package org.apache.jackrabbit.oak.security.user;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import java.security.Principal;
import java.text.ParseException;
import java.util.Collections;
import java.util.Iterator;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.query.Query;
import org.apache.jackrabbit.oak.api.QueryEngine;
import org.apache.jackrabbit.oak.api.ResultRow;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.spi.query.PropertyValues;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableNodeName;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.oak.util.TreeUtil;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:resources/install/15/oak-core-1.6.8.jar:org/apache/jackrabbit/oak/security/user/UserProvider.class */
public class UserProvider extends AuthorizableBaseProvider {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) UserProvider.class);
    private static final String DELIMITER = "/";
    private final int defaultDepth;
    private final String groupPath;
    private final String userPath;

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserProvider(@Nonnull Root root, @Nonnull ConfigurationParameters configurationParameters) {
        super(root, configurationParameters);
        this.defaultDepth = ((Integer) configurationParameters.getConfigValue(UserConstants.PARAM_DEFAULT_DEPTH, 2)).intValue();
        this.groupPath = (String) configurationParameters.getConfigValue(UserConstants.PARAM_GROUP_PATH, UserConstants.DEFAULT_GROUP_PATH);
        this.userPath = (String) configurationParameters.getConfigValue(UserConstants.PARAM_USER_PATH, UserConstants.DEFAULT_USER_PATH);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public Tree createUser(@Nonnull String str, @Nullable String str2) throws RepositoryException {
        return createAuthorizableNode(str, UserConstants.NT_REP_USER, str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public Tree createGroup(@Nonnull String str, @Nullable String str2) throws RepositoryException {
        return createAuthorizableNode(str, UserConstants.NT_REP_GROUP, str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public Tree createSystemUser(@Nonnull String str, @Nullable String str2) throws RepositoryException {
        String str3;
        String str4 = (String) this.config.getConfigValue(UserConstants.PARAM_SYSTEM_RELATIVE_PATH, "system");
        if (str2 == null) {
            str3 = str4;
        } else {
            if (!str2.startsWith(str4) && !str2.startsWith(this.userPath + '/' + str4)) {
                throw new ConstraintViolationException("System users must be located in the 'system' subtree of the user root.");
            }
            str3 = str2;
        }
        return createAuthorizableNode(str, UserConstants.NT_REP_SYSTEM_USER, str3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @CheckForNull
    public Tree getAuthorizable(@Nonnull String str) {
        return getByID(str, AuthorizableType.AUTHORIZABLE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @CheckForNull
    public Tree getAuthorizableByPath(@Nonnull String str) {
        return getByPath(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @CheckForNull
    public Tree getAuthorizableByPrincipal(@Nonnull Principal principal) {
        if (principal instanceof TreeBasedPrincipal) {
            return this.root.getTree(((TreeBasedPrincipal) principal).getOakPath());
        }
        try {
            StringBuilder sb = new StringBuilder();
            sb.append("SELECT * FROM [").append(UserConstants.NT_REP_AUTHORIZABLE).append(']');
            sb.append(" WHERE [").append("rep:principalName").append("] = $principalName");
            sb.append(QueryEngine.INTERNAL_SQL2_QUERY);
            Iterator<? extends ResultRow> it = this.root.getQueryEngine().executeQuery(sb.toString(), Query.JCR_SQL2, 1L, 0L, Collections.singletonMap("principalName", PropertyValues.newString(principal.getName())), QueryEngine.NO_MAPPINGS).getRows().iterator();
            if (!it.hasNext()) {
                return null;
            }
            return this.root.getTree(it.next().getPath());
        } catch (ParseException e) {
            log.error("Failed to retrieve authorizable by principal", (Throwable) e);
            return null;
        }
    }

    private Tree createAuthorizableNode(@Nonnull String str, @Nonnull String str2, @Nullable String str3) throws RepositoryException {
        String str4;
        String nodeName = getNodeName(str);
        Tree createFolderNodes = createFolderNodes(nodeName, UserConstants.NT_REP_GROUP.equals(str2), str3);
        if (createFolderNodes.hasChild(nodeName)) {
            int i = 1;
            String str5 = nodeName + 1;
            while (true) {
                str4 = str5;
                if (!createFolderNodes.hasChild(str4)) {
                    break;
                }
                i++;
                str5 = nodeName + i;
            }
            nodeName = str4;
        }
        Tree addChild = TreeUtil.addChild(createFolderNodes, nodeName, str2, this.root.getTree("/jcr:system/jcr:nodeTypes"), Strings.nullToEmpty(this.root.getContentSession().getAuthInfo().getUserID()));
        addChild.setProperty(UserConstants.REP_AUTHORIZABLE_ID, str);
        addChild.setProperty("jcr:uuid", getContentID(str, ((Boolean) this.config.getConfigValue(UserConstants.PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE, false)).booleanValue()));
        return addChild;
    }

    private Tree createFolderNodes(@Nonnull String str, boolean z, @Nullable String str2) throws RepositoryException {
        Tree tree;
        String str3 = z ? this.groupPath : this.userPath;
        String str4 = str3 + getFolderPath(str, str2, str3);
        Tree tree2 = this.root.getTree(str4);
        while (true) {
            tree = tree2;
            if (tree.isRoot() || tree.exists()) {
                break;
            }
            tree2 = tree.getParent();
        }
        if (!tree.exists()) {
            throw new AccessDeniedException("Missing permission to create intermediate authorizable folders.");
        }
        NodeUtil nodeUtil = new NodeUtil(tree);
        String relativize = PathUtils.relativize(tree.getPath(), str4);
        if (!relativize.isEmpty()) {
            nodeUtil = nodeUtil.getOrAddTree(relativize, UserConstants.NT_REP_AUTHORIZABLE_FOLDER);
        }
        while (nodeUtil.hasChild(str)) {
            NodeUtil child = nodeUtil.getChild(str);
            if (!UserConstants.NT_REP_AUTHORIZABLE_FOLDER.equals(TreeUtil.getPrimaryTypeName(child.getTree()))) {
                break;
            }
            log.debug("Existing folder node collides with user/group to be created. Expanding path by: " + child.getName());
            nodeUtil = child;
        }
        return nodeUtil.getTree();
    }

    @Nonnull
    private String getFolderPath(@Nonnull String str, @Nullable String str2, @Nonnull String str3) throws ConstraintViolationException {
        boolean z = str2 == null || str2.isEmpty() || str3.equals(str2);
        StringBuilder sb = new StringBuilder();
        if (z) {
            String unescapeIllegalJcrChars = Text.unescapeIllegalJcrChars(str);
            int length = unescapeIllegalJcrChars.length();
            StringBuilder sb2 = new StringBuilder();
            for (int i = 0; i < this.defaultDepth; i++) {
                if (length > i) {
                    sb2.append(unescapeIllegalJcrChars.charAt(i));
                } else {
                    sb2.append(unescapeIllegalJcrChars.charAt(length - 1));
                }
                sb.append("/").append(Text.escapeIllegalJcrChars(sb2.toString()));
            }
        } else {
            if (str2.charAt(0) == '/') {
                if (!str2.startsWith(str3)) {
                    throw new ConstraintViolationException("Attempt to create authorizable at '" + str2 + "' outside of the configured root '" + str3 + '\'');
                }
                str2 = str2.substring(str3.length() + 1);
            }
            sb.append("/").append(str2);
        }
        return sb.toString();
    }

    private String getNodeName(@Nonnull String str) {
        return ((AuthorizableNodeName) Preconditions.checkNotNull(this.config.getConfigValue(UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, AuthorizableNodeName.DEFAULT, AuthorizableNodeName.class))).generateNodeName(str);
    }
}
