package org.liveSense.service.securityManager;

import java.io.UnsupportedEncodingException;
import java.lang.reflect.InvocationTargetException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.commons.lang.StringUtils;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.security.principal.EveryonePrincipal;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.liveSense.core.Configurator;
import org.liveSense.core.PasswordDigester;
import org.liveSense.core.wrapper.GenericValue;
import org.liveSense.service.securityManager.exceptions.GroupAlreadyExistsException;
import org.liveSense.service.securityManager.exceptions.GroupNotExistsException;
import org.liveSense.service.securityManager.exceptions.InternalException;
import org.liveSense.service.securityManager.exceptions.PrincipalIsNotGroupException;
import org.liveSense.service.securityManager.exceptions.PrincipalIsNotUserException;
import org.liveSense.service.securityManager.exceptions.PrincipalNotExistsException;
import org.liveSense.service.securityManager.exceptions.UserAlreadyExistsException;
import org.liveSense.service.securityManager.exceptions.UserNotExistsException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service({SecurityManagerService.class})
@Component(label = "%service.name", description = "%service.description", immediate = true)
/* loaded from: input_file:org/liveSense/service/securityManager/SecurityManagerServiceImpl.class */
public class SecurityManagerServiceImpl implements SecurityManagerService {
    private final Logger log = LoggerFactory.getLogger(SecurityManagerServiceImpl.class);

    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY, policy = ReferencePolicy.DYNAMIC)
    private SlingRepository repository;

    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY, policy = ReferencePolicy.DYNAMIC)
    Configurator configurator;

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public SlingRepository getRepository() throws RepositoryException {
        if (this.repository == null) {
            throw new RepositoryException("Repository is null");
        }
        return this.repository;
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public User addUser(Session session, String str, String str2, Map<String, Object> map) throws UserAlreadyExistsException, InternalException {
        try {
            try {
                UserManager userManager = AccessControlUtil.getUserManager(session);
                if (userManager.getAuthorizable(str) != null) {
                    throw new UserAlreadyExistsException("A principal already exists with the requested name: " + str);
                }
                User createUser = userManager.createUser(str, new PasswordDigester(str2, this.configurator.getDigest(), this.configurator.getEncoding()).toString());
                for (String str3 : map.keySet()) {
                    if (map.get(str3) != null) {
                        GenericValue genericValueFromObject = GenericValue.getGenericValueFromObject(map.get(str3));
                        if (genericValueFromObject.isMultiValue()) {
                            createUser.setProperty(str3, genericValueFromObject.getValues());
                        } else {
                            createUser.setProperty(str3, genericValueFromObject.get());
                        }
                    }
                }
                return createUser;
            } catch (UnsupportedEncodingException e) {
                throw new InternalException(e);
            } catch (NoSuchAlgorithmException e2) {
                throw new InternalException(e2);
            }
        } catch (IllegalArgumentException e3) {
            throw new InternalException(e3);
        } catch (RepositoryException e4) {
            throw new InternalException("Repository exception", e4);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public Group addGroup(Session session, final String str, Map<String, Object> map) throws GroupAlreadyExistsException, InternalException {
        try {
            UserManager userManager = AccessControlUtil.getUserManager(session);
            if (userManager.getAuthorizable(str) != null) {
                throw new GroupAlreadyExistsException("A principal already exists with the requested name: " + str);
            }
            Group createGroup = userManager.createGroup(new Principal() { // from class: org.liveSense.service.securityManager.SecurityManagerServiceImpl.1
                @Override // java.security.Principal
                public String getName() {
                    return str;
                }
            });
            if (map != null) {
                for (String str2 : map.keySet()) {
                    if (map.get(str2) != null) {
                        GenericValue genericValueFromObject = GenericValue.getGenericValueFromObject(map.get(str2));
                        if (genericValueFromObject.isMultiValue()) {
                            createGroup.setProperty(str2, genericValueFromObject.getValues());
                        } else {
                            createGroup.setProperty(str2, genericValueFromObject.get());
                        }
                    }
                }
            }
            return createGroup;
        } catch (IllegalArgumentException e) {
            throw new InternalException(e);
        } catch (RepositoryException e2) {
            throw new InternalException("Repository exception", e2);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public void deleteGroupByName(Session session, String str) throws GroupNotExistsException, InternalException, PrincipalIsNotGroupException {
        try {
            Authorizable authorizable = AccessControlUtil.getUserManager(session).getAuthorizable(str);
            if (authorizable == null) {
                throw new GroupNotExistsException("Group does not exist with the requested name: " + str);
            }
            if (!authorizable.isGroup()) {
                throw new PrincipalIsNotGroupException("Principal is not a group: " + str);
            }
            authorizable.remove();
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public void deleteUserByName(Session session, String str) throws UserNotExistsException, InternalException, PrincipalIsNotUserException {
        try {
            Authorizable authorizable = AccessControlUtil.getUserManager(session).getAuthorizable(str);
            if (authorizable == null) {
                throw new UserNotExistsException("User does not exist with the requested name: " + str);
            }
            if (authorizable.isGroup()) {
                throw new PrincipalIsNotUserException("Principal is not a user: " + str);
            }
            authorizable.remove();
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public Group getGroupByName(Session session, String str) throws GroupNotExistsException, InternalException, PrincipalIsNotGroupException {
        try {
            Group authorizable = AccessControlUtil.getUserManager(session).getAuthorizable(str);
            if (authorizable == null) {
                throw new GroupNotExistsException("Group does not exist: " + str);
            }
            if (authorizable.isGroup()) {
                return authorizable;
            }
            throw new PrincipalIsNotGroupException("Principal is not group: " + str);
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public User getUserByName(Session session, String str) throws UserNotExistsException, InternalException, PrincipalIsNotUserException {
        try {
            User authorizable = AccessControlUtil.getUserManager(session).getAuthorizable(str);
            if (authorizable == null) {
                throw new UserNotExistsException("Group does not exist: " + str);
            }
            if (authorizable.isGroup()) {
                throw new PrincipalIsNotUserException("Principal is not user: " + str);
            }
            return authorizable;
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public Authorizable getAuthorizableByName(Session session, String str) throws PrincipalNotExistsException, InternalException {
        try {
            Authorizable authorizable = AccessControlUtil.getUserManager(session).getAuthorizable(str);
            if (authorizable == null) {
                throw new PrincipalNotExistsException("Principal does not exist: " + str);
            }
            return authorizable;
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public void changePasswordByName(Session session, String str, String str2) throws UserNotExistsException, PrincipalIsNotUserException, InternalException {
        try {
            User authorizable = AccessControlUtil.getUserManager(session).getAuthorizable(str);
            if (authorizable == null) {
                throw new UserNotExistsException("User does not exist: " + str);
            }
            if (authorizable.isGroup()) {
                throw new PrincipalIsNotUserException("Principal is not user: " + str);
            }
            User user = authorizable;
            user.changePassword(str2);
            user.setProperty("jcr:Password", GenericValue.getGenericValueFromObject(str2).get());
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public List<Group> getEffectiveMemberOfByName(Session session, String str) throws PrincipalNotExistsException, InternalException {
        ArrayList arrayList = new ArrayList();
        try {
            Authorizable authorizable = AccessControlUtil.getUserManager(session).getAuthorizable(str);
            if (authorizable == null) {
                throw new PrincipalNotExistsException("Principal does not exist: " + str);
            }
            Iterator memberOf = authorizable.memberOf();
            while (memberOf.hasNext()) {
                arrayList.add(memberOf.next());
            }
            return arrayList;
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public List<Group> getDeclaredMemberOfByName(Session session, String str) throws PrincipalNotExistsException, InternalException {
        ArrayList arrayList = new ArrayList();
        try {
            Authorizable authorizable = AccessControlUtil.getUserManager(session).getAuthorizable(str);
            if (authorizable == null) {
                throw new PrincipalNotExistsException("Principal does not exist: " + str);
            }
            Iterator declaredMemberOf = authorizable.declaredMemberOf();
            while (declaredMemberOf.hasNext()) {
                arrayList.add(declaredMemberOf.next());
            }
            return arrayList;
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public List<Authorizable> getEffectiveMembersByName(Session session, String str) throws InternalException, PrincipalIsNotGroupException, GroupNotExistsException {
        HashSet hashSet = new HashSet();
        try {
            Group authorizable = AccessControlUtil.getUserManager(session).getAuthorizable(str);
            if (authorizable == null) {
                throw new GroupNotExistsException("Group does not exist: " + str);
            }
            if (!authorizable.isGroup()) {
                throw new PrincipalIsNotGroupException("Principal is not a group: " + str);
            }
            Iterator members = authorizable.getMembers();
            while (members.hasNext()) {
                Group group = (Group) members.next();
                hashSet.addAll(getEffectiveMembersByName(session, group.getID()));
                hashSet.add(group);
            }
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(hashSet);
            return arrayList;
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public List<Authorizable> getDeclaredMembersByName(Session session, String str) throws InternalException, PrincipalIsNotGroupException, GroupNotExistsException {
        ArrayList arrayList = new ArrayList();
        try {
            Group authorizable = AccessControlUtil.getUserManager(session).getAuthorizable(str);
            if (authorizable == null) {
                throw new GroupNotExistsException("Group does not exist: " + str);
            }
            if (!authorizable.isGroup()) {
                throw new PrincipalIsNotGroupException("Principal is not a group: " + str);
            }
            Iterator declaredMembers = authorizable.getDeclaredMembers();
            while (declaredMembers.hasNext()) {
                arrayList.add(authorizable);
            }
            return arrayList;
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public Map<String, GenericValue> getPrincipalPropertiesByName(Session session, String str) throws PrincipalNotExistsException, InternalException {
        HashMap hashMap = new HashMap();
        try {
            Authorizable authorizable = AccessControlUtil.getUserManager(session).getAuthorizable(str);
            if (authorizable == null) {
                throw new PrincipalNotExistsException("Principal does not exist: " + str);
            }
            Iterator propertyNames = authorizable.getPropertyNames();
            while (propertyNames.hasNext()) {
                String str2 = (String) propertyNames.next();
                hashMap.put(str2, GenericValue.getGenericValueFromObject(authorizable.getProperty(str2)));
            }
            return hashMap;
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public void modifyPrincipalPropertiesByName(Session session, String str, Map<String, GenericValue> map) throws UserNotExistsException, InternalException, PrincipalIsNotUserException {
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public SerializablePrivilege[] getSupportedPrivileges(Node node) throws InternalException {
        try {
            return getSupportedPrivileges(node.getSession(), node.getPath());
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public SerializablePrivilege[] getSupportedPrivileges(Session session, String str) throws InternalException {
        try {
            return SerializablePrivilege.fromPrivilegeArray(AccessControlUtil.getAccessControlManager(session).getSupportedPrivileges(str));
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception: " + str, e);
        } catch (UnsupportedRepositoryOperationException e2) {
            throw new InternalException("Unsupported operation: " + str, e2);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public Map<Principal, AccessRights> getDeclaredAccessRights(Node node) throws InternalException {
        try {
            return getDeclaredAccessRights(node.getSession(), node.getPath());
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public Map<Principal, AccessRights> getDeclaredAccessRights(Session session, String str) throws InternalException {
        try {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            AccessControlEntry[] declaredAccessControlEntries = getDeclaredAccessControlEntries(session, str);
            if (declaredAccessControlEntries != null) {
                for (AccessControlEntry accessControlEntry : declaredAccessControlEntries) {
                    Principal principal = accessControlEntry.getPrincipal();
                    AccessRights accessRights = (AccessRights) linkedHashMap.get(principal);
                    if (accessRights == null) {
                        accessRights = new AccessRightsImpl();
                        linkedHashMap.put(principal, accessRights);
                    }
                    if (AccessControlUtil.isAllow(accessControlEntry)) {
                        for (Privilege privilege : accessControlEntry.getPrivileges()) {
                            accessRights.getGranted().add(new SerializablePrivilege(privilege));
                        }
                    } else {
                        for (Privilege privilege2 : accessControlEntry.getPrivileges()) {
                            accessRights.getDenied().add(new SerializablePrivilege(privilege2));
                        }
                    }
                }
            }
            return linkedHashMap;
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    private AccessControlEntry[] getDeclaredAccessControlEntries(Session session, String str) throws RepositoryException {
        for (AccessControlList accessControlList : AccessControlUtil.getAccessControlManager(session).getPolicies(str)) {
            if (accessControlList instanceof AccessControlList) {
                return accessControlList.getAccessControlEntries();
            }
        }
        return new AccessControlEntry[0];
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public AccessRights getDeclaredAccessRightsForPrincipal(Node node, String str) throws InternalException {
        try {
            return getDeclaredAccessRightsForPrincipal(node.getSession(), node.getPath(), str);
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public AccessRights getDeclaredAccessRightsForPrincipal(Session session, String str, String str2) throws InternalException {
        try {
            AccessRightsImpl accessRightsImpl = new AccessRightsImpl();
            if (str2 != null && str2.length() > 0) {
                for (AccessControlList accessControlList : AccessControlUtil.getAccessControlManager(session).getPolicies(str)) {
                    if (accessControlList instanceof AccessControlList) {
                        for (AccessControlEntry accessControlEntry : accessControlList.getAccessControlEntries()) {
                            if (str2.equals(accessControlEntry.getPrincipal().getName())) {
                                if (AccessControlUtil.isAllow(accessControlEntry)) {
                                    for (Privilege privilege : accessControlEntry.getPrivileges()) {
                                        accessRightsImpl.getGranted().add(new SerializablePrivilege(privilege));
                                    }
                                } else {
                                    for (Privilege privilege2 : accessControlEntry.getPrivileges()) {
                                        accessRightsImpl.getDenied().add(new SerializablePrivilege(privilege2));
                                    }
                                }
                            }
                        }
                    }
                }
            }
            return accessRightsImpl;
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception: " + str, e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public Map<Principal, AccessRights> getEffectiveAccessRights(Node node) throws InternalException {
        try {
            return getEffectiveAccessRights(node.getSession(), node.getPath());
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public Map<Principal, AccessRights> getEffectiveAccessRights(Session session, String str) throws InternalException {
        try {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            AccessControlEntry[] effectiveAccessControlEntries = getEffectiveAccessControlEntries(session, str);
            if (effectiveAccessControlEntries != null) {
                for (AccessControlEntry accessControlEntry : effectiveAccessControlEntries) {
                    Principal principal = accessControlEntry.getPrincipal();
                    AccessRights accessRights = (AccessRights) linkedHashMap.get(principal);
                    if (accessRights == null) {
                        accessRights = new AccessRightsImpl();
                        linkedHashMap.put(principal, accessRights);
                    }
                    if (AccessControlUtil.isAllow(accessControlEntry)) {
                        for (Privilege privilege : accessControlEntry.getPrivileges()) {
                            accessRights.getGranted().add(new SerializablePrivilege(privilege));
                        }
                    } else {
                        for (Privilege privilege2 : accessControlEntry.getPrivileges()) {
                            accessRights.getDenied().add(new SerializablePrivilege(privilege2));
                        }
                    }
                }
            }
            return linkedHashMap;
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception: ", e);
        }
    }

    private AccessControlEntry[] getEffectiveAccessControlEntries(Session session, String str) throws RepositoryException {
        for (AccessControlList accessControlList : AccessControlUtil.getAccessControlManager(session).getEffectivePolicies(str)) {
            if (accessControlList instanceof AccessControlList) {
                return accessControlList.getAccessControlEntries();
            }
        }
        return new AccessControlEntry[0];
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public AccessRights getEffectiveAccessRightsForPrincipal(Node node, String str) throws InternalException {
        try {
            return getEffectiveAccessRightsForPrincipal(node.getSession(), node.getPath(), str);
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public AccessRights getEffectiveAccessRightsForPrincipal(Session session, String str, String str2) throws InternalException {
        AccessRightsImpl accessRightsImpl = new AccessRightsImpl();
        if (str2 != null && str2.length() > 0) {
            try {
                for (AccessControlList accessControlList : AccessControlUtil.getAccessControlManager(session).getEffectivePolicies(str)) {
                    if (accessControlList instanceof AccessControlList) {
                        for (AccessControlEntry accessControlEntry : accessControlList.getAccessControlEntries()) {
                            if (str2.equals(accessControlEntry.getPrincipal().getName())) {
                                if (AccessControlUtil.isAllow(accessControlEntry)) {
                                    for (Privilege privilege : accessControlEntry.getPrivileges()) {
                                        accessRightsImpl.getGranted().add(new SerializablePrivilege(privilege));
                                    }
                                } else {
                                    for (Privilege privilege2 : accessControlEntry.getPrivileges()) {
                                        accessRightsImpl.getDenied().add(new SerializablePrivilege(privilege2));
                                    }
                                }
                            }
                        }
                    }
                }
            } catch (RepositoryException e) {
                throw new InternalException("Repository exception", e);
            } catch (UnsupportedRepositoryOperationException e2) {
                throw new InternalException("Unsupported Operation Repository exception", e2);
            }
        }
        return accessRightsImpl;
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean canAddChildren(Node node) {
        try {
            return canAddChildren(node.getSession(), node.getPath());
        } catch (RepositoryException e) {
            return false;
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean canAddChildren(Session session, String str) {
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            return accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName(SerializablePrivilege.JCR_ADD_CHILD_NODES)});
        } catch (RepositoryException e) {
            return false;
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean canDeleteChildren(Node node) {
        try {
            return canDeleteChildren(node.getSession(), node.getPath());
        } catch (RepositoryException e) {
            return false;
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean canDeleteChildren(Session session, String str) {
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            return accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName(SerializablePrivilege.JCR_REMOVE_CHILD_NODES)});
        } catch (RepositoryException e) {
            return false;
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean canDelete(Node node) {
        try {
            return canDelete(node.getSession(), node.getPath());
        } catch (RepositoryException e) {
            return false;
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean canDelete(Session session, String str) {
        boolean z;
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            String substring = str.substring(0, str.lastIndexOf(47));
            if (accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName(SerializablePrivilege.JCR_REMOVE_NODE)})) {
                if (canDeleteChildren(session, substring)) {
                    z = true;
                    return z;
                }
            }
            z = false;
            return z;
        } catch (RepositoryException e) {
            return false;
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean canModifyProperties(Node node) {
        try {
            return canModifyProperties(node.getSession(), node.getPath());
        } catch (RepositoryException e) {
            return false;
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean canModifyProperties(Session session, String str) {
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            return accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName(SerializablePrivilege.JCR_MODIFY_PROPERTIES)});
        } catch (RepositoryException e) {
            return false;
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean canReadAccessControl(Node node) {
        try {
            return canReadAccessControl(node.getSession(), node.getPath());
        } catch (RepositoryException e) {
            return false;
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean canReadAccessControl(Session session, String str) {
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            return accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName(SerializablePrivilege.JCR_READ_ACCESS_CONTROL)});
        } catch (RepositoryException e) {
            return false;
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean canModifyAccessControl(Node node) {
        try {
            return canModifyAccessControl(node.getSession(), node.getPath());
        } catch (RepositoryException e) {
            return false;
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean canModifyAccessControl(Session session, String str) {
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            return accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName(SerializablePrivilege.JCR_MODIFY_ACCESS_CONTROL)});
        } catch (RepositoryException e) {
            return false;
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean canUpdateAuthorizable(Session session, String str) {
        try {
            Principal principal = AccessControlUtil.getPrincipalManager(session).getPrincipal(str);
            if (principal == null) {
                return false;
            }
            return canModifyProperties(session, getAuthorizableItemPath(principal));
        } catch (Exception e) {
            return false;
        }
    }

    private String getAuthorizableItemPath(Principal principal) throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
        return (String) principal.getClass().getMethod("getPath", new Class[0]).invoke(principal, new Object[0]);
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean canDeleteAuthorizable(Session session, String str) {
        try {
            Principal principal = AccessControlUtil.getPrincipalManager(session).getPrincipal(str);
            if (principal == null) {
                return false;
            }
            return canDelete(session, getAuthorizableItemPath(principal));
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public void setAclByName(Session session, String str, String str2, AccessRights accessRights) throws InternalException, PrincipalNotExistsException {
        Principal everyonePrincipal;
        try {
            UserManager userManager = AccessControlUtil.getUserManager(session);
            if (str.equalsIgnoreCase("everyone")) {
                everyonePrincipal = EveryonePrincipal.getInstance();
            } else {
                everyonePrincipal = userManager.getAuthorizable(str).getPrincipal();
                if (everyonePrincipal == null) {
                    throw new PrincipalNotExistsException("Principal does not exist: " + str);
                }
            }
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            AccessControlList accessControlList = null;
            AccessControlList[] policies = accessControlManager.getPolicies(str2);
            int length = policies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                AccessControlList accessControlList2 = policies[i];
                if (accessControlList2 instanceof AccessControlList) {
                    accessControlList = accessControlList2;
                    break;
                }
                i++;
            }
            if (accessControlList == null) {
                AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(str2);
                while (true) {
                    if (!applicablePolicies.hasNext()) {
                        break;
                    }
                    AccessControlPolicy nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
                    if (nextAccessControlPolicy instanceof AccessControlList) {
                        accessControlList = (AccessControlList) nextAccessControlPolicy;
                        break;
                    }
                }
            }
            if (accessControlList == null) {
                throw new RepositoryException("Could not obtain ACL for resource " + str2);
            }
            AccessControlEntry[] accessControlEntries = accessControlList.getAccessControlEntries();
            if (0 < accessControlEntries.length) {
                AccessControlEntry accessControlEntry = accessControlEntries[0];
                if (everyonePrincipal.equals(accessControlEntry.getPrincipal())) {
                    accessControlList.removeAccessControlEntry(accessControlEntry);
                }
            }
            if (accessRights.getGranted() != null && accessRights.getGranted().size() > 0) {
                SerializablePrivilege[] serializablePrivilegeArr = new SerializablePrivilege[accessRights.getGranted().size()];
                System.arraycopy(accessRights.getGranted().toArray(), 0, serializablePrivilegeArr, 0, accessRights.getGranted().size());
                if (!AccessControlUtil.addEntry(accessControlList, everyonePrincipal, PrivilegeFromSerializable.fromSerializableArray(accessControlManager, serializablePrivilegeArr), true)) {
                    throw new RepositoryException("Could not set granted rights for principal: " + everyonePrincipal);
                }
            }
            if (accessRights.getDenied() != null && accessRights.getDenied().size() > 0) {
                SerializablePrivilege[] serializablePrivilegeArr2 = new SerializablePrivilege[accessRights.getDenied().size()];
                System.arraycopy(accessRights.getDenied().toArray(), 0, serializablePrivilegeArr2, 0, accessRights.getDenied().size());
                if (!AccessControlUtil.addEntry(accessControlList, everyonePrincipal, PrivilegeFromSerializable.fromSerializableArray(accessControlManager, serializablePrivilegeArr2), false)) {
                    throw new RepositoryException("Could not set granted denied for principal: " + everyonePrincipal);
                }
            }
            accessControlManager.setPolicy(str2, accessControlList);
        } catch (RepositoryException e) {
            throw new InternalException("Repository exception", e);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public AccessRights getAclByName(Session session, String str, String str2) throws InternalException {
        AccessRightsImpl accessRightsImpl = new AccessRightsImpl();
        if (str != null) {
            try {
                if (str.length() > 0) {
                    for (AccessControlList accessControlList : AccessControlUtil.getAccessControlManager(session).getPolicies(str2)) {
                        if (accessControlList instanceof AccessControlList) {
                            for (AccessControlEntry accessControlEntry : accessControlList.getAccessControlEntries()) {
                                if (str.equals(accessControlEntry.getPrincipal().getName())) {
                                    if (AccessControlUtil.isAllow(accessControlEntry)) {
                                        for (Privilege privilege : accessControlEntry.getPrivileges()) {
                                            accessRightsImpl.getGranted().add(new SerializablePrivilege(privilege));
                                        }
                                    } else {
                                        for (Privilege privilege2 : accessControlEntry.getPrivileges()) {
                                            accessRightsImpl.getDenied().add(new SerializablePrivilege(privilege2));
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            } catch (RepositoryException e) {
                throw new InternalException("Repository exception", e);
            }
        }
        return accessRightsImpl;
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean addPrincipalToGroup(Session session, String str, String str2) throws InternalException, PrincipalNotExistsException, PrincipalIsNotGroupException {
        try {
            try {
                UserManager userManager = AccessControlUtil.getUserManager(session);
                Authorizable authorizable = userManager.getAuthorizable(str);
                if (authorizable == null) {
                    throw new PrincipalNotExistsException("A principal does not exist with the requested name: " + str);
                }
                Group authorizable2 = userManager.getAuthorizable(str2);
                if (authorizable2.isGroup()) {
                    return authorizable2.addMember(authorizable);
                }
                throw new PrincipalIsNotGroupException("Principal is not group: " + str2);
            } catch (IllegalArgumentException e) {
                throw new InternalException(e);
            }
        } catch (RepositoryException e2) {
            throw new InternalException("Repository exception", e2);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public boolean removePrincipalFromGroup(Session session, String str, String str2) throws InternalException, PrincipalNotExistsException, PrincipalIsNotGroupException {
        try {
            try {
                UserManager userManager = AccessControlUtil.getUserManager(session);
                Authorizable authorizable = userManager.getAuthorizable(str);
                if (authorizable == null) {
                    throw new PrincipalNotExistsException("A principal does not exist with the requested name: " + str);
                }
                Group authorizable2 = userManager.getAuthorizable(str2);
                if (authorizable2.isGroup()) {
                    return authorizable2.removeMember(authorizable);
                }
                throw new PrincipalIsNotGroupException("Principal is not group: " + str2);
            } catch (IllegalArgumentException e) {
                throw new InternalException(e);
            }
        } catch (RepositoryException e2) {
            throw new InternalException("Repository exception", e2);
        }
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public void createUserHome(Session session, String str) throws PrincipalIsNotUserException, InternalException, PrincipalNotExistsException {
        createUserHome(session, str, null);
    }

    @Override // org.liveSense.service.securityManager.SecurityManagerService
    public void createUserHome(Session session, String str, String str2) throws PrincipalIsNotUserException, InternalException, PrincipalNotExistsException {
        Node node;
        try {
            if (AccessControlUtil.getUserManager(session).getAuthorizable(str).isGroup()) {
                throw new PrincipalIsNotUserException("Principal is not user: " + str);
            }
            Node rootNode = session.getRootNode();
            if (StringUtils.isNotBlank(str2)) {
                rootNode = rootNode.getNode(str2);
            }
            if (rootNode.hasNode("home")) {
                node = rootNode.getNode("home");
            } else {
                node = rootNode.addNode("home");
                AccessRightsImpl accessRightsImpl = new AccessRightsImpl();
                accessRightsImpl.getDenied().add(new SerializablePrivilege(SerializablePrivilege.JCR_ALL));
                setAclByName(session, "everyone", node.getPath(), accessRightsImpl);
            }
            if (node.hasNode(str)) {
                node.getNode(str);
            } else {
                Node addNode = node.addNode(str);
                AccessRightsImpl accessRightsImpl2 = new AccessRightsImpl();
                accessRightsImpl2.getGranted().add(new SerializablePrivilege(SerializablePrivilege.JCR_ALL));
                setAclByName(session, str, addNode.getPath(), accessRightsImpl2);
            }
            if (session.hasPendingChanges()) {
                session.save();
            }
        } catch (IllegalArgumentException e) {
            throw new InternalException(e);
        } catch (RepositoryException e2) {
            throw new InternalException("Repository exception", e2);
        }
    }

    protected void bindRepository(SlingRepository slingRepository) {
        this.repository = slingRepository;
    }

    protected void unbindRepository(SlingRepository slingRepository) {
        if (this.repository == slingRepository) {
            this.repository = null;
        }
    }

    protected void bindConfigurator(Configurator configurator) {
        this.configurator = configurator;
    }

    protected void unbindConfigurator(Configurator configurator) {
        if (this.configurator == configurator) {
            this.configurator = null;
        }
    }
}
