package biz.netcentric.cq.tools.actool.validators.impl;

import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean;
import biz.netcentric.cq.tools.actool.validators.AuthorizableValidator;
import biz.netcentric.cq.tools.actool.validators.Validators;
import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException;
import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidAuthorizableException;
import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidGroupNameException;
import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidIntermediatePathException;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:biz/netcentric/cq/tools/actool/validators/impl/AuthorizableValidatorImpl.class */
public class AuthorizableValidatorImpl implements AuthorizableValidator {
    private static final Logger LOG = LoggerFactory.getLogger(AuthorizableValidatorImpl.class);
    private boolean enabled = true;
    AuthorizableConfigBean authorizableConfigBean;
    final String groupsPath;
    final String usersPath;

    public AuthorizableValidatorImpl(String str, String str2) {
        this.groupsPath = str;
        this.usersPath = str2;
    }

    @Override // biz.netcentric.cq.tools.actool.validators.AuthorizableValidator
    public void validate(AuthorizableConfigBean authorizableConfigBean) throws AcConfigBeanValidationException {
        this.authorizableConfigBean = authorizableConfigBean;
        validate();
    }

    private boolean validate() throws AcConfigBeanValidationException {
        if (this.enabled) {
            return validateAuthorizableProperties(this.authorizableConfigBean) && validateMemberOf(this.authorizableConfigBean) && validateMembers(this.authorizableConfigBean) && validateAuthorizableId(this.authorizableConfigBean) && validateIntermediatePath(this.authorizableConfigBean);
        }
        return true;
    }

    public boolean validateIntermediatePath(AuthorizableConfigBean authorizableConfigBean) throws InvalidAuthorizableException, InvalidIntermediatePathException {
        boolean isGroup = authorizableConfigBean.isGroup();
        String path = authorizableConfigBean.getPath();
        String str = "Validation error while validating intermediate path of authorizable: " + authorizableConfigBean.getPrincipalID();
        if (!path.startsWith("/")) {
            return true;
        }
        if (!path.startsWith(this.groupsPath) && !path.startsWith(this.usersPath)) {
            String str2 = str + " - the intermediate path either has to be relative (not starting with '/') or has to start with the authorizable root!";
            LOG.error(str2);
            throw new InvalidIntermediatePathException(str2);
        }
        if (!isGroup && path.startsWith(this.groupsPath)) {
            String str3 = str + " - the intermediate path for the user must not be the groups path: " + this.groupsPath;
            LOG.error(str3);
            throw new InvalidIntermediatePathException(str3);
        }
        if (isGroup && path.startsWith(this.usersPath)) {
            String str4 = str + " - the intermediate path for the group must not be the users path: " + this.usersPath;
            LOG.error(str4);
            throw new InvalidIntermediatePathException(str4);
        }
        if (!path.equals(this.groupsPath) && !path.equals(this.usersPath) && !path.equals(this.groupsPath + "/") && !path.equals(this.usersPath + "/")) {
            return true;
        }
        String str5 = str + " - the intermediate path must not be equal to the authorizable root but has to specify a subfolder of it!";
        LOG.error(str5);
        throw new InvalidIntermediatePathException(str5);
    }

    public boolean validateAuthorizableProperties(AuthorizableConfigBean authorizableConfigBean) throws InvalidAuthorizableException {
        if (authorizableConfigBean.isGroup()) {
            if (!StringUtils.isNotBlank(authorizableConfigBean.getPassword())) {
                return true;
            }
            String str = "Group " + authorizableConfigBean.getPrincipalID() + " may not be configured with password";
            LOG.error(str);
            throw new InvalidAuthorizableException(str);
        }
        if (authorizableConfigBean.isSystemUser()) {
            if (StringUtils.isNotBlank(authorizableConfigBean.getPassword())) {
                String str2 = "System user " + authorizableConfigBean.getPrincipalID() + " may not be configured with password";
                LOG.error(str2);
                throw new InvalidAuthorizableException(str2);
            }
        } else if (StringUtils.isBlank(authorizableConfigBean.getPassword())) {
            String str3 = "Password is required for user " + authorizableConfigBean.getPrincipalID();
            LOG.error(str3);
            throw new InvalidAuthorizableException(str3);
        }
        if (!StringUtils.isNotBlank(authorizableConfigBean.getMigrateFrom())) {
            return true;
        }
        String str4 = "migrateFrom can only be used with groups (found in " + authorizableConfigBean.getPrincipalID() + ")";
        LOG.error(str4);
        throw new InvalidAuthorizableException(str4);
    }

    @Override // biz.netcentric.cq.tools.actool.validators.AuthorizableValidator
    public boolean validateMemberOf(AuthorizableConfigBean authorizableConfigBean) throws InvalidGroupNameException {
        String principalID = authorizableConfigBean.getPrincipalID();
        String memberOfStringFromConfig = authorizableConfigBean.getMemberOfStringFromConfig();
        if (!StringUtils.isNotBlank(memberOfStringFromConfig) || memberOfStringFromConfig == null) {
            return true;
        }
        String[] split = memberOfStringFromConfig.split(",");
        for (int i = 0; i < split.length; i++) {
            split[i] = StringUtils.strip(split[i]);
            if (!Validators.isValidAuthorizableId(split[i])) {
                LOG.error("Validation error while reading group property of authorizable:{}, invalid authorizable name: {}", principalID, split[i]);
                throw new InvalidGroupNameException("Validation error while reading group property of authorizable: " + principalID + ", invalid group name: " + split[i]);
            }
        }
        authorizableConfigBean.setMemberOf(split);
        return true;
    }

    public boolean validateMembers(AuthorizableConfigBean authorizableConfigBean) throws InvalidGroupNameException {
        String principalID = authorizableConfigBean.getPrincipalID();
        String membersStringFromConfig = authorizableConfigBean.getMembersStringFromConfig();
        if (!StringUtils.isNotBlank(membersStringFromConfig) || membersStringFromConfig == null) {
            return true;
        }
        String[] split = membersStringFromConfig.split(",");
        for (int i = 0; i < split.length; i++) {
            split[i] = StringUtils.strip(split[i]);
            if (!Validators.isValidAuthorizableId(split[i])) {
                LOG.error("Validation error while reading group property of authorizable:{}, invalid authorizable name: {}", principalID, split[i]);
                throw new InvalidGroupNameException("Validation error while reading group property of authorizable: " + principalID + ", invalid group name: " + split[i]);
            }
        }
        authorizableConfigBean.setMembers(split);
        return true;
    }

    @Override // biz.netcentric.cq.tools.actool.validators.AuthorizableValidator
    public boolean validateAuthorizableId(AuthorizableConfigBean authorizableConfigBean) throws InvalidGroupNameException {
        String principalID = authorizableConfigBean.getPrincipalID();
        if (Validators.isValidAuthorizableId(principalID)) {
            authorizableConfigBean.setPrincipalID(principalID);
            return true;
        }
        String str = "Validation error while reading group data: invalid group name: " + principalID;
        LOG.error(str);
        throw new InvalidGroupNameException(str);
    }

    @Override // biz.netcentric.cq.tools.actool.validators.AuthorizableValidator
    public void setBean(AuthorizableConfigBean authorizableConfigBean) {
        this.authorizableConfigBean = authorizableConfigBean;
    }

    @Override // biz.netcentric.cq.tools.actool.validators.AuthorizableValidator
    public void disable() {
        this.enabled = false;
    }
}
