package org.apache.sling.jackrabbit.usermanager.impl;

import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Dictionary;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.commons.osgi.OsgiUtil;
import org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:resources/bundles/15/org.apache.sling.jcr.jackrabbit.usermanager-2.1.0.jar:org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.class */
public class AuthorizablePrivilegesInfoImpl implements AuthorizablePrivilegesInfo {
    private static final String PAR_USER_ADMIN_GROUP_NAME = "user.admin.group.name";
    private static final String DEFAULT_USER_ADMIN_GROUP_NAME = "UserAdmin";
    private static final String PAR_GROUP_ADMIN_GROUP_NAME = "group.admin.group.name";
    private static final String DEFAULT_GROUP_ADMIN_GROUP_NAME = "GroupAdmin";
    private final Logger log = LoggerFactory.getLogger(getClass());
    private String userAdminGroupName = "UserAdmin";
    private String groupAdminGroupName = "GroupAdmin";

    @Override // org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo
    public boolean canAddGroup(Session session) {
        try {
            UserManager userManager = AccessControlUtil.getUserManager(session);
            Authorizable authorizable = userManager.getAuthorizable(session.getUserID());
            if (((User) authorizable).isAdmin()) {
                return true;
            }
            Authorizable authorizable2 = userManager.getAuthorizable(this.groupAdminGroupName);
            if (authorizable2 instanceof Group) {
                return ((Group) authorizable2).isMember(authorizable);
            }
            return false;
        } catch (RepositoryException e) {
            this.log.warn("Failed to determine if {} can add a new group", session.getUserID());
            return false;
        }
    }

    @Override // org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo
    public boolean canAddUser(Session session) {
        try {
            UserManager userManager = AccessControlUtil.getUserManager(session);
            Authorizable authorizable = userManager.getAuthorizable(session.getUserID());
            if (((User) authorizable).isAdmin()) {
                return true;
            }
            Authorizable authorizable2 = userManager.getAuthorizable(this.userAdminGroupName);
            if (authorizable2 instanceof Group) {
                return ((Group) authorizable2).isMember(authorizable);
            }
            return false;
        } catch (RepositoryException e) {
            this.log.warn("Failed to determine if {} can add a new user", session.getUserID());
            return false;
        }
    }

    @Override // org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo
    public boolean canRemove(Session session, String str) {
        try {
            UserManager userManager = AccessControlUtil.getUserManager(session);
            Authorizable authorizable = userManager.getAuthorizable(session.getUserID());
            if (((User) authorizable).isAdmin()) {
                return true;
            }
            Authorizable authorizable2 = userManager.getAuthorizable(str);
            if (authorizable2 instanceof User) {
                Authorizable authorizable3 = userManager.getAuthorizable(this.userAdminGroupName);
                return (authorizable3 instanceof Group) && ((Group) authorizable3).isMember(authorizable);
            }
            if (!(authorizable2 instanceof Group)) {
                return false;
            }
            Authorizable authorizable4 = userManager.getAuthorizable(this.groupAdminGroupName);
            return (authorizable4 instanceof Group) && ((Group) authorizable4).isMember(authorizable);
        } catch (RepositoryException e) {
            this.log.warn("Failed to determine if {} can remove authorizable {}", session.getUserID(), str);
            return false;
        }
    }

    @Override // org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo
    public boolean canUpdateGroupMembers(Session session, String str) {
        try {
            UserManager userManager = AccessControlUtil.getUserManager(session);
            Authorizable authorizable = userManager.getAuthorizable(session.getUserID());
            if (((User) authorizable).isAdmin()) {
                return true;
            }
            if (!(userManager.getAuthorizable(str) instanceof Group)) {
                return false;
            }
            Authorizable authorizable2 = userManager.getAuthorizable(this.groupAdminGroupName);
            if ((authorizable2 instanceof Group) && ((Group) authorizable2).isMember(authorizable)) {
                return true;
            }
            Authorizable authorizable3 = userManager.getAuthorizable(this.userAdminGroupName);
            if (authorizable3 instanceof Group) {
                return ((Group) authorizable3).isMember(authorizable);
            }
            return false;
        } catch (RepositoryException e) {
            this.log.warn("Failed to determine if {} can remove authorizable {}", session.getUserID(), str);
            return false;
        }
    }

    @Override // org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo
    public boolean canUpdateProperties(Session session, String str) {
        try {
            if (session.getUserID().equals(str)) {
                return true;
            }
            UserManager userManager = AccessControlUtil.getUserManager(session);
            Authorizable authorizable = userManager.getAuthorizable(session.getUserID());
            if (((User) authorizable).isAdmin()) {
                return true;
            }
            Authorizable authorizable2 = userManager.getAuthorizable(str);
            if (authorizable2 instanceof User) {
                Authorizable authorizable3 = userManager.getAuthorizable(this.userAdminGroupName);
                return (authorizable3 instanceof Group) && ((Group) authorizable3).isMember(authorizable);
            }
            if (!(authorizable2 instanceof Group)) {
                return false;
            }
            Authorizable authorizable4 = userManager.getAuthorizable(this.groupAdminGroupName);
            return (authorizable4 instanceof Group) && ((Group) authorizable4).isMember(authorizable);
        } catch (RepositoryException e) {
            this.log.warn("Failed to determine if {} can remove authorizable {}", session.getUserID(), str);
            return false;
        }
    }

    protected void activate(ComponentContext componentContext) throws InvalidKeyException, NoSuchAlgorithmException, IllegalStateException, UnsupportedEncodingException {
        Dictionary properties = componentContext.getProperties();
        this.userAdminGroupName = OsgiUtil.toString(properties.get(PAR_USER_ADMIN_GROUP_NAME), "UserAdmin");
        this.log.info("User Admin Group Name {}", this.userAdminGroupName);
        this.groupAdminGroupName = OsgiUtil.toString(properties.get(PAR_GROUP_ADMIN_GROUP_NAME), "GroupAdmin");
        this.log.info("Group Admin Group Name {}", this.groupAdminGroupName);
    }

    protected void deactivate(ComponentContext componentContext) {
        this.userAdminGroupName = "UserAdmin";
        this.groupAdminGroupName = "GroupAdmin";
    }
}
