package org.pentaho.platform.repository2.mt;

import java.io.IOException;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.EnumSet;
import java.util.List;
import java.util.Map;
import javax.jcr.Node;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.pentaho.platform.api.engine.IPentahoSession;
import org.pentaho.platform.api.engine.security.userroledao.IUserRoleDao;
import org.pentaho.platform.api.mt.ITenant;
import org.pentaho.platform.api.mt.ITenantedPrincipleNameResolver;
import org.pentaho.platform.api.repository2.unified.RepositoryFile;
import org.pentaho.platform.api.repository2.unified.RepositoryFileAcl;
import org.pentaho.platform.api.repository2.unified.RepositoryFilePermission;
import org.pentaho.platform.api.repository2.unified.RepositoryFileSid;
import org.pentaho.platform.core.mt.Tenant;
import org.pentaho.platform.engine.core.system.PentahoSessionHolder;
import org.pentaho.platform.engine.core.system.StandaloneSession;
import org.pentaho.platform.repository2.unified.IRepositoryFileAclDao;
import org.pentaho.platform.repository2.unified.IRepositoryFileDao;
import org.pentaho.platform.repository2.unified.ServerRepositoryPaths;
import org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileUtils;
import org.pentaho.platform.repository2.unified.jcr.PentahoJcrConstants;
import org.pentaho.platform.security.policy.rolebased.IRoleAuthorizationPolicyRoleBindingDao;
import org.pentaho.platform.security.policy.rolebased.messages.Messages;
import org.springframework.extensions.jcr.JcrCallback;
import org.springframework.extensions.jcr.JcrTemplate;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.userdetails.User;
import org.springframework.util.Assert;

/* loaded from: input_file:org/pentaho/platform/repository2/mt/RepositoryTenantManager.class */
public class RepositoryTenantManager extends AbstractRepositoryTenantManager {
    protected static final Log logger = LogFactory.getLog(RepositoryTenantManager.class);
    protected JcrTemplate jcrTemplate;

    public RepositoryTenantManager(IRepositoryFileDao iRepositoryFileDao, IUserRoleDao iUserRoleDao, IRepositoryFileAclDao iRepositoryFileAclDao, IRoleAuthorizationPolicyRoleBindingDao iRoleAuthorizationPolicyRoleBindingDao, JcrTemplate jcrTemplate, String str, String str2, ITenantedPrincipleNameResolver iTenantedPrincipleNameResolver, ITenantedPrincipleNameResolver iTenantedPrincipleNameResolver2, String str3, List<String> list) {
        super(iRepositoryFileDao, iUserRoleDao, iRepositoryFileAclDao, iRoleAuthorizationPolicyRoleBindingDao, str, str2, iTenantedPrincipleNameResolver, iTenantedPrincipleNameResolver2, str3, list);
        this.jcrTemplate = jcrTemplate;
    }

    private RepositoryFile createTenantFolder(final ITenant iTenant, final String str, final String str2) {
        return (RepositoryFile) this.jcrTemplate.execute(new JcrCallback() { // from class: org.pentaho.platform.repository2.mt.RepositoryTenantManager.1
            public Object doInJcr(Session session) throws RepositoryException {
                Tenant tenant;
                RepositoryFile repositoryFile = null;
                if (iTenant == null) {
                    tenant = new Tenant("/" + str, true);
                } else {
                    tenant = new Tenant(iTenant.getRootFolderAbsolutePath() + "/" + str, true);
                    repositoryFile = RepositoryTenantManager.this.repositoryFileDao.getFileByAbsolutePath(iTenant.getRootFolderAbsolutePath());
                }
                RepositoryFile createFolder = RepositoryTenantManager.this.repositoryFileDao.createFolder(repositoryFile != null ? repositoryFile.getId() : null, new RepositoryFile.Builder(tenant.getName()).folder(true).build(), new RepositoryFileAcl.Builder(str2).entriesInheriting(false).build(), "");
                RepositoryTenantManager.this.repositoryFileDao.getFileByAbsolutePath(tenant.getId());
                Map<String, Serializable> fileMetadata = RepositoryTenantManager.this.repositoryFileDao.getFileMetadata(createFolder.getId());
                fileMetadata.put("isTenantRoot", true);
                fileMetadata.put("isTenantEnabled", true);
                JcrRepositoryFileUtils.setFileMetadata(session, createFolder.getId(), fileMetadata);
                RepositoryTenantManager.this.createRuntimeRolesFolderNode(session, new PentahoJcrConstants(session), tenant);
                return createFolder;
            }
        });
    }

    public Node createAuthzFolderNode(Session session, PentahoJcrConstants pentahoJcrConstants, ITenant iTenant) throws RepositoryException {
        Node node = null;
        try {
            node = (Node) session.getItem(ServerRepositoryPaths.getTenantRootFolderPath(iTenant));
        } catch (PathNotFoundException e) {
            Assert.state(false, Messages.getInstance().getString("JcrRoleAuthorizationPolicyRoleBindingDao.ERROR_0002_REPO_NOT_INITIALIZED"));
        }
        Node addNode = node.addNode(".authz", pentahoJcrConstants.getPHO_NT_INTERNALFOLDER());
        session.save();
        return addNode;
    }

    public Node createRoleBasedFolderNode(Session session, PentahoJcrConstants pentahoJcrConstants, ITenant iTenant) throws RepositoryException {
        Node createAuthzFolderNode = createAuthzFolderNode(session, pentahoJcrConstants, iTenant);
        Node addNode = createAuthzFolderNode.addNode("roleBased", pentahoJcrConstants.getPHO_NT_INTERNALFOLDER());
        createAuthzFolderNode.save();
        session.save();
        return addNode;
    }

    public Node createRuntimeRolesFolderNode(Session session, PentahoJcrConstants pentahoJcrConstants, ITenant iTenant) throws RepositoryException {
        Node createRoleBasedFolderNode = createRoleBasedFolderNode(session, pentahoJcrConstants, iTenant);
        Node addNode = createRoleBasedFolderNode.addNode("runtimeRoles", pentahoJcrConstants.getPHO_NT_INTERNALFOLDER());
        createRoleBasedFolderNode.save();
        session.save();
        return addNode;
    }

    public ITenant createTenant(ITenant iTenant, String str, String str2, String str3, String str4) {
        Tenant tenant;
        String rootFolderAbsolutePath;
        if (iTenant == null) {
            if (this.repositoryFileDao.getFileByAbsolutePath("/" + str) != null) {
                return null;
            }
        } else if (this.repositoryFileDao.getFileByAbsolutePath(iTenant.getRootFolderAbsolutePath() + "/" + str) != null) {
            return null;
        }
        if (iTenant == null) {
            tenant = new Tenant("/" + str, true);
            rootFolderAbsolutePath = "/";
        } else {
            tenant = new Tenant(iTenant.getRootFolderAbsolutePath() + "/" + str, true);
            rootFolderAbsolutePath = iTenant.getRootFolderAbsolutePath();
        }
        String name = PentahoSessionHolder.getSession().getName();
        RepositoryFile createTenantFolder = createTenantFolder(iTenant, str, name);
        this.userRoleDao.createRole(tenant, str2, "", new String[0]);
        this.userRoleDao.createRole(tenant, str3, "", new String[0]);
        this.userRoleDao.createRole(tenant, str4, "", new String[0]);
        this.roleBindingDao.setRoleBindings(tenant, str3, this.singleTenantAuthenticatedAuthorityRoleBindingList);
        String principleId = this.tenantedRoleNameResolver.getPrincipleId(tenant, str2);
        RepositoryFileSid repositoryFileSid = new RepositoryFileSid(principleId, RepositoryFileSid.Type.ROLE);
        this.jcrTemplate.save();
        if (iTenant == null) {
            this.repositoryFileAclDao.addAce(createTenantFolder.getId(), repositoryFileSid, EnumSet.of(RepositoryFilePermission.ALL));
        } else {
            RepositoryFileAcl.Builder ace = new RepositoryFileAcl.Builder(this.repositoryFileAclDao.getAcl(createTenantFolder.getId())).ace(repositoryFileSid, EnumSet.of(RepositoryFilePermission.ALL));
            IPentahoSession session = PentahoSessionHolder.getSession();
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            login(this.repositoryAdminUsername, principleId);
            while (!rootFolderAbsolutePath.equals("/")) {
                try {
                    try {
                        ace.ace(new RepositoryFileSid(this.tenantedRoleNameResolver.getPrincipleId(new Tenant(rootFolderAbsolutePath, true), str2), RepositoryFileSid.Type.ROLE), EnumSet.of(RepositoryFilePermission.ALL));
                        rootFolderAbsolutePath = FilenameUtils.getFullPathNoEndSeparator(rootFolderAbsolutePath);
                    } catch (Throwable th) {
                        PentahoSessionHolder.setSession(session);
                        SecurityContextHolder.getContext().setAuthentication(authentication);
                        throw th;
                    }
                } catch (Throwable th2) {
                    th2.printStackTrace();
                    PentahoSessionHolder.setSession(session);
                    SecurityContextHolder.getContext().setAuthentication(authentication);
                }
            }
            this.repositoryFileAclDao.updateAcl(ace.build());
            PentahoSessionHolder.setSession(session);
            SecurityContextHolder.getContext().setAuthentication(authentication);
        }
        try {
            createInitialTenantFolders(tenant, createTenantFolder, new RepositoryFileSid(name));
            return tenant;
        } catch (Exception e) {
            throw new RuntimeException("Error creating initial tenant folders", e);
        }
    }

    protected IPentahoSession createAuthenticatedPentahoSession(String str, String str2) {
        StandaloneSession standaloneSession = new StandaloneSession(str2);
        standaloneSession.setAuthenticated(str, str2);
        return standaloneSession;
    }

    protected void login(String str, String str2) {
        StandaloneSession standaloneSession = new StandaloneSession(str);
        standaloneSession.setAuthenticated((String) null, str);
        PentahoSessionHolder.setSession(standaloneSession);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new GrantedAuthorityImpl(str2));
        GrantedAuthority[] grantedAuthorityArr = (GrantedAuthority[]) arrayList.toArray(new GrantedAuthority[0]);
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(new User(str, "ignored", true, true, true, true, grantedAuthorityArr), "ignored", grantedAuthorityArr);
        PentahoSessionHolder.setSession(standaloneSession);
        SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
    }

    public void deleteTenants(final List<ITenant> list) {
        this.jcrTemplate.execute(new JcrCallback() { // from class: org.pentaho.platform.repository2.mt.RepositoryTenantManager.2
            public Object doInJcr(Session session) {
                try {
                    RepositoryTenantManager.this.deleteTenants(session, list);
                    return null;
                } catch (RepositoryException e) {
                    e.printStackTrace();
                    return null;
                }
            }
        });
    }

    public void deleteTenant(final ITenant iTenant) {
        this.jcrTemplate.execute(new JcrCallback() { // from class: org.pentaho.platform.repository2.mt.RepositoryTenantManager.3
            public Object doInJcr(Session session) {
                try {
                    RepositoryTenantManager.this.deleteTenant(session, iTenant);
                    return null;
                } catch (RepositoryException e) {
                    e.printStackTrace();
                    return null;
                }
            }
        });
    }

    public void enableTenant(final ITenant iTenant, final boolean z) {
        this.jcrTemplate.execute(new JcrCallback() { // from class: org.pentaho.platform.repository2.mt.RepositoryTenantManager.4
            public Object doInJcr(Session session) {
                try {
                    RepositoryTenantManager.this.enableTenant(session, iTenant, z);
                    return null;
                } catch (RepositoryException e) {
                    e.printStackTrace();
                    return null;
                }
            }
        });
    }

    @Override // org.pentaho.platform.repository2.mt.AbstractRepositoryTenantManager
    public RepositoryFile getTenantRootFolder(ITenant iTenant) {
        RepositoryFile fileByAbsolutePath = this.repositoryFileDao.getFileByAbsolutePath(iTenant.getRootFolderAbsolutePath());
        if (fileByAbsolutePath != null) {
            Map<String, Serializable> fileMetadata = this.repositoryFileDao.getFileMetadata(fileByAbsolutePath.getId());
            if (!fileMetadata.containsKey("isTenantRoot") || !((Boolean) fileMetadata.get("isTenantRoot")).booleanValue()) {
                fileByAbsolutePath = null;
            }
        }
        return fileByAbsolutePath;
    }

    public void enableTenants(final List<ITenant> list, final boolean z) {
        this.jcrTemplate.execute(new JcrCallback() { // from class: org.pentaho.platform.repository2.mt.RepositoryTenantManager.5
            public Object doInJcr(Session session) {
                try {
                    RepositoryTenantManager.this.enableTenants(session, list, z);
                    return null;
                } catch (RepositoryException e) {
                    e.printStackTrace();
                    return null;
                }
            }
        });
    }

    public List<ITenant> getChildTenants(final ITenant iTenant, final boolean z) {
        return (List) this.jcrTemplate.execute(new JcrCallback() { // from class: org.pentaho.platform.repository2.mt.RepositoryTenantManager.6
            public Object doInJcr(Session session) {
                Collection arrayList;
                try {
                    arrayList = RepositoryTenantManager.this.getChildTenants(session, iTenant, z);
                } catch (RepositoryException e) {
                    arrayList = new ArrayList();
                    e.printStackTrace();
                }
                return arrayList;
            }
        });
    }

    public List<ITenant> getChildTenants(final ITenant iTenant) {
        return (List) this.jcrTemplate.execute(new JcrCallback() { // from class: org.pentaho.platform.repository2.mt.RepositoryTenantManager.7
            public Object doInJcr(Session session) {
                Collection arrayList;
                try {
                    arrayList = RepositoryTenantManager.this.getChildTenants(session, iTenant);
                } catch (RepositoryException e) {
                    arrayList = new ArrayList();
                    e.printStackTrace();
                }
                return arrayList;
            }
        });
    }

    public void updateTentant(String str, Map<String, Serializable> map) {
    }

    String getParentPath(String str) {
        return (str == null || str.length() <= 0) ? ServerRepositoryPaths.getPentahoRootFolderPath() + "/" : ServerRepositoryPaths.getPentahoRootFolderPath() + "/" + str + "/";
    }

    String getTenantPath(String str, String str2) {
        return getParentPath(str) + str2;
    }

    public ITenant getTenant(final String str) {
        return (ITenant) this.jcrTemplate.execute(new JcrCallback() { // from class: org.pentaho.platform.repository2.mt.RepositoryTenantManager.8
            public Object doInJcr(Session session) throws IOException, RepositoryException {
                return RepositoryTenantManager.this.getTenant(session, str);
            }
        });
    }

    public ITenant getTenantByRootFolderPath(final String str) {
        return (ITenant) this.jcrTemplate.execute(new JcrCallback() { // from class: org.pentaho.platform.repository2.mt.RepositoryTenantManager.9
            public Object doInJcr(Session session) throws IOException, RepositoryException {
                return RepositoryTenantManager.this.getTenant(session, str);
            }
        });
    }

    public boolean isSubTenant(final ITenant iTenant, final ITenant iTenant2) {
        return ((Boolean) this.jcrTemplate.execute(new JcrCallback() { // from class: org.pentaho.platform.repository2.mt.RepositoryTenantManager.10
            public Object doInJcr(Session session) throws IOException, RepositoryException {
                return Boolean.valueOf(RepositoryTenantManager.this.isSubTenant(session, iTenant, iTenant2));
            }
        })).booleanValue();
    }

    public IUserRoleDao getUserRoleDao() {
        return this.userRoleDao;
    }

    private RepositoryFile createPublicFolder(ITenant iTenant, RepositoryFile repositoryFile, RepositoryFileSid repositoryFileSid) {
        RepositoryFileSid repositoryFileSid2 = new RepositoryFileSid(this.tenantedRoleNameResolver.getPrincipleId(iTenant, this.tenantAdminRoleName), RepositoryFileSid.Type.ROLE);
        return this.repositoryFileDao.createFolder(repositoryFile.getId(), new RepositoryFile.Builder(ServerRepositoryPaths.getTenantPublicFolderName()).folder(true).title(Messages.getInstance().getString("RepositoryTenantManager.publicFolderDisplayName")).build(), new RepositoryFileAcl.Builder(repositoryFileSid).ace(repositoryFileSid2, EnumSet.of(RepositoryFilePermission.ALL)).ace(new RepositoryFileSid(this.tenantedRoleNameResolver.getPrincipleId(iTenant, this.tenantAuthenticatedRoleName), RepositoryFileSid.Type.ROLE), EnumSet.of(RepositoryFilePermission.READ)).build(), null);
    }

    private RepositoryFile createHomeFolder(ITenant iTenant, RepositoryFile repositoryFile, RepositoryFileSid repositoryFileSid) {
        RepositoryFileSid repositoryFileSid2 = new RepositoryFileSid(this.tenantedRoleNameResolver.getPrincipleId(iTenant, this.tenantAdminRoleName), RepositoryFileSid.Type.ROLE);
        return this.repositoryFileDao.createFolder(repositoryFile.getId(), new RepositoryFile.Builder(ServerRepositoryPaths.getTenantHomeFolderName()).folder(true).title(Messages.getInstance().getString("RepositoryTenantManager.usersFolderDisplayName")).build(), new RepositoryFileAcl.Builder(repositoryFileSid).ace(repositoryFileSid2, EnumSet.of(RepositoryFilePermission.ALL)).ace(new RepositoryFileSid(this.tenantedRoleNameResolver.getPrincipleId(iTenant, this.tenantAuthenticatedRoleName), RepositoryFileSid.Type.ROLE), EnumSet.of(RepositoryFilePermission.READ)).build(), null);
    }

    private RepositoryFile createEtcFolder(ITenant iTenant, RepositoryFile repositoryFile, RepositoryFileSid repositoryFileSid) {
        RepositoryFileSid repositoryFileSid2 = new RepositoryFileSid(this.tenantedRoleNameResolver.getPrincipleId(iTenant, this.tenantAuthenticatedRoleName), RepositoryFileSid.Type.ROLE);
        RepositoryFile createFolder = this.repositoryFileDao.createFolder(repositoryFile.getId(), new RepositoryFile.Builder(ServerRepositoryPaths.getTenantEtcFolderName()).folder(true).build(), new RepositoryFileAcl.Builder(repositoryFileSid).entriesInheriting(true).ace(repositoryFileSid2, EnumSet.of(RepositoryFilePermission.READ)).ace(new RepositoryFileSid(this.tenantedRoleNameResolver.getPrincipleId(iTenant, this.tenantAdminRoleName), RepositoryFileSid.Type.ROLE), EnumSet.of(RepositoryFilePermission.ALL)).build(), null);
        RepositoryFile createFolder2 = this.repositoryFileDao.createFolder(createFolder.getId(), new RepositoryFile.Builder("pdi").folder(true).build(), new RepositoryFileAcl.Builder(repositoryFileSid).entriesInheriting(true).build(), null);
        this.repositoryFileDao.createFolder(createFolder2.getId(), new RepositoryFile.Builder("databases").folder(true).build(), new RepositoryFileAcl.Builder(repositoryFileSid).entriesInheriting(true).build(), null);
        this.repositoryFileDao.createFolder(createFolder2.getId(), new RepositoryFile.Builder("slaveServers").folder(true).build(), new RepositoryFileAcl.Builder(repositoryFileSid).entriesInheriting(true).build(), null);
        this.repositoryFileDao.createFolder(createFolder2.getId(), new RepositoryFile.Builder("clusterSchemas").folder(true).build(), new RepositoryFileAcl.Builder(repositoryFileSid).entriesInheriting(true).build(), null);
        this.repositoryFileDao.createFolder(createFolder2.getId(), new RepositoryFile.Builder("partitionSchemas").folder(true).build(), new RepositoryFileAcl.Builder(repositoryFileSid).entriesInheriting(true).build(), null);
        this.repositoryFileDao.createFolder(createFolder.getId(), new RepositoryFile.Builder("metastore").folder(true).build(), new RepositoryFileAcl.Builder(repositoryFileSid).entriesInheriting(true).build(), null);
        return createFolder;
    }

    protected void createInitialTenantFolders(ITenant iTenant, RepositoryFile repositoryFile, RepositoryFileSid repositoryFileSid) throws RepositoryException {
        createPublicFolder(iTenant, repositoryFile, repositoryFileSid);
        RepositoryFile createEtcFolder = createEtcFolder(iTenant, repositoryFile, repositoryFileSid);
        createHomeFolder(iTenant, repositoryFile, repositoryFileSid);
        setAsSystemFolder(createEtcFolder.getId());
    }
}
