package org.apache.jackrabbit.core.security.user;

import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.NoSuchElementException;
import java.util.Properties;
import java.util.Set;
import java.util.UUID;
import javax.jcr.AccessDeniedException;
import javax.jcr.ItemExistsException;
import javax.jcr.ItemNotFoundException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.Value;
import javax.jcr.lock.LockException;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.version.VersionException;
import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.Query;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.ItemImpl;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.ProtectedItemModifier;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.SessionListener;
import org.apache.jackrabbit.core.id.NodeId;
import org.apache.jackrabbit.core.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.core.security.user.AuthorizableImpl;
import org.apache.jackrabbit.core.security.user.action.AuthorizableAction;
import org.apache.jackrabbit.core.session.SessionOperation;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/jackrabbit-core-2.7.0.jar:org/apache/jackrabbit/core/security/user/UserManagerImpl.class */
public class UserManagerImpl extends ProtectedItemModifier implements UserManager, UserConstants, SessionListener {
    public static final String PARAM_USERS_PATH = "usersPath";
    public static final String PARAM_GROUPS_PATH = "groupsPath";
    public static final String PARAM_COMPATIBILE_JR16 = "compatibleJR16";
    public static final String PARAM_COMPATIBLE_JR16 = "compatibleJR16";
    public static final String PARAM_DEFAULT_DEPTH = "defaultDepth";
    public static final String PARAM_AUTO_EXPAND_TREE = "autoExpandTree";
    public static final String PARAM_AUTO_EXPAND_SIZE = "autoExpandSize";
    public static final String PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE = "groupMembershipSplitSize";
    public static final String PARAM_PASSWORD_HASH_ALGORITHM = "passwordHashAlgorithm";
    public static final String PARAM_PASSWORD_HASH_ITERATIONS = "passwordHashIterations";
    private static final Logger log = LoggerFactory.getLogger(UserManagerImpl.class);
    private final SessionImpl session;
    private final String adminId;
    private final NodeResolver authResolver;
    private final NodeCreator nodeCreator;
    private final UserManagerConfig config;
    private final String usersPath;
    private final String groupsPath;
    private final MembershipCache membershipCache;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/jackrabbit-core-2.7.0.jar:org/apache/jackrabbit/core/security/user/UserManagerImpl$AuthorizableIterator.class */
    public final class AuthorizableIterator implements Iterator<Authorizable> {
        private final Set<String> served;
        private Authorizable next;
        private final NodeIterator authNodeIter;

        private AuthorizableIterator(NodeIterator nodeIterator) {
            this.served = new HashSet();
            this.authNodeIter = nodeIterator;
            this.next = seekNext();
        }

        @Override // java.util.Iterator
        public boolean hasNext() {
            return this.next != null;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.Iterator
        public Authorizable next() {
            Authorizable authorizable = this.next;
            if (authorizable == null) {
                throw new NoSuchElementException();
            }
            this.next = seekNext();
            return authorizable;
        }

        @Override // java.util.Iterator
        public void remove() {
            throw new UnsupportedOperationException();
        }

        private Authorizable seekNext() {
            while (this.authNodeIter.hasNext()) {
                NodeImpl nodeImpl = (NodeImpl) this.authNodeIter.nextNode();
                try {
                    if (this.served.contains(nodeImpl.getUUID())) {
                        continue;
                    } else {
                        Authorizable authorizable = UserManagerImpl.this.getAuthorizable(nodeImpl);
                        this.served.add(nodeImpl.getUUID());
                        if (authorizable != null) {
                            return authorizable;
                        }
                    }
                } catch (RepositoryException e) {
                    UserManagerImpl.log.debug(e.getMessage());
                }
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/jackrabbit-core-2.7.0.jar:org/apache/jackrabbit/core/security/user/UserManagerImpl$NodeCreator.class */
    public class NodeCreator {
        private static final String DELIMITER = "/";
        private static final int DEFAULT_DEPTH = 2;
        private static final long DEFAULT_SIZE = 1000;
        private final int defaultDepth;
        private final boolean autoExpandTree;
        private final long autoExpandSize;

        private NodeCreator(UserManagerConfig userManagerConfig) {
            int i = 2;
            boolean z = false;
            long j = 1000;
            if (userManagerConfig != null) {
                i = ((Integer) userManagerConfig.getConfigValue(UserManagerImpl.PARAM_DEFAULT_DEPTH, 2)).intValue();
                if (i <= 0) {
                    UserManagerImpl.log.warn("Invalid defaultDepth '" + i + "' -> using default.");
                    i = 2;
                }
                z = ((Boolean) userManagerConfig.getConfigValue(UserManagerImpl.PARAM_AUTO_EXPAND_TREE, false)).booleanValue();
                j = ((Long) userManagerConfig.getConfigValue(UserManagerImpl.PARAM_AUTO_EXPAND_SIZE, 1000L)).longValue();
                if (z && j <= 0) {
                    UserManagerImpl.log.warn("Invalid autoExpandSize '" + j + "' -> using default.");
                    j = 1000;
                }
            }
            this.defaultDepth = i;
            this.autoExpandTree = z;
            this.autoExpandSize = j;
        }

        public Node createUserNode(String str, String str2) throws RepositoryException {
            return createAuthorizableNode(str, false, str2);
        }

        public Node createGroupNode(String str, String str2) throws RepositoryException {
            return createAuthorizableNode(str, true, str2);
        }

        private Node createAuthorizableNode(String str, boolean z, String str2) throws RepositoryException {
            String escapeIllegalJcrChars = Text.escapeIllegalJcrChars(str);
            Node createDefaultFolderNodes = createDefaultFolderNodes(str, escapeIllegalJcrChars, z, str2);
            if (str2 == null) {
                createDefaultFolderNodes = createIntermediateFolderNodes(str, escapeIllegalJcrChars, createDefaultFolderNodes);
            }
            Name qName = UserManagerImpl.this.session.getQName(escapeIllegalJcrChars);
            Name name = z ? UserConstants.NT_REP_GROUP : UserConstants.NT_REP_USER;
            NodeId buildNodeId = UserManagerImpl.this.buildNodeId(str);
            while (((NodeImpl) createDefaultFolderNodes).hasNode(qName)) {
                NodeImpl node = ((NodeImpl) createDefaultFolderNodes).getNode(qName);
                if (!node.isNodeType(UserConstants.NT_REP_AUTHORIZABLE_FOLDER)) {
                    String str3 = "Failed to create authorizable with id '" + str + "' : Detected conflicting node of unexpected nodetype '" + node.getPrimaryNodeType().getName() + "'.";
                    UserManagerImpl.log.error(str3);
                    throw new ConstraintViolationException(str3);
                }
                UserManagerImpl.log.warn("Existing folder node collides with user/group to be created. Expanding path: " + node.getPath());
                createDefaultFolderNodes = node;
            }
            if (!UserManagerImpl.this.session.getItemManager().itemExists(buildNodeId)) {
                return UserManagerImpl.this.addNode((NodeImpl) createDefaultFolderNodes, qName, name, buildNodeId);
            }
            String str4 = "Failed to create authorizable with id '" + str + "' : Detected conflict with existing node (NodeID: " + buildNodeId + ")";
            UserManagerImpl.log.error(str4);
            throw new ItemExistsException(str4);
        }

        private Node createDefaultFolderNodes(String str, String str2, boolean z, String str3) throws RepositoryException {
            String[] split = getDefaultFolderPath(str, z, str3).split("/");
            NodeImpl nodeImpl = (NodeImpl) UserManagerImpl.this.session.getRootNode();
            String str4 = z ? UserManagerImpl.this.groupsPath : UserManagerImpl.this.usersPath;
            for (String str5 : split) {
                if (str5.length() >= 1) {
                    if (nodeImpl.hasNode(str5)) {
                        nodeImpl = (NodeImpl) nodeImpl.getNode(str5);
                        if (Text.isDescendantOrEqual(str4, nodeImpl.getPath()) && !nodeImpl.isNodeType(UserConstants.NT_REP_AUTHORIZABLE_FOLDER)) {
                            throw new ConstraintViolationException("Invalid intermediate path. Must be of type rep:AuthorizableFolder.");
                        }
                    } else {
                        nodeImpl = UserManagerImpl.this.addNode(nodeImpl, UserManagerImpl.this.session.getQName(str5), UserConstants.NT_REP_AUTHORIZABLE_FOLDER);
                    }
                }
            }
            checkAuthorizableNodeExists(str2, nodeImpl);
            return nodeImpl;
        }

        private String getDefaultFolderPath(String str, boolean z, String str2) {
            StringBuilder sb = new StringBuilder();
            if (z) {
                sb.append(UserManagerImpl.this.groupsPath);
            } else {
                sb.append(UserManagerImpl.this.usersPath);
            }
            if (str2 == null) {
                StringBuilder sb2 = new StringBuilder(this.defaultDepth);
                int length = str.length();
                for (int i = 0; i < this.defaultDepth; i++) {
                    if (length > i) {
                        sb2.append(str.charAt(i));
                    } else {
                        sb2.append(str.charAt(length - 1));
                    }
                    sb.append("/").append(Text.escapeIllegalJcrChars(sb2.toString()));
                }
            } else {
                if (str2.startsWith(sb.toString())) {
                    str2 = str2.substring(sb.toString().length());
                }
                if (str2.length() > 0 && !"/".equals(str2)) {
                    if (!str2.startsWith("/")) {
                        sb.append("/");
                    }
                    sb.append(str2);
                }
            }
            return sb.toString();
        }

        private Node createIntermediateFolderNodes(String str, String str2, Node node) throws RepositoryException {
            NodeImpl addNode;
            if (!this.autoExpandTree) {
                return node;
            }
            int i = this.defaultDepth + 1;
            while (true) {
                if (!intermediateFolderNeeded(str2, node)) {
                    break;
                }
                String escapeIllegalJcrChars = Text.escapeIllegalJcrChars(str.substring(0, i));
                if (node.hasNode(escapeIllegalJcrChars)) {
                    NodeImpl nodeImpl = (NodeImpl) node.getNode(escapeIllegalJcrChars);
                    if (nodeImpl.isNodeType(UserConstants.NT_REP_AUTHORIZABLE_FOLDER)) {
                        addNode = nodeImpl;
                    } else {
                        if (!nodeImpl.isNodeType(UserConstants.NT_REP_AUTHORIZABLE)) {
                            String str3 = "Failed to create authorizable node: Detected conflict with node of unexpected nodetype '" + nodeImpl.getPrimaryNodeType().getName() + "'.";
                            UserManagerImpl.log.error(str3);
                            throw new ConstraintViolationException(str3);
                        }
                        UserManagerImpl.log.warn("Auto-expanding aborted. An existing authorizable node '" + nodeImpl.getName() + "'conflicts with intermediate folder to be created.");
                    }
                } else {
                    addNode = UserManagerImpl.this.addNode((NodeImpl) node, UserManagerImpl.this.session.getQName(escapeIllegalJcrChars), UserConstants.NT_REP_AUTHORIZABLE_FOLDER);
                }
                node = addNode;
                i++;
            }
            checkAuthorizableNodeExists(str2, node);
            return node;
        }

        private void checkAuthorizableNodeExists(String str, Node node) throws AuthorizableExistsException, RepositoryException {
            if (node.hasNode(str) && ((NodeImpl) node.getNode(str)).isNodeType(UserConstants.NT_REP_AUTHORIZABLE)) {
                throw new AuthorizableExistsException("Unable to create Group/User: Collision with existing authorizable.");
            }
        }

        private boolean intermediateFolderNeeded(String str, Node node) throws RepositoryException {
            if (str.length() <= node.getName().length()) {
                return false;
            }
            return str.length() == node.getName().length() + 1 || node.getNodes().getSize() >= this.autoExpandSize;
        }
    }

    public UserManagerImpl(SessionImpl sessionImpl, String str) throws RepositoryException {
        this(sessionImpl, str, null, null);
    }

    public UserManagerImpl(SessionImpl sessionImpl, String str, Properties properties) throws RepositoryException {
        this(sessionImpl, str, properties, null);
    }

    public UserManagerImpl(SessionImpl sessionImpl, String str, Properties properties, MembershipCache membershipCache) throws RepositoryException {
        this(sessionImpl, new UserManagerConfig(properties, str, null), membershipCache);
    }

    private UserManagerImpl(SessionImpl sessionImpl, UserManagerConfig userManagerConfig, MembershipCache membershipCache) throws RepositoryException {
        NodeResolver traversingNodeResolver;
        this.session = sessionImpl;
        this.adminId = userManagerConfig.getAdminId();
        this.config = userManagerConfig;
        this.nodeCreator = new NodeCreator(userManagerConfig);
        this.usersPath = (String) userManagerConfig.getConfigValue(PARAM_USERS_PATH, UserConstants.USERS_PATH);
        this.groupsPath = (String) userManagerConfig.getConfigValue(PARAM_GROUPS_PATH, UserConstants.GROUPS_PATH);
        if (membershipCache != null) {
            this.membershipCache = membershipCache;
        } else {
            this.membershipCache = new MembershipCache(sessionImpl, this.groupsPath, hasMemberSplitSize());
        }
        try {
            traversingNodeResolver = new IndexNodeResolver(sessionImpl, sessionImpl);
        } catch (RepositoryException e) {
            log.debug("UserManager: no QueryManager available for workspace '" + sessionImpl.getWorkspace().getName() + "' -> Use traversing node resolver.");
            traversingNodeResolver = new TraversingNodeResolver(sessionImpl, sessionImpl);
        }
        this.authResolver = traversingNodeResolver;
        this.authResolver.setSearchRoots(this.usersPath, this.groupsPath);
    }

    public String getUsersPath() {
        return this.usersPath;
    }

    public String getGroupsPath() {
        return this.groupsPath;
    }

    public MembershipCache getMembershipCache() {
        return this.membershipCache;
    }

    public int getMemberSplitSize() {
        int intValue = ((Integer) this.config.getConfigValue(PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE, 0)).intValue();
        if (intValue != 0 && intValue < 4) {
            log.warn("Invalid value {} for {}. Expected integer >= 4", Integer.valueOf(intValue), PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE);
            intValue = 0;
        }
        return intValue;
    }

    public boolean hasMemberSplitSize() {
        return getMemberSplitSize() >= 4;
    }

    public void setAuthorizableActions(AuthorizableAction[] authorizableActionArr) {
        this.config.setAuthorizableActions(authorizableActionArr);
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Authorizable getAuthorizable(String str) throws RepositoryException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Invalid authorizable name '" + str + "'");
        }
        Authorizable internalGetAuthorizable = internalGetAuthorizable(str);
        if (internalGetAuthorizable == null && this.adminId.equals(str) && this.session.isSystem()) {
            log.info("Admin user does not exist.");
            internalGetAuthorizable = createAdmin();
        }
        return internalGetAuthorizable;
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Authorizable getAuthorizable(Principal principal) throws RepositoryException {
        NodeImpl nodeImpl = null;
        if (principal instanceof AuthorizableImpl.NodeBasedPrincipal) {
            try {
                nodeImpl = this.session.getNodeById(((AuthorizableImpl.NodeBasedPrincipal) principal).getNodeId());
            } catch (ItemNotFoundException e) {
            }
        } else if (principal instanceof ItemBasedPrincipal) {
            String path = ((ItemBasedPrincipal) principal).getPath();
            if (this.session.nodeExists(path)) {
                nodeImpl = (NodeImpl) this.session.getNode(path);
            }
        } else {
            String name = principal.getName();
            try {
                Authorizable internalGetAuthorizable = internalGetAuthorizable(name);
                if (internalGetAuthorizable != null) {
                    if (name.equals(internalGetAuthorizable.getPrincipal().getName())) {
                        return internalGetAuthorizable;
                    }
                }
            } catch (RepositoryException e2) {
            }
            nodeImpl = (NodeImpl) this.authResolver.findNode(P_PRINCIPAL_NAME, name, NT_REP_AUTHORIZABLE);
        }
        return getAuthorizable(nodeImpl);
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Authorizable getAuthorizableByPath(String str) throws UnsupportedRepositoryOperationException, RepositoryException {
        throw new UnsupportedRepositoryOperationException();
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Iterator<Authorizable> findAuthorizables(String str, String str2) throws RepositoryException {
        return findAuthorizables(str, str2, 3);
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Iterator<Authorizable> findAuthorizables(String str, String str2, int i) throws RepositoryException {
        NodeIterator findNodes;
        Name name;
        if (i < 1 || i > 3) {
            throw new IllegalArgumentException("Invalid search type " + i);
        }
        Path qPath = this.session.getQPath(str);
        if (str.indexOf(47) == -1) {
            findNodes = this.authResolver.findNodes(qPath, str2, i, true, Long.MAX_VALUE);
        } else {
            Path normalizedPath = qPath.getNormalizedPath();
            if (normalizedPath.getLength() == 1) {
                switch (i) {
                    case 1:
                        name = NT_REP_USER;
                        break;
                    case 2:
                        name = NT_REP_GROUP;
                        break;
                    default:
                        name = NT_REP_AUTHORIZABLE;
                        break;
                }
                findNodes = this.authResolver.findNodes(normalizedPath.getName(), str2, name, true);
            } else {
                findNodes = this.authResolver.findNodes(normalizedPath, str2, i, true, Long.MAX_VALUE);
            }
        }
        return new AuthorizableIterator(findNodes);
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Iterator<Authorizable> findAuthorizables(Query query) throws RepositoryException {
        XPathQueryBuilder xPathQueryBuilder = new XPathQueryBuilder();
        query.build(xPathQueryBuilder);
        return new XPathQueryEvaluator(xPathQueryBuilder, this, this.session).eval();
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public User createUser(String str, String str2) throws RepositoryException {
        return createUser(str, str2, new PrincipalImpl(str), null);
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public User createUser(String str, String str2, Principal principal, String str3) throws AuthorizableExistsException, RepositoryException {
        checkValidID(str);
        try {
            NodeImpl nodeImpl = (NodeImpl) this.nodeCreator.createUserNode(str, str3);
            setPrincipal(nodeImpl, principal);
            setPassword(nodeImpl, str2, true);
            User createUser = createUser(nodeImpl);
            onCreate(createUser, str2);
            if (isAutoSave()) {
                this.session.save();
            }
            log.debug("User created: " + str + "; " + nodeImpl.getPath());
            return createUser;
        } catch (RepositoryException e) {
            this.session.refresh(false);
            log.debug("Failed to create new User, reverting changes.");
            throw e;
        }
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Group createGroup(String str) throws AuthorizableExistsException, RepositoryException {
        return createGroup(str, new PrincipalImpl(str), null);
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Group createGroup(Principal principal) throws RepositoryException {
        return createGroup(principal, null);
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Group createGroup(Principal principal, String str) throws AuthorizableExistsException, RepositoryException {
        checkValidPrincipal(principal, true);
        return createGroup(getGroupId(principal.getName()), principal, str);
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public Group createGroup(String str, Principal principal, String str2) throws AuthorizableExistsException, RepositoryException {
        checkValidID(str);
        try {
            NodeImpl nodeImpl = (NodeImpl) this.nodeCreator.createGroupNode(str, str2);
            if (principal != null) {
                setPrincipal(nodeImpl, principal);
            }
            Group createGroup = createGroup(nodeImpl);
            onCreate(createGroup);
            if (isAutoSave()) {
                this.session.save();
            }
            log.debug("Group created: " + str + "; " + nodeImpl.getPath());
            return createGroup;
        } catch (RepositoryException e) {
            this.session.refresh(false);
            log.debug("newInstance new Group failed, revert changes on parent");
            throw e;
        }
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public boolean isAutoSave() {
        return true;
    }

    @Override // org.apache.jackrabbit.api.security.user.UserManager
    public void autoSave(boolean z) throws UnsupportedRepositoryOperationException, RepositoryException {
        throw new UnsupportedRepositoryOperationException("Cannot change autosave behavior.");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPrincipal(NodeImpl nodeImpl, Principal principal) throws AuthorizableExistsException, RepositoryException {
        checkValidPrincipal(principal, nodeImpl.isNodeType(NT_REP_GROUP));
        Authorizable authorizable = getAuthorizable(principal);
        if (authorizable != null && !((AuthorizableImpl) authorizable).getNode().isSame(nodeImpl)) {
            throw new AuthorizableExistsException("Authorizable for '" + principal.getName() + "' already exists: ");
        }
        if (!nodeImpl.isNew() || nodeImpl.hasProperty(P_PRINCIPAL_NAME)) {
            throw new RepositoryException("rep:principalName can only be set once on a new node.");
        }
        setProperty(nodeImpl, P_PRINCIPAL_NAME, getValue(principal.getName()), true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPassword(NodeImpl nodeImpl, String str, boolean z) throws RepositoryException {
        String buildPasswordHash;
        if (str == null) {
            if (!nodeImpl.isNew()) {
                throw new IllegalArgumentException("Password may not be null.");
            }
            return;
        }
        if (z || PasswordUtility.isPlainTextPassword(str)) {
            try {
                buildPasswordHash = PasswordUtility.buildPasswordHash(str, (String) this.config.getConfigValue(PARAM_PASSWORD_HASH_ALGORITHM, PasswordUtility.DEFAULT_ALGORITHM), 8, ((Integer) this.config.getConfigValue(PARAM_PASSWORD_HASH_ITERATIONS, 1000)).intValue());
            } catch (UnsupportedEncodingException e) {
                throw new RepositoryException(e);
            } catch (NoSuchAlgorithmException e2) {
                throw new RepositoryException(e2);
            }
        } else {
            buildPasswordHash = str;
        }
        getSession().getValueFactory().createValue(buildPasswordHash);
        setProperty(nodeImpl, P_PASSWORD, getValue(buildPasswordHash), nodeImpl.isNew());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setProtectedProperty(NodeImpl nodeImpl, Name name, Value value) throws RepositoryException, LockException, ConstraintViolationException, ItemExistsException, VersionException {
        setProperty(nodeImpl, name, value);
        if (isAutoSave()) {
            nodeImpl.save();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setProtectedProperty(NodeImpl nodeImpl, Name name, Value[] valueArr) throws RepositoryException, LockException, ConstraintViolationException, ItemExistsException, VersionException {
        setProperty(nodeImpl, name, valueArr);
        if (isAutoSave()) {
            nodeImpl.save();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setProtectedProperty(NodeImpl nodeImpl, Name name, Value[] valueArr, int i) throws RepositoryException, LockException, ConstraintViolationException, ItemExistsException, VersionException {
        setProperty(nodeImpl, name, valueArr, i);
        if (isAutoSave()) {
            nodeImpl.save();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeProtectedItem(ItemImpl itemImpl, Node node) throws RepositoryException, AccessDeniedException, VersionException {
        removeItem(itemImpl);
        if (isAutoSave()) {
            node.save();
        }
    }

    NodeImpl addProtectedNode(NodeImpl nodeImpl, Name name, Name name2) throws RepositoryException {
        NodeImpl addNode = addNode(nodeImpl, name, name2);
        if (isAutoSave()) {
            nodeImpl.save();
        }
        return addNode;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public <T> T performProtectedOperation(SessionImpl sessionImpl, SessionOperation<T> sessionOperation) throws RepositoryException {
        return (T) performProtected(sessionImpl, sessionOperation);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Authorizable getAuthorizable(NodeImpl nodeImpl) throws RepositoryException {
        User user = null;
        if (nodeImpl != null) {
            String path = nodeImpl.getPath();
            if (nodeImpl.isNodeType(NT_REP_USER)) {
                if (Text.isDescendant(this.usersPath, path)) {
                    user = createUser(nodeImpl);
                } else {
                    log.error("User node '" + path + "' outside of configured user tree ('" + this.usersPath + "') -> Not a valid user.");
                }
            } else if (!nodeImpl.isNodeType(NT_REP_GROUP)) {
                log.warn("Unexpected user/group node type " + nodeImpl.getPrimaryNodeType().getName());
            } else if (Text.isDescendant(this.groupsPath, path)) {
                user = createGroup(nodeImpl);
            } else {
                log.error("Group node '" + path + "' outside of configured group tree ('" + this.groupsPath + "') -> Not a valid group.");
            }
        }
        return user;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getPath(Node node) throws UnsupportedRepositoryOperationException, RepositoryException {
        throw new UnsupportedRepositoryOperationException();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SessionImpl getSession() {
        return this.session;
    }

    private String getGroupId(String str) throws RepositoryException {
        String str2 = str;
        int i = 0;
        while (internalGetAuthorizable(str2) != null) {
            str2 = str + "_" + i;
            i++;
        }
        return str2;
    }

    private Authorizable internalGetAuthorizable(String str) throws RepositoryException {
        NodeImpl nodeImpl = null;
        try {
            nodeImpl = this.session.getNodeById(buildNodeId(str));
        } catch (ItemNotFoundException e) {
            if (((Boolean) this.config.getConfigValue("compatibleJR16", false)).booleanValue()) {
                nodeImpl = (NodeImpl) this.authResolver.findNode(P_USERID, str, NT_REP_USER);
                if (nodeImpl == null) {
                    nodeImpl = (NodeImpl) this.authResolver.findNode(this.session.getQName(Text.escapeIllegalJcrChars(str)), NT_REP_GROUP);
                }
            }
        }
        return getAuthorizable(nodeImpl);
    }

    private Value getValue(String str) {
        return this.session.getValueFactory().createValue(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isAdminId(String str) {
        return this.adminId != null && this.adminId.equals(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public User createUser(NodeImpl nodeImpl) throws RepositoryException {
        if (nodeImpl == null || !nodeImpl.isNodeType(NT_REP_USER)) {
            throw new IllegalArgumentException();
        }
        if (Text.isDescendant(this.usersPath, nodeImpl.getPath())) {
            return doCreateUser(nodeImpl);
        }
        throw new RepositoryException("User has to be within the User Path");
    }

    protected User doCreateUser(NodeImpl nodeImpl) throws RepositoryException {
        return new UserImpl(nodeImpl, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Group createGroup(NodeImpl nodeImpl) throws RepositoryException {
        if (nodeImpl == null || !nodeImpl.isNodeType(NT_REP_GROUP)) {
            throw new IllegalArgumentException();
        }
        if (Text.isDescendant(this.groupsPath, nodeImpl.getPath())) {
            return doCreateGroup(nodeImpl);
        }
        throw new RepositoryException("Group has to be within the Group Path");
    }

    protected Group doCreateGroup(NodeImpl nodeImpl) throws RepositoryException {
        return new GroupImpl(nodeImpl, this);
    }

    private User createAdmin() throws RepositoryException {
        User createUser;
        try {
            createUser = createUser(this.adminId, this.adminId);
            if (!isAutoSave()) {
                this.session.save();
            }
            log.info("... created admin user with id '" + this.adminId + "' and default pw.");
        } catch (ItemExistsException e) {
            NodeImpl nodeById = this.session.getNodeById(buildNodeId(this.adminId));
            String path = nodeById.getPath();
            log.error("Detected conflicting node " + path + " of node type " + nodeById.getPrimaryNodeType().getName() + ".");
            nodeById.remove();
            log.info("Removed conflicting node at " + path);
            createUser = createUser(this.adminId, this.adminId);
            if (!isAutoSave()) {
                this.session.save();
            }
            log.info("Resolved conflict and (re)created admin user with id '" + this.adminId + "' and default pw.");
        }
        return createUser;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public NodeId buildNodeId(String str) throws RepositoryException {
        try {
            return new NodeId(UUID.nameUUIDFromBytes(str.toLowerCase().getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            throw new RepositoryException("Unexpected error while build ID hash", e);
        }
    }

    private void checkValidID(String str) throws IllegalArgumentException, AuthorizableExistsException, RepositoryException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Cannot create authorizable: ID can neither be null nor empty String.");
        }
        if (internalGetAuthorizable(str) != null) {
            throw new AuthorizableExistsException("User or Group for '" + str + "' already exists");
        }
    }

    private static void checkValidPrincipal(Principal principal, boolean z) {
        if (principal == null || principal.getName() == null || "".equals(principal.getName())) {
            throw new IllegalArgumentException("Principal may not be null and must have a valid name.");
        }
        if (!z && EveryonePrincipal.NAME.equals(principal.getName())) {
            throw new IllegalArgumentException("'everyone' is a reserved group principal name.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void onCreate(User user, String str) throws RepositoryException {
        for (AuthorizableAction authorizableAction : this.config.getAuthorizableActions()) {
            authorizableAction.onCreate(user, str, this.session);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void onCreate(Group group) throws RepositoryException {
        for (AuthorizableAction authorizableAction : this.config.getAuthorizableActions()) {
            authorizableAction.onCreate(group, this.session);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void onRemove(Authorizable authorizable) throws RepositoryException {
        for (AuthorizableAction authorizableAction : this.config.getAuthorizableActions()) {
            authorizableAction.onRemove(authorizable, this.session);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void onPasswordChange(User user, String str) throws RepositoryException {
        for (AuthorizableAction authorizableAction : this.config.getAuthorizableActions()) {
            authorizableAction.onPasswordChange(user, str, this.session);
        }
    }

    @Override // org.apache.jackrabbit.core.SessionListener
    public void loggingOut(SessionImpl sessionImpl) {
    }

    @Override // org.apache.jackrabbit.core.SessionListener
    public void loggedOut(SessionImpl sessionImpl) {
        if (sessionImpl != this.session) {
            this.session.logout();
        }
    }
}
