package biz.netcentric.cq.tools.actool.validators.impl;

import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean;
import biz.netcentric.cq.tools.actool.validators.AuthorizableValidator;
import biz.netcentric.cq.tools.actool.validators.Validators;
import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException;
import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidAuthorizableException;
import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidGroupNameException;
import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidIntermediatePathException;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:biz/netcentric/cq/tools/actool/validators/impl/AuthorizableValidatorImpl.class */
public class AuthorizableValidatorImpl implements AuthorizableValidator {
    private static final Logger LOG = LoggerFactory.getLogger(AuthorizableValidatorImpl.class);
    private boolean enabled = true;
    AuthorizableConfigBean authorizableConfigBean;
    final String groupsPath;
    final String usersPath;

    public AuthorizableValidatorImpl(String str, String str2) {
        this.groupsPath = str;
        this.usersPath = str2;
    }

    @Override // biz.netcentric.cq.tools.actool.validators.AuthorizableValidator
    public boolean validate(AuthorizableConfigBean authorizableConfigBean) throws AcConfigBeanValidationException {
        boolean z = true;
        if (this.enabled) {
            z = validateAuthorizableProperties(authorizableConfigBean) && validateMemberOf(authorizableConfigBean) && validateMembers(authorizableConfigBean) && validateAuthorizableId(authorizableConfigBean) && validateIntermediatePath(authorizableConfigBean);
        }
        return z;
    }

    public boolean validateIntermediatePath(AuthorizableConfigBean authorizableConfigBean) throws InvalidAuthorizableException, InvalidIntermediatePathException {
        boolean isGroup = authorizableConfigBean.isGroup();
        String path = authorizableConfigBean.getPath();
        String str = "Validation error while validating intermediate path of authorizable: " + authorizableConfigBean.getAuthorizableId();
        if (!path.startsWith("/")) {
            return true;
        }
        if (!path.startsWith(this.groupsPath) && !path.startsWith(this.usersPath)) {
            String str2 = str + " - the intermediate path either has to be relative (not starting with '/') or has to start with the authorizable root!";
            LOG.error(str2);
            throw new InvalidIntermediatePathException(str2);
        }
        if (!isGroup && path.startsWith(this.groupsPath)) {
            String str3 = str + " - the intermediate path for the user must not be the groups path: " + this.groupsPath;
            LOG.error(str3);
            throw new InvalidIntermediatePathException(str3);
        }
        if (isGroup && path.startsWith(this.usersPath)) {
            String str4 = str + " - the intermediate path for the group must not be the users path: " + this.usersPath;
            LOG.error(str4);
            throw new InvalidIntermediatePathException(str4);
        }
        if (!path.equals(this.groupsPath) && !path.equals(this.usersPath) && !path.equals(this.groupsPath + "/") && !path.equals(this.usersPath + "/")) {
            return true;
        }
        String str5 = str + " - the intermediate path must not be equal to the authorizable root but has to specify a subfolder of it!";
        LOG.error(str5);
        throw new InvalidIntermediatePathException(str5);
    }

    public boolean validateAuthorizableProperties(AuthorizableConfigBean authorizableConfigBean) throws InvalidAuthorizableException {
        if (authorizableConfigBean.isGroup()) {
            if (StringUtils.isNotBlank(authorizableConfigBean.getPassword())) {
                String str = "Group " + authorizableConfigBean.getAuthorizableId() + " may not be configured with password";
                LOG.error(str);
                throw new InvalidAuthorizableException(str);
            }
            if (!StringUtils.isNotBlank(authorizableConfigBean.getDisabled())) {
                return true;
            }
            String str2 = "Groups cannot be disabled - property 'disable' is used on " + authorizableConfigBean.getAuthorizableId();
            LOG.error(str2);
            throw new InvalidAuthorizableException(str2);
        }
        if (authorizableConfigBean.isSystemUser() && StringUtils.isNotBlank(authorizableConfigBean.getPassword())) {
            String str3 = "System user " + authorizableConfigBean.getAuthorizableId() + " may not be configured with password";
            LOG.error(str3);
            throw new InvalidAuthorizableException(str3);
        }
        if (!StringUtils.isNotBlank(authorizableConfigBean.getMigrateFrom())) {
            return true;
        }
        String str4 = "migrateFrom can only be used with groups (found in " + authorizableConfigBean.getAuthorizableId() + ")";
        LOG.error(str4);
        throw new InvalidAuthorizableException(str4);
    }

    public boolean validateMemberOf(AuthorizableConfigBean authorizableConfigBean) throws InvalidGroupNameException {
        String authorizableId = authorizableConfigBean.getAuthorizableId();
        String[] isMemberOf = authorizableConfigBean.getIsMemberOf();
        if (isMemberOf == null || isMemberOf.length <= 0) {
            return true;
        }
        for (int i = 0; i < isMemberOf.length; i++) {
            if (!Validators.isValidAuthorizableId(isMemberOf[i])) {
                LOG.error("Validation error while reading group property of authorizable:{}, invalid authorizable name: {}", authorizableId, isMemberOf[i]);
                throw new InvalidGroupNameException("Validation error while reading group property of authorizable: " + authorizableId + ", invalid group name: " + isMemberOf[i]);
            }
        }
        return true;
    }

    public boolean validateMembers(AuthorizableConfigBean authorizableConfigBean) throws InvalidGroupNameException {
        String authorizableId = authorizableConfigBean.getAuthorizableId();
        String[] members = authorizableConfigBean.getMembers();
        if (members == null || members.length <= 0) {
            return true;
        }
        for (int i = 0; i < members.length; i++) {
            if (!Validators.isValidAuthorizableId(members[i])) {
                LOG.error("Validation error while reading group property of authorizable:{}, invalid authorizable name: {}", authorizableId, members[i]);
                throw new InvalidGroupNameException("Validation error while reading group property of authorizable: " + authorizableId + ", invalid group name: " + members[i]);
            }
        }
        return true;
    }

    public boolean validateAuthorizableId(AuthorizableConfigBean authorizableConfigBean) throws InvalidGroupNameException {
        String authorizableId = authorizableConfigBean.getAuthorizableId();
        if (Validators.isValidAuthorizableId(authorizableId)) {
            authorizableConfigBean.setAuthorizableId(authorizableId);
            return true;
        }
        String str = "Validation error while reading group data: invalid group name: " + authorizableId;
        LOG.error(str);
        throw new InvalidGroupNameException(str);
    }

    @Override // biz.netcentric.cq.tools.actool.validators.AuthorizableValidator
    public void disable() {
        this.enabled = false;
    }
}
