package com.adobe.granite.taskmanagement.impl.jcr;

import com.adobe.granite.security.authorization.AuthorizationService;
import com.adobe.granite.taskmanagement.TaskManagerException;
import com.adobe.granite.taskmanagement.impl.utils.ServiceLoginUtil;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.jcr.api.SlingRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/taskmanagement/impl/jcr/TaskUserContext.class */
public class TaskUserContext {
    private static final Logger logger = LoggerFactory.getLogger(TaskUserContext.class);
    private static final String USER_SERVICE = "user";
    private static final String NT_REP_SYSTEM_USER = "rep:SystemUser";
    private Session session;
    private SlingRepository slingRepository;
    private List<String> taskAdminGroupName;
    private AuthorizationService authorizationService;
    private boolean configuredToValidateAssignedPrincipal = true;

    protected TaskUserContext() {
    }

    public TaskUserContext(Session session, SlingRepository slingRepository, List<String> list, AuthorizationService authorizationService) {
        this.session = session;
        this.slingRepository = slingRepository;
        this.taskAdminGroupName = list;
        this.authorizationService = authorizationService;
    }

    public String getCurrentUserId() {
        String str = null;
        if (this.session != null) {
            str = this.session.getUserID();
            logger.trace("UserId found for caller: [{}]", str);
        }
        return str;
    }

    private static UserManager getUserManager(Session session) throws RepositoryException {
        if (session instanceof JackrabbitSession) {
            return ((JackrabbitSession) session).getUserManager();
        }
        throw new RuntimeException("Cannot create instance of UserManager from unknown Session type: " + session.getClass());
    }

    public Session getUserSession() {
        return this.session;
    }

    public boolean isValidUserOrGroup(String str) throws TaskManagerException {
        if (this.configuredToValidateAssignedPrincipal) {
            return validatePrincipal(str);
        }
        return true;
    }

    public boolean validatePrincipal(String str) throws TaskManagerException {
        Session session = null;
        try {
            try {
                session = ServiceLoginUtil.createWorkflowUserReaderSession(this.slingRepository);
                Authorizable authorizable = getUserManager(session).getAuthorizable(str);
                if (session != null && session.isLive()) {
                    session.logout();
                }
                return authorizable != null;
            } catch (RepositoryException e) {
                throw new TaskManagerException("Error attempting to retrieve an Authoriable from ID: [" + str + "]", e);
            }
        } catch (Throwable th) {
            if (session != null && session.isLive()) {
                session.logout();
            }
            throw th;
        }
    }

    public boolean isCurrentUserTaskAdministrator() throws TaskManagerException {
        if (this.authorizationService.hasAdministrativeAccess(this.session)) {
            return true;
        }
        if (this.taskAdminGroupName == null || this.session == null || this.session.getUserID() == null) {
            return false;
        }
        try {
            UserManager userManager = getUserManager(this.session);
            if (this.taskAdminGroupName.contains(this.session.getUserID())) {
                return true;
            }
            User authorizable = userManager.getAuthorizable(this.session.getUserID());
            if (authorizable == null) {
                logger.warn("Session with userId {} cannot load itself.  Is this a service user who needs access to their own profile?", this.session.getUserID());
                return false;
            }
            if (!authorizable.isGroup() && authorizable.isAdmin()) {
                return true;
            }
            Iterator memberOf = authorizable.memberOf();
            while (memberOf.hasNext()) {
                if (this.taskAdminGroupName.contains(((Group) memberOf.next()).getID())) {
                    return true;
                }
            }
            return false;
        } catch (RepositoryException e) {
            throw new TaskManagerException("Error determining if current user is a task administrator", e);
        }
    }

    public Set<String> getOwnerIdsForCurrentUser() throws TaskManagerException {
        if (this.session == null || this.session.getUserID() == null) {
            return null;
        }
        try {
            Authorizable authorizable = getUserManager(this.session).getAuthorizable(this.session.getUserID());
            if (authorizable == null) {
                return null;
            }
            HashSet hashSet = new HashSet();
            Iterator memberOf = authorizable.memberOf();
            while (memberOf.hasNext()) {
                hashSet.add(((Group) memberOf.next()).getID());
            }
            hashSet.add(this.session.getUserID());
            return hashSet;
        } catch (RepositoryException e) {
            throw new TaskManagerException("Error getting groups for current user", e);
        }
    }

    public void setConfiguredToValidateAssignedPrincipal(boolean z) {
        this.configuredToValidateAssignedPrincipal = z;
    }
}
