package info.magnolia.cms.security;

import info.magnolia.cms.security.SecuritySupport;
import info.magnolia.cms.security.auth.ACL;
import info.magnolia.cms.util.SimpleUrlPattern;
import info.magnolia.context.MgnlContext;
import info.magnolia.jcr.util.NodeNameHelper;
import info.magnolia.jcr.util.NodeTypes;
import info.magnolia.module.InstallContextImpl;
import info.magnolia.module.InstallStatus;
import info.magnolia.objectfactory.Components;
import info.magnolia.security.app.dialog.field.AccessControlList;
import info.magnolia.util.EscapeUtil;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import javax.inject.Inject;
import javax.jcr.ItemNotFoundException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.Property;
import javax.jcr.PropertyIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.ValueFormatException;
import javax.jcr.query.InvalidQueryException;
import javax.jcr.query.Query;
import net.sf.json.util.JSONUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.jackrabbit.commons.iterator.FilteringNodeIterator;
import org.apache.jackrabbit.commons.predicate.NodeTypePredicate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/magnolia-core-5.5.3.jar:info/magnolia/cms/security/RepositoryBackedSecurityManager.class */
public abstract class RepositoryBackedSecurityManager {
    private static final Logger log = LoggerFactory.getLogger(RepositoryBackedSecurityManager.class);
    static final String GROUPS_NODE_NAME = "groups";
    static final String ROLES_NODE_NAME = "roles";
    protected final NodeNameHelper nodeNameHelper;

    @Inject
    public RepositoryBackedSecurityManager(NodeNameHelper nodeNameHelper) {
        this.nodeNameHelper = nodeNameHelper;
    }

    @Deprecated
    public RepositoryBackedSecurityManager() {
        this((NodeNameHelper) Components.getComponent(NodeNameHelper.class));
    }

    public boolean hasAny(final String str, final String str2, final String str3) {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            try {
                String str4 = StringUtils.equalsIgnoreCase(str3, "roles") ? "userroles" : "usergroups";
                final Collection collection = (Collection) MgnlContext.doInSystemContext(new JCRSessionOp<Collection<String>>(getRepositoryName()) { // from class: info.magnolia.cms.security.RepositoryBackedSecurityManager.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // info.magnolia.cms.security.JCRSessionOp
                    public Collection<String> exec(Session session) throws RepositoryException {
                        ArrayList arrayList = new ArrayList();
                        Node findPrincipalNode = RepositoryBackedSecurityManager.this.findPrincipalNode(str, session);
                        if (findPrincipalNode == null) {
                            RepositoryBackedSecurityManager.log.debug("No User '{}' found in repository", str);
                            return arrayList;
                        }
                        PropertyIterator properties = findPrincipalNode.getNode(str3).getProperties();
                        while (properties.hasNext()) {
                            Property nextProperty = properties.nextProperty();
                            try {
                                arrayList.add(nextProperty.getString());
                            } catch (IllegalArgumentException | ValueFormatException e) {
                                RepositoryBackedSecurityManager.log.debug("{} has invalid value", nextProperty.getPath());
                            } catch (ItemNotFoundException e2) {
                                RepositoryBackedSecurityManager.log.debug("Role [{}] does not exist in the {} repository", str2, str3);
                            }
                        }
                        return arrayList;
                    }
                });
                boolean booleanValue = ((Boolean) MgnlContext.doInSystemContext(new JCRSessionOp<Boolean>(str4) { // from class: info.magnolia.cms.security.RepositoryBackedSecurityManager.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // info.magnolia.cms.security.JCRSessionOp
                    public Boolean exec(Session session) throws RepositoryException {
                        Iterator it = collection.iterator();
                        while (it.hasNext()) {
                            try {
                            } catch (RepositoryException e) {
                                RepositoryBackedSecurityManager.log.debug("Role [{}] does not exist in the ROLES repository", str2);
                            }
                            if (session.getNodeByIdentifier((String) it.next()).getName().equalsIgnoreCase(str2)) {
                                return true;
                            }
                            continue;
                        }
                        return false;
                    }
                })).booleanValue();
                log.debug("checked {} for {} in {}ms.", str2, str3, Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                return booleanValue;
            } catch (RepositoryException e) {
                log.debug(e.getMessage(), (Throwable) e);
                log.debug("checked {} for {} in {}ms.", str2, str3, Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                return false;
            }
        } catch (Throwable th) {
            log.debug("checked {} for {} in {}ms.", str2, str3, Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void add(String str, String str2, String str3) throws PrincipalNotFoundException {
        try {
            String linkedResourceId = getLinkedResourceId(str2, str3);
            if (!hasAny(str, str2, str3)) {
                Session jCRSession = MgnlContext.getJCRSession(getRepositoryName());
                Node findPrincipalNode = findPrincipalNode(str, jCRSession);
                if (findPrincipalNode == null) {
                    throw new PrincipalNotFoundException("Principal " + str + " of type " + str3 + " was not found.");
                }
                if (!findPrincipalNode.hasNode(str3)) {
                    findPrincipalNode.addNode(str3, "mgnl:contentNode");
                }
                Node node = findPrincipalNode.getNode(str3);
                node.setProperty(this.nodeNameHelper.getUniqueName(jCRSession, node.getPath(), "0"), linkedResourceId);
                jCRSession.save();
            }
        } catch (RepositoryException e) {
            log.error("failed to add {} {} to  [{}]", str3, str2, str, e);
        }
    }

    private String getLinkedResourceId(String str, String str2) throws AccessDeniedException {
        String id;
        if (StringUtils.equalsIgnoreCase(str2, "roles")) {
            Role role = SecuritySupport.Factory.getInstance().getRoleManager().getRole(str);
            if (role == null) {
                log.warn("Invalid role requested: {}", str);
                id = null;
            } else {
                id = role.getId();
            }
        } else {
            Group group = SecuritySupport.Factory.getInstance().getGroupManager().getGroup(str);
            if (group == null) {
                log.warn("Invalid group requested: {}", str);
                id = null;
            } else {
                id = group.getId();
            }
        }
        return id;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getResourceName(String str) {
        try {
            return MgnlContext.getJCRSession(getRepositoryName()).getNodeByIdentifier(str).getName();
        } catch (ItemNotFoundException e) {
            return null;
        } catch (RepositoryException e2) {
            log.error(e2.getMessage(), (Throwable) e2);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void remove(String str, String str2, String str3) throws PrincipalNotFoundException {
        try {
            String linkedResourceId = getLinkedResourceId(str2, str3);
            if (hasAny(str, str2, str3)) {
                Session jCRSession = MgnlContext.getJCRSession(getRepositoryName());
                Node findPrincipalNode = findPrincipalNode(str, jCRSession);
                if (findPrincipalNode == null || !findPrincipalNode.hasNode(str3)) {
                    throw new PrincipalNotFoundException("Principal " + str + " of type " + str3 + " was not found.");
                }
                PropertyIterator properties = findPrincipalNode.getNode(str3).getProperties();
                while (properties.hasNext()) {
                    Property nextProperty = properties.nextProperty();
                    try {
                        if (nextProperty.getString().equals(linkedResourceId)) {
                            nextProperty.remove();
                            jCRSession.save();
                        }
                    } catch (IllegalArgumentException | ValueFormatException e) {
                        log.debug("{} has invalid value", nextProperty.getPath());
                    }
                }
            }
        } catch (RepositoryException e2) {
            log.error("failed to remove {} {} from [{}]", str3, str2, str, e2);
        }
    }

    protected abstract String getRepositoryName();

    protected abstract Node findPrincipalNode(String str, Session session) throws RepositoryException;

    /* JADX INFO: Access modifiers changed from: protected */
    public Node findPrincipalNode(String str, Session session, String str2) throws RepositoryException {
        return findPrincipalNode(str, session, str2, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Node findPrincipalNode(String str, Session session, String str2, Node node) throws RepositoryException {
        boolean equals = InstallStatus.inProgress.equals(((InstallContextImpl) Components.getComponent(InstallContextImpl.class)).getStatus());
        long currentTimeMillis = System.currentTimeMillis();
        Node findPrincipalNodeByTraversal = equals ? findPrincipalNodeByTraversal(str, session, str2, node) : findPrincipalNodeByQuery(str, session, str2, node);
        Logger logger = log;
        Object[] objArr = new Object[3];
        objArr[0] = Long.valueOf(System.currentTimeMillis() - currentTimeMillis);
        objArr[1] = Boolean.valueOf(equals);
        objArr[2] = findPrincipalNodeByTraversal == null ? "<null>" : findPrincipalNodeByTraversal.getPath();
        logger.debug("Retrieving node took {}ms (isInstallationPhase: {}): path = {}", objArr);
        if (findPrincipalNodeByTraversal == null) {
            Logger logger2 = log;
            Object[] objArr2 = new Object[4];
            objArr2[0] = str;
            objArr2[1] = str2;
            objArr2[2] = node == null ? "/" : node.getPath();
            objArr2[3] = session.getWorkspace().getName();
            logger2.debug("Could not find principal node '{}' of primary type '{}' under startnode '{}' in workspace '{}'.", objArr2);
        }
        return findPrincipalNodeByTraversal;
    }

    Node findPrincipalNodeByQuery(String str, Session session, String str2, Node node) throws RepositoryException {
        Node rootNode = node == null ? session.getRootNode() : node;
        StringBuilder append = new StringBuilder("select * from [").append(str2).append("] where name() = '").append(EscapeUtil.escapeSql(str)).append(JSONUtils.SINGLE_QUOTE);
        if (!"/".equals(rootNode.getPath())) {
            append.append(" and isdescendantnode(['").append(rootNode.getPath()).append("'])");
        }
        String sb = append.toString();
        log.debug("Executing query \"{}\".", sb);
        try {
            NodeIterator nodes = session.getWorkspace().getQueryManager().createQuery(sb, Query.JCR_SQL2).execute().getNodes();
            Node nextNode = nodes.hasNext() ? nodes.nextNode() : null;
            if (nodes.hasNext()) {
                log.error("Query found more than one node of type \"{}\" with name \"{}\" under the root path \"{}\".", str2, str, rootNode.getPath());
            }
            return nextNode;
        } catch (InvalidQueryException e) {
            log.debug("Invalid query when searching for group [{}]. Query: {}", str, sb);
            return null;
        }
    }

    Node findPrincipalNodeByTraversal(String str, Session session, String str2, Node node) throws RepositoryException {
        Node rootNode = node == null ? session.getRootNode() : node;
        log.debug("Traversing to find nodes of type \"{}\" with name \"{}\" under the root path \"{}\".", str2, str, rootNode.getPath());
        LinkedList linkedList = new LinkedList();
        NodeIterator nodes = rootNode.getNodes();
        while (nodes.hasNext()) {
            Node nextNode = nodes.nextNode();
            if (!nextNode.getName().startsWith("jcr:") && !nextNode.getName().startsWith(NodeTypes.REP_PREFIX)) {
                linkedList.add(nextNode);
            }
        }
        Node node2 = null;
        while (true) {
            if (linkedList.isEmpty()) {
                break;
            }
            Node node3 = (Node) linkedList.removeFirst();
            if (node3.getName().equals(str) && node3.getPrimaryNodeType().getName().equals(str2)) {
                if (node2 != null) {
                    log.error("Traversal found more than one node of type \"{}\" with name \"{}\" under the root path \"{}\".", str2, str, rootNode.getPath());
                    break;
                }
                node2 = node3;
            }
            int i = 0;
            NodeIterator nodes2 = node3.getNodes();
            while (nodes2.hasNext()) {
                int i2 = i;
                i++;
                linkedList.add(i2, nodes2.nextNode());
            }
        }
        return node2;
    }

    public Map<String, ACL> getACLs(final String str) {
        return (Map) MgnlContext.doInSystemContext(new SilentSessionOp<Map<String, ACL>>(getRepositoryName()) { // from class: info.magnolia.cms.security.RepositoryBackedSecurityManager.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // info.magnolia.cms.security.SilentSessionOp
            public Map<String, ACL> doExec(Session session) throws Throwable {
                Node findPrincipalNode = RepositoryBackedSecurityManager.this.findPrincipalNode(str, session);
                return findPrincipalNode == null ? Collections.emptyMap() : RepositoryBackedSecurityManager.this.getACLs(findPrincipalNode);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, ACL> getACLs(Node node) throws RepositoryException, ValueFormatException, PathNotFoundException {
        HashMap hashMap = new HashMap();
        FilteringNodeIterator filteringNodeIterator = new FilteringNodeIterator(node.getNodes(), new NodeTypePredicate("mgnl:contentNode", true));
        while (filteringNodeIterator.hasNext()) {
            Node nextNode = filteringNodeIterator.nextNode();
            if (nextNode.getName().startsWith("acl")) {
                String substringAfter = StringUtils.substringAfter(nextNode.getName(), "acl_");
                ArrayList arrayList = new ArrayList();
                FilteringNodeIterator filteringNodeIterator2 = new FilteringNodeIterator(nextNode.getNodes(), new NodeTypePredicate("mgnl:contentNode", true));
                while (filteringNodeIterator2.hasNext()) {
                    Node nextNode2 = filteringNodeIterator2.nextNode();
                    SimpleUrlPattern simpleUrlPattern = new SimpleUrlPattern(nextNode2.getProperty("path").getString());
                    PermissionImpl permissionImpl = new PermissionImpl();
                    permissionImpl.setPattern(simpleUrlPattern);
                    permissionImpl.setPermissions(nextNode2.getProperty(AccessControlList.PERMISSIONS_PROPERTY_NAME).getLong());
                    arrayList.add(permissionImpl);
                }
                if (hashMap.containsKey(substringAfter)) {
                    arrayList.addAll(((ACL) hashMap.get(substringAfter)).getList());
                }
                hashMap.put(substringAfter, new ACLImpl(substringAfter, arrayList));
            }
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public NodeIterator findPrincipalNodes(Node node, String str) throws RepositoryException {
        StringBuilder append = new StringBuilder("select * from [").append(str).append("]");
        if (!"/".equals(node.getPath())) {
            append.append(" where isdescendantnode(['").append(node.getPath()).append("'])");
        }
        String sb = append.toString();
        log.debug("Executing query \"{}\".", sb);
        return node.getSession().getWorkspace().getQueryManager().createQuery(sb, Query.JCR_SQL2).execute().getNodes();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<String> findUsersOrGroupsHavingAssignedGroupOrRoleWithUid(Session session, Node node, String str) throws RepositoryException {
        if (node == null) {
            return Collections.EMPTY_LIST;
        }
        StringBuilder append = new StringBuilder("select * from [").append("mgnl:contentNode").append("] as s");
        append.append(" where contains(s.*, '").append(node.getIdentifier()).append("')");
        String sb = append.toString();
        log.debug("Executing query \"{}\".", sb);
        NodeIterator nodes = session.getWorkspace().getQueryManager().createQuery(sb, Query.JCR_SQL2).execute().getNodes();
        ArrayList arrayList = new ArrayList();
        while (nodes.hasNext()) {
            Node nextNode = nodes.nextNode();
            if (str.equals(nextNode.getName())) {
                arrayList.add(nextNode.getParent().getName());
            }
        }
        return arrayList;
    }
}
