package com.adobe.granite.repository.impl;

import com.day.crx.CRXModule;
import com.day.crx.CRXRepository;
import com.day.crx.License;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.io.File;
import java.security.AccessControlContext;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.jcr.Credentials;
import javax.jcr.LoginException;
import javax.jcr.NoSuchWorkspaceException;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import org.apache.jackrabbit.api.JackrabbitRepository;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.management.DataStoreGarbageCollector;
import org.apache.jackrabbit.api.management.RepositoryManager;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.jcr.base.AbstractSlingRepository2;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.osgi.framework.Bundle;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/repository/impl/SlingRepositoryImpl.class */
public class SlingRepositoryImpl extends AbstractSlingRepository2 implements CRXRepository, JackrabbitRepository, Repository, SlingRepository, RepositoryManager {
    private static final Logger log = LoggerFactory.getLogger(SlingRepositoryImpl.class);
    private final SlingRepositoryManager manager;
    private final CRX3RepositoryImpl delegate;
    private final ServiceUsersConfigurationManager serviceUsersConfigurationManager;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/adobe/granite/repository/impl/SlingRepositoryImpl$GraniteSystemUserPrincipal.class */
    public static final class GraniteSystemUserPrincipal implements SystemUserPrincipal {
        private final String name;

        private GraniteSystemUserPrincipal(@Nonnull String str) {
            this.name = str;
        }

        public String getName() {
            return this.name;
        }

        public String toString() {
            return SystemUserPrincipal.class.getName() + ":" + this.name;
        }
    }

    public SlingRepositoryImpl(SlingRepositoryManager slingRepositoryManager, Bundle bundle, CRX3RepositoryImpl cRX3RepositoryImpl, ServiceUsersConfigurationManager serviceUsersConfigurationManager) {
        super(slingRepositoryManager, bundle);
        this.manager = slingRepositoryManager;
        this.delegate = cRX3RepositoryImpl;
        this.serviceUsersConfigurationManager = serviceUsersConfigurationManager;
    }

    public void stop() {
        throw new UnsupportedOperationException("RepositoryManager.stop()");
    }

    public DataStoreGarbageCollector createDataStoreGarbageCollector() throws RepositoryException {
        if (this.delegate instanceof RepositoryManager) {
            return this.delegate.createDataStoreGarbageCollector();
        }
        return null;
    }

    protected Session createAdministrativeSession(final String str) throws RepositoryException {
        final String str2 = (String) ((UserConfiguration) this.manager.getSecurityProvider().getConfiguration(UserConfiguration.class)).getParameters().getConfigValue("adminId", "admin");
        Set singleton = Collections.singleton(new AdminPrincipal() { // from class: com.adobe.granite.repository.impl.SlingRepositoryImpl.1
            public String getName() {
                return str2;
            }

            public String toString() {
                return AdminPrincipal.class.getName() + ":" + str2;
            }
        });
        try {
            return (Session) Subject.doAsPrivileged(new Subject(true, singleton, Collections.singleton(new AuthInfoImpl(str2, Collections.emptyMap(), singleton)), Collections.emptySet()), new PrivilegedExceptionAction<Session>() { // from class: com.adobe.granite.repository.impl.SlingRepositoryImpl.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Session run() throws Exception {
                    return SlingRepositoryImpl.this.delegate.login(null, str, ImmutableMap.of("oak.refresh-interval", 0L, "oak.relaxed-locking", Boolean.TRUE));
                }
            }, (AccessControlContext) null);
        } catch (PrivilegedActionException e) {
            throw new RepositoryException("failed to retrieve service session.", e);
        }
    }

    protected Session createServiceSession(String str, String str2) throws RepositoryException {
        return !this.serviceUsersConfigurationManager.isServiceUserFastPathEnabled(str) ? super.createServiceSession(str, str2) : createServiceSessionFastPath(str, str2);
    }

    protected Session createServiceSessionFastPath(String str, final String str2) throws RepositoryException {
        ImmutableSet of = ImmutableSet.of(new GraniteSystemUserPrincipal(str));
        try {
            return (Session) Subject.doAsPrivileged(new Subject(true, of, Collections.singleton(new AuthInfoImpl(str, Collections.emptyMap(), of)), Collections.emptySet()), new PrivilegedExceptionAction<Session>() { // from class: com.adobe.granite.repository.impl.SlingRepositoryImpl.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Session run() throws Exception {
                    return SlingRepositoryImpl.this.delegate.login(null, str2);
                }
            }, (AccessControlContext) null);
        } catch (PrivilegedActionException e) {
            throw new RepositoryException("failed to retrieve admin session.", e);
        }
    }

    protected Session createServiceSession(Iterable<String> iterable, final String str) throws RepositoryException {
        HashSet hashSet = new HashSet();
        for (String str2 : iterable) {
            if (str2 != null && !str2.isEmpty()) {
                hashSet.add(new GraniteSystemUserPrincipal(str2));
            }
        }
        try {
            return (Session) Subject.doAsPrivileged(new Subject(true, hashSet, Collections.singleton(new AuthInfoImpl(!hashSet.isEmpty() ? iterable.iterator().next() : null, Collections.emptyMap(), hashSet)), Collections.emptySet()), new PrivilegedExceptionAction<Session>() { // from class: com.adobe.granite.repository.impl.SlingRepositoryImpl.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Session run() throws Exception {
                    return SlingRepositoryImpl.this.delegate.login(null, str);
                }
            }, (AccessControlContext) null);
        } catch (PrivilegedActionException e) {
            throw new RepositoryException("failed to retrieve service session.", e);
        }
    }

    public Session impersonateFromService(String str, Credentials credentials, String str2) throws RepositoryException {
        Session session = null;
        try {
            Session createAdministrativeSession = createAdministrativeSession(str2);
            String serviceUserID = getServiceUserID(credentials, createAdministrativeSession);
            if (serviceUserID != null) {
                Session createServiceSession = createServiceSession(Collections.singleton(serviceUserID), str2);
                if (createAdministrativeSession != null && createAdministrativeSession.isLive()) {
                    createAdministrativeSession.logout();
                }
                return createServiceSession;
            }
            Session impersonate = createAdministrativeSession.impersonate(credentials);
            if (createAdministrativeSession != null && createAdministrativeSession.isLive()) {
                createAdministrativeSession.logout();
            }
            return impersonate;
        } catch (Throwable th) {
            if (0 != 0 && session.isLive()) {
                session.logout();
            }
            throw th;
        }
    }

    @Nullable
    private static String getServiceUserID(@NotNull Credentials credentials, @NotNull Session session) {
        if (!(credentials instanceof SimpleCredentials) || !(session instanceof JackrabbitSession)) {
            return null;
        }
        try {
            User authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(((SimpleCredentials) credentials).getUserID(), User.class);
            if (authorizable == null || !authorizable.isSystemUser()) {
                return null;
            }
            return authorizable.getID();
        } catch (RepositoryException e) {
            log.warn(e.getMessage());
            return null;
        }
    }

    public File getHomeDir() {
        return this.delegate.getHomeDir();
    }

    public License getLicense() {
        return this.delegate.getLicense();
    }

    public CRXModule getModule(String str) {
        return this.delegate.getModule(str);
    }

    public CRXModule[] getModules() {
        return this.delegate.getModules();
    }

    public void installModule(Session session, CRXModule cRXModule) throws RepositoryException {
        this.delegate.installModule(session, cRXModule);
    }

    public void uninstallModule(Session session, String str) {
        this.delegate.uninstallModule(session, str);
    }

    public Session login(Credentials credentials, String str, Map<String, Object> map) throws LoginException, NoSuchWorkspaceException, RepositoryException {
        return this.delegate.login(credentials, str, map);
    }

    public void shutdown() {
        this.delegate.shutdown();
    }
}
