package org.nuxeo.ecm.platform.usermanager;

import java.io.Serializable;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.DocumentModelComparator;
import org.nuxeo.ecm.core.api.DocumentModelList;
import org.nuxeo.ecm.core.api.NuxeoException;
import org.nuxeo.ecm.core.api.NuxeoGroup;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.core.api.impl.DocumentModelListImpl;
import org.nuxeo.ecm.core.api.local.ClientLoginModule;
import org.nuxeo.ecm.core.api.model.Property;
import org.nuxeo.ecm.core.api.model.PropertyNotFoundException;
import org.nuxeo.ecm.core.api.security.ACE;
import org.nuxeo.ecm.core.api.security.ACL;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.core.api.security.AdministratorGroupsProvider;
import org.nuxeo.ecm.core.api.security.PermissionProvider;
import org.nuxeo.ecm.core.cache.Cache;
import org.nuxeo.ecm.core.cache.CacheService;
import org.nuxeo.ecm.core.event.EventProducer;
import org.nuxeo.ecm.core.event.impl.UnboundEventContext;
import org.nuxeo.ecm.directory.BaseSession;
import org.nuxeo.ecm.directory.DirectoryException;
import org.nuxeo.ecm.directory.Session;
import org.nuxeo.ecm.directory.api.DirectoryService;
import org.nuxeo.ecm.platform.usermanager.UserManager;
import org.nuxeo.ecm.platform.usermanager.exceptions.GroupAlreadyExistsException;
import org.nuxeo.ecm.platform.usermanager.exceptions.InvalidPasswordException;
import org.nuxeo.ecm.platform.usermanager.exceptions.UserAlreadyExistsException;
import org.nuxeo.runtime.api.Framework;
import org.nuxeo.runtime.services.config.ConfigurationService;
import org.nuxeo.runtime.services.event.Event;
import org.nuxeo.runtime.services.event.EventService;

/* loaded from: input_file:org/nuxeo/ecm/platform/usermanager/UserManagerImpl.class */
public class UserManagerImpl implements UserManager, MultiTenantUserManager, AdministratorGroupsProvider {
    private static final String VALIDATE_PASSWORD_PARAM = "nuxeo.usermanager.check.password";
    private static final long serialVersionUID = 1;
    private static final Log log = LogFactory.getLog(UserManagerImpl.class);
    public static final String USERMANAGER_TOPIC = "usermanager";
    public static final String USERCHANGED_EVENT_ID = "user_changed";
    public static final String USERCREATED_EVENT_ID = "user_created";
    public static final String USERDELETED_EVENT_ID = "user_deleted";
    public static final String USERMODIFIED_EVENT_ID = "user_modified";
    public static final String GROUPCHANGED_EVENT_ID = "group_changed";
    public static final String GROUPCREATED_EVENT_ID = "group_created";
    public static final String GROUPDELETED_EVENT_ID = "group_deleted";
    public static final String GROUPMODIFIED_EVENT_ID = "group_modified";
    public static final String DEFAULT_ANONYMOUS_USER_ID = "Anonymous";
    public static final String VIRTUAL_FIELD_FILTER_PREFIX = "__";
    public static final String INVALIDATE_PRINCIPAL_EVENT_ID = "invalidatePrincipal";
    public static final String INVALIDATE_ALL_PRINCIPALS_EVENT_ID = "invalidateAllPrincipals";
    public static final String USER_GROUP_CATEGORY = "userGroup";
    public static final String ID_PROPERTY_KEY = "id";
    public static final String ANCESTOR_GROUPS_PROPERTY_KEY = "ancestorGroups";
    protected GroupConfig groupConfig;
    protected String userDirectoryName;
    protected String userSchemaName;
    protected String userIdField;
    protected String userEmailField;
    protected Map<String, UserManager.MatchType> userSearchFields;
    protected String groupDirectoryName;
    protected String groupSchemaName;
    protected String groupIdField;
    protected String groupLabelField;
    protected String groupMembersField;
    protected String groupSubGroupsField;
    protected String groupParentGroupsField;
    protected String groupSortField;
    protected Map<String, UserManager.MatchType> groupSearchFields;
    protected String defaultGroup;
    protected List<String> administratorIds;
    protected List<String> administratorGroups;
    protected Boolean disableDefaultAdministratorsGroup;
    protected String userSortField;
    protected String userListingMode;
    protected String groupListingMode;
    protected Pattern userPasswordPattern;
    protected VirtualUser anonymousUser;
    protected String digestAuthDirectory;
    protected String digestAuthRealm;
    protected Cache principalCache = null;
    public UserMultiTenantManagement multiTenantManagement = new DefaultUserMultiTenantManagement();
    protected final DirectoryService dirService = (DirectoryService) Framework.getService(DirectoryService.class);
    protected final CacheService cacheService = (CacheService) Framework.getService(CacheService.class);
    protected final Map<String, VirtualUserDescriptor> virtualUsers = new HashMap();
    protected UserConfig userConfig = new UserConfig();

    public void setConfiguration(UserManagerDescriptor userManagerDescriptor) {
        this.defaultGroup = userManagerDescriptor.defaultGroup;
        this.administratorIds = userManagerDescriptor.defaultAdministratorIds;
        this.disableDefaultAdministratorsGroup = false;
        if (userManagerDescriptor.disableDefaultAdministratorsGroup != null) {
            this.disableDefaultAdministratorsGroup = userManagerDescriptor.disableDefaultAdministratorsGroup;
        }
        this.administratorGroups = new ArrayList();
        if (!this.disableDefaultAdministratorsGroup.booleanValue()) {
            this.administratorGroups.add("administrators");
        }
        if (userManagerDescriptor.administratorsGroups != null) {
            this.administratorGroups.addAll(userManagerDescriptor.administratorsGroups);
        }
        if (this.administratorGroups.isEmpty()) {
            log.warn("No administrators group has been defined: at least one should be set to avoid lockups when blocking rights for instance");
        }
        this.userSortField = userManagerDescriptor.userSortField;
        this.groupSortField = userManagerDescriptor.groupSortField;
        this.userListingMode = userManagerDescriptor.userListingMode;
        this.groupListingMode = userManagerDescriptor.groupListingMode;
        this.userEmailField = userManagerDescriptor.userEmailField;
        this.userSearchFields = userManagerDescriptor.userSearchFields;
        this.userPasswordPattern = userManagerDescriptor.userPasswordPattern;
        this.groupLabelField = userManagerDescriptor.groupLabelField;
        this.groupMembersField = userManagerDescriptor.groupMembersField;
        this.groupSubGroupsField = userManagerDescriptor.groupSubGroupsField;
        this.groupParentGroupsField = userManagerDescriptor.groupParentGroupsField;
        this.groupSearchFields = userManagerDescriptor.groupSearchFields;
        this.anonymousUser = userManagerDescriptor.anonymousUser;
        setUserDirectoryName(userManagerDescriptor.userDirectoryName);
        setGroupDirectoryName(userManagerDescriptor.groupDirectoryName);
        setVirtualUsers(userManagerDescriptor.virtualUsers);
        this.digestAuthDirectory = userManagerDescriptor.digestAuthDirectory;
        this.digestAuthRealm = userManagerDescriptor.digestAuthRealm;
        this.userConfig = new UserConfig();
        this.userConfig.emailKey = this.userEmailField;
        this.userConfig.schemaName = this.userSchemaName;
        this.userConfig.nameKey = this.userIdField;
        this.groupConfig = new GroupConfig();
        this.groupConfig.schemaName = this.groupSchemaName;
        this.groupConfig.idField = this.groupIdField;
        this.groupConfig.labelField = this.groupLabelField;
        this.groupConfig.membersField = this.groupMembersField;
        this.groupConfig.subGroupsField = this.groupSubGroupsField;
        this.groupConfig.parentGroupsField = this.groupParentGroupsField;
        if (this.cacheService == null || userManagerDescriptor.userCacheName == null) {
            return;
        }
        this.principalCache = this.cacheService.getCache(userManagerDescriptor.userCacheName);
        invalidateAllPrincipals();
    }

    protected void setUserDirectoryName(String str) {
        this.userDirectoryName = str;
        this.userSchemaName = this.dirService.getDirectorySchema(str);
        this.userIdField = this.dirService.getDirectoryIdField(str);
    }

    public String getUserDirectoryName() {
        return this.userDirectoryName;
    }

    public String getUserIdField() {
        return this.userIdField;
    }

    public String getUserSchemaName() {
        return this.userSchemaName;
    }

    public String getUserEmailField() {
        return this.userEmailField;
    }

    public Set<String> getUserSearchFields() {
        return Collections.unmodifiableSet(this.userSearchFields.keySet());
    }

    public Set<String> getGroupSearchFields() {
        return Collections.unmodifiableSet(this.groupSearchFields.keySet());
    }

    protected void setGroupDirectoryName(String str) {
        this.groupDirectoryName = str;
        this.groupSchemaName = this.dirService.getDirectorySchema(str);
        this.groupIdField = this.dirService.getDirectoryIdField(str);
    }

    public String getGroupDirectoryName() {
        return this.groupDirectoryName;
    }

    public String getGroupIdField() {
        return this.groupIdField;
    }

    public String getGroupLabelField() {
        return this.groupLabelField;
    }

    public String getGroupSchemaName() {
        return this.groupSchemaName;
    }

    public String getGroupMembersField() {
        return this.groupMembersField;
    }

    public String getGroupSubGroupsField() {
        return this.groupSubGroupsField;
    }

    public String getGroupParentGroupsField() {
        return this.groupParentGroupsField;
    }

    public String getUserListingMode() {
        return this.userListingMode;
    }

    public String getGroupListingMode() {
        return this.groupListingMode;
    }

    public String getDefaultGroup() {
        return this.defaultGroup;
    }

    public Pattern getUserPasswordPattern() {
        return this.userPasswordPattern;
    }

    public String getAnonymousUserId() {
        if (this.anonymousUser == null) {
            return null;
        }
        String id = this.anonymousUser.getId();
        return id == null ? DEFAULT_ANONYMOUS_USER_ID : id;
    }

    protected void setVirtualUsers(Map<String, VirtualUserDescriptor> map) {
        this.virtualUsers.clear();
        if (map != null) {
            this.virtualUsers.putAll(map);
        }
    }

    public boolean checkUsernamePassword(String str, String str2) {
        if (str == null || str2 == null) {
            log.warn("Trying to authenticate against null username or password");
            return false;
        }
        String anonymousUserId = getAnonymousUserId();
        if (str.equals(anonymousUserId)) {
            log.warn(String.format("Trying to authenticate anonymous user (%s)", anonymousUserId));
            return false;
        }
        if (this.virtualUsers.containsKey(str)) {
            String password = this.virtualUsers.get(str).getPassword();
            if (password == null) {
                return false;
            }
            return password.equals(str2);
        }
        String str3 = (!"userDirectory".equals(this.userDirectoryName) || this.dirService.getDirectory("userAuthentication") == null) ? this.userDirectoryName : "userAuthentication";
        Session open = this.dirService.open(str3);
        Throwable th = null;
        try {
            if (open.isAuthenticating()) {
                boolean authenticate = open.authenticate(str, str2);
                if (authenticate) {
                    Framework.doPrivileged(() -> {
                        syncDigestAuthPassword(str, str2);
                    });
                }
                return authenticate;
            }
            log.error("Trying to authenticate against a non authenticating directory: " + str3);
            if (open != null) {
                if (0 != 0) {
                    try {
                        open.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    open.close();
                }
            }
            return false;
        } finally {
            if (open != null) {
                if (0 != 0) {
                    try {
                        open.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    open.close();
                }
            }
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x013d: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:38:0x013d */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x0138: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:36:0x0138 */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r9v1, types: [org.nuxeo.ecm.directory.Session] */
    protected void syncDigestAuthPassword(String str, String str2) {
        if (StringUtils.isEmpty(this.digestAuthDirectory) || StringUtils.isEmpty(this.digestAuthRealm) || str == null || str2 == null) {
            return;
        }
        String encodeDigestAuthPassword = encodeDigestAuthPassword(str, this.digestAuthRealm, str2);
        try {
            try {
                Session open = this.dirService.open(this.digestAuthDirectory);
                Throwable th = null;
                open.setReadAllColumns(true);
                String directorySchema = this.dirService.getDirectorySchema(this.digestAuthDirectory);
                DocumentModel entry = open.getEntry(str, true);
                if (entry == null) {
                    DocumentModel digestAuthModel = getDigestAuthModel();
                    digestAuthModel.setProperty(directorySchema, open.getIdField(), str);
                    digestAuthModel.setProperty(directorySchema, open.getPasswordField(), encodeDigestAuthPassword);
                    open.createEntry(digestAuthModel);
                    log.debug("Created digest auth password for user:" + str);
                } else if (!encodeDigestAuthPassword.equals((String) entry.getProperty(directorySchema, open.getPasswordField()))) {
                    entry.setProperty(directorySchema, open.getPasswordField(), encodeDigestAuthPassword);
                    open.updateEntry(entry);
                    log.debug("Updated digest auth password for user:" + str);
                }
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
            } finally {
            }
        } catch (DirectoryException e) {
            log.warn("Digest auth password not synchronized, check your configuration", e);
        }
    }

    protected DocumentModel getDigestAuthModel() {
        return BaseSession.createEntryModel((String) null, this.dirService.getDirectorySchema(this.digestAuthDirectory), (String) null, (Map) null);
    }

    public static String encodeDigestAuthPassword(String str, String str2, String str3) {
        return DigestUtils.md5Hex(str + ":" + str2 + ":" + str3);
    }

    public String getDigestAuthDirectory() {
        return this.digestAuthDirectory;
    }

    public String getDigestAuthRealm() {
        return this.digestAuthRealm;
    }

    public boolean validatePassword(String str) {
        if (this.userPasswordPattern == null) {
            return true;
        }
        return this.userPasswordPattern.matcher(str).find();
    }

    protected NuxeoPrincipal makeAnonymousPrincipal() {
        return makePrincipal(makeVirtualUserEntry(getAnonymousUserId(), this.anonymousUser), true, this.anonymousUser.getGroups());
    }

    protected NuxeoPrincipal makeVirtualPrincipal(VirtualUser virtualUser) {
        return makePrincipal(makeVirtualUserEntry(virtualUser.getId(), virtualUser), false, virtualUser.getGroups());
    }

    protected NuxeoPrincipal makeTransientPrincipal(String str) {
        DocumentModel createEntryModel = BaseSession.createEntryModel((String) null, this.userSchemaName, str, (Map) null);
        createEntryModel.setProperty(this.userSchemaName, this.userIdField, str);
        NuxeoPrincipal makePrincipal = makePrincipal(createEntryModel, false, true, null);
        String str2 = str.split("/")[1];
        makePrincipal.setFirstName(str2);
        makePrincipal.setEmail(str2);
        return makePrincipal;
    }

    protected DocumentModel makeVirtualUserEntry(String str, VirtualUser virtualUser) {
        DocumentModel createEntryModel = BaseSession.createEntryModel((String) null, this.userSchemaName, str, (Map) null);
        createEntryModel.setProperty(this.userSchemaName, this.userIdField, str);
        for (Map.Entry entry : virtualUser.getProperties().entrySet()) {
            try {
                createEntryModel.setProperty(this.userSchemaName, (String) entry.getKey(), entry.getValue());
            } catch (PropertyNotFoundException e) {
                log.error("Property: " + ((String) entry.getKey()) + " does not exists. Check your UserService configuration.", e);
            }
        }
        return createEntryModel;
    }

    protected NuxeoPrincipal makePrincipal(DocumentModel documentModel) {
        return makePrincipal(documentModel, false, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public NuxeoPrincipal makePrincipal(DocumentModel documentModel, boolean z, List<String> list) {
        return makePrincipal(documentModel, z, false, list);
    }

    protected NuxeoPrincipal makePrincipal(DocumentModel documentModel, boolean z, boolean z2, List<String> list) {
        boolean z3 = false;
        String id = documentModel.getId();
        LinkedList linkedList = new LinkedList();
        if (this.defaultGroup != null && !z && !z2) {
            linkedList.add(this.defaultGroup);
        }
        if (list != null && !z2) {
            linkedList.addAll(list);
        }
        if (this.administratorIds != null && this.administratorIds.contains(id)) {
            z3 = true;
            if (this.administratorGroups != null) {
                linkedList.addAll(this.administratorGroups);
            }
        }
        NuxeoPrincipalImpl nuxeoPrincipalImpl = new NuxeoPrincipalImpl(id, z, z3, false);
        nuxeoPrincipalImpl.setConfig(this.userConfig);
        nuxeoPrincipalImpl.setModel(documentModel, false);
        nuxeoPrincipalImpl.setVirtualGroups(linkedList, true);
        nuxeoPrincipalImpl.setRoles(Collections.singletonList("regular"));
        return nuxeoPrincipalImpl;
    }

    protected boolean useCache() {
        return this.principalCache != null;
    }

    public NuxeoPrincipal getPrincipal(String str) {
        return useCache() ? getPrincipalUsingCache(str) : getPrincipal(str, null);
    }

    protected NuxeoPrincipal getPrincipalUsingCache(String str) {
        NuxeoPrincipal nuxeoPrincipal = this.principalCache.get(str);
        if (nuxeoPrincipal == null) {
            nuxeoPrincipal = getPrincipal(str, null);
            if (nuxeoPrincipal == null) {
                return nuxeoPrincipal;
            }
            this.principalCache.put(str, nuxeoPrincipal);
        }
        return ((NuxeoPrincipalImpl) nuxeoPrincipal).cloneTransferable();
    }

    public DocumentModel getUserModel(String str) {
        return getUserModel(str, null);
    }

    public DocumentModel getBareUserModel() {
        return BaseSession.createEntryModel((String) null, this.dirService.getDirectorySchema(this.userDirectoryName), (String) null, (Map) null);
    }

    public NuxeoGroup getGroup(String str) {
        return getGroup(str, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public NuxeoGroup getGroup(String str, DocumentModel documentModel) {
        DocumentModel groupModel = getGroupModel(str, documentModel);
        if (groupModel != null) {
            return makeGroup(groupModel);
        }
        return null;
    }

    public DocumentModel getGroupModel(String str) {
        return getGroupModel(str, null);
    }

    protected NuxeoGroup makeGroup(DocumentModel documentModel) {
        return new NuxeoGroupImpl(documentModel, this.groupConfig);
    }

    public List<String> getTopLevelGroups() {
        return getTopLevelGroups(null);
    }

    public List<String> getGroupsInGroup(String str) {
        NuxeoGroup group = getGroup(str, null);
        return group != null ? group.getMemberGroups() : Collections.emptyList();
    }

    public List<String> getUsersInGroup(String str) {
        return getGroup(str).getMemberUsers();
    }

    public List<String> getUsersInGroupAndSubGroups(String str) {
        return getUsersInGroupAndSubGroups(str, null);
    }

    protected void appendSubgroups(String str, Set<String> set, DocumentModel documentModel) {
        List<String> groupsInGroup = getGroupsInGroup(str, documentModel);
        set.addAll(groupsInGroup);
        for (String str2 : groupsInGroup) {
            set.add(str2);
            if (!set.contains(str2)) {
                appendSubgroups(str2, set, documentModel);
            }
        }
    }

    protected boolean isAnonymousMatching(Map<String, Serializable> map, Set<String> set) {
        String anonymousUserId = getAnonymousUserId();
        if (anonymousUserId == null) {
            return false;
        }
        if (map == null || map.isEmpty()) {
            return true;
        }
        Map properties = this.anonymousUser.getProperties();
        properties.put(this.userIdField, anonymousUserId);
        for (Map.Entry<String, Serializable> entry : map.entrySet()) {
            String key = entry.getKey();
            Serializable value = entry.getValue();
            Object obj = properties.get(key);
            if (obj == null) {
                if (value != null) {
                    return false;
                }
            } else if (set == null || !set.contains(key)) {
                if (!obj.equals(value)) {
                    return false;
                }
            } else if (!obj.toString().toLowerCase().startsWith(value.toString().toLowerCase())) {
                return false;
            }
        }
        return true;
    }

    public List<NuxeoPrincipal> searchPrincipals(String str) {
        DocumentModelList searchUsers = searchUsers(str);
        ArrayList arrayList = new ArrayList(searchUsers.size());
        Iterator it = searchUsers.iterator();
        while (it.hasNext()) {
            arrayList.add(makePrincipal((DocumentModel) it.next()));
        }
        return arrayList;
    }

    public DocumentModelList searchGroups(String str) {
        return searchGroups(str, (DocumentModel) null);
    }

    public String getUserSortField() {
        return this.userSortField;
    }

    protected Map<String, String> getUserSortMap() {
        return getDirectorySortMap(this.userSortField, this.userIdField);
    }

    protected Map<String, String> getGroupSortMap() {
        return getDirectorySortMap(this.groupSortField, this.groupIdField);
    }

    protected Map<String, String> getDirectorySortMap(String str, String str2) {
        String str3 = str != null ? str : str2;
        HashMap hashMap = new HashMap();
        hashMap.put(str3, "asc");
        return hashMap;
    }

    protected void notifyCore(String str, String str2) {
        notifyCore(str, str2, null);
    }

    protected void notifyCore(String str, String str2, List<String> list) {
        HashMap hashMap = new HashMap();
        hashMap.put("category", USER_GROUP_CATEGORY);
        hashMap.put(ID_PROPERTY_KEY, str);
        if (list != null) {
            hashMap.put(ANCESTOR_GROUPS_PROPERTY_KEY, (Serializable) list);
        }
        UnboundEventContext unboundEventContext = new UnboundEventContext(ClientLoginModule.getCurrentPrincipal(), hashMap);
        unboundEventContext.setProperties(hashMap);
        ((EventProducer) Framework.getService(EventProducer.class)).fireEvent(unboundEventContext.newEvent(str2));
    }

    protected void notifyRuntime(String str, String str2) {
        ((EventService) Framework.getService(EventService.class)).sendEvent(new Event(USERMANAGER_TOPIC, str2, this, str));
    }

    public void notifyUserChanged(String str, String str2) {
        invalidatePrincipal(str);
        notifyRuntime(str, USERCHANGED_EVENT_ID);
        if (str2 != null) {
            notifyRuntime(str, str2);
            notifyCore(str, str2);
        }
    }

    protected void invalidatePrincipal(String str) {
        if (useCache()) {
            this.principalCache.invalidate(str);
        }
    }

    public void notifyGroupChanged(String str, String str2, List<String> list) {
        invalidateAllPrincipals();
        notifyRuntime(str, GROUPCHANGED_EVENT_ID);
        if (str2 != null) {
            notifyRuntime(str, str2);
            notifyCore(str, str2, list);
        }
    }

    protected void invalidateAllPrincipals() {
        if (useCache()) {
            this.principalCache.invalidateAll();
        }
    }

    public Boolean areGroupsReadOnly() {
        try {
            Session open = this.dirService.open(this.groupDirectoryName);
            Throwable th = null;
            try {
                Boolean valueOf = Boolean.valueOf(open.isReadOnly());
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
                return valueOf;
            } finally {
            }
        } catch (DirectoryException e) {
            log.error(e);
            return false;
        }
    }

    public Boolean areUsersReadOnly() {
        try {
            Session open = this.dirService.open(this.userDirectoryName);
            Throwable th = null;
            try {
                Boolean valueOf = Boolean.valueOf(open.isReadOnly());
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
                return valueOf;
            } finally {
            }
        } catch (DirectoryException e) {
            log.error(e);
            return false;
        }
    }

    protected void checkGrouId(DocumentModel documentModel) {
        Object property = documentModel.getProperty(this.groupSchemaName, this.groupIdField);
        if (property != null) {
            documentModel.setProperty(this.groupSchemaName, this.groupIdField, property.toString().trim());
        }
    }

    protected String getGroupId(DocumentModel documentModel) {
        Object property = documentModel.getProperty(this.groupSchemaName, this.groupIdField);
        if (property == null || (property instanceof String)) {
            return (String) property;
        }
        throw new NuxeoException("Invalid group id " + property);
    }

    protected void checkUserId(DocumentModel documentModel) {
        Object property = documentModel.getProperty(this.userSchemaName, this.userIdField);
        if (property != null) {
            documentModel.setProperty(this.userSchemaName, this.userIdField, property.toString().trim());
        }
    }

    protected String getUserId(DocumentModel documentModel) {
        Object property = documentModel.getProperty(this.userSchemaName, this.userIdField);
        if (property == null || (property instanceof String)) {
            return (String) property;
        }
        throw new NuxeoException("Invalid user id " + property);
    }

    public DocumentModel createGroup(DocumentModel documentModel) {
        return createGroup(documentModel, null);
    }

    public DocumentModel createUser(DocumentModel documentModel) {
        return createUser(documentModel, null);
    }

    public void deleteGroup(String str) {
        deleteGroup(str, (DocumentModel) null);
    }

    public void deleteGroup(DocumentModel documentModel) {
        deleteGroup(documentModel, (DocumentModel) null);
    }

    public void deleteUser(String str) {
        deleteUser(str, (DocumentModel) null);
    }

    public void deleteUser(DocumentModel documentModel) {
        deleteUser(getUserId(documentModel));
    }

    public List<String> getGroupIds() {
        Session open = this.dirService.open(this.groupDirectoryName);
        Throwable th = null;
        try {
            List<String> projection = open.getProjection(Collections.emptyMap(), open.getIdField());
            Collections.sort(projection);
            if (open != null) {
                if (0 != 0) {
                    try {
                        open.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    open.close();
                }
            }
            return projection;
        } catch (Throwable th3) {
            if (open != null) {
                if (0 != 0) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    public List<String> getUserIds() {
        return getUserIds(null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeVirtualFilters(Map<String, Serializable> map) {
        if (map == null) {
            return;
        }
        for (String str : new ArrayList(map.keySet())) {
            if (str.startsWith(VIRTUAL_FIELD_FILTER_PREFIX)) {
                map.remove(str);
            }
        }
    }

    public DocumentModelList searchGroups(Map<String, Serializable> map, Set<String> set) {
        return searchGroups(map, set, null);
    }

    public DocumentModelList searchUsers(String str) {
        return searchUsers(str, (DocumentModel) null);
    }

    public DocumentModelList searchUsers(Map<String, Serializable> map, Set<String> set) {
        return searchUsers(map, set, getUserSortMap(), null);
    }

    public void updateGroup(DocumentModel documentModel) {
        updateGroup(documentModel, null);
    }

    public void updateUser(DocumentModel documentModel) {
        updateUser(documentModel, null);
    }

    public DocumentModel getBareGroupModel() {
        return BaseSession.createEntryModel((String) null, this.dirService.getDirectorySchema(this.groupDirectoryName), (String) null, (Map) null);
    }

    public List<String> getAdministratorsGroups() {
        return this.administratorGroups;
    }

    protected List<String> getLeafPermissions(String str) {
        ArrayList arrayList = new ArrayList();
        String[] subPermissions = ((PermissionProvider) Framework.getService(PermissionProvider.class)).getSubPermissions(str);
        if (subPermissions == null || subPermissions.length <= 0) {
            arrayList.add(str);
            return arrayList;
        }
        for (String str2 : subPermissions) {
            arrayList.addAll(getLeafPermissions(str2));
        }
        return arrayList;
    }

    public String[] getUsersForPermission(String str, ACP acp) {
        return getUsersForPermission(str, acp, null);
    }

    public Principal authenticate(String str, String str2) {
        if (checkUsernamePassword(str, str2)) {
            return getPrincipal(str);
        }
        return null;
    }

    public DocumentModelList searchUsers(Map<String, Serializable> map, Set<String> set, Map<String, String> map2, DocumentModel documentModel) {
        Session open = this.dirService.open(this.userDirectoryName, documentModel);
        Throwable th = null;
        try {
            try {
                removeVirtualFilters(map);
                DocumentModelList query = open.query(map, set, (Map) null, false);
                if (isAnonymousMatching(map, set)) {
                    query.add(makeVirtualUserEntry(getAnonymousUserId(), this.anonymousUser));
                }
                if (map2 != null && !map2.isEmpty()) {
                    query.sort(new DocumentModelComparator(this.userSchemaName, map2));
                }
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
                return query;
            } finally {
            }
        } catch (Throwable th3) {
            if (open != null) {
                if (th != null) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    public List<String> getUsersInGroup(String str, DocumentModel documentModel) {
        return getGroup(this.multiTenantManagement.groupnameTranformer(this, str, documentModel)).getMemberUsers();
    }

    public DocumentModelList searchUsers(String str, DocumentModel documentModel) {
        DocumentModelList documentModelListImpl = new DocumentModelListImpl();
        if (str == null || str.length() == 0) {
            documentModelListImpl = searchUsers(Collections.emptyMap(), (Set<String>) null);
        } else {
            Serializable trim = str.trim();
            HashMap hashMap = new HashMap();
            for (Map.Entry<String, UserManager.MatchType> entry : this.userSearchFields.entrySet()) {
                Map<String, Serializable> hashMap2 = new HashMap<>();
                hashMap2.put(entry.getKey(), trim);
                for (DocumentModel documentModel2 : entry.getValue() == UserManager.MatchType.SUBSTRING ? searchUsers(hashMap2, hashMap2.keySet(), null, documentModel) : searchUsers(hashMap2, null, null, documentModel)) {
                    hashMap.put(documentModel2.getId(), documentModel2);
                }
            }
            log.debug(String.format("found %d unique entries", Integer.valueOf(hashMap.size())));
            documentModelListImpl.addAll(hashMap.values());
        }
        documentModelListImpl.sort(new DocumentModelComparator(this.userSchemaName, getUserSortMap()));
        return documentModelListImpl;
    }

    public DocumentModelList searchUsers(Map<String, Serializable> map, Set<String> set, DocumentModel documentModel) {
        throw new UnsupportedOperationException();
    }

    public List<String> getGroupIds(DocumentModel documentModel) {
        throw new UnsupportedOperationException();
    }

    public DocumentModelList searchGroups(Map<String, Serializable> map, Set<String> set, DocumentModel documentModel) {
        Map<String, Serializable> cloneMap = map != null ? cloneMap(map) : new HashMap<>();
        HashSet<String> cloneSet = set != null ? cloneSet(set) : new HashSet<>();
        this.multiTenantManagement.queryTransformer(this, cloneMap, cloneSet, documentModel);
        Session open = this.dirService.open(this.groupDirectoryName, documentModel);
        Throwable th = null;
        try {
            try {
                removeVirtualFilters(cloneMap);
                DocumentModelList query = open.query(cloneMap, cloneSet, getGroupSortMap(), false);
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
                return query;
            } finally {
            }
        } catch (Throwable th3) {
            if (open != null) {
                if (th != null) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    public DocumentModel createGroup(DocumentModel documentModel, DocumentModel documentModel2) throws GroupAlreadyExistsException {
        DocumentModel groupTransformer = this.multiTenantManagement.groupTransformer(this, documentModel, documentModel2);
        checkGrouId(groupTransformer);
        Session open = this.dirService.open(this.groupDirectoryName, documentModel2);
        Throwable th = null;
        try {
            String groupId = getGroupId(groupTransformer);
            if (open.hasEntry(groupId)) {
                throw new GroupAlreadyExistsException();
            }
            DocumentModel createEntry = open.createEntry(groupTransformer);
            notifyGroupChanged(groupId, GROUPCREATED_EVENT_ID);
            if (open != null) {
                if (0 != 0) {
                    try {
                        open.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    open.close();
                }
            }
            return createEntry;
        } catch (Throwable th3) {
            if (open != null) {
                if (0 != 0) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    public DocumentModel getGroupModel(String str, DocumentModel documentModel) {
        String groupnameTranformer = this.multiTenantManagement.groupnameTranformer(this, str, documentModel);
        if (groupnameTranformer != null) {
            groupnameTranformer = groupnameTranformer.trim();
        }
        Session open = this.dirService.open(this.groupDirectoryName, documentModel);
        Throwable th = null;
        try {
            try {
                DocumentModel entry = open.getEntry(groupnameTranformer);
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
                return entry;
            } finally {
            }
        } catch (Throwable th3) {
            if (open != null) {
                if (th != null) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    public DocumentModel getUserModel(String str, DocumentModel documentModel) {
        if (str == null) {
            return null;
        }
        String trim = str.trim();
        if (this.anonymousUser != null && trim.equals(this.anonymousUser.getId())) {
            return makeVirtualUserEntry(getAnonymousUserId(), this.anonymousUser);
        }
        Session open = this.dirService.open(this.userDirectoryName, documentModel);
        Throwable th = null;
        try {
            try {
                DocumentModel entry = open.getEntry(trim);
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
                return entry;
            } finally {
            }
        } catch (Throwable th3) {
            if (open != null) {
                if (th != null) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    protected Map<String, Serializable> cloneMap(Map<String, Serializable> map) {
        HashMap hashMap = new HashMap();
        for (String str : map.keySet()) {
            hashMap.put(str, map.get(str));
        }
        return hashMap;
    }

    protected HashSet<String> cloneSet(Set<String> set) {
        HashSet<String> hashSet = new HashSet<>();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next());
        }
        return hashSet;
    }

    public NuxeoPrincipal getPrincipal(String str, DocumentModel documentModel) {
        if (str == null) {
            return null;
        }
        if (str.equals(getAnonymousUserId())) {
            return makeAnonymousPrincipal();
        }
        if (this.virtualUsers.containsKey(str)) {
            return makeVirtualPrincipal((VirtualUser) this.virtualUsers.get(str));
        }
        if (NuxeoPrincipal.isTransientUsername(str)) {
            return makeTransientPrincipal(str);
        }
        DocumentModel userModel = getUserModel(str, documentModel);
        if (userModel != null) {
            return makePrincipal(userModel);
        }
        return null;
    }

    public DocumentModelList searchGroups(String str, DocumentModel documentModel) {
        DocumentModelList documentModelListImpl = new DocumentModelListImpl();
        if (str == null || str.length() == 0) {
            documentModelListImpl = searchGroups(Collections.emptyMap(), (Set<String>) null);
        } else {
            Serializable trim = str.trim();
            HashMap hashMap = new HashMap();
            for (Map.Entry<String, UserManager.MatchType> entry : this.groupSearchFields.entrySet()) {
                Map<String, Serializable> hashMap2 = new HashMap<>();
                hashMap2.put(entry.getKey(), trim);
                for (DocumentModel documentModel2 : entry.getValue() == UserManager.MatchType.SUBSTRING ? searchGroups(hashMap2, hashMap2.keySet(), documentModel) : searchGroups(hashMap2, null, documentModel)) {
                    hashMap.put(documentModel2.getId(), documentModel2);
                }
            }
            log.debug(String.format("found %d unique group entries", Integer.valueOf(hashMap.size())));
            documentModelListImpl.addAll(hashMap.values());
        }
        documentModelListImpl.sort(new DocumentModelComparator(this.groupSchemaName, getGroupSortMap()));
        return documentModelListImpl;
    }

    public List<String> getUserIds(DocumentModel documentModel) {
        Session open = this.dirService.open(this.userDirectoryName, documentModel);
        Throwable th = null;
        try {
            try {
                List<String> projection = open.getProjection(Collections.emptyMap(), open.getIdField());
                Collections.sort(projection);
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
                return projection;
            } finally {
            }
        } catch (Throwable th3) {
            if (open != null) {
                if (th != null) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    public DocumentModel createUser(DocumentModel documentModel, DocumentModel documentModel2) throws UserAlreadyExistsException {
        checkUserId(documentModel);
        Session open = this.dirService.open(this.userDirectoryName, documentModel2);
        Throwable th = null;
        try {
            String userId = getUserId(documentModel);
            if (open.hasEntry(userId)) {
                throw new UserAlreadyExistsException();
            }
            checkPasswordValidity(documentModel);
            String directorySchema = this.dirService.getDirectorySchema(this.userDirectoryName);
            String str = (String) documentModel.getProperty(directorySchema, open.getIdField());
            String str2 = (String) documentModel.getProperty(directorySchema, open.getPasswordField());
            DocumentModel createEntry = open.createEntry(documentModel);
            syncDigestAuthPassword(str, str2);
            notifyUserChanged(userId, USERCREATED_EVENT_ID);
            if (open != null) {
                if (0 != 0) {
                    try {
                        open.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    open.close();
                }
            }
            return createEntry;
        } catch (Throwable th3) {
            if (open != null) {
                if (0 != 0) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    protected void checkPasswordValidity(DocumentModel documentModel) throws InvalidPasswordException {
        if (mustCheckPasswordValidity()) {
            Property propertyObject = documentModel.getPropertyObject(this.dirService.getDirectorySchema(this.userDirectoryName), this.dirService.getDirectory(this.userDirectoryName).getPasswordField());
            if (propertyObject.isDirty()) {
                String str = (String) propertyObject.getValue();
                if (StringUtils.isNotBlank(str) && !validatePassword(str)) {
                    throw new InvalidPasswordException();
                }
            }
        }
    }

    public void updateUser(DocumentModel documentModel, DocumentModel documentModel2) {
        Session open = this.dirService.open(this.userDirectoryName, documentModel2);
        Throwable th = null;
        try {
            String userId = getUserId(documentModel);
            if (!open.hasEntry(userId)) {
                throw new DirectoryException("user does not exist: " + userId);
            }
            String directorySchema = this.dirService.getDirectorySchema(this.userDirectoryName);
            checkPasswordValidity(documentModel);
            String str = (String) documentModel.getProperty(directorySchema, open.getIdField());
            String str2 = (String) documentModel.getProperty(directorySchema, open.getPasswordField());
            open.updateEntry(documentModel);
            syncDigestAuthPassword(str, str2);
            notifyUserChanged(userId, USERMODIFIED_EVENT_ID);
            if (open != null) {
                if (0 == 0) {
                    open.close();
                    return;
                }
                try {
                    open.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (open != null) {
                if (0 != 0) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    private boolean mustCheckPasswordValidity() {
        return ((ConfigurationService) Framework.getService(ConfigurationService.class)).isBooleanPropertyTrue(VALIDATE_PASSWORD_PARAM);
    }

    public void deleteUser(DocumentModel documentModel, DocumentModel documentModel2) {
        deleteUser(getUserId(documentModel), documentModel2);
    }

    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x0079: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:26:0x0079 */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x007d: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:28:0x007d */
    /* JADX WARN: Type inference failed for: r8v0, types: [org.nuxeo.ecm.directory.Session] */
    /* JADX WARN: Type inference failed for: r9v0, types: [java.lang.Throwable] */
    public void deleteUser(String str, DocumentModel documentModel) {
        try {
            try {
                Session open = this.dirService.open(this.userDirectoryName, documentModel);
                Throwable th = null;
                if (!open.hasEntry(str)) {
                    throw new DirectoryException("User does not exist: " + str);
                }
                open.deleteEntry(str);
                notifyUserChanged(str, USERDELETED_EVENT_ID);
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
            } finally {
            }
        } finally {
            notifyUserChanged(str, null);
        }
    }

    public void updateGroup(DocumentModel documentModel, DocumentModel documentModel2) {
        Session open = this.dirService.open(this.groupDirectoryName, documentModel2);
        Throwable th = null;
        try {
            String groupId = getGroupId(documentModel);
            if (!open.hasEntry(groupId)) {
                throw new DirectoryException("group does not exist: " + groupId);
            }
            open.updateEntry(documentModel);
            notifyGroupChanged(groupId, GROUPMODIFIED_EVENT_ID);
            if (open != null) {
                if (0 == 0) {
                    open.close();
                    return;
                }
                try {
                    open.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (open != null) {
                if (0 != 0) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    public void deleteGroup(DocumentModel documentModel, DocumentModel documentModel2) {
        deleteGroup(getGroupId(documentModel), documentModel2);
    }

    public void deleteGroup(String str, DocumentModel documentModel) {
        Session open = this.dirService.open(this.groupDirectoryName, documentModel);
        Throwable th = null;
        try {
            if (!open.hasEntry(str)) {
                throw new DirectoryException("Group does not exist: " + str);
            }
            List<String> ancestorGroups = getAncestorGroups(str);
            open.deleteEntry(str);
            notifyGroupChanged(str, GROUPDELETED_EVENT_ID, ancestorGroups);
            if (open != null) {
                if (0 == 0) {
                    open.close();
                    return;
                }
                try {
                    open.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (open != null) {
                if (0 != 0) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    public List<String> getGroupsInGroup(String str, DocumentModel documentModel) {
        return getGroup(str, null).getMemberGroups();
    }

    public List<String> getTopLevelGroups(DocumentModel documentModel) {
        Session open = this.dirService.open(this.groupDirectoryName, documentModel);
        Throwable th = null;
        try {
            try {
                LinkedList linkedList = new LinkedList();
                for (DocumentModel documentModel2 : open.query(Collections.emptyMap(), (Set) null, (Map) null, true)) {
                    List list = (List) documentModel2.getProperty(this.groupSchemaName, this.groupParentGroupsField);
                    if (list == null || list.isEmpty()) {
                        linkedList.add(documentModel2.getId());
                    }
                }
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
                return linkedList;
            } finally {
            }
        } catch (Throwable th3) {
            if (open != null) {
                if (th != null) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    public List<String> getUsersInGroupAndSubGroups(String str, DocumentModel documentModel) {
        HashSet hashSet = new HashSet();
        hashSet.add(str);
        appendSubgroups(str, hashSet, documentModel);
        HashSet hashSet2 = new HashSet();
        Iterator<String> it = hashSet.iterator();
        while (it.hasNext()) {
            hashSet2.addAll(getGroup(it.next(), documentModel).getMemberUsers());
        }
        return new ArrayList(hashSet2);
    }

    public String[] getUsersForPermission(String str, ACP acp, DocumentModel documentModel) {
        PermissionProvider permissionProvider = (PermissionProvider) Framework.getService(PermissionProvider.class);
        HashSet hashSet = new HashSet();
        ACL mergedACLs = acp.getMergedACLs("merged");
        ArrayList arrayList = new ArrayList();
        List<String> leafPermissions = getLeafPermissions(str);
        for (ACE ace : mergedACLs.getACEs()) {
            List<String> leafPermissions2 = getLeafPermissions(ace.getPermission());
            if ("Everything".equals(ace.getPermission())) {
                leafPermissions2 = Arrays.asList(permissionProvider.getPermissions());
            }
            if (leafPermissions2.containsAll(leafPermissions)) {
                if ("Everyone".equals(ace.getUsername()) && !ace.isGranted()) {
                    break;
                }
                arrayList.add(ace);
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            ACE ace2 = (ACE) it.next();
            String username = ace2.getUsername();
            List<String> userIds = "Everyone".equals(username) ? getUserIds() : null;
            if (userIds == null && getGroup(username, documentModel) != null) {
                userIds = getUsersInGroupAndSubGroups(username, documentModel);
            }
            if (userIds == null) {
                userIds = new ArrayList();
                userIds.add(username);
            }
            if (ace2.isGranted()) {
                hashSet.addAll(userIds);
            } else {
                hashSet.removeAll(userIds);
            }
        }
        return (String[]) hashSet.toArray(new String[hashSet.size()]);
    }

    public List<String> getAncestorGroups(String str) {
        ArrayList arrayList = new ArrayList();
        populateAncestorGroups(str, arrayList);
        return arrayList;
    }

    protected void populateAncestorGroups(String str, List<String> list) {
        NuxeoGroup group = getGroup(str);
        if (group != null) {
            group.getParentGroups().stream().filter(str2 -> {
                return !list.contains(str2);
            }).forEach(str3 -> {
                list.add(str3);
                populateAncestorGroups(str3, list);
            });
        }
    }

    public GroupConfig getGroupConfig() {
        return this.groupConfig;
    }

    public void handleEvent(Event event) {
        String id = event.getId();
        if (INVALIDATE_PRINCIPAL_EVENT_ID.equals(id)) {
            invalidatePrincipal((String) event.getData());
        } else if (INVALIDATE_ALL_PRINCIPALS_EVENT_ID.equals(id)) {
            invalidateAllPrincipals();
        }
    }
}
