package org.nuxeo.ecm.multi.tenant;

import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.CoreSession;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.DocumentModelList;
import org.nuxeo.ecm.core.api.UnrestrictedSessionRunner;
import org.nuxeo.ecm.core.api.repository.RepositoryManager;
import org.nuxeo.ecm.core.api.security.ACE;
import org.nuxeo.ecm.core.api.security.ACL;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.core.trash.TrashService;
import org.nuxeo.ecm.directory.Session;
import org.nuxeo.ecm.directory.api.DirectoryService;
import org.nuxeo.runtime.api.Framework;
import org.nuxeo.runtime.model.ComponentContext;
import org.nuxeo.runtime.model.ComponentInstance;
import org.nuxeo.runtime.model.DefaultComponent;
import org.nuxeo.runtime.transaction.TransactionHelper;

/* loaded from: input_file:org/nuxeo/ecm/multi/tenant/MultiTenantServiceImpl.class */
public class MultiTenantServiceImpl extends DefaultComponent implements MultiTenantService {
    private static final Log log = LogFactory.getLog(MultiTenantServiceImpl.class);
    public static final String CONFIGURATION_EP = "configuration";
    private MultiTenantConfiguration configuration;
    private Boolean isTenantIsolationEnabled;

    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public boolean isTenantIsolationEnabledByDefault() {
        return this.configuration.isEnabledByDefault();
    }

    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public String getTenantDocumentType() {
        return this.configuration.getTenantDocumentType();
    }

    /* JADX WARN: Type inference failed for: r0v6, types: [org.nuxeo.ecm.multi.tenant.MultiTenantServiceImpl$1] */
    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public boolean isTenantIsolationEnabled(CoreSession coreSession) {
        if (this.isTenantIsolationEnabled == null) {
            final ArrayList arrayList = new ArrayList();
            new UnrestrictedSessionRunner(coreSession) { // from class: org.nuxeo.ecm.multi.tenant.MultiTenantServiceImpl.1
                public void run() {
                    arrayList.addAll(this.session.query("SELECT * FROM Document WHERE ecm:mixinType = 'TenantConfig' AND ecm:currentLifeCycleState != 'deleted'"));
                }
            }.runUnrestricted();
            this.isTenantIsolationEnabled = Boolean.valueOf(!arrayList.isEmpty());
        }
        return this.isTenantIsolationEnabled.booleanValue();
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [org.nuxeo.ecm.multi.tenant.MultiTenantServiceImpl$2] */
    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public void enableTenantIsolation(CoreSession coreSession) {
        if (isTenantIsolationEnabled(coreSession)) {
            return;
        }
        new UnrestrictedSessionRunner(coreSession) { // from class: org.nuxeo.ecm.multi.tenant.MultiTenantServiceImpl.2
            public void run() {
                Iterator it = this.session.query(String.format("SELECT * FROM Document WHERE ecm:primaryType = '%s' AND ecm:currentLifeCycleState != 'deleted'", MultiTenantServiceImpl.this.configuration.getTenantDocumentType())).iterator();
                while (it.hasNext()) {
                    MultiTenantServiceImpl.this.enableTenantIsolationFor(this.session, (DocumentModel) it.next());
                }
                this.session.save();
            }
        }.runUnrestricted();
        this.isTenantIsolationEnabled = true;
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [org.nuxeo.ecm.multi.tenant.MultiTenantServiceImpl$3] */
    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public void disableTenantIsolation(CoreSession coreSession) {
        if (isTenantIsolationEnabled(coreSession)) {
            new UnrestrictedSessionRunner(coreSession) { // from class: org.nuxeo.ecm.multi.tenant.MultiTenantServiceImpl.3
                public void run() {
                    Iterator it = this.session.query("SELECT * FROM Document WHERE ecm:mixinType = 'TenantConfig' AND ecm:currentLifeCycleState != 'deleted'").iterator();
                    while (it.hasNext()) {
                        MultiTenantServiceImpl.this.disableTenantIsolationFor(this.session, (DocumentModel) it.next());
                    }
                    this.session.save();
                }
            }.runUnrestricted();
            this.isTenantIsolationEnabled = false;
        }
    }

    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public void enableTenantIsolationFor(CoreSession coreSession, DocumentModel documentModel) {
        if (!documentModel.hasFacet(Constants.TENANT_CONFIG_FACET)) {
            documentModel.addFacet(Constants.TENANT_CONFIG_FACET);
        }
        String str = (String) registerTenant(documentModel).getPropertyValue("tenant:id");
        documentModel.setPropertyValue(Constants.TENANT_ID_PROPERTY, str);
        setTenantACL(str, documentModel);
        coreSession.saveDocument(documentModel);
    }

    private DocumentModel registerTenant(DocumentModel documentModel) {
        Session open = ((DirectoryService) Framework.getLocalService(DirectoryService.class)).open(Constants.TENANTS_DIRECTORY);
        Throwable th = null;
        try {
            try {
                HashMap hashMap = new HashMap();
                hashMap.put("id", getTenantIdForTenant(documentModel));
                hashMap.put("label", documentModel.getTitle());
                hashMap.put("docId", documentModel.getId());
                DocumentModel createEntry = open.createEntry(hashMap);
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
                return createEntry;
            } finally {
            }
        } catch (Throwable th3) {
            if (open != null) {
                if (th != null) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    private void setTenantACL(String str, DocumentModel documentModel) {
        ACP acp = documentModel.getACP();
        ACL orCreateACL = acp.getOrCreateACL();
        orCreateACL.add(new ACE(MultiTenantHelper.computeTenantAdministratorsGroup(str), "Everything", true));
        String computeTenantMembersGroup = MultiTenantHelper.computeTenantMembersGroup(str);
        String membersGroupPermission = this.configuration.getMembersGroupPermission();
        if (!StringUtils.isBlank(membersGroupPermission)) {
            orCreateACL.add(new ACE(computeTenantMembersGroup, membersGroupPermission, true));
        }
        orCreateACL.add(new ACE("Everyone", "Everything", false));
        documentModel.setACP(acp, true);
    }

    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public void disableTenantIsolationFor(CoreSession coreSession, DocumentModel documentModel) {
        if (coreSession.exists(documentModel.getRef())) {
            if (documentModel.hasFacet(Constants.TENANT_CONFIG_FACET)) {
                documentModel.removeFacet(Constants.TENANT_CONFIG_FACET);
            }
            removeTenantACL(documentModel);
            coreSession.saveDocument(documentModel);
        }
        unregisterTenant(documentModel);
    }

    private void removeTenantACL(DocumentModel documentModel) {
        ACP acp = documentModel.getACP();
        ACL orCreateACL = acp.getOrCreateACL();
        int indexOf = orCreateACL.indexOf(new ACE(MultiTenantHelper.computeTenantAdministratorsGroup(getTenantIdForTenant(documentModel)), "Everything", true));
        if (indexOf >= 0) {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(orCreateACL.subList(0, indexOf));
            arrayList.addAll(orCreateACL.subList(indexOf + 3, orCreateACL.size()));
            orCreateACL.setACEs((ACE[]) arrayList.toArray(new ACE[arrayList.size()]));
        }
        documentModel.setACP(acp, true);
    }

    private void unregisterTenant(DocumentModel documentModel) {
        Session open = ((DirectoryService) Framework.getLocalService(DirectoryService.class)).open(Constants.TENANTS_DIRECTORY);
        Throwable th = null;
        try {
            open.deleteEntry(getTenantIdForTenant(documentModel));
            if (open != null) {
                if (0 == 0) {
                    open.close();
                    return;
                }
                try {
                    open.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (open != null) {
                if (0 != 0) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    protected String getTenantIdForTenant(DocumentModel documentModel) {
        String name = documentModel.getName();
        if (documentModel.getCurrentLifeCycleState().equals("deleted")) {
            name = ((TrashService) Framework.getService(TrashService.class)).unmangleName(documentModel);
        }
        return name;
    }

    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public List<DocumentModel> getTenants() {
        Session open = ((DirectoryService) Framework.getLocalService(DirectoryService.class)).open(Constants.TENANTS_DIRECTORY);
        Throwable th = null;
        try {
            try {
                DocumentModelList entries = open.getEntries();
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
                return entries;
            } finally {
            }
        } catch (Throwable th3) {
            if (open != null) {
                if (th != null) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public boolean isTenantAdministrator(Principal principal) {
        if (!(principal instanceof MultiTenantPrincipal)) {
            return false;
        }
        MultiTenantPrincipal multiTenantPrincipal = (MultiTenantPrincipal) principal;
        return multiTenantPrincipal.getTenantId() != null && multiTenantPrincipal.isMemberOf(Constants.POWER_USERS_GROUP);
    }

    /* JADX WARN: Type inference failed for: r0v24, types: [org.nuxeo.ecm.multi.tenant.MultiTenantServiceImpl$4] */
    public void applicationStarted(ComponentContext componentContext) {
        boolean z = false;
        try {
            z = TransactionHelper.startTransaction();
            Iterator it = ((RepositoryManager) Framework.getLocalService(RepositoryManager.class)).getRepositoryNames().iterator();
            while (it.hasNext()) {
                new UnrestrictedSessionRunner((String) it.next()) { // from class: org.nuxeo.ecm.multi.tenant.MultiTenantServiceImpl.4
                    public void run() {
                        if (!MultiTenantServiceImpl.this.isTenantIsolationEnabledByDefault() || MultiTenantServiceImpl.this.isTenantIsolationEnabled(this.session)) {
                            return;
                        }
                        MultiTenantServiceImpl.this.enableTenantIsolation(this.session);
                    }
                }.runUnrestricted();
            }
            if (z) {
                if (1 == 0) {
                    try {
                        TransactionHelper.setTransactionRollbackOnly();
                    } finally {
                    }
                }
            }
        } catch (Throwable th) {
            if (z) {
                if (0 == 0) {
                    try {
                        TransactionHelper.setTransactionRollbackOnly();
                    } finally {
                    }
                }
            }
            throw th;
        }
    }

    public void registerContribution(Object obj, String str, ComponentInstance componentInstance) {
        if (CONFIGURATION_EP.equals(str)) {
            if (this.configuration != null) {
                log.warn("Overriding existing multi tenant configuration");
            }
            this.configuration = (MultiTenantConfiguration) obj;
        }
    }

    public void unregisterContribution(Object obj, String str, ComponentInstance componentInstance) {
        if (CONFIGURATION_EP.equals(str) && obj.equals(this.configuration)) {
            this.configuration = null;
        }
    }

    @Override // org.nuxeo.ecm.multi.tenant.MultiTenantService
    public List<String> getProhibitedGroups() {
        if (this.configuration != null) {
            return this.configuration.getProhibitedGroups();
        }
        return null;
    }
}
