package com.composum.sling.core.service.impl;

import com.composum.sling.core.service.RepositorySetupService;
import com.composum.sling.core.util.ValueEmbeddingReader;
import com.google.gson.Gson;
import com.google.gson.stream.JsonReader;
import com.google.gson.stream.JsonToken;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.Node;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.ValueFactory;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.commons.lang3.StringUtils;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.osgi.service.component.annotations.Component;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.helpers.MessageFormatter;

@Component(property = {"service.description=Composum Nodes Security Service"})
/* loaded from: input_file:libs/composum/nodes/install/composum-nodes-commons-bundle-2.6.3.jar:com/composum/sling/core/service/impl/CoreRepositorySetupService.class */
public class CoreRepositorySetupService implements RepositorySetupService {
    private static final Logger LOG = LoggerFactory.getLogger(CoreRepositorySetupService.class);
    public static final ThreadLocal<Tracker> TRACKER = new ThreadLocal<>();

    /* loaded from: input_file:libs/composum/nodes/install/composum-nodes-commons-bundle-2.6.3.jar:com/composum/sling/core/service/impl/CoreRepositorySetupService$Tracker.class */
    public interface Tracker {
        void info(String str);

        void warn(String str);

        void error(String str);
    }

    @Override // com.composum.sling.core.service.RepositorySetupService
    public void addJsonAcl(@Nonnull Session session, @Nonnull String str, @Nullable Map<String, Object> map) throws RepositoryException, IOException {
        Node node = session.getNode(str);
        if (node == null) {
            throw new IOException("configuration file node not found (" + str + ")");
        }
        InputStream stream = node.getNode("jcr:content").getProperty("jcr:data").getBinary().getStream();
        Throwable th = null;
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(stream, StandardCharsets.UTF_8);
            Throwable th2 = null;
            try {
                try {
                    addJsonAcl(session, inputStreamReader, map);
                    if (inputStreamReader != null) {
                        if (0 != 0) {
                            try {
                                inputStreamReader.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            inputStreamReader.close();
                        }
                    }
                    if (stream != null) {
                        if (0 == 0) {
                            stream.close();
                            return;
                        }
                        try {
                            stream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (inputStreamReader != null) {
                    if (th2 != null) {
                        try {
                            inputStreamReader.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        inputStreamReader.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (stream != null) {
                if (0 != 0) {
                    try {
                        stream.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    stream.close();
                }
            }
            throw th8;
        }
    }

    @Override // com.composum.sling.core.service.RepositorySetupService
    public void addJsonAcl(@Nonnull Session session, @Nonnull Reader reader, @Nullable Map<String, Object> map) throws RepositoryException, IOException {
        JsonReader jsonReader = new JsonReader(map != null ? new ValueEmbeddingReader(reader, map) : reader);
        Throwable th = null;
        try {
            if (jsonReader.peek() == JsonToken.BEGIN_ARRAY) {
                jsonReader.beginArray();
                while (jsonReader.peek() != JsonToken.END_ARRAY) {
                    addAclObject(session, jsonReader);
                }
                jsonReader.endArray();
            } else {
                addAclObject(session, jsonReader);
            }
            if (jsonReader != null) {
                if (0 == 0) {
                    jsonReader.close();
                    return;
                }
                try {
                    jsonReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (jsonReader != null) {
                if (0 != 0) {
                    try {
                        jsonReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    jsonReader.close();
                }
            }
            throw th3;
        }
    }

    @Override // com.composum.sling.core.service.RepositorySetupService
    public void removeJsonAcl(@Nonnull Session session, @Nonnull String str, @Nullable Map<String, Object> map) throws RepositoryException, IOException {
        Node node = session.getNode(str);
        if (node == null) {
            throw new IOException("configuration file node not found (" + str + ")");
        }
        InputStream stream = node.getNode("jcr:content").getProperty("jcr:data").getBinary().getStream();
        Throwable th = null;
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(stream, StandardCharsets.UTF_8);
            Throwable th2 = null;
            try {
                try {
                    removeJsonAcl(session, inputStreamReader, map);
                    if (inputStreamReader != null) {
                        if (0 != 0) {
                            try {
                                inputStreamReader.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            inputStreamReader.close();
                        }
                    }
                    if (stream != null) {
                        if (0 == 0) {
                            stream.close();
                            return;
                        }
                        try {
                            stream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (inputStreamReader != null) {
                    if (th2 != null) {
                        try {
                            inputStreamReader.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        inputStreamReader.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (stream != null) {
                if (0 != 0) {
                    try {
                        stream.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    stream.close();
                }
            }
            throw th8;
        }
    }

    @Override // com.composum.sling.core.service.RepositorySetupService
    public void removeJsonAcl(@Nonnull Session session, @Nonnull Reader reader, @Nullable Map<String, Object> map) throws RepositoryException, IOException {
        JsonReader jsonReader = new JsonReader(map != null ? new ValueEmbeddingReader(reader, map) : reader);
        Throwable th = null;
        try {
            if (jsonReader.peek() == JsonToken.BEGIN_ARRAY) {
                jsonReader.beginArray();
                while (jsonReader.peek() != JsonToken.END_ARRAY) {
                    removeAclObject(session, jsonReader);
                }
                jsonReader.endArray();
            } else {
                removeAclObject(session, jsonReader);
            }
            if (jsonReader != null) {
                if (0 == 0) {
                    jsonReader.close();
                    return;
                }
                try {
                    jsonReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (jsonReader != null) {
                if (0 != 0) {
                    try {
                        jsonReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    jsonReader.close();
                }
            }
            throw th3;
        }
    }

    protected void addAclObject(@Nonnull Session session, @Nonnull JsonReader jsonReader) throws RepositoryException {
        Map map = (Map) new Gson().fromJson(jsonReader, Map.class);
        Object obj = map.get("path");
        if (obj != null) {
            String str = (String) map.get("jcr:primaryType");
            Object obj2 = map.get("acl");
            Boolean bool = (Boolean) map.get("reset");
            for (String str2 : obj instanceof List ? (List) obj : Collections.singletonList(obj.toString())) {
                if (StringUtils.isNotBlank(str2)) {
                    LOG.debug("addAclObject({})...", str2);
                    if (StringUtils.isNotBlank(str)) {
                        makeNodeAvailable(session, str2, str);
                    }
                    if (obj2 != null) {
                        if (bool != null && bool.booleanValue()) {
                            info("reset ACL({})...", str2);
                            removeAcRule(session, str2, null);
                        }
                        addAcList(session, str2, obj2 instanceof List ? (List) obj2 : Collections.singletonList((Map) obj2));
                    } else {
                        info("remove ACL({})...", str2);
                        removeAcRule(session, str2, null);
                    }
                }
            }
        }
    }

    protected void removeAclObject(@Nonnull Session session, @Nonnull JsonReader jsonReader) throws RepositoryException {
        Map map = (Map) new Gson().fromJson(jsonReader, Map.class);
        Object obj = map.get("path");
        if (obj != null) {
            String str = (String) map.get("jcr:primaryType");
            List<Map<String, Object>> list = (List) map.get("acl");
            for (String str2 : obj instanceof List ? (List) obj : Collections.singletonList(obj.toString())) {
                if (StringUtils.isNotBlank(str2)) {
                    LOG.debug("removeAclObject({})...", str2);
                    if (list != null) {
                        removeAcList(session, str2, list);
                    } else {
                        removeAcRule(session, str2, null);
                    }
                    if (StringUtils.isNotBlank(str)) {
                        removeNode(session, str2);
                    }
                }
            }
        }
    }

    protected void addAcList(@Nonnull Session session, @Nonnull String str, @Nonnull List<Map<String, Object>> list) throws RepositoryException {
        info("addAcList({})...", str);
        for (Map<String, Object> map : list) {
            Object obj = map.get("principal");
            if (obj != null) {
                String str2 = (String) map.get(RepositorySetupService.GROUP_PATH);
                List<String> list2 = (List) map.get(RepositorySetupService.MEMBER_OF);
                Boolean bool = (Boolean) map.get("reset");
                Map<String, Object> map2 = map.get("rule");
                if (map2 == null) {
                    map2 = map.get("rules");
                    if (map2 == null) {
                        map2 = map.get("acl");
                        if (map2 == null) {
                            bool = true;
                        }
                    }
                }
                for (String str3 : obj instanceof List ? (List) obj : Collections.singletonList(obj.toString())) {
                    if (StringUtils.isNotBlank(str3)) {
                        if (bool != null && bool.booleanValue()) {
                            info("reset ACL({},{})...", str, str3);
                            removeAcRule(session, str, str3);
                        }
                        if (StringUtils.isNotBlank(str2)) {
                            makeGroupAvailable(session, str3, str2);
                        }
                        if (list2 != null) {
                            makeMemberAvailable(session, str3, list2);
                        }
                        List<Map> singletonList = map2 instanceof List ? (List) map2 : Collections.singletonList(map2 != null ? map2 : map);
                        for (Map map3 : singletonList) {
                            boolean z = true;
                            Object obj2 = map3.get("grant");
                            if (obj2 == null) {
                                obj2 = map3.get("deny");
                                if (obj2 != null) {
                                    z = false;
                                } else {
                                    obj2 = map3.get("privileges");
                                    Object obj3 = map3.get("allow");
                                    z = obj3 == null || ((obj3 instanceof Boolean) && ((Boolean) obj3).booleanValue());
                                }
                            }
                            String[] strArr = null;
                            if (obj2 instanceof List) {
                                strArr = (String[]) ((List) obj2).toArray(new String[0]);
                            } else if (obj2 instanceof String) {
                                strArr = new String[]{(String) obj2};
                            }
                            if (strArr != null) {
                                Object obj4 = map3.get("restrictions");
                                if (obj4 == null) {
                                    addAcRule(session, str, str3, z, strArr, Collections.EMPTY_MAP);
                                } else if (obj4 instanceof List) {
                                    Iterator it = ((List) obj4).iterator();
                                    while (it.hasNext()) {
                                        addAcRule(session, str, str3, z, strArr, (Map) it.next());
                                    }
                                } else {
                                    addAcRule(session, str, str3, z, strArr, (Map) obj4);
                                }
                            }
                        }
                    }
                }
            }
        }
    }

    protected void removeAcList(@Nonnull Session session, @Nonnull String str, @Nonnull List<Map<String, Object>> list) throws RepositoryException {
        info("delAcList({})...", str);
        for (Map<String, Object> map : list) {
            String str2 = (String) map.get("principal");
            if (StringUtils.isNotBlank(str2)) {
                removeAcRule(session, str, str2);
                List<String> list2 = (List) map.get(RepositorySetupService.MEMBER_OF);
                if (list2 != null) {
                    removeMember(session, str2, list2);
                }
                if (StringUtils.isNotBlank((String) map.get(RepositorySetupService.GROUP_PATH))) {
                    removeGroup(session, str2);
                }
            }
        }
    }

    protected void addAcRule(@Nonnull Session session, @Nonnull String str, @Nonnull String str2, boolean z, @Nonnull String[] strArr, @Nonnull Map<String, Object> map) throws RepositoryException {
        try {
            AccessControlManager accessControlManager = session.getAccessControlManager();
            PrincipalManager principalManager = ((JackrabbitSession) session).getPrincipalManager();
            JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, str);
            Principal principal = principalManager.getPrincipal(str2);
            Privilege[] privilegesFromNames = AccessControlUtils.privilegesFromNames(accessControlManager, strArr);
            HashMap hashMap = new HashMap();
            ValueFactory valueFactory = session.getValueFactory();
            for (String str3 : map.keySet()) {
                hashMap.put(str3, valueFactory.createValue((String) map.get(str3), accessControlList.getRestrictionType(str3)));
            }
            accessControlList.addEntry(principal, privilegesFromNames, z, hashMap);
            Object[] objArr = new Object[4];
            objArr[0] = str2;
            objArr[1] = z ? "grant" : "deny";
            objArr[2] = Arrays.toString(strArr);
            objArr[3] = map;
            info("addAcRule({},{},{},{})", objArr);
            accessControlManager.setPolicy(str, accessControlList);
        } catch (Exception e) {
            error("Error in addAcRule({},{},{},{}, {}) : {}", str, str2, Boolean.valueOf(z), Arrays.asList(strArr), map, e.toString());
            throw e;
        }
    }

    protected void removeAcRule(@Nonnull Session session, @Nonnull String str, @Nullable String str2) throws RepositoryException {
        try {
            AccessControlManager accessControlManager = session.getAccessControlManager();
            JackrabbitAccessControlList jackrabbitAccessControlList = null;
            try {
                jackrabbitAccessControlList = AccessControlUtils.getAccessControlList(accessControlManager, str);
            } catch (RepositoryException e) {
            }
            if (jackrabbitAccessControlList != null) {
                for (JackrabbitAccessControlEntry jackrabbitAccessControlEntry : jackrabbitAccessControlList.getAccessControlEntries()) {
                    JackrabbitAccessControlEntry jackrabbitAccessControlEntry2 = jackrabbitAccessControlEntry;
                    if (str2 == null || str2.equals(jackrabbitAccessControlEntry2.getPrincipal().getName())) {
                        Object[] objArr = new Object[3];
                        objArr[0] = jackrabbitAccessControlEntry.getPrincipal().getName();
                        objArr[1] = jackrabbitAccessControlEntry2.isAllow() ? "grant" : "deny";
                        objArr[2] = Arrays.toString(jackrabbitAccessControlEntry.getPrivileges());
                        info("delAcRule({},{},{})", objArr);
                        jackrabbitAccessControlList.removeAccessControlEntry(jackrabbitAccessControlEntry);
                    }
                }
                accessControlManager.setPolicy(str, jackrabbitAccessControlList);
                if (jackrabbitAccessControlList.isEmpty()) {
                    accessControlManager.removePolicy(str, jackrabbitAccessControlList);
                }
            }
        } catch (RepositoryException e2) {
            error("Error in removeAcl({},{}) : {}", str, str2, e2.toString());
            throw e2;
        }
    }

    protected Node makeNodeAvailable(@Nonnull Session session, @Nonnull String str, @Nonnull String str2) throws RepositoryException {
        Node addNode;
        try {
            addNode = session.getNode(StringUtils.isNotBlank(str) ? str : "/");
        } catch (PathNotFoundException e) {
            info("createNode({},{})", str, str2);
            addNode = makeNodeAvailable(session, StringUtils.substringBeforeLast(str, "/"), str2).addNode(StringUtils.substringAfterLast(str, "/"), str2);
        } catch (RepositoryException e2) {
            error("Error in makeNodeAvailable({},{}) : {}", str, str2, e2.toString());
            throw e2;
        }
        return addNode;
    }

    protected void removeNode(@Nonnull Session session, @Nonnull String str) throws RepositoryException {
        try {
            Node node = session.getNode(str);
            info("removeNode({})", str);
            node.remove();
        } catch (RepositoryException e) {
            error("Error in removeNode({}) : {}", str, e.toString());
            throw e;
        } catch (PathNotFoundException e2) {
        }
    }

    protected Authorizable makeGroupAvailable(@Nonnull Session session, @Nonnull String str, @Nonnull String str2) throws RepositoryException {
        UserManager userManager = ((JackrabbitSession) session).getUserManager();
        Authorizable authorizable = userManager.getAuthorizable(str);
        if (authorizable != null) {
            if (authorizable.isGroup()) {
                return authorizable;
            }
            throw new RepositoryException("'" + str + "' exists but is not a group");
        }
        info("addGroup({},{})", str, str2);
        try {
            Group createGroup = userManager.createGroup(() -> {
                return str;
            }, str2);
            session.save();
            return createGroup;
        } catch (RepositoryException e) {
            error("Error in makeGroupAvailable({},{}) : {}", str, str2, e.toString());
            throw e;
        }
    }

    protected void removeGroup(@Nonnull Session session, @Nonnull String str) throws RepositoryException {
        try {
            Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(str);
            if (authorizable != null && authorizable.isGroup()) {
                info("removeGroup({})", str);
                authorizable.remove();
            }
        } catch (RepositoryException e) {
            error("Error in removeGroup({}): {}", str, e.toString());
            throw e;
        }
    }

    protected void makeMemberAvailable(@Nonnull Session session, @Nonnull String str, @Nonnull List<String> list) throws RepositoryException {
        try {
            UserManager userManager = ((JackrabbitSession) session).getUserManager();
            Authorizable authorizable = userManager.getAuthorizable(str);
            if (authorizable != null) {
                for (String str2 : list) {
                    Group authorizable2 = userManager.getAuthorizable(str2);
                    if (authorizable2 != null && authorizable2.isGroup()) {
                        Group group = authorizable2;
                        if (!group.isMember(authorizable)) {
                            info("addMember({},{})", str, str2);
                            group.addMember(authorizable);
                            session.save();
                        }
                    }
                }
            }
        } catch (RepositoryException e) {
            error("Error in makeMemberAvailable({},{}) : {}", str, list, e.toString());
            throw e;
        }
    }

    protected void removeMember(@Nonnull Session session, @Nonnull String str, @Nonnull List<String> list) throws RepositoryException {
        try {
            UserManager userManager = ((JackrabbitSession) session).getUserManager();
            Authorizable authorizable = userManager.getAuthorizable(str);
            if (authorizable != null) {
                for (String str2 : list) {
                    Group authorizable2 = userManager.getAuthorizable(str2);
                    if (authorizable2 != null && authorizable2.isGroup()) {
                        Group group = authorizable2;
                        if (group.isMember(authorizable)) {
                            info("removeMember({},{})", str, str2);
                            group.removeMember(authorizable);
                            session.save();
                        }
                    }
                }
            }
        } catch (RepositoryException e) {
            error("Error in removeMember({},{}) : {}", str, list, e.toString());
            throw e;
        }
    }

    protected void info(String str, Object... objArr) {
        LOG.info(str, objArr);
        Tracker tracker = TRACKER.get();
        if (tracker != null) {
            tracker.info(MessageFormatter.arrayFormat(str, objArr).getMessage());
        }
    }

    protected void warn(String str, Object... objArr) {
        LOG.warn(str, objArr);
        Tracker tracker = TRACKER.get();
        if (tracker != null) {
            tracker.warn(MessageFormatter.arrayFormat(str, objArr).getMessage());
        }
    }

    protected void error(String str, Object... objArr) {
        LOG.error(str, objArr);
        Tracker tracker = TRACKER.get();
        if (tracker != null) {
            tracker.error(MessageFormatter.arrayFormat(str, objArr).getMessage());
        }
    }
}
