package org.apache.jackrabbit.oak.spi.security.authentication.external.impl;

import java.util.Iterator;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.jcr.RepositoryException;
import javax.jcr.ValueFactory;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.ConfigurationPolicy;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.iterator.AbstractLazyIterator;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContext;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncedIdentity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(policy = ConfigurationPolicy.REQUIRE)
/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DefaultSyncHandler.class */
public class DefaultSyncHandler implements SyncHandler {
    private static final Logger log = LoggerFactory.getLogger(DefaultSyncHandler.class);
    private DefaultSyncConfig config;

    public DefaultSyncHandler() {
    }

    public DefaultSyncHandler(DefaultSyncConfig defaultSyncConfig) {
        this.config = defaultSyncConfig;
    }

    @Activate
    private void activate(Map<String, Object> map) {
        this.config = DefaultSyncConfigImpl.of(ConfigurationParameters.of(map));
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler
    @Nonnull
    public String getName() {
        return this.config.getName();
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler
    @Nonnull
    public SyncContext createContext(@Nonnull ExternalIdentityProvider externalIdentityProvider, @Nonnull UserManager userManager, @Nonnull ValueFactory valueFactory) throws SyncException {
        return this.config.user().getDynamicMembership() ? new DynamicSyncContext(this.config, externalIdentityProvider, userManager, valueFactory) : new DefaultSyncContext(this.config, externalIdentityProvider, userManager, valueFactory);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler
    public SyncedIdentity findIdentity(@Nonnull UserManager userManager, @Nonnull String str) throws RepositoryException {
        return DefaultSyncContext.createSyncedIdentity(userManager.getAuthorizable(str));
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler
    public boolean requiresSync(@Nonnull SyncedIdentity syncedIdentity) {
        if (syncedIdentity.getExternalIdRef() == null || syncedIdentity.lastSynced() < 0) {
            return true;
        }
        return System.currentTimeMillis() - syncedIdentity.lastSynced() > (syncedIdentity.isGroup() ? this.config.group().getExpirationTime() : this.config.user().getExpirationTime());
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler
    @Nonnull
    public Iterator<SyncedIdentity> listIdentities(@Nonnull UserManager userManager) throws RepositoryException {
        final Iterator findAuthorizables = userManager.findAuthorizables("jcr:primaryType", (String) null);
        return new AbstractLazyIterator<SyncedIdentity>() { // from class: org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* renamed from: getNext, reason: merged with bridge method [inline-methods] */
            public SyncedIdentity m5getNext() {
                while (findAuthorizables.hasNext()) {
                    try {
                        DefaultSyncedIdentity createSyncedIdentity = DefaultSyncContext.createSyncedIdentity((Authorizable) findAuthorizables.next());
                        if (createSyncedIdentity != null) {
                            return createSyncedIdentity;
                        }
                    } catch (RepositoryException e) {
                        DefaultSyncHandler.log.error("Error while fetching authorizables", e);
                        return null;
                    }
                }
                return null;
            }
        };
    }
}
