package org.apache.jackrabbit.oak.security.principal;

import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.Iterators;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Query;
import org.apache.jackrabbit.api.security.user.QueryBuilder;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.lucene.analysis.shingle.ShingleFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.class */
public class PrincipalProviderImpl implements PrincipalProvider {
    private static final Logger log = LoggerFactory.getLogger(PrincipalProviderImpl.class);
    private final UserManager userManager;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl$AuthorizableToPrincipal.class */
    public static final class AuthorizableToPrincipal implements Function<Authorizable, Principal> {
        private AuthorizableToPrincipal() {
        }

        @Override // com.google.common.base.Function
        public Principal apply(@Nullable Authorizable authorizable) {
            if (authorizable == null) {
                return null;
            }
            try {
                return authorizable.getPrincipal();
            } catch (RepositoryException e) {
                PrincipalProviderImpl.log.debug(e.getMessage());
                return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl$EveryonePredicate.class */
    public static final class EveryonePredicate implements Predicate<Principal> {
        private boolean servedEveryone;

        private EveryonePredicate() {
            this.servedEveryone = false;
        }

        @Override // com.google.common.base.Predicate
        public boolean apply(@Nullable Principal principal) {
            if (!"everyone".equals(principal == null ? null : principal.getName())) {
                return true;
            }
            if (this.servedEveryone) {
                return false;
            }
            this.servedEveryone = true;
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrincipalProviderImpl(@Nonnull Root root, @Nonnull UserConfiguration userConfiguration, @Nonnull NamePathMapper namePathMapper) {
        this.userManager = userConfiguration.getUserManager(root, namePathMapper);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider
    public Principal getPrincipal(@Nonnull String str) {
        Authorizable authorizable = getAuthorizable(new PrincipalImpl(str));
        if (authorizable != null) {
            try {
                return authorizable.getPrincipal();
            } catch (RepositoryException e) {
                log.debug(e.getMessage());
            }
        }
        if ("everyone".equals(str)) {
            return EveryonePrincipal.getInstance();
        }
        return null;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider
    @Nonnull
    public Set<Group> getGroupMembership(@Nonnull Principal principal) {
        Authorizable authorizable = getAuthorizable(principal);
        return authorizable == null ? Collections.emptySet() : getGroupMembership(authorizable);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider
    @Nonnull
    public Set<? extends Principal> getPrincipals(@Nonnull String str) {
        HashSet hashSet = new HashSet();
        try {
            Authorizable authorizable = this.userManager.getAuthorizable(str);
            if (authorizable != null && !authorizable.isGroup()) {
                hashSet.add(authorizable.getPrincipal());
                hashSet.addAll(getGroupMembership(authorizable));
            }
        } catch (RepositoryException e) {
            log.debug(e.getMessage());
        }
        return hashSet;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider
    @Nonnull
    public Iterator<? extends Principal> findPrincipals(@Nullable String str, int i) {
        try {
            Iterator<? extends Principal> transform = Iterators.transform(Iterators.filter(findAuthorizables(str, i), Predicates.notNull()), new AuthorizableToPrincipal());
            return matchesEveryone(str, i) ? Iterators.filter(Iterators.concat(transform, Iterators.singletonIterator(EveryonePrincipal.getInstance())), new EveryonePredicate()) : transform;
        } catch (RepositoryException e) {
            log.debug(e.getMessage());
            return Collections.emptyIterator();
        }
    }

    @Override // org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider
    @Nonnull
    public Iterator<? extends Principal> findPrincipals(int i) {
        return findPrincipals(null, i);
    }

    private Authorizable getAuthorizable(Principal principal) {
        try {
            return this.userManager.getAuthorizable(principal);
        } catch (RepositoryException e) {
            log.debug("Error while retrieving principal: {}", e.getMessage());
            return null;
        }
    }

    private Set<Group> getGroupMembership(Authorizable authorizable) {
        HashSet hashSet = new HashSet();
        try {
            Iterator<org.apache.jackrabbit.api.security.user.Group> memberOf = authorizable.memberOf();
            while (memberOf.hasNext()) {
                Principal principal = memberOf.next().getPrincipal();
                if (principal instanceof Group) {
                    hashSet.add((Group) principal);
                }
            }
        } catch (RepositoryException e) {
            log.debug(e.getMessage());
        }
        hashSet.add(EveryonePrincipal.getInstance());
        return hashSet;
    }

    private Iterator<Authorizable> findAuthorizables(@Nullable final String str, final int i) throws RepositoryException {
        return this.userManager.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.principal.PrincipalProviderImpl.1
            @Override // org.apache.jackrabbit.api.security.user.Query
            public <T> void build(QueryBuilder<T> queryBuilder) {
                queryBuilder.setCondition(queryBuilder.like("@rep:principalName", PrincipalProviderImpl.buildSearchPattern(str)));
                queryBuilder.setSelector(AuthorizableType.getType(i).getAuthorizableClass());
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String buildSearchPattern(String str) {
        if (str == null) {
            return "%";
        }
        return '%' + str.replace("%", "\\%").replace(ShingleFilter.DEFAULT_FILLER_TOKEN, "\\_") + '%';
    }

    private static boolean matchesEveryone(String str, int i) {
        return i != 1 && (str == null || "everyone".contains(str));
    }
}
