package com.day.cq.security.widgets.impl;

import com.adobe.granite.security.user.UserPropertiesService;
import com.adobe.granite.security.user.util.SkipIterator;
import com.day.cq.commons.RangeIterator;
import com.day.cq.security.impl.AbstractHTMLResponseServlet;
import com.day.cq.security.util.AuthorizableJSONWriter;
import com.day.cq.security.util.RequestConstants;
import com.day.cq.xss.XSSProtectionService;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.NoSuchElementException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.query.QueryManager;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.iterator.NodeIteratorAdapter;
import org.apache.sling.api.SlingException;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.request.RequestParameterMap;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.servlets.HtmlResponse;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.io.JSONWriter;

@Service({Servlet.class})
@Component(metatype = false)
@Properties({@Property(name = "sling.servlet.paths", value = {"/bin/security/authorizables"}), @Property(name = "sling.servlet.extensions", value = {RequestConstants.JSON_EXTENSION})})
/* loaded from: input_file:com/day/cq/security/widgets/impl/AuthorizableQuery.class */
public class AuthorizableQuery extends AbstractHTMLResponseServlet {
    private static final long serialVersionUID = -3616050470020566855L;
    private static final String PARAM_FILTER = "filter";
    private static final String PARAM_LIMIT = "limit";
    private static final String PARAM_START = "start";
    private static final String PARAM_HIDE_GROUPS = "hideGroups";
    private static final String PARAM_HIDE_USERS = "hideUsers";

    @Reference
    private UserPropertiesService userPropertiesService;

    @Reference
    private XSSProtectionService xss;

    /* loaded from: input_file:com/day/cq/security/widgets/impl/AuthorizableQuery$AuthorizableNodeIterator.class */
    private static final class AuthorizableNodeIterator<AuthType extends Authorizable> implements RangeIterator<AuthType> {
        private final Session session;
        private final UserManager userManager;
        private final NodeIterator nodes;
        private final long size;

        private AuthorizableNodeIterator(Session session, boolean z, NodeIterator nodeIterator) throws RepositoryException {
            this.session = session;
            this.userManager = ((JackrabbitSession) session).getUserManager();
            if (z) {
                this.nodes = nodeIterator;
                this.size = nodeIterator.getSize();
                return;
            }
            HashSet hashSet = new HashSet();
            ArrayList arrayList = new ArrayList();
            while (nodeIterator.hasNext()) {
                Node nextNode = nodeIterator.nextNode();
                String path = nextNode.getPath();
                if (!hashSet.contains(path)) {
                    arrayList.add(nextNode);
                    hashSet.add(path);
                }
            }
            this.nodes = new NodeIteratorAdapter(arrayList);
            this.size = arrayList.size();
        }

        private AuthorizableNodeIterator(Session session) throws RepositoryException {
            this(session, true, NodeIteratorAdapter.EMPTY);
        }

        public void skip(long j) {
            this.nodes.skip(j);
        }

        public long getSize() {
            return this.size == -1 ? this.nodes.getSize() : this.size;
        }

        public long getPosition() {
            return this.nodes.getPosition();
        }

        public boolean hasNext() {
            return this.nodes.hasNext();
        }

        /* renamed from: next, reason: merged with bridge method [inline-methods] */
        public AuthType m11next() {
            try {
                return (AuthType) this.userManager.getAuthorizableByPath(this.nodes.nextNode().getPath());
            } catch (RepositoryException e) {
                throw new SlingException(e.getMessage(), e);
            }
        }

        public void remove() {
            this.nodes.remove();
        }
    }

    @Override // com.day.cq.security.impl.AbstractHTMLResponseServlet
    protected void serviceGet(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, HtmlResponse htmlResponse) throws ServletException, IOException {
        if (this.userPropertiesService == null) {
            htmlResponse.setStatus(503, "UserPropertiesService not available");
            return;
        }
        if (!RequestConstants.JSON_EXTENSION.equals(slingHttpServletRequest.getRequestPathInfo().getExtension())) {
            htmlResponse.setStatus(400, "Only service JSON requests");
            return;
        }
        try {
            slingHttpServletResponse.setContentType(RequestConstants.JSON_CONTENT_TYPE);
            slingHttpServletResponse.setCharacterEncoding(RequestConstants.ENCODING_UTF_8);
            RequestParameterMap requestParameterMap = slingHttpServletRequest.getRequestParameterMap();
            String string = requestParameterMap.getValue(PARAM_FILTER) != null ? requestParameterMap.getValue(PARAM_FILTER).getString() : "";
            Class cls = Authorizable.class;
            if (requestParameterMap.getValue(PARAM_HIDE_USERS) != null && Boolean.valueOf(requestParameterMap.getValue(PARAM_HIDE_USERS).getString()).booleanValue()) {
                cls = Group.class;
            } else if (requestParameterMap.getValue(PARAM_HIDE_GROUPS) != null && Boolean.valueOf(requestParameterMap.getValue(PARAM_HIDE_GROUPS).getString()).booleanValue()) {
                cls = User.class;
            }
            int i = -1;
            if (requestParameterMap.getValue(PARAM_LIMIT) != null) {
                try {
                    i = Integer.valueOf(requestParameterMap.getValue(PARAM_LIMIT).getString()).intValue();
                } catch (NumberFormatException e) {
                    log.warn("Requested Page-Size {} not a number: return unlimited", requestParameterMap.getValue(PARAM_LIMIT).getString());
                }
            }
            long j = 0;
            if (requestParameterMap.getValue(PARAM_START) != null) {
                try {
                    j = Long.valueOf(requestParameterMap.getValue(PARAM_START).getString()).longValue();
                    if (i > -1) {
                        i = (int) (i + j);
                    }
                } catch (NumberFormatException e2) {
                    log.warn("Requested Page-Size {} not a number: return unlimited", requestParameterMap.getValue(PARAM_LIMIT).getString());
                }
            }
            ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
            ((Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class)).getUserManager();
            JSONWriter jSONWriter = new JSONWriter(slingHttpServletResponse.getWriter());
            SkipIterator<Authorizable> searchRepository = searchRepository(slingHttpServletRequest.getResourceResolver(), string, cls, slingHttpServletRequest.getParameter("category"));
            if (j > -1 && searchRepository.skip(j) < j) {
                throw new NoSuchElementException("Can't skip " + j + " elements. Not enough elements to skip.");
            }
            jSONWriter.object();
            jSONWriter.key("authorizables");
            jSONWriter.array();
            AuthorizableJSONWriter authorizableJSONWriter = new AuthorizableJSONWriter(resourceResolver, this.userPropertiesService.createUserPropertiesManager(resourceResolver), (String[]) null, this.xss);
            String parameter = slingHttpServletRequest.getParameter("ml");
            if (parameter != null) {
                authorizableJSONWriter.setMembersLimit(Integer.parseInt(parameter));
            }
            String parameter2 = slingHttpServletRequest.getParameter("props");
            if (parameter2 != null) {
                authorizableJSONWriter.setOutputProps(parameter2.split(","));
            }
            while (true) {
                if (!searchRepository.hasNext()) {
                    break;
                }
                authorizableJSONWriter.write(jSONWriter, (Authorizable) searchRepository.next());
                if (i > -1 && searchRepository.getPosition() == i) {
                    log.debug("Result larger than limit: end");
                    break;
                }
            }
            jSONWriter.endArray();
            jSONWriter.key("results").value(-1L);
            jSONWriter.endObject();
        } catch (JSONException e3) {
            log.error("Internal Error", e3);
            htmlResponse.setError(e3);
        } catch (RepositoryException e4) {
            log.error("Internal Error", e4);
            htmlResponse.setError(e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SkipIterator<Authorizable> searchRepository(ResourceResolver resourceResolver, String str, Class<? extends Authorizable> cls, String str2) throws RepositoryException, IOException {
        QueryManager queryManager = ((Session) resourceResolver.adaptTo(Session.class)).getWorkspace().getQueryManager();
        ArrayList arrayList = new ArrayList();
        String composeQuery = composeQuery(str.toLowerCase().replaceAll("'", "''"), cls, str2);
        log.debug("Query statement: " + composeQuery);
        UserManager userManager = (UserManager) resourceResolver.adaptTo(UserManager.class);
        NodeIterator nodes = queryManager.createQuery(composeQuery, "JCR-SQL2").execute().getNodes();
        while (nodes.hasNext()) {
            arrayList.add(userManager.getAuthorizableByPath(((Node) nodes.next()).getPath()));
        }
        return SkipIterator.create(arrayList.iterator());
    }

    private static String composeQuery(String str, Class<? extends Authorizable> cls, String str2) {
        String str3 = "WHERE CONTAINS(*, '" + str + "') ";
        String str4 = "WHERE CONTAINS(*, '" + str + "*') ";
        return User.class.isAssignableFrom(cls) ? "cq".equals(str2) ? str.equals("") ? "select [jcr:path], [jcr:score], * from [rep:User] AS a where isdescendantnode(a, '/home') [cq:authorizableCategory] is null order by lower([rep:principalName]) " : "select [jcr:path], [jcr:score], * from [rep:User] AS a " + str3 + "[cq:authorizableCategory] is null UNION select [jcr:path], [jcr:score], * from  [rep:User] AS a " + str4 + "[cq:authorizableCategory] is null order by lower([rep:principalName]) " : str2 != null ? str.equals("") ? "select [jcr:path], [jcr:score], * from [rep:User] AS a where isdescendantnode(a, '/home') not([cq:authorizableCategory] = 'cq') order by lower([rep:principalName]) " : "select [jcr:path], [jcr:score], * from [rep:User] AS a " + str3 + "not([cq:authorizableCategory] = 'cq') UNION select [jcr:path], [jcr:score], * from [rep:User] AS a " + str4 + "not([cq:authorizableCategory] = 'cq') order by lower([rep:principalName]) " : str.equals("") ? "select [jcr:path], [jcr:score], * from [rep:User] AS a where isdescendantnode(a, '/home') order by lower([rep:principalName]) " : "select [jcr:path], [jcr:score], * from [rep:User] AS a " + str3 + "UNION select [jcr:path], [jcr:score], * from [rep:User] AS a " + str4 + "order by lower([rep:principalName]) " : Group.class.isAssignableFrom(cls) ? "cq".equals(str2) ? str.equals("") ? "select [jcr:path], [jcr:score], * from [rep:Group] AS a where isdescendantnode(a, '/home') [cq:authorizableCategory] is null order by lower([rep:principalName]) " : "select [jcr:path], [jcr:score], * from [rep:Group] AS a  " + str3 + "[cq:authorizableCategory] is null UNION select [jcr:path], [jcr:score], * from [rep:Group] AS a  " + str4 + "[cq:authorizableCategory] is null order by lower([rep:principalName]) " : str2 != null ? str.equals("") ? "select [jcr:path], [jcr:score], * from [rep:Group] AS a where isdescendantnode(a, '/home') not([cq:authorizableCategory] = 'cq') order by lower([rep:principalName]) " : "select [jcr:path], [jcr:score], * from [rep:Group] AS a  " + str3 + "not([cq:authorizableCategory] = 'cq') UNION select [jcr:path], [jcr:score], * from [rep:Group] AS a  " + str4 + "not([cq:authorizableCategory] = 'cq') order by lower([rep:principalName]) " : str.equals("") ? "select [jcr:path], [jcr:score], * from [rep:Group] AS a where isdescendantnode(a, '/home') order by lower([rep:principalName]) " : "select [jcr:path], [jcr:score], * from [rep:Group] AS a  " + str3 + "UNION select [jcr:path], [jcr:score], * from [rep:Group] AS a  " + str4 + "order by lower([rep:principalName]) " : "cq".equals(str2) ? str.equals("") ? "select [jcr:path], [jcr:score], * from [rep:Authorizable] AS a where isdescendantnode(a, '/home') [cq:authorizableCategory] is null order by lower([rep:principalName]) " : "select [jcr:path], [jcr:score], * from [rep:User] AS a " + str3 + "[cq:authorizableCategory] is null UNION select [jcr:path], [jcr:score], * from [rep:User] AS a " + str4 + "[cq:authorizableCategory] is null UNION select [jcr:path], [jcr:score], * from [rep:Group] AS a  " + str3 + "[cq:authorizableCategory] is null UNION select [jcr:path], [jcr:score], * from [rep:Group] AS a  " + str4 + "[cq:authorizableCategory] is null order by lower([rep:principalName]) " : str2 != null ? str.equals("") ? "select [jcr:path], [jcr:score], * from [rep:Authorizable] AS a where isdescendantnode(a, '/home') not([cq:authorizableCategory] = 'cq') order by lower([rep:principalName]) " : "select [jcr:path], [jcr:score], * from [rep:User] AS a " + str3 + "not([cq:authorizableCategory] = 'cq') UNION select [jcr:path], [jcr:score], * from [rep:User] AS a " + str4 + "not([cq:authorizableCategory] = 'cq') UNION select [jcr:path], [jcr:score], * from [rep:Group] AS a  " + str3 + "not([cq:authorizableCategory] = 'cq') UNION select [jcr:path], [jcr:score], * from [rep:Group] AS a  " + str4 + "not([cq:authorizableCategory] = 'cq') order by lower([rep:principalName]) " : str.equals("") ? "select [jcr:path], [jcr:score], * from [rep:Authorizable] AS a where isdescendantnode(a, '/home') order by lower([rep:principalName]) " : "select [jcr:path], [jcr:score], * from [rep:User] AS a " + str3 + "UNION select [jcr:path], [jcr:score], * from [rep:User] AS a " + str4 + "UNION select [jcr:path], [jcr:score], * from [rep:Group] AS a  " + str3 + "UNION select [jcr:path], [jcr:score], * from [rep:Group] AS a  " + str4 + "order by lower([rep:principalName]) ";
    }

    protected void bindUserPropertiesService(UserPropertiesService userPropertiesService) {
        this.userPropertiesService = userPropertiesService;
    }

    protected void unbindUserPropertiesService(UserPropertiesService userPropertiesService) {
        if (this.userPropertiesService == userPropertiesService) {
            this.userPropertiesService = null;
        }
    }

    protected void bindXss(XSSProtectionService xSSProtectionService) {
        this.xss = xSSProtectionService;
    }

    protected void unbindXss(XSSProtectionService xSSProtectionService) {
        if (this.xss == xSSProtectionService) {
            this.xss = null;
        }
    }
}
