package com.day.cq.security.widgets.impl;

import com.adobe.granite.security.user.UserProperties;
import com.adobe.granite.security.user.UserPropertiesManager;
import com.adobe.granite.security.user.UserPropertiesService;
import com.day.cq.commons.Console;
import com.day.cq.commons.ConsoleUtil;
import com.day.cq.commons.JSONWriterUtil;
import com.day.cq.preferences.impl.PreferencesJsonWriter;
import com.day.cq.security.UserManagerFactory;
import com.day.cq.security.impl.AbstractHTMLResponseServlet;
import com.day.cq.security.impl.profile.CqProfileProviderImpl;
import com.day.cq.security.util.RequestConstants;
import com.day.cq.xss.XSSProtectionService;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.NoSuchElementException;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.observation.ObservationManager;
import javax.jcr.query.QueryManager;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import org.apache.commons.collections.IteratorUtils;
import org.apache.commons.collections.Predicate;
import org.apache.commons.collections.Transformer;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.SlingException;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.request.RequestParameter;
import org.apache.sling.api.request.RequestParameterMap;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.api.servlets.HtmlResponse;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.io.JSONWriter;
import org.apache.sling.jcr.api.SlingRepository;
import org.osgi.service.component.ComponentContext;

@Service({Servlet.class})
@Component(metatype = false)
@Properties({@Property(name = "sling.servlet.extensions", value = {RequestConstants.JSON_EXTENSION}), @Property(name = "sling.servlet.selectors", value = {UserInfoServlet.VIEW_USER_INFO, UserInfoServlet.VIEW_SUDOABLES}), @Property(name = "sling.servlet.resourceTypes", value = {"rep:User"}), @Property(name = "sling.servlet.paths", value = {"/libs/cq/security/userinfo"}), @Property(name = "sling.servlet.methods", value = {"GET"})})
/* loaded from: input_file:com/day/cq/security/widgets/impl/UserInfoServlet.class */
public class UserInfoServlet extends AbstractHTMLResponseServlet {
    private static final String USER_ID = "userID";
    private static final String USER_NAME = "userName";
    private static final String HOME_PATH = "home";
    private static final String ALLOWED_APPS = "allowedApps";
    private static final String VIEW_SUDOABLES = "sudoables";
    private static final String VIEW_USER_INFO = "userInfo";
    private static final String IS_IMPERSONATED = "impersonated";
    private static final String PREFERENCES = "preferences";
    private static final String PARAM_QUERY = "query";
    private static final String PARAM_LIMIT = "limit";
    private static final String PARAM_START = "start";
    private static final Collection<Console> APPS = Arrays.asList(new Console("Websites", "", "siteadmin", "/libs/wcm/content/siteadmin", "/siteadmin"), new Console("Digital Assets", "", "damadmin", "/libs/wcm/content/damadmin", "/damadmin"), new Console("Tools", "", "misc", "/libs/wcm/content/misc", "/miscadmin"), new Console("Security", "", "useradmin", "/libs/security/content/admin", "/useradmin"), new Console("Workflow", "", "workflowadmin", "/libs/workflow/content/console", "/workflow"), new Console("Tagging", "", "tagadmin", "/libs/tagging/content/tagadmin", "/tagging"));

    @Reference
    private SlingRepository repository;

    @Reference
    private ResourceResolverFactory resolverFactory;

    @Reference
    private UserPropertiesService userPropertiesService;

    @Reference(policy = ReferencePolicy.STATIC)
    private UserManagerFactory userManagerFactory;

    @Reference(policy = ReferencePolicy.STATIC)
    private XSSProtectionService xss;
    private Session session;
    private ConsoleUtil consoleUtil;
    private static final long serialVersionUID = -1194085670869172105L;

    /* loaded from: input_file:com/day/cq/security/widgets/impl/UserInfoServlet$SudoableIterator.class */
    private static final class SudoableIterator implements Iterator {
        private final Iterator<String> ids;
        private final UserManager umgr;
        private final UserPropertiesManager upManager;
        private Authorizable next;
        private String filter;

        private SudoableIterator(User user, UserManager userManager, UserPropertiesManager userPropertiesManager, String str) throws RepositoryException {
            this.ids = UserInfoServlet.getSudoableUsers(user, userManager);
            this.umgr = userManager;
            this.upManager = userPropertiesManager;
            this.filter = (str == null || str.length() <= 0) ? null : str.toLowerCase();
            this.next = seek();
        }

        @Override // java.util.Iterator
        public boolean hasNext() {
            return this.next != null;
        }

        @Override // java.util.Iterator
        public Authorizable next() {
            if (!hasNext()) {
                throw new NoSuchElementException();
            }
            Authorizable authorizable = this.next;
            this.next = seek();
            return authorizable;
        }

        @Override // java.util.Iterator
        public void remove() {
            throw new UnsupportedOperationException();
        }

        private Authorizable seek() {
            while (this.ids.hasNext()) {
                try {
                    Authorizable authorizable = this.umgr.getAuthorizable(this.ids.next());
                    if (authorizable != null && (this.filter == null || authorizable.getID().toLowerCase().startsWith(this.filter) || UserInfoServlet.getName(authorizable, this.upManager).toLowerCase().startsWith(this.filter))) {
                        return authorizable;
                    }
                } catch (RepositoryException e) {
                    UserInfoServlet.log.debug(e.getMessage(), e);
                }
            }
            return null;
        }
    }

    @Override // com.day.cq.security.impl.AbstractHTMLResponseServlet
    protected void serviceGet(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, HtmlResponse htmlResponse) throws ServletException, IOException {
        RequestParameterMap requestParameterMap = slingHttpServletRequest.getRequestParameterMap();
        int i = 0;
        int i2 = 0;
        RequestParameter value = requestParameterMap.getValue(PARAM_LIMIT);
        if (value != null) {
            try {
                i = Integer.valueOf(value.getString()).intValue();
            } catch (NumberFormatException e) {
                log.warn("Requested Page-Size {} not a number: return unlimited", value.getString());
            }
        }
        RequestParameter value2 = requestParameterMap.getValue(PARAM_START);
        if (value2 != null) {
            try {
                i2 = Integer.valueOf(value2.getString()).intValue();
            } catch (NumberFormatException e2) {
                log.warn("Requested Page-Size {} not a number: return unlimited", value2.getString());
            }
        }
        int max = Math.max(0, i);
        int max2 = Math.max(0, i2);
        if (max > 0) {
            max = Math.max(0, max + max2);
        }
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        User user = (User) resourceResolver.adaptTo(User.class);
        if (user == null) {
            htmlResponse.setStatus(404, "No user attached to the request");
            return;
        }
        slingHttpServletResponse.setContentType(RequestConstants.JSON_CONTENT_TYPE);
        slingHttpServletResponse.setCharacterEncoding(RequestConstants.ENCODING_UTF_8);
        String[] selectors = slingHttpServletRequest.getRequestPathInfo().getSelectors();
        String str = selectors.length > 0 ? selectors[0] : VIEW_USER_INFO;
        try {
            UserPropertiesManager createUserPropertiesManager = this.userPropertiesService == null ? null : this.userPropertiesService.createUserPropertiesManager(resourceResolver);
            if (VIEW_USER_INFO.equals(str)) {
                writeUserInfo(slingHttpServletRequest, slingHttpServletResponse, user, createUserPropertiesManager);
            } else if (VIEW_SUDOABLES.equals(str)) {
                User user2 = (User) resourceResolver.adaptTo(User.class);
                SudoableIterator sudoableIterator = null;
                UserManager userManager = ((JackrabbitSession) resourceResolver.adaptTo(Session.class)).getUserManager();
                String str2 = null;
                if (userManager == null) {
                    log.debug("UserManager not available for {}: only send sudables' ids'", user.getID());
                }
                if (!user2.isAdmin()) {
                    sudoableIterator = new SudoableIterator(user, userManager, createUserPropertiesManager, slingHttpServletRequest.getParameter(PARAM_QUERY));
                } else if (userManager != null) {
                    str2 = user.getID();
                    sudoableIterator = AuthorizableQuery.searchRepository(resourceResolver, slingHttpServletRequest.getParameter(PARAM_QUERY) != null ? slingHttpServletRequest.getParameter(PARAM_QUERY) : "", User.class, slingHttpServletRequest.getParameter("category"));
                }
                JSONWriter jSONWriter = new JSONWriter(slingHttpServletResponse.getWriter());
                int i3 = 0;
                if (sudoableIterator != null) {
                    jSONWriter.object();
                    jSONWriter.key("authorizables");
                    jSONWriter.array();
                    while (true) {
                        if (!sudoableIterator.hasNext()) {
                            break;
                        }
                        Authorizable authorizable = (Authorizable) sudoableIterator.next();
                        if (!authorizable.getID().equals(str2)) {
                            i3++;
                            if (max2 <= 0 || i3 > max2) {
                                jSONWriter.object();
                                jSONWriter.key("id").value(authorizable.getID());
                                JSONWriterUtil.write(jSONWriter, "name", getName(authorizable, createUserPropertiesManager), JSONWriterUtil.WriteMode.BOTH, this.xss);
                                jSONWriter.endObject();
                                if (max > 0 && i3 >= max) {
                                    log.debug("Result larger than limit: end");
                                    break;
                                }
                            }
                        }
                    }
                    while (sudoableIterator.hasNext()) {
                        sudoableIterator.next();
                        i3++;
                    }
                    jSONWriter.endArray();
                    jSONWriter.key("total").value(i3);
                    jSONWriter.endObject();
                }
            }
        } catch (IOException e3) {
            throw new SlingException(e3.getMessage(), e3);
        } catch (JSONException e4) {
            throw new SlingException(e4.getMessage(), e4);
        } catch (AccessDeniedException e5) {
            htmlResponse.setStatus(401, "");
        } catch (RepositoryException e6) {
            throw new SlingException(e6.getMessage(), e6);
        }
    }

    protected void activate(ComponentContext componentContext) {
        try {
            this.session = this.repository.loginAdministrative((String) null);
            HashMap hashMap = new HashMap();
            hashMap.put("user.jcr.session", this.session);
            String[] searchPath = this.resolverFactory.getResourceResolver(hashMap).getSearchPath();
            QueryManager queryManager = this.session.getWorkspace().getQueryManager();
            ObservationManager observationManager = this.session.getWorkspace().getObservationManager();
            if (queryManager != null && observationManager != null) {
                this.consoleUtil = new ConsoleUtil(queryManager, observationManager, searchPath);
            }
        } catch (LoginException e) {
            log.error("Failed to access Console paths: {}", e);
        } catch (RepositoryException e2) {
            log.error("Failed to access Console paths: {}", e2);
        }
    }

    protected void deactivate(ComponentContext componentContext) {
        if (this.session != null) {
            this.session.logout();
            this.session = null;
        }
        if (this.consoleUtil != null) {
            this.consoleUtil.dispose();
            this.consoleUtil = null;
        }
    }

    private Console[] getAllowedApps(ResourceResolver resourceResolver) {
        Collection<Console> paths = this.consoleUtil != null ? this.consoleUtil.getPaths() : APPS;
        ArrayList arrayList = new ArrayList();
        for (Console console : paths) {
            Resource resource = resourceResolver.getResource(console.getPath());
            if (resource != null && !resource.getResourceType().equals("sling:nonexisting")) {
                arrayList.add(console);
            }
        }
        return (Console[]) arrayList.toArray(new Console[arrayList.size()]);
    }

    private void writeUserInfo(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, User user, UserPropertiesManager userPropertiesManager) throws JSONException, IOException, ServletException, RepositoryException {
        JSONWriter jSONWriter = new JSONWriter(slingHttpServletResponse.getWriter());
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        jSONWriter.object();
        jSONWriter.key(USER_ID).value(user.getID());
        JSONWriterUtil.write(jSONWriter, USER_NAME, getName(user, userPropertiesManager), JSONWriterUtil.WriteMode.BOTH, this.xss);
        jSONWriter.key("home").value(user.getPath());
        jSONWriter.key(IS_IMPERSONATED).value(isImpersonated(resourceResolver));
        jSONWriter.key(ALLOWED_APPS).array();
        for (Console console : getAllowedApps(resourceResolver)) {
            jSONWriter.object();
            jSONWriter.key("appName").value(console.getAppName());
            jSONWriter.key("appDescription").value(console.getDescription());
            jSONWriter.key("iconClass").value(console.getIconClass());
            jSONWriter.key(RequestConstants.PARAM_PATH).value(console.getPath());
            jSONWriter.key("vanityPath").value(console.getVanityPath());
            jSONWriter.endObject();
        }
        jSONWriter.endArray();
        UserProperties userProperties = userPropertiesManager.getUserProperties(user, "preferences");
        if (userProperties != null) {
            jSONWriter.key("preferences");
            jSONWriter.object();
            new PreferencesJsonWriter(userProperties).write(jSONWriter);
            jSONWriter.endObject();
        }
        jSONWriter.endObject();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getName(Authorizable authorizable, UserPropertiesManager userPropertiesManager) throws RepositoryException {
        UserProperties userProperties;
        String str = null;
        if (userPropertiesManager != null && (userProperties = userPropertiesManager.getUserProperties(authorizable, CqProfileProviderImpl.DEFAULT_PROFILE_PATH)) != null) {
            str = userProperties.getDisplayName();
        }
        return (str == null || str.isEmpty()) ? authorizable.getID() : str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Iterator<String> getSudoableUsers(User user, UserManager userManager) throws RepositoryException {
        final String id = user.getID();
        if (user.isAdmin()) {
            return IteratorUtils.filteredIterator(IteratorUtils.transformedIterator(userManager.findAuthorizables("rep:principalName", "", 1), new Transformer() { // from class: com.day.cq.security.widgets.impl.UserInfoServlet.1
                public Object transform(Object obj) {
                    try {
                        return ((Authorizable) obj).getID();
                    } catch (RepositoryException e) {
                        UserInfoServlet.log.warn(e.getMessage(), e);
                        return null;
                    }
                }
            }), new Predicate() { // from class: com.day.cq.security.widgets.impl.UserInfoServlet.2
                public boolean evaluate(Object obj) {
                    return (obj == null || id.equals(obj)) ? false : true;
                }
            });
        }
        ArrayList arrayList = new ArrayList();
        try {
            Iterator findAuthorizables = userManager.findAuthorizables("rep:impersonators", user.getPrincipal().getName(), 1);
            while (findAuthorizables.hasNext()) {
                arrayList.add(((Authorizable) findAuthorizables.next()).getID());
            }
        } catch (RepositoryException e) {
            log.warn("Failed to retrieve sudoable users for {}: {}", id, e.getMessage());
        }
        return arrayList.iterator();
    }

    public static boolean isImpersonated(ResourceResolver resourceResolver) {
        Session session = (Session) resourceResolver.adaptTo(Session.class);
        return (session == null || session.getAttribute("user.impersonator") == null) ? false : true;
    }

    protected void bindRepository(SlingRepository slingRepository) {
        this.repository = slingRepository;
    }

    protected void unbindRepository(SlingRepository slingRepository) {
        if (this.repository == slingRepository) {
            this.repository = null;
        }
    }

    protected void bindResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        this.resolverFactory = resourceResolverFactory;
    }

    protected void unbindResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        if (this.resolverFactory == resourceResolverFactory) {
            this.resolverFactory = null;
        }
    }

    protected void bindUserPropertiesService(UserPropertiesService userPropertiesService) {
        this.userPropertiesService = userPropertiesService;
    }

    protected void unbindUserPropertiesService(UserPropertiesService userPropertiesService) {
        if (this.userPropertiesService == userPropertiesService) {
            this.userPropertiesService = null;
        }
    }

    protected void bindUserManagerFactory(UserManagerFactory userManagerFactory) {
        this.userManagerFactory = userManagerFactory;
    }

    protected void unbindUserManagerFactory(UserManagerFactory userManagerFactory) {
        if (this.userManagerFactory == userManagerFactory) {
            this.userManagerFactory = null;
        }
    }

    protected void bindXss(XSSProtectionService xSSProtectionService) {
        this.xss = xSSProtectionService;
    }

    protected void unbindXss(XSSProtectionService xSSProtectionService) {
        if (this.xss == xSSProtectionService) {
            this.xss = null;
        }
    }
}
