package org.apache.jackrabbit.oak.security.user;

import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.Iterators;
import java.security.Principal;
import java.util.Enumeration;
import java.util.Iterator;
import javax.annotation.Nullable;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/oak-core-1.0.39.jar:org/apache/jackrabbit/oak/security/user/GroupImpl.class
 */
/* loaded from: input_file:WEB-INF/lib/oak-upgrade-1.0.39.jar:org/apache/jackrabbit/oak/security/user/GroupImpl.class */
public class GroupImpl extends AuthorizableImpl implements Group {
    private static final Logger log = LoggerFactory.getLogger(GroupImpl.class);

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/oak-core-1.0.39.jar:org/apache/jackrabbit/oak/security/user/GroupImpl$GroupPrincipal.class
     */
    /* loaded from: input_file:WEB-INF/lib/oak-upgrade-1.0.39.jar:org/apache/jackrabbit/oak/security/user/GroupImpl$GroupPrincipal.class */
    private class GroupPrincipal extends TreeBasedPrincipal implements java.security.acl.Group {
        GroupPrincipal(String str, Tree tree) {
            super(str, tree, GroupImpl.this.getUserManager().getNamePathMapper());
        }

        @Override // java.security.acl.Group
        public boolean addMember(Principal principal) {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.acl.Group
        public boolean removeMember(Principal principal) {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.acl.Group
        public boolean isMember(Principal principal) {
            boolean z = false;
            try {
                if (GroupImpl.this.isEveryone()) {
                    z = !"everyone".equals(principal.getName());
                } else {
                    Authorizable authorizable = GroupImpl.this.getUserManager().getAuthorizable(principal);
                    if (authorizable != null) {
                        z = GroupImpl.this.isMember(authorizable);
                    }
                }
            } catch (RepositoryException e) {
                GroupImpl.log.warn("Failed to determine group membership", e.getMessage());
            }
            return z;
        }

        @Override // java.security.acl.Group
        public Enumeration<? extends Principal> members() {
            try {
                return Iterators.asEnumeration(Iterators.filter(Iterators.transform(GroupImpl.this.getMembers(), new Function<Authorizable, Principal>() { // from class: org.apache.jackrabbit.oak.security.user.GroupImpl.GroupPrincipal.1
                    @Override // com.google.common.base.Function
                    public Principal apply(Authorizable authorizable) {
                        if (authorizable == null) {
                            return null;
                        }
                        try {
                            return authorizable.getPrincipal();
                        } catch (RepositoryException e) {
                            String str = "Internal error while retrieving principal: " + e.getMessage();
                            GroupImpl.log.error(str);
                            throw new IllegalStateException(str);
                        }
                    }
                }), Predicates.notNull()));
            } catch (RepositoryException e) {
                String str = "Unable to retrieve Group members: " + e.getMessage();
                GroupImpl.log.error(str);
                throw new IllegalStateException(str);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GroupImpl(String str, Tree tree, UserManagerImpl userManagerImpl) throws RepositoryException {
        super(str, tree, userManagerImpl);
    }

    @Override // org.apache.jackrabbit.oak.security.user.AuthorizableImpl
    void checkValidTree(Tree tree) throws RepositoryException {
        if (tree == null || !UserUtil.isType(tree, AuthorizableType.GROUP)) {
            throw new IllegalArgumentException("Invalid group node: node type rep:Group expected.");
        }
    }

    @Override // org.apache.jackrabbit.api.security.user.Authorizable
    public boolean isGroup() {
        return true;
    }

    @Override // org.apache.jackrabbit.api.security.user.Authorizable
    public Principal getPrincipal() throws RepositoryException {
        return new GroupPrincipal(getPrincipalName(), getTree());
    }

    @Override // org.apache.jackrabbit.api.security.user.Group
    public Iterator<Authorizable> getDeclaredMembers() throws RepositoryException {
        return getMembers(false);
    }

    @Override // org.apache.jackrabbit.api.security.user.Group
    public Iterator<Authorizable> getMembers() throws RepositoryException {
        return getMembers(true);
    }

    @Override // org.apache.jackrabbit.api.security.user.Group
    public boolean isDeclaredMember(Authorizable authorizable) throws RepositoryException {
        return isMember(authorizable, false);
    }

    @Override // org.apache.jackrabbit.api.security.user.Group
    public boolean isMember(Authorizable authorizable) throws RepositoryException {
        return isMember(authorizable, true);
    }

    @Override // org.apache.jackrabbit.api.security.user.Group
    public boolean addMember(Authorizable authorizable) throws RepositoryException {
        if (!isValidAuthorizableImpl(authorizable)) {
            log.warn("Invalid Authorizable: {}", authorizable);
            return false;
        }
        AuthorizableImpl authorizableImpl = (AuthorizableImpl) authorizable;
        if (isEveryone() || authorizableImpl.isEveryone()) {
            return false;
        }
        String id = authorizable.getID();
        if (authorizableImpl.isGroup()) {
            if (getID().equals(id)) {
                log.debug("Attempt to add a group as member of itself (" + getID() + ").");
                return false;
            }
            if (isCyclicMembership(authorizableImpl)) {
                log.warn("Attempt to create circular group membership.");
                return false;
            }
        }
        if (!isDeclaredMember(authorizable)) {
            return getMembershipProvider().addMember(getTree(), authorizableImpl.getTree());
        }
        log.debug("Authorizable {} is already declared member of {}", id, getID());
        return false;
    }

    private boolean isCyclicMembership(AuthorizableImpl authorizableImpl) {
        if (!authorizableImpl.isGroup()) {
            return false;
        }
        MembershipProvider membershipProvider = getMembershipProvider();
        return membershipProvider.isMember(authorizableImpl.getTree(), membershipProvider.getContentID(getTree()), true);
    }

    @Override // org.apache.jackrabbit.api.security.user.Group
    public boolean removeMember(Authorizable authorizable) throws RepositoryException {
        if (!isValidAuthorizableImpl(authorizable)) {
            log.warn("Invalid Authorizable: {}", authorizable);
            return false;
        }
        if (isEveryone()) {
            return false;
        }
        return getMembershipProvider().removeMember(getTree(), ((AuthorizableImpl) authorizable).getTree());
    }

    private Iterator<Authorizable> getMembers(boolean z) throws RepositoryException {
        UserManagerImpl userManager = getUserManager();
        if (isEveryone()) {
            return Iterators.filter(userManager.findAuthorizables(getUserManager().getNamePathMapper().getJcrName("rep:principalName"), null, 3), new Predicate<Authorizable>() { // from class: org.apache.jackrabbit.oak.security.user.GroupImpl.1
                @Override // com.google.common.base.Predicate
                public boolean apply(@Nullable Authorizable authorizable) {
                    if (authorizable == null) {
                        return false;
                    }
                    if (!authorizable.isGroup()) {
                        return true;
                    }
                    try {
                        return !((GroupImpl) authorizable).isEveryone();
                    } catch (RepositoryException e) {
                        GroupImpl.log.warn("Unable to evaluate if authorizable is the 'everyone' group.", (Throwable) e);
                        return true;
                    }
                }
            });
        }
        Iterator<String> members = getMembershipProvider().getMembers(getTree(), AuthorizableType.AUTHORIZABLE, z);
        if (!members.hasNext()) {
            return RangeIteratorAdapter.EMPTY;
        }
        AuthorizableIterator create = AuthorizableIterator.create(members, userManager, AuthorizableType.AUTHORIZABLE);
        return new RangeIteratorAdapter(create, create.getSize());
    }

    private boolean isMember(Authorizable authorizable, boolean z) throws RepositoryException {
        if (!isValidAuthorizableImpl(authorizable) || getID().equals(authorizable.getID())) {
            return false;
        }
        if (isEveryone()) {
            return true;
        }
        return getUserManager().getMembershipProvider().isMember(getTree(), ((AuthorizableImpl) authorizable).getTree(), z);
    }
}
