package com.day.crx.core;

import com.day.crx.CRXSession;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.jcr.ItemNotFoundException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.Property;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.ValueFormatException;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.commons.iterator.NodeIterable;
import org.apache.jackrabbit.commons.iterator.PropertyIterable;
import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.core.security.user.UserManagerImpl;
import org.apache.jackrabbit.spi.commons.conversion.DefaultNamePathResolver;
import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/day/crx/core/CRXSecurityMigration.class */
public class CRXSecurityMigration implements AccessControlConstants {
    private static final Logger log = LoggerFactory.getLogger(CRXSecurityMigration.class);
    private static final Map<String, List<String>> ACT2PRIV = new HashMap();
    private static final String SECURITY_ROOT_PATH = "/rep:security";
    private static final String PRINCIPALS_PATH = "/rep:security/rep:principals";
    private static final String REP_AC = "rep:accessControl";
    private static final String REP_ACTIONS = "rep:actions";
    private static final String REP_GROUP = "rep:Group";
    private static final String REP_GROUPS = "rep:groups";
    private static final String REP_GRANT_PERMISSION = "rep:GrantPermission";
    private static final String REP_ID = "rep:id";
    private static final String REP_MEMBER = "rep:member";
    private static final String REP_PASSWORD = "rep:password";
    private static final String REP_PRINCIPAL = "rep:principal";
    private static final String REP_REFEREES = "rep:referees";
    private static final String REP_USER = "rep:User";
    private static final String REP_USERS = "rep:users";
    private static final String REP_USER_ID = "rep:userId";
    private static final String REP_WORKSPACES = "rep:workspaces";
    private static final String SUDOERS_AC = "rep:sudoers/rep:accessControl";
    private final List<ProgressListener> listeners = new ArrayList();
    private final CRXSession session;
    private final UserManagerImpl userMgr;
    private final NamePathResolver resolver;

    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$ACMigration.class */
    protected static class ACMigration implements Task {
        protected final CRXSession session;
        protected final NamePathResolver resolver;
        protected final JackrabbitAccessControlManager acMgr;
        protected final PrincipalManager principalMgr;

        public ACMigration(CRXSession cRXSession) throws RepositoryException {
            this.session = cRXSession;
            this.resolver = new DefaultNamePathResolver(cRXSession);
            this.acMgr = cRXSession.getAccessControlManager();
            this.principalMgr = cRXSession.getPrincipalManager();
        }

        @Override // com.day.crx.core.CRXSecurityMigration.Task
        public void run(Node node) throws RepositoryException {
            Value[] valueArr;
            if (node.hasNode(CRXSecurityMigration.REP_AC)) {
                CRXSecurityMigration.log.info("migrating access control on {}", node.getPath());
                JackrabbitAccessControlList jackrabbitAccessControlList = null;
                AccessControlPolicyIterator applicablePolicies = this.acMgr.getApplicablePolicies(node.getPath());
                while (true) {
                    if (!applicablePolicies.hasNext()) {
                        break;
                    }
                    AccessControlPolicy nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
                    if (nextAccessControlPolicy instanceof JackrabbitAccessControlList) {
                        jackrabbitAccessControlList = (JackrabbitAccessControlList) nextAccessControlPolicy;
                        break;
                    }
                }
                if (jackrabbitAccessControlList == null) {
                    AccessControlPolicy[] policies = this.acMgr.getPolicies(node.getPath());
                    int length = policies.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        AccessControlPolicy accessControlPolicy = policies[i];
                        if (accessControlPolicy instanceof JackrabbitAccessControlList) {
                            jackrabbitAccessControlList = (JackrabbitAccessControlList) accessControlPolicy;
                            break;
                        }
                        i++;
                    }
                }
                if (jackrabbitAccessControlList == null) {
                    CRXSecurityMigration.log.warn("Unable to get/create ACL for node at path '{}'", node.getPath());
                    return;
                }
                Iterator it = new NodeIterable(node.getNode(CRXSecurityMigration.REP_AC).getNodes()).iterator();
                while (it.hasNext()) {
                    Node node2 = (Node) it.next();
                    boolean equals = node2.getProperty("jcr:primaryType").getString().equals(CRXSecurityMigration.REP_GRANT_PERMISSION);
                    String string = node2.getProperty(CRXSecurityMigration.REP_PRINCIPAL).getString();
                    Principal principal = this.principalMgr.getPrincipal(string);
                    try {
                        valueArr = node2.getProperty(CRXSecurityMigration.REP_ACTIONS).getValues();
                    } catch (ValueFormatException e) {
                        valueArr = new Value[]{node2.getProperty(CRXSecurityMigration.REP_ACTIONS).getValue()};
                    }
                    ArrayList<Privilege> arrayList = new ArrayList();
                    for (Value value : valueArr) {
                        String string2 = value.getString();
                        Privilege[] privilegesForAction = getPrivilegesForAction(string2);
                        if (privilegesForAction != null) {
                            arrayList.addAll(Arrays.asList(privilegesForAction));
                        } else if (!string2.equals("sudo") && !string2.equals("workspaceAccess")) {
                            CRXSecurityMigration.log.warn("Unable to map action '{}' to JSR 283 privilege", value.getString());
                        }
                    }
                    if (CRXSecurityMigration.log.isInfoEnabled()) {
                        StringBuilder sb = new StringBuilder("[");
                        String str = "";
                        for (Value value2 : valueArr) {
                            sb.append(str);
                            sb.append(value2.getString());
                            str = ", ";
                        }
                        sb.append("]");
                        StringBuilder sb2 = new StringBuilder("[");
                        String str2 = "";
                        for (Privilege privilege : arrayList) {
                            sb2.append(str2);
                            sb2.append(privilege.getName());
                            str2 = ", ";
                        }
                        sb2.append("]");
                        Logger logger = CRXSecurityMigration.log;
                        Object[] objArr = new Object[4];
                        objArr[0] = equals ? "allow" : "deny";
                        objArr[1] = string;
                        objArr[2] = sb;
                        objArr[3] = sb2;
                        logger.info("{} {}, mapped {} to {}", objArr);
                    }
                    jackrabbitAccessControlList.addEntry(principal, (Privilege[]) arrayList.toArray(new Privilege[arrayList.size()]), equals);
                }
                this.acMgr.setPolicy(node.getPath(), jackrabbitAccessControlList);
                this.session.save();
            }
        }

        protected Privilege[] getPrivilegesForAction(String str) throws RepositoryException {
            List list = (List) CRXSecurityMigration.ACT2PRIV.get(str);
            if (list == null) {
                return null;
            }
            Privilege[] privilegeArr = new Privilege[list.size()];
            int i = 0;
            Iterator it = list.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                privilegeArr[i2] = this.acMgr.privilegeFromName((String) it.next());
            }
            return privilegeArr;
        }
    }

    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$AssignImpersonators.class */
    protected class AssignImpersonators implements Task {
        protected AssignImpersonators() {
        }

        @Override // com.day.crx.core.CRXSecurityMigration.Task
        public void run(Node node) throws RepositoryException {
            String string = node.getProperty(CRXSecurityMigration.REP_USER_ID).getString();
            if (node.hasNode(CRXSecurityMigration.SUDOERS_AC)) {
                NodeIterator nodes = node.getNode(CRXSecurityMigration.SUDOERS_AC).getNodes();
                if (nodes.hasNext()) {
                    User authorizable = CRXSecurityMigration.this.userMgr.getAuthorizable(string);
                    if (authorizable == null) {
                        throw new RepositoryException("authorizable not found for userId " + string);
                    }
                    if (!(authorizable instanceof User)) {
                        throw new RepositoryException("not a user: " + node.getPath());
                    }
                    Impersonation impersonation = authorizable.getImpersonation();
                    while (nodes.hasNext()) {
                        Node nextNode = nodes.nextNode();
                        if (nextNode.hasProperty(CRXSecurityMigration.REP_PRINCIPAL)) {
                            impersonation.grantImpersonation(new PrincipalImpl(nextNode.getProperty(CRXSecurityMigration.REP_PRINCIPAL).getString()));
                        }
                    }
                }
            }
        }
    }

    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$AssignMembers.class */
    protected class AssignMembers implements Task {
        protected AssignMembers() {
        }

        @Override // com.day.crx.core.CRXSecurityMigration.Task
        public void run(Node node) throws RepositoryException {
            Node nodeByIdentifier;
            String userPrincipalName;
            if (node.hasProperty(CRXSecurityMigration.REP_MEMBER)) {
                Group authorizable = CRXSecurityMigration.this.userMgr.getAuthorizable(new PrincipalImpl(CRXSecurityMigration.this.getGroupPrincipalName(node)));
                if (!authorizable.isGroup()) {
                    throw new RepositoryException("expected group for principal: " + CRXSecurityMigration.this.getGroupPrincipalName(node));
                }
                Group group = authorizable;
                for (Value value : node.getProperty(CRXSecurityMigration.REP_MEMBER).getValues()) {
                    String string = value.getString();
                    try {
                        nodeByIdentifier = CRXSecurityMigration.this.session.getNodeByIdentifier(string);
                    } catch (ItemNotFoundException e) {
                        CRXSecurityMigration.log.warn("Dangling member reference in group {}: {}", Text.unescapeIllegalJcrChars(node.getName()), string);
                    }
                    if (nodeByIdentifier.isNodeType(CRXSecurityMigration.REP_GROUP)) {
                        userPrincipalName = CRXSecurityMigration.this.getGroupPrincipalName(nodeByIdentifier);
                    } else if (nodeByIdentifier.isNodeType(CRXSecurityMigration.REP_USER)) {
                        userPrincipalName = CRXSecurityMigration.this.getUserPrincipalName(nodeByIdentifier);
                    } else {
                        CRXSecurityMigration.log.warn("rep:member references {}", nodeByIdentifier.getProperty("jcr:primaryType").getString());
                    }
                    Authorizable authorizable2 = CRXSecurityMigration.this.userMgr.getAuthorizable(new PrincipalImpl(userPrincipalName));
                    if (authorizable2 != null) {
                        group.addMember(authorizable2);
                    } else {
                        CRXSecurityMigration.log.warn("Authorization not found for principal name: {}", userPrincipalName);
                    }
                }
            }
        }
    }

    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$AssignWorkspaceAccess.class */
    protected class AssignWorkspaceAccess implements Task {
        protected AssignWorkspaceAccess() {
        }

        @Override // com.day.crx.core.CRXSecurityMigration.Task
        public void run(Node node) throws RepositoryException {
            node.getName();
            if (node.hasNode(CRXSecurityMigration.REP_AC)) {
                node.getNode(CRXSecurityMigration.REP_AC).getNodes();
            }
        }
    }

    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$CreateGroups.class */
    protected class CreateGroups implements Task {
        protected CreateGroups() {
        }

        @Override // com.day.crx.core.CRXSecurityMigration.Task
        public void run(Node node) throws RepositoryException {
            Group authorizable;
            String groupPrincipalName = CRXSecurityMigration.this.getGroupPrincipalName(node);
            PrincipalImpl principalImpl = new PrincipalImpl(groupPrincipalName);
            try {
                authorizable = CRXSecurityMigration.this.userMgr.createGroup(principalImpl);
            } catch (AuthorizableExistsException e) {
                CRXSecurityMigration.log.debug("Group already exists: {}", groupPrincipalName);
                authorizable = CRXSecurityMigration.this.userMgr.getAuthorizable(principalImpl);
            }
            CRXSecurityMigration.this.notifyMigrated(authorizable, node.getPath());
        }
    }

    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$CreateUsers.class */
    protected class CreateUsers implements Task {
        protected CreateUsers() {
        }

        @Override // com.day.crx.core.CRXSecurityMigration.Task
        public void run(Node node) throws RepositoryException {
            User user;
            Value[] property;
            String str = null;
            try {
                str = node.getProperty(CRXSecurityMigration.REP_PASSWORD).getString();
            } catch (PathNotFoundException e) {
            }
            String string = node.getProperty(CRXSecurityMigration.REP_USER_ID).getString();
            String userPrincipalName = CRXSecurityMigration.this.getUserPrincipalName(node);
            PrincipalImpl principalImpl = new PrincipalImpl(userPrincipalName);
            try {
                user = CRXSecurityMigration.this.userMgr.createUser(string, str != null ? str : "", principalImpl, (String) null);
            } catch (AuthorizableExistsException e2) {
                User authorizable = CRXSecurityMigration.this.userMgr.getAuthorizable(principalImpl);
                if (!(authorizable instanceof User)) {
                    throw new RepositoryException("Authorizable '" + userPrincipalName + "' already exists. Cannot migrate user with same id");
                }
                user = authorizable;
            }
            if (str != null && (property = user.getProperty(CRXSecurityMigration.REP_PASSWORD)) != null && property.length == 1 && !property[0].getString().equals(str)) {
                user.changePassword(str);
            }
            if (node.hasProperty(CRXSecurityMigration.REP_REFEREES)) {
                for (Value value : node.getProperty(CRXSecurityMigration.REP_REFEREES).getValues()) {
                    user.addReferee(new PrincipalImpl(value.getString()));
                }
            }
            Iterator it = new PropertyIterable(node.getProperties()).iterator();
            while (it.hasNext()) {
                Property property2 = (Property) it.next();
                if (!property2.getDefinition().isProtected()) {
                    String name = property2.getName();
                    try {
                        if (property2.isMultiple()) {
                            user.setProperty(name, property2.getValues());
                        } else {
                            user.setProperty(name, property2.getValue());
                        }
                    } catch (ConstraintViolationException e3) {
                    }
                }
            }
            CRXSecurityMigration.this.notifyMigrated(user, node.getPath());
        }
    }

    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$ProgressListener.class */
    public interface ProgressListener {
        void migrated(Authorizable authorizable, String str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$Task.class */
    public interface Task {
        void run(Node node) throws RepositoryException;
    }

    protected CRXSecurityMigration(CRXSession cRXSession) throws RepositoryException {
        this.session = cRXSession;
        this.userMgr = cRXSession.getUserManager();
        this.resolver = new DefaultNamePathResolver(cRXSession);
    }

    public static CRXSecurityMigration create(CRXSession cRXSession) throws RepositoryException {
        if (cRXSession.getUserManager() instanceof UserManagerImpl) {
            return new CRXSecurityMigration(cRXSession);
        }
        throw new RepositoryException("Unknown UserManager implementation");
    }

    public void run() throws RepositoryException {
        if (!this.session.itemExists(PRINCIPALS_PATH)) {
            log.info("No user migration needed");
            return;
        }
        ProgressListener progressListener = new ProgressListener() { // from class: com.day.crx.core.CRXSecurityMigration.1
            @Override // com.day.crx.core.CRXSecurityMigration.ProgressListener
            public void migrated(Authorizable authorizable, String str) {
                try {
                    CRXSecurityMigration.log.info("migrated {} from {}", new Object[]{authorizable.getID(), str});
                } catch (RepositoryException e) {
                    CRXSecurityMigration.log.warn("exception while reading from Authorizable", e);
                }
            }
        };
        addListener(progressListener);
        try {
            Node node = this.session.getNode(PRINCIPALS_PATH);
            if (node.hasNode(REP_USERS)) {
                Node node2 = node.getNode(REP_USERS);
                traverse(node2, REP_USER, new CreateUsers());
                traverse(node2, REP_USER, new AssignImpersonators());
            }
            if (node.hasNode(REP_GROUPS)) {
                Node node3 = node.getNode(REP_GROUPS);
                traverse(node3, REP_GROUP, new CreateGroups());
                traverse(node3, REP_GROUP, new AssignMembers());
            }
            Node rootNode = this.session.getRootNode();
            if (rootNode.hasNode(REP_WORKSPACES)) {
                Iterator it = new NodeIterable(rootNode.getNode(REP_WORKSPACES).getNodes()).iterator();
                while (it.hasNext()) {
                    new AssignWorkspaceAccess().run((Node) it.next());
                }
            }
            for (String str : this.session.getWorkspace().getAccessibleWorkspaceNames()) {
                CRXSession session = this.session.getSession(str);
                log.info("Migrating access control for workspace {}", str);
                try {
                    traverse(session.getRootNode(), this.resolver.getJCRName(NT_REP_ACCESS_CONTROLLABLE), new ACMigration(session));
                    session.logout();
                } finally {
                }
            }
            this.session.getWorkspace().move(PRINCIPALS_PATH, "/rep:security/rep:principals_migrated");
        } finally {
            removeListener(progressListener);
        }
    }

    public void addListener(ProgressListener progressListener) {
        this.listeners.add(progressListener);
    }

    public void removeListener(ProgressListener progressListener) {
        this.listeners.remove(progressListener);
    }

    protected void notifyMigrated(Authorizable authorizable, String str) {
        Iterator<ProgressListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().migrated(authorizable, str);
        }
    }

    protected void traverse(Node node, String str, Task task) throws RepositoryException {
        NodeIterator nodes = node.getNodes();
        ArrayList arrayList = new ArrayList();
        while (nodes.hasNext()) {
            Node nextNode = nodes.nextNode();
            arrayList.clear();
            arrayList.add(nextNode.getProperty("jcr:primaryType").getString());
            if (nextNode.hasProperty("jcr:mixinTypes")) {
                for (Value value : nextNode.getProperty("jcr:mixinTypes").getValues()) {
                    arrayList.add(value.getString());
                }
            }
            Iterator it = arrayList.iterator();
            while (true) {
                if (it.hasNext()) {
                    if (((String) it.next()).equals(str)) {
                        task.run(nextNode);
                        break;
                    }
                } else {
                    break;
                }
            }
            traverse(nextNode, str, task);
        }
    }

    protected String getGroupPrincipalName(Node node) throws RepositoryException {
        String str = null;
        if (node.hasProperty(this.resolver.getJCRName(P_PRINCIPAL_NAME))) {
            str = node.getProperty(this.resolver.getJCRName(P_PRINCIPAL_NAME)).getString();
        }
        if (str == null && node.hasProperty(REP_ID)) {
            str = node.getProperty(REP_ID).getString();
        }
        if (str == null) {
            str = Text.unescapeIllegalJcrChars(node.getName());
        }
        return str;
    }

    protected String getUserPrincipalName(Node node) throws RepositoryException {
        String string = node.getProperty(REP_USER_ID).getString();
        String str = null;
        if (node.hasProperty(this.resolver.getJCRName(P_PRINCIPAL_NAME))) {
            str = node.getProperty(this.resolver.getJCRName(P_PRINCIPAL_NAME)).getString();
        }
        if (str == null) {
            str = string;
        }
        return str;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v42, types: [java.io.InputStream] */
    static {
        FileInputStream fileInputStream = null;
        String property = System.getProperty("crx.security.migration.config");
        if (property != null) {
            try {
                fileInputStream = new FileInputStream(property);
            } catch (FileNotFoundException e) {
                log.warn("{} does not exist. Using default security migration config.", property);
            }
        }
        if (fileInputStream == null) {
            fileInputStream = CRXSecurityMigration.class.getResourceAsStream("security_migration.properties");
        }
        try {
            Properties properties = new Properties();
            properties.load(fileInputStream);
            for (Map.Entry entry : properties.entrySet()) {
                String str = (String) entry.getKey();
                ArrayList arrayList = new ArrayList();
                for (String str2 : Text.explode((String) entry.getValue(), 44)) {
                    arrayList.add(str2.trim());
                }
                ACT2PRIV.put(str, arrayList);
            }
        } catch (IOException e2) {
            throw ((Error) new InternalError().initCause(e2));
        }
    }
}
