package biz.netcentric.cq.tools.actool.authorizableutils.impl;

import biz.netcentric.cq.tools.actool.authorizableutils.AuthorizableBean;
import biz.netcentric.cq.tools.actool.authorizableutils.AuthorizableCreatorException;
import biz.netcentric.cq.tools.actool.authorizableutils.AuthorizableCreatorService;
import biz.netcentric.cq.tools.actool.authorizableutils.AuthorizableInstallationHistory;
import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean;
import biz.netcentric.cq.tools.actool.helper.AcHelper;
import biz.netcentric.cq.tools.actool.helper.AccessControlUtils;
import biz.netcentric.cq.tools.actool.helper.Constants;
import biz.netcentric.cq.tools.actool.helper.ContentHelper;
import biz.netcentric.cq.tools.actool.installationhistory.AcInstallationHistoryPojo;
import java.lang.reflect.InvocationTargetException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.ValueFactory;
import javax.jcr.ValueFormatException;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.jcr.api.SlingRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(metatype = true, label = "AC AuthorizableCreatorService", description = "Service that installs groups according to textual configuration files")
/* loaded from: input_file:biz/netcentric/cq/tools/actool/authorizableutils/impl/AuthorizableCreatorServiceImpl.class */
public class AuthorizableCreatorServiceImpl implements AuthorizableCreatorService {
    private static final Logger LOG = LoggerFactory.getLogger(AuthorizableCreatorServiceImpl.class);
    private static final String PATH_SEGMENT_SYSTEMUSERS = "system";
    private static final String PRINCIPAL_EVERYONE = "everyone";
    public static final String REP_EXTERNAL_ID = "rep:externalId";
    AcInstallationHistoryPojo status;
    Map<String, Set<AuthorizableConfigBean>> principalMapFromConfig;
    AuthorizableInstallationHistory authorizableInstallationHistory;

    @Reference(cardinality = ReferenceCardinality.OPTIONAL_UNARY)
    ExternalGroupCreatorServiceImpl externalGroupCreatorService;

    @Override // biz.netcentric.cq.tools.actool.authorizableutils.AuthorizableCreatorService
    public void createNewAuthorizables(Map<String, Set<AuthorizableConfigBean>> map, Session session, AcInstallationHistoryPojo acInstallationHistoryPojo, AuthorizableInstallationHistory authorizableInstallationHistory) throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException, AuthorizableCreatorException {
        this.status = acInstallationHistoryPojo;
        this.principalMapFromConfig = map;
        this.authorizableInstallationHistory = authorizableInstallationHistory;
        Iterator<String> it = map.keySet().iterator();
        while (it.hasNext()) {
            Iterator<AuthorizableConfigBean> it2 = map.get(it.next()).iterator();
            AuthorizableConfigBean authorizableConfigBean = null;
            while (it2.hasNext()) {
                authorizableConfigBean = it2.next();
                acInstallationHistoryPojo.addVerboseMessage("Starting installation of authorizable bean: " + authorizableConfigBean.toString());
            }
            installAuthorizableConfigurationBean(session, authorizableConfigBean, acInstallationHistoryPojo, authorizableInstallationHistory);
        }
    }

    private void installAuthorizableConfigurationBean(Session session, AuthorizableConfigBean authorizableConfigBean, AcInstallationHistoryPojo acInstallationHistoryPojo, AuthorizableInstallationHistory authorizableInstallationHistory) throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException, AuthorizableExistsException, AuthorizableCreatorException {
        String principalID = authorizableConfigBean.getPrincipalID();
        LOG.debug("- start installation of authorizable: {}", principalID);
        UserManager userManagerAutoSaveDisabled = AccessControlUtils.getUserManagerAutoSaveDisabled(session);
        ValueFactory valueFactory = session.getValueFactory();
        User authorizable = userManagerAutoSaveDisabled.getAuthorizable(principalID);
        if (authorizable == null) {
            createNewAuthorizable(authorizableConfigBean, acInstallationHistoryPojo, authorizableInstallationHistory, userManagerAutoSaveDisabled, valueFactory, session);
        } else {
            setAuthorizableProperties(authorizable, valueFactory, authorizableConfigBean, session);
            if (!authorizable.isGroup() && !authorizableConfigBean.isSystemUser() && StringUtils.isNotBlank(authorizableConfigBean.getPassword())) {
                authorizable.changePassword(authorizableConfigBean.getPassword());
            }
            handleRecreationOfAuthorizableIfNecessary(session, authorizableConfigBean, acInstallationHistoryPojo, authorizableInstallationHistory, userManagerAutoSaveDisabled);
            mergeGroup(acInstallationHistoryPojo, authorizableInstallationHistory, authorizableConfigBean, userManagerAutoSaveDisabled);
        }
        if (authorizableConfigBean.isGroup()) {
            Group authorizable2 = userManagerAutoSaveDisabled.getAuthorizable(principalID);
            Authorizable authorizable3 = userManagerAutoSaveDisabled.getAuthorizable(Constants.USER_ANONYMOUS);
            if (authorizableConfigBean.membersContainsAnonymous()) {
                authorizable2.addMember(authorizable3);
            } else {
                authorizable2.removeMember(authorizable3);
            }
        }
        if (StringUtils.isNotBlank(authorizableConfigBean.getMigrateFrom()) && authorizableConfigBean.isGroup()) {
            migrateFromOldGroup(authorizableConfigBean, userManagerAutoSaveDisabled);
        }
    }

    private void migrateFromOldGroup(AuthorizableConfigBean authorizableConfigBean, UserManager userManager) throws RepositoryException {
        Group authorizable = userManager.getAuthorizable(authorizableConfigBean.getMigrateFrom());
        String principalID = authorizableConfigBean.getPrincipalID();
        if (authorizable == null) {
            this.status.addMessage("Group " + authorizableConfigBean.getMigrateFrom() + " does not exist (specified as migrateFrom in group " + principalID + ") - no action taken");
            return;
        }
        if (!authorizable.isGroup()) {
            this.status.addWarning("Specifying a user in 'migrateFrom' does not make sense (migrateFrom=" + authorizableConfigBean.getMigrateFrom() + " in " + principalID + ")");
            return;
        }
        this.status.addMessage("Migrating from group " + authorizableConfigBean.getMigrateFrom() + "  to " + principalID);
        HashSet hashSet = new HashSet();
        Iterator members = authorizable.getMembers();
        while (members.hasNext()) {
            Authorizable authorizable2 = (Authorizable) members.next();
            if (!authorizable2.isGroup()) {
                hashSet.add(authorizable2);
            }
        }
        if (!hashSet.isEmpty()) {
            this.status.addMessage("- Taking over " + hashSet.size() + " member users from group " + authorizableConfigBean.getMigrateFrom() + " to group " + principalID);
            Group authorizable3 = userManager.getAuthorizable(principalID);
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                authorizable3.addMember((Authorizable) it.next());
            }
        }
        authorizable.remove();
        this.status.addMessage("- Deleted group " + authorizableConfigBean.getMigrateFrom());
    }

    private void handleRecreationOfAuthorizableIfNecessary(Session session, AuthorizableConfigBean authorizableConfigBean, AcInstallationHistoryPojo acInstallationHistoryPojo, AuthorizableInstallationHistory authorizableInstallationHistory, UserManager userManager) throws RepositoryException, AuthorizableCreatorException {
        Group authorizable = userManager.getAuthorizable(authorizableConfigBean.getPrincipalID());
        String substring = authorizable.getPath().substring(0, authorizable.getPath().lastIndexOf("/"));
        String path = authorizableConfigBean.getPath();
        if (StringUtils.isNotEmpty(path) && path.charAt(0) != '/') {
            path = (authorizableConfigBean.isGroup() ? Constants.GROUPS_ROOT : Constants.USERS_ROOT) + ((!authorizableConfigBean.isSystemUser() || path.startsWith(PATH_SEGMENT_SYSTEMUSERS)) ? "" : "/system") + "/" + path;
        }
        boolean z = !StringUtils.equals(substring, path) && StringUtils.isNotBlank(authorizableConfigBean.getPath());
        if (z) {
            String str = "Found change of intermediate path for " + authorizable.getID() + ": " + substring + " -> " + path;
            acInstallationHistoryPojo.addMessage(str);
            LOG.info(str);
        }
        String defaultIfEmpty = StringUtils.defaultIfEmpty(AcHelper.valuesToString(authorizable.getProperty(REP_EXTERNAL_ID)), "");
        String defaultIfEmpty2 = StringUtils.defaultIfEmpty(authorizableConfigBean.getExternalId(), "");
        boolean z2 = !StringUtils.equals(defaultIfEmpty, defaultIfEmpty2);
        if (z2) {
            String str2 = "Found change of external id of " + authorizable.getID() + ": '" + defaultIfEmpty + "' (current) is not '" + defaultIfEmpty2 + "' (in config)";
            acInstallationHistoryPojo.addMessage(str2);
            LOG.info(str2);
        }
        if (z || z2) {
            HashSet hashSet = new HashSet();
            if (authorizable.isGroup()) {
                Iterator declaredMembers = authorizable.getDeclaredMembers();
                while (declaredMembers.hasNext()) {
                    hashSet.add(declaredMembers.next());
                }
            }
            authorizable.remove();
            Group createNewAuthorizable = createNewAuthorizable(authorizableConfigBean, acInstallationHistoryPojo, authorizableInstallationHistory, userManager, session.getValueFactory(), session);
            int i = 0;
            if (createNewAuthorizable.isGroup()) {
                Group group = createNewAuthorizable;
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    group.addMember((Authorizable) it.next());
                    i++;
                }
            }
            deleteOldIntermediatePath(session, session.getNode(substring));
            String str3 = "Recreated authorizable " + createNewAuthorizable + " at path " + createNewAuthorizable.getPath() + (createNewAuthorizable.isGroup() ? "(retained " + i + " members of group)" : "");
            acInstallationHistoryPojo.addMessage(str3);
            LOG.info(str3);
        }
    }

    private void deleteOldIntermediatePath(Session session, Node node) throws RepositoryException {
        while (!StringUtils.equals(Constants.GROUPS_ROOT, node.getPath()) && !StringUtils.equals(Constants.USERS_ROOT, node.getPath()) && !node.hasNodes()) {
            Node parent = node.getParent();
            session.removeItem(node.getPath());
            node = parent;
        }
    }

    private void mergeGroup(AcInstallationHistoryPojo acInstallationHistoryPojo, AuthorizableInstallationHistory authorizableInstallationHistory, AuthorizableConfigBean authorizableConfigBean, UserManager userManager) throws RepositoryException, ValueFormatException, UnsupportedRepositoryOperationException, AuthorizableExistsException, AuthorizableCreatorException {
        String[] memberOf = authorizableConfigBean.getMemberOf();
        String principalID = authorizableConfigBean.getPrincipalID();
        LOG.debug("Authorizable {} already exists", principalID);
        Authorizable authorizable = userManager.getAuthorizable(principalID);
        Set<String> membershipGroupsFromConfig = getMembershipGroupsFromConfig(memberOf);
        Set<String> membershipGroupsFromRepository = getMembershipGroupsFromRepository(authorizable);
        authorizableInstallationHistory.addAuthorizable(authorizable.getID(), getAuthorizableName(authorizable), authorizable.getPath(), membershipGroupsFromRepository);
        mergeMemberOfGroups(principalID, acInstallationHistoryPojo, userManager, membershipGroupsFromConfig, membershipGroupsFromRepository);
    }

    private String getAuthorizableName(Authorizable authorizable) throws RepositoryException, ValueFormatException {
        return authorizable.getProperty("profile/givenName") != null ? authorizable.getProperty("profile/givenName")[0].getString() : "";
    }

    private Authorizable createNewAuthorizable(AuthorizableConfigBean authorizableConfigBean, AcInstallationHistoryPojo acInstallationHistoryPojo, AuthorizableInstallationHistory authorizableInstallationHistory, UserManager userManager, ValueFactory valueFactory, Session session) throws AuthorizableExistsException, RepositoryException, AuthorizableCreatorException {
        Authorizable createNewUser;
        boolean isGroup = authorizableConfigBean.isGroup();
        String principalID = authorizableConfigBean.getPrincipalID();
        if (isGroup) {
            createNewUser = createNewGroup(userManager, authorizableConfigBean, acInstallationHistoryPojo, authorizableInstallationHistory, valueFactory, this.principalMapFromConfig, session);
            LOG.info("Successfully created new group: {}", principalID);
        } else {
            if (StringUtils.isNotEmpty(authorizableConfigBean.getExternalId())) {
                throw new IllegalStateException("External IDs are not supported for users (" + authorizableConfigBean.getPrincipalID() + " is using '" + authorizableConfigBean.getExternalId() + "') - use a ootb sync handler to have users automatically created.");
            }
            createNewUser = createNewUser(userManager, authorizableConfigBean, acInstallationHistoryPojo, authorizableInstallationHistory, valueFactory, this.principalMapFromConfig, session);
            LOG.info("Successfully created new user: {}", principalID);
        }
        authorizableInstallationHistory.addNewCreatedAuthorizable(principalID);
        return createNewUser;
    }

    private Set<String> getMembershipGroupsFromRepository(Authorizable authorizable) throws RepositoryException {
        HashSet hashSet = new HashSet();
        Iterator declaredMemberOf = authorizable.declaredMemberOf();
        while (declaredMemberOf.hasNext()) {
            hashSet.add(((Authorizable) declaredMemberOf.next()).getID());
        }
        return hashSet;
    }

    private Set<String> getMembershipGroupsFromConfig(String[] strArr) {
        HashSet hashSet = new HashSet();
        if (strArr != null) {
            for (String str : strArr) {
                hashSet.add(str);
            }
        }
        return hashSet;
    }

    void mergeMemberOfGroups(String str, AcInstallationHistoryPojo acInstallationHistoryPojo, UserManager userManager, Set<String> set, Set<String> set2) throws RepositoryException, AuthorizableExistsException, AuthorizableCreatorException {
        LOG.debug("mergeMemberOfGroups() for {}", str);
        set.remove(PRINCIPAL_EVERYONE);
        set2.remove(PRINCIPAL_EVERYONE);
        logAndVerboseHistoryMessage(acInstallationHistoryPojo, "Principal " + str + " isMemberOf(repo)=" + set2);
        logAndVerboseHistoryMessage(acInstallationHistoryPojo, "Principal " + str + " isMemberOf(conifg)=" + set);
        Set<String> validateAssignedGroups = validateAssignedGroups(userManager, str, set);
        logAndVerboseHistoryMessage(acInstallationHistoryPojo, "Principal " + str + " remains member of groups " + CollectionUtils.intersection(set2, validateAssignedGroups));
        Collection<String> subtract = CollectionUtils.subtract(validateAssignedGroups, set2);
        logAndVerboseHistoryMessage(acInstallationHistoryPojo, "Principal " + str + " will be added as member of " + subtract);
        Collection<String> subtract2 = CollectionUtils.subtract(set2, validateAssignedGroups);
        HashSet hashSet = new HashSet();
        Pattern allowExternalGroupNamesRegEx = acInstallationHistoryPojo.getAcConfiguration().getGlobalConfiguration().getAllowExternalGroupNamesRegEx();
        Iterator it = subtract2.iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (allowExternalGroupNamesRegEx != null && allowExternalGroupNamesRegEx.matcher(str2).find()) {
                hashSet.add(str2);
                it.remove();
            }
        }
        logAndVerboseHistoryMessage(acInstallationHistoryPojo, "Principal " + str + " will be removed from members of " + subtract2);
        if (!hashSet.isEmpty()) {
            logAndVerboseHistoryMessage(acInstallationHistoryPojo, "Principal " + str + " remains member of groups " + hashSet + " (due to configured ignoredMembershipsPattern=" + allowExternalGroupNamesRegEx + ")");
        }
        Authorizable authorizable = userManager.getAuthorizable(str);
        for (String str3 : subtract) {
            LOG.debug("Membership Change: Adding {} to members of group {} in repository", str, str3);
            userManager.getAuthorizable(str3).addMember(authorizable);
        }
        for (String str4 : subtract2) {
            LOG.debug("Membership Change: Removing {} from members of group {} in repository", str, str4);
            userManager.getAuthorizable(str4).removeMember(authorizable);
        }
        if (subtract.isEmpty() || subtract.isEmpty()) {
            return;
        }
        logAndVerboseHistoryMessage(acInstallationHistoryPojo, "Membership Change: Principal " + str + " was added to " + subtract.size() + " and removed from " + subtract2.size() + " groups");
    }

    private void logAndVerboseHistoryMessage(AcInstallationHistoryPojo acInstallationHistoryPojo, String str) {
        LOG.debug(str);
        acInstallationHistoryPojo.addVerboseMessage(str);
    }

    private Authorizable createNewGroup(UserManager userManager, AuthorizableConfigBean authorizableConfigBean, AcInstallationHistoryPojo acInstallationHistoryPojo, AuthorizableInstallationHistory authorizableInstallationHistory, ValueFactory valueFactory, Map<String, Set<AuthorizableConfigBean>> map, Session session) throws AuthorizableExistsException, RepositoryException, AuthorizableCreatorException {
        Group authorizable;
        String principalID = authorizableConfigBean.getPrincipalID();
        String path = authorizableConfigBean.getPath();
        try {
            if (!StringUtils.isNotEmpty(authorizableConfigBean.getExternalId())) {
                PrincipalImpl principalImpl = new PrincipalImpl(principalID);
                authorizable = StringUtils.isNotBlank(path) ? userManager.createGroup(principalImpl, path) : userManager.createGroup(principalImpl);
            } else {
                if (this.externalGroupCreatorService == null) {
                    throw new IllegalStateException("External IDs are not availabe for your AEM version (" + authorizableConfigBean.getPrincipalID() + " is using '" + authorizableConfigBean.getExternalId() + "')");
                }
                authorizable = (Group) this.externalGroupCreatorService.createGroupWithExternalId(userManager, authorizableConfigBean, acInstallationHistoryPojo, authorizableInstallationHistory, valueFactory, map, session);
                LOG.info("Successfully created new external group: {}", principalID);
            }
        } catch (AuthorizableExistsException e) {
            LOG.warn("Group {} already exists in system!", principalID);
            authorizable = userManager.getAuthorizable(principalID);
        }
        addMembersToReferencingAuthorizables(authorizable, authorizableConfigBean, userManager);
        setAuthorizableProperties(authorizable, valueFactory, authorizableConfigBean, session);
        return authorizable;
    }

    private void setAuthorizableProperties(Authorizable authorizable, ValueFactory valueFactory, AuthorizableConfigBean authorizableConfigBean, Session session) throws RepositoryException {
        String profileContent = authorizableConfigBean.getProfileContent();
        if (StringUtils.isNotBlank(profileContent)) {
            ContentHelper.importContent(session, authorizable.getPath() + "/profile", profileContent);
        }
        String preferencesContent = authorizableConfigBean.getPreferencesContent();
        if (StringUtils.isNotBlank(preferencesContent)) {
            ContentHelper.importContent(session, authorizable.getPath() + "/preferences", preferencesContent);
        }
        String name = authorizableConfigBean.getName();
        if (StringUtils.isNotBlank(name)) {
            if (authorizable.isGroup()) {
                authorizable.setProperty("profile/givenName", valueFactory.createValue(name));
            } else {
                String substringBeforeLast = StringUtils.substringBeforeLast(name, " ");
                String substringAfterLast = StringUtils.substringAfterLast(name, " ");
                authorizable.setProperty("profile/givenName", valueFactory.createValue(substringBeforeLast));
                authorizable.setProperty("profile/familyName", valueFactory.createValue(substringAfterLast));
            }
        }
        String description = authorizableConfigBean.getDescription();
        if (StringUtils.isNotBlank(description)) {
            authorizable.setProperty("profile/aboutMe", valueFactory.createValue(description));
        }
    }

    private Authorizable createNewUser(UserManager userManager, AuthorizableConfigBean authorizableConfigBean, AcInstallationHistoryPojo acInstallationHistoryPojo, AuthorizableInstallationHistory authorizableInstallationHistory, ValueFactory valueFactory, Map<String, Set<AuthorizableConfigBean>> map, Session session) throws AuthorizableExistsException, RepositoryException, AuthorizableCreatorException {
        String principalID = authorizableConfigBean.getPrincipalID();
        String password = authorizableConfigBean.getPassword();
        boolean isSystemUser = authorizableConfigBean.isSystemUser();
        String path = authorizableConfigBean.getPath();
        User userManagerCreateSystemUserViaReflection = isSystemUser ? userManagerCreateSystemUserViaReflection(userManager, principalID, path, acInstallationHistoryPojo) : userManager.createUser(principalID, password, new PrincipalImpl(principalID), path);
        setAuthorizableProperties(userManagerCreateSystemUserViaReflection, valueFactory, authorizableConfigBean, session);
        addMembersToReferencingAuthorizables(userManagerCreateSystemUserViaReflection, authorizableConfigBean, userManager);
        return userManagerCreateSystemUserViaReflection;
    }

    private void addMembersToReferencingAuthorizables(Authorizable authorizable, AuthorizableConfigBean authorizableConfigBean, UserManager userManager) throws RepositoryException, AuthorizableCreatorException {
        String principalID = authorizableConfigBean.getPrincipalID();
        String[] memberOf = authorizableConfigBean.getMemberOf();
        if (authorizable == null || memberOf == null || memberOf.length <= 0) {
            return;
        }
        Set<String> validateAssignedGroups = validateAssignedGroups(userManager, principalID, new HashSet(Arrays.asList(memberOf)));
        if (validateAssignedGroups.isEmpty()) {
            return;
        }
        LOG.debug("start adding {} to assignedGroups", principalID);
        Iterator<String> it = validateAssignedGroups.iterator();
        while (it.hasNext()) {
            Group authorizable2 = userManager.getAuthorizable(it.next());
            authorizable2.addMember(authorizable);
            LOG.debug("added to {} ", authorizable2);
        }
    }

    private User userManagerCreateSystemUserViaReflection(UserManager userManager, String str, String str2, AcInstallationHistoryPojo acInstallationHistoryPojo) throws RepositoryException {
        if (str2 != null && !str2.startsWith("system/") && !str2.startsWith("/")) {
            str2 = "system/" + str2;
        }
        try {
            return (User) userManager.getClass().getMethod("createSystemUser", String.class, String.class).invoke(userManager, str, str2);
        } catch (Throwable th) {
            th = th;
            if (th instanceof InvocationTargetException) {
                th = ((InvocationTargetException) th).getTargetException();
            }
            acInstallationHistoryPojo.addError("Could not create system user " + str + ". e:" + th);
            return null;
        }
    }

    Set<String> validateAssignedGroups(UserManager userManager, String str, Set<String> set) throws RepositoryException, AuthorizableCreatorException {
        AuthorizableConfigBean authorizableConfigBean;
        HashSet hashSet = new HashSet();
        for (String str2 : set) {
            if (StringUtils.equals(str, str2)) {
                throw new AuthorizableCreatorException("Cannot add authorizable " + str + " as member of itself.");
            }
            Authorizable authorizable = userManager.getAuthorizable(str2);
            if (authorizable != null) {
                if (!authorizable.isGroup()) {
                    throw new AuthorizableCreatorException("Failed to add authorizable " + str + " to autorizable " + str2 + "! Authorizable is not a group");
                }
                hashSet.add(authorizable.getID());
            } else {
                if (!this.principalMapFromConfig.keySet().contains(str2)) {
                    String str3 = "Failed to add group: " + str + " as member to authorizable: " + str2 + ". Neither found this authorizable (" + str2 + ") in any of the configurations nor installed in the system!";
                    LOG.error(str3);
                    throw new AuthorizableCreatorException(str3);
                }
                Iterator<AuthorizableConfigBean> it = this.principalMapFromConfig.get(str2).iterator();
                AuthorizableConfigBean authorizableConfigBean2 = null;
                while (true) {
                    authorizableConfigBean = authorizableConfigBean2;
                    if (!it.hasNext()) {
                        break;
                    }
                    authorizableConfigBean2 = it.next();
                }
                Group createGroup = userManager.createGroup(new PrincipalImpl(str2), authorizableConfigBean.getPath());
                hashSet.add(createGroup.getID());
                this.authorizableInstallationHistory.addNewCreatedAuthorizable(createGroup.getID());
                LOG.info("Created group to be able to add {} to group {} ", str, str2);
            }
        }
        return hashSet;
    }

    @Override // biz.netcentric.cq.tools.actool.authorizableutils.AuthorizableCreatorService
    public void performRollback(SlingRepository slingRepository, AuthorizableInstallationHistory authorizableInstallationHistory, AcInstallationHistoryPojo acInstallationHistoryPojo) throws RepositoryException {
        JackrabbitSession loginAdministrative = slingRepository.loginAdministrative((String) null);
        ValueFactory valueFactory = loginAdministrative.getValueFactory();
        try {
            UserManager userManager = loginAdministrative.getUserManager();
            Set<String> newCreatedAuthorizables = authorizableInstallationHistory.getNewCreatedAuthorizables();
            acInstallationHistoryPojo.addWarning("starting rollback of authorizables...");
            if (!newCreatedAuthorizables.isEmpty()) {
                acInstallationHistoryPojo.addWarning("performing Groups rollback!");
                for (String str : newCreatedAuthorizables) {
                    Authorizable authorizable = userManager.getAuthorizable(str);
                    if (authorizable != null) {
                        authorizable.remove();
                        String str2 = "removed authorizable " + str + " from the system!";
                        LOG.info(str2);
                        acInstallationHistoryPojo.addWarning(str2);
                    } else {
                        String str3 = "Can't remove authorizable " + str + " from the system!";
                        LOG.error(str3);
                        acInstallationHistoryPojo.addError(str3);
                    }
                }
            }
            for (AuthorizableBean authorizableBean : authorizableInstallationHistory.getAuthorizableBeans()) {
                Authorizable authorizable2 = userManager.getAuthorizable(authorizableBean.getName());
                if (authorizable2 != null) {
                    acInstallationHistoryPojo.addMessage("found changed authorizable:" + authorizable2.getID());
                    Iterator memberOf = authorizable2.memberOf();
                    HashSet hashSet = new HashSet();
                    while (memberOf.hasNext()) {
                        hashSet.add(((Group) memberOf.next()).getID());
                    }
                    if (authorizableBean.getAuthorizablesSnapshot().equals(hashSet)) {
                        acInstallationHistoryPojo.addMessage("No change found in memberOfGroups of authorizable: " + authorizable2.getID());
                    } else {
                        acInstallationHistoryPojo.addMessage("changes found in memberOfGroups of authorizable: " + authorizable2.getID());
                        Iterator memberOf2 = authorizable2.memberOf();
                        while (memberOf2.hasNext()) {
                            Group group = (Group) memberOf2.next();
                            group.removeMember(authorizable2);
                            acInstallationHistoryPojo.addWarning("removed authorizable: " + authorizable2.getID() + " from members of group: " + group.getID());
                        }
                        Iterator<String> it = authorizableBean.getAuthorizablesSnapshot().iterator();
                        while (it.hasNext()) {
                            Group authorizable3 = userManager.getAuthorizable(it.next());
                            if (authorizable3 != null) {
                                authorizable3.addMember(authorizable2);
                                acInstallationHistoryPojo.addWarning("add authorizable: " + authorizable2.getID() + " to members of group: " + authorizable3.getID() + " again");
                            }
                        }
                    }
                    String string = authorizable2.hasProperty("profile/givenName") ? authorizable2.getProperty("profile/givenName")[0].getString() : "";
                    if (authorizableBean.getName().equals(string)) {
                        acInstallationHistoryPojo.addMessage("No change found in name of authorizable: " + authorizable2.getID());
                    } else {
                        acInstallationHistoryPojo.addMessage("change found in name of authorizable: " + authorizable2.getID());
                        authorizable2.setProperty("profile/givenName", valueFactory.createValue(authorizableBean.getName()));
                        acInstallationHistoryPojo.addMessage("changed name of authorizable from: " + string + " back to: " + authorizableBean.getName());
                    }
                }
            }
        } finally {
            if (loginAdministrative != null) {
                loginAdministrative.save();
                loginAdministrative.logout();
            }
        }
    }

    protected void bindExternalGroupCreatorService(ExternalGroupCreatorServiceImpl externalGroupCreatorServiceImpl) {
        this.externalGroupCreatorService = externalGroupCreatorServiceImpl;
    }

    protected void unbindExternalGroupCreatorService(ExternalGroupCreatorServiceImpl externalGroupCreatorServiceImpl) {
        if (this.externalGroupCreatorService == externalGroupCreatorServiceImpl) {
            this.externalGroupCreatorService = null;
        }
    }
}
