package jetbrains.youtrack.ring.impl;

import java.util.ArrayList;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.NotFoundException;
import jetbrains.charisma.main.CollectionUtilKt;
import jetbrains.exodus.entitystore.Entity;
import jetbrains.jetpass.api.IdItem;
import jetbrains.jetpass.api.authority.User;
import jetbrains.jetpass.api.security.Permission;
import jetbrains.jetpass.api.security.Role;
import jetbrains.jetpass.auth.module.core.rest.client.json.CoreauthmoduleJSON;
import jetbrains.jetpass.client.BaseFilter;
import jetbrains.jetpass.client.FieldPartial;
import jetbrains.jetpass.client.accounts.AuthModuleClient;
import jetbrains.jetpass.dao.api.NotUniqueFieldException;
import jetbrains.jetpass.rest.dto.AuthmoduleJSON;
import jetbrains.jetpass.rest.dto.PermissionJSON;
import jetbrains.jetpass.rest.dto.RoleJSON;
import jetbrains.jetpass.rest.dto.UserJSON;
import jetbrains.youtrack.core.legacy.LegacySupportKt;
import jetbrains.youtrack.core.persistent.user.XdUser;
import jetbrains.youtrack.core.security.DefaultRole;
import jetbrains.youtrack.persistent.security.XdRole;
import jetbrains.youtrack.ring.EntityExtensionsKt;
import jetbrains.youtrack.ring.HubReplicatingMarker;
import jetbrains.youtrack.ring.export.adapter.HubSyncAdapter;
import jetbrains.youtrack.ring.export.dto.DisableTotpHubDtoBuilder;
import jetbrains.youtrack.ring.export.dto.DisableWebauthnHubDtoBuilder;
import jetbrains.youtrack.ring.export.dto.HubDtoBuilder;
import jetbrains.youtrack.ring.export.dto.RestoreRootUserHubDtoBuilder;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.comparisons.ComparisonsKt;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.dnq.XdEntity;
import kotlinx.dnq.XdExtensionsKt;
import kotlinx.dnq.query.FilteringContext;
import kotlinx.dnq.query.XdFilteringQueryKt;
import kotlinx.dnq.query.XdQueryKt;
import kotlinx.dnq.query.XdSearchingNode;
import mu.KLogging;
import org.apache.commons.lang.RandomStringUtils;
import org.jetbrains.annotations.NotNull;
import org.springframework.stereotype.Service;

/* compiled from: HubRootRestorer.kt */
@Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��&\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0006\b\u0007\u0018�� \u000f2\u00020\u0001:\u0001\u000fB\u0005¢\u0006\u0002\u0010\u0002J\b\u0010\u0003\u001a\u00020\u0004H\u0002J\b\u0010\u0005\u001a\u00020\u0004H\u0002J\u000e\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\b0\u0007H\u0002J\b\u0010\t\u001a\u00020\nH\u0002J\u0006\u0010\u000b\u001a\u00020\u0004J\b\u0010\f\u001a\u00020\u0004H\u0002J\b\u0010\r\u001a\u00020\u0004H\u0002J\b\u0010\u000e\u001a\u00020\u0004H\u0002¨\u0006\u0010"}, d2 = {"Ljetbrains/youtrack/ring/impl/HubRootRestorer;", "", "()V", "disable2fa", "", "freeLicenseSlot", "gatherAllPermissions", "", "Ljetbrains/jetpass/rest/dto/PermissionJSON;", "getAuthModuleClient", "Ljetbrains/jetpass/client/accounts/AuthModuleClient;", "postRestoredRootToHub", "restoreAdminRole", "restoreCoreAuthModule", "restoreRootUser", "Companion", "youtrack-ring-integration"})
@Service
/* loaded from: input_file:jetbrains/youtrack/ring/impl/HubRootRestorer.class */
public final class HubRootRestorer {
    public static final Companion Companion = new Companion(null);

    /* compiled from: HubRootRestorer.kt */
    @Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��\f\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002¨\u0006\u0003"}, d2 = {"Ljetbrains/youtrack/ring/impl/HubRootRestorer$Companion;", "Lmu/KLogging;", "()V", "youtrack-ring-integration"})
    /* loaded from: input_file:jetbrains/youtrack/ring/impl/HubRootRestorer$Companion.class */
    public static final class Companion extends KLogging {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public final void postRestoredRootToHub() {
        if (!HubReplicatingMarker.INSTANCE.areRingNotificationsForThreadSuspended()) {
            HubReplicatingMarker.INSTANCE.suspendRingNotificationsForThread();
        }
        try {
            restoreCoreAuthModule();
            restoreAdminRole();
            LegacySupportKt.flush();
            try {
                restoreRootUser();
            } catch (ForbiddenException e) {
                freeLicenseSlot();
                restoreRootUser();
            }
            disable2fa();
            jetbrains.youtrack.ring.client.BeansKt.getRingApi().syncNow();
            Companion.getLogger().info("Root user account has been reset");
            HubReplicatingMarker.INSTANCE.resumeRingNotificationsForThread();
        } catch (Throwable th) {
            HubReplicatingMarker.INSTANCE.resumeRingNotificationsForThread();
            throw th;
        }
    }

    private final void restoreCoreAuthModule() {
        for (AuthmoduleJSON authmoduleJSON : getAuthModuleClient().getAuthModulePage((BaseFilter) null, (FieldPartial) null).getItems()) {
            if (authmoduleJSON instanceof CoreauthmoduleJSON) {
                authmoduleJSON.setDisabled(false);
                AuthModuleClient authModuleClient = getAuthModuleClient();
                String id = authmoduleJSON.getId();
                if (id == null) {
                    Intrinsics.throwNpe();
                }
                Intrinsics.checkExpressionValueIsNotNull(id, "module.getId()!!");
                authModuleClient.updateAuthModule(id, authmoduleJSON);
            }
        }
    }

    private final void restoreAdminRole() {
        Role create;
        XdEntity xdEntity = (XdRole) XdQueryKt.first(XdFilteringQueryKt.filter(XdRole.Companion.all(), new Function2<FilteringContext, XdRole, XdSearchingNode>() { // from class: jetbrains.youtrack.ring.impl.HubRootRestorer$restoreAdminRole$adminRole$1
            @NotNull
            public final XdSearchingNode invoke(@NotNull FilteringContext filteringContext, @NotNull XdRole xdRole) {
                Intrinsics.checkParameterIsNotNull(filteringContext, "$receiver");
                Intrinsics.checkParameterIsNotNull(xdRole, "it");
                return filteringContext.eq(xdRole.getName(), DefaultRole.SYSTEM_ADMIN.getName());
            }
        }));
        IdItem roleJSON = new RoleJSON();
        roleJSON.setPermissions(gatherAllPermissions());
        if (jetbrains.youtrack.ring.export.BeansKt.getHubAdapterFactory().getRoleAdapter().isExported(xdEntity) && jetbrains.youtrack.ring.client.BeansKt.getRingApi().m46getRoleDAO().get(EntityExtensionsKt.getHubUuid(xdEntity)) != null) {
            jetbrains.youtrack.ring.client.BeansKt.getRingApi().m46getRoleDAO().update(EntityExtensionsKt.getHubUuidNotNull(xdEntity), roleJSON);
            return;
        }
        roleJSON.setName(xdEntity.getName());
        roleJSON.setDescription(xdEntity.getDescription());
        try {
            create = (Role) jetbrains.youtrack.ring.client.BeansKt.getRingApi().m46getRoleDAO().create(roleJSON);
        } catch (NotUniqueFieldException e) {
            roleJSON.setName(roleJSON.getName() + ' ' + RandomStringUtils.randomAlphabetic(5));
            create = jetbrains.youtrack.ring.client.BeansKt.getRingApi().m46getRoleDAO().create(roleJSON);
        }
        EntityExtensionsKt.setHubUuid(xdEntity, create.getId());
    }

    private final List<PermissionJSON> gatherAllPermissions() {
        jetbrains.jetpass.api.Service service = jetbrains.youtrack.ring.client.BeansKt.getRingApi().m42getServiceDAO().get(BeansKt.getHubServiceUuid());
        if (service == null) {
            Intrinsics.throwNpe();
        }
        Intrinsics.checkExpressionValueIsNotNull(service, "ringApi.serviceDAO[hubServiceUuid]!!");
        Iterable permissions = service.getPermissions();
        Intrinsics.checkExpressionValueIsNotNull(permissions, "ringApi.serviceDAO[hubServiceUuid]!!.permissions");
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(permissions, 10));
        Iterator it = permissions.iterator();
        while (it.hasNext()) {
            arrayList.add(new PermissionJSON((Permission) it.next()));
        }
        ArrayList arrayList2 = arrayList;
        jetbrains.youtrack.core.security.Permission[] values = jetbrains.youtrack.core.security.Permission.values();
        ArrayList arrayList3 = new ArrayList(values.length);
        for (jetbrains.youtrack.core.security.Permission permission : values) {
            PermissionJSON permissionJSON = new PermissionJSON();
            permissionJSON.setId(EntityExtensionsKt.getHubUuid(permission));
            arrayList3.add(permissionJSON);
        }
        return CollectionsKt.plus(arrayList2, arrayList3);
    }

    private final void restoreRootUser() {
        Entity root = jetbrains.youtrack.core.security.BeansKt.getSecurity().getRoot();
        Intrinsics.checkExpressionValueIsNotNull(root, "security.root");
        XdUser xd = XdExtensionsKt.toXd(root);
        try {
            jetbrains.youtrack.ring.export.BeansKt.getHubAdapterFactory().getUserAdapter(new RestoreRootUserHubDtoBuilder(false)).update(xd);
        } catch (NotFoundException e) {
            jetbrains.youtrack.ring.export.BeansKt.getHubAdapterFactory().getUserAdapter(new RestoreRootUserHubDtoBuilder(true)).add(xd);
        }
    }

    private final void disable2fa() {
        for (HubDtoBuilder<? super XdUser, ? extends UserJSON> hubDtoBuilder : new HubDtoBuilder[]{new DisableTotpHubDtoBuilder(), new DisableWebauthnHubDtoBuilder()}) {
            try {
                HubSyncAdapter<XdUser> userAdapter = jetbrains.youtrack.ring.export.BeansKt.getHubAdapterFactory().getUserAdapter(hubDtoBuilder);
                Entity root = jetbrains.youtrack.core.security.BeansKt.getSecurity().getRoot();
                Intrinsics.checkExpressionValueIsNotNull(root, "security.root");
                userAdapter.update(XdExtensionsKt.toXd(root));
            } catch (BadRequestException e) {
            } catch (Exception e2) {
                Companion.getLogger().warn("Can't reset 2FA for the root user", e2);
            }
        }
    }

    private final void freeLicenseSlot() {
        Iterable allItems = jetbrains.youtrack.ring.client.BeansKt.getRingApi().m47getUserDAO().getAllItems();
        ArrayList arrayList = new ArrayList();
        for (Object obj : allItems) {
            Boolean isBanned = ((User) obj).isBanned();
            Intrinsics.checkExpressionValueIsNotNull(isBanned, "it.isBanned");
            if (!isBanned.booleanValue()) {
                arrayList.add(obj);
            }
        }
        IdItem userJSON = new UserJSON((User) CollectionsKt.first(CollectionsKt.sortedWith(arrayList, new Comparator<T>() { // from class: jetbrains.youtrack.ring.impl.HubRootRestorer$freeLicenseSlot$$inlined$sortedBy$1
            @Override // java.util.Comparator
            public final int compare(T t, T t2) {
                Iterable groups = ((User) t).getGroups();
                Intrinsics.checkExpressionValueIsNotNull(groups, "it.groups");
                Integer valueOf = Integer.valueOf(CollectionUtilKt.getSize(groups));
                Iterable groups2 = ((User) t2).getGroups();
                Intrinsics.checkExpressionValueIsNotNull(groups2, "it.groups");
                return ComparisonsKt.compareValues(valueOf, Integer.valueOf(CollectionUtilKt.getSize(groups2)));
            }
        })));
        userJSON.setBanned(true);
        userJSON.setBanReason("Banned to restore root administrator account");
        jetbrains.youtrack.ring.client.BeansKt.getRingApi().m47getUserDAO().update(userJSON.getId(), userJSON);
    }

    private final AuthModuleClient getAuthModuleClient() {
        return jetbrains.youtrack.ring.client.BeansKt.getHubClient().getAccountsClientWithLongTimeouts().getAuthModuleClient();
    }
}
