package biz.netcentric.cq.tools.actool.dumpservice.impl;

import biz.netcentric.cq.tools.actool.authorizableinstaller.impl.AuthorizableInstallerServiceImpl;
import biz.netcentric.cq.tools.actool.comparators.AcePathComparator;
import biz.netcentric.cq.tools.actool.comparators.AcePermissionComparator;
import biz.netcentric.cq.tools.actool.comparators.AuthorizableBeanIDComparator;
import biz.netcentric.cq.tools.actool.comparators.JcrCreatedComparator;
import biz.netcentric.cq.tools.actool.configmodel.AceBean;
import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean;
import biz.netcentric.cq.tools.actool.dumpservice.AcDumpElementYamlVisitor;
import biz.netcentric.cq.tools.actool.dumpservice.AceDumpData;
import biz.netcentric.cq.tools.actool.dumpservice.CompleteAcDump;
import biz.netcentric.cq.tools.actool.dumpservice.ConfigDumpService;
import biz.netcentric.cq.tools.actool.helper.AcHelper;
import biz.netcentric.cq.tools.actool.helper.AccessControlUtils;
import biz.netcentric.cq.tools.actool.helper.AceWrapper;
import biz.netcentric.cq.tools.actool.helper.AclBean;
import biz.netcentric.cq.tools.actool.helper.Constants;
import biz.netcentric.cq.tools.actool.helper.QueryHelper;
import biz.netcentric.cq.tools.actool.history.impl.HistoryUtils;
import java.io.IOException;
import java.util.AbstractSet;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import javax.jcr.AccessDeniedException;
import javax.jcr.ItemExistsException;
import javax.jcr.ItemNotFoundException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.ValueFormatException;
import javax.jcr.lock.LockException;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.nodetype.NoSuchNodeTypeException;
import javax.jcr.version.VersionException;
import org.apache.commons.lang3.StringUtils;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.Query;
import org.apache.jackrabbit.api.security.user.QueryBuilder;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.util.Text;
import org.apache.sling.jcr.api.SlingRepository;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferencePolicyOption;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = Configuration.class)
@Component
/* loaded from: input_file:biz/netcentric/cq/tools/actool/dumpservice/impl/DumpServiceImpl.class */
public class DumpServiceImpl implements ConfigDumpService {
    private static final Logger LOG = LoggerFactory.getLogger(DumpServiceImpl.class);
    private static final String DUMP_FILE_EXTENSION = ".yaml";
    private static final String DUMP_NODE_PREFIX = "dump_";
    public static final int PRINCIPAL_BASED_SORTING = 1;
    public static final int PATH_BASED_SORTING = 2;
    public static final int DENY_ALLOW_ACL_SORTING = 1;
    public static final int NO_ACL_SORTING = 2;
    protected static final int NR_OF_DUMPS_TO_SAVE_DEFAULT = 5;
    static final String DUMP_SERVICE_EXCLUDE_PATHS_PATH = "DumpService.queryExcludePaths";
    static final String DUMP_SERVICE_NR_OF_SAVED_DUMPS = "DumpService.nrOfSavedDumps";
    static final String DUMP_INCLUDE_USERS = "DumpService.includeUsers";
    private String[] queryExcludePaths;
    private int nrOfSavedDumps;
    private boolean includeUsersInDumps = false;

    @Reference(policyOption = ReferencePolicyOption.GREEDY)
    private SlingRepository repository;

    @ObjectClassDefinition(name = "AC Tool Dump Service", description = "Service that creates dumps of the current AC configurations (groups&ACEs)", id = "biz.netcentric.cq.tools.actool.dumpservice.impl.DumpServiceImpl")
    /* loaded from: input_file:biz/netcentric/cq/tools/actool/dumpservice/impl/DumpServiceImpl$Configuration.class */
    protected @interface Configuration {
        @AttributeDefinition(name = "Number of dumps to save", description = "Number of last dumps which get saved in the repository under /var/statistics/achistory")
        int DumpService_nrOfSavedDumps() default 5;

        @AttributeDefinition(name = "Include users in dumps", description = "If selected, also users with their ACEs get added to dumps")
        boolean DumpService_includeUsers() default false;

        @AttributeDefinition(name = "AC query exclude paths", description = "direct children of jcr:root which get excluded from all dumps (also from internal dumps)")
        String[] DumpService_queryExcludePaths() default {"/home", "/jcr:system", "/tmp"};
    }

    @Activate
    public void activate(Configuration configuration) throws Exception {
        this.queryExcludePaths = configuration.DumpService_queryExcludePaths();
        this.nrOfSavedDumps = configuration.DumpService_nrOfSavedDumps();
        this.includeUsersInDumps = configuration.DumpService_includeUsers();
    }

    @Override // biz.netcentric.cq.tools.actool.dumpservice.ConfigDumpService
    public boolean isIncludeUsers() {
        return this.includeUsersInDumps;
    }

    @Override // biz.netcentric.cq.tools.actool.dumpservice.ConfigDumpService
    public String getCompletePathBasedDumpsAsString() {
        Session session = null;
        try {
            try {
                session = this.repository.loginService((String) null, (String) null);
                String completeDump = getCompleteDump(AcHelper.PATH_BASED_ORDER, AcHelper.ACE_ORDER_NONE, session);
                persistDump(completeDump, session);
                if (session != null) {
                    session.logout();
                }
                return completeDump;
            } catch (RepositoryException e) {
                LOG.error("Repository exception in DumpserviceImpl", e);
                if (session != null) {
                    session.logout();
                }
                return null;
            }
        } catch (Throwable th) {
            if (session != null) {
                session.logout();
            }
            throw th;
        }
    }

    @Override // biz.netcentric.cq.tools.actool.dumpservice.ConfigDumpService
    public String getCompletePrincipalBasedDumpsAsString() {
        Session session = null;
        try {
            try {
                session = this.repository.loginService((String) null, (String) null);
                String completeDump = getCompleteDump(AcHelper.PRINCIPAL_BASED_ORDER, AcHelper.ACE_ORDER_ACTOOL_BEST_PRACTICE, session);
                persistDump(completeDump, session);
                if (session != null) {
                    session.logout();
                }
                return completeDump;
            } catch (RepositoryException e) {
                LOG.error("Repository exception in DumpserviceImpl", e);
                if (session != null) {
                    session.logout();
                }
                return null;
            }
        } catch (Throwable th) {
            if (session != null) {
                session.logout();
            }
            throw th;
        }
    }

    private void persistDump(String str, Session session) {
        try {
            createTransientDumpNode(str, HistoryUtils.getAcHistoryRootNode(session));
            session.save();
        } catch (RepositoryException e) {
            LOG.error("RepositoryException: {}", e);
        }
    }

    private void createTransientDumpNode(String str, Node node) throws ItemExistsException, PathNotFoundException, NoSuchNodeTypeException, LockException, VersionException, ConstraintViolationException, RepositoryException, ValueFormatException {
        NodeIterator nodes = node.getNodes();
        TreeSet treeSet = new TreeSet(new JcrCreatedComparator());
        Node node2 = null;
        while (nodes.hasNext()) {
            Node nextNode = nodes.nextNode();
            if (nextNode.getName().startsWith(DUMP_NODE_PREFIX)) {
                treeSet.add(nextNode);
            }
        }
        if (!treeSet.isEmpty()) {
            node2 = (Node) treeSet.first();
        }
        if (treeSet.size() > this.nrOfSavedDumps - 1) {
            ((Node) treeSet.last()).remove();
        }
        Node newDumpNode = getNewDumpNode(str, node);
        if (node2 != null) {
            node.orderBefore(newDumpNode.getName(), node2.getName());
        }
    }

    private Node getNewDumpNode(String str, Node node) throws ItemExistsException, PathNotFoundException, NoSuchNodeTypeException, LockException, VersionException, ConstraintViolationException, RepositoryException, ValueFormatException {
        Node addNode = node.addNode(DUMP_NODE_PREFIX + System.currentTimeMillis() + DUMP_FILE_EXTENSION, "nt:file");
        Node addNode2 = addNode.addNode("jcr:content", "nt:resource");
        addNode2.setProperty("jcr:mimeType", "text/plain");
        addNode2.setProperty("jcr:encoding", "utf-8");
        addNode2.setProperty("jcr:data", str);
        return addNode;
    }

    private String getCompleteDump(int i, int i2, Session session) {
        LOG.info("Starting to create dump for " + (i == AcHelper.PRINCIPAL_BASED_ORDER ? "PRINCIPAL_BASED_ORDER" : "PATH_BASED_ORDER"));
        try {
            AceDumpData createAclDumpMap = createAclDumpMap(i, AcHelper.ACE_ORDER_ACTOOL_BEST_PRACTICE, Arrays.asList(this.queryExcludePaths), session);
            return getConfigurationDumpAsString(createAclDumpMap, getGroupBeans(session), getUserBeans(getUsersFromAces(i, session, createAclDumpMap.getAceDump())), i2);
        } catch (IOException e) {
            LOG.error("IOException in AceServiceImpl: {}", e);
            return null;
        } catch (RepositoryException e2) {
            LOG.error("RepositoryException in AceServiceImpl: {}", e2);
            return null;
        } catch (IllegalStateException e3) {
            LOG.error("IllegalStateException in DumpServiceImpl: {}", e3);
            return null;
        }
    }

    private Set<User> getUsersFromAces(int i, Session session, Map<String, Set<AceBean>> map) throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException {
        HashSet hashSet = new HashSet();
        UserManager userManager = ((JackrabbitSession) session).getUserManager();
        if (i == 1) {
            new HashSet();
            Iterator<String> it = map.keySet().iterator();
            while (it.hasNext()) {
                User authorizable = userManager.getAuthorizable(new PrincipalImpl(it.next()));
                if (!authorizable.isGroup()) {
                    hashSet.add(authorizable);
                }
            }
        } else if (i == 2) {
            Iterator<Map.Entry<String, Set<AceBean>>> it2 = map.entrySet().iterator();
            while (it2.hasNext()) {
                Iterator<AceBean> it3 = it2.next().getValue().iterator();
                while (it3.hasNext()) {
                    User authorizable2 = userManager.getAuthorizable(new PrincipalImpl(it3.next().getPrincipalName()));
                    if (!authorizable2.isGroup()) {
                        hashSet.add(authorizable2);
                    }
                }
            }
        }
        return hashSet;
    }

    @Override // biz.netcentric.cq.tools.actool.dumpservice.ConfigDumpService
    public String getConfigurationDumpAsString(AceDumpData aceDumpData, Set<AuthorizableConfigBean> set, Set<AuthorizableConfigBean> set2, int i) throws IOException {
        StringBuilder sb = new StringBuilder(20000);
        new CompleteAcDump(aceDumpData, set, set2, i, "Dump created: " + new Date(), this).accept(new AcDumpElementYamlVisitor(i, sb));
        return sb.toString();
    }

    @Override // biz.netcentric.cq.tools.actool.dumpservice.ConfigDumpService
    public Set<AclBean> getACLDumpBeans(Session session) throws RepositoryException {
        Set<String> repPolicyNodePaths = QueryHelper.getRepPolicyNodePaths(session, Arrays.asList(this.queryExcludePaths));
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (String str : repPolicyNodePaths) {
            try {
                String relativeParent = !Constants.REPO_POLICY_NODE.equals(Text.getName(str)) ? Text.getRelativeParent(str, 1) : null;
                linkedHashSet.add(new AclBean(AccessControlUtils.getAccessControlList(session, relativeParent), relativeParent));
            } catch (AccessDeniedException e) {
                LOG.error("AccessDeniedException: {}", e);
            } catch (RepositoryException e2) {
                LOG.error("RepositoryException: {}", e2);
            } catch (ItemNotFoundException e3) {
                LOG.error("ItemNotFoundException: {}", e3);
            }
        }
        return linkedHashSet;
    }

    public AceDumpData createAclDumpMap(int i, int i2, List<String> list, Session session) throws ValueFormatException, IllegalArgumentException, IllegalStateException, RepositoryException {
        return createAclDumpMap(i, i2, list, this.includeUsersInDumps, session);
    }

    @Override // biz.netcentric.cq.tools.actool.dumpservice.ConfigDumpService
    public AceDumpData createAclDumpMap(int i, int i2, List<String> list, boolean z, Session session) throws RepositoryException {
        AceDumpData aceDumpData = new AceDumpData();
        UserManager userManager = ((JackrabbitSession) session).getUserManager();
        TreeMap treeMap = new TreeMap();
        TreeMap treeMap2 = new TreeMap();
        for (AclBean aclBean : getACLDumpBeans(session)) {
            if (aclBean.getAcl() != null) {
                boolean z2 = false;
                for (JackrabbitAccessControlEntry jackrabbitAccessControlEntry : aclBean.getAcl().getAccessControlEntries()) {
                    if (!(jackrabbitAccessControlEntry instanceof JackrabbitAccessControlEntry)) {
                        throw new IllegalStateException("AC entry is not a JackrabbitAccessControlEntry: " + jackrabbitAccessControlEntry);
                    }
                    AceBean aceBean = AcHelper.getAceBean(new AceWrapper(jackrabbitAccessControlEntry, aclBean.getJcrPath()));
                    if (aceBean.isAllow()) {
                        z2 = true;
                    } else if (z2 && !aceBean.isAllow()) {
                        aceBean.setKeepOrder(true);
                    }
                    Authorizable authorizable = userManager.getAuthorizable(new PrincipalImpl(aceBean.getPrincipalName()));
                    if (authorizable != null) {
                        aceBean.setAuthorizableId(authorizable.getID());
                        if (authorizable.isGroup() || z) {
                            addBeanToMap(i, i2, treeMap, aceBean);
                        }
                    } else {
                        addBeanToMap(i, i2, treeMap2, aceBean);
                    }
                }
            }
        }
        aceDumpData.setAceDump(treeMap);
        return aceDumpData;
    }

    private void addBeanToMap(int i, int i2, Map<String, Set<AceBean>> map, AceBean aceBean) {
        if (i == AcHelper.PRINCIPAL_BASED_ORDER) {
            String principalName = aceBean.getPrincipalName();
            if (map.containsKey(principalName)) {
                map.get(principalName).add(aceBean);
                return;
            }
            Set<AceBean> newAceSet = getNewAceSet(i2);
            newAceSet.add(aceBean);
            map.put(principalName, newAceSet);
            return;
        }
        if (i == AcHelper.PATH_BASED_ORDER) {
            String jcrPath = aceBean.getJcrPath();
            if (jcrPath == null) {
                jcrPath = "";
            }
            if (map.containsKey(jcrPath)) {
                map.get(jcrPath).add(aceBean);
                return;
            }
            Set<AceBean> newAceSet2 = getNewAceSet(i2);
            newAceSet2.add(aceBean);
            map.put(jcrPath, newAceSet2);
        }
    }

    private String getIntermediatePath(String str) {
        return StringUtils.substringBeforeLast(str, "/");
    }

    public Set<AuthorizableConfigBean> getUserBeans(Set<User> set) throws RepositoryException, UnsupportedRepositoryOperationException {
        TreeSet treeSet = new TreeSet(new AuthorizableBeanIDComparator());
        if (!set.isEmpty()) {
            for (User user : set) {
                AuthorizableConfigBean authorizableConfigBean = new AuthorizableConfigBean();
                authorizableConfigBean.setAuthorizableId(user.getID());
                String trim = StringUtils.trim(((String) StringUtils.defaultIfEmpty(AcHelper.valuesToString(user.getProperty("profile/givenName")), "")) + " " + ((String) StringUtils.defaultIfEmpty(AcHelper.valuesToString(user.getProperty("profile/familyName")), "")));
                if (StringUtils.isBlank(trim)) {
                    trim = user.getID();
                }
                authorizableConfigBean.setName(trim);
                authorizableConfigBean.setPath(getIntermediatePath(user.getPath()));
                authorizableConfigBean.setIsGroup(false);
                authorizableConfigBean.setIsSystemUser(user.isSystemUser());
                new HashSet();
                addDeclaredMembers(user, authorizableConfigBean);
                treeSet.add(authorizableConfigBean);
            }
        }
        return treeSet;
    }

    @Override // biz.netcentric.cq.tools.actool.dumpservice.ConfigDumpService
    public Set<AuthorizableConfigBean> getGroupBeans(Session session) throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException {
        UserManager userManager = ((JackrabbitSession) session).getUserManager();
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Iterator findAuthorizables = userManager.findAuthorizables(new Query() { // from class: biz.netcentric.cq.tools.actool.dumpservice.impl.DumpServiceImpl.1
            public void build(QueryBuilder queryBuilder) {
                queryBuilder.setSortOrder("@rep:principalName", QueryBuilder.Direction.ASCENDING);
                queryBuilder.setSelector(Group.class);
            }
        });
        while (findAuthorizables.hasNext()) {
            Group group = (Group) findAuthorizables.next();
            if (group != null) {
                AuthorizableConfigBean authorizableConfigBean = new AuthorizableConfigBean();
                authorizableConfigBean.setAuthorizableId(group.getID());
                authorizableConfigBean.setName((String) StringUtils.defaultIfEmpty(AcHelper.valuesToString(group.getProperty("profile/givenName")), group.getID()));
                if (group.hasProperty(AuthorizableInstallerServiceImpl.REP_EXTERNAL_ID)) {
                    authorizableConfigBean.setExternalId(AcHelper.valuesToString(group.getProperty(AuthorizableInstallerServiceImpl.REP_EXTERNAL_ID)));
                }
                addDeclaredMembers(group, authorizableConfigBean);
                authorizableConfigBean.setIsGroup(group.isGroup());
                authorizableConfigBean.setPath(getIntermediatePath(group.getPath()));
                linkedHashSet.add(authorizableConfigBean);
            } else {
                LOG.debug("group is null !");
            }
        }
        return linkedHashSet;
    }

    private void addDeclaredMembers(Authorizable authorizable, AuthorizableConfigBean authorizableConfigBean) throws RepositoryException {
        Iterator declaredMemberOf = authorizable.declaredMemberOf();
        ArrayList arrayList = new ArrayList();
        while (declaredMemberOf.hasNext()) {
            String id = ((Group) declaredMemberOf.next()).getID();
            if (!StringUtils.equals(id, Constants.PRINCIPAL_EVERYONE)) {
                arrayList.add(id);
            }
        }
        authorizableConfigBean.setIsMemberOf((String[]) arrayList.toArray(new String[arrayList.size()]));
    }

    private Set<AceBean> getNewAceSet(int i) {
        AbstractSet abstractSet = null;
        if (i == AcHelper.ACE_ORDER_NONE) {
            abstractSet = new LinkedHashSet();
        } else if (i == AcHelper.ACE_ORDER_ACTOOL_BEST_PRACTICE) {
            abstractSet = new TreeSet(new AcePermissionComparator());
        } else if (i == AcHelper.ACE_ORDER_ALPHABETICAL) {
            abstractSet = new TreeSet(new AcePathComparator());
        }
        return abstractSet;
    }
}
