package com.adobe.granite.security.permissions.internal.servlets;

import com.adobe.granite.security.user.UserProperties;
import com.adobe.granite.security.user.UserPropertiesManager;
import com.adobe.granite.security.user.UserPropertiesService;
import com.adobe.granite.security.user.util.AuthorizableUtil;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Stream;
import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
import javax.jcr.RangeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.json.Json;
import javax.json.stream.JsonGenerator;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.request.RequestParameterMap;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.apache.sling.xss.ProtectionContext;
import org.apache.sling.xss.XSSFilter;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {Servlet.class}, property = {"sling.servlet.paths=/bin/principals", "sling.servlet.extensions=json", "sling.servlet.methods=GET"})
/* loaded from: input_file:com/adobe/granite/security/permissions/internal/servlets/PrincipalsServlet.class */
public class PrincipalsServlet extends SlingAllMethodsServlet {
    private static final Logger log = LoggerFactory.getLogger(PrincipalsServlet.class);
    private static final String PARAM_QUERY = "query";
    private static final String PARAM_TYPE = "type";
    private static final String PARAM_OFFSET = "offset";
    private static final String PARAM_LIMIT = "limit";

    @Reference
    private UserPropertiesService upService;

    @Reference
    private XSSFilter xss;
    private static final String PRIMARY_IMAGE_RELPATH = "photos/primary/image";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/adobe/granite/security/permissions/internal/servlets/PrincipalsServlet$Photo.class */
    public static class Photo {
        final String picturePath;

        Photo(String str) {
            this.picturePath = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/adobe/granite/security/permissions/internal/servlets/PrincipalsServlet$PrincipalDto.class */
    public static class PrincipalDto {
        private final Principal principal;
        private Optional<Authorizable> authorizable = Optional.empty();
        private Optional<UserProperties> profile = Optional.empty();
        private Optional<Photo> photo = Optional.empty();

        public PrincipalDto(Principal principal) {
            this.principal = principal;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void asJson(JsonGenerator jsonGenerator, XSSFilter xSSFilter, String str) {
            String str2;
            jsonGenerator.writeStartObject();
            jsonGenerator.write("principal", this.principal.getName());
            jsonGenerator.write("principal_xss", xSSFilter.filter(ProtectionContext.PLAIN_HTML_CONTENT, this.principal.getName()));
            if (this.principal instanceof SystemUserPrincipal) {
                str2 = "system user";
            } else if (this.authorizable.isPresent()) {
                Group group = (Authorizable) this.authorizable.get();
                if (group.isGroup()) {
                    str2 = "group";
                    jsonGenerator.write("membersTotal", PrincipalsServlet.getMembersTotal(group));
                } else {
                    str2 = "user";
                }
            } else {
                str2 = "external";
            }
            jsonGenerator.write(PrincipalsServlet.PARAM_TYPE, str2);
            String profileName = PrincipalsServlet.getProfileName(this.profile, this.principal.getName());
            jsonGenerator.write("name", profileName);
            jsonGenerator.write("name_xss", xSSFilter.filter(ProtectionContext.PLAIN_HTML_CONTENT, profileName));
            if (this.photo.isPresent()) {
                jsonGenerator.write("picturePath", wrap(this.photo.get().picturePath, str));
            }
            jsonGenerator.writeEnd();
        }

        private static String wrap(String str, String str2) {
            return str2 != null ? str2 + str : str;
        }
    }

    protected void doGet(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        RequestParameterMap requestParameterMap = slingHttpServletRequest.getRequestParameterMap();
        String parameter = slingHttpServletRequest.getParameter(PARAM_QUERY);
        long nonNegativeValue = ServletUtils.getNonNegativeValue(requestParameterMap, PARAM_OFFSET, 0L);
        long nonNegativeValue2 = ServletUtils.getNonNegativeValue(requestParameterMap, PARAM_LIMIT, -1L);
        int principalType = toPrincipalType(slingHttpServletRequest.getParameter(PARAM_TYPE));
        try {
            JackrabbitSession session = getSession(slingHttpServletRequest);
            PrincipalManager principalManager = session.getPrincipalManager();
            UserManager userManager = session.getUserManager();
            Function<Authorizable, Optional<UserProperties>> newProfileProvider = newProfileProvider(newUserPropertiesManager(session, resourceResolver));
            ServletUtils.setContentType(slingHttpServletResponse);
            doGet(principalManager, userManager, newProfileProvider, this.xss, newJsonGenerator(slingHttpServletResponse), parameter, principalType, nonNegativeValue, nonNegativeValue2, slingHttpServletRequest.getContextPath());
        } catch (RepositoryException e) {
            log.warn("Exception occurred while fetching AccessControlManager: ", e);
            slingHttpServletResponse.setStatus(500);
        } catch (AccessDeniedException e2) {
            slingHttpServletResponse.setStatus(401);
        }
    }

    protected JackrabbitSession getSession(SlingHttpServletRequest slingHttpServletRequest) {
        return (Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class);
    }

    private static JsonGenerator newJsonGenerator(SlingHttpServletResponse slingHttpServletResponse) throws IOException {
        return Json.createGeneratorFactory(Collections.singletonMap("javax.json.stream.JsonGenerator.prettyPrinting", "false")).createGenerator(slingHttpServletResponse.getWriter());
    }

    protected UserPropertiesManager newUserPropertiesManager(JackrabbitSession jackrabbitSession, ResourceResolver resourceResolver) throws RepositoryException {
        return this.upService.createUserPropertiesManager(jackrabbitSession, resourceResolver);
    }

    private static void doGet(PrincipalManager principalManager, UserManager userManager, Function<Authorizable, Optional<UserProperties>> function, XSSFilter xSSFilter, JsonGenerator jsonGenerator, String str, int i, long j, long j2, String str2) throws RepositoryException {
        writeJson(find(principalManager, str, i, j, j2).map(augment(userManager, function)), jsonGenerator, xSSFilter, str2);
    }

    private static Stream<Principal> find(PrincipalManager principalManager, String str, int i, long j, long j2) {
        PrincipalIterator findPrincipals = principalManager.findPrincipals(str, i);
        ArrayList arrayList = new ArrayList();
        while (findPrincipals.hasNext()) {
            arrayList.add(findPrincipals.nextPrincipal());
        }
        Collections.sort(arrayList, new Comparator<Principal>() { // from class: com.adobe.granite.security.permissions.internal.servlets.PrincipalsServlet.1
            @Override // java.util.Comparator
            public int compare(Principal principal, Principal principal2) {
                return principal.getName().compareTo(principal2.getName());
            }
        });
        Stream<Principal> skip = arrayList.stream().skip(j);
        if (j2 > 0) {
            skip = skip.limit(j2);
        }
        return skip;
    }

    private static Function<Principal, PrincipalDto> augment(final UserManager userManager, final Function<Authorizable, Optional<UserProperties>> function) {
        return new Function<Principal, PrincipalDto>() { // from class: com.adobe.granite.security.permissions.internal.servlets.PrincipalsServlet.2
            @Override // java.util.function.Function
            public PrincipalDto apply(Principal principal) {
                PrincipalDto principalDto = new PrincipalDto(principal);
                principalDto.authorizable = PrincipalsServlet.getAuthorizable(userManager, principal);
                principalDto.profile = principalDto.authorizable.flatMap(function);
                principalDto.photo = principalDto.profile.flatMap(PrincipalsServlet.newImageProvider());
                return principalDto;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Optional<Authorizable> getAuthorizable(UserManager userManager, Principal principal) {
        try {
            return Optional.ofNullable(userManager.getAuthorizable(principal));
        } catch (RepositoryException e) {
            log.error(e.getMessage(), e);
            return Optional.empty();
        }
    }

    Function<Authorizable, Optional<UserProperties>> newProfileProvider(final UserPropertiesManager userPropertiesManager) {
        return new Function<Authorizable, Optional<UserProperties>>() { // from class: com.adobe.granite.security.permissions.internal.servlets.PrincipalsServlet.3
            @Override // java.util.function.Function
            public Optional<UserProperties> apply(Authorizable authorizable) {
                try {
                    return Optional.ofNullable(AuthorizableUtil.getProfile(userPropertiesManager, authorizable.getID()));
                } catch (RepositoryException e) {
                    PrincipalsServlet.log.error(e.getMessage(), e);
                    return Optional.empty();
                }
            }
        };
    }

    static Function<UserProperties, Optional<Photo>> newImageProvider() {
        return new Function<UserProperties, Optional<Photo>>() { // from class: com.adobe.granite.security.permissions.internal.servlets.PrincipalsServlet.4
            @Override // java.util.function.Function
            public Optional<Photo> apply(UserProperties userProperties) {
                try {
                    Node node = userProperties.getNode();
                    if (node != null && node.hasNode(PrincipalsServlet.PRIMARY_IMAGE_RELPATH)) {
                        return Optional.of(new Photo(node.getPath() + "/" + PrincipalsServlet.PRIMARY_IMAGE_RELPATH));
                    }
                } catch (RepositoryException e) {
                    PrincipalsServlet.log.error(e.getMessage(), e);
                }
                return Optional.empty();
            }
        };
    }

    static String getProfileName(Optional<UserProperties> optional, String str) {
        if (optional.isPresent()) {
            try {
                return optional.get().getDisplayName();
            } catch (RepositoryException e) {
                log.error(e.getMessage(), e);
            }
        }
        return str;
    }

    private static void writeJson(Stream<PrincipalDto> stream, JsonGenerator jsonGenerator, XSSFilter xSSFilter, String str) {
        JsonGenerator writeStartArray = jsonGenerator.writeStartObject().writeStartArray("principals");
        stream.forEach(principalDto -> {
            principalDto.asJson(writeStartArray, xSSFilter, str);
        });
        writeStartArray.writeEnd().writeEnd();
        jsonGenerator.flush();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static long getMembersTotal(Group group) {
        try {
            RangeIterator members = group.getMembers();
            String id = group.getID();
            long j = 0;
            if (members instanceof RangeIterator) {
                j = members.getSize();
            } else {
                log.debug("fallback to iteration for count for {}", id);
                while (members.hasNext()) {
                    members.next();
                    j++;
                }
            }
            return j;
        } catch (RepositoryException e) {
            log.error(e.getMessage(), e);
            return -1L;
        }
    }

    static int toPrincipalType(String str) {
        if ("group".equals(str)) {
            return 2;
        }
        return "user".equals(str) ? 1 : 3;
    }
}
