package org.apache.jackrabbit.core.security.user;

import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.Item;
import javax.jcr.ItemExistsException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.lock.LockException;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.version.VersionException;
import org.apache.commons.collections.map.LRUMap;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.ItemImpl;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.SecurityItemModifier;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.fs.FileSystem;
import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.commons.name.NameConstants;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:jackrabbit-core-1.5.0.jar:org/apache/jackrabbit/core/security/user/UserManagerImpl.class */
public class UserManagerImpl extends SecurityItemModifier implements UserManager, UserConstants {
    private static final Logger log;
    private final SessionImpl session;
    private final String adminId;
    private final NodeResolver authResolver;
    private final Map idPathMap = new LRUMap(1000);
    static Class class$org$apache$jackrabbit$core$security$user$UserManagerImpl;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.jackrabbit.core.security.user.UserManagerImpl$1, reason: invalid class name */
    /* loaded from: input_file:jackrabbit-core-1.5.0.jar:org/apache/jackrabbit/core/security/user/UserManagerImpl$1.class */
    public static class AnonymousClass1 {
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jackrabbit-core-1.5.0.jar:org/apache/jackrabbit/core/security/user/UserManagerImpl$AuthorizableIterator.class */
    public final class AuthorizableIterator implements Iterator {
        private final Set served;
        private Authorizable next;
        private NodeIterator authNodeIter;
        private final UserManagerImpl this$0;

        private AuthorizableIterator(UserManagerImpl userManagerImpl, NodeIterator nodeIterator) {
            this.this$0 = userManagerImpl;
            this.served = new HashSet();
            this.authNodeIter = nodeIterator;
            this.next = seekNext();
        }

        @Override // java.util.Iterator
        public boolean hasNext() {
            return this.next != null;
        }

        @Override // java.util.Iterator
        public Object next() {
            Authorizable authorizable = this.next;
            if (authorizable == null) {
                throw new NoSuchElementException();
            }
            this.next = seekNext();
            return authorizable;
        }

        @Override // java.util.Iterator
        public void remove() {
            throw new UnsupportedOperationException();
        }

        private Authorizable seekNext() {
            Authorizable createUser;
            while (this.authNodeIter.hasNext()) {
                NodeImpl nodeImpl = (NodeImpl) this.authNodeIter.nextNode();
                try {
                    if (!this.served.contains(nodeImpl.getUUID())) {
                        if (nodeImpl.isNodeType(UserConstants.NT_REP_USER)) {
                            createUser = this.this$0.createUser(nodeImpl);
                        } else if (nodeImpl.isNodeType(UserConstants.NT_REP_GROUP)) {
                            createUser = this.this$0.createGroup(nodeImpl);
                        } else {
                            UserManagerImpl.log.warn(new StringBuffer().append("Ignoring unexpected nodetype: ").append(nodeImpl.getPrimaryNodeType().getName()).toString());
                        }
                        this.served.add(nodeImpl.getUUID());
                        return createUser;
                    }
                    continue;
                } catch (RepositoryException e) {
                    UserManagerImpl.log.debug(e.getMessage());
                }
            }
            return null;
        }

        AuthorizableIterator(UserManagerImpl userManagerImpl, NodeIterator nodeIterator, AnonymousClass1 anonymousClass1) {
            this(userManagerImpl, nodeIterator);
        }
    }

    public UserManagerImpl(SessionImpl sessionImpl, String str) throws RepositoryException {
        NodeResolver traversingNodeResolver;
        this.session = sessionImpl;
        this.adminId = str;
        try {
            traversingNodeResolver = new IndexNodeResolver(sessionImpl, sessionImpl);
        } catch (RepositoryException e) {
            log.debug(new StringBuffer().append("UserManger: no QueryManager available for workspace '").append(sessionImpl.getWorkspace().getName()).append("' -> Use traversing node resolver.").toString());
            traversingNodeResolver = new TraversingNodeResolver(sessionImpl, sessionImpl);
        }
        this.authResolver = traversingNodeResolver;
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Authorizable getAuthorizable(String str) throws RepositoryException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException(new StringBuffer().append("Invalid authorizable name '").append(str).append("'").toString());
        }
        User user = null;
        NodeImpl userNode = getUserNode(str);
        if (userNode != null) {
            user = createUser(userNode);
        } else {
            NodeImpl groupNode = getGroupNode(str);
            if (groupNode != null) {
                user = createGroup(groupNode);
            }
        }
        return user;
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Authorizable getAuthorizable(Principal principal) throws RepositoryException {
        NodeImpl nodeImpl = null;
        if (principal instanceof ItemBasedPrincipal) {
            String path = ((ItemBasedPrincipal) principal).getPath();
            if (this.session.itemExists(path)) {
                Item item = this.session.getItem(path);
                if (item.isNode()) {
                    nodeImpl = (NodeImpl) item;
                }
            }
        }
        if (nodeImpl == null) {
            nodeImpl = (NodeImpl) this.authResolver.findNode(P_PRINCIPAL_NAME, principal.getName(), NT_REP_AUTHORIZABLE);
        }
        if (nodeImpl == null) {
            return null;
        }
        if (nodeImpl.isNodeType(NT_REP_USER)) {
            return createUser(nodeImpl);
        }
        if (nodeImpl.isNodeType(NT_REP_GROUP)) {
            return createGroup(nodeImpl);
        }
        log.warn(new StringBuffer().append("Unexpected user nodetype ").append(nodeImpl.getPrimaryNodeType().getName()).toString());
        return null;
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Iterator findAuthorizables(String str, String str2) throws RepositoryException {
        return findAuthorizables(str, str2, 3);
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Iterator findAuthorizables(String str, String str2, int i) throws RepositoryException {
        Name name;
        Name qName = this.session.getQName(str);
        switch (i) {
            case 1:
                name = NT_REP_USER;
                break;
            case 2:
                name = NT_REP_GROUP;
                break;
            case 3:
                name = NT_REP_AUTHORIZABLE;
                break;
            default:
                throw new IllegalArgumentException(new StringBuffer().append("Invalid search type ").append(i).toString());
        }
        return new AuthorizableIterator(this, this.authResolver.findNodes(qName, str2, name, true), null);
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public User createUser(String str, String str2) throws RepositoryException {
        return createUser(str, str2, new PrincipalImpl(str), null);
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public User createUser(String str, String str2, Principal principal, String str3) throws AuthorizableExistsException, RepositoryException {
        if (str == null || str2 == null || principal == null) {
            throw new IllegalArgumentException("Not possible to create user with null parameters");
        }
        if (getAuthorizable(str) != null) {
            throw new AuthorizableExistsException(new StringBuffer().append("User for '").append(str).append("' already exists").toString());
        }
        if (hasAuthorizableOrReferee(principal)) {
            throw new AuthorizableExistsException(new StringBuffer().append("Authorizable for '").append(principal.getName()).append("' already exists").toString());
        }
        NodeImpl nodeImpl = null;
        try {
            nodeImpl = createParentNode(getParentPath(str3, getCurrentUserPath()));
            NodeImpl addSecurityNode = addSecurityNode(nodeImpl, this.session.getQName(Text.escapeIllegalJcrChars(str)), NT_REP_USER);
            setSecurityProperty(addSecurityNode, P_USERID, getValue(str));
            setSecurityProperty(addSecurityNode, P_PASSWORD, getValue(UserImpl.buildPasswordValue(str2)));
            setSecurityProperty(addSecurityNode, P_PRINCIPAL_NAME, getValue(principal.getName()));
            nodeImpl.save();
            log.info(new StringBuffer().append("User created: ").append(str).append("; ").append(addSecurityNode.getPath()).toString());
            return createUser(addSecurityNode);
        } catch (RepositoryException e) {
            if (nodeImpl != null) {
                nodeImpl.refresh(false);
                log.debug("Failed to create new User, reverting changes.");
            }
            throw e;
        }
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Group createGroup(Principal principal) throws RepositoryException {
        return createGroup(principal, null);
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Group createGroup(Principal principal, String str) throws AuthorizableExistsException, RepositoryException {
        if (principal == null) {
            throw new IllegalArgumentException("Principal might not be null.");
        }
        if (hasAuthorizableOrReferee(principal)) {
            throw new AuthorizableExistsException(new StringBuffer().append("Authorizable for '").append(principal.getName()).append("' already exists: ").toString());
        }
        NodeImpl nodeImpl = null;
        try {
            nodeImpl = createParentNode(getParentPath(str, UserConstants.GROUPS_PATH));
            Name groupId = getGroupId(principal.getName());
            NodeImpl addSecurityNode = addSecurityNode(nodeImpl, groupId, NT_REP_GROUP);
            setSecurityProperty(addSecurityNode, P_PRINCIPAL_NAME, getValue(principal.getName()));
            nodeImpl.save();
            log.info(new StringBuffer().append("Group created: ").append(groupId).append("; ").append(addSecurityNode.getPath()).toString());
            return createGroup(addSecurityNode);
        } catch (RepositoryException e) {
            if (nodeImpl != null) {
                nodeImpl.refresh(false);
                log.debug("newInstance new Group failed, revert changes on parent");
            }
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasAuthorizableOrReferee(Principal principal) throws RepositoryException {
        HashSet hashSet = new HashSet(2);
        hashSet.add(P_PRINCIPAL_NAME);
        hashSet.add(P_REFEREES);
        return this.authResolver.findNodes(hashSet, principal.getName(), NT_REP_AUTHORIZABLE, true, 1L).hasNext();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setProtectedProperty(NodeImpl nodeImpl, Name name, Value value) throws RepositoryException, LockException, ConstraintViolationException, ItemExistsException, VersionException {
        setSecurityProperty(nodeImpl, name, value);
        nodeImpl.save();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setProtectedProperty(NodeImpl nodeImpl, Name name, Value[] valueArr) throws RepositoryException, LockException, ConstraintViolationException, ItemExistsException, VersionException {
        setSecurityProperty(nodeImpl, name, valueArr);
        nodeImpl.save();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeProtectedItem(ItemImpl itemImpl, Node node) throws RepositoryException, AccessDeniedException, VersionException {
        removeSecurityItem(itemImpl);
        node.save();
    }

    private Name getGroupId(String str) throws RepositoryException {
        String escapeIllegalJcrChars = Text.escapeIllegalJcrChars(str);
        String str2 = escapeIllegalJcrChars;
        int i = 0;
        while (getAuthorizable(str2) != null) {
            str2 = new StringBuffer().append(escapeIllegalJcrChars).append("_").append(i).toString();
            i++;
        }
        return this.session.getQName(str2);
    }

    private Value getValue(String str) throws RepositoryException {
        return this.session.getValueFactory().createValue(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isAdminId(String str) {
        if (this.adminId == null) {
            return false;
        }
        return this.adminId.equals(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public User createUser(NodeImpl nodeImpl) throws RepositoryException {
        User create = UserImpl.create(nodeImpl, this);
        this.idPathMap.put(create.getID(), nodeImpl.getPath());
        return create;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Group createGroup(NodeImpl nodeImpl) throws RepositoryException {
        Group create = GroupImpl.create(nodeImpl, this);
        this.idPathMap.put(create.getID(), nodeImpl.getPath());
        return create;
    }

    private NodeImpl getUserNode(String str) throws RepositoryException {
        NodeImpl nodeImpl = null;
        if (this.idPathMap.containsKey(str)) {
            String obj = this.idPathMap.get(str).toString();
            if (this.session.itemExists(obj)) {
                Item item = this.session.getItem(obj);
                if (item.isNode() && ((NodeImpl) item).isNodeType(NT_REP_USER) && str.equals(((NodeImpl) item).getProperty(P_USERID).getString())) {
                    nodeImpl = (NodeImpl) item;
                }
            }
        }
        if (nodeImpl == null) {
            this.idPathMap.remove(str);
            nodeImpl = (NodeImpl) this.authResolver.findNode(P_USERID, str, NT_REP_USER);
        }
        return nodeImpl;
    }

    private NodeImpl getGroupNode(String str) throws RepositoryException {
        NodeImpl nodeImpl = null;
        if (this.idPathMap.containsKey(str)) {
            String obj = this.idPathMap.get(str).toString();
            if (this.session.itemExists(obj)) {
                Item item = this.session.getItem(obj);
                if (item.isNode()) {
                    NodeImpl nodeImpl2 = (NodeImpl) item;
                    if (nodeImpl2.isNodeType(NT_REP_GROUP) && str.equals(nodeImpl2.getName())) {
                        nodeImpl = (NodeImpl) item;
                    }
                }
            }
        }
        if (nodeImpl == null) {
            this.idPathMap.remove(str);
            nodeImpl = (NodeImpl) this.authResolver.findNode(this.session.getQName(str), NT_REP_GROUP);
        }
        return nodeImpl;
    }

    private String getCurrentUserPath() {
        String str = UserConstants.USERS_PATH;
        String userID = this.session.getUserID();
        if (this.idPathMap.containsKey(userID)) {
            str = this.idPathMap.get(userID).toString();
        } else {
            try {
                NodeImpl userNode = getUserNode(userID);
                if (userNode != null) {
                    str = userNode.getPath();
                }
            } catch (RepositoryException e) {
                log.error("Internal error: unable to build current user path.", e.getMessage());
            }
        }
        return str;
    }

    private static String getParentPath(String str, String str2) {
        StringBuffer stringBuffer = new StringBuffer();
        if (str == null || !str.startsWith(str2)) {
            stringBuffer.append(str2);
        }
        if (str != null && str.length() > 1) {
            if (!str.startsWith(FileSystem.SEPARATOR)) {
                stringBuffer.append(FileSystem.SEPARATOR);
            }
            stringBuffer.append(str);
        }
        return stringBuffer.toString();
    }

    private NodeImpl createParentNode(String str) throws RepositoryException {
        NodeImpl nodeImpl = (NodeImpl) this.session.getRootNode();
        String[] split = str.split(FileSystem.SEPARATOR);
        int i = 0;
        while (i < split.length) {
            String str2 = split[i];
            if (str2.length() >= 1) {
                Name qName = this.session.getQName(str2);
                if (nodeImpl.hasNode(qName)) {
                    nodeImpl = nodeImpl.getNode(qName);
                } else {
                    NodeImpl addSecurityNode = addSecurityNode(nodeImpl, qName, i == 0 ? NameConstants.NT_UNSTRUCTURED : NT_REP_AUTHORIZABLE_FOLDER);
                    nodeImpl.save();
                    nodeImpl = addSecurityNode;
                }
            }
            i++;
        }
        return nodeImpl;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$jackrabbit$core$security$user$UserManagerImpl == null) {
            cls = class$("org.apache.jackrabbit.core.security.user.UserManagerImpl");
            class$org$apache$jackrabbit$core$security$user$UserManagerImpl = cls;
        } else {
            cls = class$org$apache$jackrabbit$core$security$user$UserManagerImpl;
        }
        log = LoggerFactory.getLogger(cls);
    }
}
