package info.magnolia.cms.security;

import info.magnolia.cms.core.Content;
import info.magnolia.cms.security.SecuritySupport;
import info.magnolia.context.MgnlContext;
import info.magnolia.jcr.iterator.FilteringPropertyIterator;
import info.magnolia.jcr.predicate.JCRMgnlPropertyHidingPredicate;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import javax.jcr.ItemNotFoundException;
import javax.jcr.Property;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.commons.lang.StringUtils;
import org.apache.jackrabbit.util.ISO8601;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:info/magnolia/cms/security/MgnlUser.class */
public class MgnlUser extends AbstractUser implements User, Serializable {
    private static final Logger log = LoggerFactory.getLogger(MgnlUser.class);
    private final Map<String, String> properties;
    private final Collection<String> groups;
    private final Collection<String> roles;
    private final String name;
    private final String language;
    private final String encodedPassword;
    private boolean enabled;
    private String path;
    private String uuid;
    private final String realm;

    public MgnlUser(String str, String str2, Collection<String> collection, Collection<String> collection2, Map<String, String> map) {
        this.enabled = true;
        this.name = str;
        this.roles = Collections.unmodifiableCollection(collection2);
        this.groups = Collections.unmodifiableCollection(collection);
        this.properties = Collections.unmodifiableMap(map);
        this.realm = str2;
        this.language = map.get("language");
        this.enabled = map.get(MgnlUserManager.PROPERTY_ENABLED) == null ? true : Boolean.parseBoolean(map.get(MgnlUserManager.PROPERTY_ENABLED));
        this.encodedPassword = map.get(MgnlUserManager.PROPERTY_PASSWORD);
    }

    public MgnlUser(String str, String str2, Collection<String> collection, Collection<String> collection2, Map<String, String> map, String str3, String str4) {
        this(str, str2, collection, collection2, map);
        this.path = str3;
        this.uuid = str4;
    }

    @Override // info.magnolia.cms.security.User
    public boolean inGroup(String str) {
        log.debug("inGroup({})", str);
        return hasAny(str, SecurityConstants.NODE_GROUPS);
    }

    @Override // info.magnolia.cms.security.User
    public void removeGroup(String str) throws UnsupportedOperationException {
        log.debug("removeGroup({})", str);
        throw new UnsupportedOperationException("use manager to remove groups!");
    }

    @Override // info.magnolia.cms.security.User
    public void addGroup(String str) throws UnsupportedOperationException {
        log.debug("addGroup({})", str);
        throw new UnsupportedOperationException("use manager to add groups!");
    }

    @Override // info.magnolia.cms.security.User
    public boolean isEnabled() {
        log.debug("isEnabled()");
        return this.enabled;
    }

    @Override // info.magnolia.cms.security.User
    @Deprecated
    public void setEnabled(boolean z) {
        log.debug("setEnabled({})", Boolean.valueOf(z));
        throw new UnsupportedOperationException("use manager to enable user!");
    }

    @Override // info.magnolia.cms.security.User
    public boolean hasRole(String str) {
        return SecuritySupport.Factory.getInstance().getUserManager(getRealm()).hasAny(getName(), str, SecurityConstants.NODE_ROLES);
    }

    @Override // info.magnolia.cms.security.User
    public void removeRole(String str) throws UnsupportedOperationException {
        log.debug("removeRole({})", str);
        throw new UnsupportedOperationException("use manager to remove roles!");
    }

    @Override // info.magnolia.cms.security.User
    public void addRole(String str) throws UnsupportedOperationException {
        log.debug("addRole({})", str);
        throw new UnsupportedOperationException("use manager to add roles!");
    }

    private boolean hasAny(final String str, final String str2) {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            try {
                String str3 = StringUtils.equalsIgnoreCase(str2, SecurityConstants.NODE_ROLES) ? "userroles" : "usergroups";
                final Collection collection = (Collection) MgnlContext.doInSystemContext(new SilentSessionOp<Collection<String>>("users") { // from class: info.magnolia.cms.security.MgnlUser.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // info.magnolia.cms.security.SilentSessionOp
                    public Collection<String> doExec(Session session) throws RepositoryException {
                        ArrayList arrayList = new ArrayList();
                        if (!session.getNode(MgnlUser.this.getPath()).hasNode(str2)) {
                            return arrayList;
                        }
                        FilteringPropertyIterator filteringPropertyIterator = new FilteringPropertyIterator(session.getNode(MgnlUser.this.getPath()).getNode(str2).getProperties(), new JCRMgnlPropertyHidingPredicate());
                        while (filteringPropertyIterator.hasNext()) {
                            Property nextProperty = filteringPropertyIterator.nextProperty();
                            try {
                                arrayList.add(nextProperty.getString());
                            } catch (IllegalArgumentException e) {
                                log.debug("{} has invalid value", nextProperty.getPath());
                            } catch (ItemNotFoundException e2) {
                                log.debug("Role or group [{}] does not exist in the ROLES/GROUPS workspace", str);
                            }
                        }
                        return arrayList;
                    }
                });
                boolean booleanValue = ((Boolean) MgnlContext.doInSystemContext(new JCRSessionOp<Boolean>(str3) { // from class: info.magnolia.cms.security.MgnlUser.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // info.magnolia.cms.security.JCRSessionOp
                    public Boolean exec(Session session) throws RepositoryException {
                        Iterator it = collection.iterator();
                        while (it.hasNext()) {
                            try {
                            } catch (RepositoryException e) {
                                MgnlUser.log.debug("Role or group [{}] does not exist in the ROLES/GROUPS workspace", str);
                            }
                            if (session.getNodeByIdentifier((String) it.next()).getName().equalsIgnoreCase(str)) {
                                return true;
                            }
                            continue;
                        }
                        return false;
                    }
                })).booleanValue();
                log.debug("checked {} for {} in {}ms.", new Object[]{str, str2, Long.valueOf(System.currentTimeMillis() - currentTimeMillis)});
                return booleanValue;
            } catch (Exception e) {
                log.error("Exception when trying to read " + str2, e);
                log.debug("checked {} for {} in {}ms.", new Object[]{str, str2, Long.valueOf(System.currentTimeMillis() - currentTimeMillis)});
                return false;
            }
        } catch (Throwable th) {
            log.debug("checked {} for {} in {}ms.", new Object[]{str, str2, Long.valueOf(System.currentTimeMillis() - currentTimeMillis)});
            throw th;
        }
    }

    public int getFailedLoginAttempts() {
        try {
            return Integer.valueOf(this.properties.get("failedLoginAttempts")).intValue();
        } catch (Exception e) {
            return 0;
        }
    }

    public Calendar getReleaseTime() {
        try {
            return ISO8601.parse(this.properties.get("releaseTime"));
        } catch (Exception e) {
            return null;
        }
    }

    @Override // info.magnolia.cms.security.User, java.security.Principal
    public String getName() {
        log.debug("getName()=>{}", this.name);
        return this.name;
    }

    @Override // info.magnolia.cms.security.User
    public String getPassword() {
        return this.encodedPassword;
    }

    @Deprecated
    protected String decodePassword(String str) {
        throw new UnsupportedOperationException();
    }

    @Override // info.magnolia.cms.security.User
    public String getLanguage() {
        log.debug("getLang()=>{}", this.language);
        return this.language;
    }

    @Override // info.magnolia.cms.security.User
    public String getProperty(String str) {
        log.debug("getProperty({})", str);
        return this.properties.get(str);
    }

    @Override // info.magnolia.cms.security.User
    public Collection<String> getGroups() {
        log.debug("getGroups()");
        return this.groups;
    }

    @Override // info.magnolia.cms.security.User
    public Collection<String> getAllGroups() {
        log.debug("get groups for {}", getName());
        TreeSet treeSet = new TreeSet(String.CASE_INSENSITIVE_ORDER);
        Collection<String> groups = getGroups();
        addSubgroups(treeSet, SecuritySupport.Factory.getInstance().getGroupManager(), groups);
        treeSet.addAll(groups);
        return treeSet;
    }

    @Override // info.magnolia.cms.security.User
    public Collection<String> getRoles() {
        log.debug("getRoles()");
        return this.roles;
    }

    @Override // info.magnolia.cms.security.User
    public Collection<String> getAllRoles() {
        log.debug("get roles for {}", getName());
        TreeSet treeSet = new TreeSet(String.CASE_INSENSITIVE_ORDER);
        treeSet.addAll(getRoles());
        Collection<String> allGroups = getAllGroups();
        GroupManager groupManager = SecuritySupport.Factory.getInstance().getGroupManager();
        for (String str : allGroups) {
            try {
                treeSet.addAll(groupManager.getGroup(str).getRoles());
            } catch (AccessDeniedException e) {
                log.debug("Skipping denied group " + str + " for user " + getName(), e);
            } catch (UnsupportedOperationException e2) {
                log.debug("Skipping unsupported  getGroup() for group " + str + " and user " + getName(), e2);
            }
        }
        return treeSet;
    }

    public String getPath() {
        return this.path;
    }

    @Deprecated
    public void setPath(String str) {
        this.path = str;
    }

    private void addSubgroups(Set<String> set, GroupManager groupManager, Collection<String> collection) {
        for (String str : collection) {
            if (!set.contains(str)) {
                try {
                    Group group = groupManager.getGroup(str);
                    if (group == null) {
                        log.error("Failed to resolve group {} for user {}.", str, this.name);
                    } else {
                        Collection<String> groups = group.getGroups();
                        addSubgroups(set, groupManager, groups);
                        set.addAll(groups);
                    }
                } catch (AccessDeniedException e) {
                    log.debug("Skipping denied group " + str + " for user " + getName(), e);
                } catch (UnsupportedOperationException e2) {
                    log.debug("Skipping unsupported  getGroup() for group " + str + " and user " + getName(), e2);
                }
            }
        }
    }

    public String getRealm() {
        return this.realm;
    }

    @Deprecated
    public void setLastAccess() {
        throw new UnsupportedOperationException("Use manager to update user details.");
    }

    @Deprecated
    public Content getUserNode() {
        throw new UnsupportedOperationException("Underlying storage node is no longer exposed nor required for custom user stores.");
    }

    @Override // info.magnolia.cms.security.User
    @Deprecated
    public void setProperty(String str, String str2) {
        throw new UnsupportedOperationException("Use manager to modify properties of the user.");
    }

    @Override // info.magnolia.cms.security.User
    public String getIdentifier() {
        return this.uuid;
    }

    @Deprecated
    public String getUuid() {
        return this.uuid;
    }

    @Override // java.security.Principal
    public String toString() {
        return "MgnlUser - " + this.name + " [" + this.uuid + "]";
    }
}
