package org.apache.sling.jackrabbit.usermanager.impl.post;

import java.util.Dictionary;
import java.util.List;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.Servlet;
import org.apache.derby.security.DatabasePermission;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.commons.json.jcr.JsonItemWriter;
import org.apache.sling.commons.osgi.OsgiUtil;
import org.apache.sling.jackrabbit.usermanager.CreateUser;
import org.apache.sling.jackrabbit.usermanager.impl.resource.AuthorizableResourceProvider;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.apache.sling.servlets.post.AbstractPostResponse;
import org.apache.sling.servlets.post.Modification;
import org.apache.sling.servlets.post.ModificationType;
import org.apache.sling.servlets.post.SlingPostConstants;
import org.apache.sling.servlets.post.impl.helper.RequestProperty;
import org.apache.sling.servlets.resolver.internal.ServletResolverConstants;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service({Servlet.class, CreateUser.class})
@Component(metatype = true, label = "%createUser.post.operation.name", description = "%createUser.post.operation.description")
@Properties({@Property(name = ServletResolverConstants.SLING_SERVLET_RESOURCE_TYPES, value = {"sling/users"}), @Property(name = ServletResolverConstants.SLING_SERVLET_METHODS, value = {"POST"}), @Property(name = ServletResolverConstants.SLING_SERVLET_SELECTORS, value = {DatabasePermission.CREATE}), @Property(name = AbstractAuthorizablePostServlet.PROP_DATE_FORMAT, value = {JsonItemWriter.ECMA_DATE_FORMAT, "yyyy-MM-dd'T'HH:mm:ss.SSSZ", "yyyy-MM-dd'T'HH:mm:ss", "yyyy-MM-dd", "dd.MM.yyyy HH:mm:ss", "dd.MM.yyyy"})})
/* loaded from: input_file:resources/install/15/org.apache.sling.jcr.jackrabbit.usermanager-2.2.2.jar:org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.class */
public class CreateUserServlet extends AbstractUserPostServlet implements CreateUser {
    private static final long serialVersionUID = 6871481922737658675L;
    private static final boolean DEFAULT_SELF_REGISTRATION_ENABLED = false;

    @Property(label = "%self.registration.enabled.name", description = "%self.registration.enabled.description", boolValue = {false})
    private static final String PROP_SELF_REGISTRATION_ENABLED = "self.registration.enabled";
    private static final String DEFAULT_USER_ADMIN_GROUP_NAME = "UserAdmin";

    @Property({"UserAdmin"})
    private static final String PAR_USER_ADMIN_GROUP_NAME = "user.admin.group.name";

    @Reference
    private SlingRepository repository;
    private final Logger log = LoggerFactory.getLogger(getClass());
    private Boolean selfRegistrationEnabled = false;
    private String userAdminGroupName = "UserAdmin";

    private Session getSession() throws RepositoryException {
        return this.repository.loginAdministrative(null);
    }

    private void ungetSession(Session session) {
        if (session != null) {
            try {
                session.logout();
            } catch (Throwable th) {
                this.log.error("Unable to log out of session: " + th.getMessage(), th);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractUserPostServlet, org.apache.sling.jackrabbit.usermanager.impl.post.AbstractAuthorizablePostServlet
    public void activate(ComponentContext componentContext) {
        super.activate(componentContext);
        Dictionary<String, Object> properties = componentContext.getProperties();
        Object obj = properties.get(PROP_SELF_REGISTRATION_ENABLED);
        if (obj instanceof Boolean) {
            this.selfRegistrationEnabled = (Boolean) obj;
        } else if (obj instanceof String) {
            this.selfRegistrationEnabled = Boolean.valueOf(Boolean.parseBoolean((String) obj));
        } else {
            this.selfRegistrationEnabled = false;
        }
        this.userAdminGroupName = OsgiUtil.toString(properties.get(PAR_USER_ADMIN_GROUP_NAME), "UserAdmin");
        this.log.info("User Admin Group Name {}", this.userAdminGroupName);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractUserPostServlet, org.apache.sling.jackrabbit.usermanager.impl.post.AbstractAuthorizablePostServlet
    public void deactivate(ComponentContext componentContext) {
        super.deactivate(componentContext);
    }

    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractPostServlet
    protected void handleOperation(SlingHttpServletRequest slingHttpServletRequest, AbstractPostResponse abstractPostResponse, List<Modification> list) throws RepositoryException {
        User createUser = createUser((Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class), slingHttpServletRequest.getParameter(SlingPostConstants.RP_NODE_NAME), slingHttpServletRequest.getParameter("pwd"), slingHttpServletRequest.getParameter("pwdConfirm"), slingHttpServletRequest.getRequestParameterMap(), list);
        String str = null;
        if (createUser != null) {
            str = AuthorizableResourceProvider.SYSTEM_USER_MANAGER_USER_PREFIX + createUser.getID();
        } else if (list.size() > 0) {
            Modification modification = list.get(0);
            if (modification.getType() == ModificationType.CREATE) {
                str = modification.getSource();
            }
        }
        if (str != null) {
            abstractPostResponse.setPath(str);
            abstractPostResponse.setLocation(externalizePath(slingHttpServletRequest, str));
        }
        abstractPostResponse.setParentLocation(externalizePath(slingHttpServletRequest, AuthorizableResourceProvider.SYSTEM_USER_MANAGER_USER_PATH));
    }

    @Override // org.apache.sling.jackrabbit.usermanager.CreateUser
    public User createUser(Session session, String str, String str2, String str3, Map<String, ?> map, List<Modification> list) throws RepositoryException {
        boolean z;
        if (session == null) {
            throw new RepositoryException("JCR Session not found");
        }
        try {
            UserManager userManager = AccessControlUtil.getUserManager(session);
            User user = (User) userManager.getAuthorizable(session.getUserID());
            z = user.isAdmin();
            if (!z) {
                Authorizable authorizable = userManager.getAuthorizable(this.userAdminGroupName);
                if (authorizable instanceof Group) {
                    if (((Group) authorizable).isMember(user)) {
                        z = true;
                    }
                }
            }
        } catch (Exception e) {
            this.log.warn("Failed to determine if the user is an admin, assuming not. Cause: " + e.getMessage());
            z = false;
        }
        if (!z && !this.selfRegistrationEnabled.booleanValue()) {
            throw new RepositoryException("Sorry, registration of new users is not currently enabled.  Please try again later.");
        }
        if (str == null || str.length() == 0) {
            throw new RepositoryException("User name was not submitted");
        }
        if (str2 == null) {
            throw new RepositoryException("Password was not submitted");
        }
        if (!str2.equals(str3)) {
            throw new RepositoryException("Password value does not match the confirmation password");
        }
        Session session2 = session;
        boolean z2 = !z && this.selfRegistrationEnabled.booleanValue();
        if (z2) {
            try {
                session2 = getSession();
            } catch (Throwable th) {
                if (z2) {
                    ungetSession(session2);
                }
                throw th;
            }
        }
        UserManager userManager2 = AccessControlUtil.getUserManager(session2);
        if (userManager2.getAuthorizable(str) != null) {
            throw new RepositoryException("A principal already exists with the requested name: " + str);
        }
        User createUser = userManager2.createUser(str, str2);
        String str4 = AuthorizableResourceProvider.SYSTEM_USER_MANAGER_USER_PREFIX + createUser.getID();
        Map<String, RequestProperty> collectContent = collectContent(map, str4);
        list.add(Modification.onCreated(str4));
        writeContent(session2, createUser, collectContent, list);
        if (session2.hasPendingChanges()) {
            session2.save();
        }
        if (z2) {
            Authorizable authorizable2 = AccessControlUtil.getUserManager(session).getAuthorizable(createUser.getID());
            createUser = authorizable2 instanceof User ? (User) authorizable2 : null;
        }
        if (z2) {
            ungetSession(session2);
        }
        return createUser;
    }

    protected void bindRepository(SlingRepository slingRepository) {
        this.repository = slingRepository;
    }

    protected void unbindRepository(SlingRepository slingRepository) {
        if (this.repository == slingRepository) {
            this.repository = null;
        }
    }
}
