syncWhenMissingPeopleLogIn.get("".equals(currentDomain) ? "-default-" : currentDomain));
        boolean equals2 = Boolean.TRUE.equals(this.autoCreatePeopleOnLogin.get("".equals(currentDomain) ? "-default-" : currentDomain));
        boolean z = false;
        if (!this.tenantService.getBaseNameUser(str).equals(AuthenticationUtil.getSystemUserName())) {
            if (equals) {
                try {
                    synchronize(false, false, false);
                } catch (Exception e) {
                    LOGGER.warn("User authenticated but failed to sync with user registry", e);
                }
                if (this.personService.personExists(str)) {
                    z = true;
                }
            }
            if (!z && equals2 && this.personService.createMissingPeople() && AuthorityType.getAuthorityType(str) == AuthorityType.USER) {
                this.personService.getPerson(str);
                z = true;
            }
        }
        return z;
    }

    public Date getSyncStartTime() {
        Long l = (Long) doGetAttribute(true, START_TIME_ATTRIBUTE);
        return l.longValue() == -1 ? null : new Date(l.longValue());
    }

    public Date getSyncEndTime() {
        Long l = (Long) doGetAttribute(true, END_TIME_ATTRIBUTE);
        return l.longValue() == -1 ? null : new Date(l.longValue());
    }

    public String getLastErrorMessage() {
        return (String) doGetAttribute(true, LAST_ERROR_ATTRIBUTE);
    }

    public String getLastRunOnServer() {
        return (String) doGetAttribute(true, SERVER_ATTRIBUTE);
    }

    public String getSynchronizationStatus() {
        return (String) doGetAttribute(true, STATUS_ATTRIBUTE);
    }

    public String getSynchronizationStatus(String str) {
        return (String) doGetAttribute(1, STATUS_ATTRIBUTE, str);
    }

    public Date getSynchronizationLastUserUpdateTime(String str) {
        return getMostRecentUpdateTime(PERSON_LAST_MODIFIED_ATTRIBUTE, str, false);
    }

    public Date getSynchronizationLastGroupUpdateTime(String str) {
        return getMostRecentUpdateTime(GROUP_LAST_MODIFIED_ATTRIBUTE, str, false);
    }

    public String getSynchronizationLastError(String str) {
        return (String) doGetAttribute(1, LAST_ERROR_ATTRIBUTE, str);
    }

    public String getSynchronizationSummary(String str) {
        return (String) doGetAttribute(1, SUMMARY_ATTRIBUTE, str);
    }

    protected void onBootstrap(ApplicationEvent applicationEvent) {
        boolean equals = Boolean.TRUE.equals(this.syncOnStartup.get("-default-"));
        LOGGER.debug("System started - syncOnStartup is {}", Boolean.valueOf(equals));
        if (equals) {
            AuthenticationUtil.runAsSystem(() -> {
                try {
                    synchronize(false, false, true);
                    return null;
                } catch (RuntimeException e) {
                    LOGGER.warn("Failed startup synchronisation with user registries", e);
                    return null;
                }
            });
        }
    }

    protected void onShutdown(ApplicationEvent applicationEvent) {
    }

    protected boolean checkPluginIsActive(UserRegistry userRegistry) {
        String currentDomain = TenantUtil.getCurrentDomain();
        return userRegistry instanceof TenantAwareUserRegistry ? ((TenantAwareUserRegistry) userRegistry).isActiveForTenant(currentDomain) : "".equals(currentDomain) ? userRegistry instanceof ActivateableBean ? ((ActivateableBean) userRegistry).isActive() : false : false;
    }

    protected Date getMostRecentUpdateTime(String str, String str2, boolean z) {
        Long l = (Long) inReadOnlyTransaction(() -> {
            return (Long) doGetAttribute(1, str, str2);
        }, z);
        return l != null ? new Date(l.longValue()) : null;
    }

    protected void setMostRecentUpdateTime(String str, String str2, long j, boolean z) {
        inTransaction(() -> {
            doSetAttribute(Long.valueOf(j), 1, str, str2);
            return null;
        }, z);
    }

    protected <T> T inReadOnlyTransaction(RetryingTransactionHelper.RetryingTransactionCallback<T> retryingTransactionCallback, boolean z) {
        return (T) this.transactionService.getRetryingTransactionHelper().doInTransaction(retryingTransactionCallback, true, z);
    }

    protected <T> T inTransaction(RetryingTransactionHelper.RetryingTransactionCallback<T> retryingTransactionCallback, boolean z) {
        return (T) this.transactionService.getRetryingTransactionHelper().doInTransaction(retryingTransactionCallback, false, z);
    }

    protected void testSynchronize(UserRegistry userRegistry, SynchronizeDiagnosticImpl synchronizeDiagnosticImpl) {
        synchronizeDiagnosticImpl.setGroups(userRegistry.getGroupNames());
        synchronizeDiagnosticImpl.setUsers(userRegistry.getPersonNames());
        Date groupLastSynced = synchronizeDiagnosticImpl.getGroupLastSynced();
        if (groupLastSynced == null) {
            groupLastSynced = new Date();
        }
        userRegistry.getGroups(groupLastSynced);
        Date personLastSynced = synchronizeDiagnosticImpl.getPersonLastSynced();
        if (personLastSynced == null) {
            personLastSynced = new Date();
        }
        userRegistry.getPersons(personLastSynced);
    }

    protected void synchronize(boolean z, boolean z2, boolean z3) {
        String str;
        String currentDomain = TenantUtil.getCurrentDomain();
        boolean equals = Boolean.TRUE.equals(this.allowDeletions.get("".equals(currentDomain) ? "-default-" : currentDomain));
        Logger logger = LOGGER;
        Object[] objArr = new Object[3];
        objArr[0] = z ? "full" : "differential";
        objArr[1] = equals ? "" : "not ";
        objArr[2] = "".equals(currentDomain) ? "-default-" : currentDomain;
        logger.debug("Running {} sync with deletions {}allowed in tenant {}", objArr);
        QName lockQNameForCurrentTenant = getLockQNameForCurrentTenant();
        try {
            str = this.jobLockService.getLock(lockQNameForCurrentTenant, LOCK_TTL, z3 ? 0L : LOCK_TTL, z3 ? 1 : 10);
        } catch (LockAcquisitionException e) {
            LOGGER.warn("User registry synchronization already running in another thread / on another cluster node. Synchronize aborted");
            str = null;
        }
        if (str != null) {
            final AtomicBoolean atomicBoolean = new AtomicBoolean(true);
            final AtomicBoolean atomicBoolean2 = new AtomicBoolean(false);
            try {
                try {
                    this.jobLockService.refreshLock(str, lockQNameForCurrentTenant, LOCK_TTL, new JobLockService.JobLockRefreshCallback() { // from class: de.acosix.alfresco.mtsupport.repo.sync.TenantAwareChainingUserRegistrySynchronizer.1
                        public void lockReleased() {
                            atomicBoolean2.set(true);
                        }

                        public boolean isActive() {
                            return atomicBoolean.get();
                        }
                    });
                    Map<String, UserRegistry> pluginsToSync = getPluginsToSync();
                    TreeSet treeSet = new TreeSet();
                    notifySyncStart(pluginsToSync.keySet());
                    for (Map.Entry<String, UserRegistry> entry : pluginsToSync.entrySet()) {
                        String key = entry.getKey();
                        UserRegistry value = entry.getValue();
                        if (LOGGER.isDebugEnabled() && this.mbeanServer != null) {
                            logPluginConfig(key);
                        }
                        LOGGER.info("Synchronizing users and groups with user registry {} in tenant {}", key, "".equals(currentDomain) ? "-default-" : currentDomain);
                        if (z2) {
                            Logger logger2 = LOGGER;
                            Object[] objArr2 = new Object[3];
                            objArr2[0] = key;
                            objArr2[1] = "".equals(currentDomain) ? "-default-" : currentDomain;
                            objArr2[2] = this.allowDeletions;
                            logger2.info("Full synchronisation with user registry {} in tenant {} - deletions enabled: {} (if true, some users and groups previously created by synchronization with this user registry may be removed, otherwise users / groups removed from this registry will be logged only and remain in the repository while users previously found in a different registry will be moved in the repository rather than recreated)", objArr2);
                        }
                        syncWithPlugin(key, value, z, z2, z3 || AlfrescoTransactionSupport.getTransactionReadState() == AlfrescoTransactionSupport.TxnReadState.TXN_READ_ONLY, treeSet, pluginsToSync.keySet());
                        this.applicationEventPublisher.publishEvent(new SynchronizeDirectoryEndEvent(this, key));
                    }
                    notifySyncEnd();
                    atomicBoolean.set(false);
                    this.jobLockService.releaseLock(str, lockQNameForCurrentTenant);
                } catch (RuntimeException e2) {
                    notifySyncEnd(e2);
                    LOGGER.error("Synchronization aborted due to error", e2);
                    throw e2;
                }
            } catch (Throwable th) {
                atomicBoolean.set(false);
                this.jobLockService.releaseLock(str, lockQNameForCurrentTenant);
                throw th;
            }
        }
    }

    protected void syncWithPlugin(String str, UserRegistry userRegistry, boolean z, boolean z2, boolean z3, Set<String> set, Set<String> set2) {
        String name;
        String str2;
        Date mostRecentUpdateTime;
        UserAccountInterpreter userAccountInterpreter;
        String currentDomain = TenantUtil.getCurrentDomain();
        if ("".equals(currentDomain)) {
            name = str;
            str2 = "-default-";
        } else {
            name = this.tenantService.getName(str);
            str2 = currentDomain;
        }
        notifySyncDirectoryStart(str, new String[]{SyncProcess.GROUP_ANALYSIS.getTitle(name), SyncProcess.USER_UPDATE_AND_CREATION.getTitle(name), SyncProcess.GROUP_CREATION_AND_ASSOCIATION_DELETION.getTitle(name), SyncProcess.GROUP_ASSOCIATION_CREATION.getTitle(name), SyncProcess.USER_ASSOCIATION.getTitle(name), SyncProcess.AUTHORITY_DELETION.getTitle(name)});
        if (z) {
            mostRecentUpdateTime = null;
        } else {
            try {
                mostRecentUpdateTime = getMostRecentUpdateTime(GROUP_LAST_MODIFIED_ATTRIBUTE, str, z3);
            } catch (RuntimeException e) {
                notifySyncDirectoryEnd(str, e);
                throw e;
            }
        }
        Date date = mostRecentUpdateTime;
        Date mostRecentUpdateTime2 = z ? null : getMostRecentUpdateTime(PERSON_LAST_MODIFIED_ATTRIBUTE, str, z3);
        if (date != null) {
            LOGGER.info("Retrieving groups changed since {} from user registry {} of tenant {}", new Object[]{DateFormat.getDateTimeInstance(2, 2, Locale.getDefault()).format(date), str, str2});
        } else {
            LOGGER.info("Retrieving all groups from user registry {} of tenant {}", str, str2);
        }
        BatchProcessor batchProcessor = new BatchProcessor(SyncProcess.GROUP_ANALYSIS.getTitle(name), this.transactionService.getRetryingTransactionHelper(), new UserRegistryNodeCollectionWorkProvider(userRegistry.getGroups(date)), this.workerThreads, 20, this.applicationEventPublisher, LogFactory.getLog(TenantAwareChainingUserRegistrySynchronizer.class), this.loggingInterval);
        Analyzer createAnalyzer = createAnalyzer(str, set, set2);
        int process = batchProcessor.process(createAnalyzer, z3);
        processGroupCreationAndAssociationDeletion(str, name, createAnalyzer, z3);
        processGroupAssociationCreation(name, createAnalyzer, z3);
        if (mostRecentUpdateTime2 != null) {
            LOGGER.info("Retrieving users changed since {} from user registry {} of tenant {}", new Object[]{DateFormat.getDateTimeInstance(2, 2, Locale.getDefault()).format(mostRecentUpdateTime2), str, str2});
        } else {
            LOGGER.info("Retrieving all users from user registry {} of tenant {}", str, str2);
        }
        BatchProcessor batchProcessor2 = new BatchProcessor(SyncProcess.USER_UPDATE_AND_CREATION.getTitle(name), this.transactionService.getRetryingTransactionHelper(), new UserRegistryNodeCollectionWorkProvider(userRegistry.getPersons(mostRecentUpdateTime2)), this.workerThreads, 20, this.applicationEventPublisher, LogFactory.getLog(TenantAwareChainingUserRegistrySynchronizer.class), this.loggingInterval);
        if (userRegistry instanceof EnhancedUserRegistry) {
            userAccountInterpreter = (Boolean.parseBoolean(this.externalUserControl.get(str2)) && str.equals(this.externalUserControlSubsystemName.get(str2))) ? ((EnhancedUserRegistry) userRegistry).getUserAccountInterpreter() : null;
        } else {
            userAccountInterpreter = null;
        }
        PersonWorker createPersonWorker = createPersonWorker(str, set, set2, userAccountInterpreter);
        int process2 = batchProcessor2.process(createPersonWorker, z3);
        processUserAssociation(name, createAnalyzer, z3);
        long latestModified = createAnalyzer.getLatestModified();
        if (latestModified > 0) {
            setMostRecentUpdateTime(GROUP_LAST_MODIFIED_ATTRIBUTE, str, latestModified, z3);
        }
        long latestModified2 = createPersonWorker.getLatestModified();
        if (latestModified2 > 0) {
            setMostRecentUpdateTime(PERSON_LAST_MODIFIED_ATTRIBUTE, str, latestModified2, z3);
        }
        Pair<Integer, Integer> processAuthorityDeletions = processAuthorityDeletions(str, name, userRegistry, z2, z3);
        int intValue = process2 + ((Integer) processAuthorityDeletions.getFirst()).intValue();
        int intValue2 = process + ((Integer) processAuthorityDeletions.getSecond()).intValue();
        set.add(str);
        String message = I18NUtil.getMessage("synchronization.summary.status", new Object[]{Integer.valueOf(intValue), Integer.valueOf(intValue2)});
        LOGGER.info("Finished synchronizing users and groups with user registry {} of tenant {}", str, str2);
        LOGGER.info(message);
        notifySyncDirectoryEnd(str, message);
    }

    protected void processGroupCreationAndAssociationDeletion(String str, String str2, Analyzer analyzer, boolean z) {
        Map<String, String> groupsToCreate = analyzer.getGroupsToCreate();
        Map<String, Set<String>> groupParentsToRemove = analyzer.getGroupParentsToRemove();
        HashSet hashSet = new HashSet(groupsToCreate.keySet());
        hashSet.addAll(groupParentsToRemove.keySet());
        if (hashSet.isEmpty()) {
            return;
        }
        BatchProcessor batchProcessor = new BatchProcessor(SyncProcess.GROUP_CREATION_AND_ASSOCIATION_DELETION.getTitle(str2), this.transactionService.getRetryingTransactionHelper(), hashSet, this.workerThreads, 20, this.applicationEventPublisher, LogFactory.getLog(TenantAwareChainingUserRegistrySynchronizer.class), this.loggingInterval);
        String asZoneId = asZoneId(str);
        HashSet hashSet2 = new HashSet();
        hashSet2.add("APP.DEFAULT");
        hashSet2.add(asZoneId);
        batchProcessor.process(new GroupCreationAndParentRemovalWorker(hashSet2, groupsToCreate, groupParentsToRemove, createComponentLookupCallback()), z);
    }

    protected void processGroupAssociationCreation(String str, Analyzer analyzer, boolean z) {
        Map<String, Set<String>> groupParentsToAdd = analyzer.getGroupParentsToAdd();
        HashSet hashSet = new HashSet(groupParentsToAdd.keySet());
        if (hashSet.isEmpty()) {
            return;
        }
        new BatchProcessor(SyncProcess.GROUP_ASSOCIATION_CREATION.getTitle(str), this.transactionService.getRetryingTransactionHelper(), hashSet, this.workerThreads, 20, this.applicationEventPublisher, LogFactory.getLog(TenantAwareChainingUserRegistrySynchronizer.class), this.loggingInterval).process(new GroupParentAdditionWorker(groupParentsToAdd, createComponentLookupCallback()), z);
    }

    protected void processUserAssociation(String str, Analyzer analyzer, boolean z) {
        Map<String, Set<String>> userParentsToAdd = analyzer.getUserParentsToAdd();
        Map<String, Set<String>> userParentsToRemove = analyzer.getUserParentsToRemove();
        HashSet hashSet = new HashSet(userParentsToRemove.keySet());
        hashSet.addAll(userParentsToAdd.keySet());
        if (hashSet.isEmpty()) {
            return;
        }
        new BatchProcessor(SyncProcess.USER_ASSOCIATION.getTitle(str), this.transactionService.getRetryingTransactionHelper(), hashSet, this.workerThreads, 20, this.applicationEventPublisher, LogFactory.getLog(TenantAwareChainingUserRegistrySynchronizer.class), this.loggingInterval).process(new UserParentWorker(userParentsToAdd, userParentsToRemove, createComponentLookupCallback()), z);
    }

    protected Pair<Integer, Integer> processAuthorityDeletions(String str, String str2, UserRegistry userRegistry, boolean z, boolean z2) {
        String currentDomain = TenantUtil.getCurrentDomain();
        boolean equals = Boolean.TRUE.equals(this.allowDeletions.get("".equals(currentDomain) ? "-default-" : currentDomain));
        boolean equals2 = Boolean.TRUE.equals(this.syncDelete.get("".equals(currentDomain) ? "-default-" : currentDomain));
        String asZoneId = asZoneId(str);
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Pair<Integer, Integer> pair = new Pair<>(0, 0);
        if (z) {
            TreeSet treeSet = new TreeSet();
            TreeSet treeSet2 = this.personService.getUserNamesAreCaseSensitive() ? new TreeSet() : new TreeSet(String.CASE_INSENSITIVE_ORDER);
            inReadOnlyTransaction(() -> {
                treeSet.addAll(this.authorityService.getAllAuthoritiesInZone(asZoneId, AuthorityType.GROUP));
                treeSet2.addAll(this.authorityService.getAllAuthoritiesInZone(asZoneId, AuthorityType.USER));
                return null;
            }, z2);
            hashSet.addAll(treeSet);
            hashSet.removeAll(userRegistry.getGroupNames());
            hashSet2.addAll(treeSet2);
            for (String str3 : userRegistry.getPersonNames()) {
                hashSet2.remove(!EqualsHelper.nullSafeEquals(this.tenantService.getPrimaryDomain(str3), currentDomain) ? this.tenantService.getDomainUser(str3, currentDomain) : str3);
            }
            TreeSet treeSet3 = new TreeSet();
            treeSet3.addAll(hashSet);
            treeSet3.addAll(hashSet2);
            if (!treeSet3.isEmpty() && (equals || equals2)) {
                new BatchProcessor(SyncProcess.AUTHORITY_DELETION.getTitle(str2), this.transactionService.getRetryingTransactionHelper(), treeSet3, this.workerThreads, 20, this.applicationEventPublisher, LogFactory.getLog(TenantAwareChainingUserRegistrySynchronizer.class), this.loggingInterval).process(new AuthorityDeleter(asZoneId, hashSet, hashSet2, equals, createComponentLookupCallback()), z2);
                pair.setFirst(Integer.valueOf(hashSet2.size()));
                pair.setSecond(Integer.valueOf(hashSet.size()));
            }
        }
        return pair;
    }

    protected Map<String, UserRegistry> getPluginsToSync() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (String str : this.applicationContextManager.getInstanceIds()) {
            try {
                UserRegistry userRegistry = (UserRegistry) this.applicationContextManager.getApplicationContext(str).getBean(this.userRegistrySourceBeanName);
                if (checkPluginIsActive(userRegistry)) {
                    linkedHashMap.put(str, userRegistry);
                }
            } catch (RuntimeException e) {
                if (LOGGER.isTraceEnabled()) {
                    LOGGER.trace("Subsystem {} cannot be used in synchronisation", str, e);
                } else {
                    LOGGER.debug("Subsystem {} cannot be used in synchronisation", str);
                }
            }
        }
        return linkedHashMap;
    }

    protected QName getLockQNameForCurrentTenant() {
        String currentDomain = TenantUtil.getCurrentDomain();
        return "".equals(currentDomain) ? DEFAULT_LOCK_QNAME : QName.createQName("http://www.alfresco.org/model/system/1.0", "TenantAwareChainingUserRegistrySynchronizer@" + currentDomain);
    }

    protected void logPluginConfig(String str) {
        try {
            ObjectName objectName = new ObjectName(new StringBuilder(200).append("Alfresco:Type=Configuration,Category=Authentication,id1=managed,id2=").append(URLDecoder.decode(str, "UTF-8")).toString());
            if (this.mbeanServer != null && this.mbeanServer.isRegistered(objectName)) {
                MBeanAttributeInfo[] attributes = this.mbeanServer.getMBeanInfo(objectName).getAttributes();
                LOGGER.debug("{} attributes:", str);
                for (MBeanAttributeInfo mBeanAttributeInfo : attributes) {
                    LOGGER.debug("{} = {}", mBeanAttributeInfo.getName(), this.mbeanServer.getAttribute(objectName, mBeanAttributeInfo.getName()));
                }
            }
        } catch (MalformedObjectNameException | InstanceNotFoundException | IntrospectionException | AttributeNotFoundException | ReflectionException | MBeanException | IOException e) {
            LOGGER.warn("Exception during logging", e);
        }
    }

    protected void notifySyncStart(Set<String> set) {
        String str = this.sysAdminParams.getAlfrescoHost() + ":" + this.sysAdminParams.getAlfrescoPort();
        this.applicationEventPublisher.publishEvent(new SynchronizeStartEvent(this));
        inTransaction(() -> {
            doSetAttribute((Serializable) Long.valueOf(new Date().getTime()), true, START_TIME_ATTRIBUTE);
            doSetAttribute((Serializable) (-1L), true, END_TIME_ATTRIBUTE);
            doSetAttribute((Serializable) str, true, SERVER_ATTRIBUTE);
            doSetAttribute((Serializable) SyncStatus.IN_PROGRESS.toString(), true, STATUS_ATTRIBUTE);
            doRemoveAttributes(0, LAST_ERROR_ATTRIBUTE);
            doRemoveAttributes(0, SUMMARY_ATTRIBUTE);
            doRemoveAttributes(0, STATUS_ATTRIBUTE);
            Iterator it = set.iterator();
            while (it.hasNext()) {
                doSetAttribute(SyncStatus.WAITING.toString(), 0, STATUS_ATTRIBUTE, (String) it.next());
            }
            return null;
        }, true);
    }

    protected void notifySyncEnd() {
        this.applicationEventPublisher.publishEvent(new SynchronizeEndEvent(this));
        inTransaction(() -> {
            doSetAttribute((Serializable) SyncStatus.COMPLETE.toString(), true, STATUS_ATTRIBUTE);
            doSetAttribute((Serializable) Long.valueOf(new Date().getTime()), true, END_TIME_ATTRIBUTE);
            return null;
        }, true);
    }

    protected void notifySyncEnd(Exception exc) {
        this.applicationEventPublisher.publishEvent(new SynchronizeEndEvent(this, exc));
        inTransaction(() -> {
            doSetAttribute((Serializable) exc.getMessage(), false, LAST_ERROR_ATTRIBUTE);
            doSetAttribute((Serializable) SyncStatus.COMPLETE_ERROR.toString(), false, STATUS_ATTRIBUTE);
            doSetAttribute((Serializable) Long.valueOf(new Date().getTime()), false, END_TIME_ATTRIBUTE);
            return null;
        }, true);
    }

    protected void notifySyncDirectoryStart(String str, String[] strArr) {
        this.applicationEventPublisher.publishEvent(new SynchronizeDirectoryStartEvent(this, str, strArr));
        inTransaction(() -> {
            doSetAttribute(SyncStatus.IN_PROGRESS.toString(), 0, STATUS_ATTRIBUTE, str);
            doRemoveAttributes(0, SUMMARY_ATTRIBUTE, str);
            return null;
        }, true);
    }

    protected void notifySyncDirectoryEnd(String str, String str2) {
        this.applicationEventPublisher.publishEvent(new SynchronizeDirectoryEndEvent(this, str));
        inTransaction(() -> {
            doSetAttribute(SyncStatus.COMPLETE.toString(), 0, STATUS_ATTRIBUTE, str);
            doRemoveAttributes(0, LAST_ERROR_ATTRIBUTE, str);
            doSetAttribute(str2, 0, SUMMARY_ATTRIBUTE, str);
            return null;
        }, true);
    }

    protected void notifySyncDirectoryEnd(String str, Exception exc) {
        this.applicationEventPublisher.publishEvent(new SynchronizeDirectoryEndEvent(this, str, exc));
        inTransaction(() -> {
            doSetAttribute(SyncStatus.COMPLETE_ERROR.toString(), 0, STATUS_ATTRIBUTE, str);
            doSetAttribute(exc.getMessage(), 0, LAST_ERROR_ATTRIBUTE, str);
            return null;
        }, true);
    }

    protected void doSetAttribute(Serializable serializable, int i, Serializable... serializableArr) {
        String currentDomain = TenantUtil.getCurrentDomain();
        Serializable[] serializableArr2 = new Serializable[serializableArr.length + 1];
        serializableArr2[0] = "".equals(currentDomain) ? ROOT_ATTRIBUTE_PATH : ROOT_MT_ATTRIBUTE_PATH;
        System.arraycopy(serializableArr, 0, serializableArr2, 1, serializableArr.length);
        if (!"".equals(currentDomain) && i >= 0 && i < serializableArr.length && (serializableArr[i] instanceof String)) {
            serializableArr2[i + 1] = this.tenantService.getName((String) serializableArr[i]);
        }
        this.attributeService.setAttribute(serializable, serializableArr2);
    }

    protected void doSetAttribute(Serializable serializable, boolean z, Serializable... serializableArr) {
        Serializable[] serializableArr2;
        String currentDomain = TenantUtil.getCurrentDomain();
        if ("".equals(currentDomain)) {
            serializableArr2 = new Serializable[serializableArr.length + 1];
            System.arraycopy(serializableArr, 0, serializableArr2, 1, serializableArr.length);
        } else {
            serializableArr2 = new Serializable[serializableArr.length + 2];
            serializableArr2[z ? 1 : serializableArr2.length - 1] = currentDomain;
            System.arraycopy(serializableArr, 0, serializableArr2, z ? 2 : 1, serializableArr.length);
        }
        serializableArr2[0] = "".equals(currentDomain) ? ROOT_ATTRIBUTE_PATH : ROOT_MT_ATTRIBUTE_PATH;
        this.attributeService.setAttribute(serializable, serializableArr2);
    }

    protected Serializable doGetAttribute(int i, Serializable... serializableArr) {
        String currentDomain = TenantUtil.getCurrentDomain();
        Serializable[] serializableArr2 = new Serializable[serializableArr.length + 1];
        serializableArr2[0] = "".equals(currentDomain) ? ROOT_ATTRIBUTE_PATH : ROOT_MT_ATTRIBUTE_PATH;
        System.arraycopy(serializableArr, 0, serializableArr2, 1, serializableArr.length);
        if (!"".equals(currentDomain) && i >= 0 && i < serializableArr.length && (serializableArr[i] instanceof String)) {
            serializableArr2[i + 1] = this.tenantService.getName((String) serializableArr[i]);
        }
        return this.attributeService.getAttribute(serializableArr2);
    }

    protected Serializable doGetAttribute(boolean z, Serializable... serializableArr) {
        Serializable[] serializableArr2;
        String currentDomain = TenantUtil.getCurrentDomain();
        if ("".equals(currentDomain)) {
            serializableArr2 = new Serializable[serializableArr.length + 1];
            System.arraycopy(serializableArr, 0, serializableArr2, 1, serializableArr.length);
        } else {
            serializableArr2 = new Serializable[serializableArr.length + 2];
            serializableArr2[z ? 1 : serializableArr2.length - 1] = currentDomain;
            System.arraycopy(serializableArr, 0, serializableArr2, z ? 2 : 1, serializableArr.length);
        }
        serializableArr2[0] = "".equals(currentDomain) ? ROOT_ATTRIBUTE_PATH : ROOT_MT_ATTRIBUTE_PATH;
        return this.attributeService.getAttribute(serializableArr2);
    }

    protected void doRemoveAttributes(int i, Serializable... serializableArr) {
        String currentDomain = TenantUtil.getCurrentDomain();
        Serializable[] serializableArr2 = new Serializable[serializableArr.length + 1];
        serializableArr2[0] = "".equals(currentDomain) ? ROOT_ATTRIBUTE_PATH : ROOT_MT_ATTRIBUTE_PATH;
        System.arraycopy(serializableArr, 0, serializableArr2, 1, serializableArr.length);
        if (!"".equals(currentDomain) && i >= 0 && i < serializableArr.length && (serializableArr[i] instanceof String)) {
            serializableArr2[i + 1] = this.tenantService.getName((String) serializableArr[i]);
        }
        this.attributeService.removeAttributes(serializableArr2);
    }

    protected static String asZoneId(String str) {
        return "AUTH.EXT." + str;
    }

    protected Analyzer createAnalyzer(String str, Collection<String> collection, Collection<String> collection2) {
        String currentDomain = TenantUtil.getCurrentDomain();
        boolean equals = Boolean.TRUE.equals(this.allowDeletions.get("".equals(currentDomain) ? "-default-" : currentDomain));
        String asZoneId = asZoneId(str);
        HashSet hashSet = new HashSet();
        hashSet.add("APP.DEFAULT");
        hashSet.add(asZoneId);
        return new AnalyzerImpl(str, asZoneId, hashSet, collection, collection2, equals, createComponentLookupCallback());
    }

    protected PersonWorker createPersonWorker(String str, Collection<String> collection, Collection<String> collection2, UserAccountInterpreter userAccountInterpreter) {
        String currentDomain = TenantUtil.getCurrentDomain();
        boolean equals = Boolean.TRUE.equals(this.allowDeletions.get("".equals(currentDomain) ? "-default-" : currentDomain));
        String asZoneId = asZoneId(str);
        HashSet hashSet = new HashSet();
        hashSet.add("APP.DEFAULT");
        hashSet.add(asZoneId);
        return new PersonWorkerImpl(str, asZoneId, hashSet, collection, collection2, equals, userAccountInterpreter, createComponentLookupCallback());
    }

    protected ComponentLookupCallback createComponentLookupCallback() {
        return str -> {
            AuthorityService authorityService;
            boolean z = -1;
            switch (str.hashCode()) {
                case -1955536900:
                    if (str.equals("contentService")) {
                        z = 5;
                        break;
                    }
                    break;
                case -1507112365:
                    if (str.equals("nodeService")) {
                        z = 4;
                        break;
                    }
                    break;
                case -1087293966:
                    if (str.equals("authorityService")) {
                        z = false;
                        break;
                    }
                    break;
                case 858278304:
                    if (str.equals("personService")) {
                        z = true;
                        break;
                    }
                    break;
                case 915016362:
                    if (str.equals("nameChecker")) {
                        z = 2;
                        break;
                    }
                    break;
                case 1199194795:
                    if (str.equals("tenantService")) {
                        z = 3;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    authorityService = this.authorityService;
                    break;
                case true:
                    authorityService = this.personService;
                    break;
                case true:
                    authorityService = this.nameChecker;
                    break;
                case true:
                    authorityService = this.tenantService;
                    break;
                case true:
                    authorityService = this.nodeService;
                    break;
                case true:
                    authorityService = this.contentService;
                    break;
                default:
                    throw new IllegalStateException(str + " is not available");
            }
            return authorityService;
        };
    }
}
