package org.apache.sling.jackrabbit.usermanager.impl.post;

import java.util.Collection;
import java.util.List;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import javax.servlet.Servlet;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.jackrabbit.usermanager.CreateUser;
import org.apache.sling.jackrabbit.usermanager.resource.SystemUserManagerPaths;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.apache.sling.serviceusermapping.ServiceUserMapped;
import org.apache.sling.servlets.post.Modification;
import org.apache.sling.servlets.post.ModificationType;
import org.apache.sling.servlets.post.PostResponse;
import org.apache.sling.servlets.post.PostResponseCreator;
import org.apache.sling.servlets.post.impl.helper.RequestProperty;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = Config.class)
@Component(service = {Servlet.class, CreateUser.class}, property = {"sling.servlet.resourceTypes=sling/users", "sling.servlet.methods=POST", "sling.servlet.selectors=create", "sling.servlet.prefix:Integer=-1", "servlet.post.dateFormats=EEE MMM dd yyyy HH:mm:ss 'GMT'Z", "servlet.post.dateFormats=yyyy-MM-dd'T'HH:mm:ss.SSSZ", "servlet.post.dateFormats=yyyy-MM-dd'T'HH:mm:ss", "servlet.post.dateFormats=yyyy-MM-dd", "servlet.post.dateFormats=dd.MM.yyyy HH:mm:ss", "servlet.post.dateFormats=dd.MM.yyyy"})
/* loaded from: input_file:org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.class */
public class CreateUserServlet extends AbstractAuthorizablePostServlet implements CreateUser {
    private static final long serialVersionUID = 6871481922737658675L;
    private final transient Logger log = LoggerFactory.getLogger(getClass());
    private boolean selfRegistrationEnabled;

    @Reference
    private transient SlingRepository repository;

    @Reference
    private transient ServiceUserMapped serviceUserMapped;
    private String usersPath;

    @ObjectClassDefinition(name = "Apache Sling Create User", description = "The Sling operation to handle create user requests in Sling.")
    /* loaded from: input_file:org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet$Config.class */
    public @interface Config {
        @AttributeDefinition(name = "Self-Registration Enabled", description = "When selected, the anonymous user is allowed to register a new user with the system.")
        boolean self_registration_enabled() default false;
    }

    @Reference(cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC)
    private void bindUserConfiguration(UserConfiguration userConfiguration, Map<String, Object> map) {
        this.usersPath = (String) map.get("usersPath");
    }

    private void unbindUserConfiguration(UserConfiguration userConfiguration, Map<String, Object> map) {
        this.usersPath = null;
    }

    private Session getSession() throws RepositoryException {
        return this.repository.loginService((String) null, (String) null);
    }

    private void ungetSession(Session session) {
        if (session != null) {
            try {
                session.logout();
            } catch (Exception e) {
                this.log.error(String.format("Unable to log out of session: %s", e.getMessage()), e);
            }
        }
    }

    @Activate
    protected void activate(Config config, Map<String, Object> map) {
        super.activate(map);
        this.selfRegistrationEnabled = config.self_registration_enabled();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractAuthorizablePostServlet
    @Deactivate
    public void deactivate() {
        super.deactivate();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractAuthorizablePostServlet
    @Reference
    public void bindSystemUserManagerPaths(SystemUserManagerPaths systemUserManagerPaths) {
        super.bindSystemUserManagerPaths(systemUserManagerPaths);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractPostServlet
    @Reference(service = PostResponseCreator.class, cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
    public void bindPostResponseCreator(PostResponseCreator postResponseCreator, Map<String, Object> map) {
        super.bindPostResponseCreator(postResponseCreator, map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractPostServlet
    public void unbindPostResponseCreator(PostResponseCreator postResponseCreator, Map<String, Object> map) {
        super.unbindPostResponseCreator(postResponseCreator, map);
    }

    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractPostServlet
    protected void handleOperation(SlingHttpServletRequest slingHttpServletRequest, PostResponse postResponse, List<Modification> list) throws RepositoryException {
        User createUser = createUser((Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class), slingHttpServletRequest.getParameter(":name"), slingHttpServletRequest.getParameter("pwd"), slingHttpServletRequest.getParameter("pwdConfirm"), slingHttpServletRequest.getRequestParameterMap(), list);
        String str = null;
        if (createUser != null) {
            str = this.systemUserManagerPaths.getUserPrefix() + createUser.getID();
        } else if (!list.isEmpty()) {
            Modification modification = list.get(0);
            if (modification.getType() == ModificationType.CREATE) {
                str = modification.getSource();
            }
        }
        if (str != null) {
            postResponse.setPath(str);
            postResponse.setLocation(externalizePath(slingHttpServletRequest, str));
        }
        postResponse.setParentLocation(externalizePath(slingHttpServletRequest, this.systemUserManagerPaths.getUsersPath()));
    }

    @Override // org.apache.sling.jackrabbit.usermanager.CreateUser
    public User createUser(Session session, String str, String str2, String str3, Map<String, ?> map, List<Modification> list) throws RepositoryException {
        boolean z;
        if (session == null) {
            throw new RepositoryException("JCR Session not found");
        }
        try {
            z = AccessControlUtil.getUserManager(session).getAuthorizable(session.getUserID()).isAdmin();
            if (!z && this.usersPath != null) {
                AccessControlManager accessControlManager = session.getAccessControlManager();
                z = accessControlManager.hasPrivileges(this.usersPath, new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}read"), accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}readAccessControl"), accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}modifyAccessControl"), accessControlManager.privilegeFromName("rep:write"), accessControlManager.privilegeFromName("rep:userManagement")});
            }
        } catch (Exception e) {
            this.log.warn("Failed to determine if the user is an admin, assuming not. Cause: {}", e.getMessage());
            z = false;
        }
        if (!z && !this.selfRegistrationEnabled) {
            throw new RepositoryException("Sorry, registration of new users is not currently enabled.  Please try again later.");
        }
        if (str == null || str.length() == 0) {
            throw new RepositoryException("User name was not submitted");
        }
        if (str2 == null) {
            throw new RepositoryException("Password was not submitted");
        }
        if (!str2.equals(str3)) {
            throw new RepositoryException("Password value does not match the confirmation password");
        }
        Session session2 = session;
        boolean z2 = !z && this.selfRegistrationEnabled;
        if (z2) {
            try {
                session2 = getSession();
            } catch (Throwable th) {
                if (z2) {
                    ungetSession(session2);
                }
                throw th;
            }
        }
        UserManager userManager = AccessControlUtil.getUserManager(session2);
        if (userManager.getAuthorizable(str) != null) {
            throw new RepositoryException("A principal already exists with the requested name: " + str);
        }
        User createUser = userManager.createUser(str, str2);
        String str4 = this.systemUserManagerPaths.getUserPrefix() + createUser.getID();
        Collection<RequestProperty> collectContent = collectContent(map);
        list.add(Modification.onCreated(str4));
        writeContent(session2, createUser, collectContent, list);
        if (session2.hasPendingChanges()) {
            session2.save();
        }
        if (z2) {
            Authorizable authorizable = AccessControlUtil.getUserManager(session).getAuthorizable(createUser.getID());
            createUser = authorizable instanceof User ? (User) authorizable : null;
        }
        if (z2) {
            ungetSession(session2);
        }
        return createUser;
    }
}
