package info.magnolia.cms.security;

import info.magnolia.cms.core.Content;
import info.magnolia.cms.core.HierarchyManager;
import info.magnolia.cms.core.Path;
import info.magnolia.cms.i18n.MessagesManager;
import info.magnolia.cms.security.auth.ACL;
import info.magnolia.cms.util.ContentUtil;
import info.magnolia.context.MgnlContext;
import info.magnolia.importexport.DataTransporter;
import info.magnolia.jcr.iterator.FilteringPropertyIterator;
import info.magnolia.jcr.util.NodeUtil;
import info.magnolia.jcr.util.PropertyUtil;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import javax.jcr.ItemNotFoundException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.Property;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.ValueFormatException;
import javax.jcr.lock.LockException;
import javax.security.auth.Subject;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:info/magnolia/cms/security/MgnlUserManager.class */
public class MgnlUserManager extends RepositoryBackedSecurityManager implements UserManager {
    private static final Logger log = LoggerFactory.getLogger(MgnlUserManager.class);
    public static final String PROPERTY_EMAIL = "email";
    public static final String PROPERTY_LANGUAGE = "language";
    public static final String PROPERTY_LASTACCESS = "lastaccess";
    public static final String PROPERTY_PASSWORD = "pswd";
    public static final String PROPERTY_TITLE = "title";
    public static final String PROPERTY_ENABLED = "enabled";
    public static final String NODE_ACLUSERS = "acl_users";
    private String realmName;
    private boolean allowCrossRealmDuplicateNames = false;
    private int maxFailedLoginAttempts;
    private int lockTimePeriod;

    @Override // info.magnolia.cms.security.UserManager
    public void setMaxFailedLoginAttempts(int i) {
        this.maxFailedLoginAttempts = i;
    }

    @Override // info.magnolia.cms.security.UserManager
    public int getMaxFailedLoginAttempts() {
        return this.maxFailedLoginAttempts;
    }

    @Override // info.magnolia.cms.security.UserManager
    public int getLockTimePeriod() {
        return this.lockTimePeriod;
    }

    @Override // info.magnolia.cms.security.UserManager
    public void setLockTimePeriod(int i) {
        this.lockTimePeriod = i;
    }

    @Override // info.magnolia.cms.security.UserManager
    public User setProperty(final User user, final String str, final Value value) {
        return (User) MgnlContext.doInSystemContext(new SilentSessionOp<User>(getRepositoryName()) { // from class: info.magnolia.cms.security.MgnlUserManager.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // info.magnolia.cms.security.SilentSessionOp
            public User doExec(Session session) throws RepositoryException {
                try {
                    Node node = session.getNode(((MgnlUser) user).getPath());
                    if (value != null || PropertyUtil.getPropertyOrNull(node, str) != null) {
                        if (StringUtils.equals(str, MgnlUserManager.PROPERTY_PASSWORD)) {
                            MgnlUserManager.this.setPasswordProperty(node, value.getString());
                        } else {
                            node.setProperty(str, value);
                            session.save();
                        }
                    }
                    return MgnlUserManager.this.newUserInstance(node);
                } catch (RepositoryException e) {
                    session.refresh(false);
                    log.error("Property {} can't be changed. {}", str, e.getMessage());
                    return user;
                }
            }
        });
    }

    @Override // info.magnolia.cms.security.UserManager
    public User setProperty(final User user, final String str, final String str2) {
        return (User) MgnlContext.doInSystemContext(new SilentSessionOp<User>(getRepositoryName()) { // from class: info.magnolia.cms.security.MgnlUserManager.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // info.magnolia.cms.security.SilentSessionOp
            public User doExec(Session session) throws RepositoryException {
                try {
                    Node node = session.getNode(((MgnlUser) user).getPath());
                    if (str != null) {
                        if (StringUtils.equals(str, MgnlUserManager.PROPERTY_PASSWORD)) {
                            MgnlUserManager.this.setPasswordProperty(node, str2);
                        } else {
                            node.setProperty(str, str2);
                            session.save();
                        }
                    }
                    return MgnlUserManager.this.newUserInstance(node);
                } catch (RepositoryException e) {
                    session.refresh(false);
                    log.error("Property {} can't be changed. {}", str, e.getMessage());
                    return user;
                }
            }
        });
    }

    @Deprecated
    public String getName() {
        return getRealmName();
    }

    @Deprecated
    public void setName(String str) {
        setRealmName(str);
    }

    public void setRealmName(String str) {
        this.realmName = str;
    }

    public String getRealmName() {
        return this.realmName;
    }

    public void setAllowCrossRealmDuplicateNames(boolean z) {
        this.allowCrossRealmDuplicateNames = z;
    }

    public boolean isAllowCrossRealmDuplicateNames() {
        return this.allowCrossRealmDuplicateNames;
    }

    @Override // info.magnolia.cms.security.UserManager
    public User getUser(final String str) {
        try {
            return (User) MgnlContext.doInSystemContext(new JCRSessionOp<User>(getRepositoryName()) { // from class: info.magnolia.cms.security.MgnlUserManager.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // info.magnolia.cms.security.JCRSessionOp
                public User exec(Session session) throws RepositoryException {
                    return MgnlUserManager.this.newUserInstance(MgnlUserManager.this.findPrincipalNode(str, session));
                }

                public String toString() {
                    return "retrieve user " + str;
                }
            });
        } catch (RepositoryException e) {
            log.error("Could not retrieve user with name: {}", str, e);
            return null;
        }
    }

    @Override // info.magnolia.cms.security.UserManager
    public User getUserById(final String str) {
        try {
            return (User) MgnlContext.doInSystemContext(new JCRSessionOp<User>(getRepositoryName()) { // from class: info.magnolia.cms.security.MgnlUserManager.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // info.magnolia.cms.security.JCRSessionOp
                public User exec(Session session) throws RepositoryException {
                    return MgnlUserManager.this.newUserInstance(session.getNodeByIdentifier(str));
                }

                public String toString() {
                    return "retrieve user with id " + str;
                }
            });
        } catch (RepositoryException e) {
            log.error("Could not retrieve user with id: {}", str, e);
            return null;
        }
    }

    @Override // info.magnolia.cms.security.UserManager
    public User getUser(Subject subject) throws UnsupportedOperationException {
        if (subject == null) {
            log.debug("subject not set.");
            return new DummyUser();
        }
        Iterator it = subject.getPrincipals(User.class).iterator();
        if (it.hasNext()) {
            return (User) it.next();
        }
        log.debug("user name not contained in principal set.");
        return new DummyUser();
    }

    @Deprecated
    protected Content findUserNode(String str, String str2) throws RepositoryException {
        throw new UnsupportedOperationException("Admin session is no longer kept open for unlimited duration of the time, therefore it is not possible to expose node outside of admin session.");
    }

    @Override // info.magnolia.cms.security.RepositoryBackedSecurityManager
    protected Node findPrincipalNode(String str, Session session) throws RepositoryException {
        String realmName = getRealmName();
        return findPrincipalNode(str, session, "mgnl:user", Realm.REALM_ALL.getName().equals(realmName) ? session.getRootNode() : session.getNode(DataTransporter.SLASH + realmName));
    }

    protected User getFromRepository(String str) throws RepositoryException {
        Content findUserNode = findUserNode(this.realmName, str);
        if (findUserNode != null) {
            return newUserInstance(findUserNode);
        }
        log.debug("User not found: [{}]", str);
        return null;
    }

    @Override // info.magnolia.cms.security.UserManager
    public User getSystemUser() throws UnsupportedOperationException {
        throw new UnsupportedOperationException();
    }

    @Override // info.magnolia.cms.security.UserManager
    public User getAnonymousUser() throws UnsupportedOperationException {
        throw new UnsupportedOperationException();
    }

    @Override // info.magnolia.cms.security.UserManager
    public Collection<User> getAllUsers() {
        return (Collection) MgnlContext.doInSystemContext(new SilentSessionOp<Collection<User>>(getRepositoryName()) { // from class: info.magnolia.cms.security.MgnlUserManager.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // info.magnolia.cms.security.SilentSessionOp
            public Collection<User> doExec(Session session) throws RepositoryException {
                ArrayList arrayList = new ArrayList();
                MgnlUserManager.this.findAllUsersInFolder(session.getNode(DataTransporter.SLASH + MgnlUserManager.this.realmName), arrayList);
                return arrayList;
            }

            public String toString() {
                return "get all users";
            }
        });
    }

    @Deprecated
    public void updateUserListWithAllChildren(Node node, Collection<User> collection) throws RepositoryException {
        findAllUsersInFolder(node, collection);
    }

    public void findAllUsersInFolder(Node node, Collection<User> collection) throws RepositoryException {
        NodeIterator nodes = node.getNodes();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        while (nodes.hasNext()) {
            Node node2 = (Node) nodes.next();
            if (node2.isNodeType("mgnl:user")) {
                hashSet.add(node2);
            } else if (node2.isNodeType("mgnl:folder")) {
                hashSet2.add(node2);
            }
        }
        if (!hashSet.isEmpty()) {
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                collection.add(newUserInstance((Node) it.next()));
            }
        }
        if (hashSet2.isEmpty()) {
            return;
        }
        Iterator it2 = hashSet2.iterator();
        while (it2.hasNext()) {
            findAllUsersInFolder((Node) it2.next(), collection);
        }
    }

    @Override // info.magnolia.cms.security.UserManager
    public User createUser(String str, String str2) {
        return createUser(null, str, str2);
    }

    @Override // info.magnolia.cms.security.UserManager
    public User createUser(final String str, final String str2, final String str3) throws UnsupportedOperationException {
        validateUsername(str2);
        return (User) MgnlContext.doInSystemContext(new SilentSessionOp<MgnlUser>(getRepositoryName()) { // from class: info.magnolia.cms.security.MgnlUserManager.6
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // info.magnolia.cms.security.SilentSessionOp
            public MgnlUser doExec(Session session) throws RepositoryException {
                Node createUserNode = MgnlUserManager.this.createUserNode(str == null ? DataTransporter.SLASH + MgnlUserManager.this.getRealmName() : str, str2, session);
                createUserNode.addMixin("mix:lockable");
                createUserNode.setProperty("name", str2);
                MgnlUserManager.this.setPasswordProperty(createUserNode, str3);
                createUserNode.setProperty("language", MessagesManager.FALLBACK_LOCALE);
                String path = createUserNode.getPath();
                Node addNode = createUserNode.addNode(MgnlUserManager.NODE_ACLUSERS, "mgnl:contentNode");
                Node addNode2 = addNode.addNode(Path.getUniqueLabel(session, addNode.getPath(), "0"), "mgnl:contentNode");
                addNode2.setProperty("path", path);
                addNode2.setProperty("permissions", 8L);
                MgnlUserManager.this.addWrite(path, "email", addNode);
                MgnlUserManager.this.addWrite(path, "language", addNode);
                MgnlUserManager.this.addWrite(path, MgnlUserManager.PROPERTY_LASTACCESS, addNode);
                MgnlUserManager.this.addWrite(path, MgnlUserManager.PROPERTY_PASSWORD, addNode);
                MgnlUserManager.this.addWrite(path, "title", addNode);
                session.save();
                return new MgnlUser(createUserNode.getName(), MgnlUserManager.this.getRealmName(), Collections.EMPTY_LIST, Collections.EMPTY_LIST, Collections.EMPTY_MAP, createUserNode.getPath(), createUserNode.getIdentifier());
            }

            public String toString() {
                return "create user " + str2;
            }
        });
    }

    @Override // info.magnolia.cms.security.UserManager
    public User changePassword(final User user, final String str) {
        return (User) MgnlContext.doInSystemContext(new SilentSessionOp<User>(getRepositoryName()) { // from class: info.magnolia.cms.security.MgnlUserManager.7
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // info.magnolia.cms.security.SilentSessionOp
            public User doExec(Session session) throws RepositoryException {
                Node findPrincipalNode = MgnlUserManager.this.findPrincipalNode(user.getName(), session);
                MgnlUserManager.this.setPasswordProperty(findPrincipalNode, str);
                session.save();
                return MgnlUserManager.this.newUserInstance(findPrincipalNode);
            }

            public String toString() {
                return "change password of user " + user.getName();
            }
        });
    }

    @Deprecated
    protected void setPasswordProperty(Content content, String str) throws RepositoryException {
        setPasswordProperty(content.getJCRNode(), str);
    }

    protected void setPasswordProperty(Node node, String str) throws RepositoryException {
        node.setProperty(PROPERTY_PASSWORD, encodePassword(str));
    }

    protected String encodePassword(String str) {
        return SecurityUtil.getBCrypt(str);
    }

    protected void validateUsername(String str) {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException(str + " is not a valid username.");
        }
        if ((isAllowCrossRealmDuplicateNames() ? getUser(str) : Security.getUserManager().getUser(str)) != null) {
            throw new IllegalArgumentException("User with name " + str + " already exists.");
        }
    }

    protected Content createUserNode(final String str) throws RepositoryException {
        final String str2 = DataTransporter.SLASH + getRealmName();
        return ContentUtil.asContent((Node) MgnlContext.doInSystemContext(new SilentSessionOp<Node>(getRepositoryName()) { // from class: info.magnolia.cms.security.MgnlUserManager.8
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // info.magnolia.cms.security.SilentSessionOp
            public Node doExec(Session session) throws RepositoryException {
                return MgnlUserManager.this.createUserNode(str2, str, session);
            }
        }));
    }

    protected Node createUserNode(String str, String str2, Session session) throws RepositoryException {
        return session.getNode(str).addNode(str2, "mgnl:user");
    }

    protected HierarchyManager getHierarchyManager() {
        return MgnlContext.getSystemContext().getHierarchyManager("users");
    }

    @Deprecated
    protected User newUserInstance(Content content) {
        try {
            return newUserInstance(content.getJCRNode());
        } catch (RepositoryException e) {
            log.error(e.getMessage(), e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Node addWrite(String str, String str2, Node node) throws PathNotFoundException, RepositoryException, AccessDeniedException {
        Node addNode = node.addNode(Path.getUniqueLabel(node.getSession(), node.getPath(), "0"), "mgnl:contentNode");
        addNode.setProperty("path", str + DataTransporter.SLASH + str2);
        addNode.setProperty("permissions", 63L);
        return addNode;
    }

    @Override // info.magnolia.cms.security.UserManager
    public void updateLastAccessTimestamp(final User user) throws UnsupportedOperationException {
        final String repositoryName = getRepositoryName();
        try {
            MgnlContext.doInSystemContext(new MgnlContext.LockingOp(repositoryName, ((MgnlUser) user).getPath()) { // from class: info.magnolia.cms.security.MgnlUserManager.9
                @Override // info.magnolia.context.MgnlContext.RepositoryOp
                public void doExec() throws RepositoryException {
                    Session jCRSession = MgnlContext.getJCRSession(repositoryName);
                    String path = ((MgnlUser) user).getPath();
                    MgnlUserManager.log.debug("update access timestamp for {}", user.getName());
                    try {
                        PropertyUtil.updateOrCreate(jCRSession.getNode(path), MgnlUserManager.PROPERTY_LASTACCESS, new GregorianCalendar());
                        jCRSession.save();
                    } catch (RepositoryException e) {
                        jCRSession.refresh(false);
                    }
                }
            });
        } catch (LockException e) {
            log.debug("Failed to lock node for last access timestamp update for user {} with {}", new Object[]{user.getName(), e.getMessage(), e});
        } catch (RepositoryException e2) {
            log.error("Failed to update user {} last access time stamp with {}", new Object[]{user.getName(), e2.getMessage(), e2});
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public User newUserInstance(Node node) throws ValueFormatException, PathNotFoundException, RepositoryException {
        if (node == null) {
            return null;
        }
        Set<String> collectUniquePropertyNames = collectUniquePropertyNames(node, SecurityConstants.NODE_ROLES, "userroles", false);
        Set<String> collectUniquePropertyNames2 = collectUniquePropertyNames(node, SecurityConstants.NODE_GROUPS, "usergroups", false);
        HashMap hashMap = new HashMap();
        FilteringPropertyIterator filteringPropertyIterator = new FilteringPropertyIterator(node.getProperties(), NodeUtil.ALL_PROPERTIES_EXCEPT_JCR_AND_MGNL_FILTER);
        while (filteringPropertyIterator.hasNext()) {
            Property nextProperty = filteringPropertyIterator.nextProperty();
            hashMap.put(nextProperty.getName(), nextProperty.getString());
        }
        return new MgnlUser(node.getName(), getRealmName(), collectUniquePropertyNames2, collectUniquePropertyNames, hashMap, node.getPath(), node.getIdentifier());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // info.magnolia.cms.security.RepositoryBackedSecurityManager
    public String getRepositoryName() {
        return "users";
    }

    @Override // info.magnolia.cms.security.UserManager
    public Map<String, ACL> getACLs(User user) {
        if (user instanceof MgnlUser) {
            return super.getACLs(user.getName());
        }
        return null;
    }

    @Override // info.magnolia.cms.security.UserManager
    public User addRole(User user, String str) {
        try {
            super.add(user.getName(), str, SecurityConstants.NODE_ROLES);
            return getUser(user.getName());
        } catch (PrincipalNotFoundException e) {
            return null;
        }
    }

    private Set<String> collectUniquePropertyNames(Node node, String str, String str2, boolean z) {
        TreeSet treeSet = new TreeSet(String.CASE_INSENSITIVE_ORDER);
        String str3 = null;
        try {
            str3 = node.getPath();
            collectUniquePropertyNames(node.getNode(str), str2, str, treeSet, z);
            collectUniquePropertyNames(node.getNode(str), str2, str, treeSet, z);
        } catch (PathNotFoundException e) {
            log.debug("{} does not have any {}", str3, str2);
        } catch (Throwable th) {
            log.error("Failed to read {} or sub node {} in repository {}", new Object[]{str3, str, str2, th});
        }
        return treeSet;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void collectUniquePropertyNames(final Node node, final String str, final String str2, final Collection<String> collection, final boolean z) throws RepositoryException {
        MgnlContext.doInSystemContext(new JCRSessionOp<Void>(str) { // from class: info.magnolia.cms.security.MgnlUserManager.10
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // info.magnolia.cms.security.JCRSessionOp
            public Void exec(Session session) throws RepositoryException {
                FilteringPropertyIterator filteringPropertyIterator = new FilteringPropertyIterator(node.getProperties(), NodeUtil.ALL_PROPERTIES_EXCEPT_JCR_AND_MGNL_FILTER);
                while (filteringPropertyIterator.hasNext()) {
                    Property nextProperty = filteringPropertyIterator.nextProperty();
                    try {
                        Node nodeByIdentifier = session.getNodeByIdentifier(nextProperty.getString());
                        collection.add(nodeByIdentifier.getName());
                        if (z && nodeByIdentifier.hasNode(str2)) {
                            MgnlUserManager.this.collectUniquePropertyNames(nodeByIdentifier.getNode(str2), str, str2, collection, true);
                        }
                    } catch (ItemNotFoundException e) {
                        MgnlUserManager.log.warn("Can't find {} node by UUID {} referred by node {}", new Object[]{str, e.getMessage(), nextProperty.getPath()});
                        MgnlUserManager.log.debug("Failed while reading node by UUID", e);
                    }
                }
                return null;
            }
        });
    }

    @Override // info.magnolia.cms.security.UserManager
    public User addGroup(User user, String str) {
        try {
            super.add(user.getName(), str, SecurityConstants.NODE_GROUPS);
            return getUser(user.getName());
        } catch (PrincipalNotFoundException e) {
            return null;
        }
    }

    @Override // info.magnolia.cms.security.UserManager
    public User removeGroup(User user, String str) {
        try {
            super.remove(user.getName(), str, SecurityConstants.NODE_GROUPS);
            return getUser(user.getName());
        } catch (PrincipalNotFoundException e) {
            return null;
        }
    }

    @Override // info.magnolia.cms.security.UserManager
    public User removeRole(User user, String str) {
        try {
            super.remove(user.getName(), str, SecurityConstants.NODE_ROLES);
            return getUser(user.getName());
        } catch (PrincipalNotFoundException e) {
            return null;
        }
    }
}
