package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx;

import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.jcr.Credentials;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.security.auth.Subject;
import org.apache.jackrabbit.api.JackrabbitRepository;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.json.JsonUtil;
import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContext;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncResultImpl;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncedIdentity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.class */
final class Delegatee {
    private static final Logger log = LoggerFactory.getLogger(Delegatee.class);
    private static final String ERROR_CREATE_DELEGATEE = "Unable to create delegatee";
    private static final String ERROR_SYNC_USER = "Error while syncing user {}";
    private final SyncHandler handler;
    private final ExternalIdentityProvider idp;
    private final UserManager userMgr;
    private final Session systemSession;
    private SyncContext context;

    private Delegatee(@Nonnull SyncHandler syncHandler, @Nonnull ExternalIdentityProvider externalIdentityProvider, @Nonnull JackrabbitSession jackrabbitSession) throws SyncException, RepositoryException {
        this.handler = syncHandler;
        this.idp = externalIdentityProvider;
        this.systemSession = jackrabbitSession;
        this.userMgr = jackrabbitSession.getUserManager();
        this.context = syncHandler.createContext(externalIdentityProvider, this.userMgr, jackrabbitSession.getValueFactory());
        log.info("Created delegatee for SyncMBean with session: {} {}", jackrabbitSession, jackrabbitSession.getUserID());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Delegatee createInstance(@Nonnull final Repository repository, @Nonnull SyncHandler syncHandler, @Nonnull ExternalIdentityProvider externalIdentityProvider) {
        try {
            JackrabbitSession jackrabbitSession = (Session) Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<Session>() { // from class: org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.Delegatee.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Session run() throws RepositoryException {
                    return repository instanceof JackrabbitRepository ? repository.login((Credentials) null, (String) null, (Map) null) : repository.login((Credentials) null, (String) null);
                }
            });
            if (!(jackrabbitSession instanceof JackrabbitSession)) {
                jackrabbitSession.logout();
                throw new SyncRuntimeException("Unable to create SyncContext: JackrabbitSession required.");
            }
            try {
                return new Delegatee(syncHandler, externalIdentityProvider, jackrabbitSession);
            } catch (SyncException e) {
                jackrabbitSession.logout();
                throw new SyncRuntimeException(ERROR_CREATE_DELEGATEE, e);
            } catch (RepositoryException e2) {
                jackrabbitSession.logout();
                throw new SyncRuntimeException(ERROR_CREATE_DELEGATEE, e2);
            }
        } catch (PrivilegedActionException e3) {
            throw new SyncRuntimeException(ERROR_CREATE_DELEGATEE, e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void close() {
        if (this.context != null) {
            this.context.close();
            this.context = null;
        }
        if (this.systemSession.isLive()) {
            this.systemSession.logout();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public String[] syncUsers(@Nonnull String[] strArr, boolean z, boolean z2) {
        this.context.setKeepMissing(!z).setForceGroupSync(z2).setForceUserSync(true);
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            try {
                append(arrayList, syncUser(str));
            } catch (SyncException e) {
                log.warn(ERROR_SYNC_USER, str, e);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public String[] syncAllUsers(boolean z, boolean z2) {
        try {
            ArrayList arrayList = new ArrayList();
            this.context.setKeepMissing(!z).setForceGroupSync(z2).setForceUserSync(true);
            Iterator<SyncedIdentity> listIdentities = this.handler.listIdentities(this.userMgr);
            while (listIdentities.hasNext()) {
                SyncedIdentity next = listIdentities.next();
                if (isMyIDP(next)) {
                    try {
                        append(arrayList, syncUser(next.getId()));
                    } catch (SyncException e) {
                        log.error(ERROR_SYNC_USER, next, e);
                        append(arrayList, next, e);
                    }
                }
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        } catch (RepositoryException e2) {
            throw new IllegalStateException("Error retrieving users for syncing", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public String[] syncExternalUsers(@Nonnull String[] strArr, boolean z) {
        ArrayList arrayList = new ArrayList();
        this.context.setForceGroupSync(z).setForceUserSync(true);
        for (String str : strArr) {
            ExternalIdentityRef fromString = ExternalIdentityRef.fromString(str);
            try {
                ExternalIdentity identity = this.idp.getIdentity(fromString);
                append(arrayList, identity != null ? syncUser(identity) : new DefaultSyncResultImpl(new DefaultSyncedIdentity("", fromString, false, -1L), SyncResult.Status.NO_SUCH_IDENTITY));
            } catch (ExternalIdentityException e) {
                log.warn("error while fetching the external identity {}", str, e);
                append(arrayList, fromString, e);
            } catch (SyncException e2) {
                log.error(ERROR_SYNC_USER, fromString, e2);
                append(arrayList, fromString, e2);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public String[] syncAllExternalUsers(boolean z) {
        ArrayList arrayList = new ArrayList();
        this.context.setForceGroupSync(z).setForceUserSync(true);
        try {
            Iterator<ExternalUser> listUsers = this.idp.listUsers();
            while (listUsers.hasNext()) {
                ExternalUser next = listUsers.next();
                try {
                    SyncResult syncUser = syncUser(next);
                    if (syncUser.getIdentity() == null) {
                        syncUser = new DefaultSyncResultImpl(new DefaultSyncedIdentity(next.getId(), next.getExternalId(), false, -1L), SyncResult.Status.NO_SUCH_IDENTITY);
                        log.warn("sync failed. {}", syncUser.getIdentity());
                    } else {
                        log.info("synced {}", syncUser.getIdentity());
                    }
                    append(arrayList, syncUser);
                } catch (SyncException e) {
                    log.error(ERROR_SYNC_USER, next, e);
                    append(arrayList, next.getExternalId(), e);
                }
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        } catch (ExternalIdentityException e2) {
            throw new SyncRuntimeException("Unable to retrieve external users", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public String[] listOrphanedUsers() {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<SyncedIdentity> listIdentities = this.handler.listIdentities(this.userMgr);
            while (listIdentities.hasNext()) {
                SyncedIdentity next = listIdentities.next();
                if (isMyIDP(next)) {
                    try {
                        ExternalIdentityRef externalIdRef = next.getExternalIdRef();
                        if ((externalIdRef == null ? null : this.idp.getIdentity(externalIdRef)) == null) {
                            arrayList.add(next.getId());
                        }
                    } catch (ExternalIdentityException e) {
                        log.error("Error while fetching external identity {}", next, e);
                    }
                }
            }
        } catch (RepositoryException e2) {
            log.error("Error while listing orphaned users", e2);
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public String[] purgeOrphanedUsers() {
        this.context.setKeepMissing(false);
        ArrayList arrayList = new ArrayList();
        for (String str : listOrphanedUsers()) {
            try {
                append(arrayList, syncUser(str));
            } catch (SyncException e) {
                log.warn(ERROR_SYNC_USER, str, e);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private boolean isMyIDP(@Nonnull SyncedIdentity syncedIdentity) {
        ExternalIdentityRef externalIdRef = syncedIdentity.getExternalIdRef();
        String providerName = externalIdRef == null ? null : externalIdRef.getProviderName();
        return providerName != null && (providerName.isEmpty() || providerName.equals(this.idp.getName()));
    }

    @Nonnull
    private SyncResult syncUser(@Nonnull ExternalIdentity externalIdentity) throws SyncException {
        try {
            SyncResult sync = this.context.sync(externalIdentity);
            this.systemSession.save();
            return sync;
        } catch (RepositoryException e) {
            throw new SyncException((Throwable) e);
        }
    }

    @Nonnull
    private SyncResult syncUser(@Nonnull String str) throws SyncException {
        try {
            SyncResult sync = this.context.sync(str);
            this.systemSession.save();
            return sync;
        } catch (RepositoryException e) {
            throw new SyncException((Throwable) e);
        }
    }

    private static void append(@Nonnull List<String> list, @Nonnull SyncResult syncResult) {
        SyncedIdentity identity = syncResult.getIdentity();
        String jsonString = JsonUtil.getJsonString(identity == null ? null : identity.getId());
        ExternalIdentityRef externalIdRef = identity == null ? null : identity.getExternalIdRef();
        list.add(String.format("{op:\"%s\",uid:%s,eid:%s}", getOperationFromStatus(syncResult.getStatus()), jsonString, externalIdRef == null ? "\"\"" : JsonUtil.getJsonString(externalIdRef.getString())));
    }

    private static void append(@Nonnull List<String> list, @Nonnull ExternalIdentityRef externalIdentityRef, @Nonnull Exception exc) {
        list.add(String.format("{op:\"ERR\",uid:\"\",eid:%s,msg:%s}", JsonUtil.getJsonString(externalIdentityRef.getString()), JsonUtil.getJsonString(exc.toString())));
    }

    private static void append(@Nonnull List<String> list, @Nonnull SyncedIdentity syncedIdentity, @Nonnull Exception exc) {
        String jsonString = JsonUtil.getJsonString(syncedIdentity.getId());
        ExternalIdentityRef externalIdRef = syncedIdentity.getExternalIdRef();
        list.add(String.format("{op:\"ERR\",uid:%s,eid:%s,msg:%s}", jsonString, externalIdRef == null ? "\"\"" : JsonUtil.getJsonString(externalIdRef.getString()), JsonUtil.getJsonString(exc.toString())));
    }

    private static String getOperationFromStatus(SyncResult.Status status) {
        String str;
        switch (status) {
            case NOP:
                str = "nop";
                break;
            case ADD:
                str = "add";
                break;
            case UPDATE:
                str = "upd";
                break;
            case DELETE:
                str = "del";
                break;
            case NO_SUCH_AUTHORIZABLE:
                str = "nsa";
                break;
            case NO_SUCH_IDENTITY:
                str = "nsi";
                break;
            case MISSING:
                str = "mis";
                break;
            case FOREIGN:
                str = "for";
                break;
            default:
                str = "";
                break;
        }
        return str;
    }
}
