package org.apache.jackrabbit.oak.spi.security.authentication.external.impl;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import javax.jcr.ValueFormatException;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.ConfigurationPolicy;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContext;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(policy = ConfigurationPolicy.REQUIRE)
/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DefaultSyncHandler.class */
public class DefaultSyncHandler implements SyncHandler {
    private static final Logger log = LoggerFactory.getLogger(DefaultSyncHandler.class);
    private DefaultSyncConfig config;

    /* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DefaultSyncHandler$ContextImpl.class */
    private class ContextImpl implements SyncContext {
        private final ExternalIdentityProvider idp;
        private final UserManager userManager;
        private final Root root;
        private final ValueFactory valueFactory;

        private ContextImpl(ExternalIdentityProvider externalIdentityProvider, UserManager userManager, Root root) {
            this.idp = externalIdentityProvider;
            this.userManager = userManager;
            this.root = root;
            this.valueFactory = new ValueFactoryImpl(root, NamePathMapper.DEFAULT);
        }

        @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContext
        public void close() {
        }

        @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContext
        public boolean sync(@Nonnull ExternalIdentity externalIdentity) throws SyncException {
            try {
                if (!(externalIdentity instanceof ExternalUser)) {
                    if (externalIdentity instanceof ExternalGroup) {
                        return false;
                    }
                    throw new IllegalArgumentException("identity must be user or group but was: " + externalIdentity);
                }
                User user = getUser(externalIdentity);
                if (user == null) {
                    createUser((ExternalUser) externalIdentity);
                    return true;
                }
                updateUser((ExternalUser) externalIdentity, user);
                return true;
            } catch (RepositoryException e) {
                throw new SyncException((Throwable) e);
            } catch (ExternalIdentityException e2) {
                throw new SyncException(e2);
            }
        }

        @CheckForNull
        private User getUser(@Nonnull ExternalIdentity externalIdentity) throws RepositoryException {
            Authorizable authorizable = this.userManager.getAuthorizable(externalIdentity.getId());
            if (authorizable == null) {
                authorizable = this.userManager.getAuthorizable(externalIdentity.getPrincipalName());
            }
            if (authorizable == null) {
                return null;
            }
            if (authorizable instanceof User) {
                return (User) authorizable;
            }
            DefaultSyncHandler.log.warn("unexpected authorizable: {}", authorizable);
            return null;
        }

        @CheckForNull
        private User createUser(ExternalUser externalUser) throws RepositoryException, SyncException, ExternalIdentityException {
            User createUser = this.userManager.createUser(externalUser.getId(), (String) null, new PrincipalImpl(externalUser.getPrincipalName()), DefaultSyncHandler.concatPaths(DefaultSyncHandler.this.config.user().getPathPrefix(), externalUser.getIntermediatePath()));
            syncAuthorizable(externalUser, createUser);
            return createUser;
        }

        @CheckForNull
        private Group createGroup(ExternalGroup externalGroup) throws RepositoryException, SyncException, ExternalIdentityException {
            Group createGroup = this.userManager.createGroup(externalGroup.getId(), new PrincipalImpl(externalGroup.getPrincipalName()), DefaultSyncHandler.concatPaths(DefaultSyncHandler.this.config.user().getPathPrefix(), externalGroup.getIntermediatePath()));
            syncAuthorizable(externalGroup, createGroup);
            return createGroup;
        }

        private void updateUser(ExternalUser externalUser, User user) throws RepositoryException, SyncException, ExternalIdentityException {
            syncAuthorizable(externalUser, user);
        }

        private void syncAuthorizable(ExternalIdentity externalIdentity, Authorizable authorizable) throws RepositoryException, SyncException, ExternalIdentityException {
            Iterator<ExternalIdentityRef> it = externalIdentity.getDeclaredGroups().iterator();
            while (it.hasNext()) {
                ExternalIdentity identity = this.idp.getIdentity(it.next());
                if (identity instanceof ExternalGroup) {
                    ExternalGroup externalGroup = (ExternalGroup) identity;
                    String id = externalGroup.getId();
                    Authorizable authorizable2 = this.userManager.getAuthorizable(id);
                    Group createGroup = authorizable2 == null ? createGroup(externalGroup) : authorizable2.isGroup() ? (Group) authorizable2 : null;
                    if (createGroup != null) {
                        createGroup.addMember(authorizable);
                    } else {
                        DefaultSyncHandler.log.debug("No such group " + id + "; Ignoring group membership.");
                    }
                }
            }
            Map<String, ?> properties = externalIdentity.getProperties();
            for (String str : properties.keySet()) {
                Object obj = properties.get(str);
                if (obj instanceof Collection) {
                    Value[] createValues = createValues((Collection) obj);
                    if (createValues != null) {
                        authorizable.setProperty(str, createValues);
                    }
                } else {
                    Value createValue = createValue(obj);
                    if (createValue != null) {
                        authorizable.setProperty(str, createValue);
                    }
                }
            }
        }

        @CheckForNull
        private Value createValue(Object obj) throws ValueFormatException {
            int type = getType(obj);
            if (type == 0) {
                return null;
            }
            return this.valueFactory.createValue(obj.toString(), type);
        }

        @CheckForNull
        private Value[] createValues(Collection<?> collection) throws ValueFormatException {
            ArrayList arrayList = new ArrayList();
            Iterator<?> it = collection.iterator();
            while (it.hasNext()) {
                Value createValue = createValue(it.next());
                if (createValue != null) {
                    arrayList.add(createValue);
                }
            }
            return (Value[]) arrayList.toArray(new Value[arrayList.size()]);
        }

        private int getType(Object obj) {
            return obj == null ? 0 : 1;
        }
    }

    public DefaultSyncHandler() {
    }

    public DefaultSyncHandler(DefaultSyncConfig defaultSyncConfig) {
        this.config = defaultSyncConfig;
    }

    @Activate
    private void activate(Map<String, Object> map) {
        this.config = DefaultSyncConfig.of(ConfigurationParameters.of(map));
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler
    @Nonnull
    public String getName() {
        return this.config.getName();
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler
    @Nonnull
    public SyncContext createContext(@Nonnull ExternalIdentityProvider externalIdentityProvider, @Nonnull UserManager userManager, @Nonnull Root root) throws SyncException {
        return new ContextImpl(externalIdentityProvider, userManager, root);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String concatPaths(String... strArr) {
        StringBuilder sb = new StringBuilder();
        for (String str : strArr) {
            if (str != null && !str.isEmpty()) {
                int i = 0;
                int length = str.length();
                while (i < length && str.charAt(i) == '/') {
                    i++;
                }
                while (length > i && str.charAt(length - 1) == '/') {
                    length--;
                }
                if (length > i) {
                    if (sb.length() > 0) {
                        sb.append('/');
                    }
                    sb.append(str.substring(i, length));
                }
            }
        }
        if (sb.length() == 0) {
            return null;
        }
        return sb.toString();
    }
}
