package org.apache.jackrabbit.oak.security.user;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.index.IndexConstants;
import org.apache.jackrabbit.oak.plugins.index.IndexUtils;
import org.apache.jackrabbit.oak.plugins.index.nodetype.NodeTypeIndexProvider;
import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexProvider;
import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore;
import org.apache.jackrabbit.oak.plugins.memory.ModifiedNodeState;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.plugins.tree.factories.RootFactory;
import org.apache.jackrabbit.oak.spi.commit.EmptyHook;
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider;
import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
import org.apache.jackrabbit.oak.spi.query.QueryIndexProviderAware;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.state.ApplyDiff;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import redis.clients.jedis.Protocol;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/UserInitializer.class */
class UserInitializer implements WorkspaceInitializer, UserConstants, QueryIndexProviderAware {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) UserInitializer.class);
    private final SecurityProvider securityProvider;
    private QueryIndexProvider queryIndexProvider = new CompositeQueryIndexProvider(new PropertyIndexProvider(), new NodeTypeIndexProvider());

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserInitializer(@NotNull SecurityProvider securityProvider) {
        this.securityProvider = securityProvider;
    }

    @Override // org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer
    public void initialize(NodeBuilder nodeBuilder, String str) {
        NodeState squeeze = ModifiedNodeState.squeeze(nodeBuilder.getNodeState());
        MemoryNodeStore memoryNodeStore = new MemoryNodeStore(squeeze);
        Root createSystemRoot = RootFactory.createSystemRoot(memoryNodeStore, EmptyHook.INSTANCE, str, this.securityProvider, this.queryIndexProvider);
        UserConfiguration userConfiguration = (UserConfiguration) this.securityProvider.getConfiguration(UserConfiguration.class);
        UserManager userManager = userConfiguration.getUserManager(createSystemRoot, NamePathMapper.DEFAULT);
        try {
            Tree tree = createSystemRoot.getTree("/");
            Preconditions.checkState(tree.exists());
            Tree orAddChild = TreeUtil.getOrAddChild(tree, IndexConstants.INDEX_DEFINITIONS_NAME, JcrConstants.NT_UNSTRUCTURED);
            if (!orAddChild.hasChild("authorizableId")) {
                IndexUtils.createIndexDefinition(orAddChild, "authorizableId", true, new String[]{UserConstants.REP_AUTHORIZABLE_ID}, UserConstants.NT_REP_AUTHORIZABLE).setProperty(Protocol.CLUSTER_INFO, "Oak index used by the user management to enforce uniqueness of rep:authorizableId property values.");
            }
            if (!orAddChild.hasChild("principalName")) {
                IndexUtils.createIndexDefinition(orAddChild, "principalName", true, new String[]{"rep:principalName"}, UserConstants.NT_REP_AUTHORIZABLE).setProperty(Protocol.CLUSTER_INFO, "Oak index used by the user management to enforce uniqueness of rep:principalName property values, and to quickly search a principal by name if it was constructed manually.");
            }
            if (!orAddChild.hasChild("repMembers")) {
                IndexUtils.createIndexDefinition(orAddChild, "repMembers", false, new String[]{UserConstants.REP_MEMBERS}, UserConstants.NT_REP_MEMBER_REFERENCES).setProperty(Protocol.CLUSTER_INFO, "Oak index used by the user management to lookup group membership.");
            }
            ConfigurationParameters parameters = userConfiguration.getParameters();
            String str2 = (String) parameters.getConfigValue("adminId", "admin");
            if (userManager.getAuthorizable(str2) == null) {
                userManager.createUser(str2, ((Boolean) parameters.getConfigValue(UserConstants.PARAM_OMIT_ADMIN_PW, false)).booleanValue() ? null : str2);
            }
            String emptyToNull = Strings.emptyToNull((String) parameters.getConfigValue("anonymousId", "anonymous", String.class));
            if (emptyToNull != null && userManager.getAuthorizable(emptyToNull) == null) {
                userManager.createUser(emptyToNull, null);
            }
            if (createSystemRoot.hasPendingChanges()) {
                createSystemRoot.commit();
            }
            memoryNodeStore.getRoot().compareAgainstBaseState(squeeze, new ApplyDiff(nodeBuilder));
        } catch (RepositoryException | CommitFailedException e) {
            log.error("Failed to initialize user content.", e);
            throw new RuntimeException(e);
        }
    }

    @Override // org.apache.jackrabbit.oak.spi.query.QueryIndexProviderAware
    public void setQueryIndexProvider(QueryIndexProvider queryIndexProvider) {
        this.queryIndexProvider = queryIndexProvider;
    }
}
