package org.apache.sling.jcr.repoinit.impl;

import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.repoinit.parser.operations.CreateGroup;
import org.apache.sling.repoinit.parser.operations.CreateServiceUser;
import org.apache.sling.repoinit.parser.operations.CreateUser;
import org.apache.sling.repoinit.parser.operations.DeleteGroup;
import org.apache.sling.repoinit.parser.operations.DeleteServiceUser;
import org.apache.sling.repoinit.parser.operations.DeleteUser;
import org.apache.sling.repoinit.parser.operations.DisableServiceUser;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:org/apache/sling/jcr/repoinit/impl/UserVisitor.class */
class UserVisitor extends DoNothingVisitor {
    public UserVisitor(Session session) {
        super(session);
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitCreateServiceUser(CreateServiceUser createServiceUser) {
        String username = createServiceUser.getUsername();
        try {
            UserManager userManager = UserUtil.getUserManager(this.session);
            User user = (User) userManager.getAuthorizable(username, User.class);
            checkUserType(username, user, true);
            if (user == null || (createServiceUser.isForcedPath() && needsRecreate(username, user, createServiceUser.getPath(), "Service user"))) {
                this.log.info("Creating service user {}", username);
                userManager.createSystemUser(username, createServiceUser.getPath());
            }
        } catch (Exception e) {
            report(e, "Unable to create service user [" + username + "]:" + e);
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitDeleteServiceUser(DeleteServiceUser deleteServiceUser) {
        String username = deleteServiceUser.getUsername();
        this.log.info("Deleting service user {}", username);
        try {
            UserUtil.deleteAuthorizable(this.session, username);
        } catch (Exception e) {
            report(e, "Unable to delete service user [" + username + "]:" + e);
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitCreateGroup(CreateGroup createGroup) {
        String groupname = createGroup.getGroupname();
        try {
            UserManager userManager = UserUtil.getUserManager(this.session);
            Group authorizable = userManager.getAuthorizable(groupname, Group.class);
            String path = createGroup.getPath();
            if (authorizable == null || (createGroup.isForcedPath() && needsRecreate(groupname, authorizable, path, "Group"))) {
                this.log.info("Creating group {}", groupname);
                if (path == null) {
                    userManager.createGroup(groupname);
                } else {
                    userManager.createGroup(() -> {
                        return groupname;
                    }, path);
                }
            }
        } catch (Exception e) {
            report(e, "Unable to create group [" + groupname + "]:" + e);
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitDeleteGroup(DeleteGroup deleteGroup) {
        String groupname = deleteGroup.getGroupname();
        this.log.info("Deleting group {}", groupname);
        try {
            if (!UserUtil.deleteAuthorizable(this.session, groupname)) {
                this.log.debug("Group {} doesn't exist - assuming delete to be a noop.", groupname);
            }
        } catch (Exception e) {
            report(e, "Unable to delete group [" + groupname + "]:" + e);
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitCreateUser(CreateUser createUser) {
        String username = createUser.getUsername();
        try {
            User user = (User) UserUtil.getUserManager(this.session).getAuthorizable(username, User.class);
            checkUserType(username, user, false);
            if (user == null || (createUser.isForcedPath() && needsRecreate(username, user, createUser.getPath(), "User"))) {
                String password = createUser.getPassword();
                if (password != null) {
                    this.log.warn("Creating user {} with cleartext password - should NOT be used on production systems", username);
                } else {
                    this.log.info("Creating user {}", username);
                }
                UserUtil.createUser(this.session, username, password, createUser.getPath());
            }
        } catch (Exception e) {
            report(e, "Unable to create user [" + username + "]:" + e);
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitDeleteUser(DeleteUser deleteUser) {
        String username = deleteUser.getUsername();
        this.log.info("Deleting user {}", username);
        try {
            if (!UserUtil.deleteAuthorizable(this.session, username)) {
                this.log.debug("User {} doesn't exist - assuming delete to be a noop.", username);
            }
        } catch (Exception e) {
            report(e, "Unable to delete user [" + username + "]:" + e);
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitDisableServiceUser(DisableServiceUser disableServiceUser) {
        String username = disableServiceUser.getUsername();
        String reason = disableServiceUser.getReason();
        this.log.info("Disabling service user {} reason {}", username, reason);
        try {
            if (!UserUtil.disableUser(this.session, username, reason)) {
                this.log.debug("Service user {} doesn't exist - assuming disable to be a noop.", username);
            }
        } catch (Exception e) {
            report(e, "Unable to disable service user [" + username + "]:" + e);
        }
    }

    private void checkUserType(@NotNull String str, @Nullable User user, boolean z) {
        if (user == null || user.isSystemUser() == z) {
            return;
        }
        report(String.format(z ? "Existing user %s is not a service user." : "Existing user %s is a service user.", str));
    }

    private boolean needsRecreate(@NotNull String str, @NotNull Authorizable authorizable, @NotNull String str2, @NotNull String str3) throws RepositoryException {
        String path = UserUtil.getPath(authorizable);
        if (path == null) {
            this.log.error("{} '{}' already exists but path cannot be determined, no changes made.", str3, str);
            return false;
        }
        if (path.contains(str2 + "/")) {
            this.log.info("{} '{}' already exists with required intermediate path '{}', no changes made.", new Object[]{str3, str, str2});
            return false;
        }
        this.log.info("Recreating {} '{}' with path '{}' to match required intermediate path '{}'", new Object[]{str3, str, path, str2});
        authorizable.remove();
        return true;
    }
}
