package de.valtech.aecu.core.groovy.console.bindings.accessrights;

import com.day.cq.replication.Replicator;
import com.day.cq.security.util.CqActions;
import com.day.cq.wcm.api.PageManager;
import java.security.Principal;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.PersistenceException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/valtech/aecu/core/groovy/console/bindings/accessrights/AccessValidatorContext.class */
public class AccessValidatorContext {
    private static final Logger LOG = LoggerFactory.getLogger(AccessValidatorContext.class);
    private ResourceResolverFactory resourceResolverFactory;
    private ResourceResolver adminResolver;
    private Session adminSession;
    private CqActions cqActions;
    private PageManager adminPageManager;
    private UserManager adminUserManager;
    private Replicator replicator;
    private Map<String, Set<Principal>> principalCache = new HashMap();
    private Map<Group, TestUser> testUsers = new HashMap();

    /* loaded from: input_file:de/valtech/aecu/core/groovy/console/bindings/accessrights/AccessValidatorContext$TestUser.class */
    public static class TestUser {
        private Group group;
        private User user;
        private ResourceResolver resolver;

        public TestUser(User user, Group group, ResourceResolver resourceResolver) {
            this.user = user;
            this.group = group;
            this.resolver = resourceResolver;
        }

        public Group getGroup() {
            return this.group;
        }

        public User getUser() {
            return this.user;
        }

        public ResourceResolver getResolver() {
            return this.resolver;
        }
    }

    public AccessValidatorContext(ResourceResolverFactory resourceResolverFactory, ResourceResolver resourceResolver, Replicator replicator) throws RepositoryException {
        this.resourceResolverFactory = resourceResolverFactory;
        this.adminResolver = resourceResolver;
        this.adminSession = (Session) resourceResolver.adaptTo(Session.class);
        this.cqActions = new CqActions(this.adminSession);
        this.adminPageManager = (PageManager) resourceResolver.adaptTo(PageManager.class);
        this.adminUserManager = (UserManager) resourceResolver.adaptTo(UserManager.class);
        this.replicator = replicator;
    }

    public ResourceResolver getAdminResolver() {
        return this.adminResolver;
    }

    public Session getAdminSession() {
        return this.adminSession;
    }

    public CqActions getCqActions() {
        return this.cqActions;
    }

    public PageManager getAdminPageManager() {
        return this.adminPageManager;
    }

    public Replicator getReplicator() {
        return this.replicator;
    }

    public Set<Principal> getPrincipals(Authorizable authorizable) {
        String id;
        HashSet hashSet = new HashSet();
        try {
            id = authorizable.getID();
        } catch (RepositoryException e) {
            LOG.error("Error resolving principals", e);
        }
        if (this.principalCache.containsKey(id)) {
            return this.principalCache.get(id);
        }
        Principal principal = authorizable.getPrincipal();
        hashSet.add(principal);
        PrincipalIterator groupMembership = getAdminSession().getPrincipalManager().getGroupMembership(principal);
        while (groupMembership.hasNext()) {
            hashSet.add(groupMembership.nextPrincipal());
        }
        this.principalCache.put(id, hashSet);
        return hashSet;
    }

    public TestUser getTestUserForGroup(Group group) {
        if (this.testUsers.containsKey(group)) {
            return this.testUsers.get(group);
        }
        try {
            String generateUserId = generateUserId();
            String generateUserPassword = generateUserPassword();
            TestUser testUser = new TestUser(createTestUser(group, generateUserId, generateUserPassword), group, login(generateUserId, generateUserPassword));
            this.testUsers.put(group, testUser);
            return testUser;
        } catch (PersistenceException | RepositoryException | LoginException e) {
            LOG.error("Unable to create temporary test user", e);
            return null;
        }
    }

    private String generateUserId() {
        return "aecu-testuser-" + System.currentTimeMillis() + "_" + new SecureRandom().nextLong();
    }

    private String generateUserPassword() {
        byte[] bArr = new byte[10];
        new SecureRandom().nextBytes(bArr);
        return System.currentTimeMillis() + "_" + Base64.getEncoder().encodeToString(bArr);
    }

    private ResourceResolver login(String str, String str2) throws LoginException {
        HashMap hashMap = new HashMap();
        hashMap.put("user.name", str);
        hashMap.put("user.password", str2.toCharArray());
        return this.resourceResolverFactory.getResourceResolver(hashMap);
    }

    private User createTestUser(Group group, String str, String str2) throws RepositoryException, PersistenceException {
        User createUser = this.adminUserManager.createUser(str, str2);
        this.adminResolver.commit();
        group.addMember(createUser);
        this.adminResolver.commit();
        return createUser;
    }

    public void cleanup() {
        this.adminResolver.revert();
        for (TestUser testUser : this.testUsers.values()) {
            if (testUser.resolver != null) {
                testUser.resolver.revert();
                testUser.resolver.close();
            }
            try {
                this.adminResolver.refresh();
                testUser.group.removeMember(testUser.user);
                testUser.user.remove();
                this.adminResolver.commit();
            } catch (RepositoryException | PersistenceException e) {
                LOG.error("Unable to delete temporary user", e);
                this.adminResolver.revert();
            }
        }
    }
}
