package com.day.cq.security.widgets.impl;

import com.day.cq.security.impl.AbstractHTMLResponseServlet;
import com.day.cq.security.impl.resource.AuthorizableRequestProperties;
import com.day.cq.security.util.RequestConstants;
import com.day.text.Text;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.ValueFactory;
import javax.servlet.ServletException;
import org.apache.commons.collections.IteratorUtils;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.SlingException;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.request.RequestParameter;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.servlets.HtmlResponse;

/* loaded from: input_file:com/day/cq/security/widgets/impl/AbstractAuthorizablePostServlet.class */
public class AbstractAuthorizablePostServlet extends AbstractHTMLResponseServlet {
    private static final long serialVersionUID = 7569459156770176524L;

    /* JADX INFO: Access modifiers changed from: protected */
    public void editAuthorizable(Authorizable authorizable, AuthorizableRequestProperties authorizableRequestProperties, SlingHttpServletRequest slingHttpServletRequest, HtmlResponse htmlResponse) throws IOException, ServletException, AccessDeniedException, NoSuchAlgorithmException {
        Group group;
        if (!authorizableRequestProperties.isCreate() && authorizable == null) {
            htmlResponse.setStatus(404, "Resource for " + slingHttpServletRequest.getRequestURI());
            return;
        }
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        UserManager userManager = (UserManager) resourceResolver.adaptTo(UserManager.class);
        if (userManager == null) {
            htmlResponse.setStatus(401, "Not allowed to access Userdata");
            return;
        }
        Session session = (Session) resourceResolver.adaptTo(Session.class);
        boolean z = false;
        try {
            try {
                if (userManager.isAutoSave()) {
                    userManager.autoSave(false);
                    z = true;
                }
                ValueFactory valueFactory = session.getValueFactory();
                if (authorizableRequestProperties.isDelete()) {
                    String id = authorizable.getID();
                    authorizable.remove();
                    session.save();
                    log.debug("Removed authorizable {}", id);
                } else if (!authorizableRequestProperties.hasDisableParam()) {
                    if (authorizableRequestProperties.isCreate()) {
                        authorizable = create(authorizableRequestProperties, userManager);
                        String parameter = slingHttpServletRequest.getParameter(RequestConstants.PROPERTY_AUTHORIZABLE_CATEGORY);
                        if (parameter != null) {
                            authorizable.setProperty(RequestConstants.PROPERTY_AUTHORIZABLE_CATEGORY, valueFactory.createValue(parameter));
                        }
                    }
                    if (!authorizable.isGroup()) {
                        User user = (User) authorizable;
                        if (authorizableRequestProperties.setsPassword() && !authorizableRequestProperties.isCreate()) {
                            setPassword(user, authorizableRequestProperties);
                        }
                        if (authorizableRequestProperties.setsSudoers()) {
                            setSudoers(user, userManager, authorizableRequestProperties.getSudoers());
                        }
                        if (authorizableRequestProperties.isLeadChecked()) {
                            authorizable.setProperty(RequestConstants.PROPERTY_AUTHORIZABLE_CATEGORY, valueFactory.createValue("mcm"));
                        } else {
                            authorizable.setProperty(RequestConstants.PROPERTY_AUTHORIZABLE_CATEGORY, valueFactory.createValue(""));
                        }
                        if (authorizableRequestProperties.getGroupName() != null && !authorizableRequestProperties.getGroupName().equals("")) {
                            final String groupName = authorizableRequestProperties.getGroupName();
                            Group authorizable2 = userManager.getAuthorizable(groupName);
                            if (authorizable2 == null) {
                                group = userManager.createGroup(groupName, new Principal() { // from class: com.day.cq.security.widgets.impl.AbstractAuthorizablePostServlet.1
                                    @Override // java.security.Principal
                                    public String getName() {
                                        return groupName;
                                    }
                                }, authorizableRequestProperties.getIntermediatePath());
                                String parameter2 = slingHttpServletRequest.getParameter(RequestConstants.PROPERTY_AUTHORIZABLE_CATEGORY);
                                if (parameter2 != null) {
                                    authorizable2.setProperty(RequestConstants.PROPERTY_AUTHORIZABLE_CATEGORY, valueFactory.createValue(parameter2));
                                }
                                log.debug("Created Authorizable with ID {}", authorizable2.getID());
                            } else {
                                if (!authorizable2.isGroup()) {
                                    htmlResponse.setStatus(400, "List name is same as existing user name: " + authorizable2.getID());
                                    if (z) {
                                        try {
                                            userManager.autoSave(true);
                                            return;
                                        } catch (RepositoryException e) {
                                            log.error("Failed to reset auto-save mode", e);
                                            return;
                                        }
                                    }
                                    return;
                                }
                                group = authorizable2;
                            }
                            if (!group.addMember(user)) {
                                htmlResponse.setStatus(417, "Cannot add add lead " + user.getID() + " to the list: " + authorizable2.getID());
                                if (z) {
                                    try {
                                        userManager.autoSave(true);
                                        return;
                                    } catch (RepositoryException e2) {
                                        log.error("Failed to reset auto-save mode", e2);
                                        return;
                                    }
                                }
                                return;
                            }
                            log.debug("Add {} to Group {}", user.getID(), group.getID());
                        }
                    } else if (authorizableRequestProperties.setsMembers()) {
                        setMembers((Group) authorizable, userManager, authorizableRequestProperties.getMembers());
                    } else if (authorizableRequestProperties.addsMembers()) {
                        addMembers((Group) authorizable, userManager, authorizableRequestProperties.getMembers());
                    } else if (authorizableRequestProperties.removesMembers()) {
                        removeMembers((Group) authorizable, userManager, authorizableRequestProperties.getMembers());
                    }
                    if (authorizableRequestProperties.setsMembership()) {
                        setMembership(authorizable, userManager, authorizableRequestProperties.getMembership());
                    }
                    setProfileProperties(authorizable, authorizableRequestProperties, valueFactory);
                    session.save();
                    if (authorizableRequestProperties.isCreate()) {
                        htmlResponse.setStatus(201, authorizableRequestProperties.getUserID());
                    }
                } else {
                    if (authorizable.isGroup()) {
                        htmlResponse.setStatus(400, "Attempt to disable Group: " + slingHttpServletRequest.getRequestURI());
                        if (z) {
                            try {
                                userManager.autoSave(true);
                                return;
                            } catch (RepositoryException e3) {
                                log.error("Failed to reset auto-save mode", e3);
                                return;
                            }
                        }
                        return;
                    }
                    ((User) authorizable).disable(authorizableRequestProperties.getDisableParam());
                    session.save();
                }
                if (z) {
                    try {
                        userManager.autoSave(true);
                    } catch (RepositoryException e4) {
                        log.error("Failed to reset auto-save mode", e4);
                    }
                }
            } catch (RepositoryException e5) {
                try {
                    session.refresh(false);
                } catch (RepositoryException e6) {
                    log.error("Failed to revert pending changes", e5);
                }
                throw new SlingException(e5.getMessage(), e5);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    userManager.autoSave(true);
                } catch (RepositoryException e7) {
                    log.error("Failed to reset auto-save mode", e7);
                }
            }
            throw th;
        }
    }

    protected void setSudoers(User user, UserManager userManager, RequestParameter[] requestParameterArr) throws RepositoryException {
        List list = IteratorUtils.toList(user.getImpersonation().getImpersonators());
        for (RequestParameter requestParameter : requestParameterArr) {
            String unescape = Text.unescape(requestParameter.getString());
            if ("".equals(unescape)) {
                log.debug("Ignored request to add non-existant Authorizable {} as sodoer to {}", unescape, user.getID());
            } else {
                Authorizable authorizable = userManager.getAuthorizable(unescape);
                if (authorizable != null) {
                    Principal principal = authorizable.getPrincipal();
                    if (list.contains(principal)) {
                        user.getImpersonation().revokeImpersonation(principal);
                        log.debug("Removed Authorizable {} as Sudoer to {}", authorizable.getID(), user.getID());
                    } else {
                        user.getImpersonation().grantImpersonation(principal);
                        log.debug("Added Authorizable {} as Sudoer to {}", authorizable.getID(), user.getID());
                    }
                }
            }
        }
    }

    protected void addMembers(Group group, UserManager userManager, RequestParameter[] requestParameterArr) throws RepositoryException {
        for (RequestParameter requestParameter : requestParameterArr) {
            String unescape = Text.unescape(requestParameter.getString());
            if ("".equals(unescape)) {
                log.debug("Ignored request to add authorizable {} to group {}", unescape, group.getID());
            } else {
                Authorizable authorizable = userManager.getAuthorizable(unescape);
                if (authorizable != null) {
                    group.addMember(authorizable);
                    log.debug("Added authorizable {} to group {}", unescape, group.getID());
                } else {
                    log.debug("Ignored request to add non-existant authorizable {} to group {}", unescape, group.getID());
                }
            }
        }
    }

    protected void removeMembers(Group group, UserManager userManager, RequestParameter[] requestParameterArr) throws RepositoryException {
        for (RequestParameter requestParameter : requestParameterArr) {
            String unescape = Text.unescape(requestParameter.getString());
            if (!"".equals(unescape)) {
                Authorizable authorizable = userManager.getAuthorizable(unescape);
                if (authorizable != null) {
                    group.removeMember(authorizable);
                    log.debug("Removed authorizable {} from group {}", unescape, group.getID());
                } else {
                    log.debug("Ignored request to remove non-existant authorizable {} from group {}", unescape, group.getID());
                }
            }
        }
    }

    private static void setMembers(Group group, UserManager userManager, RequestParameter[] requestParameterArr) throws RepositoryException {
        List list = IteratorUtils.toList(group.getDeclaredMembers());
        for (RequestParameter requestParameter : requestParameterArr) {
            String unescape = Text.unescape(requestParameter.getString());
            if (!"".equals(unescape)) {
                Authorizable authorizable = userManager.getAuthorizable(unescape);
                if (authorizable == null || list.remove(authorizable)) {
                    log.debug("Ignored request to add non-existant Authorizable {} as member to {}", unescape, group.getID());
                } else {
                    group.addMember(authorizable);
                    log.debug("Added Authorizable {} as member to {}", unescape, group.getID());
                }
            }
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            group.removeMember((Authorizable) it.next());
        }
    }

    protected void setMembership(Authorizable authorizable, UserManager userManager, RequestParameter[] requestParameterArr) throws RepositoryException {
        List list = IteratorUtils.toList(authorizable.declaredMemberOf());
        for (RequestParameter requestParameter : requestParameterArr) {
            String unescape = Text.unescape(requestParameter.getString());
            if (unescape != null && unescape.length() > 0) {
                Group authorizable2 = userManager.getAuthorizable(unescape);
                if (authorizable2 == null || !authorizable2.isGroup()) {
                    log.debug("Request to add {} to unexistant Group with id {}", authorizable.getID(), unescape);
                } else if (list.contains(authorizable2)) {
                    authorizable2.removeMember(authorizable);
                } else {
                    authorizable2.addMember(authorizable);
                }
            }
        }
    }

    protected Authorizable create(AuthorizableRequestProperties authorizableRequestProperties, UserManager userManager) throws RepositoryException {
        String intermediatePath = authorizableRequestProperties.getIntermediatePath();
        User createUser = authorizableRequestProperties.isUser() ? userManager.createUser(authorizableRequestProperties.getUserID(), authorizableRequestProperties.getPassword(), createPrincipal(authorizableRequestProperties.getUserID()), intermediatePath) : userManager.createGroup(authorizableRequestProperties.getGroupName(), createPrincipal(authorizableRequestProperties.getGroupName()), intermediatePath);
        log.debug("Created Authorizable with ID {}", createUser.getID());
        return createUser;
    }

    protected void setPassword(User user, AuthorizableRequestProperties authorizableRequestProperties) throws NoSuchAlgorithmException, RepositoryException {
        user.changePassword(authorizableRequestProperties.getPassword());
        log.debug("Set new password for {}", user.getID());
    }

    protected void setProfileProperties(Authorizable authorizable, AuthorizableRequestProperties authorizableRequestProperties, ValueFactory valueFactory) throws RepositoryException {
        for (Map.Entry<String, RequestParameter[]> entry : authorizableRequestProperties.getProperties().entrySet()) {
            RequestParameter[] value = entry.getValue();
            String str = "";
            for (int i = 0; i < value.length && str.length() < 1; i++) {
                str = value[i].getString();
            }
            if (value.length > 1) {
                log.warn("Multipe profile values for key {}. Used first {}", new String[]{entry.getKey(), value[0].getString()});
            }
            String str2 = "profile/" + entry.getKey();
            if (str.length() == 0) {
                authorizable.removeProperty(str2);
            } else {
                authorizable.setProperty(str2, valueFactory.createValue(str));
            }
        }
    }

    private Principal createPrincipal(final String str) {
        return new Principal() { // from class: com.day.cq.security.widgets.impl.AbstractAuthorizablePostServlet.2
            @Override // java.security.Principal
            public String getName() {
                return str;
            }
        };
    }
}
