package pl.ds.websight.system.user.provider.service.impl;

import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.PersistenceException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.osgi.framework.Bundle;
import org.osgi.framework.FrameworkUtil;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.ds.websight.system.user.provider.service.SystemUserConfig;
import pl.ds.websight.system.user.provider.service.SystemUserProvider;

@Component(service = {SystemUserProvider.class})
/* loaded from: input_file:resources/install/0/websight-release-admin-sling-1.0.3.zip:jcr_root/apps/websight/install/websight-system-user-provider-service-1.0.1.jar:pl/ds/websight/system/user/provider/service/impl/SystemUserProviderImpl.class */
public class SystemUserProviderImpl implements SystemUserProvider {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SystemUserProviderImpl.class);
    private static final String SYSTEM_USER_MAPPING_FACTORY_PID = "org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended";
    private static final String PN_USER_MAPPING = "user.mapping";

    @Reference
    private ResourceResolverFactory resourceResolverFactory;

    @Reference
    private ConfigurationAdmin configAdmin;
    private Set<String> createdUsers = new HashSet();

    @Override // pl.ds.websight.system.user.provider.service.SystemUserProvider
    public ResourceResolver getSystemUserResourceResolver(ResourceResolverFactory resourceResolverFactory, SystemUserConfig systemUserConfig) throws LoginException {
        String systemUserId = systemUserConfig.getSystemUserId();
        if (!this.createdUsers.contains(systemUserId)) {
            setupSystemUser(systemUserConfig);
        }
        return resourceResolverFactory.getServiceResourceResolver(Collections.singletonMap(ResourceResolverFactory.SUBSERVICE, systemUserId));
    }

    private void setupSystemUser(SystemUserConfig systemUserConfig) {
        String systemUserId = systemUserConfig.getSystemUserId();
        if (createServiceUser(systemUserId)) {
            createServiceMapperConfig(systemUserConfig);
            setupAcl(systemUserConfig);
            this.createdUsers.add(systemUserId);
        }
    }

    private boolean createServiceUser(String str) {
        try {
            ResourceResolver administrativeResourceResolver = this.resourceResolverFactory.getAdministrativeResourceResolver(null);
            try {
                UserManager userManager = AccessControlUtil.getUserManager((Session) administrativeResourceResolver.adaptTo(Session.class));
                if (userManager.getAuthorizable(str) != null) {
                    LOG.debug("Skipping creating system user. User already exists");
                    if (administrativeResourceResolver != null) {
                        administrativeResourceResolver.close();
                    }
                    return false;
                }
                userManager.createSystemUser(str, null);
                LOG.info("System user created with id: " + str);
                administrativeResourceResolver.commit();
                if (administrativeResourceResolver != null) {
                    administrativeResourceResolver.close();
                }
                return true;
            } catch (Throwable th) {
                if (administrativeResourceResolver != null) {
                    try {
                        administrativeResourceResolver.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (RepositoryException | LoginException | PersistenceException e) {
            LOG.warn("Failed to create system user", e);
            return false;
        }
    }

    private void setupAcl(SystemUserConfig systemUserConfig) {
        try {
            ResourceResolver administrativeResourceResolver = this.resourceResolverFactory.getAdministrativeResourceResolver(null);
            try {
                Session session = (Session) administrativeResourceResolver.adaptTo(Session.class);
                for (Map.Entry<String, String[]> entry : systemUserConfig.getPrivileges().entrySet()) {
                    addAcl(session, systemUserConfig.getSystemUserId(), entry.getKey(), AccessControlUtils.privilegesFromNames(session, entry.getValue()));
                }
                if (administrativeResourceResolver.hasChanges()) {
                    administrativeResourceResolver.commit();
                }
                if (administrativeResourceResolver != null) {
                    administrativeResourceResolver.close();
                }
            } finally {
            }
        } catch (RepositoryException | LoginException | PersistenceException e) {
            LOG.warn("Failed to setup ACL for system user", e);
        }
    }

    private void addAcl(Session session, String str, String str2, Privilege[] privilegeArr) throws RepositoryException {
        AccessControlManager accessControlManager = session.getAccessControlManager();
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, str2);
        accessControlList.addEntry(() -> {
            return str;
        }, privilegeArr, true);
        accessControlManager.setPolicy(str2, accessControlList);
    }

    private void createServiceMapperConfig(SystemUserConfig systemUserConfig) {
        try {
            Bundle bundle = FrameworkUtil.getBundle(systemUserConfig.getClass());
            Configuration createFactoryConfiguration = this.configAdmin.createFactoryConfiguration("org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended", null);
            Properties properties = new Properties();
            properties.put(PN_USER_MAPPING, bundle.getSymbolicName() + "=" + systemUserConfig.getSystemUserId());
            createFactoryConfiguration.update(properties);
        } catch (IOException e) {
            LOG.warn("Failed to create service user mapper entry", (Throwable) e);
        }
    }
}
