package com.adobe.granite.security.user.ui.internal.servlets;

import com.adobe.granite.security.user.UserProperties;
import com.adobe.granite.security.user.UserPropertiesManager;
import com.adobe.granite.security.user.UserPropertiesService;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import org.apache.commons.lang3.StringUtils;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.ModifiableValueMap;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ValueMap;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.apache.sling.commons.json.io.JSONWriter;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {Servlet.class}, property = {"sling.servlet.resourceTypes=rep:User", "sling.servlet.methods=GET", "sling.servlet.methods=POST", "sling.servlet.selectors=profile", "sling.servlet.extensions=json"})
/* loaded from: input_file:com/adobe/granite/security/user/ui/internal/servlets/UserProfileManagementServlet.class */
public class UserProfileManagementServlet extends SlingAllMethodsServlet {
    private static final Logger log = LoggerFactory.getLogger(UserProfileManagementServlet.class);
    private static final String PARAM_PROFILE_NAME = "profileName";
    private static final String PARAM_SOURCE_PROFILE = "sourceProfile";
    private static final String PARAM_EDIT_PROFILE = "editProfile";
    private static final String PARAM_PROPERTIES = "properties";
    private static final String PARAM_SUFFIX_VISIBLE = "-visible";
    private static final String PARAM_SHARE_WITH = "shareWithGroups";

    @Reference
    protected UserPropertiesService upService;

    protected void doPost(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        Resource resource = slingHttpServletRequest.getResource();
        try {
            AccessControlManager accessControlManager = ((Session) resourceResolver.adaptTo(Session.class)).getAccessControlManager();
            String parameter = slingHttpServletRequest.getParameter(PARAM_PROFILE_NAME);
            String parameter2 = slingHttpServletRequest.getParameter(PARAM_EDIT_PROFILE);
            String parameter3 = slingHttpServletRequest.getParameter(PARAM_SOURCE_PROFILE);
            String[] parameterValues = slingHttpServletRequest.getParameterValues(PARAM_PROPERTIES);
            String[] parameterValues2 = slingHttpServletRequest.getParameterValues(PARAM_SHARE_WITH);
            UserManager userManager = (UserManager) resourceResolver.adaptTo(UserManager.class);
            Authorizable authorizableByPath = userManager.getAuthorizableByPath(resource.getPath());
            UserPropertiesManager createUserPropertiesManager = this.upService.createUserPropertiesManager(resourceResolver);
            UserProperties createUserProperties = StringUtils.isEmpty(parameter2) ? createUserPropertiesManager.createUserProperties(authorizableByPath.getID(), "profiles/" + parameter) : createUserPropertiesManager.getUserProperties(authorizableByPath.getID(), parameter2);
            ValueMap valueMap = (ValueMap) resourceResolver.getResource(createUserPropertiesManager.getUserProperties(authorizableByPath.getID(), parameter3).getNode().getPath()).adaptTo(ValueMap.class);
            String path = createUserProperties.getNode().getPath();
            ModifiableValueMap modifiableValueMap = (ModifiableValueMap) resourceResolver.getResource(path).adaptTo(ModifiableValueMap.class);
            ArrayList arrayList = new ArrayList();
            if (parameterValues != null) {
                for (String str : parameterValues) {
                    modifiableValueMap.put(str, valueMap.get(str, ""));
                    if ("true".equals(slingHttpServletRequest.getParameter(str + PARAM_SUFFIX_VISIBLE))) {
                        arrayList.add(str);
                    }
                }
            }
            modifiableValueMap.put(PARAM_SOURCE_PROFILE, parameter3);
            if (StringUtils.isNotEmpty(parameter)) {
                modifiableValueMap.put("jcr:title", parameter);
            }
            modifiableValueMap.put("visibleProperties", arrayList.toArray());
            if (parameterValues2 != null) {
                removeLocalPolicies(accessControlManager, path);
                for (String str2 : parameterValues2) {
                    allowReadPermission(path, userManager.getAuthorizableByPath(str2).getPrincipal(), accessControlManager);
                }
            }
            if (resourceResolver.hasChanges()) {
                resourceResolver.commit();
            }
        } catch (Exception e) {
            log.error("Error processing user profile!", e);
            slingHttpServletResponse.sendError(500);
        }
    }

    protected void doGet(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        Authorizable authorizable;
        slingHttpServletResponse.setCharacterEncoding("UTF-8");
        slingHttpServletResponse.setContentType("application/json");
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        Resource resource = slingHttpServletRequest.getResource();
        try {
            String parameter = slingHttpServletRequest.getParameter(PARAM_SOURCE_PROFILE);
            UserManager userManager = (UserManager) resourceResolver.adaptTo(UserManager.class);
            Authorizable authorizableByPath = userManager.getAuthorizableByPath(resource.getPath());
            UserPropertiesManager createUserPropertiesManager = this.upService.createUserPropertiesManager(resourceResolver);
            Resource resource2 = resourceResolver.getResource(createUserPropertiesManager.getUserProperties(authorizableByPath.getID(), parameter).getNode().getPath());
            ValueMap valueMap = (ValueMap) resource2.adaptTo(ValueMap.class);
            AccessControlManager accessControlManager = ((Session) resourceResolver.adaptTo(Session.class)).getAccessControlManager();
            JSONWriter jSONWriter = new JSONWriter(slingHttpServletResponse.getWriter());
            jSONWriter.object();
            jSONWriter.key("name");
            jSONWriter.value(valueMap.get("jcr:title", resource2.getName()));
            jSONWriter.key(PARAM_SHARE_WITH);
            jSONWriter.array();
            for (AccessControlList accessControlList : accessControlManager.getPolicies(resource2.getPath())) {
                if (accessControlList instanceof AccessControlList) {
                    for (AccessControlEntry accessControlEntry : accessControlList.getAccessControlEntries()) {
                        if ((accessControlEntry instanceof JackrabbitAccessControlEntry) && (authorizable = userManager.getAuthorizable(accessControlEntry.getPrincipal())) != null) {
                            UserProperties userProperties = createUserPropertiesManager.getUserProperties(authorizable.getID(), "profile");
                            jSONWriter.object();
                            jSONWriter.key("name");
                            jSONWriter.value(userProperties != null ? userProperties.getDisplayName() : authorizable.getPrincipal().getName());
                            jSONWriter.key("path");
                            jSONWriter.value(authorizable.getPath());
                            jSONWriter.endObject();
                        }
                    }
                }
            }
            jSONWriter.endArray();
            jSONWriter.endObject();
        } catch (Exception e) {
            log.error("Error returning user profile properties!", e);
            slingHttpServletResponse.sendError(500);
        }
    }

    private static void removeLocalPolicies(AccessControlManager accessControlManager, String str) throws RepositoryException {
        for (AccessControlList accessControlList : accessControlManager.getPolicies(str)) {
            if (accessControlList instanceof AccessControlList) {
                boolean z = false;
                AccessControlList accessControlList2 = accessControlList;
                for (AccessControlEntry accessControlEntry : accessControlList.getAccessControlEntries()) {
                    accessControlList2.removeAccessControlEntry(accessControlEntry);
                    z = true;
                }
                if (z) {
                    accessControlManager.setPolicy(str, accessControlList2);
                }
            }
        }
    }

    private static void allowReadPermission(String str, Principal principal, AccessControlManager accessControlManager) throws RepositoryException {
        JackrabbitAccessControlList modifiableAcl = getModifiableAcl(accessControlManager, str);
        modifiableAcl.addEntry(principal, new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}read")}, true);
        accessControlManager.setPolicy(str, modifiableAcl);
    }

    private static JackrabbitAccessControlList getModifiableAcl(AccessControlManager accessControlManager, String str) throws RepositoryException {
        for (JackrabbitAccessControlList jackrabbitAccessControlList : accessControlManager.getPolicies(str)) {
            if (jackrabbitAccessControlList instanceof JackrabbitAccessControlList) {
                return jackrabbitAccessControlList;
            }
        }
        AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(str);
        while (applicablePolicies.hasNext()) {
            JackrabbitAccessControlList nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
            if (nextAccessControlPolicy instanceof JackrabbitAccessControlList) {
                return nextAccessControlPolicy;
            }
        }
        throw new AccessControlException("No modifiable ACL at " + str);
    }
}
