package biz.netcentric.cq.tools.actool.configreader;

import biz.netcentric.cq.tools.actool.configmodel.AceBean;
import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean;
import biz.netcentric.cq.tools.actool.configmodel.GlobalConfiguration;
import biz.netcentric.cq.tools.actool.helper.Constants;
import biz.netcentric.cq.tools.actool.helper.QueryHelper;
import biz.netcentric.cq.tools.actool.validators.AceBeanValidator;
import biz.netcentric.cq.tools.actool.validators.AuthorizableValidator;
import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.query.InvalidQueryException;
import org.apache.commons.lang.StringUtils;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.jcr.api.SlingRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(label = "AC Yaml Config Reader", description = "Service that installs groups & ACEs according to textual configuration files")
/* loaded from: input_file:biz/netcentric/cq/tools/actool/configreader/YamlConfigReader.class */
public class YamlConfigReader implements ConfigReader {
    private static final Logger LOG = LoggerFactory.getLogger(YamlConfigReader.class);
    protected static final String ACE_CONFIG_PROPERTY_GLOB = "repGlob";
    protected static final String ACE_CONFIG_PROPERTY_RESTRICTIONS = "restrictions";
    protected static final String ACE_CONFIG_PROPERTY_PERMISSION = "permission";
    protected static final String ACE_CONFIG_PROPERTY_PRIVILEGES = "privileges";
    protected static final String ACE_CONFIG_PROPERTY_ACTIONS = "actions";
    protected static final String ACE_CONFIG_PROPERTY_PATH = "path";
    protected static final String ACE_CONFIG_PROPERTY_KEEP_ORDER = "keepOrder";
    protected static final String ACE_CONFIG_INITIAL_CONTENT = "initialContent";
    private static final String GROUP_CONFIG_PROPERTY_MEMBER_OF = "isMemberOf";
    private static final String GROUP_CONFIG_PROPERTY_MEMBER_OF_LEGACY = "memberOf";
    private static final String GROUP_CONFIG_PROPERTY_MEMBERS = "members";
    private static final String GROUP_CONFIG_PROPERTY_PATH = "path";
    private static final String GROUP_CONFIG_PROPERTY_PASSWORD = "password";
    protected static final String GROUP_CONFIG_PROPERTY_NAME = "name";
    private static final String GROUP_CONFIG_PROPERTY_DESCRIPTION = "description";
    private static final String GROUP_CONFIG_PROPERTY_EXTERNAL_ID = "externalId";
    private static final String GROUP_CONFIG_PROPERTY_MIGRATE_FROM = "migrateFrom";
    private static final String USER_CONFIG_PROPERTY_IS_SYSTEM_USER = "isSystemUser";
    private static final String USER_CONFIG_PROFILE_CONTENT = "profileContent";
    private static final String USER_CONFIG_PREFERENCES_CONTENT = "preferencesContent";

    @Reference
    private SlingRepository repository;
    private final Pattern forLoopPattern = Pattern.compile("for (\\w+) in \\[([,/\\s\\w\\-]+)\\]", 2);

    @Override // biz.netcentric.cq.tools.actool.configreader.ConfigReader
    public Map<String, Set<AceBean>> getAceConfigurationBeans(Collection<?> collection, Set<String> set, AceBeanValidator aceBeanValidator) throws RepositoryException, AcConfigBeanValidationException {
        List<LinkedHashMap> list = (List) getConfigSection(Constants.ACE_CONFIGURATION_KEY, collection);
        if (list != null) {
            return getPreservedOrderdAceMap(list, set, aceBeanValidator);
        }
        LOG.debug("ACL configuration not found in this YAML configuration file");
        return null;
    }

    @Override // biz.netcentric.cq.tools.actool.configreader.ConfigReader
    public Map<String, Set<AuthorizableConfigBean>> getGroupConfigurationBeans(Collection collection, AuthorizableValidator authorizableValidator) throws AcConfigBeanValidationException {
        List<LinkedHashMap> list = (List) getConfigSection(Constants.GROUP_CONFIGURATION_KEY, collection);
        if (list != null) {
            return getAuthorizablesMap(list, authorizableValidator, true);
        }
        LOG.debug("Group configuration not found in this YAML configuration file");
        return null;
    }

    @Override // biz.netcentric.cq.tools.actool.configreader.ConfigReader
    public Map<String, Set<AuthorizableConfigBean>> getUserConfigurationBeans(Collection collection, AuthorizableValidator authorizableValidator) throws AcConfigBeanValidationException {
        return getAuthorizablesMap((List) getConfigSection(Constants.USER_CONFIGURATION_KEY, collection), authorizableValidator, false);
    }

    @Override // biz.netcentric.cq.tools.actool.configreader.ConfigReader
    public GlobalConfiguration getGlobalConfiguration(Collection collection) {
        return new GlobalConfiguration((Map) getConfigSection(Constants.GLOBAL_CONFIGURATION_KEY, collection));
    }

    @Override // biz.netcentric.cq.tools.actool.configreader.ConfigReader
    public Set<String> getObsoluteAuthorizables(Collection collection) {
        List list = (List) getConfigSection(Constants.OBSOLETE_AUTHORIZABLES_KEY, collection);
        HashSet hashSet = new HashSet();
        if (list != null) {
            for (Object obj : list) {
                if (obj instanceof String) {
                    hashSet.add((String) obj);
                } else if (obj instanceof Map) {
                    hashSet.add((String) ((Map) obj).keySet().iterator().next());
                }
            }
        }
        return hashSet;
    }

    private Object getConfigSection(String str, Collection collection) {
        for (LinkedHashMap linkedHashMap : new ArrayList(collection)) {
            Iterator it = linkedHashMap.keySet().iterator();
            if (it.hasNext() && str.equals(it.next())) {
                return linkedHashMap.get(str);
            }
        }
        return null;
    }

    private Map<String, Set<AuthorizableConfigBean>> getAuthorizablesMap(List<LinkedHashMap> list, AuthorizableValidator authorizableValidator, boolean z) throws AcConfigBeanValidationException {
        HashSet hashSet = new HashSet();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (list == null) {
            return linkedHashMap;
        }
        for (LinkedHashMap linkedHashMap2 : list) {
            String str = (String) linkedHashMap2.keySet().iterator().next();
            if (!hashSet.add(str)) {
                throw new IllegalArgumentException("There is more than one group definition for group: " + str);
            }
            LOG.debug("Found principal: {} in config", str);
            linkedHashMap.put(str, new LinkedHashSet());
            List<Map<String, String>> list2 = (List) linkedHashMap2.get(str);
            if (list2 != null && !list2.isEmpty()) {
                for (Map<String, String> map : list2) {
                    AuthorizableConfigBean newAuthorizableConfigBean = getNewAuthorizableConfigBean();
                    setupAuthorizableBean(newAuthorizableConfigBean, map, str, z);
                    if (authorizableValidator != null) {
                        authorizableValidator.validate(newAuthorizableConfigBean);
                    }
                    ((Set) linkedHashMap.get(str)).add(newAuthorizableConfigBean);
                }
            }
        }
        return linkedHashMap;
    }

    private Map<String, Set<AceBean>> getPreservedOrderdAceMap(List<LinkedHashMap> list, Set<String> set, AceBeanValidator aceBeanValidator) throws RepositoryException, AcConfigBeanValidationException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (list == null) {
            return linkedHashMap;
        }
        try {
            r11 = this.repository != null ? this.repository.loginAdministrative((String) null) : null;
            for (LinkedHashMap linkedHashMap2 : list) {
                String str = (String) linkedHashMap2.keySet().iterator().next();
                List<Map<String, ?>> list2 = (List) linkedHashMap2.get(str);
                LOG.debug("start reading ACE configuration of authorizable: {}", str);
                if (linkedHashMap.get(str) == null) {
                    linkedHashMap.put(str, new LinkedHashSet());
                }
                if (list2 == null || list2.isEmpty()) {
                    LOG.warn("no ACE definition(s) found for autorizable: {}", str);
                } else {
                    if (aceBeanValidator != null) {
                        aceBeanValidator.setCurrentAuthorizableName(str);
                    }
                    for (Map<String, ?> map : list2) {
                        AceBean newAceBean = getNewAceBean();
                        setupAceBean(str, map, newAceBean);
                        if (aceBeanValidator != null) {
                            aceBeanValidator.validate(newAceBean, r11.getAccessControlManager());
                        }
                        if (newAceBean.getJcrPath() == null || !newAceBean.getJcrPath().contains("*") || null == r11) {
                            linkedHashMap.get(str).add(newAceBean);
                        } else {
                            handleWildcards(r11, linkedHashMap, str, newAceBean);
                        }
                    }
                }
            }
            return linkedHashMap;
        } finally {
            if (r11 != null) {
                r11.logout();
            }
        }
    }

    protected void handleWildcards(Session session, Map<String, Set<AceBean>> map, String str, AceBean aceBean) throws InvalidQueryException, RepositoryException {
        Set<Node> nodes = QueryHelper.getNodes(session, "/jcr:root" + aceBean.getJcrPath());
        if (nodes.isEmpty()) {
            return;
        }
        for (Node node : nodes) {
            if (!node.getPath().contains("/rep:policy")) {
                AceBean m6clone = aceBean.m6clone();
                m6clone.setJcrPath(node.getPath());
                if (map.get(str).add(m6clone)) {
                    LOG.info("wildcard replacement: replaced bean: " + aceBean + ", with bean " + m6clone);
                } else {
                    LOG.warn("wildcard replacement: replacing bean: " + aceBean + ", with bean " + m6clone + " failed as the new bean already exists in ACE list");
                }
            }
        }
    }

    protected AceBean getNewAceBean() {
        return new AceBean();
    }

    protected AuthorizableConfigBean getNewAuthorizableConfigBean() {
        return new AuthorizableConfigBean();
    }

    protected void setupAceBean(String str, Map<String, ?> map, AceBean aceBean) {
        aceBean.setPrincipal(str);
        aceBean.setJcrPath(getMapValueAsString(map, "path"));
        aceBean.setActionsStringFromConfig(getMapValueAsString(map, ACE_CONFIG_PROPERTY_ACTIONS));
        aceBean.setPrivilegesString(getMapValueAsString(map, ACE_CONFIG_PROPERTY_PRIVILEGES));
        aceBean.setPermission(getMapValueAsString(map, ACE_CONFIG_PROPERTY_PERMISSION));
        aceBean.setRestrictions(map.get(ACE_CONFIG_PROPERTY_RESTRICTIONS), (String) map.get(ACE_CONFIG_PROPERTY_GLOB));
        aceBean.setActions(parseActionsString(getMapValueAsString(map, ACE_CONFIG_PROPERTY_ACTIONS)));
        aceBean.setKeepOrder(Boolean.valueOf(getMapValueAsString(map, ACE_CONFIG_PROPERTY_KEEP_ORDER)).booleanValue());
        aceBean.setInitialContent(getMapValueAsString(map, ACE_CONFIG_INITIAL_CONTENT));
    }

    protected String[] parseActionsString(String str) {
        return StringUtils.isNotBlank(str) ? str.split(",") : new String[0];
    }

    protected void setupAuthorizableBean(AuthorizableConfigBean authorizableConfigBean, Map<String, String> map, String str, boolean z) {
        authorizableConfigBean.setPrincipalID(str);
        authorizableConfigBean.setName(getMapValueAsString(map, GROUP_CONFIG_PROPERTY_NAME));
        authorizableConfigBean.setDescription(getMapValueAsString(map, GROUP_CONFIG_PROPERTY_DESCRIPTION));
        String mapValueAsString = getMapValueAsString(map, GROUP_CONFIG_PROPERTY_EXTERNAL_ID);
        if (StringUtils.isNotBlank(mapValueAsString)) {
            authorizableConfigBean.setExternalId(mapValueAsString);
            authorizableConfigBean.setPrincipalName(StringUtils.substringBeforeLast(mapValueAsString, ";"));
        } else {
            authorizableConfigBean.setPrincipalName(str);
        }
        authorizableConfigBean.setMemberOfString(getMapValueAsString(map, GROUP_CONFIG_PROPERTY_MEMBER_OF));
        if (!StringUtils.isEmpty(getMapValueAsString(map, GROUP_CONFIG_PROPERTY_MEMBER_OF_LEGACY))) {
            authorizableConfigBean.setMemberOfString(getMapValueAsString(map, GROUP_CONFIG_PROPERTY_MEMBER_OF_LEGACY));
        }
        authorizableConfigBean.setMembersString(getMapValueAsString(map, GROUP_CONFIG_PROPERTY_MEMBERS));
        authorizableConfigBean.setPath(getMapValueAsString(map, "path"));
        authorizableConfigBean.setMigrateFrom(getMapValueAsString(map, GROUP_CONFIG_PROPERTY_MIGRATE_FROM));
        authorizableConfigBean.setIsGroup(z);
        authorizableConfigBean.setIsSystemUser(Boolean.valueOf(getMapValueAsString(map, USER_CONFIG_PROPERTY_IS_SYSTEM_USER)).booleanValue());
        authorizableConfigBean.setPassword(getMapValueAsString(map, GROUP_CONFIG_PROPERTY_PASSWORD));
        authorizableConfigBean.setProfileContent(getMapValueAsString(map, USER_CONFIG_PROFILE_CONTENT));
        authorizableConfigBean.setPreferencesContent(getMapValueAsString(map, USER_CONFIG_PREFERENCES_CONTENT));
    }

    protected String getMapValueAsString(Map<String, ?> map, String str) {
        return map.get(str) != null ? map.get(str).toString() : "";
    }

    protected void bindRepository(SlingRepository slingRepository) {
        this.repository = slingRepository;
    }

    protected void unbindRepository(SlingRepository slingRepository) {
        if (this.repository == slingRepository) {
            this.repository = null;
        }
    }
}
