package org.apache.jackrabbit.core.security.user;

import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.NoSuchElementException;
import java.util.Properties;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.Item;
import javax.jcr.ItemExistsException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.lock.LockException;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.version.VersionException;
import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.ItemImpl;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.ProtectedItemModifier;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.SessionListener;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.commons.name.NameConstants;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jackrabbit/core/security/user/UserManagerImpl.class */
public class UserManagerImpl extends ProtectedItemModifier implements UserManager, UserConstants, SessionListener {
    public static final String PARAM_COMPATIBILE_JR16 = "compatibleJR16";
    public static final String PARAM_DEFAULT_DEPTH = "defaultDepth";
    public static final String PARAM_AUTO_EXPAND_TREE = "autoExpandTree";
    public static final String PARAM_AUTO_EXPAND_SIZE = "autoExpandSize";
    private static final Logger log = LoggerFactory.getLogger(UserManagerImpl.class);
    private final SessionImpl session;
    private final String adminId;
    private final NodeResolver authResolver;
    private final IdResolver idResolver;
    private final boolean compatibleJR16;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/core/security/user/UserManagerImpl$AuthorizableIterator.class */
    public final class AuthorizableIterator implements Iterator {
        private final Set<String> served;
        private Authorizable next;
        private NodeIterator authNodeIter;

        private AuthorizableIterator(NodeIterator nodeIterator) {
            this.served = new HashSet();
            this.authNodeIter = nodeIterator;
            this.next = seekNext();
        }

        @Override // java.util.Iterator
        public boolean hasNext() {
            return this.next != null;
        }

        @Override // java.util.Iterator
        public Object next() {
            Authorizable authorizable = this.next;
            if (authorizable == null) {
                throw new NoSuchElementException();
            }
            this.next = seekNext();
            return authorizable;
        }

        @Override // java.util.Iterator
        public void remove() {
            throw new UnsupportedOperationException();
        }

        private Authorizable seekNext() {
            Authorizable createUser;
            while (this.authNodeIter.hasNext()) {
                NodeImpl nodeImpl = (NodeImpl) this.authNodeIter.nextNode();
                try {
                    if (!this.served.contains(nodeImpl.getUUID())) {
                        if (nodeImpl.isNodeType(UserConstants.NT_REP_USER)) {
                            createUser = UserManagerImpl.this.createUser(nodeImpl);
                        } else if (nodeImpl.isNodeType(UserConstants.NT_REP_GROUP)) {
                            createUser = UserManagerImpl.this.createGroup(nodeImpl);
                        } else {
                            UserManagerImpl.log.warn("Ignoring unexpected nodetype: " + nodeImpl.getPrimaryNodeType().getName());
                        }
                        this.served.add(nodeImpl.getUUID());
                        return createUser;
                    }
                    continue;
                } catch (RepositoryException e) {
                    UserManagerImpl.log.debug(e.getMessage());
                }
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/core/security/user/UserManagerImpl$IdResolver.class */
    public class IdResolver {
        private static final String DELIMITER = "/";
        private static final int DEFAULT_DEPTH = 2;
        private static final long DEFAULT_SIZE = 1000;
        private final int defaultDepth;
        private final boolean autoExpandTree;
        private final long autoExpandSize;

        private IdResolver(Properties properties) {
            int i = 2;
            boolean z = false;
            long j = 1000;
            if (properties != null) {
                if (properties.containsKey(UserManagerImpl.PARAM_DEFAULT_DEPTH)) {
                    try {
                        i = Integer.parseInt(properties.get(UserManagerImpl.PARAM_DEFAULT_DEPTH).toString());
                        if (i <= 0) {
                            UserManagerImpl.log.warn("Invalid defaultDepth '" + i + "' -> using default.");
                            i = 2;
                        }
                    } catch (NumberFormatException e) {
                        UserManagerImpl.log.warn("Unable to parse defaultDepth config parameter -> using default.", (Throwable) e);
                    }
                }
                z = properties.containsKey(UserManagerImpl.PARAM_AUTO_EXPAND_TREE) ? Boolean.parseBoolean(properties.get(UserManagerImpl.PARAM_AUTO_EXPAND_TREE).toString()) : z;
                if (properties.containsKey(UserManagerImpl.PARAM_AUTO_EXPAND_SIZE)) {
                    try {
                        j = Integer.parseInt(properties.get(UserManagerImpl.PARAM_AUTO_EXPAND_SIZE).toString());
                        if (z && j <= 0) {
                            UserManagerImpl.log.warn("Invalid autoExpandSize '" + j + "' -> using default.");
                            j = 1000;
                        }
                    } catch (NumberFormatException e2) {
                        UserManagerImpl.log.warn("Unable to parse autoExpandSize config parameter -> using default.", (Throwable) e2);
                    }
                }
            }
            this.defaultDepth = i;
            this.autoExpandTree = z;
            this.autoExpandSize = j;
        }

        public Node createUserNode(String str) throws RepositoryException {
            return createAuthorizableNode(str, false);
        }

        public Node createGroupNode(String str) throws RepositoryException {
            return createAuthorizableNode(str, true);
        }

        public Node findNode(String str, boolean z) throws RepositoryException {
            String defaultFolderPath = getDefaultFolderPath(str, z);
            String escapeIllegalJcrChars = Text.escapeIllegalJcrChars(str);
            if (!UserManagerImpl.this.session.nodeExists(defaultFolderPath)) {
                return null;
            }
            Node node = UserManagerImpl.this.session.getNode(defaultFolderPath);
            Name name = z ? UserConstants.NT_REP_GROUP : UserConstants.NT_REP_USER;
            int i = this.defaultDepth + 1;
            while (node != null) {
                if (node.hasNode(escapeIllegalJcrChars)) {
                    NodeImpl nodeImpl = (NodeImpl) node.getNode(escapeIllegalJcrChars);
                    if (nodeImpl.isNodeType(name)) {
                        return nodeImpl;
                    }
                    node = nodeImpl;
                } else {
                    Node node2 = node;
                    node = null;
                    if (str.length() >= i) {
                        String escapeIllegalJcrChars2 = Text.escapeIllegalJcrChars(str.substring(0, i));
                        if (node2.hasNode(escapeIllegalJcrChars2)) {
                            NodeImpl nodeImpl2 = (NodeImpl) node2.getNode(escapeIllegalJcrChars2);
                            if (nodeImpl2.isNodeType(UserConstants.NT_REP_AUTHORIZABLE_FOLDER)) {
                                node = nodeImpl2;
                            }
                        }
                    }
                }
                i++;
            }
            return null;
        }

        private Node createAuthorizableNode(String str, boolean z) throws RepositoryException {
            String escapeIllegalJcrChars = Text.escapeIllegalJcrChars(str);
            return UserManagerImpl.this.addNode((NodeImpl) createIntermediateFolderNodes(str, escapeIllegalJcrChars, createDefaultFolderNodes(str, escapeIllegalJcrChars, z)), UserManagerImpl.this.session.getQName(escapeIllegalJcrChars), z ? UserConstants.NT_REP_GROUP : UserConstants.NT_REP_USER);
        }

        private Node createDefaultFolderNodes(String str, String str2, boolean z) throws RepositoryException {
            NodeImpl nodeImpl;
            String defaultFolderPath = getDefaultFolderPath(str, z);
            if (UserManagerImpl.this.session.nodeExists(defaultFolderPath)) {
                nodeImpl = (NodeImpl) UserManagerImpl.this.session.getNode(defaultFolderPath);
            } else {
                String[] split = defaultFolderPath.split("/");
                nodeImpl = (NodeImpl) UserManagerImpl.this.session.getRootNode();
                String substring = UserConstants.SECURITY_ROOT_PATH.substring(1);
                for (String str3 : split) {
                    if (str3.length() >= 1) {
                        nodeImpl = nodeImpl.hasNode(str3) ? (NodeImpl) nodeImpl.getNode(str3) : UserManagerImpl.this.addNode(nodeImpl, UserManagerImpl.this.session.getQName(str3), substring.equals(str3) ? NameConstants.NT_UNSTRUCTURED : UserConstants.NT_REP_AUTHORIZABLE_FOLDER);
                    }
                }
            }
            checkAuthorizableNodeExists(str2, nodeImpl);
            return nodeImpl;
        }

        private String getDefaultFolderPath(String str, boolean z) {
            StringBuilder sb = new StringBuilder();
            if (z) {
                sb.append(UserConstants.GROUPS_PATH);
            } else {
                sb.append(UserConstants.USERS_PATH);
            }
            StringBuilder sb2 = new StringBuilder(this.defaultDepth);
            int length = str.length();
            for (int i = 0; i < this.defaultDepth; i++) {
                if (length > i) {
                    sb2.append(str.charAt(i));
                } else {
                    sb2.append(str.charAt(length - 1));
                }
                sb.append("/").append(Text.escapeIllegalJcrChars(sb2.toString()));
            }
            return sb.toString();
        }

        private Node createIntermediateFolderNodes(String str, String str2, Node node) throws RepositoryException {
            NodeImpl addNode;
            if (!this.autoExpandTree) {
                return node;
            }
            int i = this.defaultDepth + 1;
            str.length();
            while (true) {
                if (!intermediateFolderNeeded(str2, node)) {
                    break;
                }
                String escapeIllegalJcrChars = Text.escapeIllegalJcrChars(str.substring(0, i));
                if (node.hasNode(escapeIllegalJcrChars)) {
                    NodeImpl nodeImpl = (NodeImpl) node.getNode(escapeIllegalJcrChars);
                    if (nodeImpl.isNodeType(UserConstants.NT_REP_AUTHORIZABLE_FOLDER)) {
                        addNode = nodeImpl;
                    } else {
                        if (!nodeImpl.isNodeType(UserConstants.NT_REP_AUTHORIZABLE)) {
                            String str3 = "Failed to create authorizable node: Detected conflict with node of unexpected nodetype '" + nodeImpl.getPrimaryNodeType().getName() + "'.";
                            UserManagerImpl.log.error(str3);
                            throw new RepositoryException(str3);
                        }
                        UserManagerImpl.log.warn("Auto-expanding aborted. An existing authorizable node '" + nodeImpl.getName() + "'conflicts with intermediate folder to be created.");
                    }
                } else {
                    addNode = UserManagerImpl.this.addNode((NodeImpl) node, UserManagerImpl.this.session.getQName(escapeIllegalJcrChars), UserConstants.NT_REP_AUTHORIZABLE_FOLDER);
                }
                node = addNode;
                i++;
            }
            checkAuthorizableNodeExists(str2, node);
            return node;
        }

        private void checkAuthorizableNodeExists(String str, Node node) throws AuthorizableExistsException, RepositoryException {
            if (node.hasNode(str) && ((NodeImpl) node.getNode(str)).isNodeType(UserConstants.NT_REP_AUTHORIZABLE)) {
                throw new AuthorizableExistsException("Unable to create Group/User: Collision with existing authorizable.");
            }
        }

        private boolean intermediateFolderNeeded(String str, Node node) throws RepositoryException {
            if (str.length() <= node.getName().length()) {
                return false;
            }
            return str.length() == node.getName().length() + 1 || node.getNodes().getSize() >= this.autoExpandSize;
        }
    }

    public UserManagerImpl(SessionImpl sessionImpl, String str) throws RepositoryException {
        this(sessionImpl, str, null);
    }

    public UserManagerImpl(SessionImpl sessionImpl, String str, Properties properties) throws RepositoryException {
        NodeResolver traversingNodeResolver;
        this.session = sessionImpl;
        this.adminId = str;
        try {
            traversingNodeResolver = new IndexNodeResolver(sessionImpl, sessionImpl);
        } catch (RepositoryException e) {
            log.debug("UserManager: no QueryManager available for workspace '" + sessionImpl.getWorkspace().getName() + "' -> Use traversing node resolver.");
            traversingNodeResolver = new TraversingNodeResolver(sessionImpl, sessionImpl);
        }
        this.authResolver = traversingNodeResolver;
        this.idResolver = new IdResolver(properties);
        boolean z = false;
        if (properties != null && properties.containsKey(PARAM_COMPATIBILE_JR16)) {
            z = Boolean.parseBoolean(properties.get(PARAM_COMPATIBILE_JR16).toString());
        }
        this.compatibleJR16 = z;
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Authorizable getAuthorizable(String str) throws RepositoryException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Invalid authorizable name '" + str + "'");
        }
        User user = null;
        NodeImpl userNode = getUserNode(str);
        if (userNode != null) {
            user = createUser(userNode);
        } else {
            NodeImpl groupNode = getGroupNode(str);
            if (groupNode != null) {
                user = createGroup(groupNode);
            }
        }
        return user;
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Authorizable getAuthorizable(Principal principal) throws RepositoryException {
        NodeImpl nodeImpl = null;
        if (principal instanceof ItemBasedPrincipal) {
            String path = ((ItemBasedPrincipal) principal).getPath();
            if (this.session.itemExists(path)) {
                Item item = this.session.getItem(path);
                if (item.isNode()) {
                    nodeImpl = (NodeImpl) item;
                }
            }
        } else {
            nodeImpl = (NodeImpl) this.authResolver.findNode(P_PRINCIPAL_NAME, principal.getName(), NT_REP_AUTHORIZABLE);
        }
        if (nodeImpl == null) {
            return null;
        }
        if (nodeImpl.isNodeType(NT_REP_USER)) {
            return createUser(nodeImpl);
        }
        if (nodeImpl.isNodeType(NT_REP_GROUP)) {
            return createGroup(nodeImpl);
        }
        log.debug("Unexpected user nodetype " + nodeImpl.getPrimaryNodeType().getName());
        return null;
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Iterator findAuthorizables(String str, String str2) throws RepositoryException {
        return findAuthorizables(str, str2, 3);
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Iterator findAuthorizables(String str, String str2, int i) throws RepositoryException {
        Name name;
        Name qName = this.session.getQName(str);
        switch (i) {
            case 1:
                name = NT_REP_USER;
                break;
            case 2:
                name = NT_REP_GROUP;
                break;
            case 3:
                name = NT_REP_AUTHORIZABLE;
                break;
            default:
                throw new IllegalArgumentException("Invalid search type " + i);
        }
        return new AuthorizableIterator(this.authResolver.findNodes(qName, str2, name, true));
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public User createUser(String str, String str2) throws RepositoryException {
        return createUser(str, str2, new PrincipalImpl(str), null);
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public User createUser(String str, String str2, Principal principal, String str3) throws AuthorizableExistsException, RepositoryException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Cannot create user: UserID can neither be null nor empty String.");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("Cannot create user: null password.");
        }
        if (!isValidPrincipal(principal)) {
            throw new IllegalArgumentException("Cannot create user: Principal may not be null and must have a valid name.");
        }
        if (getAuthorizable(str) != null) {
            throw new AuthorizableExistsException("User for '" + str + "' already exists");
        }
        if (hasAuthorizableOrReferee(principal)) {
            throw new AuthorizableExistsException("Authorizable for '" + principal.getName() + "' already exists");
        }
        if (str3 != null) {
            log.debug("Intermediate path param " + str3 + " is ignored.");
        }
        try {
            NodeImpl nodeImpl = (NodeImpl) this.idResolver.createUserNode(str);
            setProperty(nodeImpl, P_USERID, getValue(str), true);
            setProperty(nodeImpl, P_PASSWORD, getValue(UserImpl.buildPasswordValue(str2)), true);
            setProperty(nodeImpl, P_PRINCIPAL_NAME, getValue(principal.getName()), true);
            this.session.save();
            log.debug("User created: " + str + "; " + nodeImpl.getPath());
            return createUser(nodeImpl);
        } catch (RepositoryException e) {
            this.session.refresh(false);
            log.debug("Failed to create new User, reverting changes.");
            throw e;
        }
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Group createGroup(Principal principal) throws RepositoryException {
        return createGroup(principal, null);
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Group createGroup(Principal principal, String str) throws AuthorizableExistsException, RepositoryException {
        if (!isValidPrincipal(principal)) {
            throw new IllegalArgumentException("Cannot create Group: Principal may not be null and must have a valid name.");
        }
        if (hasAuthorizableOrReferee(principal)) {
            throw new AuthorizableExistsException("Authorizable for '" + principal.getName() + "' already exists: ");
        }
        if (str != null) {
            log.debug("Intermediate path param " + str + " is ignored.");
        }
        try {
            String groupId = getGroupId(principal.getName());
            NodeImpl nodeImpl = (NodeImpl) this.idResolver.createGroupNode(groupId);
            setProperty(nodeImpl, P_PRINCIPAL_NAME, getValue(principal.getName()));
            this.session.save();
            log.debug("Group created: " + groupId + "; " + nodeImpl.getPath());
            return createGroup(nodeImpl);
        } catch (RepositoryException e) {
            this.session.refresh(false);
            log.debug("newInstance new Group failed, revert changes on parent");
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasAuthorizableOrReferee(Principal principal) throws RepositoryException {
        HashSet hashSet = new HashSet(2);
        hashSet.add(P_PRINCIPAL_NAME);
        hashSet.add(P_REFEREES);
        return this.authResolver.findNodes(hashSet, principal.getName(), NT_REP_AUTHORIZABLE, true, 1L).hasNext();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setProtectedProperty(NodeImpl nodeImpl, Name name, Value value) throws RepositoryException, LockException, ConstraintViolationException, ItemExistsException, VersionException {
        setProperty(nodeImpl, name, value);
        nodeImpl.save();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setProtectedProperty(NodeImpl nodeImpl, Name name, Value[] valueArr) throws RepositoryException, LockException, ConstraintViolationException, ItemExistsException, VersionException {
        setProperty(nodeImpl, name, valueArr);
        nodeImpl.save();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setProtectedProperty(NodeImpl nodeImpl, Name name, Value[] valueArr, int i) throws RepositoryException, LockException, ConstraintViolationException, ItemExistsException, VersionException {
        setProperty(nodeImpl, name, valueArr, i);
        nodeImpl.save();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeProtectedItem(ItemImpl itemImpl, Node node) throws RepositoryException, AccessDeniedException, VersionException {
        removeItem(itemImpl);
        node.save();
    }

    private String getGroupId(String str) throws RepositoryException {
        String str2 = str;
        int i = 0;
        while (getAuthorizable(str2) != null) {
            str2 = str + "_" + i;
            i++;
        }
        return str2;
    }

    private Value getValue(String str) throws RepositoryException {
        return this.session.getValueFactory().createValue(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isAdminId(String str) {
        return this.adminId != null && this.adminId.equals(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public User createUser(NodeImpl nodeImpl) throws RepositoryException {
        if (nodeImpl == null || !nodeImpl.isNodeType(NT_REP_USER)) {
            throw new IllegalArgumentException();
        }
        if (Text.isDescendant(UserConstants.USERS_PATH, nodeImpl.getPath())) {
            return doCreateUser(nodeImpl);
        }
        throw new IllegalArgumentException("User has to be within the User Path");
    }

    protected User doCreateUser(NodeImpl nodeImpl) throws RepositoryException {
        return new UserImpl(nodeImpl, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Group createGroup(NodeImpl nodeImpl) throws RepositoryException {
        return GroupImpl.create(nodeImpl, this);
    }

    private NodeImpl getUserNode(String str) throws RepositoryException {
        NodeImpl nodeImpl = (NodeImpl) this.idResolver.findNode(str, false);
        if (nodeImpl == null && this.compatibleJR16) {
            nodeImpl = (NodeImpl) this.authResolver.findNode(P_USERID, str, NT_REP_USER);
        }
        return nodeImpl;
    }

    private NodeImpl getGroupNode(String str) throws RepositoryException {
        NodeImpl nodeImpl = (NodeImpl) this.idResolver.findNode(str, true);
        if (nodeImpl == null && this.compatibleJR16) {
            nodeImpl = (NodeImpl) this.authResolver.findNode(this.session.getQName(Text.escapeIllegalJcrChars(str)), NT_REP_GROUP);
        }
        return nodeImpl;
    }

    private static boolean isValidPrincipal(Principal principal) {
        return (principal == null || principal.getName() == null || principal.getName().length() <= 0) ? false : true;
    }

    @Override // org.apache.jackrabbit.core.SessionListener
    public void loggingOut(SessionImpl sessionImpl) {
    }

    @Override // org.apache.jackrabbit.core.SessionListener
    public void loggedOut(SessionImpl sessionImpl) {
        if (sessionImpl != this.session) {
            this.session.logout();
        }
    }
}
