package com.adobe.granite.security.user.internal.servlets;

import com.adobe.granite.security.user.UserProperties;
import com.adobe.granite.security.user.UserPropertiesComposite;
import com.adobe.granite.security.user.UserPropertiesManager;
import com.adobe.granite.security.user.UserPropertiesService;
import com.adobe.granite.security.user.util.PropConstants;
import com.adobe.granite.xss.JSONUtil;
import com.adobe.granite.xss.XSSFilter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.ItemNotFoundException;
import javax.jcr.Node;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import javax.servlet.ServletException;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.request.RequestParameter;
import org.apache.sling.api.request.RequestParameterMap;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.servlets.HtmlResponse;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.io.JSONWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(metatype = false)
@Properties({@Property(name = "sling.servlet.paths", value = {"rep/User/userproperties.json.GET.servlet", "rep/Group/userproperties.json.GET.servlet", "rep/SystemUser/userproperties.json.GET.servlet", "cq/Preferences/userproperties.json.GET.servlet", "cq/security/components/profile/userproperties.json.GET.servlet", "granite/security/search/profile/userproperties.json.GET.servlet", "rep/User/userproperties.html.POST.servlet", "rep/Group/userproperties.html.POST.servlet", "rep/SystemUser/userproperties.html.POST.servlet", "cq/Preferences/userproperties.html.POST.servlet", "cq/security/components/profile/userproperties.html.POST.servlet"})})
/* loaded from: input_file:com/adobe/granite/security/user/internal/servlets/UserPropertiesServlet.class */
public class UserPropertiesServlet extends AbstractServlet {
    private static final String PARAM_REORDER_PROFILES = "reorderProfiles";
    private static final int ACTION_EDIT = 1;
    private static final int ACTION_REORDER_PROFILES = 2;
    private static final String PARAM_AUTHID = "authId";

    @Reference
    private UserPropertiesService service;

    @Reference
    private XSSFilter xss;
    private static final Logger log = LoggerFactory.getLogger(UserPropertiesServlet.class);
    private static final Set<String> RESERVED = Collections.singleton("path");

    protected void doGet(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        HtmlResponse htmlResponse = null;
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        Resource resource = slingHttpServletRequest.getResource();
        try {
            try {
                try {
                    if (this.service != null) {
                        Authorizable authorizable = (Authorizable) resource.adaptTo(Authorizable.class);
                        if (authorizable == null) {
                            String parameter = slingHttpServletRequest.getParameter(PARAM_AUTHID);
                            if (parameter != null) {
                                userPropertiesCompositeToJson(slingHttpServletRequest.getRequestURI() + "?" + slingHttpServletRequest.getQueryString(), parameter, slingHttpServletResponse, resource, authorizable, this.service.createUserPropertiesManager(((Node) resource.adaptTo(Node.class)).getSession(), resourceResolver).getUserPropertiesComposite(parameter, slingHttpServletRequest.getParameter("path")));
                            } else {
                                UserProperties userProperties = (UserProperties) resource.adaptTo(UserProperties.class);
                                if (userProperties != null) {
                                    authorizable = ((UserManager) resourceResolver.adaptTo(UserManager.class)).getAuthorizable(userProperties.getAuthorizableID());
                                }
                                userPropertiesToJson(slingHttpServletRequest, slingHttpServletResponse, resource, authorizable, userProperties);
                            }
                        } else {
                            UserPropertiesManager createUserPropertiesManager = this.service.createUserPropertiesManager(((Node) resource.adaptTo(Node.class)).getSession(), resourceResolver);
                            String parameter2 = slingHttpServletRequest.getParameter("path");
                            if (parameter2 != null) {
                                String[] split = parameter2.split(",");
                                if (split.length < ACTION_REORDER_PROFILES) {
                                    userPropertiesToJson(slingHttpServletRequest, slingHttpServletResponse, resource, authorizable, createUserPropertiesManager.getUserProperties(authorizable, split[0]));
                                } else {
                                    userPropertiesCompositeToJson(slingHttpServletRequest.getRequestURI(), parameter2, slingHttpServletResponse, resource, authorizable, createUserPropertiesManager.getUserPropertiesComposite(authorizable.getID(), split));
                                }
                            }
                        }
                    } else {
                        log.warn("UserPropertiesService not available");
                        htmlResponse = createErrorResponse(503, "UserPropertiesService not available");
                    }
                    if (htmlResponse != null) {
                        htmlResponse.send(slingHttpServletResponse, true);
                    }
                } catch (AccessDeniedException e) {
                    log.debug(e.getMessage());
                    HtmlResponse createErrorResponse = createErrorResponse(401, (Exception) e);
                    if (createErrorResponse != null) {
                        createErrorResponse.send(slingHttpServletResponse, true);
                    }
                }
            } catch (PathNotFoundException | ItemNotFoundException e2) {
                log.debug(e2.getMessage());
                HtmlResponse createErrorResponse2 = createErrorResponse(404, (Exception) e2);
                if (createErrorResponse2 != null) {
                    createErrorResponse2.send(slingHttpServletResponse, true);
                }
            } catch (Exception e3) {
                log.debug(e3.getMessage());
                HtmlResponse createErrorResponse3 = createErrorResponse(500, e3);
                if (createErrorResponse3 != null) {
                    createErrorResponse3.send(slingHttpServletResponse, true);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                htmlResponse.send(slingHttpServletResponse, true);
            }
            throw th;
        }
    }

    private void userPropertiesToJson(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, Resource resource, Authorizable authorizable, UserProperties userProperties) throws IOException, JSONException, RepositoryException {
        setJsonResponseHeader(slingHttpServletResponse);
        JSONWriter jSONWriter = new JSONWriter(slingHttpServletResponse.getWriter());
        jSONWriter.object();
        if (userProperties != null) {
            jSONWriter.key("path").value(userProperties.getNode().getPath());
            writeUser(userProperties.getAuthorizableID(), authorizable, jSONWriter);
            String[] propertyNames = userProperties.getPropertyNames();
            int length = propertyNames.length;
            for (int i = 0; i < length; i += ACTION_EDIT) {
                String str = propertyNames[i];
                String[] strArr = (String[]) userProperties.getProperty(str, null, String[].class);
                switch (strArr.length) {
                    case 0:
                        jSONWriter.key(str).value("");
                        break;
                    case ACTION_EDIT /* 1 */:
                        JSONUtil.writeWithProtected(jSONWriter, str, strArr[0], this.xss);
                        break;
                    default:
                        JSONUtil.writeWithProtected(jSONWriter, str, strArr, this.xss);
                        break;
                }
            }
        } else {
            log.debug("Cannot access user properties at {0} ('path' parameter: {1})", resource.getPath(), slingHttpServletRequest.getParameter("path"));
        }
        jSONWriter.endObject();
    }

    private void userPropertiesCompositeToJson(String str, String str2, SlingHttpServletResponse slingHttpServletResponse, Resource resource, Authorizable authorizable, UserPropertiesComposite userPropertiesComposite) throws IOException, JSONException, RepositoryException {
        setJsonResponseHeader(slingHttpServletResponse);
        JSONWriter jSONWriter = new JSONWriter(slingHttpServletResponse.getWriter());
        jSONWriter.object();
        if (userPropertiesComposite != null) {
            jSONWriter.key("path").value(str);
            jSONWriter.key("composite").array();
            Iterator<String> it = userPropertiesComposite.getUserPropertiesPaths().iterator();
            while (it.hasNext()) {
                jSONWriter.value(it.next());
            }
            jSONWriter.endArray();
            writeUser(userPropertiesComposite.getAuthorizableId(), authorizable, jSONWriter);
            for (String str3 : userPropertiesComposite.getPropertyNames()) {
                String[] strArr = (String[]) userPropertiesComposite.getProperty(str3, null, String[].class);
                switch (strArr.length) {
                    case 0:
                        jSONWriter.key(str3).value("");
                        break;
                    case ACTION_EDIT /* 1 */:
                        JSONUtil.writeWithProtected(jSONWriter, str3, strArr[0], this.xss);
                        break;
                    default:
                        JSONUtil.writeWithProtected(jSONWriter, str3, strArr, this.xss);
                        break;
                }
            }
        } else {
            log.debug("Cannot access user properties at {0} (parameter: {1})", resource.getPath(), str2);
        }
        jSONWriter.endObject();
    }

    protected void doPost(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        if (getAction(slingHttpServletRequest.getRequestParameterMap()) == ACTION_REORDER_PROFILES) {
            reorderProfiles(slingHttpServletRequest, slingHttpServletResponse);
        } else {
            update(slingHttpServletRequest, slingHttpServletResponse);
        }
    }

    protected void update(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws IOException {
        UserProperties userProperties;
        HtmlResponse htmlResponse = null;
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        Resource resource = slingHttpServletRequest.getResource();
        Session session = null;
        try {
            try {
                if (this.service != null) {
                    session = ((Node) resource.adaptTo(Node.class)).getSession();
                    UserPropertiesManager createUserPropertiesManager = this.service.createUserPropertiesManager(session, resourceResolver);
                    String parameter = slingHttpServletRequest.getParameter("path");
                    Authorizable authorizable = (Authorizable) resource.adaptTo(Authorizable.class);
                    if (authorizable == null) {
                        userProperties = (UserProperties) resource.adaptTo(UserProperties.class);
                        if (userProperties != null) {
                            authorizable = ((UserManager) resourceResolver.adaptTo(UserManager.class)).getAuthorizable(userProperties.getAuthorizableID());
                        }
                    } else {
                        userProperties = createUserPropertiesManager.getUserProperties(authorizable, parameter);
                    }
                    if (userProperties == null && parameter != null && authorizable != null) {
                        String id = authorizable.getID();
                        log.debug("Create new user properties for authorizable {0} and path {1}", id, parameter);
                        userProperties = createUserPropertiesManager.createUserProperties(id, parameter);
                    }
                    if (userProperties != null) {
                        Node node = userProperties.getNode();
                        RequestParameterMap requestParameterMap = slingHttpServletRequest.getRequestParameterMap();
                        ValueFactory valueFactory = session.getValueFactory();
                        for (String str : requestParameterMap.keySet()) {
                            if (!isReservedParameter(str, RESERVED)) {
                                RequestParameter[] values = requestParameterMap.getValues(str);
                                Value[] valueArr = new Value[values.length];
                                for (int i = 0; i < values.length; i += ACTION_EDIT) {
                                    if (values[i].isFormField()) {
                                        valueArr[i] = valueFactory.createValue(values[i].getString());
                                    } else {
                                        valueArr[i] = valueFactory.createValue(values[i].getInputStream());
                                    }
                                }
                                switch (valueArr.length) {
                                    case 0:
                                        if (node.hasProperty(str)) {
                                            node.getProperty(str).remove();
                                            break;
                                        } else {
                                            log.debug("Ignoring non existing property {0} with empty value.", str);
                                            break;
                                        }
                                    case ACTION_EDIT /* 1 */:
                                        node.setProperty(str, valueArr[0]);
                                        break;
                                    default:
                                        node.setProperty(str, valueArr);
                                        break;
                                }
                            }
                        }
                        if (session.hasPendingChanges()) {
                            session.save();
                        }
                    } else {
                        log.warn("Incomplete request to create or update user properties.");
                        htmlResponse = createErrorResponse(400, "Incomplete request to create or update user properties.");
                    }
                } else {
                    log.warn("UserPropertiesService not available");
                    htmlResponse = createErrorResponse(503, "UserPropertiesService not available");
                }
                revertSessionIfErrorOccurred(slingHttpServletResponse, htmlResponse, session);
            } catch (AccessDeniedException e) {
                log.debug(e.getMessage());
                revertSessionIfErrorOccurred(slingHttpServletResponse, createErrorResponse(401, (Exception) e), null);
            } catch (PathNotFoundException e2) {
                log.debug(e2.getMessage());
                revertSessionIfErrorOccurred(slingHttpServletResponse, createErrorResponse(404, (Exception) e2), null);
            } catch (Exception e3) {
                log.debug(e3.getMessage());
                revertSessionIfErrorOccurred(slingHttpServletResponse, createErrorResponse(500, e3), null);
            }
        } catch (Throwable th) {
            revertSessionIfErrorOccurred(slingHttpServletResponse, null, null);
            throw th;
        }
    }

    protected void reorderProfiles(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws IOException {
        try {
            try {
                ArrayList arrayList = new ArrayList();
                RequestParameter[] values = slingHttpServletRequest.getRequestParameterMap().getValues("profiles-order");
                int length = values.length;
                for (int i = 0; i < length; i += ACTION_EDIT) {
                    arrayList.add(values[i].getString());
                }
                UserPropertiesManager userPropertiesManager = (UserPropertiesManager) slingHttpServletRequest.getResourceResolver().adaptTo(UserPropertiesManager.class);
                String authorizableId = this.service.getAuthorizableId(slingHttpServletRequest.getRequestPathInfo().getResourcePath());
                if (authorizableId == null) {
                    revertSessionIfErrorOccurred(slingHttpServletResponse, createErrorResponse(404, "Cannot identify the authorizable whose profiles to reorder."), null);
                    return;
                }
                Collection<UserProperties> userProperties = userPropertiesManager.getUserPropertiesComposite(authorizableId, (String) null).getUserProperties();
                ArrayList arrayList2 = new ArrayList();
                Iterator<UserProperties> it = userProperties.iterator();
                while (it.hasNext()) {
                    arrayList2.add(it.next().getNode().getName());
                }
                if (arrayList.size() != arrayList2.size() || !arrayList.containsAll(arrayList2)) {
                    revertSessionIfErrorOccurred(slingHttpServletResponse, createErrorResponse(400, "Cannot reorder profiles that changed"), null);
                    return;
                }
                if (arrayList.size() == 0) {
                    return;
                }
                Node parent = userProperties.iterator().next().getNode().getParent();
                Session session = parent.getSession();
                boolean z = false;
                String str = null;
                for (int size = arrayList.size() - ACTION_EDIT; size >= 0; size--) {
                    String str2 = (String) arrayList.get(size);
                    if (z || !str2.equals(arrayList2.get(size))) {
                        parent.orderBefore(str2, str);
                        str = str2;
                        z = ACTION_EDIT;
                    } else {
                        str = str2;
                    }
                }
                if (session.hasPendingChanges()) {
                    session.save();
                }
                revertSessionIfErrorOccurred(slingHttpServletResponse, null, session);
            } catch (RepositoryException e) {
                log.debug(e.getMessage());
                revertSessionIfErrorOccurred(slingHttpServletResponse, createErrorResponse(404, (Exception) e), null);
            }
        } finally {
            revertSessionIfErrorOccurred(slingHttpServletResponse, null, null);
        }
    }

    private void revertSessionIfErrorOccurred(SlingHttpServletResponse slingHttpServletResponse, HtmlResponse htmlResponse, Session session) throws IOException {
        if (htmlResponse != null) {
            if (session != null) {
                try {
                    session.refresh(false);
                } catch (RepositoryException e) {
                    log.warn("Cannot revert transient modifications.", e.getMessage());
                }
            }
            htmlResponse.send(slingHttpServletResponse, true);
        }
    }

    private static void writeUser(String str, Authorizable authorizable, JSONWriter jSONWriter) throws JSONException, RepositoryException {
        jSONWriter.key(PropConstants.TYPE_USER);
        jSONWriter.object();
        if (authorizable != null) {
            jSONWriter.key(PropConstants.AUTHORIZABLE_ID).value(authorizable.getID());
            jSONWriter.key(PropConstants.HOME).value(authorizable.getPath());
        } else {
            jSONWriter.key(PropConstants.AUTHORIZABLE_ID).value(str);
        }
        jSONWriter.endObject();
    }

    private static int getAction(RequestParameterMap requestParameterMap) {
        return requestParameterMap.containsKey(PARAM_REORDER_PROFILES) ? ACTION_REORDER_PROFILES : ACTION_EDIT;
    }

    protected void bindService(UserPropertiesService userPropertiesService) {
        this.service = userPropertiesService;
    }

    protected void unbindService(UserPropertiesService userPropertiesService) {
        if (this.service == userPropertiesService) {
            this.service = null;
        }
    }

    protected void bindXss(XSSFilter xSSFilter) {
        this.xss = xSSFilter;
    }

    protected void unbindXss(XSSFilter xSSFilter) {
        if (this.xss == xSSFilter) {
            this.xss = null;
        }
    }
}
