package com.adobe.granite.repository.hc.impl;

import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.PropertyUnbounded;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableNodeName;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.sling.hc.api.HealthCheck;
import org.apache.sling.hc.api.Result;
import org.apache.sling.hc.util.FormattingResultLog;

@Service({HealthCheck.class})
@Component(metatype = true, label = "Adobe Granite Authorizable Node Name Health Check", description = "This health check verifies if the default node name generation for user/group nodes has been replace in order to avoid exposing the authorizable ID in the node name and path.")
@Properties({@Property(name = "hc.name", value = {"Authorizable Node Name Generation"}, propertyPrivate = true), @Property(name = "hc.tags", unbounded = PropertyUnbounded.ARRAY, value = {"security", "production"}, label = "Tags", description = "Tags for this check to be used by composite health checks."), @Property(name = "hc.mbean.name", value = {"authorizableNodeName"}, propertyPrivate = true)})
/* loaded from: input_file:com/adobe/granite/repository/hc/impl/AuthorizableNodeNameHealthCheck.class */
public class AuthorizableNodeNameHealthCheck implements HealthCheck {

    @Reference
    UserConfiguration userConfiguration;

    @Activate
    protected void activate() {
    }

    public Result execute() {
        FormattingResultLog formattingResultLog = new FormattingResultLog();
        if (this.userConfiguration == null) {
            formattingResultLog.warn("Unable to verify AuthorizableNodeName implementation; UserConfiguration is missing.", new Object[0]);
        } else if (((AuthorizableNodeName) this.userConfiguration.getParameters().getConfigValue("authorizableNodeName", AuthorizableNodeName.DEFAULT, AuthorizableNodeName.class)).generateNodeName("userid").contains("userid")) {
            formattingResultLog.warn("AuthorizableNodeName implementation exposes authorizable ID in the node name/path.", new Object[0]);
            formattingResultLog.warn("Please enable 'RandomAuthorizableNodeName' or provide your custom implementation. See security checklist for details.", new Object[0]);
        } else {
            formattingResultLog.debug("AuthorizableNodeName implementation doesn't expose authorizable ID.", new Object[0]);
        }
        return new Result(formattingResultLog);
    }

    protected void bindUserConfiguration(UserConfiguration userConfiguration) {
        this.userConfiguration = userConfiguration;
    }

    protected void unbindUserConfiguration(UserConfiguration userConfiguration) {
        if (this.userConfiguration == userConfiguration) {
            this.userConfiguration = null;
        }
    }
}
