package de.valtech.aecu.core.groovy.console.bindings.impl;

import com.day.cq.replication.ReplicationActionType;
import com.day.cq.replication.Replicator;
import com.icfolson.aem.groovy.console.api.context.ScriptContext;
import de.valtech.aecu.api.groovy.console.bindings.ValidateAccessRights;
import de.valtech.aecu.api.groovy.console.bindings.accessrights.AccessRightValidator;
import de.valtech.aecu.core.groovy.console.bindings.accessrights.AccessRightValidatorComparator;
import de.valtech.aecu.core.groovy.console.bindings.accessrights.AccessValidatorContext;
import de.valtech.aecu.core.groovy.console.bindings.accessrights.ValidateAccessRightsTable;
import de.valtech.aecu.core.groovy.console.bindings.accessrights.validators.page.CreatePageAccessValidator;
import de.valtech.aecu.core.groovy.console.bindings.accessrights.validators.page.DeletePageAccessValidator;
import de.valtech.aecu.core.groovy.console.bindings.accessrights.validators.page.ModifyPageAccessValidator;
import de.valtech.aecu.core.groovy.console.bindings.accessrights.validators.page.ReadPageAccessValidator;
import de.valtech.aecu.core.groovy.console.bindings.accessrights.validators.page.ReplicatePageAccessValidator;
import de.valtech.aecu.core.groovy.console.bindings.accessrights.validators.resource.CreateAccessValidator;
import de.valtech.aecu.core.groovy.console.bindings.accessrights.validators.resource.DeleteAccessValidator;
import de.valtech.aecu.core.groovy.console.bindings.accessrights.validators.resource.ModifyAccessValidator;
import de.valtech.aecu.core.groovy.console.bindings.accessrights.validators.resource.ReadAccessValidator;
import de.valtech.aecu.core.groovy.console.bindings.accessrights.validators.resource.ReadAclAccessValidator;
import de.valtech.aecu.core.groovy.console.bindings.accessrights.validators.resource.ReplicateAccessValidator;
import de.valtech.aecu.core.groovy.console.bindings.accessrights.validators.resource.WriteAclAccessValidator;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/valtech/aecu/core/groovy/console/bindings/impl/ValidateAccessRightsImpl.class */
public class ValidateAccessRightsImpl implements ValidateAccessRights {
    private static final Logger LOG = LoggerFactory.getLogger(ValidateAccessRightsImpl.class);
    private ResourceResolver resolver;
    private AccessValidatorContext context;
    private ScriptContext scriptContext;
    private Set<String> pathsToCheck = new HashSet();
    private Set<String> authorizablesToCheck = new HashSet();
    private List<AccessRightValidator> validators = new ArrayList();
    private Set<String> warnings = new LinkedHashSet();
    private boolean failOnError = false;

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:de/valtech/aecu/core/groovy/console/bindings/impl/ValidateAccessRightsImpl$ValidatorCreator.class */
    public interface ValidatorCreator {
        AccessRightValidator createValidator(Group group, Resource resource, boolean z);
    }

    public ValidateAccessRightsImpl(ResourceResolverFactory resourceResolverFactory, ResourceResolver resourceResolver, Replicator replicator, ScriptContext scriptContext) throws RepositoryException {
        this.resolver = resourceResolver;
        this.context = new AccessValidatorContext(resourceResolverFactory, resourceResolver, replicator);
        this.scriptContext = scriptContext;
    }

    public ValidateAccessRights forPaths(String... strArr) {
        this.pathsToCheck.clear();
        for (String str : strArr) {
            this.pathsToCheck.add(str);
        }
        return this;
    }

    public ValidateAccessRights forGroups(String... strArr) {
        this.authorizablesToCheck.clear();
        for (String str : strArr) {
            this.authorizablesToCheck.add(str);
        }
        return this;
    }

    private void addValidators(ValidatorCreator validatorCreator, boolean z) {
        List<Resource> resolveResources = resolveResources();
        for (Group group : resolveGroups()) {
            Iterator<Resource> it = resolveResources.iterator();
            while (it.hasNext()) {
                this.validators.add(validatorCreator.createValidator(group, it.next(), z));
            }
        }
    }

    public ValidateAccessRights canRead() {
        addValidators((group, resource, z) -> {
            return new ReadAccessValidator(group, resource, this.context, z);
        }, true);
        return this;
    }

    public ValidateAccessRights cannotRead() {
        addValidators((group, resource, z) -> {
            return new ReadAccessValidator(group, resource, this.context, z);
        }, false);
        return this;
    }

    public ValidateAccessRights canModify() {
        addValidators((group, resource, z) -> {
            return new ModifyAccessValidator(group, resource, this.context, z);
        }, true);
        return this;
    }

    public ValidateAccessRights cannotModify() {
        addValidators((group, resource, z) -> {
            return new ModifyAccessValidator(group, resource, this.context, z);
        }, false);
        return this;
    }

    public ValidateAccessRights canCreate() {
        addValidators((group, resource, z) -> {
            return new CreateAccessValidator(group, resource, this.context, z);
        }, true);
        return this;
    }

    public ValidateAccessRights cannotCreate() {
        addValidators((group, resource, z) -> {
            return new CreateAccessValidator(group, resource, this.context, z);
        }, false);
        return this;
    }

    public ValidateAccessRights canDelete() {
        addValidators((group, resource, z) -> {
            return new DeleteAccessValidator(group, resource, this.context, z);
        }, true);
        return this;
    }

    public ValidateAccessRights cannotDelete() {
        addValidators((group, resource, z) -> {
            return new DeleteAccessValidator(group, resource, this.context, z);
        }, false);
        return this;
    }

    public ValidateAccessRights canReplicate() {
        addValidators((group, resource, z) -> {
            return new ReplicateAccessValidator(group, resource, this.context, z);
        }, true);
        return this;
    }

    public ValidateAccessRights cannotReplicate() {
        addValidators((group, resource, z) -> {
            return new ReplicateAccessValidator(group, resource, this.context, z);
        }, false);
        return this;
    }

    public ValidateAccessRights canReadAcl() {
        addValidators((group, resource, z) -> {
            return new ReadAclAccessValidator(group, resource, this.context, z);
        }, true);
        return this;
    }

    public ValidateAccessRights cannotReadAcl() {
        addValidators((group, resource, z) -> {
            return new ReadAclAccessValidator(group, resource, this.context, z);
        }, false);
        return this;
    }

    public ValidateAccessRights canWriteAcl() {
        addValidators((group, resource, z) -> {
            return new WriteAclAccessValidator(group, resource, this.context, z);
        }, true);
        return this;
    }

    public ValidateAccessRights cannotWriteAcl() {
        addValidators((group, resource, z) -> {
            return new WriteAclAccessValidator(group, resource, this.context, z);
        }, false);
        return this;
    }

    public ValidateAccessRights canReadPage() {
        addValidators((group, resource, z) -> {
            return new ReadPageAccessValidator(group, resource, this.context, z);
        }, true);
        return this;
    }

    public ValidateAccessRights cannotReadPage() {
        addValidators((group, resource, z) -> {
            return new ReadPageAccessValidator(group, resource, this.context, z);
        }, false);
        return this;
    }

    public ValidateAccessRights canCreatePage(String str) {
        addValidators((group, resource, z) -> {
            return new CreatePageAccessValidator(group, resource, this.context, z, str);
        }, true);
        return this;
    }

    public ValidateAccessRights cannotCreatePage(String str) {
        addValidators((group, resource, z) -> {
            return new CreatePageAccessValidator(group, resource, this.context, z, str);
        }, false);
        return this;
    }

    public ValidateAccessRights canModifyPage() {
        addValidators((group, resource, z) -> {
            return new ModifyPageAccessValidator(group, resource, this.context, z);
        }, true);
        return this;
    }

    public ValidateAccessRights cannotModifyPage() {
        addValidators((group, resource, z) -> {
            return new ModifyPageAccessValidator(group, resource, this.context, z);
        }, false);
        return this;
    }

    public ValidateAccessRights canDeletePage() {
        addValidators((group, resource, z) -> {
            return new DeletePageAccessValidator(group, resource, this.context, z);
        }, true);
        return this;
    }

    public ValidateAccessRights cannotDeletePage() {
        addValidators((group, resource, z) -> {
            return new DeletePageAccessValidator(group, resource, this.context, z);
        }, false);
        return this;
    }

    public ValidateAccessRights canReplicatePage(ReplicationActionType replicationActionType) {
        addValidators((group, resource, z) -> {
            return new ReplicatePageAccessValidator(group, resource, this.context, z, replicationActionType);
        }, true);
        return this;
    }

    public ValidateAccessRights canReplicatePage() {
        addValidators((group, resource, z) -> {
            return new ReplicatePageAccessValidator(group, resource, this.context, z, ReplicationActionType.ACTIVATE);
        }, true);
        return this;
    }

    public ValidateAccessRights cannotReplicatePage() {
        addValidators((group, resource, z) -> {
            return new ReplicatePageAccessValidator(group, resource, this.context, z, ReplicationActionType.ACTIVATE);
        }, false);
        return this;
    }

    public ValidateAccessRights cannotReplicatePage(ReplicationActionType replicationActionType) {
        addValidators((group, resource, z) -> {
            return new ReplicatePageAccessValidator(group, resource, this.context, z, replicationActionType);
        }, false);
        return this;
    }

    public void validate(boolean z) {
        try {
            this.validators.sort(new AccessRightValidatorComparator());
            ValidateAccessRightsTable validateAccessRightsTable = new ValidateAccessRightsTable();
            Iterator<AccessRightValidator> it = this.validators.iterator();
            while (it.hasNext()) {
                validateAccessRightsTable.add(it.next(), z);
            }
            this.scriptContext.getPrintStream().append((CharSequence) (String.join("\n", this.warnings) + "\n" + validateAccessRightsTable.getText() + "\n\n"));
            if (validateAccessRightsTable.hasErrors() && this.failOnError) {
                throw new IllegalStateException("Rights check failed");
            }
        } finally {
            this.context.cleanup();
        }
    }

    public void validate() {
        validate(false);
    }

    public void simulate() {
        validate(true);
    }

    public ValidateAccessRights failOnError() {
        failOnError(true);
        return this;
    }

    public ValidateAccessRights failOnError(boolean z) {
        this.failOnError = z;
        return this;
    }

    private List<Group> resolveGroups() {
        ArrayList arrayList = new ArrayList();
        UserManager userManager = (UserManager) this.resolver.adaptTo(UserManager.class);
        for (String str : this.authorizablesToCheck) {
            try {
                Group authorizable = userManager.getAuthorizable(str);
                if (authorizable == null || !authorizable.isGroup()) {
                    this.warnings.add("Unable to resolve group " + str);
                } else {
                    arrayList.add(authorizable);
                }
            } catch (RepositoryException e) {
                String str2 = "Unable to resolve group " + str;
                LOG.warn(str2);
                this.warnings.add(str2);
            }
        }
        return arrayList;
    }

    private List<Resource> resolveResources() {
        ArrayList arrayList = new ArrayList();
        for (String str : this.pathsToCheck) {
            Resource resource = this.resolver.getResource(str);
            if (resource == null) {
                String str2 = "Unable to resolve path" + str;
                LOG.warn(str2);
                this.warnings.add(str2);
            } else {
                arrayList.add(resource);
            }
        }
        return arrayList;
    }
}
