package org.apache.ranger.unixusersync.process;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.reflect.TypeToken;
import com.sun.jersey.api.client.ClientResponse;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.NewCookie;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.ranger.ugsyncutil.model.GroupUserInfo;
import org.apache.ranger.ugsyncutil.model.UgsyncAuditInfo;
import org.apache.ranger.ugsyncutil.model.UsersGroupRoleAssignments;
import org.apache.ranger.ugsyncutil.model.XGroupInfo;
import org.apache.ranger.ugsyncutil.model.XUserInfo;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.unixusersync.model.GetXGroupListResponse;
import org.apache.ranger.unixusersync.model.GetXUserListResponse;
import org.apache.ranger.usergroupsync.AbstractUserGroupSource;
import org.apache.ranger.usergroupsync.UserGroupSink;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.class */
public class PolicyMgrUserGroupBuilder extends AbstractUserGroupSource implements UserGroupSink {
    private static final String AUTHENTICATION_TYPE = "hadoop.security.authentication";
    private static final String PRINCIPAL = "ranger.usersync.kerberos.principal";
    private static final String KEYTAB = "ranger.usersync.kerberos.keytab";
    private static final String NAME_RULE = "hadoop.security.auth_to_local";
    public static final String PM_USER_LIST_URI = "/service/xusers/users/";
    private static final String PM_ADD_USERS_URI = "/service/xusers/ugsync/users";
    private static final String PM_ADD_GROUP_USER_LIST_URI = "/service/xusers/ugsync/groupusers";
    public static final String PM_GROUP_LIST_URI = "/service/xusers/groups/";
    private static final String PM_ADD_GROUPS_URI = "/service/xusers/ugsync/groups/";
    public static final String PM_GET_ALL_GROUP_USER_MAP_LIST_URI = "/service/xusers/ugsync/groupusers";
    private static final String PM_AUDIT_INFO_URI = "/service/xusers/ugsync/auditinfo/";
    public static final String PM_UPDATE_USERS_ROLES_URI = "/service/xusers/users/roleassignments";
    private static final String PM_UPDATE_DELETED_USERS_URI = "/service/xusers/ugsync/users/visibility";
    private static final String SOURCE_EXTERNAL = "1";
    private static final String STATUS_ENABLED = "1";
    private static final String ISVISIBLE = "1";
    private static final String ISHIDDEN = "0";
    private static String LOCAL_HOSTNAME;
    private String policyMgrBaseUrl;
    private boolean isStartupFlag;
    private volatile RangerUgSyncRESTClient ldapUgSyncClient;
    private Map<String, XUserInfo> userCache;
    private Map<String, XGroupInfo> groupCache;
    private Map<String, Set<String>> groupUsersCache;
    private Map<String, String> groupNameMap;
    private Map<String, String> userNameMap;
    private Map<String, XGroupInfo> deltaGroups;
    private Map<String, XUserInfo> deltaUsers;
    private Map<String, Set<String>> deltaGroupUsers;
    private Set<String> computeRolesForUsers;
    private Map<String, XGroupInfo> deletedGroups;
    private Map<String, XUserInfo> deletedUsers;
    private int noOfNewUsers;
    private int noOfNewGroups;
    private int noOfModifiedUsers;
    private int noOfModifiedGroups;
    private boolean userNameCaseConversionFlag;
    private boolean groupNameCaseConversionFlag;
    private boolean userNameLowerCaseFlag;
    private boolean groupNameLowerCaseFlag;
    private String currentSyncSource;
    private String ldapUrl;
    String principal;
    String keytab;
    String policyMgrUserName;
    String nameRules;
    private boolean isRangerCookieEnabled;
    private String rangerCookieName;
    private static final Logger LOG = LoggerFactory.getLogger(PolicyMgrUserGroupBuilder.class);
    private static final Pattern USER_OR_GROUP_NAME_VALIDATION_REGEX = Pattern.compile("^([A-Za-z0-9_]|[À-ſ])([a-zA-Z0-9\\s,._\\-+/@= ]|[À-ſ])+$", 2);
    private String AUTH_KERBEROS = "kerberos";
    private String recordsToPullPerCall = "10";
    private boolean isMockRun = false;
    private Cookie sessionId = null;
    private boolean isValidRangerCookie = false;
    List<NewCookie> cookieList = new ArrayList();
    private UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
    private int noOfDeletedUsers = 0;
    private int noOfDeletedGroups = 0;
    private boolean isUserSyncNameValidationEnabled = false;
    private String authenticationType = null;
    Map<String, String> userMap = new LinkedHashMap();
    Map<String, String> groupMap = new LinkedHashMap();
    Map<String, String> whiteListUserMap = new LinkedHashMap();
    Map<String, String> whiteListGroupMap = new LinkedHashMap();

    public static void main(String[] strArr) throws Throwable {
        new PolicyMgrUserGroupBuilder().init();
    }

    public PolicyMgrUserGroupBuilder() {
        this.userNameLowerCaseFlag = false;
        this.groupNameLowerCaseFlag = false;
        String userNameCaseConversion = this.config.getUserNameCaseConversion();
        if (UserGroupSyncConfig.UGSYNC_NONE_CASE_CONVERSION_VALUE.equalsIgnoreCase(userNameCaseConversion)) {
            this.userNameCaseConversionFlag = false;
        } else {
            this.userNameCaseConversionFlag = true;
            this.userNameLowerCaseFlag = UserGroupSyncConfig.UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(userNameCaseConversion);
        }
        String groupNameCaseConversion = this.config.getGroupNameCaseConversion();
        if (UserGroupSyncConfig.UGSYNC_NONE_CASE_CONVERSION_VALUE.equalsIgnoreCase(groupNameCaseConversion)) {
            this.groupNameCaseConversionFlag = false;
        } else {
            this.groupNameCaseConversionFlag = true;
            this.groupNameLowerCaseFlag = UserGroupSyncConfig.UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(groupNameCaseConversion);
        }
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public synchronized void init() throws Throwable {
        this.isUserSyncNameValidationEnabled = this.config.isUserSyncNameValidationEnabled();
        this.recordsToPullPerCall = this.config.getMaxRecordsPerAPICall();
        this.policyMgrBaseUrl = this.config.getPolicyManagerBaseURL();
        this.isMockRun = this.config.isMockRunEnabled();
        this.isRangerCookieEnabled = this.config.isUserSyncRangerCookieEnabled();
        this.rangerCookieName = this.config.getRangerAdminCookieName();
        this.groupNameMap = new HashMap();
        this.userNameMap = new HashMap();
        this.userCache = new HashMap();
        this.groupCache = new HashMap();
        this.groupUsersCache = new HashMap();
        this.isStartupFlag = true;
        this.ldapUrl = null;
        this.currentSyncSource = this.config.getCurrentSyncSource();
        if (StringUtils.equalsIgnoreCase(this.currentSyncSource, "LDAP/AD")) {
            this.ldapUrl = this.config.getLdapUrl();
        }
        this.sessionId = null;
        String sSLKeyStorePath = this.config.getSSLKeyStorePath();
        String sSLTrustStorePath = this.config.getSSLTrustStorePath();
        String sSLKeyStorePathPassword = this.config.getSSLKeyStorePathPassword();
        String sSLTrustStorePathPassword = this.config.getSSLTrustStorePathPassword();
        String sSLKeyStoreType = this.config.getSSLKeyStoreType();
        String sSLTrustStoreType = this.config.getSSLTrustStoreType();
        this.authenticationType = this.config.getProperty(AUTHENTICATION_TYPE, "simple");
        try {
            this.principal = SecureClientLogin.getPrincipal(this.config.getProperty(PRINCIPAL, ""), LOCAL_HOSTNAME);
        } catch (IOException e) {
        }
        this.keytab = this.config.getProperty(KEYTAB, "");
        this.policyMgrUserName = this.config.getPolicyMgrUserName();
        this.nameRules = this.config.getProperty(NAME_RULE, "DEFAULT");
        this.ldapUgSyncClient = new RangerUgSyncRESTClient(this.policyMgrBaseUrl, sSLKeyStorePath, sSLKeyStorePathPassword, sSLKeyStoreType, sSLTrustStorePath, sSLTrustStorePathPassword, sSLTrustStoreType, this.authenticationType, this.principal, this.keytab, this.policyMgrUserName, this.config.getPolicyMgrPassword());
        String groupRoleRules = this.config.getGroupRoleRules();
        if (groupRoleRules != null && !groupRoleRules.isEmpty()) {
            getRoleForUserGroups(groupRoleRules, this.userMap, this.groupMap);
        }
        String whileListUserRoleRules = this.config.getWhileListUserRoleRules();
        if (whileListUserRoleRules != null && !whileListUserRoleRules.isEmpty()) {
            getRoleForUserGroups(whileListUserRoleRules, this.whiteListUserMap, this.whiteListGroupMap);
        }
        if (!StringUtils.equalsIgnoreCase(this.whiteListUserMap.get(this.policyMgrUserName), "ROLE_SYS_ADMIN")) {
            this.whiteListUserMap.put(this.policyMgrUserName, "ROLE_SYS_ADMIN");
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Entries in group role assignments: " + this.groupMap);
            LOG.debug("Entries in whitelist group role assignments: " + this.whiteListGroupMap);
        }
        buildUserGroupInfo();
        if (LOG.isDebugEnabled()) {
            LOG.debug("PolicyMgrUserGroupBuilderOld.init()==> PolMgrBaseUrl : " + this.policyMgrBaseUrl + " KeyStore File : " + sSLKeyStorePath + " TrustStore File : " + sSLTrustStorePath + "Authentication Type : " + this.authenticationType);
        }
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void postUserGroupAuditInfo(UgsyncAuditInfo ugsyncAuditInfo) throws Throwable {
        ugsyncAuditInfo.setNoOfNewUsers(Long.valueOf(Integer.toUnsignedLong(this.noOfNewUsers)));
        ugsyncAuditInfo.setNoOfNewGroups(Long.valueOf(Integer.toUnsignedLong(this.noOfNewGroups)));
        ugsyncAuditInfo.setNoOfModifiedUsers(Long.valueOf(Integer.toUnsignedLong(this.noOfModifiedUsers)));
        ugsyncAuditInfo.setNoOfModifiedGroups(Long.valueOf(Integer.toUnsignedLong(this.noOfModifiedGroups)));
        int size = this.userCache.size();
        int size2 = this.groupCache.size();
        String syncSource = ugsyncAuditInfo.getSyncSource();
        boolean z = -1;
        switch (syncSource.hashCode()) {
            case 2189724:
                if (syncSource.equals("File")) {
                    z = 2;
                    break;
                }
                break;
            case 2641320:
                if (syncSource.equals("Unix")) {
                    z = true;
                    break;
                }
                break;
            case 740044683:
                if (syncSource.equals("LDAP/AD")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                ugsyncAuditInfo.getLdapSyncSourceInfo().setTotalUsersSynced(size);
                ugsyncAuditInfo.getLdapSyncSourceInfo().setTotalGroupsSynced(size2);
                ugsyncAuditInfo.getLdapSyncSourceInfo().setTotalUsersDeleted(this.noOfDeletedUsers);
                ugsyncAuditInfo.getLdapSyncSourceInfo().setTotalGroupsDeleted(this.noOfDeletedGroups);
                break;
            case true:
                ugsyncAuditInfo.getUnixSyncSourceInfo().setTotalUsersSynced(size);
                ugsyncAuditInfo.getUnixSyncSourceInfo().setTotalGroupsSynced(size2);
                ugsyncAuditInfo.getUnixSyncSourceInfo().setTotalUsersDeleted(this.noOfDeletedUsers);
                ugsyncAuditInfo.getUnixSyncSourceInfo().setTotalGroupsDeleted(this.noOfDeletedGroups);
                break;
            case true:
                ugsyncAuditInfo.getFileSyncSourceInfo().setTotalUsersSynced(size);
                ugsyncAuditInfo.getFileSyncSourceInfo().setTotalGroupsSynced(size2);
                ugsyncAuditInfo.getFileSyncSourceInfo().setTotalUsersDeleted(this.noOfDeletedUsers);
                ugsyncAuditInfo.getFileSyncSourceInfo().setTotalGroupsDeleted(this.noOfDeletedGroups);
                break;
        }
        if (this.isMockRun) {
            return;
        }
        addUserGroupAuditInfo(ugsyncAuditInfo);
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void addOrUpdateUsersGroups(Map<String, Map<String, String>> map, Map<String, Map<String, String>> map2, Map<String, Set<String>> map3, boolean z) throws Throwable {
        this.noOfNewUsers = 0;
        this.noOfNewGroups = 0;
        this.noOfModifiedUsers = 0;
        this.noOfModifiedGroups = 0;
        this.computeRolesForUsers = new HashSet();
        if (!this.isStartupFlag && z) {
            LOG.info("Computing deleted users/groups");
            if (LOG.isDebugEnabled()) {
                LOG.debug("Computing deleted users/groups");
            }
            if (MapUtils.isNotEmpty(map)) {
                updateDeletedGroups(map);
            }
            if (MapUtils.isNotEmpty(map2)) {
                updateDeletedUsers(map2);
            }
            if (MapUtils.isNotEmpty(this.deletedGroups)) {
                this.groupCache.putAll(this.deletedGroups);
            }
            if (MapUtils.isNotEmpty(this.deletedUsers)) {
                this.userCache.putAll(this.deletedUsers);
            }
        }
        if (MapUtils.isNotEmpty(map)) {
            addOrUpdateGroups(map);
        }
        if (MapUtils.isNotEmpty(map2)) {
            addOrUpdateUsers(map2);
        }
        if (MapUtils.isNotEmpty(map3)) {
            addOrUpdateGroupUsers(map3);
        }
        if (this.isStartupFlag) {
            if (MapUtils.isNotEmpty(this.whiteListUserMap)) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("adding " + this.whiteListUserMap.keySet() + " for computing roles during startup");
                }
                this.computeRolesForUsers.addAll(this.whiteListUserMap.keySet());
            }
            if (MapUtils.isNotEmpty(this.whiteListGroupMap)) {
                for (String str : this.whiteListGroupMap.keySet()) {
                    HashSet hashSet = null;
                    if (CollectionUtils.isNotEmpty(this.groupUsersCache.get(str))) {
                        hashSet = new HashSet(this.groupUsersCache.get(str));
                    } else if (CollectionUtils.isNotEmpty(this.deltaGroupUsers.get(str))) {
                        hashSet = new HashSet(this.deltaGroupUsers.get(str));
                    }
                    if (hashSet != null) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("adding " + hashSet + " from " + str + " for computing roles during startup");
                        }
                        this.computeRolesForUsers.addAll(hashSet);
                    }
                }
            }
            if (MapUtils.isNotEmpty(this.userMap)) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("adding " + this.userMap.keySet() + " for computing roles during startup");
                }
                this.computeRolesForUsers.addAll(this.userMap.keySet());
            }
            if (MapUtils.isNotEmpty(this.groupMap)) {
                for (String str2 : this.groupMap.keySet()) {
                    HashSet hashSet2 = null;
                    if (CollectionUtils.isNotEmpty(this.groupUsersCache.get(str2))) {
                        hashSet2 = new HashSet(this.groupUsersCache.get(str2));
                    } else if (CollectionUtils.isNotEmpty(this.deltaGroupUsers.get(str2))) {
                        hashSet2 = new HashSet(this.deltaGroupUsers.get(str2));
                    }
                    if (hashSet2 != null) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("adding " + hashSet2 + " from " + str2 + " for computing roles during startup");
                        }
                        this.computeRolesForUsers.addAll(hashSet2);
                    }
                }
            }
        }
        if (CollectionUtils.isNotEmpty(this.computeRolesForUsers)) {
            updateUserRoles();
        }
        this.isStartupFlag = false;
        if (LOG.isDebugEnabled()) {
            LOG.debug("Update cache");
        }
        if (MapUtils.isNotEmpty(this.deltaGroups)) {
            this.groupCache.putAll(this.deltaGroups);
        }
        if (MapUtils.isNotEmpty(this.deltaUsers)) {
            this.userCache.putAll(this.deltaUsers);
        }
        if (MapUtils.isNotEmpty(this.deltaGroupUsers)) {
            this.groupUsersCache.putAll(this.deltaGroupUsers);
        }
    }

    private void buildUserGroupInfo() throws Throwable {
        if (this.authenticationType != null && this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) && SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab) && LOG.isDebugEnabled()) {
            LOG.debug("==> Kerberos Environment : Principal is " + this.principal + " and Keytab is " + this.keytab);
        }
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            buildGroupList();
            buildUserList();
            buildGroupUserLinkList();
        } else {
            LOG.info("Using principal = " + this.principal + " and keytab = " + this.keytab);
            if (((Boolean) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<Boolean>() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Boolean run() {
                    try {
                        PolicyMgrUserGroupBuilder.this.buildGroupList();
                        PolicyMgrUserGroupBuilder.this.buildUserList();
                        PolicyMgrUserGroupBuilder.this.buildGroupUserLinkList();
                        return true;
                    } catch (Throwable th) {
                        PolicyMgrUserGroupBuilder.LOG.error("Failed to build Users and Groups from Ranger admin : ", th);
                        return false;
                    }
                }
            })).booleanValue()) {
                return;
            }
            LOG.error("Failed to build Users and Groups from Ranger admin");
            throw new Exception("Failed to build Users and Groups from Ranger admin");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void buildGroupList() throws Throwable {
        String str;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.buildGroupList()");
        }
        int i = 100;
        int i2 = 0;
        while (i2 < i) {
            HashMap hashMap = new HashMap();
            hashMap.put("pageSize", this.recordsToPullPerCall);
            hashMap.put("startIndex", String.valueOf(i2));
            Gson create = new GsonBuilder().create();
            if (this.isRangerCookieEnabled) {
                str = cookieBasedGetEntity(PM_GROUP_LIST_URI, i2);
            } else {
                try {
                    ClientResponse clientResponse = this.ldapUgSyncClient.get(PM_GROUP_LIST_URI, hashMap);
                    str = clientResponse != null ? (String) clientResponse.getEntity(String.class) : null;
                } catch (Exception e) {
                    LOG.error("Failed to get groups from Ranger, Error is : " + e.getMessage());
                    throw e;
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("RESPONSE: [" + str + "]");
            }
            GetXGroupListResponse getXGroupListResponse = (GetXGroupListResponse) create.fromJson(str, GetXGroupListResponse.class);
            i = getXGroupListResponse.getTotalCount();
            if (getXGroupListResponse.getXgroupInfoList() != null) {
                for (XGroupInfo xGroupInfo : getXGroupListResponse.getXgroupInfoList()) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("GROUP:  Id:" + xGroupInfo.getId() + ", Name: " + xGroupInfo.getName() + ", Description: " + xGroupInfo.getDescription());
                    }
                    xGroupInfo.setOtherAttrsMap((Map) create.fromJson(xGroupInfo.getOtherAttributes(), Map.class));
                    this.groupCache.put(xGroupInfo.getName(), xGroupInfo);
                }
                i2 = this.groupCache.size();
            }
            LOG.info("PolicyMgrUserGroupBuilder.buildGroupList(): No. of groups retrieved from ranger admin " + i2);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.buildGroupList()");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void buildUserList() throws Throwable {
        String str;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.buildUserList()");
        }
        int i = 100;
        int i2 = 0;
        while (i2 < i) {
            HashMap hashMap = new HashMap();
            hashMap.put("pageSize", this.recordsToPullPerCall);
            hashMap.put("startIndex", String.valueOf(i2));
            Gson create = new GsonBuilder().create();
            if (this.isRangerCookieEnabled) {
                str = cookieBasedGetEntity(PM_USER_LIST_URI, i2);
            } else {
                try {
                    ClientResponse clientResponse = this.ldapUgSyncClient.get(PM_USER_LIST_URI, hashMap);
                    str = clientResponse != null ? (String) clientResponse.getEntity(String.class) : null;
                } catch (Exception e) {
                    LOG.error("Failed to get users from Ranger admin, Error is : " + e.getMessage());
                    throw e;
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("RESPONSE: [" + str + "]");
            }
            GetXUserListResponse getXUserListResponse = (GetXUserListResponse) create.fromJson(str, GetXUserListResponse.class);
            i = getXUserListResponse.getTotalCount();
            if (getXUserListResponse.getXuserInfoList() != null) {
                for (XUserInfo xUserInfo : getXUserListResponse.getXuserInfoList()) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("USER: Id:" + xUserInfo.getId() + ", Name: " + xUserInfo.getName() + ", Description: " + xUserInfo.getDescription());
                    }
                    xUserInfo.setOtherAttrsMap((Map) create.fromJson(xUserInfo.getOtherAttributes(), Map.class));
                    this.userCache.put(xUserInfo.getName(), xUserInfo);
                }
                i2 = this.userCache.size();
            }
            LOG.info("PolicyMgrUserGroupBuilder.buildUserList(): No. of users retrieved from ranger admin = " + i2);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.buildUserList()");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void buildGroupUserLinkList() throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.buildGroupUserLinkList()");
        }
        String str = null;
        Gson create = new GsonBuilder().create();
        if (this.isRangerCookieEnabled) {
            str = cookieBasedGetEntity("/service/xusers/ugsync/groupusers", 0);
        } else {
            try {
                ClientResponse clientResponse = this.ldapUgSyncClient.get("/service/xusers/ugsync/groupusers", null);
                if (clientResponse != null) {
                    str = (String) clientResponse.getEntity(String.class);
                }
            } catch (Exception e) {
                LOG.error("Failed to get response, group user mappings from Ranger admin. Error is : " + e.getMessage());
                throw e;
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("RESPONSE: [" + str + "]");
        }
        this.groupUsersCache = (Map) create.fromJson(str, Map.class);
        if (MapUtils.isEmpty(this.groupUsersCache)) {
            this.groupUsersCache = new HashMap();
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Group User List : " + this.groupUsersCache.values());
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.buildGroupUserLinkList()");
        }
    }

    private void addOrUpdateUsers(Map<String, Map<String, String>> map) throws Throwable {
        computeUserDelta(map);
        if (MapUtils.isNotEmpty(this.deltaUsers) && addOrUpdateDeltaUsers() == 0) {
            LOG.error("Failed to addorUpdate users to ranger admin");
            throw new Exception("Failed to addorUpdate users to ranger admin");
        }
    }

    private void addOrUpdateGroups(Map<String, Map<String, String>> map) throws Throwable {
        computeGroupDelta(map);
        if (MapUtils.isNotEmpty(this.deltaGroups) && addOrUpdateDeltaGroups() == 0) {
            LOG.error("Failed to addorUpdate groups to ranger admin");
            throw new Exception("Failed to addorUpdate groups to ranger admin");
        }
    }

    private void addOrUpdateGroupUsers(Map<String, Set<String>> map) throws Throwable {
        List<GroupUserInfo> computeGroupUsersDelta = computeGroupUsersDelta(map);
        if (CollectionUtils.isNotEmpty(computeGroupUsersDelta)) {
            this.noOfModifiedGroups += computeGroupUsersDelta.size();
            if (addOrUpdateDeltaGroupUsers(computeGroupUsersDelta) == 0) {
                LOG.error("Failed to addorUpdate group memberships to ranger admin");
                throw new Exception("Failed to addorUpdate group memberships to ranger admin");
            }
        }
    }

    private void updateUserRoles() throws Throwable {
        UsersGroupRoleAssignments usersGroupRoleAssignments = new UsersGroupRoleAssignments();
        ArrayList arrayList = new ArrayList(this.computeRolesForUsers);
        usersGroupRoleAssignments.setUsers(arrayList);
        usersGroupRoleAssignments.setGroupRoleAssignments(this.groupMap);
        usersGroupRoleAssignments.setUserRoleAssignments(this.userMap);
        usersGroupRoleAssignments.setWhiteListUserRoleAssignments(this.whiteListUserMap);
        usersGroupRoleAssignments.setWhiteListGroupRoleAssignments(this.whiteListGroupMap);
        usersGroupRoleAssignments.setReset(this.isStartupFlag);
        if (updateRoles(usersGroupRoleAssignments) == null) {
            String str = "Unable to update roles for " + arrayList;
            LOG.error(str);
            throw new Exception(str);
        }
    }

    private void computeGroupDelta(Map<String, Map<String, String>> map) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("PolicyMgrUserGroupBuilder.computeGroupDelta(" + map.keySet() + ")");
        }
        this.deltaGroups = new HashMap();
        Gson gson = new Gson();
        for (String str : map.keySet()) {
            Map<String, String> map2 = map.get(str);
            String json = gson.toJson(map2);
            String str2 = this.groupNameMap.get(str);
            if (StringUtils.isEmpty(str2)) {
                str2 = groupNameTransform(map2.get("original_name").trim());
            }
            if (!isValidString(str2)) {
                LOG.warn("Ignoring invalid group " + str2 + " Full name = " + str);
            } else if (this.groupCache.containsKey(str2)) {
                XGroupInfo xGroupInfo = this.groupCache.get(str2);
                String syncSource = xGroupInfo.getSyncSource();
                String otherAttributes = xGroupInfo.getOtherAttributes();
                Map otherAttrsMap = xGroupInfo.getOtherAttrsMap();
                String str3 = MapUtils.isEmpty(otherAttrsMap) ? str2 : (String) otherAttrsMap.get("full_name");
                String str4 = map2.get("sync_source");
                if (!MapUtils.isNotEmpty(otherAttrsMap) || StringUtils.equalsIgnoreCase(str, str3)) {
                    if (StringUtils.isEmpty(syncSource) || (!StringUtils.equalsIgnoreCase(otherAttributes, json) && StringUtils.equalsIgnoreCase(syncSource, str4))) {
                        if (LOG.isDebugEnabled()) {
                            if (StringUtils.isEmpty(syncSource)) {
                                LOG.debug("Sync Source has changed to " + str4);
                            } else {
                                LOG.debug("Other Attributes changed");
                            }
                            LOG.debug("Updating " + str2 + " ...");
                        }
                        xGroupInfo.setOtherAttributes(json);
                        xGroupInfo.setSyncSource(str4);
                        xGroupInfo.setOtherAttrsMap(map2);
                        this.deltaGroups.put(str2, xGroupInfo);
                        this.noOfModifiedGroups++;
                        this.groupNameMap.put(str, str2);
                    } else if (LOG.isDebugEnabled()) {
                        if (StringUtils.equalsIgnoreCase(syncSource, str4)) {
                            LOG.debug("Skipping update for " + str2 + " as there is no change");
                        } else {
                            LOG.debug("Skipping update for " + str2 + " as same group with different sync source already exists");
                        }
                    }
                    if (StringUtils.equalsIgnoreCase(otherAttributes, json)) {
                        this.groupNameMap.put(str, str2);
                    }
                } else {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Skipping update for " + str2 + " as same group with different DN already exists");
                        LOG.debug("old group DN = " + str3 + " and new group DN = " + str);
                    }
                    if (StringUtils.equalsIgnoreCase(otherAttributes, json)) {
                        this.groupNameMap.put(str, str2);
                    }
                }
            } else {
                this.deltaGroups.put(str2, addXGroupInfo(str2, map2, json));
                this.noOfNewGroups++;
                this.groupNameMap.put(str, str2);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.computeGroupDelta(" + this.deltaGroups.keySet() + ")");
        }
    }

    private void computeUserDelta(Map<String, Map<String, String>> map) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.computeUserDelta(" + map.keySet() + ")");
        }
        this.deltaUsers = new HashMap();
        Gson gson = new Gson();
        for (String str : map.keySet()) {
            Map<String, String> map2 = map.get(str);
            String json = gson.toJson(map2);
            String str2 = this.userNameMap.get(str);
            if (StringUtils.isEmpty(str2)) {
                str2 = userNameTransform(map2.get("original_name").trim());
            }
            if (!isValidString(str2)) {
                LOG.warn("Ignoring invalid user " + str2 + " Full name = " + str);
            } else if (!this.userCache.containsKey(str2)) {
                this.deltaUsers.put(str2, addXUserInfo(str2, map2, json));
                this.noOfNewUsers++;
                this.userNameMap.put(str, str2);
            } else if (!StringUtils.equalsIgnoreCase(this.policyMgrUserName, str2) && !StringUtils.equalsIgnoreCase("admin", str2)) {
                XUserInfo xUserInfo = this.userCache.get(str2);
                String syncSource = xUserInfo.getSyncSource();
                String otherAttributes = xUserInfo.getOtherAttributes();
                Map otherAttrsMap = xUserInfo.getOtherAttrsMap();
                String str3 = MapUtils.isEmpty(otherAttrsMap) ? str2 : (String) otherAttrsMap.get("full_name");
                String str4 = map2.get("sync_source");
                if (!MapUtils.isNotEmpty(otherAttrsMap) || StringUtils.equalsIgnoreCase(str, str3)) {
                    if (StringUtils.isEmpty(syncSource) || (!StringUtils.equalsIgnoreCase(otherAttributes, json) && StringUtils.equalsIgnoreCase(syncSource, str4))) {
                        if (LOG.isDebugEnabled()) {
                            if (StringUtils.isEmpty(syncSource)) {
                                LOG.debug("Sync Source has changed to " + str4);
                            } else {
                                LOG.debug("Other Attributes changed");
                            }
                            LOG.debug("Updating " + str2 + " ...");
                        }
                        xUserInfo.setOtherAttributes(json);
                        xUserInfo.setSyncSource(str4);
                        xUserInfo.setOtherAttrsMap(map2);
                        xUserInfo.setUserSource("1");
                        this.deltaUsers.put(str2, xUserInfo);
                        this.noOfModifiedUsers++;
                        this.userNameMap.put(str, str2);
                    } else if (LOG.isDebugEnabled()) {
                        if (StringUtils.equalsIgnoreCase(syncSource, str4)) {
                            LOG.debug("Skipping to update " + str2 + " as there is no change");
                        } else {
                            LOG.debug("Skipping to update " + str2 + " as same username with different sync source already exists");
                        }
                    }
                    if (StringUtils.equalsIgnoreCase(otherAttributes, json)) {
                        this.userNameMap.put(str, str2);
                    }
                } else {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Skipping update for " + str2 + " as same username with different DN already exists");
                        LOG.debug("old user DN = " + str3 + " and new user DN = " + str);
                    }
                    if (StringUtils.equalsIgnoreCase(otherAttributes, json)) {
                        this.userNameMap.put(str, str2);
                    }
                }
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("Skipping update for " + str2);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.computeUserDelta(" + this.deltaUsers.keySet() + ")");
        }
    }

    private List<GroupUserInfo> computeGroupUsersDelta(Map<String, Set<String>> map) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.computeGroupUsersDelta(" + map.keySet() + ")");
        }
        this.deltaGroupUsers = new HashMap();
        ArrayList arrayList = new ArrayList();
        for (String str : map.keySet()) {
            String str2 = this.groupNameMap.get(str);
            if (!StringUtils.isEmpty(str2)) {
                HashSet<String> hashSet = new HashSet();
                HashSet hashSet2 = new HashSet();
                HashSet hashSet3 = new HashSet();
                HashSet hashSet4 = new HashSet();
                if (CollectionUtils.isNotEmpty(this.groupUsersCache.get(str2))) {
                    hashSet = new HashSet(this.groupUsersCache.get(str2));
                }
                Iterator<String> it = map.get(str).iterator();
                while (it.hasNext()) {
                    String str3 = this.userNameMap.get(it.next());
                    if (!StringUtils.isEmpty(str3)) {
                        hashSet2.add(str3);
                        if (CollectionUtils.isEmpty(hashSet) || !hashSet.contains(str3)) {
                            hashSet3.add(str3);
                        }
                    }
                }
                if (CollectionUtils.isNotEmpty(hashSet)) {
                    for (String str4 : hashSet) {
                        if (CollectionUtils.isEmpty(hashSet2) || !hashSet2.contains(str4)) {
                            hashSet4.add(str4);
                        }
                    }
                }
                if (CollectionUtils.isNotEmpty(hashSet3) || CollectionUtils.isNotEmpty(hashSet4)) {
                    GroupUserInfo groupUserInfo = new GroupUserInfo();
                    groupUserInfo.setGroupName(str2);
                    if (CollectionUtils.isNotEmpty(hashSet3)) {
                        groupUserInfo.setAddUsers(hashSet3);
                        if (this.groupMap.containsKey(str2) || this.whiteListGroupMap.containsKey(str2)) {
                            this.computeRolesForUsers.addAll(hashSet3);
                        }
                    }
                    if (CollectionUtils.isNotEmpty(hashSet4)) {
                        groupUserInfo.setDelUsers(hashSet4);
                        if (this.groupMap.containsKey(str2) || this.whiteListGroupMap.containsKey(str2)) {
                            this.computeRolesForUsers.addAll(hashSet4);
                        }
                    }
                    arrayList.add(groupUserInfo);
                    this.deltaGroupUsers.put(str2, hashSet2);
                }
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("Ignoring group membership update for " + str);
            }
        }
        if (CollectionUtils.isNotEmpty(arrayList)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== PolicyMgrUserGroupBuilder.computeGroupUsersDelta(" + arrayList + ")");
            }
        } else if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.computeGroupUsersDelta(0)");
        }
        return arrayList;
    }

    private XUserInfo addXUserInfo(String str, Map<String, String> map, String str2) {
        XUserInfo xUserInfo = new XUserInfo();
        xUserInfo.setName(str);
        xUserInfo.setFirstName(str);
        xUserInfo.setDescription(str + " - add from Unix box");
        xUserInfo.setUserSource("1");
        xUserInfo.setStatus("1");
        xUserInfo.setIsVisible("1");
        ArrayList arrayList = new ArrayList();
        if (this.userMap.containsKey(str)) {
            arrayList.add(this.userMap.get(str));
        } else {
            arrayList.add("ROLE_USER");
        }
        xUserInfo.setUserRoleList(arrayList);
        xUserInfo.setOtherAttributes(str2);
        xUserInfo.setSyncSource(map.get("sync_source"));
        xUserInfo.setOtherAttrsMap(map);
        return xUserInfo;
    }

    private XGroupInfo addXGroupInfo(String str, Map<String, String> map, String str2) {
        XGroupInfo xGroupInfo = new XGroupInfo();
        xGroupInfo.setName(str);
        xGroupInfo.setDescription(str + " - add from Unix box");
        xGroupInfo.setGroupType("1");
        xGroupInfo.setIsVisible("1");
        xGroupInfo.setGroupSource("1");
        xGroupInfo.setOtherAttributes(str2);
        xGroupInfo.setSyncSource(map.get("sync_source"));
        xGroupInfo.setOtherAttrsMap(map);
        return xGroupInfo;
    }

    private int addOrUpdateDeltaUsers() throws Throwable {
        int users;
        if (LOG.isDebugEnabled()) {
            LOG.debug("PolicyMgrUserGroupBuilder.addOrUpdateDeltaUsers(" + this.deltaUsers.keySet() + ")");
        }
        final GetXUserListResponse getXUserListResponse = new GetXUserListResponse();
        getXUserListResponse.setTotalCount(this.deltaUsers.size());
        getXUserListResponse.setXuserInfoList(new ArrayList(this.deltaUsers.values()));
        if (this.authenticationType != null && this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) && SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            try {
                users = ((Integer) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<Integer>() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public Integer run() {
                        try {
                            return Integer.valueOf(PolicyMgrUserGroupBuilder.this.getUsers(getXUserListResponse));
                        } catch (Throwable th) {
                            PolicyMgrUserGroupBuilder.LOG.error("Failed to add or update Users : ", th);
                            return 0;
                        }
                    }
                })).intValue();
            } catch (Exception e) {
                LOG.error("Failed to add or update Users : ", e);
                throw e;
            }
        } else {
            users = getUsers(getXUserListResponse);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("PolicyMgrUserGroupBuilder.addOrUpdateDeltaUsers(" + this.deltaUsers.keySet() + ")");
        }
        return users;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int getUsers(GetXUserListResponse getXUserListResponse) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.getUsers()");
        }
        int i = 0;
        int totalCount = getXUserListResponse.getTotalCount();
        int i2 = 0;
        int intValue = Integer.valueOf(this.recordsToPullPerCall).intValue();
        while (i2 < totalCount) {
            String str = null;
            GetXUserListResponse getXUserListResponse2 = new GetXUserListResponse();
            int i3 = i2 + intValue;
            getXUserListResponse2.setXuserInfoList(getXUserListResponse.getXuserInfoList().subList(i2, i3 > totalCount ? totalCount : i3));
            getXUserListResponse2.setTotalCount(intValue);
            if (getXUserListResponse2.getXuserInfoList().size() == 0) {
                LOG.info("PolicyMgrUserGroupBuilder.getUsers() done updating users");
                return 1;
            }
            if (this.isRangerCookieEnabled) {
                str = cookieBasedUploadEntity(getXUserListResponse2, PM_ADD_USERS_URI);
            } else {
                try {
                    ClientResponse post = this.ldapUgSyncClient.post(PM_ADD_USERS_URI, null, getXUserListResponse2);
                    if (post != null) {
                        str = (String) post.getEntity(String.class);
                    }
                } catch (Throwable th) {
                    LOG.error("Failed to get response, Error is : ", th);
                    throw th;
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("RESPONSE[" + str + "]");
            }
            if (!StringUtils.isNotEmpty(str)) {
                LOG.error("Failed to addOrUpdateUsers " + i2);
                throw new Exception("Failed to addOrUpdateUsers" + i2);
            }
            try {
                i = Integer.valueOf(str).intValue();
                i2 += intValue;
                LOG.info("ret = " + i + " No. of users uploaded to ranger admin= " + (i2 > totalCount ? totalCount : i2));
            } catch (NumberFormatException e) {
                LOG.error("Failed to addOrUpdateUsers " + i2, e);
                throw e;
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.getUsers()");
        }
        return i;
    }

    private int addOrUpdateDeltaGroups() throws Throwable {
        int groups;
        if (LOG.isDebugEnabled()) {
            LOG.debug("PolicyMgrUserGroupBuilder.addOrUpdateDeltaGroups(" + this.deltaGroups.keySet() + ")");
        }
        final GetXGroupListResponse getXGroupListResponse = new GetXGroupListResponse();
        getXGroupListResponse.setTotalCount(this.deltaGroups.size());
        getXGroupListResponse.setXgroupInfoList(new ArrayList(this.deltaGroups.values()));
        if (this.authenticationType != null && this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) && SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            try {
                groups = ((Integer) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<Integer>() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.3
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public Integer run() {
                        try {
                            return Integer.valueOf(PolicyMgrUserGroupBuilder.this.getGroups(getXGroupListResponse));
                        } catch (Throwable th) {
                            PolicyMgrUserGroupBuilder.LOG.error("Failed to add or update groups : ", th);
                            return 0;
                        }
                    }
                })).intValue();
            } catch (Exception e) {
                LOG.error("Failed to add or update groups : ", e);
                throw e;
            }
        } else {
            groups = getGroups(getXGroupListResponse);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("PolicyMgrUserGroupBuilder.addOrUpdateDeltaGroups(" + this.deltaGroups.keySet() + ")");
        }
        return groups;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int getGroups(GetXGroupListResponse getXGroupListResponse) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.getGroups()");
        }
        int i = 0;
        int totalCount = getXGroupListResponse.getTotalCount();
        int i2 = 0;
        int intValue = Integer.valueOf(this.recordsToPullPerCall).intValue();
        while (i2 < totalCount) {
            String str = null;
            GetXGroupListResponse getXGroupListResponse2 = new GetXGroupListResponse();
            int i3 = i2 + intValue;
            getXGroupListResponse2.setXgroupInfoList(getXGroupListResponse.getXgroupInfoList().subList(i2, i3 > totalCount ? totalCount : i3));
            getXGroupListResponse2.setTotalCount(intValue);
            if (this.isRangerCookieEnabled) {
                str = cookieBasedUploadEntity(getXGroupListResponse2, PM_ADD_GROUPS_URI);
            } else {
                try {
                    ClientResponse post = this.ldapUgSyncClient.post(PM_ADD_GROUPS_URI, null, getXGroupListResponse2);
                    if (post != null) {
                        str = (String) post.getEntity(String.class);
                    }
                } catch (Throwable th) {
                    LOG.error("Failed to get response, Error is : ", th);
                    throw th;
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("RESPONSE[" + str + "]");
            }
            if (!StringUtils.isNotEmpty(str)) {
                LOG.error("Failed to addOrUpdateGroups " + i2);
                throw new Exception("Failed to addOrUpdateGroups " + i2);
            }
            try {
                i = Integer.valueOf(str).intValue();
                i2 += intValue;
                LOG.info("ret = " + i + " No. of groups uploaded to ranger admin= " + (i2 > totalCount ? totalCount : i2));
            } catch (NumberFormatException e) {
                LOG.error("Failed to addOrUpdateGroups " + i2, e);
                throw e;
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.getGroups()");
        }
        return i;
    }

    private int addOrUpdateDeltaGroupUsers(final List<GroupUserInfo> list) throws Throwable {
        int groupUsers;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.addOrUpdateDeltaGroupUsers(" + list + ")");
        }
        if (this.authenticationType != null && this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) && SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            try {
                groupUsers = ((Integer) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<Integer>() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.4
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public Integer run() {
                        try {
                            return Integer.valueOf(PolicyMgrUserGroupBuilder.this.getGroupUsers(list));
                        } catch (Throwable th) {
                            PolicyMgrUserGroupBuilder.LOG.error("Failed to add or update group memberships : ", th);
                            return 0;
                        }
                    }
                })).intValue();
            } catch (Exception e) {
                LOG.error("Failed to add or update group memberships : ", e);
                throw e;
            }
        } else {
            groupUsers = getGroupUsers(list);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.addOrUpdateDeltaGroupUsers(" + list + ")");
        }
        return groupUsers;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int getGroupUsers(List<GroupUserInfo> list) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.getGroupUsers()");
        }
        int i = 0;
        int size = list.size();
        int i2 = 0;
        int intValue = Integer.valueOf(this.recordsToPullPerCall).intValue();
        while (i2 < size) {
            String str = null;
            int i3 = i2 + intValue;
            List<GroupUserInfo> subList = list.subList(i2, i3 > size ? size : i3);
            if (this.isRangerCookieEnabled) {
                str = cookieBasedUploadEntity(subList, "/service/xusers/ugsync/groupusers");
            } else {
                try {
                    ClientResponse post = this.ldapUgSyncClient.post("/service/xusers/ugsync/groupusers", null, subList);
                    if (post != null) {
                        str = (String) post.getEntity(String.class);
                    }
                } catch (Throwable th) {
                    LOG.error("Failed to get response, Error is : ", th);
                    throw th;
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("RESPONSE[" + str + "]");
            }
            if (!StringUtils.isNotEmpty(str)) {
                LOG.error("Failed to addOrUpdateGroupUsers " + i2);
                throw new Exception("Failed to addOrUpdateGroupUsers " + i2);
            }
            try {
                i = Integer.valueOf(str).intValue();
                i2 += intValue;
                LOG.info("ret = " + i + " No. of group memberships uploaded to ranger admin= " + (i2 > size ? size : i2));
            } catch (NumberFormatException e) {
                LOG.error("Failed to addOrUpdateGroupUsers " + i2, e);
                throw e;
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.getGroupUsers()");
        }
        return i;
    }

    private List<String> updateRoles(final UsersGroupRoleAssignments usersGroupRoleAssignments) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.updateUserRole(" + usersGroupRoleAssignments.getUsers() + ")");
        }
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            return updateUsersRoles(usersGroupRoleAssignments);
        }
        try {
            return (List) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<List<String>>() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.5
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public List<String> run() {
                    try {
                        return PolicyMgrUserGroupBuilder.this.updateUsersRoles(usersGroupRoleAssignments);
                    } catch (Exception e) {
                        PolicyMgrUserGroupBuilder.LOG.error("Failed to add User Group Info : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Type inference failed for: r0v47, types: [org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder$6] */
    public List<String> updateUsersRoles(UsersGroupRoleAssignments usersGroupRoleAssignments) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.updateUserRoles(" + usersGroupRoleAssignments.getUsers() + ")");
        }
        List<String> list = null;
        try {
            int size = usersGroupRoleAssignments.getUsers().size();
            int intValue = Integer.valueOf(this.recordsToPullPerCall).intValue();
            for (int i = 0; i < size; i += intValue) {
                int i2 = i + intValue;
                UsersGroupRoleAssignments usersGroupRoleAssignments2 = new UsersGroupRoleAssignments();
                usersGroupRoleAssignments2.setUsers(usersGroupRoleAssignments.getUsers().subList(i, i2 > size ? size : i2));
                usersGroupRoleAssignments2.setGroupRoleAssignments(usersGroupRoleAssignments.getGroupRoleAssignments());
                usersGroupRoleAssignments2.setUserRoleAssignments(usersGroupRoleAssignments.getUserRoleAssignments());
                usersGroupRoleAssignments2.setWhiteListGroupRoleAssignments(usersGroupRoleAssignments.getWhiteListGroupRoleAssignments());
                usersGroupRoleAssignments2.setWhiteListUserRoleAssignments(usersGroupRoleAssignments.getWhiteListUserRoleAssignments());
                usersGroupRoleAssignments2.setReset(usersGroupRoleAssignments.isReset());
                String json = new GsonBuilder().create().toJson(usersGroupRoleAssignments2);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("USER role MAPPING" + json);
                }
                if (this.isRangerCookieEnabled) {
                    r14 = cookieBasedUploadEntity(usersGroupRoleAssignments2, PM_UPDATE_USERS_ROLES_URI);
                } else {
                    try {
                        ClientResponse post = this.ldapUgSyncClient.post(PM_UPDATE_USERS_ROLES_URI, null, usersGroupRoleAssignments);
                        r14 = post != null ? (String) post.getEntity(String.class) : null;
                    } catch (Throwable th) {
                        LOG.error("Failed to get response, Error is : ", th);
                    }
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("RESPONSE: [" + r14 + "]");
                }
                list = (List) new Gson().fromJson(r14, new TypeToken<ArrayList<String>>() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.6
                }.getType());
            }
        } catch (Exception e) {
            LOG.warn("ERROR: Unable to update roles for: " + usersGroupRoleAssignments.getUsers(), e);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.updateUserRoles(" + list + ")");
        }
        return list;
    }

    private void addUserGroupAuditInfo(final UgsyncAuditInfo ugsyncAuditInfo) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.addAuditInfo(" + ugsyncAuditInfo.getNoOfNewUsers() + ", " + ugsyncAuditInfo.getNoOfNewGroups() + ", " + ugsyncAuditInfo.getNoOfModifiedUsers() + ", " + ugsyncAuditInfo.getNoOfModifiedGroups() + ", " + ugsyncAuditInfo.getSyncSource() + ")");
        }
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            getUserGroupAuditInfo(ugsyncAuditInfo);
            return;
        }
        try {
            Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<Void>() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.7
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Void run() {
                    try {
                        PolicyMgrUserGroupBuilder.this.getUserGroupAuditInfo(ugsyncAuditInfo);
                        return null;
                    } catch (Exception e) {
                        PolicyMgrUserGroupBuilder.LOG.error("Failed to add User : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void getUserGroupAuditInfo(UgsyncAuditInfo ugsyncAuditInfo) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.getUserGroupAuditInfo()");
        }
        String str = null;
        Gson create = new GsonBuilder().create();
        if (this.isRangerCookieEnabled) {
            str = cookieBasedUploadEntity(ugsyncAuditInfo, PM_AUDIT_INFO_URI);
        } else {
            try {
                ClientResponse post = this.ldapUgSyncClient.post(PM_AUDIT_INFO_URI, null, ugsyncAuditInfo);
                if (post != null) {
                    str = (String) post.getEntity(String.class);
                }
            } catch (Throwable th) {
                LOG.error("Failed to get response, Error is : ", th);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("RESPONSE[" + str + "]");
        }
        create.fromJson(str, UgsyncAuditInfo.class);
        if (LOG.isDebugEnabled()) {
            LOG.debug("AuditInfo Creation successful ");
            LOG.debug("<== PolicyMgrUserGroupBuilder.getUserGroupAuditInfo()");
        }
    }

    private String cookieBasedUploadEntity(Object obj, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.cookieBasedUploadEntity()");
        }
        String tryUploadEntityWithCred = (this.sessionId == null || !this.isValidRangerCookie) ? tryUploadEntityWithCred(obj, str) : tryUploadEntityWithCookie(obj, str);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.cookieBasedUploadEntity()");
        }
        return tryUploadEntityWithCred;
    }

    private String cookieBasedGetEntity(String str, int i) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.cookieBasedGetEntity()");
        }
        String tryGetEntityWithCred = (this.sessionId == null || !this.isValidRangerCookie) ? tryGetEntityWithCred(str, i) : tryGetEntityWithCookie(str, i);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.cookieBasedGetEntity()");
        }
        return tryGetEntityWithCred;
    }

    private String tryUploadEntityWithCookie(Object obj, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()");
        }
        String str2 = null;
        ClientResponse clientResponse = null;
        try {
            clientResponse = this.ldapUgSyncClient.post(str, null, obj, this.sessionId);
        } catch (Throwable th) {
            LOG.error("Failed to get response, Error is : ", th);
        }
        if (clientResponse != null) {
            if (!clientResponse.toString().contains(str)) {
                clientResponse.setStatus(404);
                this.sessionId = null;
                this.isValidRangerCookie = false;
            } else if (clientResponse.getStatus() == 401) {
                this.sessionId = null;
                this.isValidRangerCookie = false;
            } else if (clientResponse.getStatus() == 204 || clientResponse.getStatus() == 200) {
                Iterator it = clientResponse.getCookies().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    NewCookie newCookie = (NewCookie) it.next();
                    if (newCookie.getName().equalsIgnoreCase(this.rangerCookieName)) {
                        if (!this.sessionId.getValue().equalsIgnoreCase(newCookie.toCookie().getValue())) {
                            this.sessionId = newCookie.toCookie();
                        }
                        this.isValidRangerCookie = true;
                    }
                }
            }
            if (clientResponse.getStatus() != 200 && clientResponse.getStatus() != 204 && clientResponse.getStatus() != 400) {
                this.sessionId = null;
                this.isValidRangerCookie = false;
            }
            clientResponse.bufferEntity();
            str2 = (String) clientResponse.getEntity(String.class);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()");
        }
        return str2;
    }

    private String tryUploadEntityWithCred(Object obj, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()");
        }
        String str2 = null;
        ClientResponse clientResponse = null;
        String json = new GsonBuilder().create().toJson(obj);
        if (LOG.isDebugEnabled()) {
            LOG.debug("USER GROUP MAPPING" + json);
        }
        try {
            clientResponse = this.ldapUgSyncClient.post(str, null, obj);
        } catch (Throwable th) {
            LOG.error("Failed to get response, Error is : ", th);
        }
        if (clientResponse != null) {
            if (!clientResponse.toString().contains(str)) {
                clientResponse.setStatus(404);
            } else if (clientResponse.getStatus() == 401) {
                LOG.warn("Credentials response from ranger is 401.");
            } else if (clientResponse.getStatus() == 200 || clientResponse.getStatus() == 204) {
                this.cookieList = clientResponse.getCookies();
                Iterator<NewCookie> it = this.cookieList.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    NewCookie next = it.next();
                    if (next.getName().equalsIgnoreCase(this.rangerCookieName)) {
                        this.sessionId = next.toCookie();
                        this.isValidRangerCookie = true;
                        LOG.info("valid cookie saved ");
                        break;
                    }
                }
            }
            if (clientResponse.getStatus() != 200 && clientResponse.getStatus() != 204 && clientResponse.getStatus() != 400) {
                this.sessionId = null;
                this.isValidRangerCookie = false;
            }
            clientResponse.bufferEntity();
            str2 = (String) clientResponse.getEntity(String.class);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()");
        }
        return str2;
    }

    private String tryGetEntityWithCred(String str, int i) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.tryGetEntityWithCred()");
        }
        String str2 = null;
        ClientResponse clientResponse = null;
        HashMap hashMap = new HashMap();
        hashMap.put("pageSize", this.recordsToPullPerCall);
        hashMap.put("startIndex", String.valueOf(i));
        try {
            clientResponse = this.ldapUgSyncClient.get(str, hashMap);
        } catch (Throwable th) {
            LOG.error("Failed to get response, Error is : ", th);
        }
        if (clientResponse != null) {
            if (!clientResponse.toString().contains(str)) {
                clientResponse.setStatus(404);
            } else if (clientResponse.getStatus() == 401) {
                LOG.warn("Credentials response from ranger is 401.");
            } else if (clientResponse.getStatus() == 200 || clientResponse.getStatus() == 204) {
                this.cookieList = clientResponse.getCookies();
                Iterator<NewCookie> it = this.cookieList.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    NewCookie next = it.next();
                    if (next.getName().equalsIgnoreCase(this.rangerCookieName)) {
                        this.sessionId = next.toCookie();
                        this.isValidRangerCookie = true;
                        LOG.info("valid cookie saved ");
                        break;
                    }
                }
            }
            if (clientResponse.getStatus() != 200 && clientResponse.getStatus() != 204 && clientResponse.getStatus() != 400) {
                this.sessionId = null;
                this.isValidRangerCookie = false;
            }
            clientResponse.bufferEntity();
            str2 = (String) clientResponse.getEntity(String.class);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.tryGetEntityWithCred()");
        }
        return str2;
    }

    private String tryGetEntityWithCookie(String str, int i) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.tryGetEntityWithCookie()");
        }
        String str2 = null;
        ClientResponse clientResponse = null;
        HashMap hashMap = new HashMap();
        hashMap.put("pageSize", this.recordsToPullPerCall);
        hashMap.put("startIndex", String.valueOf(i));
        try {
            clientResponse = this.ldapUgSyncClient.get(str, hashMap, this.sessionId);
        } catch (Throwable th) {
            LOG.error("Failed to get response, Error is : ", th);
        }
        if (clientResponse != null) {
            if (!clientResponse.toString().contains(str)) {
                clientResponse.setStatus(404);
                this.sessionId = null;
                this.isValidRangerCookie = false;
            } else if (clientResponse.getStatus() == 401) {
                this.sessionId = null;
                this.isValidRangerCookie = false;
            } else if (clientResponse.getStatus() == 204 || clientResponse.getStatus() == 200) {
                Iterator it = clientResponse.getCookies().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    NewCookie newCookie = (NewCookie) it.next();
                    if (newCookie.getName().equalsIgnoreCase(this.rangerCookieName)) {
                        if (!this.sessionId.getValue().equalsIgnoreCase(newCookie.toCookie().getValue())) {
                            this.sessionId = newCookie.toCookie();
                        }
                        this.isValidRangerCookie = true;
                    }
                }
            }
            if (clientResponse.getStatus() != 200 && clientResponse.getStatus() != 204 && clientResponse.getStatus() != 400) {
                this.sessionId = null;
                this.isValidRangerCookie = false;
            }
            clientResponse.bufferEntity();
            str2 = (String) clientResponse.getEntity(String.class);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.tryGetEntityWithCookie()");
        }
        return str2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void getRoleForUserGroups(String str, Map<String, String> map, Map<String, String> map2) {
        StringTokenizer stringTokenizer;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==>> getRoleForUserGroups(" + str + ")");
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        String roleDelimiter = this.config.getRoleDelimiter();
        String userGroupDelimiter = this.config.getUserGroupDelimiter();
        String userGroupNameDelimiter = this.config.getUserGroupNameDelimiter();
        if (roleDelimiter == null || roleDelimiter.isEmpty()) {
            roleDelimiter = "&";
        }
        if (userGroupDelimiter == null || userGroupDelimiter.isEmpty()) {
            userGroupDelimiter = ":";
        }
        if (userGroupNameDelimiter == null || userGroupNameDelimiter.isEmpty()) {
            userGroupNameDelimiter = ",";
        }
        StringTokenizer stringTokenizer2 = new StringTokenizer(str, roleDelimiter);
        String str2 = null;
        String str3 = null;
        while (stringTokenizer2.hasMoreTokens()) {
            int i = 0;
            String nextToken = stringTokenizer2.nextToken();
            if (nextToken != null && !nextToken.isEmpty() && (stringTokenizer = new StringTokenizer(nextToken, userGroupDelimiter)) != null) {
                while (stringTokenizer.hasMoreElements()) {
                    String nextToken2 = stringTokenizer.nextToken();
                    if (nextToken2 != null && !nextToken2.isEmpty()) {
                        i++;
                        switch (i) {
                            case 1:
                                str3 = nextToken2;
                                break;
                            case 2:
                                str2 = nextToken2;
                                break;
                            case 3:
                                StringTokenizer stringTokenizer3 = new StringTokenizer(nextToken2, userGroupNameDelimiter);
                                if (stringTokenizer3 != null) {
                                    while (stringTokenizer3.hasMoreElements()) {
                                        String nextToken3 = stringTokenizer3.nextToken();
                                        if (nextToken3 != null && !nextToken3.isEmpty()) {
                                            if (str2.trim().equalsIgnoreCase("u")) {
                                                map.put(nextToken3.trim(), str3.trim());
                                            } else if (str2.trim().equalsIgnoreCase("g")) {
                                                linkedHashMap.put(nextToken3.trim(), str3.trim());
                                            }
                                        }
                                    }
                                    break;
                                } else {
                                    break;
                                }
                            default:
                                map.clear();
                                linkedHashMap.clear();
                                break;
                        }
                    }
                }
            }
        }
        if (MapUtils.isNotEmpty(linkedHashMap)) {
            ArrayList<String> arrayList = new ArrayList(linkedHashMap.keySet());
            Collections.reverse(arrayList);
            for (String str4 : arrayList) {
                map2.put(str4, linkedHashMap.get(str4));
            }
        }
    }

    protected String userNameTransform(String str) {
        if (this.userNameCaseConversionFlag) {
            str = this.userNameLowerCaseFlag ? str.toLowerCase() : str.toUpperCase();
        }
        if (this.userNameRegExInst != null) {
            str = this.userNameRegExInst.transform(str);
        }
        return str;
    }

    protected String groupNameTransform(String str) {
        if (this.groupNameCaseConversionFlag) {
            str = this.groupNameLowerCaseFlag ? str.toLowerCase() : str.toUpperCase();
        }
        if (this.groupNameRegExInst != null) {
            str = this.groupNameRegExInst.transform(str);
        }
        return str;
    }

    protected boolean isValidString(String str) {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        if (this.isUserSyncNameValidationEnabled) {
            return USER_OR_GROUP_NAME_VALIDATION_REGEX.matcher(str).matches();
        }
        return true;
    }

    private void updateDeletedGroups(Map<String, Map<String, String>> map) throws Throwable {
        computeDeletedGroups(map);
        if (MapUtils.isNotEmpty(this.deletedGroups) && updateDeletedGroups() == 0) {
            LOG.error("Failed to update deleted groups to ranger admin");
            throw new Exception("Failed to update deleted groups to ranger admin");
        }
        LOG.info("No. of groups marked for delete = " + this.deletedGroups.size());
        this.noOfDeletedGroups += this.deletedGroups.size();
    }

    private void computeDeletedGroups(Map<String, Map<String, String>> map) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("PolicyMgrUserGroupBuilder.computeDeletedGroups(" + map.keySet() + ")");
        }
        this.deletedGroups = new HashMap();
        for (XGroupInfo xGroupInfo : this.groupCache.values()) {
            Map otherAttrsMap = xGroupInfo.getOtherAttrsMap();
            String str = otherAttrsMap != null ? (String) otherAttrsMap.get("full_name") : null;
            if (StringUtils.isNotEmpty(str) && !map.containsKey(str) && StringUtils.equalsIgnoreCase((String) otherAttrsMap.get("sync_source"), this.currentSyncSource) && StringUtils.equalsIgnoreCase((String) otherAttrsMap.get("ldap_url"), this.ldapUrl)) {
                if (xGroupInfo.getIsVisible() != "0") {
                    xGroupInfo.setIsVisible("0");
                    this.deletedGroups.put(xGroupInfo.getName(), xGroupInfo);
                } else {
                    LOG.info("group " + xGroupInfo.getName() + " already marked for delete ");
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.computeDeletedGroups(" + this.deletedGroups + ")");
        }
    }

    private int updateDeletedGroups() throws Throwable {
        int deletedGroups;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.updateDeletedGroups(" + this.deletedGroups + ")");
        }
        if (this.authenticationType != null && this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) && SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            try {
                deletedGroups = ((Integer) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<Integer>() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.8
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public Integer run() {
                        try {
                            return Integer.valueOf(PolicyMgrUserGroupBuilder.this.getDeletedGroups());
                        } catch (Throwable th) {
                            PolicyMgrUserGroupBuilder.LOG.error("Failed to add or update deleted groups : ", th);
                            return 0;
                        }
                    }
                })).intValue();
            } catch (Exception e) {
                LOG.error("Failed to add or update deleted groups : ", e);
                throw e;
            }
        } else {
            deletedGroups = getDeletedGroups();
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.updateDeletedGroups(" + this.deletedGroups + ")");
        }
        return deletedGroups;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int getDeletedGroups() throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.getDeletedGroups()");
        }
        String str = null;
        if (this.isRangerCookieEnabled) {
            str = cookieBasedUploadEntity(this.deletedGroups.keySet(), PM_AUDIT_INFO_URI);
        } else {
            try {
                ClientResponse post = this.ldapUgSyncClient.post(PM_AUDIT_INFO_URI, null, this.deletedGroups.keySet());
                if (post != null) {
                    str = (String) post.getEntity(String.class);
                }
            } catch (Throwable th) {
                LOG.error("Failed to get response, Error is : ", th);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("RESPONSE[" + str + "]");
        }
        if (str == null) {
            LOG.error("Failed to update deleted groups ");
            throw new Exception("Failed to update deleted groups ");
        }
        try {
            int intValue = Integer.valueOf(str).intValue();
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== PolicyMgrUserGroupBuilder.getDeletedGroups()" + intValue);
            }
            return intValue;
        } catch (NumberFormatException e) {
            LOG.error("Failed to update deleted groups", e);
            throw e;
        }
    }

    private void updateDeletedUsers(Map<String, Map<String, String>> map) throws Throwable {
        computeDeletedUsers(map);
        if (MapUtils.isNotEmpty(this.deletedUsers) && updateDeletedUsers() == 0) {
            LOG.error("Failed to update deleted users to ranger admin");
            throw new Exception("Failed to update deleted users to ranger admin");
        }
        LOG.info("No. of users marked for delete = " + this.deletedUsers.size());
        this.noOfDeletedUsers += this.deletedUsers.size();
    }

    private void computeDeletedUsers(Map<String, Map<String, String>> map) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("PolicyMgrUserGroupBuilder.computeDeletedUsers(" + map.keySet() + ")");
        }
        this.deletedUsers = new HashMap();
        for (XUserInfo xUserInfo : this.userCache.values()) {
            Map otherAttrsMap = xUserInfo.getOtherAttrsMap();
            String str = otherAttrsMap != null ? (String) otherAttrsMap.get("full_name") : null;
            if (StringUtils.isNotEmpty(str) && !map.containsKey(str) && StringUtils.equalsIgnoreCase((String) otherAttrsMap.get("sync_source"), this.currentSyncSource) && StringUtils.equalsIgnoreCase((String) otherAttrsMap.get("ldap_url"), this.ldapUrl)) {
                if (xUserInfo.getIsVisible() != "0") {
                    xUserInfo.setIsVisible("0");
                    this.deletedUsers.put(xUserInfo.getName(), xUserInfo);
                } else {
                    LOG.info("user " + xUserInfo.getName() + " already marked for delete ");
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.computeDeletedUsers(" + this.deletedUsers + ")");
        }
    }

    private int updateDeletedUsers() throws Throwable {
        int deletedUsers;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.updateDeletedUsers(" + this.deletedUsers + ")");
        }
        if (this.authenticationType != null && this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) && SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            try {
                deletedUsers = ((Integer) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<Integer>() { // from class: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.9
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public Integer run() {
                        try {
                            return Integer.valueOf(PolicyMgrUserGroupBuilder.this.getDeletedUsers());
                        } catch (Throwable th) {
                            PolicyMgrUserGroupBuilder.LOG.error("Failed to add or update deleted users : ", th);
                            return 0;
                        }
                    }
                })).intValue();
            } catch (Exception e) {
                LOG.error("Failed to add or update deleted users : ", e);
                throw e;
            }
        } else {
            deletedUsers = getDeletedUsers();
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== PolicyMgrUserGroupBuilder.updateDeletedUsers(" + this.deletedUsers + ")");
        }
        return deletedUsers;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int getDeletedUsers() throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.getDeletedUsers()");
        }
        String str = null;
        if (this.isRangerCookieEnabled) {
            str = cookieBasedUploadEntity(this.deletedUsers.keySet(), PM_UPDATE_DELETED_USERS_URI);
        } else {
            try {
                ClientResponse post = this.ldapUgSyncClient.post(PM_UPDATE_DELETED_USERS_URI, null, this.deletedUsers.keySet());
                if (post != null) {
                    str = (String) post.getEntity(String.class);
                }
            } catch (Throwable th) {
                LOG.error("Failed to get response, Error is : ", th);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("RESPONSE[" + str + "]");
        }
        if (str == null) {
            LOG.error("Failed to update deleted users ");
            throw new Exception("Failed to update deleted users ");
        }
        try {
            int intValue = Integer.valueOf(str).intValue();
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== PolicyMgrUserGroupBuilder.getDeletedUsers()" + intValue);
            }
            return intValue;
        } catch (NumberFormatException e) {
            LOG.error("Failed to update deleted users", e);
            throw e;
        }
    }

    protected void setUserSyncNameValidationEnabled(String str) {
        this.config.setProperty(UserGroupSyncConfig.UGSYNC_NAME_VALIDATION_ENABLED, str);
        this.isUserSyncNameValidationEnabled = this.config.isUserSyncNameValidationEnabled();
    }

    static {
        LOCAL_HOSTNAME = "unknown";
        try {
            LOCAL_HOSTNAME = InetAddress.getLocalHost().getCanonicalHostName();
        } catch (UnknownHostException e) {
            LOCAL_HOSTNAME = "unknown";
        }
    }
}
