package com.day.cq.dam.core.impl.collection;

import com.day.cq.dam.commons.util.DamUtil;
import com.day.cq.dam.commons.util.PrivateFolderAndCollectionUtil;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlManager;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.event.jobs.Job;
import org.apache.sling.event.jobs.JobManager;
import org.apache.sling.event.jobs.consumer.JobConsumer;
import org.apache.sling.tenant.Tenant;
import org.apache.sling.tenant.TenantProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service({JobConsumer.class})
@Component(immediate = true)
@Property(name = "job.topics", value = {CollectionUpdate.JOB_TOPIC})
/* loaded from: input_file:com/day/cq/dam/core/impl/collection/CollectionUpdate.class */
public class CollectionUpdate implements JobConsumer {
    private static final Map<String, Object> SERVICE_AUTH = Collections.singletonMap("sling.service.subservice", "resourcecollectionservice");
    private static final Logger log = LoggerFactory.getLogger(CollectionUpdate.class);
    private static final String updateProperty = "updated";
    private static final String lightbox = "Lightbox";
    private static final int BATCH_LIMIT = 1000;
    public static final String JOB_TOPIC = "com/adobe/cq/dam/collectionUpdate";
    private static Map<String, Object> props;
    private static Map<String, String> collectionRootMap;
    private static String QUERY_COLLECTIONS;
    private static final String DEFAULT_PUBLIC_GROUP = "dam-users";

    @Reference
    private ResourceResolverFactory resolverFactory;

    @Reference
    private JobManager jobManager;

    @Reference
    private TenantProvider tenantProvider;

    @Activate
    protected void activate() {
        try {
            ResourceResolver serviceResourceResolver = this.resolverFactory.getServiceResourceResolver(SERVICE_AUTH);
            try {
                String str = DamUtil.getTenantAssetsRoot(serviceResourceResolver) + "/collections";
                Iterator tenants = this.tenantProvider.getTenants();
                collectionRootMap = new HashMap();
                Session session = (Session) serviceResourceResolver.adaptTo(Session.class);
                if (updateCollectionACE(serviceResourceResolver, str)) {
                    collectionRootMap.put(str, DEFAULT_PUBLIC_GROUP);
                }
                while (tenants.hasNext()) {
                    Tenant tenant = (Tenant) tenants.next();
                    String str2 = (String) tenant.getProperty("dam:collectionHome");
                    String str3 = (String) tenant.getProperty("dam:allUsersGroupId");
                    if (str2 != null && updateCollectionACE(serviceResourceResolver, str2)) {
                        collectionRootMap.put(str2, str3);
                        if (str3 != null) {
                            denyUser(session, (UserManager) serviceResourceResolver.adaptTo(UserManager.class), str3, str2);
                        }
                    }
                }
                if (!collectionRootMap.isEmpty()) {
                    session.save();
                    props = new HashMap();
                    this.jobManager.addJob(JOB_TOPIC, props);
                }
                if (serviceResourceResolver != null) {
                    serviceResourceResolver.close();
                }
            } finally {
            }
        } catch (LoginException | RepositoryException e) {
            log.error("Exception while updating collection", e);
        }
    }

    private boolean updateCollectionACE(ResourceResolver resourceResolver, String str) throws PathNotFoundException, LoginException, RepositoryException {
        boolean z = true;
        Resource resource = resourceResolver.getResource(str);
        if (resource != null) {
            z = resource.getValueMap().containsKey(updateProperty);
        }
        if (z) {
            log.debug("Collection ACL for: " + str + " are up-to-date");
            return false;
        }
        log.debug("Collection ACL for: " + str + " will be updated");
        return true;
    }

    public JobConsumer.JobResult process(Job job) {
        try {
            ResourceResolver serviceResourceResolver = this.resolverFactory.getServiceResourceResolver(SERVICE_AUTH);
            try {
                Session session = (Session) serviceResourceResolver.adaptTo(Session.class);
                for (Map.Entry<String, String> entry : collectionRootMap.entrySet()) {
                    String key = entry.getKey();
                    String value = entry.getValue();
                    Node node = session.getNode(key);
                    denyAllToEveryone(session, key);
                    if (value != null) {
                        allowUser(session, (UserManager) serviceResourceResolver.adaptTo(UserManager.class), value, key);
                    }
                    node.setProperty(updateProperty, true);
                }
                session.save();
                if (serviceResourceResolver != null) {
                    serviceResourceResolver.close();
                }
                return JobConsumer.JobResult.OK;
            } finally {
            }
        } catch (LoginException | RepositoryException e) {
            log.error("Exception while updating collection", e);
            return JobConsumer.JobResult.FAILED;
        }
    }

    private void denyAllToEveryone(Session session, String str) throws PathNotFoundException, RepositoryException {
        int i = 0;
        QUERY_COLLECTIONS = "select * from [nt:unstructured] as a where [sling:resourceSuperType] = 'sling/collection' and isdescendantnode(a, '" + str + "') and not isdescendantnode(a,'" + str + "/public')";
        NodeIterator nodes = session.getWorkspace().getQueryManager().createQuery(QUERY_COLLECTIONS, "JCR-SQL2").execute().getNodes();
        while (nodes.hasNext()) {
            Node nextNode = nodes.nextNode();
            String path = nextNode.getPath();
            if (!nextNode.getProperty("jcr:title").getValue().toString().equalsIgnoreCase(lightbox)) {
                PrivateFolderAndCollectionUtil.addDenyAllEveryoneAsFirstACE(session, path);
            }
            i++;
            if (i == BATCH_LIMIT) {
                session.save();
                i = 0;
            }
        }
        if (i > 0) {
            session.save();
        }
    }

    private void allowUser(Session session, UserManager userManager, String str, String str2) throws RepositoryException {
        adaptUserACE(session, userManager, str, str2, true);
    }

    private void denyUser(Session session, UserManager userManager, String str, String str2) throws RepositoryException {
        adaptUserACE(session, userManager, str, str2, false);
    }

    private void adaptUserACE(Session session, UserManager userManager, String str, String str2, boolean z) throws RepositoryException {
        AccessControlManager accessControlManager = session.getAccessControlManager();
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, str2);
        accessControlList.addEntry(userManager.getAuthorizable(str).getPrincipal(), AccessControlUtils.privilegesFromNames(session, new String[]{"{http://www.jcp.org/jcr/1.0}write", "{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}nodeTypeManagement"}), z, (Map) null);
        accessControlManager.setPolicy(str2, accessControlList);
    }

    protected void bindResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        this.resolverFactory = resourceResolverFactory;
    }

    protected void unbindResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        if (this.resolverFactory == resourceResolverFactory) {
            this.resolverFactory = null;
        }
    }

    protected void bindJobManager(JobManager jobManager) {
        this.jobManager = jobManager;
    }

    protected void unbindJobManager(JobManager jobManager) {
        if (this.jobManager == jobManager) {
            this.jobManager = null;
        }
    }

    protected void bindTenantProvider(TenantProvider tenantProvider) {
        this.tenantProvider = tenantProvider;
    }

    protected void unbindTenantProvider(TenantProvider tenantProvider) {
        if (this.tenantProvider == tenantProvider) {
            this.tenantProvider = null;
        }
    }
}
