package com.day.cq.dam.core.impl.assetlinkshare;

import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.security.user.UserPropertiesComposite;
import com.adobe.granite.security.user.UserPropertiesManager;
import com.adobe.granite.security.user.UserPropertiesService;
import com.adobe.granite.security.user.util.AuthorizableUtil;
import com.adobe.granite.toggle.api.ToggleRouter;
import com.adobe.granite.xss.XSSAPI;
import com.day.cq.commons.Externalizer;
import com.day.cq.commons.jcr.JcrUtil;
import com.day.cq.dam.asset.api.AdhocAssetShare;
import com.day.cq.dam.asset.api.AdhocAssetShareDefinition;
import com.day.cq.dam.asset.api.AdhocAssetShareEmail;
import com.day.cq.dam.asset.api.AdhocAssetShareException;
import com.day.cq.dam.asset.api.AdhocAssetShareService;
import com.day.cq.mailer.MailingException;
import com.day.cq.mailer.MessageGatewayService;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Calendar;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.commons.mail.HtmlEmail;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.felix.scr.annotations.ReferencePolicyOption;
import org.apache.felix.scr.annotations.Service;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.PersistenceException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.caconfig.resource.ConfigurationResourceResolver;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service({AdhocAssetShareService.class})
@Component(immediate = true)
/* loaded from: input_file:com/day/cq/dam/core/impl/assetlinkshare/AdhocAssetShareServiceImpl.class */
public class AdhocAssetShareServiceImpl implements AdhocAssetShareService {
    public static final String PARAMETER_NAME = "sh";
    private static final Logger log = LoggerFactory.getLogger(AdhocAssetShareServiceImpl.class);
    private static final String SHARED_TOKEN_STORAGE_PATH = "/var/dam/share/";
    private static final String FROM_CONFIG_PROP = "from.address";
    private static final String DEFAULT_SHARE_JOB_NAME = "Link share";
    private static final String FT_ALLOW_RENDITIONS = "FT_CQ-4319692";
    private static final String SHARE_PAGE_VANITY = "/linkshare.html";
    protected static final String CHECK_MODIFY_ACL_PROP = "checkModifyAcl";

    @Reference
    private ConfigurationAdmin configurationAdmin;

    @Reference
    private AdhocAssetShareTokenService tokenService;

    @Reference
    private ResourceResolverFactory resolverFactory;

    @Reference
    private UserPropertiesService userPropertiesService;

    @Reference(policyOption = ReferencePolicyOption.GREEDY)
    private ToggleRouter toggleRouter;

    @Reference(policy = ReferencePolicy.STATIC)
    private MessageGatewayService messageGatewayService;

    @Reference(policyOption = ReferencePolicyOption.GREEDY)
    private Externalizer externalizer;

    @Reference
    private XSSAPI xssAPI;

    @Reference
    private ConfigurationResourceResolver configResolver;
    private String fromAddress;
    private boolean prependTenantId;
    private final AdhocAssetShareHelper shareHelper;

    public AdhocAssetShareServiceImpl() {
        this.prependTenantId = false;
        this.shareHelper = new AdhocAssetShareHelper();
    }

    AdhocAssetShareServiceImpl(ConfigurationAdmin configurationAdmin, AdhocAssetShareTokenService adhocAssetShareTokenService, ResourceResolverFactory resourceResolverFactory, UserPropertiesService userPropertiesService, ToggleRouter toggleRouter, MessageGatewayService messageGatewayService, Externalizer externalizer, XSSAPI xssapi, ConfigurationResourceResolver configurationResourceResolver, AdhocAssetShareHelper adhocAssetShareHelper, String str) {
        this.prependTenantId = false;
        this.configurationAdmin = configurationAdmin;
        this.tokenService = adhocAssetShareTokenService;
        this.resolverFactory = resourceResolverFactory;
        this.userPropertiesService = userPropertiesService;
        this.toggleRouter = toggleRouter;
        this.messageGatewayService = messageGatewayService;
        this.externalizer = externalizer;
        this.xssAPI = xssapi;
        this.configResolver = configurationResourceResolver;
        this.shareHelper = adhocAssetShareHelper;
        this.fromAddress = str;
    }

    @Activate
    protected void activate(ComponentContext componentContext) throws LoginException {
        try {
            Configuration[] listConfigurations = this.configurationAdmin.listConfigurations("(service.pid=com.day.cq.mailer.DefaultMailService)");
            if (listConfigurations != null && listConfigurations[0] != null && listConfigurations[0].getProperties() != null) {
                Object obj = listConfigurations[0].getProcessedProperties(componentContext.getServiceReference()).get(FROM_CONFIG_PROP);
                this.fromAddress = obj != null ? (String) obj : null;
            }
        } catch (IOException e) {
            log.info("error in reading from email address from mailer service", e);
        } catch (InvalidSyntaxException e2) {
            log.error("Static Filter for Service PID of com.day.cq.mailer.DefaultMailService failed to parse");
        }
        this.prependTenantId = PropertiesUtil.toBoolean(componentContext.getProperties().get("cq.dam.adhoc.asset.share.prepend.tenantid"), this.prependTenantId);
    }

    public AdhocAssetShare createAdhocAssetShare(ResourceResolver resourceResolver, AdhocAssetShareDefinition adhocAssetShareDefinition) throws AdhocAssetShareException {
        return updateAdhocAssetShare(resourceResolver, null, adhocAssetShareDefinition);
    }

    public AdhocAssetShare updateAdhocAssetShare(ResourceResolver resourceResolver, String str, AdhocAssetShareDefinition adhocAssetShareDefinition) throws AdhocAssetShareException {
        ResourceResolver resourceResolver2 = null;
        Session session = null;
        try {
            if (StringUtils.isBlank(str)) {
                str = this.tokenService.getSignedToken(this.tokenService.createToken());
            }
            String extractToken = this.tokenService.extractToken(str);
            try {
                try {
                    try {
                        try {
                            Pair<ResourceResolver, Session> serviceResolver = this.shareHelper.getServiceResolver(this.resolverFactory);
                            ResourceResolver resourceResolver3 = (ResourceResolver) serviceResolver.getLeft();
                            Session session2 = (Session) serviceResolver.getRight();
                            Session session3 = (Session) resourceResolver.adaptTo(Session.class);
                            Authorizable authorizable = (Authorizable) resourceResolver.adaptTo(Authorizable.class);
                            String id = authorizable.getID();
                            String formattedName = getFormattedName(resourceResolver, id);
                            Node node = null;
                            String str2 = SHARED_TOKEN_STORAGE_PATH + extractToken;
                            if (session2.nodeExists(str2)) {
                                log.info("Node for adhoc asset share already exists at {}", str2);
                                Node node2 = session2.getNode(str2);
                                if (!node2.hasProperty("jcr:createdBy") || !resourceResolver.getUserID().equals(node2.getProperty("jcr:createdBy").getString())) {
                                    log.error("Existing adhoc asset share node was created by a different user");
                                    throw new AdhocAssetShareException("Not enough permission to share asset(s).", AdhocAssetShareException.ReasonCode.ACCESS_DENIED);
                                }
                                log.info("Existing adhoc asset share node was created by current user");
                                node = node2;
                            }
                            String[] sharePaths = adhocAssetShareDefinition.getSharePaths();
                            if (sharePaths.length == 0) {
                                log.error("No paths to share provided in definition");
                                throw new AdhocAssetShareException("No paths to share provided in definition", AdhocAssetShareException.ReasonCode.INVALID_DEFINITION);
                            }
                            for (String str3 : sharePaths) {
                                if (!this.shareHelper.canShareAsset(session3.getAccessControlManager(), str3, adhocAssetShareDefinition.shouldCheckModifyAclPrivilege())) {
                                    log.error("Not enough permission to share path {}", str3);
                                    throw new AdhocAssetShareException("No paths to share provided in definition", AdhocAssetShareException.ReasonCode.ACCESS_DENIED);
                                }
                            }
                            String str4 = (String) adhocAssetShareDefinition.getShareName().orElse(DEFAULT_SHARE_JOB_NAME);
                            String emailSubject = this.shareHelper.getEmailSubject(adhocAssetShareDefinition);
                            if (emailSubject == null) {
                                emailSubject = str4;
                            }
                            String messageHeader = this.shareHelper.getMessageHeader(adhocAssetShareDefinition);
                            String message = this.shareHelper.getMessage(adhocAssetShareDefinition);
                            Boolean valueOf = Boolean.valueOf(adhocAssetShareDefinition.allowDownloadOriginal());
                            Boolean valueOf2 = Boolean.valueOf(adhocAssetShareDefinition.allowDownloadRenditions());
                            UserPropertiesManager createUserPropertiesManager = this.userPropertiesService.createUserPropertiesManager(session3, resourceResolver);
                            Node node3 = session2.getNode(SHARED_TOKEN_STORAGE_PATH);
                            if (null == node) {
                                log.info("Adhoc asset share node at {} does not exist - creating.", str2);
                                node = createNode(node3, extractToken, session2);
                                this.shareHelper.setACL(node.getPath(), session2, session3, true, new String[]{"{http://www.jcp.org/jcr/1.0}read"}, authorizable.getID());
                            }
                            node.setProperty("path", sharePaths);
                            node.setProperty(AdhocAssetShareConstants.TOKEN_PROPERTY_EXPIRATION_DATE, adhocAssetShareDefinition.getExpirationDate());
                            node.setProperty("shareJobMessage", message);
                            node.setProperty("shareJobName", str4);
                            node.setProperty(CHECK_MODIFY_ACL_PROP, adhocAssetShareDefinition.shouldCheckModifyAclPrivilege());
                            String[] emailAddresses = this.shareHelper.getEmailAddresses(session3, adhocAssetShareDefinition, createUserPropertiesManager);
                            if (emailAddresses.length > 0) {
                                log.info("Share definition has {} email addresses associated with it.", Integer.valueOf(emailAddresses.length));
                                node.setProperty("emails", emailAddresses);
                            }
                            node.setProperty("principals", this.shareHelper.getPrincipalNames(adhocAssetShareDefinition));
                            node.setProperty(RenditionProps.allowOriginal.name(), valueOf.booleanValue());
                            if (this.toggleRouter.isEnabled(FT_ALLOW_RENDITIONS)) {
                                node.setProperty(RenditionProps.allowRenditions.name(), valueOf2.booleanValue());
                            }
                            node.setProperty("jcr:createdBy", resourceResolver.getUserID());
                            node.setProperty("jcr:created", Calendar.getInstance());
                            String pagePath = getPagePath(str);
                            resourceResolver3.commit();
                            String hostPrefix = this.shareHelper.getHostPrefix(this.externalizer, resourceResolver, this.prependTenantId);
                            URI publicSignedUri = getPublicSignedUri(str, resourceResolver);
                            if (adhocAssetShareDefinition.shouldSendEmail() && adhocAssetShareDefinition.getEmailInformation().isPresent()) {
                                sendEmail(adhocAssetShareDefinition, createUserPropertiesManager, id, resourceResolver3, pagePath, emailSubject, messageHeader, message, emailAddresses, formattedName, hostPrefix);
                            }
                            AdhocAssetShare adhocAssetShare = new AdhocAssetShare(str, publicSignedUri);
                            if (resourceResolver3 != null) {
                                resourceResolver3.close();
                            }
                            if (null != session2) {
                                session2.logout();
                            }
                            return adhocAssetShare;
                        } catch (RepositoryException e) {
                            log.error("Failed to create adhoc asset share because of unhandled repository exception", e);
                            throw this.shareHelper.fromRepositoryException(e, 0);
                        }
                    } catch (PersistenceException e2) {
                        log.error("Failed to create adhoc asset share because of unhandled repository exception", e2);
                        throw new AdhocAssetShareException("Unable to persist share information because of unhandled persistence exception", AdhocAssetShareException.ReasonCode.UNEXPECTED, e2);
                    }
                } catch (MailingException e3) {
                    log.error("Failed to send emails for adhoc asset share because of unhandled mailing exception", e3);
                    throw new AdhocAssetShareException("Asset link created but error occurred in sending email", AdhocAssetShareException.ReasonCode.EMAIL_FAILED, e3);
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    resourceResolver2.close();
                }
                if (0 != 0) {
                    session.logout();
                }
                throw th;
            }
        } catch (Exception e4) {
            log.error("token is invalid. Linkshare request is rejected", e4);
            throw new AdhocAssetShareException("Invalid signed token provided", AdhocAssetShareException.ReasonCode.INVALID_DEFINITION, e4);
        } catch (CryptoException e5) {
            log.error("Unexpected crypto exception when processing signed token", e5);
            throw new AdhocAssetShareException("Invalid signed token provided", AdhocAssetShareException.ReasonCode.UNEXPECTED, e5);
        }
    }

    private static String getPagePath(String str) {
        return "/linkshare.html?sh=" + str;
    }

    private static String extractTokenFromUri(URI uri) {
        return (String) URLEncodedUtils.parse(uri, StandardCharsets.UTF_8).stream().filter(nameValuePair -> {
            return nameValuePair.getName().equals(PARAMETER_NAME);
        }).findFirst().map((v0) -> {
            return v0.getValue();
        }).orElse(null);
    }

    void sendEmail(AdhocAssetShareDefinition adhocAssetShareDefinition, UserPropertiesManager userPropertiesManager, String str, ResourceResolver resourceResolver, String str2, String str3, String str4, String str5, String[] strArr, String str6, String str7) throws AdhocAssetShareException {
        log.info("Adhoc asset share definition has been configured to send email");
        if (null == this.messageGatewayService.getGateway(HtmlEmail.class)) {
            log.error("Email service not available, asset link created but can not send asset share email");
            throw new AdhocAssetShareException("Asset link created but error occurred in sending email", AdhocAssetShareException.ReasonCode.EMAIL_FAILED);
        }
        AdhocAssetShareEmail adhocAssetShareEmail = (AdhocAssetShareEmail) adhocAssetShareDefinition.getEmailInformation().get();
        String str8 = null;
        String str9 = "";
        try {
            UserPropertiesComposite userPropertiesComposite = userPropertiesManager.getUserPropertiesComposite(str, new String[]{"profile/public", "profile"});
            str8 = userPropertiesComposite == null ? "" : userPropertiesComposite.getProperty("email");
            str9 = userPropertiesComposite == null ? "" : userPropertiesComposite.getProperty("displayName");
        } catch (Exception e) {
            log.warn("Error in getting link share initiator's name or email.", e);
        }
        this.shareHelper.sendShareEmail(resourceResolver, this.xssAPI, this.messageGatewayService, this.configResolver, str2, str3, str4, str5, strArr, str8, str9, adhocAssetShareEmail.getFormattedExpirationDate(), str6, this.fromAddress, str7);
    }

    protected Node createNode(Node node, String str, Session session) throws RepositoryException {
        return JcrUtil.createPath(node, str, true, "nt:unstructured", "nt:unstructured", session, false);
    }

    protected String getFormattedName(ResourceResolver resourceResolver, String str) throws RepositoryException {
        return AuthorizableUtil.getFormattedName(resourceResolver, str);
    }

    public void removeAdhocAssetShares(ResourceResolver resourceResolver, String[] strArr) throws AdhocAssetShareException {
        Pair<ResourceResolver, Session> serviceResolver = this.shareHelper.getServiceResolver(this.resolverFactory);
        ResourceResolver resourceResolver2 = (ResourceResolver) serviceResolver.getLeft();
        Session session = (Session) serviceResolver.getRight();
        for (int i = 0; i < strArr.length; i++) {
            try {
                try {
                    if (null == strArr[i] || !session.nodeExists(strArr[i])) {
                        log.error("Error in unsharing item(s). {} could not be processed", strArr[i]);
                        throw new AdhocAssetShareException("Share to remove could not be found", AdhocAssetShareException.ReasonCode.INVALID_DEFINITION);
                    }
                    session.removeItem(strArr[i]);
                } catch (RepositoryException e) {
                    log.error("Repository error while unsharing item(s)", e);
                    throw this.shareHelper.fromRepositoryException(e, 0);
                }
            } catch (Throwable th) {
                if (resourceResolver2 != null) {
                    resourceResolver2.close();
                }
                if (session != null) {
                    session.logout();
                }
                throw th;
            }
        }
        session.save();
        if (resourceResolver2 != null) {
            resourceResolver2.close();
        }
        if (session != null) {
            session.logout();
        }
    }

    String getFromAddress() {
        return this.fromAddress;
    }

    boolean shouldPrependTenantId() {
        return this.prependTenantId;
    }

    public AdhocAssetShare getAssetShareByUri(URI uri, ResourceResolver resourceResolver) {
        return new AdhocAssetShare(extractTokenFromUri(uri), uri);
    }

    public AdhocAssetShare getAssetShareByToken(String str, ResourceResolver resourceResolver) {
        return new AdhocAssetShare(str, getPublicSignedUri(str, resourceResolver));
    }

    private URI getPublicSignedUri(String str, ResourceResolver resourceResolver) {
        return URI.create(this.shareHelper.getHostPrefix(this.externalizer, resourceResolver, this.prependTenantId) + getPagePath(str));
    }

    protected void bindConfigurationAdmin(ConfigurationAdmin configurationAdmin) {
        this.configurationAdmin = configurationAdmin;
    }

    protected void unbindConfigurationAdmin(ConfigurationAdmin configurationAdmin) {
        if (this.configurationAdmin == configurationAdmin) {
            this.configurationAdmin = null;
        }
    }

    protected void bindTokenService(AdhocAssetShareTokenService adhocAssetShareTokenService) {
        this.tokenService = adhocAssetShareTokenService;
    }

    protected void unbindTokenService(AdhocAssetShareTokenService adhocAssetShareTokenService) {
        if (this.tokenService == adhocAssetShareTokenService) {
            this.tokenService = null;
        }
    }

    protected void bindResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        this.resolverFactory = resourceResolverFactory;
    }

    protected void unbindResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        if (this.resolverFactory == resourceResolverFactory) {
            this.resolverFactory = null;
        }
    }

    protected void bindUserPropertiesService(UserPropertiesService userPropertiesService) {
        this.userPropertiesService = userPropertiesService;
    }

    protected void unbindUserPropertiesService(UserPropertiesService userPropertiesService) {
        if (this.userPropertiesService == userPropertiesService) {
            this.userPropertiesService = null;
        }
    }

    protected void bindToggleRouter(ToggleRouter toggleRouter) {
        this.toggleRouter = toggleRouter;
    }

    protected void unbindToggleRouter(ToggleRouter toggleRouter) {
        if (this.toggleRouter == toggleRouter) {
            this.toggleRouter = null;
        }
    }

    protected void bindMessageGatewayService(MessageGatewayService messageGatewayService) {
        this.messageGatewayService = messageGatewayService;
    }

    protected void unbindMessageGatewayService(MessageGatewayService messageGatewayService) {
        if (this.messageGatewayService == messageGatewayService) {
            this.messageGatewayService = null;
        }
    }

    protected void bindExternalizer(Externalizer externalizer) {
        this.externalizer = externalizer;
    }

    protected void unbindExternalizer(Externalizer externalizer) {
        if (this.externalizer == externalizer) {
            this.externalizer = null;
        }
    }

    protected void bindXssAPI(XSSAPI xssapi) {
        this.xssAPI = xssapi;
    }

    protected void unbindXssAPI(XSSAPI xssapi) {
        if (this.xssAPI == xssapi) {
            this.xssAPI = null;
        }
    }

    protected void bindConfigResolver(ConfigurationResourceResolver configurationResourceResolver) {
        this.configResolver = configurationResourceResolver;
    }

    protected void unbindConfigResolver(ConfigurationResourceResolver configurationResourceResolver) {
        if (this.configResolver == configurationResourceResolver) {
            this.configResolver = null;
        }
    }
}
