package com.day.crx.core;

import com.day.crx.CRXSession;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.UUID;
import javax.jcr.ItemNotFoundException;
import javax.jcr.NamespaceException;
import javax.jcr.NamespaceRegistry;
import javax.jcr.NoSuchWorkspaceException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.Property;
import javax.jcr.PropertyIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.ValueFormatException;
import javax.jcr.Workspace;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.nodetype.NodeTypeManager;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.commons.iterator.NodeIterable;
import org.apache.jackrabbit.commons.iterator.PropertyIterable;
import org.apache.jackrabbit.core.config.UserManagerConfig;
import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.core.security.principal.UnknownPrincipal;
import org.apache.jackrabbit.core.security.user.UserManagerImpl;
import org.apache.jackrabbit.spi.commons.conversion.DefaultNamePathResolver;
import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/day/crx/core/CRXSecurityMigration.class */
public class CRXSecurityMigration implements AccessControlConstants {
    private static final Logger log = LoggerFactory.getLogger(CRXSecurityMigration.class);
    private static final Map<String, List<String>> ACT2PRIV = new HashMap();
    private static final String CRX_SYSTEM_WSP_NAME = "crx.system";
    private static final String SECURITY_ROOT_PATH = "/rep:security";
    private static final String PRINCIPALS_PATH = "/rep:security/rep:principals";
    private static final String CQ_MIRROR_GROUP = "cq:MirrorGroup";
    private static final String CQ_MIRROR_USER = "cq:MirrorUser";
    private static final String SLING_NS_URI = "http://sling.apache.org/jcr/sling/1.0";
    private static final String SLING_NS_PREFIX = "sling";
    private static final String SLING_RESOURCE_TYPE = "sling:resourceType";
    private static final String REP_AC = "rep:accessControl";
    private static final String REP_ACTIONS = "rep:actions";
    private static final String REP_GROUP = "rep:Group";
    private static final String REP_GROUPS = "rep:groups";
    private static final String REP_GRANT_PERMISSION = "rep:GrantPermission";
    private static final String REP_ID = "rep:id";
    private static final String REP_MEMBER = "rep:member";
    private static final String REP_PASSWORD = "rep:password";
    private static final String REP_PRINCIPAL = "rep:principal";
    private static final String REP_USER = "rep:User";
    private static final String REP_USERS = "rep:users";
    private static final String REP_USER_ID = "rep:userId";
    private static final String REP_WORKSPACES = "rep:workspaces";
    private static final String USERS_PATH = "/rep:security/rep:principals/rep:users";
    private static final String GROUPS_PATH = "/rep:security/rep:principals/rep:groups";
    private static final String REP_MIGRATED_WSP_NAMES = "rep:migratedWorkspaceNames";
    private static final String SUDOERS_AC = "rep:sudoers/rep:accessControl";
    private CRXRepositoryImpl repository;
    private CRXSession session;
    private CRXSession securitySession;
    private UserManagerImpl userMgr;
    private NamePathResolver resolver;
    private final List<ProgressListener> listeners = new ArrayList();
    private boolean needsMigration = false;
    private Node existingUserHome = null;
    private Node existingGroupHome = null;

    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$ACMigration.class */
    protected static class ACMigration implements Task {
        protected final CRXSession session;
        protected final NamePathResolver resolver;
        protected final JackrabbitAccessControlManager acMgr;
        protected final PrincipalManager principalMgr;

        public ACMigration(CRXSession cRXSession) throws RepositoryException {
            this.session = cRXSession;
            this.resolver = new DefaultNamePathResolver(cRXSession);
            this.acMgr = cRXSession.getAccessControlManager();
            this.principalMgr = cRXSession.getPrincipalManager();
        }

        @Override // com.day.crx.core.CRXSecurityMigration.Task
        public void run(Node node) throws RepositoryException {
            Value[] valueArr;
            if (node.hasNode(CRXSecurityMigration.REP_AC)) {
                CRXSecurityMigration.log.info("migrating access control on {}", node.getPath());
                JackrabbitAccessControlList jackrabbitAccessControlList = null;
                AccessControlPolicyIterator applicablePolicies = this.acMgr.getApplicablePolicies(node.getPath());
                while (true) {
                    if (!applicablePolicies.hasNext()) {
                        break;
                    }
                    AccessControlPolicy nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
                    if (nextAccessControlPolicy instanceof JackrabbitAccessControlList) {
                        jackrabbitAccessControlList = (JackrabbitAccessControlList) nextAccessControlPolicy;
                        break;
                    }
                }
                if (jackrabbitAccessControlList == null) {
                    AccessControlPolicy[] policies = this.acMgr.getPolicies(node.getPath());
                    int length = policies.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        AccessControlPolicy accessControlPolicy = policies[i];
                        if (accessControlPolicy instanceof JackrabbitAccessControlList) {
                            jackrabbitAccessControlList = (JackrabbitAccessControlList) accessControlPolicy;
                            break;
                        }
                        i++;
                    }
                }
                if (jackrabbitAccessControlList == null) {
                    CRXSecurityMigration.log.warn("Unable to get/create ACL for node at path '{}'", node.getPath());
                    return;
                }
                Node node2 = node.getNode(CRXSecurityMigration.REP_AC);
                Iterator it = new NodeIterable(node2.getNodes()).iterator();
                while (it.hasNext()) {
                    Node node3 = (Node) it.next();
                    boolean equals = node3.getProperty("jcr:primaryType").getString().equals(CRXSecurityMigration.REP_GRANT_PERMISSION);
                    String string = node3.getProperty(CRXSecurityMigration.REP_PRINCIPAL).getString();
                    UnknownPrincipal principal = this.principalMgr.getPrincipal(string);
                    if (principal == null) {
                        principal = new UnknownPrincipal(string);
                    }
                    try {
                        valueArr = node3.getProperty(CRXSecurityMigration.REP_ACTIONS).getValues();
                    } catch (ValueFormatException e) {
                        valueArr = new Value[]{node3.getProperty(CRXSecurityMigration.REP_ACTIONS).getValue()};
                    }
                    ArrayList<Privilege> arrayList = new ArrayList();
                    for (Value value : valueArr) {
                        String string2 = value.getString();
                        Privilege[] privilegesForAction = getPrivilegesForAction(string2);
                        if (privilegesForAction != null) {
                            arrayList.addAll(Arrays.asList(privilegesForAction));
                        } else if (!string2.equals("sudo") && !string2.equals("workspaceAccess")) {
                            CRXSecurityMigration.log.warn("Unable to map action '{}' to JSR 283 privilege", value.getString());
                        }
                    }
                    if (CRXSecurityMigration.log.isInfoEnabled()) {
                        StringBuilder sb = new StringBuilder("[");
                        String str = "";
                        for (Value value2 : valueArr) {
                            sb.append(str);
                            sb.append(value2.getString());
                            str = ", ";
                        }
                        sb.append("]");
                        StringBuilder sb2 = new StringBuilder("[");
                        String str2 = "";
                        for (Privilege privilege : arrayList) {
                            sb2.append(str2);
                            sb2.append(privilege.getName());
                            str2 = ", ";
                        }
                        sb2.append("]");
                        Logger logger = CRXSecurityMigration.log;
                        Object[] objArr = new Object[4];
                        objArr[0] = equals ? "allow" : "deny";
                        objArr[1] = string;
                        objArr[2] = sb;
                        objArr[3] = sb2;
                        logger.info("{} {}, mapped {} to {}", objArr);
                    }
                    if (!arrayList.isEmpty()) {
                        jackrabbitAccessControlList.addEntry(principal, (Privilege[]) arrayList.toArray(new Privilege[arrayList.size()]), equals);
                    }
                }
                if (!jackrabbitAccessControlList.isEmpty()) {
                    this.acMgr.setPolicy(node.getPath(), jackrabbitAccessControlList);
                }
                node2.remove();
                this.session.save();
            }
        }

        protected Privilege[] getPrivilegesForAction(String str) throws RepositoryException {
            List list = (List) CRXSecurityMigration.ACT2PRIV.get(str);
            if (list == null) {
                return null;
            }
            Privilege[] privilegeArr = new Privilege[list.size()];
            int i = 0;
            Iterator it = list.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                privilegeArr[i2] = this.acMgr.privilegeFromName((String) it.next());
            }
            return privilegeArr;
        }
    }

    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$AssignImpersonators.class */
    protected class AssignImpersonators implements Task {
        protected AssignImpersonators() {
        }

        @Override // com.day.crx.core.CRXSecurityMigration.Task
        public void run(Node node) throws RepositoryException {
            String string = node.getProperty(CRXSecurityMigration.REP_USER_ID).getString();
            if (node.hasNode(CRXSecurityMigration.SUDOERS_AC)) {
                NodeIterator nodes = node.getNode(CRXSecurityMigration.SUDOERS_AC).getNodes();
                if (nodes.hasNext()) {
                    User authorizable = CRXSecurityMigration.this.userMgr.getAuthorizable(string);
                    if (authorizable == null) {
                        throw new RepositoryException("authorizable not found for userId " + string);
                    }
                    if (!(authorizable instanceof User)) {
                        throw new RepositoryException("not a user: " + node.getPath());
                    }
                    Impersonation impersonation = authorizable.getImpersonation();
                    while (nodes.hasNext()) {
                        Node nextNode = nodes.nextNode();
                        if (nextNode.hasProperty(CRXSecurityMigration.REP_PRINCIPAL)) {
                            impersonation.grantImpersonation(new PrincipalImpl(nextNode.getProperty(CRXSecurityMigration.REP_PRINCIPAL).getString()));
                        }
                    }
                }
            }
        }
    }

    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$AssignMembers.class */
    protected class AssignMembers implements Task {
        protected AssignMembers() {
        }

        @Override // com.day.crx.core.CRXSecurityMigration.Task
        public void run(Node node) throws RepositoryException {
            Node nodeByIdentifier;
            String userPrincipalName;
            if (node.hasProperty(CRXSecurityMigration.REP_MEMBER)) {
                Group authorizable = CRXSecurityMigration.this.userMgr.getAuthorizable(CRXSecurityMigration.this.getGroupPrincipalName(node));
                if (!authorizable.isGroup()) {
                    throw new RepositoryException("expected group for principal: " + CRXSecurityMigration.this.getGroupPrincipalName(node));
                }
                Group group = authorizable;
                for (Value value : node.getProperty(CRXSecurityMigration.REP_MEMBER).getValues()) {
                    String string = value.getString();
                    try {
                        nodeByIdentifier = CRXSecurityMigration.this.securitySession.getNodeByIdentifier(string);
                    } catch (ItemNotFoundException e) {
                        CRXSecurityMigration.log.warn("Dangling member reference in group {}: {}", Text.unescapeIllegalJcrChars(node.getName()), string);
                    }
                    if (nodeByIdentifier.isNodeType(CRXSecurityMigration.REP_GROUP)) {
                        userPrincipalName = CRXSecurityMigration.this.getGroupPrincipalName(nodeByIdentifier);
                    } else if (nodeByIdentifier.isNodeType(CRXSecurityMigration.REP_USER)) {
                        userPrincipalName = CRXSecurityMigration.this.getUserPrincipalName(nodeByIdentifier);
                    } else {
                        CRXSecurityMigration.log.warn("rep:member references {}", nodeByIdentifier.getProperty("jcr:primaryType").getString());
                    }
                    Authorizable authorizable2 = CRXSecurityMigration.this.userMgr.getAuthorizable(new PrincipalImpl(userPrincipalName));
                    if (authorizable2 != null) {
                        group.addMember(authorizable2);
                    } else {
                        CRXSecurityMigration.log.warn("Authorization not found for principal name: {}", userPrincipalName);
                    }
                }
            }
        }
    }

    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$AssignWorkspaceAccess.class */
    protected class AssignWorkspaceAccess implements Task {
        protected AssignWorkspaceAccess() {
        }

        @Override // com.day.crx.core.CRXSecurityMigration.Task
        public void run(Node node) throws RepositoryException {
            node.getName();
            if (node.hasNode(CRXSecurityMigration.REP_AC)) {
                node.getNode(CRXSecurityMigration.REP_AC).getNodes();
            }
        }
    }

    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$CreateGroups.class */
    protected class CreateGroups implements Task {
        protected CreateGroups() {
        }

        @Override // com.day.crx.core.CRXSecurityMigration.Task
        public void run(Node node) throws RepositoryException {
            Group authorizable;
            String groupPrincipalName = CRXSecurityMigration.this.getGroupPrincipalName(node);
            CRXSecurityMigration.this.deleteAuthorizableNode(groupPrincipalName);
            PrincipalImpl principalImpl = new PrincipalImpl(groupPrincipalName);
            try {
                authorizable = CRXSecurityMigration.this.userMgr.createGroup(principalImpl, CRXSecurityMigration.getIntermediatePath(node, CRXSecurityMigration.GROUPS_PATH));
            } catch (AuthorizableExistsException e) {
                CRXSecurityMigration.log.debug("Group already exists: {}", groupPrincipalName);
                authorizable = CRXSecurityMigration.this.userMgr.getAuthorizable(principalImpl);
            }
            CRXSecurityMigration.copyProperties(node, authorizable);
            if (CRXSecurityMigration.this.existingGroupHome != null) {
                try {
                    CRXSecurityMigration.this.restoreHome(authorizable, CRXSecurityMigration.this.userMgr.getGroupsPath(), CRXSecurityMigration.this.existingGroupHome);
                } catch (RepositoryException e2) {
                    CRXSecurityMigration.log.error("Error while copying home content", e2);
                }
            }
            CRXSecurityMigration.this.notifyMigrated(authorizable, node.getPath());
        }
    }

    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$CreateUsers.class */
    protected class CreateUsers implements Task {
        protected CreateUsers() {
        }

        @Override // com.day.crx.core.CRXSecurityMigration.Task
        public void run(Node node) throws RepositoryException {
            User user;
            Value[] property;
            String str = null;
            try {
                str = node.getProperty(CRXSecurityMigration.REP_PASSWORD).getString();
            } catch (PathNotFoundException e) {
            }
            String string = node.getProperty(CRXSecurityMigration.REP_USER_ID).getString();
            CRXSecurityMigration.this.deleteAuthorizableNode(string);
            String userPrincipalName = CRXSecurityMigration.this.getUserPrincipalName(node);
            PrincipalImpl principalImpl = new PrincipalImpl(userPrincipalName);
            try {
                user = CRXSecurityMigration.this.userMgr.createUser(string, str != null ? str : "", principalImpl, CRXSecurityMigration.getIntermediatePath(node, CRXSecurityMigration.USERS_PATH));
            } catch (AuthorizableExistsException e2) {
                User authorizable = CRXSecurityMigration.this.userMgr.getAuthorizable(principalImpl);
                if (!(authorizable instanceof User)) {
                    CRXSecurityMigration.log.error("Authorizable '" + userPrincipalName + "' already exists. Cannot migrate user with same id");
                    return;
                }
                user = authorizable;
            }
            if (str != null && (property = user.getProperty(CRXSecurityMigration.REP_PASSWORD)) != null && property.length == 1 && !property[0].getString().equals(str)) {
                user.changePassword(str);
            }
            CRXSecurityMigration.copyProperties(node, user);
            if (CRXSecurityMigration.this.existingUserHome != null) {
                try {
                    CRXSecurityMigration.this.restoreHome(user, CRXSecurityMigration.this.userMgr.getUsersPath(), CRXSecurityMigration.this.existingUserHome);
                } catch (RepositoryException e3) {
                    CRXSecurityMigration.log.error("Error while copying home content", e3);
                }
            }
            CRXSecurityMigration.this.notifyMigrated(user, node.getPath());
        }
    }

    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$ProgressListener.class */
    public interface ProgressListener {
        void migrated(Authorizable authorizable, String str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/day/crx/core/CRXSecurityMigration$Task.class */
    public interface Task {
        void run(Node node) throws RepositoryException;
    }

    protected CRXSecurityMigration(CRXRepositoryImpl cRXRepositoryImpl) throws RepositoryException {
        this.repository = cRXRepositoryImpl;
    }

    public static CRXSecurityMigration create(CRXRepositoryImpl cRXRepositoryImpl) throws RepositoryException {
        CRXSecurityMigration cRXSecurityMigration = new CRXSecurityMigration(cRXRepositoryImpl);
        cRXSecurityMigration.prepare();
        return cRXSecurityMigration;
    }

    protected void prepare() throws RepositoryException {
        try {
            this.securitySession = this.repository.internalGetSystemSession(CRX_SYSTEM_WSP_NAME);
            String defaultWorkspaceName = this.repository.getConfig().getDefaultWorkspaceName();
            if (this.securitySession.getRootNode().hasProperty(REP_MIGRATED_WSP_NAMES)) {
                Value[] values = this.securitySession.getRootNode().getProperty(REP_MIGRATED_WSP_NAMES).getValues();
                ArrayList arrayList = new ArrayList();
                for (Value value : values) {
                    arrayList.add(value.getString());
                }
                if (arrayList.contains(defaultWorkspaceName)) {
                    return;
                }
            }
            if (this.securitySession.itemExists(PRINCIPALS_PATH)) {
                this.session = this.repository.internalGetSystemSession(this.repository.getConfig().getDefaultWorkspaceName());
                this.resolver = new DefaultNamePathResolver(this.session);
                long currentTimeMillis = System.currentTimeMillis();
                String usersHome = getUsersHome();
                if (this.session.itemExists(usersHome)) {
                    String str = usersHome + "-" + currentTimeMillis;
                    this.session.getWorkspace().move(usersHome, str);
                    this.existingUserHome = this.session.getNode(str);
                }
                String groupsHome = getGroupsHome();
                if (this.session.itemExists(groupsHome)) {
                    String str2 = groupsHome + "-" + currentTimeMillis;
                    this.session.getWorkspace().move(groupsHome, str2);
                    this.existingGroupHome = this.session.getNode(str2);
                }
                this.needsMigration = true;
            }
        } catch (NoSuchWorkspaceException e) {
        }
    }

    public void rollback() throws RepositoryException {
        if (this.needsMigration) {
            Workspace workspace = this.session.getWorkspace();
            if (this.existingUserHome != null) {
                workspace.move(this.existingUserHome.getPath(), getUsersHome());
            }
            if (this.existingGroupHome != null) {
                workspace.move(this.existingGroupHome.getPath(), getGroupsHome());
            }
        }
    }

    /* JADX WARN: Finally extract failed */
    public void perform() throws RepositoryException {
        if (this.needsMigration) {
            NamespaceRegistry namespaceRegistry = this.session.getWorkspace().getNamespaceRegistry();
            try {
                namespaceRegistry.getPrefix(SLING_NS_URI);
            } catch (NamespaceException e) {
                namespaceRegistry.registerNamespace(SLING_NS_PREFIX, SLING_NS_URI);
            }
            this.session = this.session.getSession(this.session.getWorkspace().getName());
            if (this.existingUserHome != null) {
                this.existingUserHome = this.session.getNode(this.existingUserHome.getPath());
            }
            if (this.existingGroupHome != null) {
                this.existingGroupHome = this.session.getNode(this.existingGroupHome.getPath());
            }
            this.userMgr = this.session.getUserManager();
            boolean isAutoSave = this.userMgr.isAutoSave();
            try {
                Workspace workspace = this.session.getWorkspace();
                this.userMgr.autoSave(true);
                ProgressListener progressListener = new ProgressListener() { // from class: com.day.crx.core.CRXSecurityMigration.1
                    @Override // com.day.crx.core.CRXSecurityMigration.ProgressListener
                    public void migrated(Authorizable authorizable, String str) {
                        try {
                            ItemBasedPrincipal principal = authorizable.getPrincipal();
                            CRXSecurityMigration.log.info("migrated {} from {} to {}", new Object[]{authorizable.getID(), str, principal instanceof ItemBasedPrincipal ? principal.getPath() : "?"});
                        } catch (RepositoryException e2) {
                            CRXSecurityMigration.log.warn("exception while reading from Authorizable", e2);
                        }
                    }
                };
                addListener(progressListener);
                try {
                    log.info("Migrating access control for workspace {}", workspace.getName());
                    CRXSession session = this.session.getSession(workspace.getName());
                    try {
                        traverse(session.getRootNode(), this.resolver.getJCRName(NT_REP_ACCESS_CONTROLLABLE), new ACMigration(session));
                        session.logout();
                        Node node = this.securitySession.getNode(PRINCIPALS_PATH);
                        if (node.hasNode(REP_USERS)) {
                            Node node2 = node.getNode(REP_USERS);
                            traverse(node2, REP_USER, new CreateUsers());
                            traverse(node2, REP_USER, new AssignImpersonators());
                        }
                        if (node.hasNode(REP_GROUPS)) {
                            Node node3 = node.getNode(REP_GROUPS);
                            traverse(node3, REP_GROUP, new CreateGroups());
                            traverse(node3, REP_GROUP, new AssignMembers());
                        }
                        Node rootNode = this.securitySession.getRootNode();
                        if (rootNode.hasNode(REP_WORKSPACES)) {
                            Iterator it = new NodeIterable(rootNode.getNode(REP_WORKSPACES).getNodes()).iterator();
                            while (it.hasNext()) {
                                new AssignWorkspaceAccess().run((Node) it.next());
                            }
                        }
                        removeListener(progressListener);
                        ArrayList arrayList = new ArrayList();
                        if (this.securitySession.getRootNode().hasProperty(REP_MIGRATED_WSP_NAMES)) {
                            arrayList.addAll(Arrays.asList(this.securitySession.getRootNode().getProperty(REP_MIGRATED_WSP_NAMES).getValues()));
                        }
                        arrayList.add(this.securitySession.getValueFactory().createValue(workspace.getName()));
                        this.securitySession.getRootNode().setProperty(REP_MIGRATED_WSP_NAMES, (Value[]) arrayList.toArray(new Value[arrayList.size()]));
                        this.securitySession.save();
                        this.userMgr.autoSave(isAutoSave);
                        this.session.logout();
                    } catch (Throwable th) {
                        session.logout();
                        throw th;
                    }
                } catch (Throwable th2) {
                    removeListener(progressListener);
                    throw th2;
                }
            } catch (Throwable th3) {
                this.userMgr.autoSave(isAutoSave);
                this.session.logout();
                throw th3;
            }
        }
    }

    public void addListener(ProgressListener progressListener) {
        this.listeners.add(progressListener);
    }

    public void removeListener(ProgressListener progressListener) {
        this.listeners.remove(progressListener);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void copyProperties(Node node, Authorizable authorizable) throws RepositoryException {
        Iterator it = new PropertyIterable(node.getProperties()).iterator();
        while (it.hasNext()) {
            Property property = (Property) it.next();
            if (!property.getDefinition().isProtected() && property.getType() != 9) {
                String name = property.getName();
                try {
                    if (property.isMultiple()) {
                        authorizable.setProperty(name, property.getValues());
                    } else {
                        authorizable.setProperty(name, property.getValue());
                    }
                } catch (ConstraintViolationException e) {
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void deleteAuthorizableNode(String str) throws RepositoryException {
        try {
            try {
                this.session.getNodeByIdentifier(UUID.nameUUIDFromBytes(str.getBytes("UTF-8")).toString()).remove();
                this.session.save();
            } catch (ItemNotFoundException e) {
            }
        } catch (UnsupportedEncodingException e2) {
            throw new RepositoryException(e2);
        }
    }

    private String getGroupsHome() {
        return getUserManagerConfig().getParameters().getProperty("groupsPath");
    }

    private String getUsersHome() {
        return getUserManagerConfig().getParameters().getProperty("usersPath");
    }

    private UserManagerConfig getUserManagerConfig() {
        return this.repository.getConfig().getSecurityConfig().getSecurityManagerConfig().getUserManagerConfig();
    }

    protected static String getRelativeHomePath(String str) {
        String str2 = "0-9";
        char lowerCase = Character.toLowerCase(str.charAt(0));
        if (lowerCase >= 'a' && lowerCase <= 'z') {
            str2 = String.valueOf(lowerCase);
        }
        return str2 + "/" + str;
    }

    protected static String getIntermediatePath(Node node, String str) throws RepositoryException {
        String[] explode = Text.explode(node.getPath(), 47);
        int length = Text.explode(str, 47).length;
        String[] strArr = new String[explode.length - (length + 1)];
        if (strArr.length == 0) {
            return "";
        }
        System.arraycopy(explode, length, strArr, 0, strArr.length);
        return Text.implode(strArr, "/");
    }

    protected void restoreHome(Authorizable authorizable, String str, Node node) throws RepositoryException {
        ItemBasedPrincipal principal = authorizable.getPrincipal();
        if (!(principal instanceof ItemBasedPrincipal)) {
            log.error("Migration of existing home node failed. Cannot get path for authorizable {}. Principal is not item based.", authorizable.getID());
            return;
        }
        String path = principal.getPath();
        Session session = node.getSession();
        if (!session.nodeExists(path)) {
            log.warn("Unable to get user node for principal {}", principal.getName());
            return;
        }
        Node node2 = session.getNode(path);
        String substring = path.substring(str.length() + 1);
        if (!node.hasNode(substring)) {
            substring = getRelativeHomePath(authorizable.getID());
            if (!node.hasNode(substring)) {
                if (authorizable.hasProperty(REP_ID)) {
                    Value[] property = authorizable.getProperty(REP_ID);
                    if (property.length > 0) {
                        substring = getRelativeHomePath(property[0].getString());
                    }
                }
                if (!node.hasNode(substring)) {
                    log.info("No previous home node found for {}", node2.getPath());
                    return;
                }
            }
        }
        Node node3 = node.getNode(substring);
        boolean z = false;
        try {
            log.info("Restoring previous home content for {}", node2.getPath());
            restoreHome(node3, node2);
            session.save();
            z = true;
            if (1 == 0) {
                session.refresh(false);
            }
        } catch (Throwable th) {
            if (!z) {
                session.refresh(false);
            }
            throw th;
        }
    }

    protected static void restoreHome(Node node, Node node2) throws RepositoryException {
        Session session = node.getSession();
        NodeTypeManager nodeTypeManager = session.getWorkspace().getNodeTypeManager();
        PropertyIterator properties = node.getProperties();
        while (properties.hasNext()) {
            copy(properties.nextProperty(), node2);
        }
        node2.setProperty(SLING_RESOURCE_TYPE, REP_USER);
        NodeIterator nodes = node.getNodes();
        while (nodes.hasNext()) {
            Node nextNode = nodes.nextNode();
            if (!nextNode.getDefinition().isProtected()) {
                String string = nextNode.getProperty("jcr:primaryType").getString();
                if (nodeTypeManager.hasNodeType(string) && !string.equals(CQ_MIRROR_USER) && !string.equals(CQ_MIRROR_GROUP)) {
                    session.move(nextNode.getPath(), node2.getPath() + "/" + nextNode.getName());
                }
            }
        }
        AccessControlManager accessControlManager = session.getAccessControlManager();
        JackrabbitAccessControlList aCLFromPolicies = getACLFromPolicies(accessControlManager.getPolicies(node.getPath()));
        if (aCLFromPolicies == null) {
            return;
        }
        JackrabbitAccessControlList aCLFromPolicies2 = getACLFromPolicies(accessControlManager.getPolicies(node2.getPath()));
        if (aCLFromPolicies2 == null) {
            AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(node2.getPath());
            while (applicablePolicies.hasNext()) {
                aCLFromPolicies2 = getACLFromPolicies(applicablePolicies.nextAccessControlPolicy());
                if (aCLFromPolicies2 != null) {
                    break;
                }
            }
        }
        if (aCLFromPolicies2 == null) {
            return;
        }
        HashSet hashSet = new HashSet();
        for (AccessControlEntry accessControlEntry : aCLFromPolicies2.getAccessControlEntries()) {
            hashSet.add(accessControlEntry.getPrincipal().getName());
        }
        for (JackrabbitAccessControlEntry jackrabbitAccessControlEntry : aCLFromPolicies.getAccessControlEntries()) {
            if (!hashSet.contains(jackrabbitAccessControlEntry.getPrincipal().getName())) {
                aCLFromPolicies2.addEntry(new UnknownPrincipal(jackrabbitAccessControlEntry.getPrincipal().getName()), jackrabbitAccessControlEntry.getPrivileges(), jackrabbitAccessControlEntry instanceof JackrabbitAccessControlEntry ? jackrabbitAccessControlEntry.isAllow() : true, getRestrictions(jackrabbitAccessControlEntry));
            }
        }
        accessControlManager.setPolicy(node2.getPath(), aCLFromPolicies2);
    }

    protected static Map<String, Value> getRestrictions(AccessControlEntry accessControlEntry) {
        HashMap hashMap = new HashMap();
        if (accessControlEntry instanceof JackrabbitAccessControlEntry) {
            JackrabbitAccessControlEntry jackrabbitAccessControlEntry = (JackrabbitAccessControlEntry) accessControlEntry;
            for (String str : jackrabbitAccessControlEntry.getRestrictionNames()) {
                hashMap.put(str, jackrabbitAccessControlEntry.getRestriction(str));
            }
        }
        return hashMap;
    }

    protected static JackrabbitAccessControlList getACLFromPolicies(AccessControlPolicy... accessControlPolicyArr) throws RepositoryException {
        for (AccessControlPolicy accessControlPolicy : accessControlPolicyArr) {
            if (accessControlPolicy instanceof JackrabbitAccessControlList) {
                return (JackrabbitAccessControlList) accessControlPolicy;
            }
        }
        return null;
    }

    public static Property copy(Property property, Node node) throws RepositoryException {
        if (property.getDefinition().isProtected()) {
            return null;
        }
        String name = property.getName();
        if (node.hasProperty(name)) {
            return null;
        }
        return property.getDefinition().isMultiple() ? node.setProperty(name, property.getValues()) : node.setProperty(name, property.getValue());
    }

    protected void notifyMigrated(Authorizable authorizable, String str) {
        Iterator<ProgressListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().migrated(authorizable, str);
        }
    }

    protected void traverse(Node node, String str, Task task) throws RepositoryException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(node.getProperty("jcr:primaryType").getString());
        if (node.hasProperty("jcr:mixinTypes")) {
            for (Value value : node.getProperty("jcr:mixinTypes").getValues()) {
                arrayList.add(value.getString());
            }
        }
        Iterator it = arrayList.iterator();
        while (true) {
            if (it.hasNext()) {
                if (((String) it.next()).equals(str)) {
                    task.run(node);
                    break;
                }
            } else {
                break;
            }
        }
        NodeIterator nodes = node.getNodes();
        while (nodes.hasNext()) {
            traverse(nodes.nextNode(), str, task);
        }
    }

    protected String getGroupPrincipalName(Node node) throws RepositoryException {
        String str = null;
        if (node.hasProperty(this.resolver.getJCRName(P_PRINCIPAL_NAME))) {
            str = node.getProperty(this.resolver.getJCRName(P_PRINCIPAL_NAME)).getString();
        }
        if (str == null && node.hasProperty(REP_ID)) {
            str = node.getProperty(REP_ID).getString();
        }
        if (str == null) {
            str = Text.unescapeIllegalJcrChars(node.getName());
        }
        return str;
    }

    protected String getUserPrincipalName(Node node) throws RepositoryException {
        String string = node.getProperty(REP_USER_ID).getString();
        String str = null;
        if (node.hasProperty(this.resolver.getJCRName(P_PRINCIPAL_NAME))) {
            str = node.getProperty(this.resolver.getJCRName(P_PRINCIPAL_NAME)).getString();
        }
        if (str == null) {
            str = string;
        }
        return str;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v42, types: [java.io.InputStream] */
    static {
        FileInputStream fileInputStream = null;
        String property = System.getProperty("crx.security.migration.config");
        if (property != null) {
            try {
                fileInputStream = new FileInputStream(property);
            } catch (FileNotFoundException e) {
                log.warn("{} does not exist. Using default security migration config.", property);
            }
        }
        if (fileInputStream == null) {
            fileInputStream = CRXSecurityMigration.class.getResourceAsStream("security_migration.properties");
        }
        try {
            Properties properties = new Properties();
            properties.load(fileInputStream);
            for (Map.Entry entry : properties.entrySet()) {
                String str = (String) entry.getKey();
                ArrayList arrayList = new ArrayList();
                for (String str2 : Text.explode((String) entry.getValue(), 44)) {
                    arrayList.add(str2.trim());
                }
                ACT2PRIV.put(str, arrayList);
            }
        } catch (IOException e2) {
            throw ((Error) new InternalError().initCause(e2));
        }
    }
}
