package com.adobe.cq.dam.bp.cloudconfig.impl;

import com.adobe.cq.dam.bp.cloudconfig.BPTokenProvider;
import com.adobe.cq.dam.bp.cloudconfig.MediaPortalCloudConfigResolver;
import com.adobe.cq.dam.bp.cloudconfig.MediaPortalCloudConfiguration;
import com.adobe.cq.dam.bp.cloudconfig.impl.Constants;
import com.adobe.cq.dam.mac.sync.api.SyncAgent;
import com.adobe.cq.dam.mac.sync.api.SyncAgentFactory;
import com.day.cq.dam.commons.deployment.DeploymentType;
import com.day.cq.dam.commons.deployment.Detector;
import java.io.IOException;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.sling.api.resource.ModifiableValueMap;
import org.apache.sling.api.resource.PersistenceException;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.api.resource.observation.ExternalResourceChangeListener;
import org.apache.sling.api.resource.observation.ResourceChange;
import org.apache.sling.api.resource.observation.ResourceChangeListener;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = Config.class)
@Component(service = {ResourceChangeListener.class}, name = "Event handler for changes to Media Portal Cloud Configuration", immediate = true, property = {"resource.change.types=ADDED", "resource.change.types=CHANGED", "resource.paths=glob:/conf/global/settings/cloudconfigs/mediaportal/**/jcr:content"})
/* loaded from: input_file:com/adobe/cq/dam/bp/cloudconfig/impl/MediaPortalCloudConfigurationListener.class */
public class MediaPortalCloudConfigurationListener implements ResourceChangeListener, ExternalResourceChangeListener {
    public static final String MP_REPLICATION_AGENT_NAME = "MP Replication Agent";
    private static final int DEFAULT_CONNECTION_TIMEOUT = 180000;
    private static final int DEFAULT_SOCKET_TIMEOUT = 600000;
    private int connectionTimeout;
    private int socketTimeout;

    @Reference
    private ResourceResolverFactory rrf = null;

    @Reference
    private SyncAgentFactory agentFactory = null;

    @Reference
    private MediaPortalCloudConfigResolver mpCloudConfigResolver = null;

    @Reference
    private ConfigurationAdmin configurationAdmin;

    @Reference
    private BPTokenProvider tokenProvider;

    @Reference
    private Detector deploymentDetector;
    private static final Logger LOG = LoggerFactory.getLogger(MediaPortalCloudConfigurationListener.class);
    private static final Map<String, Object> REPLICATION_SERVICE_AUTH_INFO = Collections.singletonMap("sling.service.subservice", Constants.SUBSYSTEM_DAM_REPLICATION_HELPER);
    private static boolean useSCD = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    @ObjectClassDefinition(name = "Media Portal Replication HTTP Client", description = "HTTP Client used to communicate with Media Portal")
    /* loaded from: input_file:com/adobe/cq/dam/bp/cloudconfig/impl/MediaPortalCloudConfigurationListener$Config.class */
    public @interface Config {
        @AttributeDefinition(name = "Connection timeout", description = "Timeout in milliseconds until a connection is established. A timeout value of zero is interpreted as an infinite timeout. Default is 180000ms")
        int connectionTimeout() default 180000;

        @AttributeDefinition(name = "Socket timeout", description = "Timeout in milliseconds for waiting for data or a maximum period of inactivity between two consecutive data packets. Default is 600000ms")
        int socketTimeout() default 600000;
    }

    public void onChange(List<ResourceChange> list) {
        LOG.debug("onChange:");
        ResourceResolver resourceResolver = null;
        try {
            try {
                resourceResolver = this.rrf.getServiceResourceResolver(REPLICATION_SERVICE_AUTH_INFO);
                for (ResourceChange resourceChange : list) {
                    ResourceChange.ChangeType type = resourceChange.getType();
                    if (type == ResourceChange.ChangeType.CHANGED || type == ResourceChange.ChangeType.ADDED) {
                        processConfigChangeEvent(resourceResolver, resourceChange);
                    }
                }
                if (resourceResolver != null) {
                    resourceResolver.close();
                }
            } catch (Exception e) {
                LOG.error("Unable to process event", e);
                if (resourceResolver != null) {
                    resourceResolver.close();
                }
            }
        } catch (Throwable th) {
            if (resourceResolver != null) {
                resourceResolver.close();
            }
            throw th;
        }
    }

    private void processConfigChangeEvent(ResourceResolver resourceResolver, ResourceChange resourceChange) throws RepositoryException, IOException, InvalidSyntaxException {
        Resource parent;
        LOG.debug("processConfigChangeEvent: " + resourceChange.toString());
        Resource resource = resourceResolver.getResource(resourceChange.getPath());
        if (resource == null || (parent = resource.getParent()) == null) {
            return;
        }
        createOrUpdateAgents(resourceResolver, this.mpCloudConfigResolver.getConfiguration(resourceResolver, parent.getPath()));
    }

    private void createOrUpdateReplicationAgent(SyncAgent syncAgent, ResourceResolver resourceResolver, MediaPortalCloudConfiguration mediaPortalCloudConfiguration, String str) {
        Map map;
        LOG.debug("createOrUpdateReplicationAgent: ");
        String tenant = mediaPortalCloudConfiguration.getTenant();
        String str2 = mediaPortalCloudConfiguration.getServiceUrl() + "/bin/receive?sling:authRequestLogin=1";
        Resource resource = resourceResolver.getResource(Constants.AGENTS_ROOT_PATH);
        String agentNameForTenant = syncAgent.getAgentNameForTenant(mediaPortalCloudConfiguration.getTenant());
        Resource resource2 = resourceResolver.getResource(resource, agentNameForTenant);
        Resource resource3 = null;
        try {
            if (resource2 == null) {
                map = new HashMap();
                map.put("jcr:primaryType", "nt:unstructured");
                map.put("enabled", Boolean.valueOf(mediaPortalCloudConfiguration.isEnabled()));
                map.put("protocolHTTPMethod", syncAgent.getProtocolHTTPMethod());
                map.put(Constants.BPCloudConfig.NT_SLING_RESOURCETYPE, syncAgent.getSlingResourceType());
                map.put("cq:template", syncAgent.getCqTemplate());
                map.put("reverseReplication", false);
                map.put("triggerSpecific", true);
                HashMap hashMap = new HashMap();
                hashMap.put("jcr:primaryType", "cq:Page");
                resource2 = resourceResolver.create(resource, agentNameForTenant, hashMap);
            } else {
                resource3 = resourceResolver.getResource(resource2, "jcr:content");
                map = (Map) resource3.adaptTo(ModifiableValueMap.class);
            }
            map.put("jcr:title", tenant + " " + syncAgent.getName());
            map.put("transportUri", str2);
            map.put("protocolConnectTimeout", Integer.valueOf(this.connectionTimeout));
            map.put("protocolSocketTimeout", Integer.valueOf(this.socketTimeout));
            map.put("enabled", Boolean.valueOf(mediaPortalCloudConfiguration.isEnabled()));
            map.put("enableOauth", true);
            map.put("userId", Constants.BRAND_PORTAL_IMS_SERVICE);
            map.put("accessTokenProviderPid", str);
            if (resource3 == null) {
                resourceResolver.create(resource2, "jcr:content", map);
            }
            resourceResolver.commit();
            LOG.info("Created agent for tenant {}.", mediaPortalCloudConfiguration.getTenant());
        } catch (PersistenceException e) {
            LOG.error("Cannot create replication agent for tenant " + mediaPortalCloudConfiguration.getTenant(), e);
        }
    }

    protected void callActivate() {
        activate(null);
    }

    @Activate
    void activate(Config config) {
        useSCD = this.deploymentDetector.getDeploymentType().equals(DeploymentType.SKYLINE);
        ResourceResolver resourceResolver = null;
        try {
            try {
                this.connectionTimeout = config.connectionTimeout();
                this.socketTimeout = config.socketTimeout();
                resourceResolver = this.rrf.getServiceResourceResolver(REPLICATION_SERVICE_AUTH_INFO);
                addUserToGroup(resourceResolver, Constants.BRAND_PORTAL_IMS_SERVICE);
                createOrUpdateAgents(resourceResolver, this.mpCloudConfigResolver.getDefaultConfig(resourceResolver));
                if (resourceResolver != null) {
                    resourceResolver.close();
                }
            } catch (Exception e) {
                LOG.error("exception occured while trying to create agent(s) ", e);
                if (resourceResolver != null) {
                    resourceResolver.close();
                }
            }
        } catch (Throwable th) {
            if (resourceResolver != null) {
                resourceResolver.close();
            }
            throw th;
        }
    }

    private void createOrUpdateAgents(ResourceResolver resourceResolver, MediaPortalCloudConfiguration mediaPortalCloudConfiguration) throws IOException, InvalidSyntaxException {
        if (mediaPortalCloudConfiguration == null || !mediaPortalCloudConfiguration.isValidConfig()) {
            return;
        }
        if (useSCD) {
            SCDConfUtil.removeForwardAgents(this.configurationAdmin);
        }
        String servicePID = this.tokenProvider.getServicePID();
        for (int i = 0; i < mediaPortalCloudConfiguration.getAgentCount(); i++) {
            if (useSCD) {
                SCDConfUtil.createOrUpdateForwardAgent(this.configurationAdmin, mediaPortalCloudConfiguration, Constants.BP_DISTRIBUTION_AGENT_NAME + i, servicePID);
            } else {
                createOrUpdateReplicationAgent(this.agentFactory.getSyncAgent(Constants.REPLICATION, MP_REPLICATION_AGENT_NAME + i), resourceResolver, mediaPortalCloudConfiguration, servicePID);
            }
        }
    }

    private void addUserToGroup(ResourceResolver resourceResolver, String str) throws RepositoryException {
        JackrabbitSession jackrabbitSession = (Session) resourceResolver.adaptTo(Session.class);
        UserManager userManager = jackrabbitSession.getUserManager();
        Authorizable authorizable = userManager.getAuthorizable(str);
        Privilege[] privilegesFromNames = AccessControlUtils.privilegesFromNames(jackrabbitSession, new String[]{"{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}nodeTypeManagement", "{http://www.jcp.org/jcr/1.0}write"});
        Privilege[] privilegesFromNames2 = AccessControlUtils.privilegesFromNames(jackrabbitSession, new String[]{"{http://www.jcp.org/jcr/1.0}read"});
        AccessControlUtils.addAccessControlEntry(jackrabbitSession, Constants.DAM_COLLECTION_HOME, authorizable.getPrincipal(), privilegesFromNames, true);
        AccessControlUtils.addAccessControlEntry(jackrabbitSession, "/content/cq:tags", authorizable.getPrincipal(), privilegesFromNames2, true);
        try {
            Group createGroup = createGroup(userManager);
            if (!createGroup.isMember(authorizable)) {
                createGroup.addMember(authorizable);
            }
            if (!userManager.isAutoSave()) {
                jackrabbitSession.save();
            }
            if (jackrabbitSession.hasPendingChanges()) {
                jackrabbitSession.save();
            }
        } catch (PersistenceException e) {
            throw new RuntimeException("could not create dam mac namespace group");
        }
    }

    private Group createGroup(UserManager userManager) throws RepositoryException, PersistenceException {
        Group authorizable = userManager.getAuthorizable("dam-mac-replication");
        Group authorizable2 = userManager.getAuthorizable("dam-users");
        if (authorizable != null) {
            return authorizable;
        }
        LOG.info("Creating Group {}", "dam-mac-replication");
        Group createGroup = userManager.createGroup(new Principal() { // from class: com.adobe.cq.dam.bp.cloudconfig.impl.MediaPortalCloudConfigurationListener.1
            @Override // java.security.Principal
            public String getName() {
                return "dam-mac-replication";
            }
        }, "mac");
        if (authorizable2 == null) {
            throw new RuntimeException("dam-users group is missing");
        }
        if (!(authorizable2 instanceof Group)) {
            throw new RuntimeException("dam-users should be a group");
        }
        Group group = authorizable2;
        if (!group.isMember(createGroup)) {
            group.addMember(createGroup);
        }
        return createGroup;
    }
}
