package com.adobe.cq.remotedam.mountpointmanagement.impl;

import com.adobe.cq.remotedam.mountpointmanagement.MountPointManager;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import javax.jcr.AccessDeniedException;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.lock.LockException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import javax.jcr.version.VersionException;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.JcrUtils;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.jcr.api.SlingRepository;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component
/* loaded from: input_file:com/adobe/cq/remotedam/mountpointmanagement/impl/MountPointManagerImpl.class */
public class MountPointManagerImpl implements MountPointManager {
    private static final Logger log = LoggerFactory.getLogger(MountPointManagerImpl.class);
    private static final String MOUNTPOINT_MANAGER = "mountpointmanager";

    @Reference
    private ResourceResolverFactory resolverFactory;

    @Reference
    private SlingRepository repository;

    @Override // com.adobe.cq.remotedam.mountpointmanagement.MountPointManager
    public synchronized void createMountPoint(String str) throws LoginException, RepositoryException {
        ResourceResolver serviceResourceResolver = this.resolverFactory.getServiceResourceResolver(Collections.singletonMap("sling.service.subservice", MOUNTPOINT_MANAGER));
        try {
            Session session = (Session) serviceResourceResolver.adaptTo(Session.class);
            if (null != serviceResourceResolver.getResource(str)) {
                log.debug("Mount point: {} already exists", str);
                if (serviceResourceResolver != null) {
                    serviceResourceResolver.close();
                    return;
                }
                return;
            }
            JcrUtils.getOrCreateByPath(str, "sling:Folder", session);
            log.debug("Mount point created: {}", str);
            assignPrivilegesOnMountPoint(session, str);
            session.save();
            if (serviceResourceResolver != null) {
                serviceResourceResolver.close();
            }
        } catch (Throwable th) {
            if (serviceResourceResolver != null) {
                try {
                    serviceResourceResolver.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Override // com.adobe.cq.remotedam.mountpointmanagement.MountPointManager
    public boolean isPermissionValid(Session session, String str) throws UnsupportedRepositoryOperationException, RepositoryException, LoginException {
        Principal principal = getPrincipal(session.getUserID());
        if (null == principal) {
            return false;
        }
        ResourceResolver serviceResourceResolver = this.resolverFactory.getServiceResourceResolver(Collections.singletonMap("sling.service.subservice", MOUNTPOINT_MANAGER));
        try {
            JackrabbitAccessControlManager accessControlManager = ((Session) serviceResourceResolver.adaptTo(Session.class)).getAccessControlManager();
            boolean z = !accessControlManager.hasPrivileges(str, Collections.singleton(principal), new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}write")});
            if (serviceResourceResolver != null) {
                serviceResourceResolver.close();
            }
            return z;
        } catch (Throwable th) {
            if (serviceResourceResolver != null) {
                try {
                    serviceResourceResolver.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void assignPrivilegesOnMountPoint(Session session, String str) throws RepositoryException, LoginException {
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, str);
        denyWriteToEveryone(session, str, accessControlList);
        ResourceResolver serviceResourceResolver = this.resolverFactory.getServiceResourceResolver(Collections.singletonMap("sling.service.subservice", MOUNTPOINT_MANAGER));
        try {
            enableWriteForPkgInstaller(str, accessControlList, serviceResourceResolver);
            log.debug("Permissions set correctly at mount point {}", str);
            if (serviceResourceResolver != null) {
                serviceResourceResolver.close();
            }
        } catch (Throwable th) {
            if (serviceResourceResolver != null) {
                try {
                    serviceResourceResolver.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void enableWriteForPkgInstaller(String str, JackrabbitAccessControlList jackrabbitAccessControlList, ResourceResolver resourceResolver) throws RepositoryException, LoginException {
        ResourceResolver serviceResourceResolver = this.resolverFactory.getServiceResourceResolver(Collections.singletonMap("sling.service.subservice", MOUNTPOINT_MANAGER));
        try {
            Principal principal = getPrincipal(resourceResolver.getUserID());
            if (jackrabbitAccessControlList != null) {
                HashMap hashMap = new HashMap();
                Session session = (Session) serviceResourceResolver.adaptTo(Session.class);
                AccessControlManager accessControlManager = session.getAccessControlManager();
                if (jackrabbitAccessControlList.addEntry(principal, new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}write")}, true, hashMap)) {
                    accessControlManager.setPolicy(str, jackrabbitAccessControlList);
                    session.save();
                }
            }
            if (serviceResourceResolver != null) {
                serviceResourceResolver.close();
            }
        } catch (Throwable th) {
            if (serviceResourceResolver != null) {
                try {
                    serviceResourceResolver.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void denyWriteToEveryone(Session session, String str, JackrabbitAccessControlList jackrabbitAccessControlList) throws AccessControlException, RepositoryException, PathNotFoundException, AccessDeniedException, LockException, VersionException, UnsupportedRepositoryOperationException {
        Privilege[] privilegesFromNames = AccessControlUtils.privilegesFromNames(session, new String[]{"{http://www.jcp.org/jcr/1.0}write"});
        HashMap hashMap = new HashMap();
        if (jackrabbitAccessControlList != null && jackrabbitAccessControlList.addEntry(AccessControlUtils.getEveryonePrincipal(session), privilegesFromNames, false, hashMap)) {
            session.getAccessControlManager().setPolicy(str, jackrabbitAccessControlList);
        }
        session.save();
        log.debug("Denied write permission to everyone at {}", str);
    }

    private Principal getPrincipal(String str) throws LoginException, RepositoryException {
        ResourceResolver serviceResourceResolver = this.resolverFactory.getServiceResourceResolver(Collections.singletonMap("sling.service.subservice", MOUNTPOINT_MANAGER));
        try {
            Principal principal = ((UserManager) serviceResourceResolver.adaptTo(UserManager.class)).getAuthorizable(str).getPrincipal();
            if (serviceResourceResolver != null) {
                serviceResourceResolver.close();
            }
            return principal;
        } catch (Throwable th) {
            if (serviceResourceResolver != null) {
                try {
                    serviceResourceResolver.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
