package org.nuxeo.ecm.multi.tenant;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.ClientException;
import org.nuxeo.ecm.core.api.CoreSession;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.DocumentModelList;
import org.nuxeo.ecm.core.api.UnrestrictedSessionRunner;
import org.nuxeo.ecm.core.api.security.ACE;
import org.nuxeo.ecm.core.api.security.ACL;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.directory.Session;
import org.nuxeo.ecm.directory.api.DirectoryService;
import org.nuxeo.runtime.api.Framework;
import org.nuxeo.runtime.model.ComponentInstance;
import org.nuxeo.runtime.model.DefaultComponent;

/* loaded from: input_file:org/nuxeo/ecm/multi/tenant/MultiTenantServiceImpl.class */
public class MultiTenantServiceImpl extends DefaultComponent implements MultiTenantService {
    private static final Log log = LogFactory.getLog(MultiTenantServiceImpl.class);
    public static final String CONFIGURATION_EP = "configuration";
    private MultiTenantConfiguration configuration;
    private Boolean isTenantIsolationEnabled;

    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public String getTenantDocumentType() {
        return this.configuration.getTenantDocumentType();
    }

    /* JADX WARN: Type inference failed for: r0v6, types: [org.nuxeo.ecm.multi.tenant.MultiTenantServiceImpl$1] */
    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public boolean isTenantIsolationEnabled(CoreSession coreSession) throws ClientException {
        if (this.isTenantIsolationEnabled == null) {
            final ArrayList arrayList = new ArrayList();
            new UnrestrictedSessionRunner(coreSession) { // from class: org.nuxeo.ecm.multi.tenant.MultiTenantServiceImpl.1
                public void run() throws ClientException {
                    arrayList.addAll(this.session.query("SELECT * FROM Document WHERE ecm:mixinType = 'TenantConfig'"));
                }
            }.runUnrestricted();
            this.isTenantIsolationEnabled = Boolean.valueOf(!arrayList.isEmpty());
        }
        return this.isTenantIsolationEnabled.booleanValue();
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [org.nuxeo.ecm.multi.tenant.MultiTenantServiceImpl$2] */
    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public void enableTenantIsolation(CoreSession coreSession) throws ClientException {
        if (isTenantIsolationEnabled(coreSession)) {
            return;
        }
        new UnrestrictedSessionRunner(coreSession) { // from class: org.nuxeo.ecm.multi.tenant.MultiTenantServiceImpl.2
            public void run() throws ClientException {
                Iterator it = this.session.query(String.format("SELECT * FROM Document WHERE ecm:primaryType = '%s'", MultiTenantServiceImpl.this.configuration.getTenantDocumentType())).iterator();
                while (it.hasNext()) {
                    MultiTenantServiceImpl.this.enableTenantIsolationFor(this.session, (DocumentModel) it.next());
                }
                this.session.save();
            }
        }.runUnrestricted();
        this.isTenantIsolationEnabled = true;
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [org.nuxeo.ecm.multi.tenant.MultiTenantServiceImpl$3] */
    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public void disableTenantIsolation(CoreSession coreSession) throws ClientException {
        if (isTenantIsolationEnabled(coreSession)) {
            new UnrestrictedSessionRunner(coreSession) { // from class: org.nuxeo.ecm.multi.tenant.MultiTenantServiceImpl.3
                public void run() throws ClientException {
                    Iterator it = this.session.query("SELECT * FROM Document WHERE ecm:mixinType = 'TenantConfig'").iterator();
                    while (it.hasNext()) {
                        MultiTenantServiceImpl.this.disableTenantIsolationFor(this.session, (DocumentModel) it.next());
                    }
                    this.session.save();
                }
            }.runUnrestricted();
            this.isTenantIsolationEnabled = false;
        }
    }

    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public void enableTenantIsolationFor(CoreSession coreSession, DocumentModel documentModel) throws ClientException {
        if (!documentModel.hasFacet(Constants.TENANT_CONFIG_FACET)) {
            documentModel.addFacet(Constants.TENANT_CONFIG_FACET);
        }
        String str = (String) registerTenant(documentModel).getPropertyValue("tenant:id");
        documentModel.setPropertyValue(Constants.TENANT_ID_PROPERTY, str);
        setTenantACL(str, documentModel);
        coreSession.saveDocument(documentModel);
    }

    private DocumentModel registerTenant(DocumentModel documentModel) throws ClientException {
        Session session = null;
        try {
            session = ((DirectoryService) Framework.getLocalService(DirectoryService.class)).open(Constants.TENANTS_DIRECTORY);
            HashMap hashMap = new HashMap();
            hashMap.put("id", documentModel.getName());
            hashMap.put("label", documentModel.getTitle());
            hashMap.put("docId", documentModel.getId());
            DocumentModel createEntry = session.createEntry(hashMap);
            if (session != null) {
                session.close();
            }
            return createEntry;
        } catch (Throwable th) {
            if (session != null) {
                session.close();
            }
            throw th;
        }
    }

    private void setTenantACL(String str, DocumentModel documentModel) throws ClientException {
        ACP acp = documentModel.getACP();
        ACL orCreateACL = acp.getOrCreateACL();
        orCreateACL.add(new ACE(MultiTenantHelper.computeTenantAdministratorsGroup(str), "Everything", true));
        orCreateACL.add(new ACE(MultiTenantHelper.computeTenantMembersGroup(str), this.configuration.getMembersGroupPermission(), true));
        orCreateACL.add(new ACE("Everyone", "Everything", false));
        documentModel.setACP(acp, true);
    }

    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public void disableTenantIsolationFor(CoreSession coreSession, DocumentModel documentModel) throws ClientException {
        if (coreSession.exists(documentModel.getRef())) {
            if (documentModel.hasFacet(Constants.TENANT_CONFIG_FACET)) {
                documentModel.removeFacet(Constants.TENANT_CONFIG_FACET);
            }
            removeTenantACL(documentModel);
            coreSession.saveDocument(documentModel);
        }
        unregisterTenant(documentModel);
    }

    private void removeTenantACL(DocumentModel documentModel) throws ClientException {
        ACP acp = documentModel.getACP();
        ACL orCreateACL = acp.getOrCreateACL();
        int indexOf = orCreateACL.indexOf(new ACE(MultiTenantHelper.computeTenantAdministratorsGroup(documentModel.getName()), "Everything", true));
        if (indexOf >= 0) {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(orCreateACL.subList(0, indexOf));
            arrayList.addAll(orCreateACL.subList(indexOf + 3, orCreateACL.size()));
            orCreateACL.setACEs((ACE[]) arrayList.toArray(new ACE[arrayList.size()]));
        }
        documentModel.setACP(acp, true);
    }

    private void unregisterTenant(DocumentModel documentModel) throws ClientException {
        Session session = null;
        try {
            session = ((DirectoryService) Framework.getLocalService(DirectoryService.class)).open(Constants.TENANTS_DIRECTORY);
            session.deleteEntry(documentModel.getName());
            if (session != null) {
                session.close();
            }
        } catch (Throwable th) {
            if (session != null) {
                session.close();
            }
            throw th;
        }
    }

    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public List<DocumentModel> getTenants() throws ClientException {
        Session session = null;
        try {
            session = ((DirectoryService) Framework.getLocalService(DirectoryService.class)).open(Constants.TENANTS_DIRECTORY);
            DocumentModelList entries = session.getEntries();
            if (session != null) {
                session.close();
            }
            return entries;
        } catch (Throwable th) {
            if (session != null) {
                session.close();
            }
            throw th;
        }
    }

    public void registerContribution(Object obj, String str, ComponentInstance componentInstance) throws Exception {
        if (CONFIGURATION_EP.equals(str)) {
            if (this.configuration != null) {
                log.warn("Overriding existing multi tenant configuration");
            }
            this.configuration = (MultiTenantConfiguration) obj;
        }
    }

    public void unregisterContribution(Object obj, String str, ComponentInstance componentInstance) throws Exception {
        if (CONFIGURATION_EP.equals(str) && this.configuration.equals(obj)) {
            this.configuration = null;
        }
    }
}
