package org.apache.jackrabbit.oak.security.principal;

import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.common.collect.Iterators;
import com.google.common.collect.UnmodifiableIterator;
import java.security.Principal;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.Query;
import org.apache.jackrabbit.api.security.user.QueryBuilder;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.document.mongo.ReplicaSetStatus;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipals;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.lucene.analysis.shingle.ShingleFilter;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.class */
public class PrincipalProviderImpl implements PrincipalProvider {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PrincipalProviderImpl.class);
    private final UserManager userManager;
    private final NamePathMapper namePathMapper;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl$AuthorizableToPrincipal.class */
    public static final class AuthorizableToPrincipal implements Function<Authorizable, Principal> {
        private AuthorizableToPrincipal() {
        }

        @Override // com.google.common.base.Function
        public Principal apply(@Nullable Authorizable authorizable) {
            if (authorizable == null) {
                return null;
            }
            try {
                return authorizable.getPrincipal();
            } catch (RepositoryException e) {
                PrincipalProviderImpl.log.debug(e.getMessage());
                return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl$EveryonePredicate.class */
    public static final class EveryonePredicate implements Predicate<Principal> {
        private boolean servedEveryone;

        private EveryonePredicate() {
            this.servedEveryone = false;
        }

        @Override // com.google.common.base.Predicate
        public boolean apply(Principal principal) {
            if (!"everyone".equals(principal.getName())) {
                return true;
            }
            if (this.servedEveryone) {
                return false;
            }
            this.servedEveryone = true;
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrincipalProviderImpl(@NotNull Root root, @NotNull UserConfiguration userConfiguration, @NotNull NamePathMapper namePathMapper) {
        this.userManager = userConfiguration.getUserManager(root, namePathMapper);
        this.namePathMapper = namePathMapper;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider
    @Nullable
    public Principal getPrincipal(@NotNull String str) {
        Authorizable authorizable = getAuthorizable(new PrincipalImpl(str));
        if (authorizable != null) {
            try {
                return authorizable.getPrincipal();
            } catch (RepositoryException e) {
                log.debug(e.getMessage());
            }
        }
        if ("everyone".equals(str)) {
            return EveryonePrincipal.getInstance();
        }
        return null;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider
    @Nullable
    public ItemBasedPrincipal getItemBasedPrincipal(@NotNull String str) {
        try {
            Authorizable authorizableByPath = this.userManager.getAuthorizableByPath(this.namePathMapper.getJcrPath(str));
            if (authorizableByPath == null) {
                return null;
            }
            Principal principal = authorizableByPath.getPrincipal();
            if (principal instanceof ItemBasedPrincipal) {
                return (ItemBasedPrincipal) principal;
            }
            return null;
        } catch (RepositoryException e) {
            log.debug(e.getMessage());
            return null;
        }
    }

    @Override // org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider
    @NotNull
    public Set<Principal> getMembershipPrincipals(@NotNull Principal principal) {
        Authorizable authorizable = getAuthorizable(principal);
        return authorizable == null ? Collections.emptySet() : getGroupMembership(authorizable);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider
    @NotNull
    public Set<? extends Principal> getPrincipals(@NotNull String str) {
        HashSet hashSet = new HashSet();
        try {
            Authorizable authorizable = this.userManager.getAuthorizable(str);
            if (authorizable != null && !authorizable.isGroup()) {
                hashSet.add(authorizable.getPrincipal());
                hashSet.addAll(getGroupMembership(authorizable));
            }
        } catch (RepositoryException e) {
            log.debug(e.getMessage());
        }
        return hashSet;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider
    @NotNull
    public Iterator<? extends Principal> findPrincipals(@Nullable String str, int i) {
        return findPrincipals(str, false, i, 0L, -1L);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider
    @NotNull
    public Iterator<? extends Principal> findPrincipals(@Nullable String str, boolean z, int i, long j, long j2) {
        if (j < 0) {
            j = 0;
        }
        if (j2 < 0) {
            j2 = Long.MAX_VALUE;
        }
        try {
            UnmodifiableIterator filter = Iterators.filter(Iterators.transform(findAuthorizables(str, i, j, j2), new AuthorizableToPrincipal()), (v0) -> {
                return Objects.nonNull(v0);
            });
            return (((j > 0L ? 1 : (j == 0L ? 0 : -1)) == 0 && (j2 > ReplicaSetStatus.UNKNOWN_LAG ? 1 : (j2 == ReplicaSetStatus.UNKNOWN_LAG ? 0 : -1)) == 0) && matchesEveryone(str, i)) ? Iterators.filter(Iterators.concat(filter, Iterators.singletonIterator(EveryonePrincipal.getInstance())), new EveryonePredicate()) : filter;
        } catch (RepositoryException e) {
            log.debug(e.getMessage());
            return Collections.emptyIterator();
        }
    }

    @Override // org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider
    @NotNull
    public Iterator<? extends Principal> findPrincipals(int i) {
        return findPrincipals(null, i);
    }

    private Authorizable getAuthorizable(Principal principal) {
        try {
            return this.userManager.getAuthorizable(principal);
        } catch (RepositoryException e) {
            log.debug("Error while retrieving principal: {}", e.getMessage());
            return null;
        }
    }

    private Set<Principal> getGroupMembership(Authorizable authorizable) {
        HashSet hashSet = new HashSet();
        try {
            Iterator<Group> memberOf = authorizable.memberOf();
            while (memberOf.hasNext()) {
                Principal principal = memberOf.next().getPrincipal();
                if (GroupPrincipals.isGroup(principal)) {
                    hashSet.add(principal);
                }
            }
        } catch (RepositoryException e) {
            log.debug(e.getMessage());
        }
        hashSet.add(EveryonePrincipal.getInstance());
        return hashSet;
    }

    private Iterator<Authorizable> findAuthorizables(@Nullable final String str, final int i, final long j, final long j2) throws RepositoryException {
        return this.userManager.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.principal.PrincipalProviderImpl.1
            @Override // org.apache.jackrabbit.api.security.user.Query
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setCondition(queryBuilder.like("@rep:principalName", PrincipalProviderImpl.buildSearchPattern(str)));
                queryBuilder.setSelector(AuthorizableType.getType(i).getAuthorizableClass());
                queryBuilder.setSortOrder("rep:principalName", QueryBuilder.Direction.ASCENDING);
                queryBuilder.setLimit(j, j2);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String buildSearchPattern(String str) {
        if (str == null) {
            return "%";
        }
        return '%' + str.replace("%", "\\%").replace(ShingleFilter.DEFAULT_FILLER_TOKEN, "\\_") + '%';
    }

    private static boolean matchesEveryone(String str, int i) {
        return i != 1 && (str == null || "everyone".contains(str));
    }
}
