package com.day.cq.security.impl.servlets;

import com.adobe.granite.security.user.UserPropertiesService;
import com.day.cq.security.impl.AbstractHTMLResponseServlet;
import com.day.cq.security.util.AuthorizableJSONWriter;
import com.day.cq.security.util.AuthorizableQueryManager;
import com.day.cq.security.util.RequestConstants;
import com.day.cq.xss.XSSProtectionService;
import java.io.IOException;
import java.util.Iterator;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import org.apache.commons.collections.iterators.EmptyIterator;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.request.RequestParameterMap;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.servlets.HtmlResponse;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.io.JSONWriter;

@Service({Servlet.class})
@Component(metatype = false)
@Properties({@Property(name = "sling.servlet.resourceTypes", value = {"cq/security/authorizable/search"}), @Property(name = "sling.servlet.extensions", value = {RequestConstants.JSON_EXTENSION})})
/* loaded from: input_file:com/day/cq/security/impl/servlets/AuthorizableSearchServlet.class */
public class AuthorizableSearchServlet extends AbstractHTMLResponseServlet {
    private static final String PARAM_QUERY = "query";
    private static final String PARAM_OFFSET = "offset";
    private static final String PARAM_MAX = "max";
    private static final String PARAM_PROPS = "props";
    private static final String PARAM_MEMBER_LIMIT = "ml";

    @Reference
    private UserPropertiesService userPropertiesService;

    @Reference(policy = ReferencePolicy.STATIC)
    private XSSProtectionService xss;

    /* loaded from: input_file:com/day/cq/security/impl/servlets/AuthorizableSearchServlet$SkipIterator.class */
    private static class SkipIterator<T> implements Iterator<T> {
        private final Iterator<T> iterator;
        private int pos;

        public static <T> SkipIterator<T> create(Iterator<T> it) {
            return new SkipIterator<>(it);
        }

        public SkipIterator(Iterator<T> it) {
            this.iterator = it;
        }

        public void skip(long j) {
            int i = 0;
            while (i < j && this.iterator.hasNext()) {
                this.iterator.next();
                i++;
                this.pos++;
            }
        }

        public long getPosition() {
            return this.pos;
        }

        @Override // java.util.Iterator
        public boolean hasNext() {
            return this.iterator.hasNext();
        }

        @Override // java.util.Iterator
        public T next() {
            this.pos++;
            return this.iterator.next();
        }

        @Override // java.util.Iterator
        public void remove() {
            this.iterator.remove();
        }
    }

    @Override // com.day.cq.security.impl.AbstractHTMLResponseServlet
    protected void serviceGet(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, HtmlResponse htmlResponse) throws ServletException, IOException {
        SkipIterator create;
        if (this.userPropertiesService == null) {
            htmlResponse.setStatus(503, "UserPropertiesService not available");
            return;
        }
        if (!RequestConstants.JSON_EXTENSION.equals(slingHttpServletRequest.getRequestPathInfo().getExtension())) {
            htmlResponse.setStatus(400, "Only service JSON requests");
            return;
        }
        try {
            ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
            JackrabbitSession jackrabbitSession = (Session) resourceResolver.adaptTo(Session.class);
            RequestParameterMap requestParameterMap = slingHttpServletRequest.getRequestParameterMap();
            int nonNegativeValue = getNonNegativeValue(requestParameterMap, PARAM_OFFSET, 0);
            int nonNegativeValue2 = getNonNegativeValue(requestParameterMap, PARAM_MAX, -1);
            int nonNegativeValue3 = getNonNegativeValue(requestParameterMap, PARAM_MEMBER_LIMIT, -1);
            String[] props = getProps(requestParameterMap);
            if (requestParameterMap.getValue(PARAM_QUERY) == null) {
                log.warn("empty query");
                create = new SkipIterator(EmptyIterator.INSTANCE);
            } else {
                create = SkipIterator.create(new AuthorizableQueryManager(jackrabbitSession.getUserManager(), jackrabbitSession.getValueFactory()).execute(requestParameterMap.getValue(PARAM_QUERY).getString()));
            }
            create.skip(nonNegativeValue);
            slingHttpServletResponse.setContentType(RequestConstants.JSON_CONTENT_TYPE);
            slingHttpServletResponse.setCharacterEncoding(RequestConstants.ENCODING_UTF_8);
            JSONWriter jSONWriter = new JSONWriter(slingHttpServletResponse.getWriter());
            jSONWriter.object();
            jSONWriter.key("authorizables");
            jSONWriter.array();
            AuthorizableJSONWriter authorizableJSONWriter = new AuthorizableJSONWriter(resourceResolver, this.userPropertiesService.createUserPropertiesManager(resourceResolver), props, this.xss);
            authorizableJSONWriter.setMembersLimit(nonNegativeValue3);
            while (create.hasNext() && (nonNegativeValue2 < 0 || create.getPosition() < nonNegativeValue + nonNegativeValue2)) {
                authorizableJSONWriter.write(jSONWriter, (Authorizable) create.next());
            }
            jSONWriter.endArray();
            create.skip(2147483647L);
            jSONWriter.key("results").value(create.getPosition());
            jSONWriter.endObject();
        } catch (AccessDeniedException e) {
            htmlResponse.setStatus(401, "");
        } catch (IOException e2) {
            slingHttpServletResponse.sendError(500, "Internal Error " + e2.getMessage());
        } catch (RepositoryException e3) {
            slingHttpServletResponse.sendError(500, "Internal Error " + e3.getMessage());
        } catch (JSONException e4) {
            slingHttpServletResponse.sendError(500, "Internal Error " + e4.getMessage());
        }
    }

    private static int getNonNegativeValue(RequestParameterMap requestParameterMap, String str, int i) {
        if (requestParameterMap.getValue(str) != null) {
            try {
                int intValue = Integer.valueOf(requestParameterMap.getValue(str).getString()).intValue();
                if (intValue >= 0) {
                    return intValue;
                }
            } catch (NumberFormatException e) {
            }
            log.warn("Require non negative integer for {}, found {}", str, requestParameterMap.getValue(str).getString());
        }
        return i;
    }

    private static String[] getProps(RequestParameterMap requestParameterMap) {
        if (requestParameterMap.getValue(PARAM_PROPS) != null) {
            return requestParameterMap.getValue(PARAM_PROPS).getString().split(",");
        }
        return null;
    }

    protected void bindUserPropertiesService(UserPropertiesService userPropertiesService) {
        this.userPropertiesService = userPropertiesService;
    }

    protected void unbindUserPropertiesService(UserPropertiesService userPropertiesService) {
        if (this.userPropertiesService == userPropertiesService) {
            this.userPropertiesService = null;
        }
    }

    protected void bindXss(XSSProtectionService xSSProtectionService) {
        this.xss = xSSProtectionService;
    }

    protected void unbindXss(XSSProtectionService xSSProtectionService) {
        if (this.xss == xSSProtectionService) {
            this.xss = null;
        }
    }
}
