package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx;

import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.jcr.Credentials;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.security.auth.Subject;
import org.apache.jackrabbit.api.JackrabbitRepository;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.json.JsonUtil;
import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProviderManager;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContext;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncManager;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncResultImpl;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncedIdentity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImpl.class */
public class SyncMBeanImpl implements SynchronizationMBean {
    private static final Logger log = LoggerFactory.getLogger(SyncMBeanImpl.class);
    private final Repository repository;
    private final SyncManager syncManager;
    private final String syncName;
    private final ExternalIdentityProviderManager idpManager;
    private final String idpName;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImpl$Delegatee.class */
    public final class Delegatee {
        private SyncHandler handler;
        private ExternalIdentityProvider idp;
        private SyncContext context;
        private UserManager userMgr;
        private Session systemSession;

        private Delegatee(@Nonnull SyncHandler syncHandler, @Nonnull ExternalIdentityProvider externalIdentityProvider) throws SyncException {
            this.handler = syncHandler;
            this.idp = externalIdentityProvider;
            try {
                this.systemSession = (Session) Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<Session>() { // from class: org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.SyncMBeanImpl.Delegatee.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public Session run() throws RepositoryException {
                        return SyncMBeanImpl.this.repository instanceof JackrabbitRepository ? SyncMBeanImpl.this.repository.login((Credentials) null, (String) null, (Map) null) : SyncMBeanImpl.this.repository.login((Credentials) null, (String) null);
                    }
                });
                try {
                    UserManager userManager = this.systemSession.getUserManager();
                    this.userMgr = userManager;
                    this.context = syncHandler.createContext(externalIdentityProvider, userManager, this.systemSession.getValueFactory());
                    SyncMBeanImpl.log.info("Created delegatee for SyncMBean with session: {} {}", this.systemSession, this.systemSession.getUserID());
                } catch (Exception e) {
                    this.systemSession.logout();
                    throw new SyncException(e);
                }
            } catch (PrivilegedActionException e2) {
                throw new SyncException(e2);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void close() {
            if (this.context != null) {
                this.context.close();
                this.context = null;
            }
            if (this.systemSession != null) {
                this.systemSession.logout();
            }
        }

        @Nonnull
        public String[] syncUsers(@Nonnull String[] strArr, boolean z) {
            this.context.setKeepMissing(!z).setForceGroupSync(true).setForceUserSync(true);
            ArrayList arrayList = new ArrayList();
            for (String str : strArr) {
                try {
                    SyncResult sync = this.context.sync(str);
                    this.systemSession.save();
                    arrayList.add(SyncMBeanImpl.getJSONString(sync));
                } catch (Exception e) {
                    SyncMBeanImpl.log.warn("Error while syncing user {}", str, e);
                }
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        }

        @Nonnull
        public String[] syncAllUsers(boolean z) {
            try {
                ArrayList arrayList = new ArrayList();
                this.context.setKeepMissing(!z).setForceGroupSync(true).setForceUserSync(true);
                Iterator<SyncedIdentity> listIdentities = this.handler.listIdentities(this.userMgr);
                while (listIdentities.hasNext()) {
                    SyncedIdentity next = listIdentities.next();
                    if (isMyIDP(next)) {
                        try {
                            SyncResult sync = this.context.sync(next.getId());
                            this.systemSession.save();
                            arrayList.add(SyncMBeanImpl.getJSONString(sync));
                        } catch (Exception e) {
                            SyncMBeanImpl.log.error("Error while syncing user {}", next, e);
                            arrayList.add(SyncMBeanImpl.getJSONString(next, e));
                        }
                    }
                }
                return (String[]) arrayList.toArray(new String[arrayList.size()]);
            } catch (RepositoryException e2) {
                throw new IllegalStateException("Error retrieving users for syncing", e2);
            }
        }

        @Nonnull
        public String[] syncExternalUsers(@Nonnull String[] strArr) {
            ArrayList arrayList = new ArrayList();
            this.context.setForceGroupSync(true).setForceUserSync(true);
            for (String str : strArr) {
                ExternalIdentityRef fromString = ExternalIdentityRef.fromString(str);
                try {
                    ExternalIdentity identity = this.idp.getIdentity(fromString);
                    if (identity != null) {
                        SyncResult sync = this.context.sync(identity);
                        this.systemSession.save();
                        arrayList.add(SyncMBeanImpl.getJSONString(sync));
                    } else {
                        arrayList.add(SyncMBeanImpl.getJSONString(new DefaultSyncResultImpl(new DefaultSyncedIdentity("", fromString, false, -1L), SyncResult.Status.NO_SUCH_IDENTITY)));
                    }
                } catch (ExternalIdentityException e) {
                    SyncMBeanImpl.log.warn("error while fetching the external identity {}", str, e);
                    arrayList.add(SyncMBeanImpl.getJSONString(fromString, e));
                } catch (Exception e2) {
                    SyncMBeanImpl.log.error("Error while syncing user {}", fromString, e2);
                    arrayList.add(SyncMBeanImpl.getJSONString(fromString, e2));
                }
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        }

        @Nonnull
        public String[] syncAllExternalUsers() {
            ArrayList arrayList = new ArrayList();
            this.context.setForceGroupSync(true).setForceUserSync(true);
            try {
                Iterator<ExternalUser> listUsers = this.idp.listUsers();
                while (listUsers.hasNext()) {
                    ExternalUser next = listUsers.next();
                    try {
                        SyncResult sync = this.context.sync(next);
                        this.systemSession.save();
                        if (sync.getIdentity() == null) {
                            sync = new DefaultSyncResultImpl(new DefaultSyncedIdentity(next.getId(), next.getExternalId(), false, -1L), SyncResult.Status.NO_SUCH_IDENTITY);
                            SyncMBeanImpl.log.warn("sync failed. {}", sync.getIdentity());
                        } else {
                            SyncMBeanImpl.log.info("synced {}", sync.getIdentity());
                        }
                        arrayList.add(SyncMBeanImpl.getJSONString(sync));
                    } catch (Exception e) {
                        SyncMBeanImpl.log.error("Error while syncing user {}", next, e);
                        arrayList.add(SyncMBeanImpl.getJSONString(next.getExternalId(), e));
                    }
                }
                return (String[]) arrayList.toArray(new String[arrayList.size()]);
            } catch (ExternalIdentityException e2) {
                throw new IllegalArgumentException("Unable to retrieve external users", e2);
            }
        }

        @Nonnull
        public String[] listOrphanedUsers() {
            ArrayList arrayList = new ArrayList();
            try {
                Iterator<SyncedIdentity> listIdentities = this.handler.listIdentities(this.userMgr);
                while (listIdentities.hasNext()) {
                    SyncedIdentity next = listIdentities.next();
                    if (isMyIDP(next)) {
                        try {
                            ExternalIdentityRef externalIdRef = next.getExternalIdRef();
                            if ((externalIdRef == null ? null : this.idp.getIdentity(externalIdRef)) == null) {
                                arrayList.add(next.getId());
                            }
                        } catch (Exception e) {
                            SyncMBeanImpl.log.error("Error while fetching external identity {}", next, e);
                        }
                    }
                }
            } catch (RepositoryException e2) {
                SyncMBeanImpl.log.error("Error while listing orphaned users", e2);
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        }

        @Nonnull
        public String[] purgeOrphanedUsers() {
            this.context.setKeepMissing(false);
            ArrayList arrayList = new ArrayList();
            for (String str : listOrphanedUsers()) {
                try {
                    SyncResult sync = this.context.sync(str);
                    this.systemSession.save();
                    arrayList.add(SyncMBeanImpl.getJSONString(sync));
                } catch (Exception e) {
                    SyncMBeanImpl.log.warn("Error while syncing user {}", str, e);
                }
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        }

        private boolean isMyIDP(@Nonnull SyncedIdentity syncedIdentity) {
            String providerName = syncedIdentity.getExternalIdRef() == null ? null : syncedIdentity.getExternalIdRef().getProviderName();
            return providerName != null && (providerName.isEmpty() || providerName.equals(this.idp.getName()));
        }
    }

    public SyncMBeanImpl(Repository repository, SyncManager syncManager, String str, ExternalIdentityProviderManager externalIdentityProviderManager, String str2) {
        this.repository = repository;
        this.syncManager = syncManager;
        this.syncName = str;
        this.idpManager = externalIdentityProviderManager;
        this.idpName = str2;
    }

    @Nonnull
    private Delegatee getDelegatee() {
        SyncHandler syncHandler = this.syncManager.getSyncHandler(this.syncName);
        if (syncHandler == null) {
            log.error("No sync manager available for name {}.", this.syncName);
            throw new IllegalArgumentException("No sync manager available for name " + this.syncName);
        }
        ExternalIdentityProvider provider = this.idpManager.getProvider(this.idpName);
        if (provider == null) {
            log.error("No idp available for name", this.idpName);
            throw new IllegalArgumentException("No idp manager available for name " + this.idpName);
        }
        try {
            return new Delegatee(syncHandler, provider);
        } catch (SyncException e) {
            throw new IllegalArgumentException("Unable to create delegatee", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getJSONString(@Nonnull SyncResult syncResult) {
        Object obj;
        switch (syncResult.getStatus()) {
            case NOP:
                obj = "nop";
                break;
            case ADD:
                obj = "add";
                break;
            case UPDATE:
                obj = "upd";
                break;
            case DELETE:
                obj = "del";
                break;
            case NO_SUCH_AUTHORIZABLE:
                obj = "nsa";
                break;
            case NO_SUCH_IDENTITY:
                obj = "nsi";
                break;
            case MISSING:
                obj = "mis";
                break;
            case FOREIGN:
                obj = "for";
                break;
            default:
                obj = "";
                break;
        }
        SyncedIdentity identity = syncResult.getIdentity();
        String jsonString = JsonUtil.getJsonString(identity == null ? null : identity.getId());
        ExternalIdentityRef externalIdRef = identity == null ? null : identity.getExternalIdRef();
        return String.format("{op:\"%s\",uid:%s,eid:%s}", obj, jsonString, externalIdRef == null ? "\"\"" : JsonUtil.getJsonString(externalIdRef.getString()));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getJSONString(@Nonnull SyncedIdentity syncedIdentity, @Nonnull Exception exc) {
        return String.format("{op:\"ERR\",uid:%s,eid:%s,msg:%s}", JsonUtil.getJsonString(syncedIdentity.getId()), syncedIdentity.getExternalIdRef() == null ? "\"\"" : JsonUtil.getJsonString(syncedIdentity.getExternalIdRef().getString()), JsonUtil.getJsonString(exc.toString()));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getJSONString(ExternalIdentityRef externalIdentityRef, Exception exc) {
        return String.format("{op:\"ERR\",uid:\"\",eid:%s,msg:%s}", JsonUtil.getJsonString(externalIdentityRef.getString()), JsonUtil.getJsonString(exc.toString()));
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.SynchronizationMBean
    @Nonnull
    public String getSyncHandlerName() {
        return this.syncName;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.SynchronizationMBean
    @Nonnull
    public String getIDPName() {
        return this.idpName;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.SynchronizationMBean
    @Nonnull
    public String[] syncUsers(@Nonnull String[] strArr, boolean z) {
        Delegatee delegatee = getDelegatee();
        try {
            String[] syncUsers = delegatee.syncUsers(strArr, z);
            delegatee.close();
            return syncUsers;
        } catch (Throwable th) {
            delegatee.close();
            throw th;
        }
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.SynchronizationMBean
    @Nonnull
    public String[] syncAllUsers(boolean z) {
        Delegatee delegatee = getDelegatee();
        try {
            String[] syncAllUsers = delegatee.syncAllUsers(z);
            delegatee.close();
            return syncAllUsers;
        } catch (Throwable th) {
            delegatee.close();
            throw th;
        }
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.SynchronizationMBean
    @Nonnull
    public String[] syncExternalUsers(@Nonnull String[] strArr) {
        Delegatee delegatee = getDelegatee();
        try {
            String[] syncExternalUsers = delegatee.syncExternalUsers(strArr);
            delegatee.close();
            return syncExternalUsers;
        } catch (Throwable th) {
            delegatee.close();
            throw th;
        }
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.SynchronizationMBean
    @Nonnull
    public String[] syncAllExternalUsers() {
        Delegatee delegatee = getDelegatee();
        try {
            String[] syncAllExternalUsers = delegatee.syncAllExternalUsers();
            delegatee.close();
            return syncAllExternalUsers;
        } catch (Throwable th) {
            delegatee.close();
            throw th;
        }
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.SynchronizationMBean
    @Nonnull
    public String[] listOrphanedUsers() {
        Delegatee delegatee = getDelegatee();
        try {
            String[] listOrphanedUsers = delegatee.listOrphanedUsers();
            delegatee.close();
            return listOrphanedUsers;
        } catch (Throwable th) {
            delegatee.close();
            throw th;
        }
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.SynchronizationMBean
    @Nonnull
    public String[] purgeOrphanedUsers() {
        Delegatee delegatee = getDelegatee();
        try {
            String[] purgeOrphanedUsers = delegatee.purgeOrphanedUsers();
            delegatee.close();
            return purgeOrphanedUsers;
        } catch (Throwable th) {
            delegatee.close();
            throw th;
        }
    }
}
