package com.day.cq.dam.stock.integration.impl.configuration;

import com.adobe.granite.security.user.UserPropertiesManager;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.resource.ModifiableValueMap;
import org.apache.sling.api.resource.PersistenceException;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ValueMap;
import org.osgi.service.component.annotations.Component;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {StockPermissionsService.class}, immediate = true, property = {"service.description=Adobe CQ DAM Stock Permissions Service"})
/* loaded from: input_file:com/day/cq/dam/stock/integration/impl/configuration/StockPermissionsServiceImpl.class */
public final class StockPermissionsServiceImpl implements StockPermissionsService {
    private static final Logger log = LoggerFactory.getLogger(StockPermissionsServiceImpl.class);
    public static final String STOCK_PRIVILEGE = "{http://www.jcp.org/jcr/1.0}read";
    public static final String STOCK_PREFERENCES_PARAM = "stockConfig";
    public static final String STOCK_CONF_ROOT = "/conf/global/settings/stock";

    @Override // com.day.cq.dam.stock.integration.impl.configuration.StockPermissionsService
    public Resource createStockConf(@Nonnull ResourceResolver resourceResolver, String str, String str2, String str3) {
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2) || StringUtils.isEmpty(str3)) {
            log.warn("Name, locale and clientId are needed for creating stock configuration");
            return null;
        }
        Resource resource = resourceResolver.getResource("/conf/global/settings/stock/" + str);
        try {
            log.info("Create Stock configuration: {}", str);
            Resource resource2 = resourceResolver.getResource(STOCK_CONF_ROOT);
            HashMap hashMap = new HashMap();
            hashMap.put("jcr:primaryType", "nt:unstructured");
            hashMap.put("sling:resourceType", "stock-integration/conf");
            hashMap.put(StockConfigurationImpl.CONF_NAME, str);
            hashMap.put(StockConfigurationImpl.LOCALE, str2);
            hashMap.put(StockConfigurationImpl.IMS_CLIENT_ID, str3);
            resource = resourceResolver.create(resource2, str, hashMap);
            resourceResolver.commit();
        } catch (PersistenceException e) {
            log.error("Unable to get or create resource for config '{}'" + str, e);
        }
        return resource;
    }

    @Override // com.day.cq.dam.stock.integration.impl.configuration.StockPermissionsService
    public Resource updateStockConf(@Nonnull ResourceResolver resourceResolver, String str, String str2, String str3, String str4) {
        if (StringUtils.isEmpty(str)) {
            log.warn("configurationId is needed for update stock configuration");
            return null;
        }
        Resource resource = resourceResolver.getResource("/conf/global/settings/stock/" + str);
        if (resource == null) {
            log.warn("Adobe Stock configuration '{}' doesn't exists", "/conf/global/settings/stock/" + str);
            return null;
        }
        try {
            log.info("Update Stock configuration: {}", resource.getPath());
            ModifiableValueMap modifiableValueMap = (ModifiableValueMap) resource.adaptTo(ModifiableValueMap.class);
            if (StringUtils.isNotEmpty(str2)) {
                modifiableValueMap.put(StockConfigurationImpl.CONF_NAME, str2);
            }
            if (StringUtils.isNotEmpty(str3)) {
                modifiableValueMap.put(StockConfigurationImpl.LOCALE, str3);
            }
            if (StringUtils.isNotEmpty(str4)) {
                modifiableValueMap.put(StockConfigurationImpl.IMS_CLIENT_ID, str4);
            }
            resourceResolver.commit();
        } catch (PersistenceException e) {
            log.error("Unable to update resource for config '{}'", str, e);
        }
        return resource;
    }

    @Override // com.day.cq.dam.stock.integration.impl.configuration.StockPermissionsService
    public void deleteStockConf(@Nonnull ResourceResolver resourceResolver, @Nonnull String str) {
        if (StringUtils.isNotEmpty(str)) {
            log.info("Delete stock configuration: {}", "/conf/global/settings/stock/" + str);
            Resource resource = resourceResolver.getResource("/conf/global/settings/stock/" + str);
            if (resource != null) {
                try {
                    resourceResolver.delete(resource);
                    resourceResolver.commit();
                } catch (PersistenceException e) {
                    log.error("Unable to delete resource for config " + str, e);
                }
            }
        }
    }

    @Override // com.day.cq.dam.stock.integration.impl.configuration.StockPermissionsService
    public String getUserPreferenceConfig(@Nonnull ResourceResolver resourceResolver) {
        try {
            String str = ((UserPropertiesManager) resourceResolver.adaptTo(UserPropertiesManager.class)).getUserProperties((Authorizable) resourceResolver.adaptTo(Authorizable.class), "").getResource(".").getPath() + "/preferences";
            if (resourceResolver.getResource(str) == null) {
                return null;
            }
            ValueMap valueMap = resourceResolver.getResource(str).getValueMap();
            if (valueMap.containsKey(STOCK_PREFERENCES_PARAM)) {
                return valueMap.get(STOCK_PREFERENCES_PARAM).toString();
            }
            return null;
        } catch (RepositoryException e) {
            log.error("Unable to retrieve user preferences for Stock", e);
            return null;
        }
    }

    @Override // com.day.cq.dam.stock.integration.impl.configuration.StockPermissionsService
    public Map<String, StockConfiguration> getStockConfigurations(@Nonnull ResourceResolver resourceResolver, @Nullable Map<String, StockConfiguration> map) {
        HashMap hashMap = new HashMap();
        for (String str : map.keySet()) {
            try {
                Session session = (Session) resourceResolver.adaptTo(Session.class);
                AccessControlManager accessControlManager = session != null ? session.getAccessControlManager() : null;
                String convertOsgiToNodePath = convertOsgiToNodePath(str);
                if (accessControlManager != null && StringUtils.isNotEmpty(convertOsgiToNodePath) && accessControlManager.hasPrivileges(convertOsgiToNodePath, new Privilege[]{accessControlManager.privilegeFromName(STOCK_PRIVILEGE)})) {
                    hashMap.put(str, map.get(str));
                }
            } catch (PathNotFoundException e) {
            } catch (RepositoryException e2) {
                log.error("Unable to verify stock privilege for config " + str, e2);
            }
        }
        return hashMap;
    }

    @Override // com.day.cq.dam.stock.integration.impl.configuration.StockPermissionsService
    public void setStockConfigPermissions(@Nonnull ResourceResolver resourceResolver, @Nullable String str, Set<String> set) {
        try {
            JackrabbitSession jackrabbitSession = (Session) resourceResolver.adaptTo(Session.class);
            UserManager userManager = jackrabbitSession.getUserManager();
            AccessControlManager accessControlManager = jackrabbitSession != null ? jackrabbitSession.getAccessControlManager() : null;
            String convertOsgiToNodePath = convertOsgiToNodePath(str);
            if (accessControlManager != null && StringUtils.isNotEmpty(convertOsgiToNodePath)) {
                Privilege privilegeFromName = accessControlManager.privilegeFromName(STOCK_PRIVILEGE);
                Set<String> keySet = getPermittedUsers(jackrabbitSession, convertOsgiToNodePath, privilegeFromName).keySet();
                Collection subtract = CollectionUtils.subtract(set, keySet);
                Collection subtract2 = CollectionUtils.subtract(keySet, set);
                JackrabbitAccessControlList acl = getAcl(accessControlManager, convertOsgiToNodePath);
                for (AccessControlEntry accessControlEntry : acl.getAccessControlEntries()) {
                    if (subtract2.contains(userManager.getAuthorizable(accessControlEntry.getPrincipal()).getPath())) {
                        acl.removeAccessControlEntry(accessControlEntry);
                        accessControlManager.setPolicy(convertOsgiToNodePath, acl);
                        jackrabbitSession.save();
                    }
                }
                Iterator it = subtract.iterator();
                while (it.hasNext()) {
                    if (acl.addEntry(userManager.getAuthorizableByPath((String) it.next()).getPrincipal(), new Privilege[]{privilegeFromName}, true)) {
                        accessControlManager.setPolicy(convertOsgiToNodePath, acl);
                        jackrabbitSession.save();
                    }
                }
            }
        } catch (RepositoryException e) {
            log.error("Unable to set stock privilege for config " + str, e);
        }
    }

    @Override // com.day.cq.dam.stock.integration.impl.configuration.StockPermissionsService
    public Map<String, String> getStockConfigPermissions(@Nonnull ResourceResolver resourceResolver, @Nullable String str) {
        AccessControlManager accessControlManager;
        Session session = (Session) resourceResolver.adaptTo(Session.class);
        if (session != null) {
            try {
                accessControlManager = session.getAccessControlManager();
            } catch (RepositoryException e) {
                log.error("Unable to get permitted users for config " + str, e);
                return null;
            }
        } else {
            accessControlManager = null;
        }
        AccessControlManager accessControlManager2 = accessControlManager;
        String convertOsgiToNodePath = convertOsgiToNodePath(str);
        if (accessControlManager2 == null || !StringUtils.isNotEmpty(convertOsgiToNodePath)) {
            return null;
        }
        return getPermittedUsers(session, convertOsgiToNodePath, accessControlManager2.privilegeFromName(STOCK_PRIVILEGE));
    }

    private JackrabbitAccessControlList getAcl(AccessControlManager accessControlManager, String str) {
        try {
            AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(str);
            while (applicablePolicies.hasNext()) {
                JackrabbitAccessControlList nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
                if (nextAccessControlPolicy instanceof JackrabbitAccessControlPolicy) {
                    return nextAccessControlPolicy;
                }
            }
            for (JackrabbitAccessControlList jackrabbitAccessControlList : accessControlManager.getPolicies(str)) {
                if (jackrabbitAccessControlList instanceof JackrabbitAccessControlPolicy) {
                    return jackrabbitAccessControlList;
                }
            }
            return null;
        } catch (RepositoryException e) {
            log.error("Error while retrieving ACL for {}: {}", str, e.toString());
            return null;
        }
    }

    private Map<String, String> getPermittedUsers(Session session, String str, Privilege privilege) {
        AccessControlManager accessControlManager;
        HashMap hashMap = new HashMap();
        if (session != null) {
            try {
                accessControlManager = session.getAccessControlManager();
            } catch (RepositoryException e) {
                log.error("Error while retrieving ACL for {}: {}", str, e.toString());
            }
        } else {
            accessControlManager = null;
        }
        AccessControlManager accessControlManager2 = accessControlManager;
        UserManager userManager = ((JackrabbitSession) session).getUserManager();
        for (AccessControlEntry accessControlEntry : getAcl(accessControlManager2, str).getAccessControlEntries()) {
            HashSet hashSet = new HashSet(Arrays.asList(accessControlEntry.getPrivileges()));
            Principal principal = accessControlEntry.getPrincipal();
            Authorizable authorizable = userManager.getAuthorizable(principal);
            if (hashSet.contains(privilege) && authorizable != null && principal != null) {
                hashMap.put(authorizable.getPath(), principal.getName());
            }
        }
        return hashMap;
    }

    private static String convertOsgiToNodePath(String str) {
        if (StringUtils.isNotEmpty(str)) {
            return "/conf/global/settings/stock/" + str;
        }
        return null;
    }
}
