package com.adobe.granite.repository.hc.impl;

import com.adobe.granite.security.user.UserManagementService;
import javax.jcr.GuestCredentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.sling.hc.api.HealthCheck;
import org.apache.sling.hc.api.Result;
import org.apache.sling.hc.util.FormattingResultLog;
import org.apache.sling.jcr.api.SlingRepository;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;

@Designate(ocd = Configuration.class)
@Component(service = {HealthCheck.class}, property = {"hc.name=User Profile Default Access", "hc.mbean.name=userProfileDefaultAccess"})
/* loaded from: input_file:com/adobe/granite/repository/hc/impl/DefaultAccessUserProfileHealthCheck.class */
public class DefaultAccessUserProfileHealthCheck implements HealthCheck {
    private static final String RANDOM_PROFILE_USERHOME_SUBPATH = "/random-42/profile";

    @Reference
    private SlingRepository repository;

    @Reference
    private UserManagementService userManagementService;

    @ObjectClassDefinition(name = "Adobe Granite User Profile Access Health Check", description = "This health check checks if the everyone principal has not read access to user profiles.")
    /* loaded from: input_file:com/adobe/granite/repository/hc/impl/DefaultAccessUserProfileHealthCheck$Configuration.class */
    public @interface Configuration {
        @AttributeDefinition(name = "Health Check Tags", description = "Health Check Tags")
        String[] hc_tags() default {"acl", "security"};
    }

    @Activate
    protected void activate(Configuration configuration) {
    }

    @Modified
    protected void modified(Configuration configuration) {
    }

    public Result execute() {
        FormattingResultLog formattingResultLog = new FormattingResultLog();
        Session session = null;
        try {
            try {
                Session login = this.repository.login(new GuestCredentials());
                if (login.hasPermission(this.userManagementService.getUserRootPath() + RANDOM_PROFILE_USERHOME_SUBPATH, "read")) {
                    formattingResultLog.warn("Insecure policies for default user profiles have been found.", new Object[0]);
                    formattingResultLog.warn("[Check section 'Default Access to User Profile(s) is everyone' in the security guidelines.](https://www.adobe.com/go/aem6_4_docs_security_userprofile_en)", new Object[0]);
                } else {
                    formattingResultLog.debug("No obviously insecure user profile policies have been found.", new Object[0]);
                }
                if (login != null && login.isLive()) {
                    login.logout();
                }
            } catch (RepositoryException e) {
                formattingResultLog.warn("Could not login to the repository. Health Check not performed.", new Object[0]);
                if (0 != 0 && session.isLive()) {
                    session.logout();
                }
            }
            return new Result(formattingResultLog);
        } catch (Throwable th) {
            if (0 != 0 && session.isLive()) {
                session.logout();
            }
            throw th;
        }
    }
}
