package org.jahia.bin;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.regex.Pattern;
import javax.jcr.Property;
import javax.jcr.PropertyIterator;
import javax.jcr.RepositoryException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.jahia.exceptions.JahiaException;
import org.jahia.exceptions.JahiaForbiddenAccessException;
import org.jahia.services.content.decorator.JCRGroupNode;
import org.jahia.services.content.decorator.JCRUserNode;
import org.jahia.services.render.RenderException;
import org.jahia.services.sites.JahiaSitesService;
import org.jahia.services.usermanager.JahiaGroupManagerService;
import org.jahia.services.usermanager.JahiaUserManagerService;
import org.jahia.utils.Patterns;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.owasp.encoder.Encode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jahia/bin/FindPrincipal.class */
public class FindPrincipal extends BaseFindController {
    private static final String PRINCIPALTYPE_PARAMNAME = "principalType";
    private static final String WILDCARDTERM_PARAMNAME = "wildcardTerm";
    private static final String ESCAPECOLON_PARAMNAME = "escapeColon";
    private static final String SITEKEY_PARAMNAME = "siteKey";
    private static final String PROPERTYMATCHREGEXP_PARAMNAME = "propertyMatchRegexp";
    private static final String REMOVEDUPLICATEPROPVALUES_PARAMNAME = "removeDuplicatePropValues";
    private static final String INCLUDECRITERIANAMES_PARAMNAME = "includeCriteriaNames";
    private JahiaUserManagerService jahiaUserManagerService;
    private JahiaGroupManagerService jahiaGroupManagerService;
    private JahiaSitesService jahiaSitesService;
    private static final Logger logger = LoggerFactory.getLogger(FindPrincipal.class);
    private static final Set<String> RESERVED_PARAMETERNAMES = new HashSet();

    public void setJahiaUserManagerService(JahiaUserManagerService jahiaUserManagerService) {
        this.jahiaUserManagerService = jahiaUserManagerService;
    }

    public void setJahiaGroupManagerService(JahiaGroupManagerService jahiaGroupManagerService) {
        this.jahiaGroupManagerService = jahiaGroupManagerService;
    }

    public void setJahiaSitesService(JahiaSitesService jahiaSitesService) {
        this.jahiaSitesService = jahiaSitesService;
    }

    protected String expandRequestMarkers(HttpServletRequest httpServletRequest, String str) {
        String substring;
        String parameter;
        String str2 = str;
        int indexOf = str2.indexOf("{$");
        while (true) {
            int i = indexOf;
            if (i < 0) {
                return str2;
            }
            int indexOf2 = str2.indexOf("}", i);
            if (indexOf2 > 0 && (parameter = httpServletRequest.getParameter((substring = str2.substring(i + 2, indexOf2)))) != null) {
                str2 = StringUtils.replace(str2, "{$" + substring + "}", parameter);
            }
            indexOf = str2.indexOf("{$", i + 2);
        }
    }

    protected String retrieveParameter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z) throws IOException {
        String parameter = httpServletRequest.getParameter(str);
        if (!StringUtils.isEmpty(parameter)) {
            parameter = expandRequestMarkers(httpServletRequest, parameter);
        }
        if (!z || !StringUtils.isEmpty(parameter)) {
            return parameter;
        }
        httpServletResponse.sendError(400, "Mandatory parameter '" + str + "' is not found in the request");
        throw new IOException("Mandatory parameter '" + str + "' is not found in the request");
    }

    protected Map<String, String[]> retrieveOtherParameters(HttpServletRequest httpServletRequest) throws IOException {
        Map parameterMap = httpServletRequest.getParameterMap();
        HashMap hashMap = new HashMap(parameterMap.size());
        for (Map.Entry entry : parameterMap.entrySet()) {
            if (!RESERVED_PARAMETERNAMES.contains(entry.getKey())) {
                hashMap.put(Encode.forJava((String) entry.getKey()), Arrays.stream((Object[]) entry.getValue()).map(Encode::forJava).toArray(i -> {
                    return new String[i];
                }));
            }
        }
        return hashMap;
    }

    protected Properties buildSearchCriterias(String str, Map<String, String[]> map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Properties properties = new Properties();
        if (str != null) {
            properties.setProperty("*", str);
        }
        String retrieveParameter = retrieveParameter(httpServletRequest, httpServletResponse, INCLUDECRITERIANAMES_PARAMNAME, false);
        HashSet hashSet = new HashSet();
        if (retrieveParameter != null) {
            if (retrieveParameter.contains(",")) {
                for (String str2 : Patterns.COMMA.split(retrieveParameter)) {
                    hashSet.add(Encode.forJava(str2));
                }
            } else {
                hashSet.add(retrieveParameter);
            }
        }
        for (Map.Entry<String, String[]> entry : map.entrySet()) {
            String[] value = entry.getValue();
            if (logger.isDebugEnabled() && !hashSet.isEmpty() && !hashSet.contains(entry.getKey())) {
                logger.debug("Ignoring parameter with name {} since it wasn't specified in the include criteria name list", Encode.forJava(entry.getKey()));
            } else if (value.length >= 1 || !logger.isWarnEnabled()) {
                if (value.length > 1 && logger.isWarnEnabled()) {
                    logger.warn("Parameter {} has more than one value, only the first one will be used.", entry.getKey());
                }
                properties.setProperty(entry.getKey(), expandRequestMarkers(httpServletRequest, value[0]));
            } else {
                logger.warn("Parameter {} has invalid value(s), ignoring it.", entry.getKey());
            }
        }
        return properties;
    }

    private void writeUserResults(Set<JCRUserNode> set, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z) throws RepositoryException, IllegalArgumentException, IOException, RenderException, JSONException {
        httpServletResponse.setContentType("application/json; charset=UTF-8");
        JSONArray jSONArray = new JSONArray();
        HashMap hashMap = z ? new HashMap() : null;
        Pattern compile = str != null ? Pattern.compile(str, 2) : null;
        for (JCRUserNode jCRUserNode : set) {
            JSONObject jSONObject = new JSONObject(jCRUserNode.getJahiaUser());
            if (compile != null) {
                PropertyIterator properties = jCRUserNode.getProperties();
                HashSet hashSet = new HashSet();
                while (properties.hasNext()) {
                    Property nextProperty = properties.nextProperty();
                    String name2 = nextProperty.getName();
                    String string = nextProperty.getValue().getString();
                    if (compile.matcher(string).matches()) {
                        if (hashMap != null) {
                            String str2 = (String) hashMap.get(string);
                            if (str2 != null) {
                                if (!str2.equals(jCRUserNode.getPath())) {
                                    break;
                                }
                            } else {
                                hashMap.put(string, jCRUserNode.getPath());
                            }
                        }
                        hashSet.add(name2);
                    }
                }
                jSONObject.put("matchingProperties", new JSONArray((Collection) hashSet));
            }
            jSONArray.put(jSONObject);
        }
        try {
            jSONArray.write(httpServletResponse.getWriter());
        } catch (JSONException e) {
            throw new RenderException(e);
        }
    }

    private void writeGroupResults(Set<JCRGroupNode> set, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z) throws RepositoryException, IllegalArgumentException, IOException, RenderException, JSONException {
        httpServletResponse.setContentType("application/json; charset=UTF-8");
        JSONArray jSONArray = new JSONArray();
        HashMap hashMap = z ? new HashMap() : null;
        for (JCRGroupNode jCRGroupNode : set) {
            JSONObject jSONObject = new JSONObject(jCRGroupNode.getJahiaGroup());
            if (str != null) {
                Pattern compile = Pattern.compile(str, 2);
                PropertyIterator properties = jCRGroupNode.getProperties();
                HashSet hashSet = new HashSet();
                while (properties.hasNext()) {
                    Property nextProperty = properties.nextProperty();
                    String name2 = nextProperty.getName();
                    String string = nextProperty.getValue().getString();
                    if (compile.matcher(string).matches()) {
                        if (hashMap != null) {
                            String str2 = (String) hashMap.get(string);
                            if (str2 != null) {
                                if (!str2.equals(jCRGroupNode.getPath())) {
                                    break;
                                }
                            } else {
                                hashMap.put(string, jCRGroupNode.getPath());
                            }
                        }
                        hashSet.add(name2);
                    }
                }
                jSONObject.put("matchingProperties", new JSONArray((Collection) hashSet));
            }
            jSONArray.put(jSONObject);
        }
        try {
            jSONArray.write(httpServletResponse.getWriter());
        } catch (JSONException e) {
            throw new RenderException(e);
        }
    }

    @Override // org.jahia.bin.BaseFindController
    protected void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws RenderException, IOException, RepositoryException, JahiaForbiddenAccessException {
        checkUserLoggedIn();
        checkUserAuthorized();
        try {
            String retrieveParameter = retrieveParameter(httpServletRequest, httpServletResponse, PRINCIPALTYPE_PARAMNAME, true);
            if (retrieveParameter == null) {
                return;
            }
            String retrieveParameter2 = retrieveParameter(httpServletRequest, httpServletResponse, WILDCARDTERM_PARAMNAME, false);
            String retrieveParameter3 = retrieveParameter(httpServletRequest, httpServletResponse, PROPERTYMATCHREGEXP_PARAMNAME, false);
            String retrieveParameter4 = retrieveParameter(httpServletRequest, httpServletResponse, REMOVEDUPLICATEPROPVALUES_PARAMNAME, false);
            boolean z = false;
            if (retrieveParameter4 != null) {
                z = Boolean.parseBoolean(retrieveParameter4);
            }
            String retrieveParameter5 = retrieveParameter(httpServletRequest, httpServletResponse, SITEKEY_PARAMNAME, "groups".equals(retrieveParameter));
            Properties buildSearchCriterias = buildSearchCriterias(retrieveParameter2, retrieveOtherParameters(httpServletRequest), httpServletRequest, httpServletResponse);
            if (logger.isDebugEnabled()) {
                logger.debug("Searching for principal type " + retrieveParameter + " with criterias " + buildSearchCriterias);
            }
            if (JahiaGroupManagerService.USERS_GROUPNAME.equals(retrieveParameter)) {
                writeUserResults(this.jahiaUserManagerService.searchUsers(buildSearchCriterias), httpServletRequest, httpServletResponse, retrieveParameter3, z);
                return;
            }
            if (!"groups".equals(retrieveParameter)) {
                logger.error("Principal type value " + retrieveParameter + " is invalid, aborting searching...");
                httpServletResponse.sendError(400);
            } else {
                if (retrieveParameter5 == null) {
                    logger.error("Site key is mandatory for group searching and is missing in request, aborting searching...");
                    httpServletResponse.sendError(400);
                    return;
                }
                try {
                    writeGroupResults(this.jahiaGroupManagerService.searchGroups(this.jahiaSitesService.getSiteByKey(retrieveParameter5).getSiteKey(), buildSearchCriterias), httpServletRequest, httpServletResponse, retrieveParameter3, z);
                } catch (JahiaException e) {
                    logger.error("Error while trying to retrieve site with key " + retrieveParameter5 + ", aborting search... ", e);
                    httpServletResponse.sendError(400);
                }
            }
        } catch (IllegalArgumentException e2) {
            logger.error("Invalid argument", e2);
            httpServletResponse.sendError(400, e2.getMessage());
        } catch (JSONException e3) {
            logger.error("JSON serialization error ", e3);
            httpServletResponse.sendError(400, e3.getMessage());
        }
    }

    public static String getFindPrincipalServletPath() {
        return "/cms/findPrincipal";
    }

    static {
        RESERVED_PARAMETERNAMES.add(PRINCIPALTYPE_PARAMNAME);
        RESERVED_PARAMETERNAMES.add(WILDCARDTERM_PARAMNAME);
        RESERVED_PARAMETERNAMES.add(ESCAPECOLON_PARAMNAME);
        RESERVED_PARAMETERNAMES.add(SITEKEY_PARAMNAME);
        RESERVED_PARAMETERNAMES.add(PROPERTYMATCHREGEXP_PARAMNAME);
        RESERVED_PARAMETERNAMES.add(REMOVEDUPLICATEPROPVALUES_PARAMNAME);
        RESERVED_PARAMETERNAMES.add(INCLUDECRITERIANAMES_PARAMNAME);
    }
}
