package org.apache.jackrabbit.core.security.principal;

import java.security.Principal;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Properties;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.observation.EventIterator;
import org.apache.commons.collections.iterators.IteratorChain;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.observation.SynchronousEventListener;
import org.apache.jackrabbit.core.security.user.UserManagerImpl;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/jackrabbit-core-2.14.2.jar:org/apache/jackrabbit/core/security/principal/DefaultPrincipalProvider.class */
public class DefaultPrincipalProvider extends AbstractPrincipalProvider implements SynchronousEventListener {
    private static Logger log = LoggerFactory.getLogger(DefaultPrincipalProvider.class);
    private final UserManagerImpl userManager;
    private final EveryonePrincipal everyonePrincipal = EveryonePrincipal.getInstance();
    private final String pPrincipalName;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/jackrabbit-core-2.14.2.jar:org/apache/jackrabbit/core/security/principal/DefaultPrincipalProvider$PrincipalIteratorImpl.class */
    public class PrincipalIteratorImpl extends AbstractPrincipalIterator {
        private final Iterator<Authorizable> authorizableItr;
        private boolean addEveryone;

        private PrincipalIteratorImpl(Iterator<Authorizable> it, boolean z) {
            this.authorizableItr = it;
            this.addEveryone = z;
            this.next = seekNext();
        }

        @Override // org.apache.jackrabbit.core.security.principal.AbstractPrincipalIterator
        protected Principal seekNext() {
            while (this.authorizableItr.hasNext()) {
                try {
                    Principal principal = this.authorizableItr.next().getPrincipal();
                    if (DefaultPrincipalProvider.this.everyonePrincipal.equals(principal)) {
                        this.addEveryone = false;
                    }
                    DefaultPrincipalProvider.this.addToCache(principal);
                    return principal;
                } catch (RepositoryException e) {
                    DefaultPrincipalProvider.log.warn("Error while retrieving principal from group -> skip.");
                }
            }
            if (!this.addEveryone) {
                return null;
            }
            this.addEveryone = false;
            return DefaultPrincipalProvider.this.everyonePrincipal;
        }
    }

    public DefaultPrincipalProvider(Session session, UserManagerImpl userManagerImpl) throws RepositoryException {
        this.userManager = userManagerImpl;
        String[] strArr = new String[1];
        if (session instanceof SessionImpl) {
            NameResolver nameResolver = (NameResolver) session;
            strArr[0] = nameResolver.getJCRName(UserManagerImpl.NT_REP_AUTHORIZABLE_FOLDER);
            this.pPrincipalName = nameResolver.getJCRName(UserManagerImpl.P_PRINCIPAL_NAME);
        } else {
            strArr[0] = UserConstants.NT_REP_AUTHORIZABLE_FOLDER;
            this.pPrincipalName = "rep:principalName";
        }
        String groupsPath = this.userManager.getGroupsPath();
        String usersPath = this.userManager.getUsersPath();
        String str = groupsPath;
        while (true) {
            String str2 = str;
            if (Text.isDescendantOrEqual(str2, usersPath)) {
                session.getWorkspace().getObservationManager().addEventListener(this, 3, str2, true, (String[]) null, strArr, false);
                return;
            }
            str = Text.getRelativeParent(str2, 1);
        }
    }

    @Override // org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider
    protected Principal providePrincipal(String str) {
        try {
            Authorizable authorizable = this.userManager.getAuthorizable(new PrincipalImpl(str));
            if (authorizable != null) {
                return authorizable.getPrincipal();
            }
            if ("everyone".equals(str)) {
                return this.everyonePrincipal;
            }
            return null;
        } catch (RepositoryException e) {
            log.error("Failed to access Authorizable for Principal " + str, e);
            return null;
        }
    }

    @Override // org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider, org.apache.jackrabbit.core.security.principal.PrincipalProvider
    public void init(Properties properties) {
        if (!properties.containsKey(AbstractPrincipalProvider.NEGATIVE_ENTRY_KEY)) {
            properties.put(AbstractPrincipalProvider.NEGATIVE_ENTRY_KEY, "true");
        }
        super.init(properties);
    }

    @Override // org.apache.jackrabbit.core.security.principal.PrincipalProvider
    public PrincipalIterator findPrincipals(String str) {
        return findPrincipals(str, 3);
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [java.util.Iterator[], org.apache.jackrabbit.api.security.principal.PrincipalIterator[]] */
    @Override // org.apache.jackrabbit.core.security.principal.PrincipalProvider
    public PrincipalIterator findPrincipals(String str, int i) {
        checkInitialized();
        switch (i) {
            case 1:
                return findUserPrincipals(str);
            case 2:
                return findGroupPrincipals(str);
            case 3:
                return new PrincipalIteratorAdapter(new IteratorChain((Iterator[]) new PrincipalIterator[]{findUserPrincipals(str), findGroupPrincipals(str)}));
            default:
                throw new IllegalArgumentException("Invalid searchType");
        }
    }

    @Override // org.apache.jackrabbit.core.security.principal.PrincipalProvider
    public PrincipalIterator getPrincipals(int i) {
        return findPrincipals(null, i);
    }

    @Override // org.apache.jackrabbit.core.security.principal.PrincipalProvider
    public PrincipalIterator getGroupMembership(Principal principal) {
        checkInitialized();
        Set<Principal> collectGroupMembership = collectGroupMembership(principal);
        if (!collectGroupMembership.contains(this.everyonePrincipal) && this.everyonePrincipal.isMember(principal)) {
            collectGroupMembership.add(this.everyonePrincipal);
        }
        return new PrincipalIteratorAdapter(collectGroupMembership);
    }

    @Override // org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider, org.apache.jackrabbit.core.security.principal.PrincipalProvider
    public synchronized void close() {
        super.close();
    }

    @Override // org.apache.jackrabbit.core.security.principal.PrincipalProvider
    public boolean canReadPrincipal(Session session, Principal principal) {
        checkInitialized();
        if (!(session instanceof SessionImpl)) {
            return false;
        }
        SessionImpl sessionImpl = (SessionImpl) session;
        if (sessionImpl.isAdmin() || sessionImpl.isSystem()) {
            return true;
        }
        try {
            return sessionImpl.getUserManager().getAuthorizable(principal) != null;
        } catch (RepositoryException e) {
            log.error("Failed to determine accessibility of Principal {}", principal, e);
            return false;
        }
    }

    public void onEvent(EventIterator eventIterator) {
        clearCache();
    }

    private Set<Principal> collectGroupMembership(Principal principal) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        try {
            Authorizable authorizable = this.userManager.getAuthorizable(principal);
            if (authorizable != null) {
                addToCache(authorizable.getPrincipal());
                Iterator<Group> memberOf = authorizable.memberOf();
                while (memberOf.hasNext()) {
                    Principal principal2 = memberOf.next().getPrincipal();
                    addToCache(principal2);
                    linkedHashSet.add(principal2);
                }
            } else {
                log.debug("Cannot find authorizable for principal " + principal.getName());
            }
        } catch (RepositoryException e) {
            log.warn("Failed to determine membership for " + principal.getName(), e.getMessage());
        }
        return linkedHashSet;
    }

    private PrincipalIterator findUserPrincipals(String str) {
        PrincipalIteratorImpl principalIteratorImpl;
        synchronized (this.userManager) {
            try {
                principalIteratorImpl = new PrincipalIteratorImpl(this.userManager.findAuthorizables(this.pPrincipalName, str, 1), false);
            } catch (RepositoryException e) {
                log.error("Error while searching user principals.", e);
                return PrincipalIteratorAdapter.EMPTY;
            }
        }
        return principalIteratorImpl;
    }

    private PrincipalIterator findGroupPrincipals(String str) {
        PrincipalIteratorImpl principalIteratorImpl;
        synchronized (this.userManager) {
            try {
                principalIteratorImpl = new PrincipalIteratorImpl(this.userManager.findAuthorizables(this.pPrincipalName, str, 2), this.everyonePrincipal.getName().matches(".*" + str + ".*"));
            } catch (RepositoryException e) {
                log.error("Error while searching group principals.", e);
                return PrincipalIteratorAdapter.EMPTY;
            }
        }
        return principalIteratorImpl;
    }
}
