package org.apache.ranger.unixusersync.process;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.HashBasedTable;
import com.google.common.collect.Table;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.apache.log4j.Logger;
import org.apache.ranger.ugsyncutil.model.UgsyncAuditInfo;
import org.apache.ranger.ugsyncutil.model.UnixSyncSourceInfo;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.usergroupsync.UserGroupSink;
import org.apache.ranger.usergroupsync.UserGroupSource;

/* loaded from: input_file:org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.class */
public class UnixUserGroupBuilder implements UserGroupSource {
    private static final Logger LOG = Logger.getLogger(UnixUserGroupBuilder.class);
    private static final String OS = System.getProperty("os.name");
    static final String LINUX_GET_ALL_USERS_CMD = "getent passwd";
    static final String LINUX_GET_ALL_GROUPS_CMD = "getent group";
    static final String LINUX_GET_GROUP_CMD = "getent group %s";
    static final String MAC_GET_ALL_USERS_CMD = "dscl . -readall /Users UniqueID PrimaryGroupID | awk 'BEGIN { OFS = \":\"; ORS=\"\\n\"; i=0;}/RecordName: / {name = $2;i = 0;}/PrimaryGroupID: / {gid = $2;}/^ / {if (i == 0) { i++; name = $1;}}/UniqueID: / {uid = $2;print name, \"*\", gid, uid;}'";
    static final String MAC_GET_ALL_GROUPS_CMD = "dscl . -list /Groups PrimaryGroupID | awk -v OFS=\":\" '{print $1, \"*\", $2, \"\"}'";
    static final String MAC_GET_GROUP_CMD = "dscl . -read /Groups/%1$s | paste -d, -s - | sed -e 's/:/|/g' | awk -v OFS=\":\" -v ORS=\"\\n\" -F, '{print \"%1$s\",\"*\",$6,$4}' | sed -e 's/:[^:]*| /:/g' | sed -e 's/ /,/g'";
    static final String BACKEND_PASSWD = "passwd";
    private boolean enumerateGroupMembers;
    private long timeout;
    private Map<String, String> groupId2groupNameMap;
    private Map<String, Map<String, String>> sourceUsers;
    private Map<String, Map<String, String>> sourceGroups;
    private Map<String, Set<String>> sourceGroupUsers;
    private Table<String, String, String> groupUserTable;
    private int minimumUserId;
    private int minimumGroupId;
    private UgsyncAuditInfo ugsyncAuditInfo;
    private UnixSyncSourceInfo unixSyncSourceInfo;
    private boolean isStartupFlag;
    private int deleteCycles;
    private String currentSyncSource;
    private boolean isUpdateSinkSucc = true;
    private boolean useNss = false;
    private long lastUpdateTime = 0;
    private UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
    private long passwordFileModifiedAt = 0;
    private long groupFileModifiedAt = 0;
    private boolean computeDeletes = false;
    Set<String> allGroups = new HashSet();
    private String unixPasswordFile = this.config.getUnixPasswordFile();
    private String unixGroupFile = this.config.getUnixGroupFile();

    public static void main(String[] strArr) throws Throwable {
        UnixUserGroupBuilder unixUserGroupBuilder = new UnixUserGroupBuilder();
        unixUserGroupBuilder.init();
        unixUserGroupBuilder.print();
    }

    public UnixUserGroupBuilder() {
        this.enumerateGroupMembers = false;
        this.timeout = 0L;
        this.minimumUserId = 0;
        this.minimumGroupId = 0;
        this.isStartupFlag = false;
        this.isStartupFlag = true;
        this.minimumUserId = Integer.parseInt(this.config.getMinUserId());
        this.minimumGroupId = Integer.parseInt(this.config.getMinGroupId());
        if (LOG.isDebugEnabled()) {
            LOG.debug("Minimum UserId: " + this.minimumUserId + ", minimum GroupId: " + this.minimumGroupId);
        }
        this.timeout = this.config.getUpdateMillisMin();
        this.enumerateGroupMembers = this.config.isGroupEnumerateEnabled();
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSource
    public void init() throws Throwable {
        this.deleteCycles = 1;
        this.currentSyncSource = this.config.getCurrentSyncSource();
        this.ugsyncAuditInfo = new UgsyncAuditInfo();
        this.unixSyncSourceInfo = new UnixSyncSourceInfo();
        this.ugsyncAuditInfo.setSyncSource(this.currentSyncSource);
        this.ugsyncAuditInfo.setUnixSyncSourceInfo(this.unixSyncSourceInfo);
        this.unixSyncSourceInfo.setFileName(this.unixPasswordFile);
        this.unixSyncSourceInfo.setMinUserId(this.config.getMinUserId());
        this.unixSyncSourceInfo.setMinGroupId(this.config.getMinGroupId());
        if (this.config.getUnixBackend().equalsIgnoreCase(BACKEND_PASSWD)) {
            LOG.warn("DEPRECATED: Unix backend is configured to use /etc/passwd and /etc/group files directly instead of standard system mechanisms.");
            this.unixSyncSourceInfo.setUnixBackend(BACKEND_PASSWD);
        } else {
            this.useNss = true;
            this.unixSyncSourceInfo.setUnixBackend("nss");
        }
        buildUserGroupInfo();
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSource
    public boolean isChanged() {
        this.computeDeletes = false;
        if (!this.isUpdateSinkSucc) {
            LOG.info("Previous updateSink failed and hence retry!!");
            this.isUpdateSinkSucc = true;
            return true;
        }
        try {
            if (this.config.isUserSyncDeletesEnabled() && this.deleteCycles >= this.config.getUserSyncDeletesFrequency()) {
                this.deleteCycles = 1;
                this.computeDeletes = true;
                if (!LOG.isDebugEnabled()) {
                    return true;
                }
                LOG.debug("Compute deleted users/groups is enabled for this sync cycle");
                return true;
            }
        } catch (Throwable th) {
            LOG.error("Failed to get information about usersync delete frequency", th);
        }
        if (this.config.isUserSyncDeletesEnabled()) {
            this.deleteCycles++;
        }
        if (this.useNss) {
            return System.currentTimeMillis() - this.lastUpdateTime > this.timeout;
        }
        if (this.passwordFileModifiedAt != new File(this.unixPasswordFile).lastModified()) {
            return true;
        }
        return this.groupFileModifiedAt != new File(this.unixGroupFile).lastModified();
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSource
    public void updateSink(UserGroupSink userGroupSink) throws Throwable {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
        Date date = new Date(this.passwordFileModifiedAt);
        Date date2 = new Date(System.currentTimeMillis());
        this.unixSyncSourceInfo.setLastModified(simpleDateFormat.format(date));
        this.unixSyncSourceInfo.setSyncTime(simpleDateFormat.format(date2));
        if (isChanged() || this.isStartupFlag) {
            buildUserGroupInfo();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Users = " + this.sourceUsers.keySet());
                LOG.debug("Groups = " + this.sourceGroups.keySet());
                LOG.debug("GroupUsers = " + this.sourceGroupUsers.keySet());
            }
            try {
                userGroupSink.addOrUpdateUsersGroups(this.sourceGroups, this.sourceUsers, this.sourceGroupUsers, this.computeDeletes);
            } catch (Throwable th) {
                LOG.error("Failed to update ranger admin. Will retry in next sync cycle!!", th);
                this.isUpdateSinkSucc = false;
            }
        }
        try {
            userGroupSink.postUserGroupAuditInfo(this.ugsyncAuditInfo);
        } catch (Throwable th2) {
            LOG.error("sink.postUserGroupAuditInfo failed with exception: ", th2);
        }
        this.isStartupFlag = false;
    }

    private void buildUserGroupInfo() throws Throwable {
        this.groupId2groupNameMap = new HashMap();
        this.sourceUsers = new HashMap();
        this.sourceGroups = new HashMap();
        this.sourceGroupUsers = new HashMap();
        this.groupUserTable = HashBasedTable.create();
        this.allGroups = new HashSet();
        if (OS.startsWith("Mac")) {
            buildUnixGroupList(MAC_GET_ALL_GROUPS_CMD, MAC_GET_GROUP_CMD, false);
            buildUnixUserList(MAC_GET_ALL_USERS_CMD);
        } else {
            if (!OS.startsWith("Linux")) {
                LOG.warn("Platform not recognized assuming Linux compatible");
            }
            buildUnixGroupList(LINUX_GET_ALL_GROUPS_CMD, LINUX_GET_GROUP_CMD, true);
            buildUnixUserList(LINUX_GET_ALL_USERS_CMD);
        }
        for (String str : this.groupUserTable.rowKeySet()) {
            Map row = this.groupUserTable.row(str);
            HashSet hashSet = new HashSet();
            for (String str2 : row.keySet()) {
                if (this.sourceUsers.containsKey(str2)) {
                    hashSet.add(str2);
                }
            }
            this.sourceGroupUsers.put(str, hashSet);
        }
        this.lastUpdateTime = System.currentTimeMillis();
        if (LOG.isDebugEnabled()) {
            print();
        }
    }

    private void print() {
        for (String str : this.sourceUsers.keySet()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("USER:" + str);
            }
            Set<String> keySet = this.groupUserTable.column(str).keySet();
            if (keySet != null) {
                for (String str2 : keySet) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("\tGROUP: " + str2);
                    }
                }
            }
        }
    }

    private void buildUnixUserList(String str) throws Throwable {
        int i;
        String str2;
        int i2;
        BufferedReader bufferedReader = null;
        HashMap hashMap = new HashMap();
        try {
            if (this.useNss) {
                bufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(new String[]{"bash", "-c", str}).getInputStream(), StandardCharsets.UTF_8));
            } else {
                File file = new File(this.unixPasswordFile);
                this.passwordFileModifiedAt = file.lastModified();
                bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(file), StandardCharsets.UTF_8));
            }
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                if (!readLine.trim().isEmpty()) {
                    String[] split = readLine.split(":");
                    if (split.length < 4) {
                        LOG.warn("Unable to parse: " + readLine);
                    } else {
                        try {
                            String str3 = split[0];
                            String str4 = split[2];
                            String str5 = split[3];
                            try {
                                i2 = Integer.parseInt(str4);
                            } catch (NumberFormatException e) {
                                LOG.warn("Unix UserId: [" + str4 + "]: can not be parsed as valid int. considering as  -1.", e);
                                i2 = -1;
                            }
                            if (i2 >= this.minimumUserId) {
                                hashMap.put(str3, str4);
                                String str6 = this.groupId2groupNameMap.get(str5);
                                if (str6 != null) {
                                    HashMap hashMap2 = new HashMap();
                                    hashMap2.put("original_name", str3);
                                    hashMap2.put("full_name", str3);
                                    hashMap2.put("sync_source", this.currentSyncSource);
                                    this.sourceUsers.put(str3, hashMap2);
                                    this.groupUserTable.put(str6, str3, str5);
                                } else {
                                    LOG.warn("Group Name could not be found for group id: [" + str5 + "]. Skipping adding user [" + str3 + "] with id [" + str4 + "].");
                                }
                            } else if (LOG.isDebugEnabled()) {
                                LOG.debug("Skipping user [" + str3 + "] since its userid [" + str4 + "] is less than minuserid limit [" + this.minimumUserId + "].");
                            }
                        } catch (ArrayIndexOutOfBoundsException e2) {
                            LOG.warn("Ignoring line - [" + readLine + "]: Unable to parse line for getting user information", e2);
                        }
                    }
                }
            }
            if (this.useNss && this.enumerateGroupMembers) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Start drill down group members");
                }
                for (String str7 : this.groupUserTable.columnKeySet()) {
                    if (!this.sourceUsers.containsKey(str7)) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Enumerating user " + str7);
                        }
                        try {
                            i = Integer.parseInt((String) hashMap.get(str7));
                        } catch (NumberFormatException e3) {
                            i = -1;
                        }
                        if (i >= this.minimumUserId || i == -1) {
                            try {
                                bufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(new String[]{"bash", "-c", "id -G " + str7}).getInputStream()));
                                String readLine2 = bufferedReader.readLine();
                                bufferedReader.close();
                                if (LOG.isDebugEnabled()) {
                                    LOG.debug("id -G returned " + readLine2);
                                }
                                if (readLine2 == null || readLine2.trim().isEmpty()) {
                                    LOG.warn("User " + str7 + " could not be resolved");
                                } else {
                                    for (String str8 : readLine2.split(" ")) {
                                        if (Integer.parseInt(str8) >= this.minimumGroupId && (str2 = this.groupId2groupNameMap.get(str8)) != null) {
                                            this.groupUserTable.put(str2, str7, str8);
                                        }
                                    }
                                    HashMap hashMap3 = new HashMap();
                                    hashMap3.put("original_name", str7);
                                    hashMap3.put("full_name", str7);
                                    hashMap3.put("sync_source", this.currentSyncSource);
                                    this.sourceUsers.put(str7, hashMap3);
                                }
                            } catch (Throwable th) {
                                bufferedReader.close();
                                throw th;
                            }
                        }
                    }
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("End drill down group members");
                }
            }
        } finally {
            if (bufferedReader != null) {
                bufferedReader.close();
            }
        }
    }

    private void parseMembers(String str) {
        if (str == null || str.isEmpty()) {
            return;
        }
        String[] split = str.split(":");
        if (split.length < 3) {
            return;
        }
        String str2 = split[0];
        String str3 = split[2];
        String str4 = split.length > 3 ? split[3] : null;
        if (this.groupId2groupNameMap.containsKey(str3)) {
            this.groupId2groupNameMap.remove(str3);
        }
        if (Integer.parseInt(str3) < this.minimumGroupId) {
            return;
        }
        this.groupId2groupNameMap.put(str3, str2);
        HashMap hashMap = new HashMap();
        hashMap.put("original_name", str2);
        hashMap.put("full_name", str2);
        hashMap.put("sync_source", this.currentSyncSource);
        this.sourceGroups.put(str2, hashMap);
        if (str4 == null || str4.trim().isEmpty()) {
            this.sourceGroupUsers.put(str2, new HashSet());
            return;
        }
        for (String str5 : str4.split(",")) {
            this.groupUserTable.put(str2, str5, str3);
        }
    }

    private void buildUnixGroupList(String str, String str2, boolean z) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Start enumerating groups");
        }
        BufferedReader bufferedReader = null;
        try {
            if (this.useNss) {
                bufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(new String[]{"bash", "-c", str}).getInputStream(), StandardCharsets.UTF_8));
            } else {
                File file = new File(this.unixGroupFile);
                this.groupFileModifiedAt = file.lastModified();
                bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(file), StandardCharsets.UTF_8));
            }
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                } else if (!readLine.trim().isEmpty()) {
                    parseMembers(readLine);
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("End enumerating group");
            }
            if (this.useNss) {
                if (this.enumerateGroupMembers) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Start enumerating group members");
                    }
                    for (Map.Entry entry : new HashMap(this.groupId2groupNameMap).entrySet()) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Enumerating group: " + ((String) entry.getValue()) + " GID(" + ((String) entry.getKey()) + ")");
                        }
                        String format = z ? String.format(str2, entry.getKey()) : String.format(str2, entry.getValue());
                        String[] strArr = {"bash", "-c", format + " " + ((String) entry.getKey())};
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Executing: " + Arrays.toString(strArr));
                        }
                        try {
                            bufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(strArr).getInputStream()));
                            String readLine2 = bufferedReader.readLine();
                            if (bufferedReader != null) {
                                bufferedReader.close();
                            }
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("bash -c " + format + " for group " + entry + " returned " + readLine2);
                            }
                            parseMembers(readLine2);
                        } finally {
                            if (bufferedReader != null) {
                                bufferedReader.close();
                            }
                        }
                    }
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("End enumerating group members");
                    }
                }
                if (this.config.getEnumerateGroups() != null) {
                    String[] split = this.config.getEnumerateGroups().split(",");
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Adding extra groups");
                    }
                    for (String str3 : split) {
                        String format2 = String.format(str2, str3);
                        String[] strArr2 = {"bash", "-c", format2 + " '" + str3 + "'"};
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Executing: " + Arrays.toString(strArr2));
                        }
                        try {
                            bufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(strArr2).getInputStream()));
                            String readLine3 = bufferedReader.readLine();
                            if (bufferedReader != null) {
                                bufferedReader.close();
                            }
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("bash -c " + format2 + " for group " + str3 + " returned " + readLine3);
                            }
                            parseMembers(readLine3);
                        } finally {
                            if (bufferedReader != null) {
                                bufferedReader.close();
                            }
                        }
                    }
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Done adding extra groups");
                    }
                }
            }
        } finally {
            if (bufferedReader != null) {
                bufferedReader.close();
            }
        }
    }

    @VisibleForTesting
    Map<String, Set<String>> getGroupUserListMap() {
        return this.sourceGroupUsers;
    }

    @VisibleForTesting
    Map<String, String> getGroupId2groupNameMap() {
        return this.groupId2groupNameMap;
    }

    @VisibleForTesting
    Set<String> getUsers() {
        return this.sourceUsers.keySet();
    }
}
