package com.adobe.granite.security.user.servlets;

import com.adobe.granite.security.user.UserProperties;
import com.adobe.granite.security.user.UserPropertiesService;
import com.adobe.granite.security.user.util.AuthorizableJSONWriter;
import com.adobe.granite.security.user.util.ImpersonationNotifier;
import com.adobe.granite.security.user.util.PropConstants;
import com.adobe.granite.xss.XSSFilter;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.ServletException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Query;
import org.apache.jackrabbit.api.security.user.QueryBuilder;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.request.RequestParameterMap;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.servlets.HtmlResponse;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.io.JSONWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/security/user/servlets/ImpersonationServlet.class */
public class ImpersonationServlet extends AbstractServlet {
    private static final Logger log = LoggerFactory.getLogger(ImpersonationServlet.class);
    private static final String SELECTOR_IMPERSONATE = "impersonate";
    private static final String SELECTOR_IMPERSONATORS = "impersonators";
    private static final String PARAM_IMPERSONATE = "impersonate";
    private static final String SLING_PARAM_SUDO = "sudo=";
    private static final String SLING_PARAM_REDIRECT = "sling.auth.redirect=";
    private UserPropertiesService service;
    private XSSFilter xss;
    private ImpersonationNotifier notifier;

    protected void doGet(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        HtmlResponse htmlResponse = null;
        Resource resource = slingHttpServletRequest.getResource();
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        User user = (User) resource.adaptTo(User.class);
        UserManager userManager = (UserManager) resourceResolver.adaptTo(UserManager.class);
        try {
            try {
                try {
                    try {
                        if (user == null || userManager == null) {
                            htmlResponse = createErrorResponse(404, "Cannot resolve to user or user manager (" + resource.getPath() + ")");
                        } else {
                            Session session = (Session) resourceResolver.adaptTo(Session.class);
                            String str = slingHttpServletRequest.getRequestPathInfo().getSelectors()[0];
                            RequestParameterMap requestParameterMap = slingHttpServletRequest.getRequestParameterMap();
                            final String id = user.getID();
                            if ("impersonators".equals(str)) {
                                final String parameter = slingHttpServletRequest.getParameter("query");
                                final long nonNegativeValue = getNonNegativeValue(requestParameterMap, "offset", 0L);
                                final long nonNegativeValue2 = getNonNegativeValue(requestParameterMap, "max", -1L);
                                Iterator findAuthorizables = userManager.findAuthorizables(new Query() { // from class: com.adobe.granite.security.user.servlets.ImpersonationServlet.1
                                    public <T> void build(QueryBuilder<T> queryBuilder) {
                                        if (parameter == null) {
                                            queryBuilder.setCondition(queryBuilder.impersonates(id));
                                        } else {
                                            String str2 = parameter + "%";
                                            queryBuilder.setCondition(queryBuilder.and(queryBuilder.impersonates(id), queryBuilder.or(queryBuilder.nameMatches(str2), queryBuilder.or(queryBuilder.like("profile/" + UserProperties.GIVEN_NAME, str2), queryBuilder.or(queryBuilder.like("profile/" + UserProperties.FAMILY_NAME, str2), queryBuilder.like("profile/" + UserProperties.DISPLAY_NAME, str2))))));
                                        }
                                        queryBuilder.setSelector(User.class);
                                        queryBuilder.setLimit(nonNegativeValue, nonNegativeValue2);
                                    }
                                });
                                setJsonResponseHeader(slingHttpServletResponse);
                                JSONWriter jSONWriter = new JSONWriter(slingHttpServletResponse.getWriter());
                                jSONWriter.object();
                                jSONWriter.key(PropConstants.AUTHORIZABLES);
                                jSONWriter.array();
                                AuthorizableJSONWriter authorizableJSONWriter = new AuthorizableJSONWriter(this.service.createUserPropertiesManager(session, resourceResolver), resourceResolver, session, getProps(requestParameterMap), this.xss);
                                long j = 0;
                                while (findAuthorizables.hasNext()) {
                                    authorizableJSONWriter.write(jSONWriter, (Authorizable) findAuthorizables.next());
                                    j++;
                                }
                                jSONWriter.endArray();
                                jSONWriter.key(PropConstants.CNT.toLowerCase()).value(j);
                                jSONWriter.endObject();
                            } else if (!"impersonate".equals(str)) {
                                htmlResponse = createErrorResponse(400, "Invalid selector " + str);
                            } else if (!id.equals(session.getUserID())) {
                                htmlResponse = createErrorResponse(400, "User does not match editing session. Cannot handle impersonation request.");
                            } else if (requestParameterMap.containsKey("impersonate")) {
                                String string = requestParameterMap.getValue("impersonate").getString();
                                log.debug("Set parameter to impersonate {} as {}", id, string);
                                notifyImpersonation(string, id);
                                String string2 = requestParameterMap.containsKey("path") ? requestParameterMap.getValue("path").getString() : "/";
                                StringBuilder sb = new StringBuilder();
                                sb.append("?").append(SLING_PARAM_REDIRECT);
                                sb.append(URLEncoder.encode(string2, "utf-8")).append("&");
                                sb.append(SLING_PARAM_SUDO).append(URLEncoder.encode(string, "utf-8"));
                                setJsonResponseHeader(slingHttpServletResponse);
                                slingHttpServletResponse.sendRedirect(sb.toString());
                            } else {
                                htmlResponse = createErrorResponse(400, "Command missing in request ('impersonate' parameter expected).");
                            }
                        }
                        if (htmlResponse != null) {
                            htmlResponse.send(slingHttpServletResponse, true);
                        }
                    } catch (JSONException e) {
                        HtmlResponse createErrorResponse = createErrorResponse(e);
                        if (createErrorResponse != null) {
                            createErrorResponse.send(slingHttpServletResponse, true);
                        }
                    }
                } catch (RepositoryException e2) {
                    HtmlResponse createErrorResponse2 = createErrorResponse(e2);
                    if (createErrorResponse2 != null) {
                        createErrorResponse2.send(slingHttpServletResponse, true);
                    }
                }
            } catch (Exception e3) {
                HtmlResponse createErrorResponse3 = createErrorResponse(e3);
                if (createErrorResponse3 != null) {
                    createErrorResponse3.send(slingHttpServletResponse, true);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                htmlResponse.send(slingHttpServletResponse, true);
            }
            throw th;
        }
    }

    private void notifyImpersonation(String str, String str2) {
        if (this.notifier != null) {
            if ("-".equals(str)) {
                this.notifier.notify(new Date(), str2, "revert", Collections.emptyMap());
            } else {
                this.notifier.notify(new Date(), str2, "sudo", Collections.singletonMap("sudo", str));
            }
        }
    }

    protected void bindService(UserPropertiesService userPropertiesService) {
        this.service = userPropertiesService;
    }

    protected void unbindService(UserPropertiesService userPropertiesService) {
        if (this.service == userPropertiesService) {
            this.service = null;
        }
    }

    protected void bindXss(XSSFilter xSSFilter) {
        this.xss = xSSFilter;
    }

    protected void unbindXss(XSSFilter xSSFilter) {
        if (this.xss == xSSFilter) {
            this.xss = null;
        }
    }

    protected void bindNotifier(ImpersonationNotifier impersonationNotifier) {
        this.notifier = impersonationNotifier;
    }

    protected void unbindNotifier(ImpersonationNotifier impersonationNotifier) {
        if (this.notifier == impersonationNotifier) {
            this.notifier = null;
        }
    }
}
