package org.apache.sling.auth.saml2.impl;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.auth.saml2.Saml2User;
import org.apache.sling.auth.saml2.Saml2UserMgtService;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {Saml2UserMgtService.class}, immediate = true)
/* loaded from: input_file:org/apache/sling/auth/saml2/impl/Saml2UserMgtServiceImpl.class */
public class Saml2UserMgtServiceImpl implements Saml2UserMgtService {

    @Reference
    private ResourceResolverFactory resolverFactory;
    private ResourceResolver resourceResolver;
    private Session session;
    private UserManager userManager;
    private ValueFactory vf;
    private static Logger logger = LoggerFactory.getLogger(Saml2UserMgtServiceImpl.class);
    public static final String SERVICE_NAME = "Saml2UserMgtService";
    public static final String SERVICE_USER = "saml2-user-mgt";

    @Override // org.apache.sling.auth.saml2.Saml2UserMgtService
    public boolean setUp() {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("sling.service.subservice", SERVICE_NAME);
            this.resourceResolver = this.resolverFactory.getServiceResourceResolver(hashMap);
            if (Objects.isNull(getResourceResolver())) {
                logger.error("Could not setup Saml2UserMgtService. Problem with Service User.");
                return false;
            }
            logger.info(this.resourceResolver.getUserID());
            this.session = (Session) this.resourceResolver.adaptTo(Session.class);
            JackrabbitSession jackrabbitSession = this.session;
            if (Objects.isNull(jackrabbitSession)) {
                logger.error("Could not setup Saml2UserMgtService. JackrabbitSession was null.");
                return false;
            }
            this.userManager = jackrabbitSession.getUserManager();
            this.vf = this.session.getValueFactory();
            return true;
        } catch (LoginException e) {
            logger.error("Could not get SAML2 User Service \r\nCheck mapping org.apache.sling.auth.saml2:{}={}", new Object[]{SERVICE_NAME, SERVICE_USER, e});
            return false;
        } catch (RepositoryException e2) {
            logger.error("RepositoryException", e2);
            return false;
        }
    }

    ResourceResolver getResourceResolver() {
        return this.resourceResolver;
    }

    void setResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        this.resolverFactory = resourceResolverFactory;
    }

    ResourceResolverFactory getResolverFactory() {
        return this.resolverFactory;
    }

    @Override // org.apache.sling.auth.saml2.Saml2UserMgtService
    public void cleanUp() {
        this.resourceResolver.close();
        this.session = null;
        this.userManager = null;
        this.vf = null;
    }

    @Override // org.apache.sling.auth.saml2.Saml2UserMgtService
    public User getOrCreateSamlUser(Saml2User saml2User) {
        try {
            User authorizable = this.userManager.getAuthorizable(saml2User.getId());
            if (authorizable != null) {
                return authorizable;
            }
            User createUser = this.userManager.createUser(saml2User.getId(), (String) null);
            this.session.save();
            return createUser;
        } catch (RepositoryException e) {
            logger.error("Could not get User", e);
            return null;
        }
    }

    @Override // org.apache.sling.auth.saml2.Saml2UserMgtService
    public User getOrCreateSamlUser(Saml2User saml2User, String str) {
        try {
            User authorizable = this.userManager.getAuthorizable(saml2User.getId());
            if (authorizable != null) {
                return authorizable;
            }
            User createUser = this.userManager.createUser(saml2User.getId(), (String) null, new SimplePrincipal(saml2User.getId()), str);
            this.session.save();
            return createUser;
        } catch (RepositoryException e) {
            logger.error("Could not get User", e);
            return null;
        }
    }

    @Override // org.apache.sling.auth.saml2.Saml2UserMgtService
    public boolean updateGroupMembership(Saml2User saml2User) {
        try {
            User authorizable = this.userManager.getAuthorizable(saml2User.getId());
            Iterator findAuthorizables = this.userManager.findAuthorizables("jcr:primaryType", "rep:Group");
            while (findAuthorizables.hasNext()) {
                Group group = (Group) findAuthorizables.next();
                Value[] property = group.getProperty("managedGroup");
                if (property == null && saml2User.getGroupMembership().contains(group.getID())) {
                    group.setProperty("managedGroup", this.vf.createValue(true));
                    group.addMember(authorizable);
                } else if (property != null && property.length > 0 && property[0].getBoolean()) {
                    if (saml2User.getGroupMembership().contains(group.getID())) {
                        group.addMember(authorizable);
                    } else {
                        group.removeMember(authorizable);
                    }
                }
            }
            this.session.save();
            return true;
        } catch (RepositoryException e) {
            logger.error("RepositoryException", e);
            return false;
        }
    }

    @Override // org.apache.sling.auth.saml2.Saml2UserMgtService
    public boolean updateUserProperties(Saml2User saml2User) {
        try {
            User authorizable = this.userManager.getAuthorizable(saml2User.getId());
            for (Map.Entry<String, String> entry : saml2User.getUserProperties().entrySet()) {
                authorizable.setProperty(entry.getKey(), this.vf.createValue(entry.getValue()));
            }
            this.session.save();
            return true;
        } catch (RepositoryException e) {
            logger.error("User Properties could not synchronize", e);
            return false;
        }
    }
}
