package org.apache.ranger.unixusersync.process;

import com.google.common.annotations.VisibleForTesting;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.usergroupsync.UserGroupSink;
import org.apache.ranger.usergroupsync.UserGroupSource;

/* loaded from: input_file:org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.class */
public class UnixUserGroupBuilder implements UserGroupSource {
    private static final Logger LOG = Logger.getLogger(UnixUserGroupBuilder.class);
    private static final String OS = System.getProperty("os.name");
    public static final String UNIX_USER_PASSWORD_FILE = "/etc/passwd";
    public static final String UNIX_GROUP_FILE = "/etc/group";
    static final String LINUX_GET_ALL_USERS_CMD = "getent passwd";
    static final String LINUX_GET_ALL_GROUPS_CMD = "getent group";
    static final String LINUX_GET_GROUP_CMD = "getent group %s";
    static final String MAC_GET_ALL_USERS_CMD = "dscl . -readall /Users UniqueID PrimaryGroupID | awk 'BEGIN { OFS = \":\"; ORS=\"\\n\"; i=0;}/RecordName: / {name = $2;i = 0;}/PrimaryGroupID: / {gid = $2;}/^ / {if (i == 0) { i++; name = $1;}}/UniqueID: / {uid = $2;print name, \"*\", gid, uid;}'";
    static final String MAC_GET_ALL_GROUPS_CMD = "dscl . -list /Groups PrimaryGroupID | awk -v OFS=\":\" '{print $1, \"*\", $2, \"\"}'";
    static final String MAC_GET_GROUP_CMD = "dscl . -read /Groups/%1$s | paste -d, -s - | sed -e 's/:/|/g' | awk -v OFS=\":\" -v ORS=\"\\n\" -F, '{print \"%1$s\",\"*\",$6,$4}' | sed -e 's/:[^:]*| /:/g' | sed -e 's/ /,/g'";
    static final String BACKEND_PASSWD = "passwd";
    private boolean enumerateGroupMembers;
    private boolean useNss;
    private long timeout;
    private int minimumUserId;
    private int minimumGroupId;
    private long lastUpdateTime = 0;
    private UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
    private Map<String, List<String>> user2GroupListMap = new HashMap();
    private Map<String, List<String>> internalUser2GroupListMap = new HashMap();
    private Map<String, String> groupId2groupNameMap = new HashMap();
    private long passwordFileModifiedAt = 0;
    private long groupFileModifiedAt = 0;

    public static void main(String[] strArr) throws Throwable {
        UnixUserGroupBuilder unixUserGroupBuilder = new UnixUserGroupBuilder();
        unixUserGroupBuilder.init();
        unixUserGroupBuilder.print();
    }

    public UnixUserGroupBuilder() {
        this.enumerateGroupMembers = false;
        this.useNss = false;
        this.timeout = 0L;
        this.minimumUserId = 0;
        this.minimumGroupId = 0;
        this.minimumUserId = Integer.parseInt(this.config.getMinUserId());
        this.minimumGroupId = Integer.parseInt(this.config.getMinGroupId());
        LOG.debug("Minimum UserId: " + this.minimumUserId + ", minimum GroupId: " + this.minimumGroupId);
        this.timeout = this.config.getUpdateMillisMin();
        this.enumerateGroupMembers = this.config.isGroupEnumerateEnabled();
        if (this.config.getUnixBackend().equalsIgnoreCase(BACKEND_PASSWD)) {
            LOG.warn("DEPRECATED: Unix backend is configured to use /etc/passwd and /etc/group files directly instead of standard system mechanisms.");
        } else {
            this.useNss = true;
        }
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSource
    public void init() throws Throwable {
        buildUserGroupInfo();
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSource
    public boolean isChanged() {
        if (this.useNss) {
            return System.currentTimeMillis() - this.lastUpdateTime > this.timeout;
        }
        if (this.passwordFileModifiedAt != new File(UNIX_USER_PASSWORD_FILE).lastModified()) {
            return true;
        }
        return this.groupFileModifiedAt != new File(UNIX_GROUP_FILE).lastModified();
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSource
    public void updateSink(UserGroupSink userGroupSink) throws Throwable {
        buildUserGroupInfo();
        for (Map.Entry<String, List<String>> entry : this.user2GroupListMap.entrySet()) {
            String key = entry.getKey();
            List<String> value = entry.getValue();
            try {
                userGroupSink.addOrUpdateUser(key, value);
            } catch (Throwable th) {
                LOG.error("sink.addOrUpdateUser failed with exception: " + th.getMessage() + ", for user: " + key + ", groups: " + value);
            }
        }
    }

    private void buildUserGroupInfo() throws Throwable {
        this.user2GroupListMap = new HashMap();
        this.groupId2groupNameMap = new HashMap();
        if (OS.startsWith("Mac")) {
            buildUnixGroupList(MAC_GET_ALL_GROUPS_CMD, MAC_GET_GROUP_CMD, false);
            buildUnixUserList(MAC_GET_ALL_USERS_CMD);
        } else {
            if (!OS.startsWith("Linux")) {
                LOG.warn("Platform not recognized assuming Linux compatible");
            }
            buildUnixGroupList(LINUX_GET_ALL_GROUPS_CMD, LINUX_GET_GROUP_CMD, true);
            buildUnixUserList(LINUX_GET_ALL_USERS_CMD);
        }
        this.lastUpdateTime = System.currentTimeMillis();
        if (LOG.isDebugEnabled()) {
            print();
        }
    }

    private void print() {
        for (String str : this.user2GroupListMap.keySet()) {
            LOG.debug("USER:" + str);
            List<String> list = this.user2GroupListMap.get(str);
            if (list != null) {
                Iterator<String> it = list.iterator();
                while (it.hasNext()) {
                    LOG.debug("\tGROUP: " + it.next());
                }
            }
        }
    }

    private void buildUnixUserList(String str) throws Throwable {
        int i;
        String str2;
        int i2;
        BufferedReader bufferedReader = null;
        HashMap hashMap = new HashMap();
        try {
            if (this.useNss) {
                bufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(new String[]{"bash", "-c", str}).getInputStream(), StandardCharsets.UTF_8));
            } else {
                File file = new File(UNIX_USER_PASSWORD_FILE);
                this.passwordFileModifiedAt = file.lastModified();
                bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(file), StandardCharsets.UTF_8));
            }
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                if (!readLine.trim().isEmpty()) {
                    String[] split = readLine.split(":");
                    if (split.length < 3) {
                        LOG.warn("Unable to parse: " + readLine);
                    } else {
                        try {
                            String str3 = split[0];
                            String str4 = split[2];
                            String str5 = split[3];
                            try {
                                i2 = Integer.parseInt(str4);
                            } catch (NumberFormatException e) {
                                LOG.warn("Unix UserId: [" + str4 + "]: can not be parsed as valid int. considering as  -1.", e);
                                i2 = -1;
                            }
                            if (i2 >= this.minimumUserId) {
                                hashMap.put(str3, str4);
                                String str6 = this.groupId2groupNameMap.get(str5);
                                if (str6 != null) {
                                    ArrayList arrayList = new ArrayList();
                                    arrayList.add(str6);
                                    if (this.internalUser2GroupListMap.containsKey(str3)) {
                                        List<String> list = this.internalUser2GroupListMap.get(str3);
                                        list.remove(str6);
                                        arrayList.addAll(list);
                                    }
                                    this.user2GroupListMap.put(str3, arrayList);
                                } else {
                                    LOG.warn("Group Name could not be found for group id: [" + str5 + "]. Skipping adding user [" + str3 + "] with id [" + str4 + "].");
                                }
                            } else {
                                LOG.debug("Skipping user [" + str3 + "] since its userid [" + str4 + "] is less than minuserid limit [" + this.minimumUserId + "].");
                            }
                        } catch (ArrayIndexOutOfBoundsException e2) {
                            LOG.warn("Ignoring line - [" + readLine + "]: Unable to parse line for getting user information", e2);
                        }
                    }
                }
            }
            if (this.useNss && this.enumerateGroupMembers) {
                LOG.debug("Start drill down group members");
                for (Map.Entry<String, List<String>> entry : this.internalUser2GroupListMap.entrySet()) {
                    if (!this.user2GroupListMap.containsKey(entry.getKey())) {
                        LOG.debug("Enumerating user " + entry.getKey());
                        try {
                            i = Integer.parseInt((String) hashMap.get(entry.getKey()));
                        } catch (NumberFormatException e3) {
                            i = -1;
                        }
                        if (i >= this.minimumUserId || i == -1) {
                            try {
                                bufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(new String[]{"bash", "-c", "id -G " + entry.getKey()}).getInputStream()));
                                String readLine2 = bufferedReader.readLine();
                                bufferedReader.close();
                                LOG.debug("id -G returned " + readLine2);
                                if (readLine2 == null || readLine2.trim().isEmpty()) {
                                    LOG.warn("User " + entry.getKey() + " could not be resolved");
                                } else {
                                    String[] split2 = readLine2.split(" ");
                                    ArrayList arrayList2 = new ArrayList();
                                    for (String str7 : split2) {
                                        if (Integer.parseInt(str7) >= this.minimumGroupId && (str2 = this.groupId2groupNameMap.get(str7)) != null) {
                                            arrayList2.add(str2);
                                        }
                                    }
                                    this.user2GroupListMap.put(entry.getKey(), arrayList2);
                                }
                            } catch (Throwable th) {
                                bufferedReader.close();
                                throw th;
                            }
                        }
                    }
                }
                LOG.debug("End drill down group members");
            }
        } finally {
            if (bufferedReader != null) {
                bufferedReader.close();
            }
        }
    }

    private void parseMembers(String str) {
        if (str == null || str.isEmpty()) {
            return;
        }
        String[] split = str.split(":");
        if (split.length < 2) {
            return;
        }
        String str2 = split[0];
        String str3 = split[2];
        String str4 = split.length > 3 ? split[3] : null;
        if (this.groupId2groupNameMap.containsKey(str3)) {
            this.groupId2groupNameMap.remove(str3);
        }
        if (Integer.parseInt(str3) < this.minimumGroupId) {
            return;
        }
        this.groupId2groupNameMap.put(str3, str2);
        if (str4 == null || str4.trim().isEmpty()) {
            return;
        }
        for (String str5 : str4.split(",")) {
            List<String> list = this.internalUser2GroupListMap.get(str5);
            if (list == null) {
                list = new ArrayList();
                this.internalUser2GroupListMap.put(str5, list);
            }
            if (!list.contains(str2)) {
                list.add(str2);
            }
        }
    }

    private void buildUnixGroupList(String str, String str2, boolean z) throws Throwable {
        LOG.debug("Start enumerating groups");
        BufferedReader bufferedReader = null;
        try {
            if (this.useNss) {
                bufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(new String[]{"bash", "-c", str}).getInputStream(), StandardCharsets.UTF_8));
            } else {
                File file = new File(UNIX_GROUP_FILE);
                this.groupFileModifiedAt = file.lastModified();
                bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(file), StandardCharsets.UTF_8));
            }
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                } else if (!readLine.trim().isEmpty()) {
                    parseMembers(readLine);
                }
            }
            LOG.debug("End enumerating group");
            if (this.useNss) {
                if (this.enumerateGroupMembers) {
                    LOG.debug("Start enumerating group members");
                    for (Map.Entry entry : new HashMap(this.groupId2groupNameMap).entrySet()) {
                        LOG.debug("Enumerating group: " + ((String) entry.getValue()) + " GID(" + ((String) entry.getKey()) + ")");
                        String format = z ? String.format(str2, entry.getKey()) : String.format(str2, entry.getValue());
                        String[] strArr = {"bash", "-c", format + " " + ((String) entry.getKey())};
                        LOG.debug("Executing: " + Arrays.toString(strArr));
                        try {
                            bufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(strArr).getInputStream()));
                            String readLine2 = bufferedReader.readLine();
                            if (bufferedReader != null) {
                                bufferedReader.close();
                            }
                            LOG.debug("bash -c " + format + " for group " + entry + " returned " + readLine2);
                            parseMembers(readLine2);
                        } finally {
                            if (bufferedReader != null) {
                                bufferedReader.close();
                            }
                        }
                    }
                    LOG.debug("End enumerating group members");
                }
                if (this.config.getEnumerateGroups() != null) {
                    String[] split = this.config.getEnumerateGroups().split(",");
                    LOG.debug("Adding extra groups");
                    for (String str3 : split) {
                        String format2 = String.format(str2, str3);
                        String[] strArr2 = {"bash", "-c", format2 + " '" + str3 + "'"};
                        LOG.debug("Executing: " + Arrays.toString(strArr2));
                        try {
                            bufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(strArr2).getInputStream()));
                            String readLine3 = bufferedReader.readLine();
                            if (bufferedReader != null) {
                                bufferedReader.close();
                            }
                            LOG.debug("bash -c " + format2 + " for group " + str3 + " returned " + readLine3);
                            parseMembers(readLine3);
                        } finally {
                            if (bufferedReader != null) {
                                bufferedReader.close();
                            }
                        }
                    }
                    LOG.debug("Done adding extra groups");
                }
            }
        } finally {
            if (bufferedReader != null) {
                bufferedReader.close();
            }
        }
    }

    @VisibleForTesting
    Map<String, List<String>> getUser2GroupListMap() {
        return this.user2GroupListMap;
    }

    @VisibleForTesting
    Map<String, String> getGroupId2groupNameMap() {
        return this.groupId2groupNameMap;
    }
}
