package com.marklogic.appdeployer.command.security;

import com.fasterxml.jackson.databind.ObjectReader;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.marklogic.appdeployer.command.AbstractResourceCommand;
import com.marklogic.appdeployer.command.CommandContext;
import com.marklogic.appdeployer.command.SortOrderConstants;
import com.marklogic.appdeployer.command.SupportsCmaCommand;
import com.marklogic.mgmt.PayloadParser;
import com.marklogic.mgmt.api.configuration.Configuration;
import com.marklogic.mgmt.api.configuration.Configurations;
import com.marklogic.mgmt.api.security.Role;
import com.marklogic.mgmt.api.security.RoleObjectNodesSorter;
import com.marklogic.mgmt.resource.ResourceManager;
import com.marklogic.mgmt.resource.security.RoleManager;
import com.marklogic.mgmt.util.ObjectMapperFactory;
import com.marklogic.mgmt.util.ObjectNodesSorter;
import com.marklogic.rest.util.ResourcesFragment;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/marklogic/appdeployer/command/security/DeployRolesCommand.class */
public class DeployRolesCommand extends AbstractResourceCommand implements SupportsCmaCommand {
    private Set<String> defaultRolesToNotUndeploy;
    private ObjectNodesSorter objectNodesSorter = new RoleObjectNodesSorter();
    private Map<String, String> roleNamesAndXmlPayloads = new HashMap();

    public DeployRolesCommand() {
        setExecuteSortOrder(SortOrderConstants.DEPLOY_ROLES.intValue());
        setUndoSortOrder(SortOrderConstants.DELETE_ROLES.intValue());
        setSupportsResourceMerging(true);
        setResourceIdPropertyName("role-name");
        setResourceClassType(Role.class);
        this.defaultRolesToNotUndeploy = new HashSet();
        this.defaultRolesToNotUndeploy.addAll(Arrays.asList("admin", "manage-admin", "security"));
    }

    @Override // com.marklogic.appdeployer.command.AbstractResourceCommand
    protected boolean useCmaForDeployingResources(CommandContext commandContext) {
        return true;
    }

    @Override // com.marklogic.appdeployer.command.SupportsCmaCommand
    public boolean cmaShouldBeUsed(CommandContext commandContext) {
        return true;
    }

    @Override // com.marklogic.appdeployer.command.SupportsCmaCommand
    public void addResourceToConfiguration(ObjectNode objectNode, Configuration configuration) {
        configuration.addRole(objectNode);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.marklogic.appdeployer.command.AbstractCommand
    public void deployConfiguration(CommandContext commandContext, Configuration configuration) {
        List<ObjectNode> roles = configuration.getRoles();
        if (roles == null || roles.isEmpty()) {
            return;
        }
        if (this.objectNodesSorter != null && roles.size() > 1) {
            this.logger.info("Sorting roles before they are saved");
            roles = this.objectNodesSorter.sortObjectNodes(roles);
            configuration.setRoles(roles);
        }
        if (commandContext.getAppConfig().getCmaConfig().isDeployRoles() && cmaEndpointExists(commandContext)) {
            submitRolesConfigurationViaCma(commandContext, configuration);
        } else {
            submitRolesIndividually(commandContext, roles);
        }
    }

    protected void submitRolesConfigurationViaCma(CommandContext commandContext, Configuration configuration) {
        submitConfigurationWithRolesThatReferenceThemselves(commandContext, configuration.getRoles());
        if (!commandContext.getAppConfig().getCmaConfig().isCombineRequests()) {
            super.deployConfiguration(commandContext, configuration);
        } else {
            this.logger.info("Adding roles to combined CMA request");
            commandContext.addCmaConfigurationToCombinedRequest(configuration);
        }
    }

    protected void submitRolesIndividually(CommandContext commandContext, List<ObjectNode> list) {
        RoleManager roleManager = new RoleManager(commandContext.getManageClient());
        findRolesThatReferenceThemselves(commandContext, list).forEach(role -> {
            roleManager.save(format("{\"role-name\":\"%s\"}", new Object[]{role.getRoleName()}));
        });
        list.forEach(objectNode -> {
            String asText = objectNode.get("role-name").asText();
            afterResourceSaved(roleManager, commandContext, null, saveResource(roleManager, commandContext, this.roleNamesAndXmlPayloads.containsKey(asText) ? this.roleNamesAndXmlPayloads.get(asText) : objectNode.toString()));
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.marklogic.appdeployer.command.AbstractCommand
    public String readResourceFromFile(CommandContext commandContext, File file) {
        String readResourceFromFile = super.readResourceFromFile(commandContext, file);
        if (!getPayloadParser().isJsonPayload(readResourceFromFile)) {
            this.roleNamesAndXmlPayloads.put(getPayloadParser().getPayloadFieldValue(readResourceFromFile, "role-name"), readResourceFromFile);
        }
        return readResourceFromFile;
    }

    protected void submitConfigurationWithRolesThatReferenceThemselves(CommandContext commandContext, List<ObjectNode> list) {
        List<Role> findRolesThatReferenceThemselves = findRolesThatReferenceThemselves(commandContext, list);
        if (findRolesThatReferenceThemselves.isEmpty()) {
            return;
        }
        Configuration configuration = new Configuration();
        findRolesThatReferenceThemselves.forEach(role -> {
            ObjectNode createObjectNode = ObjectMapperFactory.getObjectMapper().createObjectNode();
            createObjectNode.put("role-name", role.getRoleName());
            configuration.addRole(createObjectNode);
        });
        this.logger.info("Submitting CMA configuration containing roles that reference themselves and do not yet exist");
        new Configurations(configuration).submit(commandContext.getManageClient());
    }

    protected List<Role> findRolesThatReferenceThemselves(CommandContext commandContext, List<ObjectNode> list) {
        ObjectReader readerFor = ObjectMapperFactory.getObjectMapper().readerFor(Role.class);
        ArrayList arrayList = new ArrayList();
        ResourcesFragment asXml = new RoleManager(commandContext.getManageClient()).getAsXml();
        list.forEach(objectNode -> {
            try {
                Role role = (Role) readerFor.readValue(objectNode);
                if (role.hasPermissionWithOwnRoleName() && !asXml.resourceExists(role.getRoleName())) {
                    arrayList.add(role);
                }
            } catch (IOException e) {
                throw new RuntimeException("Unable to read ObjectNode into Role; node: " + objectNode, e);
            }
        });
        return arrayList;
    }

    @Override // com.marklogic.appdeployer.command.AbstractResourceCommand
    protected File[] getResourceDirs(CommandContext commandContext) {
        return findResourceDirs(commandContext, configDir -> {
            return configDir.getRolesDir();
        });
    }

    @Override // com.marklogic.appdeployer.command.AbstractResourceCommand
    protected ResourceManager getResourceManager(CommandContext commandContext) {
        return new RoleManager(commandContext.getManageClient());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.marklogic.appdeployer.command.AbstractResourceCommand
    public String adjustPayloadBeforeDeletingResource(ResourceManager resourceManager, CommandContext commandContext, File file, String str) {
        String payloadFieldValue = new PayloadParser().getPayloadFieldValue(str, "role-name", false);
        if (payloadFieldValue == null || this.defaultRolesToNotUndeploy == null || !this.defaultRolesToNotUndeploy.contains(payloadFieldValue)) {
            return super.adjustPayloadBeforeDeletingResource(resourceManager, commandContext, file, str);
        }
        this.logger.info(format("Not undeploying role '%s' because it's in the list of role names to not undeploy", new Object[]{payloadFieldValue}));
        return null;
    }

    public void setObjectNodesSorter(ObjectNodesSorter objectNodesSorter) {
        this.objectNodesSorter = objectNodesSorter;
    }

    public Set<String> getDefaultRolesToNotUndeploy() {
        return this.defaultRolesToNotUndeploy;
    }

    public void setDefaultRolesToNotUndeploy(Set<String> set) {
        this.defaultRolesToNotUndeploy = set;
    }
}
