package org.apache.sling.jackrabbit.usermanager.impl.post;

import java.util.List;
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.servlet.Servlet;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.resource.ResourceNotFoundException;
import org.apache.sling.commons.json.jcr.JsonItemWriter;
import org.apache.sling.commons.osgi.OsgiUtil;
import org.apache.sling.jackrabbit.usermanager.ChangeUserPassword;
import org.apache.sling.jackrabbit.usermanager.impl.resource.AuthorizableResourceProvider;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.apache.sling.servlets.post.AbstractPostResponse;
import org.apache.sling.servlets.post.Modification;
import org.apache.sling.servlets.resolver.internal.ServletResolverConstants;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service({Servlet.class, ChangeUserPassword.class})
@Component(metatype = true, label = "%changeUserPassword.post.operation.name", description = "%changeUserPassword.post.operation.description")
@Properties({@Property(name = ServletResolverConstants.SLING_SERVLET_RESOURCE_TYPES, value = {"sling/user"}), @Property(name = ServletResolverConstants.SLING_SERVLET_METHODS, value = {"POST"}), @Property(name = ServletResolverConstants.SLING_SERVLET_SELECTORS, value = {"changePassword"}), @Property(name = AbstractAuthorizablePostServlet.PROP_DATE_FORMAT, value = {JsonItemWriter.ECMA_DATE_FORMAT, "yyyy-MM-dd'T'HH:mm:ss.SSSZ", "yyyy-MM-dd'T'HH:mm:ss", "yyyy-MM-dd", "dd.MM.yyyy HH:mm:ss", "dd.MM.yyyy"})})
/* loaded from: input_file:resources/install/15/org.apache.sling.jcr.jackrabbit.usermanager-2.2.2.jar:org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.class */
public class ChangeUserPasswordServlet extends AbstractUserPostServlet implements ChangeUserPassword {
    private static final long serialVersionUID = 1923614318474654502L;
    private static final String DEFAULT_USER_ADMIN_GROUP_NAME = "UserAdmin";

    @Property({"UserAdmin"})
    private static final String PAR_USER_ADMIN_GROUP_NAME = "user.admin.group.name";
    private final Logger log = LoggerFactory.getLogger(getClass());
    private String userAdminGroupName = "UserAdmin";

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractUserPostServlet, org.apache.sling.jackrabbit.usermanager.impl.post.AbstractAuthorizablePostServlet
    public void activate(ComponentContext componentContext) {
        super.activate(componentContext);
        this.userAdminGroupName = OsgiUtil.toString(componentContext.getProperties().get(PAR_USER_ADMIN_GROUP_NAME), "UserAdmin");
        this.log.info("User Admin Group Name {}", this.userAdminGroupName);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractUserPostServlet, org.apache.sling.jackrabbit.usermanager.impl.post.AbstractAuthorizablePostServlet
    public void deactivate(ComponentContext componentContext) {
        super.deactivate(componentContext);
    }

    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractPostServlet
    protected void handleOperation(SlingHttpServletRequest slingHttpServletRequest, AbstractPostResponse abstractPostResponse, List<Modification> list) throws RepositoryException {
        changePassword((Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class), slingHttpServletRequest.getResource().getName(), slingHttpServletRequest.getParameter("oldPwd"), slingHttpServletRequest.getParameter("newPwd"), slingHttpServletRequest.getParameter("newPwdConfirm"), list);
    }

    @Override // org.apache.sling.jackrabbit.usermanager.ChangeUserPassword
    public User changePassword(Session session, String str, String str2, String str3, String str4, List<Modification> list) throws RepositoryException {
        boolean z;
        if ("anonymous".equals(str)) {
            throw new RepositoryException("Can not change the password of the anonymous user.");
        }
        Authorizable authorizable = AccessControlUtil.getUserManager(session).getAuthorizable(str);
        if (!(authorizable instanceof User)) {
            throw new ResourceNotFoundException("User to update could not be determined");
        }
        User user = (User) authorizable;
        if (str2 == null || str2.length() == 0) {
            try {
                UserManager userManager = AccessControlUtil.getUserManager(session);
                User user2 = (User) userManager.getAuthorizable(session.getUserID());
                z = user2.isAdmin();
                if (!z) {
                    Authorizable authorizable2 = userManager.getAuthorizable(this.userAdminGroupName);
                    if (authorizable2 instanceof Group) {
                        if (((Group) authorizable2).isMember(user2)) {
                            z = true;
                        }
                    }
                }
            } catch (Exception e) {
                this.log.warn("Failed to determine if the user is an admin, assuming not. Cause: " + e.getMessage());
                z = false;
            }
            if (!z) {
                throw new RepositoryException("Old Password was not submitted");
            }
        }
        if (str3 == null || str3.length() == 0) {
            throw new RepositoryException("New Password was not submitted");
        }
        if (!str3.equals(str4)) {
            throw new RepositoryException("New Password does not match the confirmation password");
        }
        if (str2 != null && str2.length() > 0) {
            checkPassword(authorizable, str2);
        }
        try {
            user.changePassword(str3);
            list.add(Modification.onModified(AuthorizableResourceProvider.SYSTEM_USER_MANAGER_USER_PREFIX + user.getID() + "/rep:password"));
            return user;
        } catch (RepositoryException e2) {
            throw new RepositoryException("Failed to change user password.", e2);
        }
    }

    private void checkPassword(Authorizable authorizable, String str) throws RepositoryException {
        Credentials credentials = ((User) authorizable).getCredentials();
        if (!(credentials instanceof SimpleCredentials)) {
            try {
                if (((Boolean) credentials.getClass().getMethod("matches", SimpleCredentials.class).invoke(credentials, new SimpleCredentials(authorizable.getPrincipal().getName(), str.toCharArray()))).booleanValue()) {
                    return;
                }
            } catch (Throwable th) {
            }
        } else if (str.equals(String.valueOf(((SimpleCredentials) credentials).getPassword()))) {
            return;
        }
        throw new RepositoryException("Old Password does not match");
    }
}
