package com.day.crx.security.principals;

import com.day.crx.CRXSession;
import com.day.crx.security.ACLManager;
import com.day.crx.security.ActionSet;
import com.day.crx.security.CRXGroup;
import com.day.crx.security.CRXPrincipal;
import com.day.crx.security.Covenantee;
import com.day.crx.security.PrincipalIterator;
import com.day.crx.security.User;
import com.day.crx.security.spi.AbstractPrincipalProvider;
import com.day.crx.security.user.UserManagerImpl;
import com.day.util.CacheMap;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.regex.PatternSyntaxException;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.observation.EventIterator;
import javax.jcr.observation.EventListener;
import javax.security.auth.Subject;
import org.apache.jackrabbit.core.security.SystemPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/day/crx/security/principals/DefaultPrincipalProvider.class */
public class DefaultPrincipalProvider extends AbstractPrincipalProvider implements EventListener {
    static final String CVS_ID = "$URL: http://svn.day.com/repos/crx/tags/crx-1.4.2-load5/repository/crx-core/src/main/java/com/day/crx/security/principals/DefaultPrincipalProvider.java $ $Rev: 42598 $ $Date: 2008-10-07 16:58:22 +0200 (Tue, 07 Oct 2008) $";
    private static final Logger log;
    public static final String NT_REP_PRINCIPAL_FOLDER = "rep:PrincipalFolder";
    private final EveryonePrincipal everyone;
    private final CacheMap membershipCache = new CacheMap(600, 1000);
    private final CacheMap findUserCache = new CacheMap(600, 1000);
    private final UserManagerImpl userManager;
    private final ACLManager aclManager;
    static Class class$com$day$crx$security$principals$DefaultPrincipalProvider;

    public DefaultPrincipalProvider(CRXSession cRXSession) throws RepositoryException {
        this.aclManager = cRXSession.getACLManager();
        this.userManager = (UserManagerImpl) cRXSession.getUserManager();
        this.everyone = new EveryonePrincipal("everyone", this.userManager.getAdmin().getPrincipal());
        cRXSession.getWorkspace().getObservationManager().addEventListener(this, 31, this.userManager.getRootPath(), true, (String[]) null, (String[]) null, false);
    }

    @Override // com.day.crx.security.spi.AbstractPrincipalProvider
    protected CRXPrincipal providePrincipal(String str) {
        if (getEveryone().getName().equals(str)) {
            return getEveryone();
        }
        try {
            CRXPrincipal cRXPrincipalImpl = new CRXPrincipalImpl(str);
            synchronized (this.userManager) {
                Covenantee covenantee = this.userManager.getCovenantee((Principal) cRXPrincipalImpl);
                if (covenantee == null || !covenantee.getPrincipal().equals(cRXPrincipalImpl)) {
                    return null;
                }
                if (covenantee.isAdmin()) {
                    return getAdmin();
                }
                return covenantee.getPrincipal();
            }
        } catch (RepositoryException e) {
            log.error("providePrincipal: failed to access Users for Principal", e);
            return null;
        }
    }

    @Override // com.day.crx.security.spi.AbstractPrincipalProvider, com.day.crx.security.spi.PrincipalProvider
    public void close() {
        super.close();
    }

    @Override // com.day.crx.security.spi.AbstractPrincipalProvider, com.day.crx.security.spi.PrincipalProvider
    public boolean hasUser(String str) {
        boolean z;
        sanityCheck();
        synchronized (this.userManager) {
            try {
                Covenantee covenantee = this.userManager.getCovenantee((Principal) new CRXPrincipalImpl(str));
                if (covenantee != null) {
                    z = covenantee.isUser();
                }
            } catch (RepositoryException e) {
                log.warn("hasUser: failed to check existance of User {}: {}", str, e);
                return false;
            }
        }
        return z;
    }

    @Override // com.day.crx.security.spi.AbstractPrincipalProvider, com.day.crx.security.spi.PrincipalProvider
    public boolean hasGroup(String str) {
        boolean z;
        sanityCheck();
        if (getEveryone().getName().equals(str)) {
            return true;
        }
        synchronized (this.userManager) {
            try {
                Covenantee covenantee = this.userManager.getCovenantee((Principal) new CRXPrincipalImpl(str));
                if (covenantee != null) {
                    z = covenantee.isGroup();
                }
            } catch (RepositoryException e) {
                log.warn("hasGroup: failed to check existance of Group {}: {}", str, e);
                return false;
            }
        }
        return z;
    }

    @Override // com.day.crx.security.spi.PrincipalProvider
    public Principal[] findUser(String str) {
        Principal[] principalArr;
        sanityCheck();
        synchronized (this.findUserCache) {
            principalArr = (Principal[]) this.findUserCache.get(str);
            if (principalArr == null) {
                try {
                    HashSet hashSet = new HashSet();
                    Iterator findUsers = this.userManager.findUsers(str);
                    while (findUsers.hasNext()) {
                        User user = (User) findUsers.next();
                        hashSet.add(user.isAdmin() ? getAdmin() : user.getPrincipal());
                    }
                    principalArr = (Principal[]) hashSet.toArray(new Principal[hashSet.size()]);
                    this.findUserCache.put(str, principalArr);
                } catch (RepositoryException e) {
                    log.error("findUsers: failed to access user: ", e);
                }
            }
        }
        return principalArr;
    }

    @Override // com.day.crx.security.spi.PrincipalProvider
    public Group[] findGroup(String str) {
        Group[] groupArr;
        sanityCheck();
        synchronized (this.userManager) {
            try {
                HashSet hashSet = new HashSet();
                Iterator findGroups = this.userManager.findGroups(str);
                while (findGroups.hasNext()) {
                    hashSet.add(((Covenantee) findGroups.next()).getPrincipal());
                }
                try {
                    if (getEveryone().getName().matches(new StringBuffer().append(".*").append(str).append(".*").toString())) {
                        hashSet.add(getEveryone());
                    }
                } catch (PatternSyntaxException e) {
                    log.debug("couldn't search fo everyone, pattern invalid {}: {}", str, e.getMessage());
                }
                groupArr = (Group[]) hashSet.toArray(new Group[hashSet.size()]);
            } catch (RepositoryException e2) {
                log.error("findGroup: failed to access group", e2);
                return null;
            }
        }
        return groupArr;
    }

    @Override // com.day.crx.security.spi.AbstractPrincipalProvider, com.day.crx.security.spi.PrincipalProvider
    public synchronized PrincipalIterator getAll() {
        DefaultPrincipalIterator defaultPrincipalIterator = (DefaultPrincipalIterator) getUsers();
        defaultPrincipalIterator.addSource(getGroups());
        return defaultPrincipalIterator;
    }

    @Override // com.day.crx.security.spi.PrincipalProvider
    public PrincipalIterator getUsers() {
        DefaultPrincipalIterator defaultPrincipalIterator;
        sanityCheck();
        synchronized (this.userManager) {
            HashSet hashSet = new HashSet();
            try {
                Iterator findUsers = this.userManager.findUsers("");
                while (findUsers.hasNext()) {
                    Covenantee covenantee = (Covenantee) findUsers.next();
                    if (covenantee.isAdmin()) {
                        hashSet.add(getAdmin());
                    } else {
                        hashSet.add(covenantee.getPrincipal());
                    }
                }
            } catch (RepositoryException e) {
                log.error("getUsers: faild to access users {}", e);
            }
            defaultPrincipalIterator = new DefaultPrincipalIterator(hashSet);
        }
        return defaultPrincipalIterator;
    }

    @Override // com.day.crx.security.spi.PrincipalProvider
    public PrincipalIterator getGroups() {
        DefaultPrincipalIterator defaultPrincipalIterator;
        sanityCheck();
        synchronized (this.userManager) {
            HashSet hashSet = new HashSet();
            hashSet.add(getEveryone());
            try {
                Iterator findGroups = this.userManager.findGroups("");
                while (findGroups.hasNext()) {
                    hashSet.add(((Covenantee) findGroups.next()).getPrincipal());
                }
            } catch (RepositoryException e) {
                log.error("getGroups: faild to access Groups {}", e);
            }
            defaultPrincipalIterator = new DefaultPrincipalIterator(hashSet);
        }
        return defaultPrincipalIterator;
    }

    @Override // com.day.crx.security.spi.PrincipalProvider
    public PrincipalIterator getGroupMembership(Principal principal) {
        DefaultPrincipalIterator defaultPrincipalIterator;
        sanityCheck();
        if (principal == null) {
            throw new IllegalArgumentException("User argument must not be null");
        }
        synchronized (this.membershipCache) {
            Set set = (Set) this.membershipCache.get(principal.getName());
            if (set == null) {
                set = internalGetGroupMembership(principal);
                this.membershipCache.put(principal.getName(), set);
            }
            defaultPrincipalIterator = new DefaultPrincipalIterator(set);
        }
        return defaultPrincipalIterator;
    }

    private Set internalGetGroupMembership(Principal principal) {
        Covenantee covenantee;
        if (!hasPrincipal(principal.getName())) {
            return Collections.EMPTY_SET;
        }
        HashSet hashSet = new HashSet();
        if (getEveryone().isMember(principal)) {
            hashSet.add(getEveryone());
        }
        try {
            covenantee = this.userManager.getCovenantee(principal);
        } catch (RepositoryException e) {
            log.error("getGroupMembership: failed to access membership for ''{}'': {}", principal, e.getMessage());
            log.debug("", e);
        }
        if (covenantee == null) {
            return hashSet;
        }
        Iterator memberOf = covenantee.memberOf();
        while (memberOf.hasNext()) {
            Principal principal2 = ((com.day.crx.security.Group) memberOf.next()).getPrincipal();
            if (!hashSet.add(principal2)) {
                log.warn("getGroupMemberhisp: detected cyclic GroupMemberhsip of {} to {} -> break", principal, principal2);
                return hashSet;
            }
            hashSet.addAll(internalGetGroupMembership(principal2));
        }
        return hashSet;
    }

    @Override // com.day.crx.security.spi.PrincipalProvider
    public boolean checkPermission(Subject subject, Principal principal, ActionSet actionSet) {
        try {
            if (!(principal instanceof NodePrincipal) || subject.getPrincipals().contains(getAdmin()) || subject.getPrincipals().contains(new SystemPrincipal())) {
                return true;
            }
            return this.aclManager.getAcl(((NodePrincipal) principal).getPath()).grants(subject.getPrincipals(), actionSet);
        } catch (RepositoryException e) {
            log.warn("checkPermission failed {} -> deny access", e);
            return false;
        }
    }

    public Principal getAdmin() {
        try {
            User admin = this.userManager.getAdmin();
            if (admin != null) {
                return new AdminPrincipal(admin);
            }
            return null;
        } catch (RepositoryException e) {
            log.warn("getAdmin: can not access node, configured for adminstrator.", e);
            return null;
        }
    }

    public CRXGroup getEveryone() {
        return this.everyone;
    }

    public NodePrincipal getPrincipalByUUID(String str) {
        try {
            Covenantee covenantee = this.userManager.getCovenantee(str);
            if (covenantee != null) {
                return (NodePrincipal) covenantee.getPrincipal();
            }
            return null;
        } catch (RepositoryException e) {
            log.error("Unable to retrieve principal by uuid {}: {}", str, e.getMessage());
            return null;
        }
    }

    public void onEvent(EventIterator eventIterator) {
        flushAll();
        synchronized (this.membershipCache) {
            this.membershipCache.clear();
        }
        synchronized (this.findUserCache) {
            this.findUserCache.clear();
        }
    }

    public DefaultPrincipalEditor getEditor(CRXSession cRXSession) throws RepositoryException, AccessDeniedException {
        return new DefaultPrincipalEditor(this, cRXSession);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$day$crx$security$principals$DefaultPrincipalProvider == null) {
            cls = class$("com.day.crx.security.principals.DefaultPrincipalProvider");
            class$com$day$crx$security$principals$DefaultPrincipalProvider = cls;
        } else {
            cls = class$com$day$crx$security$principals$DefaultPrincipalProvider;
        }
        log = LoggerFactory.getLogger(cls);
    }
}
