package org.apache.jackrabbit.core.security.user;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.nodetype.ConstraintViolationException;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.flat.PropertySequence;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.id.NodeId;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.core.session.SessionContext;
import org.apache.jackrabbit.core.session.SessionWriteOperation;
import org.apache.jackrabbit.core.state.NodeState;
import org.apache.jackrabbit.core.util.ReferenceChangeTracker;
import org.apache.jackrabbit.core.xml.NodeInfo;
import org.apache.jackrabbit.core.xml.PropInfo;
import org.apache.jackrabbit.core.xml.ProtectedNodeImporter;
import org.apache.jackrabbit.core.xml.ProtectedPropertyImporter;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.QPropertyDefinition;
import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/jackrabbit-core-2.8.6.jar:org/apache/jackrabbit/core/security/user/UserImporter.class
 */
/* loaded from: input_file:org/apache/jackrabbit/core/security/user/UserImporter.class */
public class UserImporter implements ProtectedPropertyImporter, ProtectedNodeImporter {
    private static final Logger log;
    public static final String PARAM_IMPORT_BEHAVIOR = "importBehavior";
    private JackrabbitSession session;
    private NamePathResolver resolver;
    private ReferenceChangeTracker referenceTracker;
    private UserPerWorkspaceUserManager userManager;
    private Membership currentMembership;
    static final /* synthetic */ boolean $assertionsDisabled;
    private boolean initialized = false;
    private boolean resetAutoSave = false;
    private int importBehavior = 1;
    private Map<String, String> currentPw = new HashMap(1);

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/jackrabbit-core-2.8.6.jar:org/apache/jackrabbit/core/security/user/UserImporter$Impersonators.class
     */
    /* loaded from: input_file:org/apache/jackrabbit/core/security/user/UserImporter$Impersonators.class */
    private static final class Impersonators {
        private final String userId;
        private final Value[] values;

        private Impersonators(String str, Value[] valueArr) {
            this.userId = str;
            this.values = valueArr;
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/jackrabbit-core-2.8.6.jar:org/apache/jackrabbit/core/security/user/UserImporter$ImportBehavior.class
     */
    /* loaded from: input_file:org/apache/jackrabbit/core/security/user/UserImporter$ImportBehavior.class */
    public static final class ImportBehavior {
        public static final int IGNORE = 1;
        public static final int BESTEFFORT = 2;
        public static final int ABORT = 3;
        public static final String NAME_IGNORE = "ignore";
        public static final String NAME_BESTEFFORT = "besteffort";
        public static final String NAME_ABORT = "abort";

        public static int valueFromName(String str) {
            if ("ignore".equalsIgnoreCase(str)) {
                return 1;
            }
            if ("besteffort".equalsIgnoreCase(str)) {
                return 2;
            }
            if ("abort".equalsIgnoreCase(str)) {
                return 3;
            }
            UserImporter.log.error("Invalid behavior " + str + " -> Using default: ABORT.");
            return 3;
        }

        public static String nameFromValue(int i) {
            switch (i) {
                case 1:
                    return "ignore";
                case 2:
                    return "besteffort";
                case 3:
                    return "abort";
                default:
                    throw new IllegalArgumentException("Invalid import behavior: " + i);
            }
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/jackrabbit-core-2.8.6.jar:org/apache/jackrabbit/core/security/user/UserImporter$Membership.class
     */
    /* loaded from: input_file:org/apache/jackrabbit/core/security/user/UserImporter$Membership.class */
    private static final class Membership {
        private final String groupId;
        private final List<Member> members = new LinkedList();

        /* JADX WARN: Classes with same name are omitted:
          input_file:WEB-INF/lib/jackrabbit-core-2.8.6.jar:org/apache/jackrabbit/core/security/user/UserImporter$Membership$Member.class
         */
        /* loaded from: input_file:org/apache/jackrabbit/core/security/user/UserImporter$Membership$Member.class */
        public class Member {
            private final String name;
            private final NodeId id;

            public Member(String str, NodeId nodeId) {
                this.name = str;
                this.id = nodeId;
            }
        }

        public Membership(String str) {
            this.groupId = str;
        }

        public void addMember(String str, NodeId nodeId) {
            this.members.add(new Member(str, nodeId));
        }

        public void addMember(NodeId nodeId) {
            addMember(null, nodeId);
        }
    }

    @Override // org.apache.jackrabbit.core.xml.ProtectedItemImporter
    public boolean init(JackrabbitSession jackrabbitSession, NamePathResolver namePathResolver, boolean z, int i, ReferenceChangeTracker referenceChangeTracker) {
        this.session = jackrabbitSession;
        this.resolver = namePathResolver;
        this.referenceTracker = referenceChangeTracker;
        if (this.initialized) {
            throw new IllegalStateException("Already initialized");
        }
        if (i == 0) {
            log.debug("ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW isn't supported when importing users or groups.");
            return false;
        }
        if (z) {
            log.debug("Only Session-Import is supported when importing users or groups.");
            return false;
        }
        try {
            UserManager userManager = jackrabbitSession.getUserManager();
            if (userManager instanceof UserPerWorkspaceUserManager) {
                if (userManager.isAutoSave()) {
                    userManager.autoSave(false);
                    this.resetAutoSave = true;
                    log.debug("Changed autosave behavior of UserManager to 'false'.");
                }
                this.userManager = (UserPerWorkspaceUserManager) userManager;
                this.initialized = true;
            } else {
                log.debug("Failed to initialize UserImporter: UserManager isn't instance of UserPerWorkspaceUserManager or does implicit save call.");
            }
        } catch (RepositoryException e) {
            log.error("Failed to initialize UserImporter: ", (Throwable) e);
        }
        return this.initialized;
    }

    @Override // org.apache.jackrabbit.core.xml.ProtectedPropertyImporter
    public boolean handlePropInfo(NodeImpl nodeImpl, PropInfo propInfo, QPropertyDefinition qPropertyDefinition) throws RepositoryException {
        if (!this.initialized) {
            throw new IllegalStateException("Not initialized");
        }
        Authorizable authorizable = this.userManager.getAuthorizable(nodeImpl);
        if (authorizable == null) {
            log.warn("Cannot handle protected PropInfo " + propInfo + ". Node " + nodeImpl + " doesn't represent a valid Authorizable.");
            return false;
        }
        if (this.userManager.isAutoSave()) {
            this.userManager.autoSave(false);
        }
        try {
            Name name = propInfo.getName();
            if (UserConstants.P_PRINCIPAL_NAME.equals(name)) {
                if (qPropertyDefinition.isMultiple() || !UserConstants.NT_REP_AUTHORIZABLE.equals(qPropertyDefinition.getDeclaringNodeType())) {
                    log.warn("Unexpected definition for property rep:principalName");
                    if (this.resetAutoSave) {
                        this.userManager.autoSave(true);
                    }
                    return false;
                }
                this.userManager.setPrincipal(nodeImpl, new PrincipalImpl(propInfo.getValues(1, this.resolver)[0].getString()));
                if (nodeImpl.isNew()) {
                    if (authorizable.isGroup()) {
                        this.userManager.onCreate((Group) authorizable);
                    } else if (this.currentPw.containsKey(authorizable.getID())) {
                        this.userManager.onCreate((User) authorizable, this.currentPw.remove(authorizable.getID()));
                    }
                }
                return true;
            }
            if (UserConstants.P_PASSWORD.equals(name)) {
                if (authorizable.isGroup()) {
                    log.warn("Expected parent node of type rep:User.");
                    if (this.resetAutoSave) {
                        this.userManager.autoSave(true);
                    }
                    return false;
                }
                if (qPropertyDefinition.isMultiple() || !UserConstants.NT_REP_USER.equals(qPropertyDefinition.getDeclaringNodeType())) {
                    log.warn("Unexpected definition for property rep:password");
                    if (this.resetAutoSave) {
                        this.userManager.autoSave(true);
                    }
                    return false;
                }
                String string = propInfo.getValues(1, this.resolver)[0].getString();
                this.userManager.setPassword(nodeImpl, string, false);
                if (nodeImpl.isNew()) {
                    if (nodeImpl.hasProperty(UserConstants.P_PRINCIPAL_NAME)) {
                        this.userManager.onCreate((User) authorizable, string);
                    } else {
                        this.currentPw.clear();
                        this.currentPw.put(authorizable.getID(), string);
                    }
                }
                if (this.resetAutoSave) {
                    this.userManager.autoSave(true);
                }
                return true;
            }
            if (UserConstants.P_IMPERSONATORS.equals(name)) {
                if (authorizable.isGroup()) {
                    log.warn("Expected parent node of type rep:User.");
                    if (this.resetAutoSave) {
                        this.userManager.autoSave(true);
                    }
                    return false;
                }
                if (!qPropertyDefinition.isMultiple() || !UserConstants.MIX_REP_IMPERSONATABLE.equals(qPropertyDefinition.getDeclaringNodeType())) {
                    log.warn("Unexpected definition for property rep:impersonators");
                    if (this.resetAutoSave) {
                        this.userManager.autoSave(true);
                    }
                    return false;
                }
                this.referenceTracker.processedReference(new Impersonators(authorizable.getID(), propInfo.getValues(1, this.resolver)));
                if (this.resetAutoSave) {
                    this.userManager.autoSave(true);
                }
                return true;
            }
            if (UserConstants.P_DISABLED.equals(name)) {
                if (authorizable.isGroup()) {
                    log.warn("Expected parent node of type rep:User.");
                    if (this.resetAutoSave) {
                        this.userManager.autoSave(true);
                    }
                    return false;
                }
                if (qPropertyDefinition.isMultiple() || !UserConstants.NT_REP_USER.equals(qPropertyDefinition.getDeclaringNodeType())) {
                    log.warn("Unexpected definition for property rep:disabled");
                    if (this.resetAutoSave) {
                        this.userManager.autoSave(true);
                    }
                    return false;
                }
                ((User) authorizable).disable(propInfo.getValues(1, this.resolver)[0].getString());
                if (this.resetAutoSave) {
                    this.userManager.autoSave(true);
                }
                return true;
            }
            if (!UserConstants.P_MEMBERS.equals(name)) {
                if (this.resetAutoSave) {
                    this.userManager.autoSave(true);
                }
                return false;
            }
            if (!authorizable.isGroup()) {
                log.warn("Expected parent node of type rep:Group.");
                if (this.resetAutoSave) {
                    this.userManager.autoSave(true);
                }
                return false;
            }
            if (!qPropertyDefinition.isMultiple() || !UserConstants.NT_REP_GROUP.equals(qPropertyDefinition.getDeclaringNodeType())) {
                log.warn("Unexpected definition for property rep:members");
                if (this.resetAutoSave) {
                    this.userManager.autoSave(true);
                }
                return false;
            }
            Membership membership = new Membership(authorizable.getID());
            for (Value value : propInfo.getValues(10, this.resolver)) {
                membership.addMember(new NodeId(value.getString()));
            }
            this.referenceTracker.processedReference(membership);
            if (this.resetAutoSave) {
                this.userManager.autoSave(true);
            }
            return true;
        } finally {
            if (this.resetAutoSave) {
                this.userManager.autoSave(true);
            }
        }
    }

    @Override // org.apache.jackrabbit.core.xml.ProtectedPropertyImporter
    public boolean handlePropInfo(NodeState nodeState, PropInfo propInfo, QPropertyDefinition qPropertyDefinition) throws RepositoryException {
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.jackrabbit.core.xml.ProtectedItemImporter
    public void processReferences() throws RepositoryException {
        if (!this.initialized) {
            throw new IllegalStateException("Not initialized");
        }
        if (this.userManager.isAutoSave()) {
            this.userManager.autoSave(false);
        }
        try {
            ArrayList arrayList = new ArrayList();
            Iterator<Object> processedReferences = this.referenceTracker.getProcessedReferences();
            while (processedReferences.hasNext()) {
                Object next = processedReferences.next();
                if (next instanceof Membership) {
                    Authorizable authorizable = this.userManager.getAuthorizable(((Membership) next).groupId);
                    if (authorizable == null || !authorizable.isGroup()) {
                        throw new RepositoryException(((Membership) next).groupId + " does not represent a valid group.");
                    }
                    final Group group = (Group) authorizable;
                    HashMap hashMap = new HashMap();
                    Iterator<Authorizable> declaredMembers = group.getDeclaredMembers();
                    while (declaredMembers.hasNext()) {
                        Authorizable next2 = declaredMembers.next();
                        hashMap.put(next2.getID(), next2);
                    }
                    ArrayList<Authorizable> arrayList2 = new ArrayList();
                    final ArrayList arrayList3 = new ArrayList();
                    for (Membership.Member member : ((Membership) next).members) {
                        NodeId mappedId = this.referenceTracker.getMappedId(member.id);
                        NodeId nodeId = mappedId == null ? member.id : mappedId;
                        Authorizable authorizable2 = null;
                        try {
                            authorizable2 = this.userManager.getAuthorizable(((SessionImpl) this.session).getNodeById(nodeId));
                        } catch (RepositoryException e) {
                        }
                        if (authorizable2 == null) {
                            handleFailure("New member of " + group + ": No such authorizable (NodeID = " + nodeId + ")");
                            if (this.importBehavior == 2) {
                                log.info("ImportBehavior.BESTEFFORT: Remember non-existing member for processing.");
                                arrayList3.add(member);
                            }
                        } else if (hashMap.remove(authorizable2.getID()) == null) {
                            arrayList2.add(authorizable2);
                        }
                    }
                    for (Authorizable authorizable3 : hashMap.values()) {
                        if (!group.removeMember(authorizable3)) {
                            handleFailure("Failed remove existing member (" + authorizable3 + ") from " + group);
                        }
                    }
                    for (Authorizable authorizable4 : arrayList2) {
                        if (!group.addMember(authorizable4)) {
                            handleFailure("Failed add member (" + authorizable4 + ") to " + group);
                        }
                    }
                    if (!arrayList3.isEmpty()) {
                        log.info("ImportBehavior.BESTEFFORT: Found " + arrayList3.size() + " entries of rep:members pointing to non-existing authorizables. Adding to rep:members.");
                        final NodeImpl node = ((AuthorizableImpl) group).getNode();
                        if (this.userManager.hasMemberSplitSize()) {
                            this.userManager.performProtectedOperation((SessionImpl) this.session, new SessionWriteOperation<Object>() { // from class: org.apache.jackrabbit.core.security.user.UserImporter.1
                                @Override // org.apache.jackrabbit.core.session.SessionOperation
                                public Boolean perform(SessionContext sessionContext) throws RepositoryException {
                                    NodeImpl node2 = node.hasNode(UserConstants.N_MEMBERS) ? node.getNode(UserConstants.N_MEMBERS) : node.addNode(UserConstants.N_MEMBERS, UserConstants.NT_REP_MEMBERS, null);
                                    for (Membership.Member member2 : arrayList3) {
                                        PropertySequence propertySequence = GroupImpl.getPropertySequence(node2, UserImporter.this.userManager);
                                        String str = member2.name;
                                        if (str == null) {
                                            UserImporter.log.debug("Ignoring unnamed user with id {}", member2.id);
                                        } else {
                                            if (propertySequence.hasItem(str)) {
                                                UserImporter.log.debug("Overwriting authorizable {} which is already member of {}.", str, group);
                                                propertySequence.removeProperty(str);
                                            }
                                            propertySequence.addProperty(str, UserImporter.this.session.getValueFactory().createValue(member2.id.toString(), 10));
                                        }
                                    }
                                    return null;
                                }
                            });
                        } else {
                            ArrayList arrayList4 = new ArrayList();
                            if (node.hasProperty(UserConstants.P_MEMBERS)) {
                                arrayList4.addAll(Arrays.asList(node.getProperty(UserConstants.P_MEMBERS).getValues()));
                            }
                            Iterator it = arrayList3.iterator();
                            while (it.hasNext()) {
                                arrayList4.add(this.session.getValueFactory().createValue(((Membership.Member) it.next()).id.toString(), 10));
                            }
                            this.userManager.setProtectedProperty(node, UserConstants.P_MEMBERS, (Value[]) arrayList4.toArray(new Value[arrayList4.size()]), 10);
                        }
                    }
                    arrayList.add(next);
                } else if (next instanceof Impersonators) {
                    Authorizable authorizable5 = this.userManager.getAuthorizable(((Impersonators) next).userId);
                    if (authorizable5 == null || authorizable5.isGroup()) {
                        throw new RepositoryException(((Impersonators) next).userId + " does not represent a valid user.");
                    }
                    Impersonation impersonation = ((User) authorizable5).getImpersonation();
                    HashMap hashMap2 = new HashMap();
                    PrincipalIterator impersonators = impersonation.getImpersonators();
                    while (impersonators.hasNext()) {
                        Principal nextPrincipal = impersonators.nextPrincipal();
                        hashMap2.put(nextPrincipal.getName(), nextPrincipal);
                    }
                    ArrayList<Principal> arrayList5 = new ArrayList();
                    for (Value value : ((Impersonators) next).values) {
                        String string = value.getString();
                        if (hashMap2.remove(string) == null) {
                            arrayList5.add(new PrincipalImpl(string));
                        }
                    }
                    for (Principal principal : hashMap2.values()) {
                        if (!impersonation.revokeImpersonation(principal)) {
                            handleFailure("Failed to revoke impersonation for " + principal.getName() + " on " + authorizable5);
                        }
                    }
                    for (Principal principal2 : arrayList5) {
                        if (!impersonation.grantImpersonation(principal2)) {
                            handleFailure("Failed to grant impersonation for " + principal2.getName() + " on " + authorizable5);
                        }
                    }
                    arrayList.add(next);
                } else {
                    continue;
                }
            }
            this.referenceTracker.removeReferences(arrayList);
            if (this.resetAutoSave) {
                this.userManager.autoSave(true);
            }
        } catch (Throwable th) {
            if (this.resetAutoSave) {
                this.userManager.autoSave(true);
            }
            throw th;
        }
    }

    @Override // org.apache.jackrabbit.core.xml.ProtectedNodeImporter
    public boolean start(NodeImpl nodeImpl) throws RepositoryException {
        NodeImpl nodeImpl2;
        String jCRName = this.resolver.getJCRName(UserConstants.NT_REP_MEMBERS);
        if (!jCRName.equals(nodeImpl.getPrimaryNodeType().getName())) {
            return false;
        }
        NodeImpl nodeImpl3 = nodeImpl;
        while (true) {
            nodeImpl2 = nodeImpl3;
            if (nodeImpl2.getDepth() == 0 || !jCRName.equals(nodeImpl2.getPrimaryNodeType().getName())) {
                break;
            }
            nodeImpl3 = (NodeImpl) nodeImpl2.getParent();
        }
        Authorizable authorizable = this.userManager.getAuthorizable(nodeImpl2);
        if (authorizable == null) {
            log.debug("Cannot handle protected node " + nodeImpl + ". It nor one of its parents represent a valid Authorizable.");
            return false;
        }
        this.currentMembership = new Membership(authorizable.getID());
        return true;
    }

    @Override // org.apache.jackrabbit.core.xml.ProtectedNodeImporter
    public boolean start(NodeState nodeState) {
        return false;
    }

    @Override // org.apache.jackrabbit.core.xml.ProtectedNodeImporter
    public void startChildInfo(NodeInfo nodeInfo, List<PropInfo> list) throws RepositoryException {
        if (!$assertionsDisabled && this.currentMembership == null) {
            throw new AssertionError();
        }
        if (!UserConstants.NT_REP_MEMBERS.equals(nodeInfo.getNodeTypeName())) {
            log.warn("{} is not of type {}", nodeInfo.getName(), UserConstants.NT_REP_MEMBERS);
            return;
        }
        for (PropInfo propInfo : list) {
            for (Value value : propInfo.getValues(10, this.resolver)) {
                this.currentMembership.addMember(this.resolver.getJCRName(propInfo.getName()), new NodeId(value.getString()));
            }
        }
    }

    @Override // org.apache.jackrabbit.core.xml.ProtectedNodeImporter
    public void endChildInfo() throws RepositoryException {
    }

    @Override // org.apache.jackrabbit.core.xml.ProtectedNodeImporter
    public void end(NodeImpl nodeImpl) throws RepositoryException {
        this.referenceTracker.processedReference(this.currentMembership);
        this.currentMembership = null;
    }

    @Override // org.apache.jackrabbit.core.xml.ProtectedNodeImporter
    public void end(NodeState nodeState) {
    }

    public String getImportBehavior() {
        return ImportBehavior.nameFromValue(this.importBehavior);
    }

    public void setImportBehavior(String str) {
        this.importBehavior = ImportBehavior.valueFromName(str);
    }

    private void handleFailure(String str) throws RepositoryException {
        switch (this.importBehavior) {
            case 1:
            case 2:
                log.warn(str);
                return;
            case 3:
                throw new ConstraintViolationException(str);
            default:
                return;
        }
    }

    static {
        $assertionsDisabled = !UserImporter.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger(UserImporter.class);
    }
}
