package org.glassfish.connectors.admin.cli;

import com.sun.enterprise.config.serverbeans.Domain;
import com.sun.enterprise.config.serverbeans.Resources;
import com.sun.enterprise.util.LocalStringManagerImpl;
import jakarta.inject.Inject;
import java.beans.PropertyVetoException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.glassfish.api.ActionReport;
import org.glassfish.api.I18n;
import org.glassfish.api.Param;
import org.glassfish.api.admin.AdminCommand;
import org.glassfish.api.admin.AdminCommandContext;
import org.glassfish.api.admin.RestEndpoint;
import org.glassfish.api.admin.RestEndpoints;
import org.glassfish.connectors.admin.cli.CLIConstants;
import org.glassfish.connectors.config.BackendPrincipal;
import org.glassfish.connectors.config.ConnectorConnectionPool;
import org.glassfish.connectors.config.SecurityMap;
import org.glassfish.hk2.api.PerLookup;
import org.jvnet.hk2.annotations.Service;
import org.jvnet.hk2.config.ConfigBeanProxy;
import org.jvnet.hk2.config.ConfigCode;
import org.jvnet.hk2.config.ConfigSupport;
import org.jvnet.hk2.config.TransactionFailure;

@Service(name = "update-connector-security-map")
@I18n("update.connector.security.map")
@PerLookup
@RestEndpoints({@RestEndpoint(configBean = Resources.class, opType = RestEndpoint.OpType.POST, path = "update-connector-security-map", description = "update-connector-security-map")})
/* loaded from: input_file:org/glassfish/connectors/admin/cli/UpdateConnectorSecurityMap.class */
public class UpdateConnectorSecurityMap extends ConnectorSecurityMap implements AdminCommand {
    private static final LocalStringManagerImpl localStrings = new LocalStringManagerImpl(UpdateConnectorSecurityMap.class);

    @Param(optional = true)
    String target = "server";

    @Param(name = "poolname")
    String poolName;

    @Param(name = "addprincipals", optional = true)
    List<String> addPrincipals;

    @Param(name = "addusergroups", optional = true)
    List<String> addUserGroups;

    @Param(name = "removeprincipals", optional = true)
    List<String> removePrincipals;

    @Param(name = "removeusergroups", optional = true)
    List<String> removeUserGroups;

    @Param(name = CLIConstants.SM.SM_MAPPED_NAME, optional = true)
    String mappedusername;

    @Param(name = CLIConstants.SM.SM_MAPPED_PASSWORD, password = true, optional = true)
    String mappedpassword;

    @Param(name = "mapname", primary = true)
    String securityMapName;

    @Inject
    private Domain domain;

    @Override // org.glassfish.api.admin.AdminCommand
    public void execute(AdminCommandContext adminCommandContext) {
        ActionReport actionReport = adminCommandContext.getActionReport();
        if (this.securityMapName == null) {
            actionReport.setMessage(localStrings.getLocalString("create.connector.security.map.noSecurityMapName", "No security map name specified"));
            actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
            return;
        }
        Collection<ConnectorConnectionPool> resources = this.domain.getResources().getResources(ConnectorConnectionPool.class);
        if (!doesPoolNameExist(this.poolName, resources)) {
            actionReport.setMessage(localStrings.getLocalString("create.connector.security.map.noSuchPoolFound", "Connector connection pool {0} does not exist. Please specify a valid pool name.", this.poolName));
            actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
            return;
        }
        if (!doesMapNameExist(this.poolName, this.securityMapName, resources)) {
            actionReport.setMessage(localStrings.getLocalString("update.connector.security.map.map_does_not_exist", "Security map {0} does not exist for connector connection pool {1}. Please give a valid map name.", this.securityMapName, this.poolName));
            actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
            return;
        }
        List<SecurityMap> allSecurityMapsForPool = getAllSecurityMapsForPool(this.poolName, resources);
        if (this.addPrincipals != null && this.removePrincipals != null) {
            for (String str : this.addPrincipals) {
                Iterator<String> it = this.removePrincipals.iterator();
                while (it.hasNext()) {
                    if (it.next().equals(str)) {
                        actionReport.setMessage(localStrings.getLocalString("update.connector.security.map.same_principal_values", "This value {0} is given in both --addprincipals and --removeprincipals. The same value cannot given for these options.", str));
                        actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
                        return;
                    }
                }
            }
        }
        if (this.addUserGroups != null && this.removeUserGroups != null) {
            for (String str2 : this.addUserGroups) {
                Iterator<String> it2 = this.removeUserGroups.iterator();
                while (it2.hasNext()) {
                    if (it2.next().equals(str2)) {
                        actionReport.setMessage(localStrings.getLocalString("update.connector.security.map.same_usergroup_values", "This value {0} is given in both --addusergroups and --removeusergroups. The same value cannot given for these options.", str2));
                        actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
                        return;
                    }
                }
            }
        }
        if (this.addPrincipals != null) {
            for (String str3 : this.addPrincipals) {
                if (isPrincipalExisting(str3, allSecurityMapsForPool)) {
                    actionReport.setMessage(localStrings.getLocalString("create.connector.security.map.principal_exists", "The principal {0} already exists in connector connection pool {1}. Please give a different principal name.", str3, this.poolName));
                    actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
                    return;
                }
            }
        }
        if (this.addUserGroups != null) {
            for (String str4 : this.addUserGroups) {
                if (isUserGroupExisting(str4, allSecurityMapsForPool)) {
                    actionReport.setMessage(localStrings.getLocalString("create.connector.security.map.usergroup_exists", "The user-group {0} already exists in connector connection pool {1}. Please give a different user-group name.", str4, this.poolName));
                    actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
                    return;
                }
            }
        }
        SecurityMap securityMap = getSecurityMap(this.securityMapName, this.poolName, resources);
        final List<String> arrayList = new ArrayList<>(securityMap.getPrincipal());
        final List<String> arrayList2 = new ArrayList<>(securityMap.getUserGroup());
        if (this.removePrincipals != null) {
            boolean z = true;
            String str5 = null;
            Iterator<String> it3 = this.removePrincipals.iterator();
            while (true) {
                if (!it3.hasNext()) {
                    break;
                }
                String next = it3.next();
                if (!arrayList.contains(next)) {
                    z = false;
                    str5 = next;
                    break;
                }
            }
            if (!z) {
                actionReport.setMessage(localStrings.getLocalString("update.connector.security.map.principal_does_not_exists", "The principal {0} that you want to delete does not exist in connector connection pool {1}. Please give a valid principal name.", str5, this.poolName));
                actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
                return;
            }
        }
        if (this.removeUserGroups != null) {
            boolean z2 = true;
            String str6 = null;
            Iterator<String> it4 = this.removeUserGroups.iterator();
            while (true) {
                if (!it4.hasNext()) {
                    break;
                }
                String next2 = it4.next();
                if (!arrayList2.contains(next2)) {
                    z2 = false;
                    str6 = next2;
                    break;
                }
            }
            if (!z2) {
                actionReport.setMessage(localStrings.getLocalString("update.connector.security.map.usergroup_does_not_exists", "The usergroup {0} that you want to delete does not exist in connector connection pool {1}. Please give a valid user-group name.", str6, this.poolName));
                actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
                return;
            }
        }
        if (this.addPrincipals == null && this.addUserGroups == null) {
            boolean z3 = false;
            boolean z4 = false;
            if (this.removePrincipals == null && arrayList.isEmpty()) {
                z3 = true;
            }
            if (this.removeUserGroups == null && arrayList2.isEmpty()) {
                z4 = true;
            }
            if (this.removePrincipals != null && this.removePrincipals.size() == arrayList.size()) {
                z3 = true;
            }
            if (this.removeUserGroups != null && this.removeUserGroups.size() == arrayList2.size()) {
                z4 = true;
            }
            if (z4 && z3) {
                actionReport.setMessage(localStrings.getLocalString("update.connector.security.map.principals_usergroups_will_be_null", "The values in your command will delete all principals and usergroups. You cannot delete all principals and usergroups. Atleast one of them must exist."));
                actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
                return;
            }
        }
        if (this.addPrincipals != null) {
            for (String str7 : this.addPrincipals) {
                if (arrayList.contains(str7)) {
                    actionReport.setMessage(localStrings.getLocalString("create.connector.security.map.principal_exists", "The principal {0} already exists in connector connection pool {1}. Please give a different principal name.", str7, this.poolName));
                    actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
                    return;
                }
                arrayList.add(str7);
            }
        }
        if (this.removePrincipals != null) {
            Iterator<String> it5 = this.removePrincipals.iterator();
            while (it5.hasNext()) {
                arrayList.remove(it5.next());
            }
        }
        if (this.addUserGroups != null) {
            for (String str8 : this.addUserGroups) {
                if (arrayList2.contains(str8)) {
                    actionReport.setMessage(localStrings.getLocalString("create.connector.security.map.usergroup_exists", "The user-group {0} already exists in connector connection pool {1}. Please give a different user-group name.", str8, this.poolName));
                    actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
                    return;
                }
                arrayList2.add(str8);
            }
        }
        if (this.removeUserGroups != null) {
            Iterator<String> it6 = this.removeUserGroups.iterator();
            while (it6.hasNext()) {
                arrayList2.remove(it6.next());
            }
        }
        if (hasOnlyPrincipalsOrOnlyUserGroups(actionReport, arrayList, arrayList2)) {
            try {
                ConfigSupport.apply(new ConfigCode() { // from class: org.glassfish.connectors.admin.cli.UpdateConnectorSecurityMap.1
                    @Override // org.jvnet.hk2.config.ConfigCode
                    public Object run(ConfigBeanProxy... configBeanProxyArr) throws PropertyVetoException, TransactionFailure {
                        SecurityMap securityMap2 = (SecurityMap) configBeanProxyArr[0];
                        BackendPrincipal backendPrincipal = (BackendPrincipal) configBeanProxyArr[1];
                        if (arrayList != null) {
                            securityMap2.getPrincipal().clear();
                            Iterator it7 = arrayList.iterator();
                            while (it7.hasNext()) {
                                securityMap2.getPrincipal().add((String) it7.next());
                            }
                        }
                        if (arrayList2 != null) {
                            securityMap2.getUserGroup().clear();
                            Iterator it8 = arrayList2.iterator();
                            while (it8.hasNext()) {
                                securityMap2.getUserGroup().add((String) it8.next());
                            }
                        }
                        if (UpdateConnectorSecurityMap.this.mappedusername != null && !UpdateConnectorSecurityMap.this.mappedusername.isEmpty()) {
                            backendPrincipal.setUserName(UpdateConnectorSecurityMap.this.mappedusername);
                        }
                        if (UpdateConnectorSecurityMap.this.mappedpassword != null) {
                            if (UpdateConnectorSecurityMap.this.mappedpassword.isEmpty()) {
                                backendPrincipal.setPassword(null);
                            } else {
                                backendPrincipal.setPassword(UpdateConnectorSecurityMap.this.mappedpassword);
                            }
                        }
                        return securityMap2;
                    }
                }, securityMap, securityMap.getBackendPrincipal());
                actionReport.setActionExitCode(ActionReport.ExitCode.SUCCESS);
            } catch (TransactionFailure e) {
                actionReport.setMessage(localStrings.getLocalString("update.connector.security.map.fail", "Unable to update security map {0} for connector connection pool {1}.", this.securityMapName, this.poolName) + " " + e.getLocalizedMessage());
                actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
                actionReport.setFailureCause(e);
            }
        }
    }

    private boolean hasOnlyPrincipalsOrOnlyUserGroups(ActionReport actionReport, List<String> list, List<String> list2) {
        if (list.isEmpty() && this.addPrincipals != null) {
            actionReport.setMessage(localStrings.getLocalString("update.connector.security.map.addPrincipalToExistingUserGroupsWorkSecurityMap", "Failed to add principals to a security map with user groups."));
            actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
            return false;
        }
        if (!list2.isEmpty() || this.addUserGroups == null) {
            return true;
        }
        actionReport.setMessage(localStrings.getLocalString("update.connector.security.map.addUserGroupsToExistingPrincipalsWorkSecurityMap", "Failed to add user groups to a security map with principals."));
        actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return false;
    }
}
