package com.supermap.services.security;

import ch.qos.logback.classic.ClassicConstants;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.TypeReference;
import com.alibaba.fastjson.parser.Feature;
import com.supermap.server.config.ComponentSetting;
import com.supermap.server.config.ComponentSettingSet;
import com.supermap.server.config.IportalSetting;
import com.supermap.server.config.ProviderSetting;
import com.supermap.server.config.ProviderSettingSet;
import com.supermap.server.config.SQLSecurityInfoStorageSetting;
import com.supermap.server.config.SecurityInfoStorageSetting;
import com.supermap.server.config.SecuritySetting;
import com.supermap.server.config.ServerConfiguration;
import com.supermap.server.config.SessionSetting;
import com.supermap.services.components.commontypes.AuthorizeSetting;
import com.supermap.services.components.commontypes.Page;
import com.supermap.services.event.SimpleEventHelper;
import com.supermap.services.providers.InvalidLicenseException;
import com.supermap.services.providers.LicenseChecker;
import com.supermap.services.rest.resources.SecurityManageResource;
import com.supermap.services.security.storages.ConnectionException;
import com.supermap.services.security.storages.DefaultStorageFactory;
import com.supermap.services.security.storages.SQLStorage;
import com.supermap.services.security.storages.Storage;
import com.supermap.services.security.storages.StorageFactory;
import com.supermap.services.security.storages.StorageSettingValidException;
import com.supermap.services.security.storages.StorageStateObserver;
import com.supermap.services.security.storages.StorageStatusListener;
import com.supermap.services.security.storages.SwitchException;
import com.supermap.services.util.LogUtil;
import com.supermap.services.util.ProductTypeUtil;
import com.supermap.services.util.ResourceManager;
import io.buji.pac4j.filter.CallbackFilter;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.regex.Pattern;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.credential.DefaultPasswordService;
import org.apache.shiro.authc.credential.PasswordService;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.ini4j.Ini;
import org.ini4j.InvalidFileFormatException;
import org.ini4j.Profile;
import org.pac4j.oidc.client.KeycloakOidcClient;
import org.slf4j.cal10n.LocLogger;

/* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/services/security/Manager.class */
public class Manager implements UsernamePasswordRealmListener, StorageStatusListener {
    private static final ResourceManager b = new ResourceManager("resource.securityManageResources");
    private static final LocLogger c = LogUtil.getLocLogger(Manager.class, b);
    private static final String[] d = {"ADMIN", "PUBLISHER", "PORTAL_USER", "USER", SecurityConstants.ROLE_PORTAL_VIEWER, SecurityConstants.ROLE_DATA_CENTER, SecurityConstants.ROLE_NO_PW};
    private static volatile Manager e;
    ServerConfiguration a;
    private Map<String, UserGroup> f;
    private Map<String, Role> g;
    private List<SecurityEnabledListener> h;
    private CreateAdminUserListener i;
    private Ini j;
    private PasswordService k;
    private boolean l;
    private ReentrantReadWriteLock m;
    private Lock n;
    private Lock o;
    private CasConfigUtils p;
    private AtomicInteger q;
    private SecurityInfoDAO r;
    private List<Role> s;
    private File t;
    private ServiceBeanPermissionDAO u;
    private UsernamePasswordRealmListener v;
    private SecuritySetting w;
    private StorageFactory x;
    private SessionManagerFactory y;
    private Storage z;
    private DefaultWebSecurityManager A;
    private boolean B;
    private SecurityQuery C;
    private CallbackFilter D;
    private static final String E = "/security/login";
    private static final String F = "/login";
    private static final String G = "/../keycloak-login";

    /* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/services/security/Manager$CreateAdminUserListener.class */
    public interface CreateAdminUserListener {
        void adminUserCreated();
    }

    /* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/services/security/Manager$StringArrayCompartor.class */
    static class StringArrayCompartor {
        List<String> a;
        List<String> b;
        List<String> c = new ArrayList();
        List<String> d = new ArrayList();

        StringArrayCompartor(String[] strArr, String[] strArr2) {
            this.a = strArr != null ? Arrays.asList(strArr) : new ArrayList<>();
            this.b = strArr2 != null ? Arrays.asList(strArr2) : new ArrayList<>();
        }

        public void executeCompare() {
            if (CollectionUtils.isEmpty(this.a)) {
                this.c.addAll(this.b);
                return;
            }
            if (CollectionUtils.isEmpty(this.b)) {
                this.d.addAll(this.a);
                return;
            }
            ArrayList<String> arrayList = new ArrayList();
            arrayList.addAll(this.a);
            arrayList.addAll(this.b);
            for (String str : arrayList) {
                if (!this.a.contains(str)) {
                    this.c.add(str);
                }
                if (!this.b.contains(str)) {
                    this.d.add(str);
                }
            }
        }

        List<String> a() {
            return this.c;
        }

        List<String> b() {
            return this.d;
        }
    }

    public Manager() {
        this.h = new ArrayList();
        this.i = (CreateAdminUserListener) SimpleEventHelper.createDelegate(CreateAdminUserListener.class);
        this.k = new DefaultPasswordService();
        this.m = new ReentrantReadWriteLock();
        this.n = this.m.readLock();
        this.o = this.m.writeLock();
        this.q = new AtomicInteger(0);
        this.x = new DefaultStorageFactory();
        this.y = new DefaultSessionManagerFactory();
        this.B = true;
        this.C = null;
    }

    public Manager(File file, SecuritySetting securitySetting, DefaultWebSecurityManager defaultWebSecurityManager) {
        this();
        this.t = file;
        this.w = securitySetting;
        this.A = defaultWebSecurityManager;
        this.B = securitySetting.cacheInfoToMemory;
        if (this.B) {
            this.C = new QueryFromMemory();
        } else {
            this.C = new QueryFromDB();
        }
    }

    public static void setInstance(Manager manager) {
        e = manager;
    }

    public static Manager getInstance() {
        return e;
    }

    public File getIniFile() {
        return this.t;
    }

    public void setIniFile(File file) {
        this.t = file;
    }

    public SecuritySetting getSetting() {
        return this.w;
    }

    public void setSetting(SecuritySetting securitySetting) {
        this.w = securitySetting;
    }

    public void setCacheSecurityInfoToMemory(boolean z) {
        this.B = z;
    }

    public boolean getCacheSecurityInfoToMemory() {
        return this.B;
    }

    public void setSecurityQuery(SecurityQuery securityQuery) {
        this.C = securityQuery;
    }

    private static void a(Role role, RolePermissions rolePermissions) {
        role.permissions = rolePermissions;
    }

    public AtomicInteger getIportalLicenseUserCount() {
        return this.q;
    }

    public void setIportalLicenseUserCount(AtomicInteger atomicInteger) {
        this.q = atomicInteger;
    }

    public static boolean occupyIportalLicenseCount(User user) {
        String string = ((JSONObject) JSON.toJSON(user)).getString("type");
        return (string == null || string.equals("CREATOR")) && !ArrayUtils.contains(user.roles, "SYSTEM");
    }

    private static User a(User user) {
        User copy = user.copy();
        if (!StringUtils.equals(user.name, SecurityConstants.USER_GUEST) && !ArrayUtils.contains(user.roles, "USER")) {
            copy.roles = (String[]) ArrayUtils.add(user.roles, "USER");
        }
        return copy;
    }

    private static void a(User user, User user2) {
        if (user.isRole("SYSTEM")) {
            if (user2 == null) {
                throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_CHECKSYSTEMUSER_REMOVE_SYSTEMUSER, user.name));
            }
            if (user2.expirationTime != null) {
                throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_CHECKSYSTEMUSER_ALTER_SYSTEMUSER, user.name));
            }
            if (!StringUtils.equals(user.name, user2.name) || !Arrays.equals(user.roles, user2.roles)) {
                throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_CHECKSYSTEMUSER_ALTER_SYSTEMUSER, user.name));
            }
        }
    }

    private static void b(String str) {
        if (ArrayUtils.contains(d, str)) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_REMOVE_ROLE_ASSERTNOT_DEFAULT, str));
        }
    }

    private static Ini a(File file) {
        Ini ini = null;
        try {
            ini = new Ini();
            ini.getConfig().setComment(false);
            ini.setFile(file);
            ini.load();
        } catch (InvalidFileFormatException e2) {
            c.warn(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_LOADINI_SHIRO_CONFIGFILE_FORMATEXCEPTION, file.getAbsolutePath(), e2.getMessage()));
            c.debug(e2.getMessage(), e2);
        } catch (IOException e3) {
            c.warn(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_LOADINI_SHIRO_CONFIGFILE_IOEXCEPTION, file.getAbsolutePath(), e3.getMessage()));
            c.debug(e3.getMessage(), e3);
        }
        return ini;
    }

    private static void a(Object obj, String str) {
        if (obj == null) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_ASSERTNOTNULL_PARAM_NULL, str));
        }
    }

    public void dispose() {
        if (this.r != null) {
            this.r.dispose();
        }
        if (this.u != null) {
            this.u.dispose();
        }
    }

    public void resetAdminUser(User user) {
        User systemUser = getSystemUser();
        try {
            this.o.lock();
            User a = a(user);
            if (systemUser == null) {
                a(a, (String) null, (String) null);
            } else {
                this.r.alterUser(systemUser.name, a);
            }
            reloadSecurityInfoFromDAO();
            this.o.unlock();
        } catch (Throwable th) {
            this.o.unlock();
            throw th;
        }
    }

    public SecurityInfoDAO getSecurityInfoDAO() {
        return this.r;
    }

    public void setSecurityInfoDAO(SecurityInfoDAO securityInfoDAO) {
        this.r = securityInfoDAO;
    }

    public void setBeanPermissionDAO(ServiceBeanPermissionDAO serviceBeanPermissionDAO) {
        this.u = serviceBeanPermissionDAO;
    }

    public void setServerConfiguration(ServerConfiguration serverConfiguration) {
        this.a = serverConfiguration;
    }

    public void reload(boolean z) throws ConnectionException {
        this.j = a(this.t);
        this.p = new CasConfigUtils();
        if (z) {
            reloadStorage();
        }
        reloadSecurityInfoFromDAO();
        this.l = f();
        resetSessionSetting(this.w.sessionSetting);
        e();
    }

    public void reload() throws ConnectionException {
        reload(true);
    }

    public void reloadStorage() throws ConnectionException {
        if (this.z != null) {
            this.z.dispose();
        }
        this.z = a();
        this.r.setStorage(this.z);
        this.u.setStorage(this.z);
        this.C.setStorage(this.z);
    }

    public void resetSessionSetting(SessionSetting sessionSetting) throws ConnectionException {
        SessionManager newInstance = this.y.newInstance(sessionSetting);
        if (newInstance == null) {
            throw new IllegalArgumentException("sesionManager null");
        }
        this.A.setSessionManager(newInstance);
        this.w.sessionSetting = sessionSetting;
    }

    private Storage a() throws ConnectionException {
        try {
            Storage a = a(this.w.storageSetting);
            addStorageListener(a);
            return a;
        } catch (StorageSettingValidException e2) {
            return null;
        }
    }

    public void addStorageListener(Storage storage) {
        if (storage instanceof StorageStateObserver) {
            ((StorageStateObserver) storage).addStorageListener(this);
            ((SQLStorage) storage).executionMonitor();
        }
    }

    public void resetStorageSetting(SecurityInfoStorageSetting securityInfoStorageSetting) throws StorageSettingValidException, ConnectionException, SwitchException {
        if (securityInfoStorageSetting == null) {
            throw new IllegalArgumentException("setting null");
        }
        if (securityInfoStorageSetting.equals(getSetting().storageSetting)) {
            return;
        }
        Storage a = a(securityInfoStorageSetting);
        addStorageListener(a);
        Storage storage = null;
        try {
            storage = this.r.getStorage();
            User systemUser = e.getSystemUser();
            this.r.setStorage(a);
            this.u.setStorage(a);
            this.C.setStorage(a);
            reloadSecurityInfoFromDAO();
            a(securityInfoStorageSetting, systemUser);
            this.w.storageSetting = securityInfoStorageSetting;
            if (storage != null) {
                storage.dispose();
            }
        } catch (Throwable th) {
            if (storage != null) {
                storage.dispose();
            }
            throw th;
        }
    }

    private void a(SecurityInfoStorageSetting securityInfoStorageSetting, User user) throws SwitchException {
        try {
            if (!(securityInfoStorageSetting instanceof SQLSecurityInfoStorageSetting)) {
                e.resetAdminUser(user);
            } else if (!((SQLSecurityInfoStorageSetting) securityInfoStorageSetting).isUseStoredAdmin()) {
                e.resetAdminUser(user);
            }
        } catch (Exception e2) {
            throw new SwitchException(b.getMessage((ResourceManager) SecurityManageResource.DATABASE_IS_LOCKED, new Object[0]), e2);
        }
    }

    public void rollBackStorage(SecurityInfoStorageSetting securityInfoStorageSetting) {
        Storage storage = null;
        try {
            try {
                Storage a = a(securityInfoStorageSetting);
                storage = this.r.getStorage();
                if (storage != null) {
                    this.r.setStorage(a);
                    this.u.setStorage(a);
                    this.C.setStorage(a);
                    reloadSecurityInfoFromDAO();
                }
                if (storage != null) {
                    storage.dispose();
                }
            } catch (Exception e2) {
                throw new IllegalArgumentException("rollBack Storage Exception");
            }
        } catch (Throwable th) {
            if (storage != null) {
                storage.dispose();
            }
            throw th;
        }
    }

    private Storage a(SecurityInfoStorageSetting securityInfoStorageSetting) throws StorageSettingValidException, ConnectionException {
        return this.x.newInstance(securityInfoStorageSetting);
    }

    public void reloadSecurityInfoFromDAO() {
        d();
        c();
        b();
    }

    private void b() {
        this.f = toMapByName(this.r.getGroups(0, 0).records);
    }

    private void c() {
        this.C.refreshUsers();
    }

    private void d() {
        Collection<Role> collection = this.r.getRoles(0, 0).records;
        String[] strArr = new String[collection.size()];
        int i = -1;
        Iterator<Role> it = collection.iterator();
        while (it.hasNext()) {
            i++;
            strArr[i] = it.next().name;
        }
        Map<String, RolePermissions> rolePermissions = this.u.getRolePermissions(strArr);
        for (Role role : collection) {
            RolePermissions rolePermissions2 = rolePermissions.get(role.name);
            if (rolePermissions2 == null) {
                rolePermissions2 = new RolePermissions();
                rolePermissions2.componentManagerPermissions = new MixedPermissions();
                rolePermissions2.instanceAccessPermissions = new MixedPermissions();
            }
            a(role, rolePermissions2);
        }
        this.g = toMapByName(collection);
        this.s = new ArrayList(this.g.values());
        this.s.remove(this.g.get("SYSTEM"));
    }

    public static <T extends Named> Map<String, T> toMapByName(Collection<T> collection) {
        HashMap hashMap = new HashMap();
        for (T t : collection) {
            hashMap.put(t.name, t);
        }
        hashMap.remove(SecurityConstants.ROLE_EVERYONE);
        hashMap.remove("SYSTEM_INTERFACE_VIEW");
        return hashMap;
    }

    public List<String> listUsers() {
        try {
            this.n.lock();
            return this.C.listUsers();
        } finally {
            this.n.unlock();
        }
    }

    public List<String> listUsers(String str, List<String> list, List<String> list2) {
        try {
            this.n.lock();
            List<String> listUsers = this.C.listUsers(str, list, list2);
            this.n.unlock();
            return listUsers;
        } catch (Throwable th) {
            this.n.unlock();
            throw th;
        }
    }

    public List<User> getAllUsers() {
        try {
            this.n.lock();
            c();
            return this.C.getAllUsers();
        } finally {
            this.n.unlock();
        }
    }

    public Page<User> getPageUsers(UserSearchParameter userSearchParameter) {
        try {
            this.n.lock();
            return this.C.getPageUsers(userSearchParameter);
        } finally {
            this.n.unlock();
        }
    }

    public int getUsersCount() {
        try {
            this.n.lock();
            return this.C.getUsersCount();
        } finally {
            this.n.unlock();
        }
    }

    public User getUser(String str) {
        a((Object) str, "userName");
        try {
            this.n.lock();
            return this.C.getUser(str);
        } finally {
            this.n.unlock();
        }
    }

    public void addUser(User user) {
        addUser(user, null, null);
    }

    public void addLdapUser(User user) {
        if (StringUtils.isNotBlank(user.password)) {
            user.password = this.k.encryptPassword(user.password);
        }
        a(user, (String) null, (String) null);
    }

    public void lockUser(String str, Long l) {
        a((Object) str, "userName");
        User user = getUser(str);
        if (user == null) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_USER_NOT_EXISTS, str));
        }
        if (user.isRole("SYSTEM")) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_CHECKUSE_LOCK_SYSTEMUSER, new Object[0]));
        }
        this.r.lockUser(str, l);
        c();
    }

    public void unlockUser(String str) {
        this.r.unlockUser(str);
        c();
    }

    public void addUser(User user, String str, String str2) {
        c(user);
        if (!user.password.matches("^.{4,18}$")) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_CHECKUSER_USER_PASSWORD_FORMAT_ERROR, new Object[0]));
        }
        user.password = this.k.encryptPassword(user.password);
        a(user, str, str2);
    }

    private void a(User user, String str, String str2) {
        try {
            this.o.lock();
            if (ProductTypeUtil.isPortal()) {
                if (StringUtils.equalsIgnoreCase(user.name, SecurityConstants.USER_GUEST) || StringUtils.equalsIgnoreCase(user.name, SecurityConstants.USER_SUPERMAP_CLOUD)) {
                    throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_CHECKUSER_BUILTIN_USER, user.name));
                }
                if (occupyIportalLicenseCount(user) && this.q.get() + 1 > LicenseChecker.getIPortalLicUserCount()) {
                    throw new InvalidLicenseException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_IPORTAL_USERCOUNT_LIC_ERROR, new Object[0]));
                }
            }
            if (getUser(user.name) != null) {
                throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_USER_EXISTS, user.name));
            }
            if (ArrayUtils.contains(user.roles, "SYSTEM") && !ArrayUtils.isEmpty(getRole("SYSTEM").users)) {
                throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_SYSTEM_USER_EXISTS, new Object[0]));
            }
            User user2 = user;
            if (!ProductTypeUtil.isPortal()) {
                user2 = a(user);
            }
            if (!StringUtils.isNotBlank(str) || str2 == null) {
                this.r.addUser(user2);
            } else {
                this.r.addOAuthUser(str, str2, user2);
            }
            if (ProductTypeUtil.isPortal() && occupyIportalLicenseCount(user)) {
                this.q.incrementAndGet();
            }
            reloadSecurityInfoFromDAO();
            this.o.unlock();
        } catch (Throwable th) {
            this.o.unlock();
            throw th;
        }
    }

    public void removeUser(String str) {
        a((Object) str, "userName");
        User user = getUser(str);
        if (user == null) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_USER_NOT_EXISTS, str));
        }
        a(user, (User) null);
        b(user);
    }

    private void b(User user) {
        try {
            this.o.lock();
            this.r.removeUsers(new String[]{user.name});
            this.C.removeUser(user.name);
            if (ProductTypeUtil.isPortal() && occupyIportalLicenseCount(user) && this.q.get() > 0) {
                this.q.decrementAndGet();
            }
            reloadSecurityInfoFromDAO();
        } finally {
            this.o.unlock();
        }
    }

    public void alterLdapUser(User user) {
        a(user, ClassicConstants.USER_MDC_KEY);
        String str = user.name;
        User user2 = getUser(str);
        if (user2 == null) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_USER_NOT_EXISTS, str));
        }
        if (StringUtils.isNotBlank(user.password)) {
            user.password = this.k.encryptPassword(user.password);
        }
        a(str, user, user2);
    }

    public void alterUser(String str, User user) {
        c(user);
        String str2 = user.password;
        User user2 = getUser(str);
        if (user2 == null) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_USER_NOT_EXISTS, str));
        }
        if (!ArrayUtils.contains(user2.roles, "SYSTEM") && user.roles != null && ArrayUtils.contains(user.roles, "SYSTEM")) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_CHECKUSER_ALTERUSER_ROLEHASSYSTEM, new Object[0]));
        }
        if (StringUtils.isEmpty(user.password)) {
            user.password = user2.password;
        } else if (!StringUtils.equals(user.password, user2.password)) {
            a(user.password);
            user.password = this.k.encryptPassword(user.password);
        }
        this.r.isSameAsFormPassword(user.name, str2);
        a(str, user, user2);
    }

    void a(String str) {
        Pattern compile = Pattern.compile("\\S*[A-Z]+\\S*");
        Pattern compile2 = Pattern.compile("\\S*[a-z]+\\S*");
        Pattern compile3 = Pattern.compile("\\S*[0-9]+\\S*");
        Pattern compile4 = Pattern.compile("\\S*[\\W_]+\\S*");
        Pattern compile5 = Pattern.compile("\\S{6,18}");
        int i = compile.matcher(str).matches() ? 1 : 0;
        int i2 = compile2.matcher(str).matches() ? 1 : 0;
        int i3 = compile3.matcher(str).matches() ? 1 : 0;
        int i4 = compile4.matcher(str).matches() ? 1 : 0;
        boolean matches = compile5.matcher(str).matches();
        if (i + i2 + i3 + i4 < 3 || !matches) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_CHECKUSER_USER_PASSWORD_FORMAT_ERROR, new Object[0]));
        }
    }

    private void a(String str, User user, User user2) {
        try {
            this.o.lock();
            if (ProductTypeUtil.isPortal() && (StringUtils.equalsIgnoreCase(user.name, SecurityConstants.USER_GUEST) || StringUtils.equalsIgnoreCase(user.name, SecurityConstants.USER_SUPERMAP_CLOUD))) {
                throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_CHECKUSER_BUILTIN_USER, user.name));
            }
            a(user2, user);
            User user3 = user;
            if (!ProductTypeUtil.isPortal()) {
                user3 = a(user);
            }
            this.r.alterUser(str, user3);
            reloadSecurityInfoFromDAO();
            this.o.unlock();
        } catch (Throwable th) {
            this.o.unlock();
            throw th;
        }
    }

    public void alterUserPassword(String str, String str2, String str3) {
        a((Object) str, "userName");
        a((Object) str2, "newPassword");
        User user = getUser(str);
        if (user == null) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_USER_NOT_EXISTS, str));
        }
        if (!this.k.passwordsMatch(str3, user.password)) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_ALTERUSERPASSWORD_ILLEGALARGUMENTEXCEPTION, new Object[0]));
        }
        User copy = user.copy();
        copy.password = str2;
        alterUser(str, copy);
    }

    public List<String> listRoles() {
        try {
            this.n.lock();
            ArrayList arrayList = new ArrayList();
            Iterator<Role> it = this.s.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().name);
            }
            return arrayList;
        } finally {
            this.n.unlock();
        }
    }

    public List<Role> getAllRoles() {
        try {
            this.n.lock();
            return new ArrayList(this.s);
        } finally {
            this.n.unlock();
        }
    }

    public Role getRole(String str) {
        try {
            this.n.lock();
            Role role = this.g.get(str);
            return role == null ? null : role.copy();
        } finally {
            this.n.unlock();
        }
    }

    public void addRole(Role role) {
        b(role);
        try {
            this.o.lock();
            if (getRole(role.name) != null) {
                throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_ROLE_EXISTS, role.name));
            }
            this.r.addRole(role);
            a(role);
            reloadSecurityInfoFromDAO();
        } finally {
            this.o.unlock();
        }
    }

    private void a(Role role) {
        LinkedList linkedList = new LinkedList();
        if (role.permissions != null) {
            if (role.permissions.componentManagerPermissions != null) {
                Set<String> permission = this.u.getPermission(null, null, Arrays.asList("SYSTEM_INTERFACE_VIEW"), null);
                HashSet hashSet = new HashSet(permission.size());
                for (String str : permission) {
                    if (StringUtils.startsWith(str, "interface:view:interface^")) {
                        hashSet.add(str.substring("interface:view:interface^".length()));
                    }
                }
                a((List<ServiceBeanPermission>) linkedList, role.name, role.permissions.componentManagerPermissions.permitted, true, (Set<String>) hashSet);
                a((List<ServiceBeanPermission>) linkedList, role.name, role.permissions.componentManagerPermissions.denied, false, (Set<String>) hashSet);
            }
            this.u.setRolePermissions(role.name, role.permissions, (ServiceBeanPermission[]) linkedList.toArray(new ServiceBeanPermission[linkedList.size()]));
        }
    }

    private void a(List<ServiceBeanPermission> list, String str, String[] strArr, boolean z, Set<String> set) {
        if (ArrayUtils.isEmpty(strArr)) {
            return;
        }
        for (String str2 : strArr) {
            ComponentSetting componentSetting = this.a.getComponentSetting(str2);
            if (componentSetting == null) {
                ComponentSettingSet componentSettingSet = this.a.getComponentSettingSet(str2);
                if (componentSettingSet != null) {
                    a(list, str, componentSettingSet, z, set);
                }
            } else {
                a(list, str, componentSetting, z, set);
            }
        }
    }

    private void a(List<ServiceBeanPermission> list, String str, ComponentSettingSet componentSettingSet, boolean z, Set<String> set) {
        list.add(z ? new ServiceBeanPermission().role(str).allowComponentSet(componentSettingSet.name) : new ServiceBeanPermission().role(str).denyComponentSet(componentSettingSet.name));
        if (componentSettingSet.settings == null) {
            return;
        }
        Iterator<ComponentSetting> it = componentSettingSet.settings.iterator();
        while (it.hasNext()) {
            a(list, str, it.next(), z, set);
        }
    }

    private void a(List<ServiceBeanPermission> list, String str, ComponentSetting componentSetting, boolean z, Set<String> set) {
        list.add(z ? new ServiceBeanPermission().role(str).allowComponent(componentSetting.name) : new ServiceBeanPermission().role(str).denyComponent(componentSetting.name));
        String[] split = StringUtils.split(componentSetting.interfaceNames, ',');
        Subject subject = ThreadContext.getSubject();
        if (!ArrayUtils.isEmpty(split)) {
            if (subject == null) {
                for (String str2 : split) {
                    ServiceBeanPermission role = new ServiceBeanPermission().role(str);
                    list.add(z ? role.allowInterface(str2) : role.denyInterface(str2));
                }
            } else {
                for (String str3 : split) {
                    if (!set.contains(str3)) {
                        ServiceBeanPermission role2 = new ServiceBeanPermission().role(str);
                        list.add(z ? role2.allowInterface(str3) : role2.denyInterface(str3));
                    }
                }
            }
        }
        String[] split2 = StringUtils.split(componentSetting.providers);
        if (ArrayUtils.isEmpty(split2)) {
            return;
        }
        for (String str4 : split2) {
            ProviderSettingSet providerSettingSet = this.a.getProviderSettingSet(str4);
            if (providerSettingSet != null) {
                list.add(z ? new ServiceBeanPermission().allowProviderSet(str4) : new ServiceBeanPermission().role(str).denyProviderSet(str4));
                if (providerSettingSet.settings != null) {
                    for (ProviderSetting providerSetting : providerSettingSet.settings) {
                        ServiceBeanPermission role3 = new ServiceBeanPermission().role(str);
                        list.add(z ? role3.allowProvider(providerSetting.name) : role3.denyProvider(providerSetting.name));
                    }
                }
            } else if (this.a.getProviderSetting(str4) != null) {
                list.add(z ? new ServiceBeanPermission().role(str).allowProvider(str4) : new ServiceBeanPermission().role(str).denyProvider(str4));
            }
        }
    }

    public void removeRole(String str) {
        a((Object) str, "roleName");
        b(str);
        if (getRole(str) == null) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_ROLE_NOT_EXISTS, str));
        }
        try {
            this.o.lock();
            this.r.removeRoles(new String[]{str});
            reloadSecurityInfoFromDAO();
        } finally {
            this.o.unlock();
        }
    }

    public void alterRole(String str, Role role) {
        b(role);
        a(str, role.users);
        try {
            this.o.lock();
            if (getRole(str) == null) {
                throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_ROLE_NOT_EXISTS, str));
            }
            this.r.alterRole(str, role);
            a(role);
            reloadSecurityInfoFromDAO();
            this.o.unlock();
        } catch (Throwable th) {
            this.o.unlock();
            throw th;
        }
    }

    private void a(String str, String[] strArr) {
        boolean existSystemUser = this.C.existSystemUser(strArr);
        if (("ADMIN".equalsIgnoreCase(str) && !existSystemUser) || (!"ADMIN".equalsIgnoreCase(str) && existSystemUser)) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_CHECKUSERROLE_ALTERROLE_SYSTEMUSER, new Object[0]));
        }
    }

    public List<String> listUrlRules() {
        throw new UnsupportedOperationException();
    }

    public UrlRule getUrlRule(String str) {
        throw new UnsupportedOperationException();
    }

    public void addUrlRule(UrlRule urlRule) {
        throw new UnsupportedOperationException();
    }

    public void removeUrlRule(String str) {
        throw new UnsupportedOperationException();
    }

    public void alterUrlRule(String str, UrlRule urlRule) {
        throw new UnsupportedOperationException();
    }

    public boolean isSecurityEnabled() {
        return this.l;
    }

    public void setSecurityEnabled(boolean z) {
        try {
            this.o.lock();
            this.l = z;
            Profile.Section g = g();
            g.put("config", Config.class.getCanonicalName());
            g.put("config.enabled", Boolean.valueOf(z));
            e();
            for (SecurityEnabledListener securityEnabledListener : this.h) {
                if (securityEnabledListener != null) {
                    try {
                        securityEnabledListener.onEnabledModified(z);
                    } catch (Exception e2) {
                        c.debug(e2.getMessage(), e2);
                    }
                }
            }
        } finally {
            this.o.unlock();
        }
    }

    public void refreshSecurityEnabled() {
        if (this.t != null) {
            this.j = a(this.t);
            this.l = f();
            for (SecurityEnabledListener securityEnabledListener : this.h) {
                if (securityEnabledListener != null) {
                    try {
                        securityEnabledListener.onEnabledModified(this.l);
                    } catch (Exception e2) {
                        c.debug(e2.getMessage(), e2);
                    }
                }
            }
        }
    }

    public void addSecurityEnabledListener(SecurityEnabledListener securityEnabledListener) {
        a(securityEnabledListener, "listener");
        try {
            this.n.lock();
            this.h.add(securityEnabledListener);
        } finally {
            this.n.unlock();
        }
    }

    public void removeSecurityEnabledListener(SecurityEnabledListener securityEnabledListener) {
        a(securityEnabledListener, "listener");
        try {
            this.n.lock();
            this.h.remove(securityEnabledListener);
        } finally {
            this.n.unlock();
        }
    }

    public boolean isAdminExistsOrNot() {
        return getSystemUser() != null;
    }

    public User getSystemUser() {
        try {
            this.n.lock();
            return this.C.getSystemUser();
        } finally {
            this.n.unlock();
        }
    }

    public void addAdminUser(String str, String str2) {
        try {
            User user = new User();
            user.name = str;
            user.password = str2;
            user.roles = new String[]{"ADMIN", "SYSTEM"};
            addUser(user);
            this.i.adminUserCreated();
        } catch (Throwable th) {
            this.i.adminUserCreated();
            throw th;
        }
    }

    public void addCreateAdminUserListener(CreateAdminUserListener createAdminUserListener) {
        SimpleEventHelper.addListener(this.i, createAdminUserListener);
    }

    private void e() {
        try {
            this.j.store();
        } catch (IOException e2) {
            c.warn(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_STOREINI_IOEXCEPTION, new Object[0]), e2);
        }
    }

    private void c(User user) {
        a(user, ClassicConstants.USER_MDC_KEY);
        if (user.name == null) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_CHECKUSER_USER_NAME_NULL, new Object[0]));
        }
        if (user.password == null) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_CHECKUSER_USER_PASSWORD_NULL, new Object[0]));
        }
    }

    private void b(Role role) {
        a(role, "role");
        if (role.name == null) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_CHECKROLE_ROLE_NAME_NULL, new Object[0]));
        }
        if ("SYSTEM".equals(role.name)) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_CHECKROLE_ROLE_NOT_SYSTEM, new Object[0]));
        }
    }

    public String generateUUID() {
        return UUID.randomUUID().toString();
    }

    private boolean f() {
        return "true".equalsIgnoreCase((String) g().get("config.enabled"));
    }

    private String a(String str, String str2) {
        String str3 = (String) g().get(str);
        if (StringUtils.isBlank(str3)) {
            str3 = str2;
        }
        return str3;
    }

    private Profile.Section g() {
        Profile.Section section = (Profile.Section) this.j.get("main");
        if (section == null) {
            section = this.j.add("main");
        }
        return section;
    }

    @Deprecated
    public List<String> listRolesByInstance(String str) {
        return Collections.emptyList();
    }

    public List<String> listRolesByNotInstance(String str) {
        ArrayList arrayList = new ArrayList();
        for (Role role : this.g.values()) {
            if (!role.name.equals("ADMIN")) {
                arrayList.add(role.name);
            }
        }
        return arrayList;
    }

    public void updateInstanceAuthorisation(String str, AuthorizeSetting authorizeSetting) {
        AuthorizeSetting authorizeSetting2;
        this.o.lock();
        try {
            String[] strArr = (String[]) ArrayUtils.addAll(authorizeSetting.deniedRoles, authorizeSetting.permittedRoles);
            if (ArrayUtils.isEmpty(strArr)) {
                authorizeSetting2 = authorizeSetting;
            } else {
                boolean[] isRolesExist = this.r.isRolesExist(strArr);
                HashSet hashSet = new HashSet(strArr.length);
                for (int i = 0; i < isRolesExist.length; i++) {
                    if (!isRolesExist[i]) {
                        hashSet.add(strArr[i]);
                    }
                }
                String[] strArr2 = (String[]) hashSet.toArray(new String[hashSet.size()]);
                authorizeSetting2 = new AuthorizeSetting(authorizeSetting);
                authorizeSetting2.deniedRoles = (String[]) ArrayUtils.removeElements(authorizeSetting2.deniedRoles, strArr2);
                authorizeSetting2.permittedRoles = (String[]) ArrayUtils.removeElements(authorizeSetting2.permittedRoles, strArr2);
            }
            this.u.updateInstanceAuthorisation(str, authorizeSetting2);
            d();
            this.o.unlock();
        } catch (Throwable th) {
            this.o.unlock();
            throw th;
        }
    }

    public void deleteInstanceAuthorisation(String... strArr) {
        if (strArr.length < 1) {
            return;
        }
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr2.length; i++) {
            strArr2[i] = SecurityConstants.RESOURCE_PREFIX_SERVICE + strArr[i];
        }
        try {
            this.o.lock();
            this.u.removeInstances(strArr);
            d();
            this.o.unlock();
        } catch (Throwable th) {
            this.o.unlock();
            throw th;
        }
    }

    public Map<String, AuthorizeSetting> getInstanceAuthorisations(String... strArr) {
        if (ArrayUtils.isEmpty(strArr)) {
            return Collections.emptyMap();
        }
        Map<String, AuthorizeSetting> instanceAuthorisations = this.u.getInstanceAuthorisations();
        HashSet hashSet = new HashSet(instanceAuthorisations.keySet());
        hashSet.removeAll(Arrays.asList(strArr));
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            instanceAuthorisations.remove((String) it.next());
        }
        return Collections.unmodifiableMap(instanceAuthorisations);
    }

    public AuthorizeSetting getInstanceAuthorisation(String str) {
        return this.u.getInstanceAuthorisations().get(str);
    }

    @Deprecated
    public Map<String, AuthorizeSetting> getInstanceAuthorisations() {
        return this.u.getInstanceAuthorisations();
    }

    public PasswordService getPasswordService() {
        return this.k;
    }

    public void updateCasConfig(CasConfig casConfig) {
        this.o.lock();
        try {
            Profile.Section g = g();
            g.put("casRealm.enabled", Boolean.valueOf(casConfig.enabled));
            g.put("casRealm.reserveSystemAccount", Boolean.valueOf(casConfig.reserveSystemAccount));
            g.put("casRealm.casServerUrlPrefix", casConfig.serverUrlPrefix);
            g.put("casRealm.casService", casConfig.service);
            String b2 = this.p.b(g);
            if (StringUtils.isNotBlank(casConfig.attributeName) && !b2.equalsIgnoreCase(casConfig.attributeName)) {
                this.p.a(g, casConfig.attributeName.trim());
            }
            e();
            this.o.unlock();
        } catch (Throwable th) {
            this.o.unlock();
            throw th;
        }
    }

    public List<CasRule> getCasRules() {
        ArrayList arrayList = new ArrayList();
        this.n.lock();
        try {
            for (Map.Entry<String, List<String>> entry : this.p.a(g()).entrySet()) {
                CasRule casRule = new CasRule();
                casRule.attributeValue = entry.getKey();
                casRule.roles = entry.getValue();
                arrayList.add(casRule);
            }
            return arrayList;
        } finally {
            this.n.unlock();
        }
    }

    public void deleteCasAttributeRules(List<String> list) {
        if (CollectionUtils.isEmpty(list)) {
            return;
        }
        this.o.lock();
        try {
            Profile.Section g = g();
            Map<String, List<String>> a = this.p.a(g);
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                a.remove(it.next());
            }
            this.p.a(g, a);
            e();
            this.o.unlock();
        } catch (Throwable th) {
            this.o.unlock();
            throw th;
        }
    }

    public void addCasAttributeRule(CasRule casRule) {
        if (casRule == null) {
            return;
        }
        this.o.lock();
        try {
            Profile.Section g = g();
            Map<String, List<String>> a = this.p.a(g);
            if (a.containsKey(casRule.attributeValue)) {
                throw new IllegalStateException("已经存在" + casRule.attributeValue + "对应的角色信息。");
            }
            a.put(casRule.attributeValue, casRule.roles);
            this.p.a(g, a);
            e();
            this.o.unlock();
        } catch (Throwable th) {
            this.o.unlock();
            throw th;
        }
    }

    public void updataCasRules(CasRuleUpdateParameter casRuleUpdateParameter) {
        if (casRuleUpdateParameter == null || CollectionUtils.isEmpty(casRuleUpdateParameter.attributeValues)) {
            return;
        }
        this.o.lock();
        try {
            Profile.Section g = g();
            Map<String, List<String>> a = this.p.a(g);
            for (String str : casRuleUpdateParameter.attributeValues) {
                if (a.containsKey(str)) {
                    a.put(str, casRuleUpdateParameter.roles);
                }
            }
            this.p.a(g, a);
            e();
            this.o.unlock();
        } catch (Throwable th) {
            this.o.unlock();
            throw th;
        }
    }

    public List<String> listUserGroups() {
        try {
            this.n.lock();
            ArrayList arrayList = new ArrayList(this.f.keySet());
            arrayList.remove(SecurityConstants.GROUP_LDAP_AUTHORIZED);
            return arrayList;
        } finally {
            this.n.unlock();
        }
    }

    public void alterUserGroup(String str, UserGroup userGroup) {
        a(userGroup);
        try {
            this.o.lock();
            if (getUserGroup(str) == null) {
                throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_USERGROUP_NOT_EXISTS, str));
            }
            this.r.alterUserGroup(str, userGroup);
            reloadSecurityInfoFromDAO();
            this.o.unlock();
        } catch (Throwable th) {
            this.o.unlock();
            throw th;
        }
    }

    public void removeUserGroup(String str) {
        a((Object) str, "userGroupName");
        try {
            this.o.lock();
            if (getUserGroup(str) == null) {
                throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_USERGROUP_NOT_EXISTS, str));
            }
            this.r.removeUserGroups(new String[]{str});
            reloadSecurityInfoFromDAO();
        } finally {
            this.o.unlock();
        }
    }

    public void addUserGroup(UserGroup userGroup) {
        a(userGroup);
        try {
            this.o.lock();
            if (getUserGroup(userGroup.name) != null) {
                throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_USERGROUP_EXISTS, userGroup.name));
            }
            this.r.addUserGroup(userGroup);
            reloadSecurityInfoFromDAO();
        } finally {
            this.o.unlock();
        }
    }

    public List<UserGroup> getAllUserGroup() {
        try {
            this.n.lock();
            ArrayList arrayList = new ArrayList(this.f.values());
            arrayList.remove(this.f.get(SecurityConstants.GROUP_LDAP_AUTHORIZED));
            return arrayList;
        } finally {
            this.n.unlock();
        }
    }

    public UserGroup getUserGroup(String str) {
        a((Object) str, "userGroupName");
        try {
            this.n.lock();
            UserGroup userGroup = this.f.get(str);
            return userGroup == null ? null : userGroup.copy();
        } finally {
            this.n.unlock();
        }
    }

    private void a(UserGroup userGroup) {
        a(userGroup, "userGroup");
        if (userGroup.name == null) {
            throw new IllegalArgumentException(b.getMessage((ResourceManager) SecurityManageResource.MANAGER_CHECKROLE_USERGROUP_NAME_NULL, new Object[0]));
        }
    }

    public void refresh() {
        try {
            this.o.lock();
            reloadSecurityInfoFromDAO();
        } finally {
            this.o.unlock();
        }
    }

    @Override // com.supermap.services.security.UsernamePasswordRealmListener
    public void extendedUserAdded(String str, String str2, ExtendedUserInfo extendedUserInfo) {
        this.v.extendedUserAdded(str, str2, extendedUserInfo);
        refresh();
    }

    public void setExtendedUserStore(UsernamePasswordRealmListener usernamePasswordRealmListener) {
        this.v = usernamePasswordRealmListener;
    }

    @Override // com.supermap.services.security.storages.StorageStatusListener
    public void onStorageStatusChanged() {
        reloadSecurityInfoFromDAO();
    }

    protected void setSessionManagerFactory(SessionManagerFactory sessionManagerFactory) {
        this.y = sessionManagerFactory;
    }

    public void setCallbackFilter(CallbackFilter callbackFilter) {
        this.D = callbackFilter;
    }

    public KeycloakConfig getKeycloakConfig() {
        org.pac4j.core.config.Config config;
        KeycloakConfig keycloakConfig = null;
        if (this.D != null && (config = this.D.getConfig()) != null && config.getClients() != null) {
            KeycloakOidcClient keycloakOidcClient = null;
            try {
                keycloakOidcClient = (KeycloakOidcClient) config.getClients().findClient(KeycloakOidcClient.class);
            } catch (Exception e2) {
                c.debug(e2.getMessage(), e2);
            }
            if (keycloakOidcClient != null) {
                keycloakConfig = (KeycloakConfig) keycloakOidcClient.getConfiguration();
            }
        }
        if (keycloakConfig == null) {
            keycloakConfig = new KeycloakConfig();
        }
        return keycloakConfig;
    }

    public void updateKeycloakConfig(KeycloakConfig keycloakConfig) {
        a(keycloakConfig);
        b(keycloakConfig);
        setLoginUriEnvParam();
    }

    private void a(KeycloakConfig keycloakConfig) {
        this.o.lock();
        try {
            Profile.Section g = g();
            g.put("keycloakConfig.enable", Boolean.valueOf(keycloakConfig.isEnable()));
            g.put("keycloakConfig.baseUri", keycloakConfig.getBaseUri());
            g.put("keycloakConfig.realm", keycloakConfig.getRealm());
            g.put("keycloakConfig.clientId", keycloakConfig.getClientId());
            g.put("keycloakConfig.secret", keycloakConfig.getSecret());
            g.put("keycloakConfig.roleAttribute", keycloakConfig.getRoleAttribute());
            g.put("keycloakConfig.useNonce", true);
            g.put("keycloakConfig.maxClockSkew", Integer.valueOf(keycloakConfig.getMaxClockSkew()));
            g.put("keycloakConfig.logoutUrl", keycloakConfig.getLogoutUrl());
            e();
        } finally {
            this.o.unlock();
        }
    }

    private void b(KeycloakConfig keycloakConfig) {
        KeycloakConfig keycloakConfig2 = getKeycloakConfig();
        keycloakConfig2.setEnable(keycloakConfig.isEnable());
        keycloakConfig2.setBaseUri(keycloakConfig.getBaseUri());
        keycloakConfig2.setRealm(keycloakConfig.getRealm());
        keycloakConfig2.setClientId(keycloakConfig.getClientId());
        keycloakConfig2.setSecret(keycloakConfig.getSecret());
        keycloakConfig2.setRoleAttribute(keycloakConfig.getRoleAttribute());
        keycloakConfig2.setMaxClockSkew(keycloakConfig.getMaxClockSkew());
        keycloakConfig2.setLogoutUrl(keycloakConfig.getLogoutUrl());
    }

    public void updateKeycloakRoleMapping(Map<String, List<String>> map) {
        this.o.lock();
        try {
            g().put("keycloakConfig.roleMapping", JSON.toJSONString(map));
            e();
            getKeycloakConfig().setRoleMapping(JSON.toJSONString(map));
        } finally {
            this.o.unlock();
        }
    }

    public Map<String, List<String>> getKeycloakRoleMapper() {
        KeycloakConfig keycloakConfig = getKeycloakConfig();
        Map<String, List<String>> map = null;
        if (keycloakConfig != null) {
            try {
                map = (Map) JSON.parseObject(keycloakConfig.getRoleMapping(), new TypeReference<Map<String, List<String>>>() { // from class: com.supermap.services.security.Manager.1
                }, new Feature[0]);
            } catch (Exception e2) {
                c.warn(e2.getMessage(), e2);
            }
        }
        return map;
    }

    public void setLoginUriEnvParam() {
        System.setProperty("loginUri", getKeycloakConfig().isEnable() ? G : ProductTypeUtil.isPortal() ? F : E);
    }

    public IportalSetting getIportalSetting() {
        return this.a.getIportalSetting();
    }
}
