package org.pentaho.platform.security.userroledao.jackrabbit;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.jcr.NamespaceException;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import org.apache.commons.collections.map.LRUMap;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.core.security.user.PentahoUserManagerImpl;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.NameFactory;
import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl;
import org.pentaho.platform.api.engine.security.userroledao.IPentahoRole;
import org.pentaho.platform.api.engine.security.userroledao.IPentahoUser;
import org.pentaho.platform.api.engine.security.userroledao.IUserRoleDao;
import org.pentaho.platform.api.engine.security.userroledao.NotFoundException;
import org.pentaho.platform.api.mt.ITenant;
import org.pentaho.platform.api.mt.ITenantedPrincipleNameResolver;
import org.pentaho.platform.api.repository2.unified.IRepositoryDefaultAclHandler;
import org.pentaho.platform.api.repository2.unified.RepositoryFile;
import org.pentaho.platform.api.repository2.unified.RepositoryFileAcl;
import org.pentaho.platform.api.repository2.unified.RepositoryFilePermission;
import org.pentaho.platform.api.repository2.unified.RepositoryFileSid;
import org.pentaho.platform.engine.core.system.PentahoSessionHolder;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.engine.core.system.TenantUtils;
import org.pentaho.platform.repository2.unified.IRepositoryFileAclDao;
import org.pentaho.platform.repository2.unified.IRepositoryFileDao;
import org.pentaho.platform.repository2.unified.ServerRepositoryPaths;
import org.pentaho.platform.repository2.unified.jcr.ILockHelper;
import org.pentaho.platform.repository2.unified.jcr.IPathConversionHelper;
import org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileAclUtils;
import org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileUtils;
import org.pentaho.platform.repository2.unified.jcr.JcrTenantUtils;
import org.pentaho.platform.repository2.unified.jcr.PentahoJcrConstants;
import org.pentaho.platform.security.userroledao.PentahoRole;
import org.pentaho.platform.security.userroledao.PentahoUser;
import org.pentaho.platform.security.userroledao.messages.Messages;
import org.springframework.security.providers.dao.UserCache;
import org.springframework.security.providers.dao.cache.NullUserCache;

/* loaded from: input_file:org/pentaho/platform/security/userroledao/jackrabbit/AbstractJcrBackedUserRoleDao.class */
public abstract class AbstractJcrBackedUserRoleDao implements IUserRoleDao {
    protected ITenantedPrincipleNameResolver tenantedUserNameUtils;
    protected ITenantedPrincipleNameResolver tenantedRoleNameUtils;
    IRepositoryFileAclDao repositoryFileAclDao;
    IRepositoryFileDao repositoryFileDao;
    String defaultTenant;
    String authenticatedRoleName;
    String tenantAdminRoleName;
    String repositoryAdminUsername;
    IPathConversionHelper pathConversionHelper;
    IRepositoryDefaultAclHandler defaultAclHandler;
    ILockHelper lockHelper;
    List<String> systemRoles;
    List<String> extraRoles;
    private UserCache userDetailsCache;
    NameFactory NF = NameFactoryImpl.getInstance();
    Name P_PRINCIPAL_NAME = this.NF.create("internal", "principalName");
    String pPrincipalName = "rep:principalName";
    HashMap<String, PentahoUserManagerImpl> userMgrMap = new HashMap<>();
    private LRUMap userCache = new LRUMap(4096);

    public AbstractJcrBackedUserRoleDao(ITenantedPrincipleNameResolver iTenantedPrincipleNameResolver, ITenantedPrincipleNameResolver iTenantedPrincipleNameResolver2, String str, String str2, String str3, IRepositoryFileAclDao iRepositoryFileAclDao, IRepositoryFileDao iRepositoryFileDao, IPathConversionHelper iPathConversionHelper, ILockHelper iLockHelper, IRepositoryDefaultAclHandler iRepositoryDefaultAclHandler, List<String> list, List<String> list2, UserCache userCache) throws NamespaceException {
        this.userDetailsCache = new NullUserCache();
        this.tenantedUserNameUtils = iTenantedPrincipleNameResolver;
        this.tenantedRoleNameUtils = iTenantedPrincipleNameResolver2;
        this.authenticatedRoleName = str;
        this.tenantAdminRoleName = str2;
        this.repositoryAdminUsername = str3;
        this.repositoryFileAclDao = iRepositoryFileAclDao;
        this.repositoryFileDao = iRepositoryFileDao;
        this.pathConversionHelper = iPathConversionHelper;
        this.lockHelper = iLockHelper;
        this.defaultAclHandler = iRepositoryDefaultAclHandler;
        this.systemRoles = list;
        this.extraRoles = list2;
        this.userDetailsCache = userCache;
    }

    public void setRoleMembers(Session session, ITenant iTenant, String str, String[] strArr) throws RepositoryException, NotFoundException {
        List<IPentahoUser> roleMembers = getRoleMembers(session, iTenant, str);
        String[] findRemovedUsers = findRemovedUsers(roleMembers, strArr);
        if ((oneOfUserIsMySelf(findRemovedUsers) || oneOfUserIsDefaultAdminUser(findRemovedUsers)) && this.tenantAdminRoleName.equals(str)) {
            throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0009_USER_REMOVE_FAILED_YOURSELF_OR_DEFAULT_ADMIN_USER"));
        }
        if (this.tenantAdminRoleName.equals(str) && roleMembers != null && roleMembers.size() > 0 && strArr.length == 0) {
            throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0001_LAST_ADMIN_ROLE", new Object[]{this.tenantAdminRoleName}));
        }
        Group jackrabbitGroup = getJackrabbitGroup(iTenant, str, session);
        if (jackrabbitGroup != null) {
            if (TenantUtils.isAccessibleTenant(iTenant == null ? this.tenantedRoleNameUtils.getTenant(jackrabbitGroup.getID()) : iTenant)) {
                HashMap hashMap = new HashMap();
                Iterator members = jackrabbitGroup.getMembers();
                while (members.hasNext()) {
                    User user = (Authorizable) members.next();
                    if (user instanceof User) {
                        hashMap.put(user.getID(), user);
                    }
                }
                HashMap hashMap2 = new HashMap();
                if (strArr != null) {
                    ITenant tenant = iTenant == null ? JcrTenantUtils.getTenant(str, false) : iTenant;
                    for (String str2 : strArr) {
                        User jackrabbitUser = getJackrabbitUser(tenant, str2, session);
                        if (jackrabbitUser != null) {
                            hashMap2.put(getTenantedUserNameUtils().getPrincipleId(tenant, str2), jackrabbitUser);
                        }
                    }
                }
                ArrayList arrayList = new ArrayList(hashMap.keySet());
                arrayList.removeAll(hashMap2.keySet());
                ArrayList arrayList2 = new ArrayList(hashMap2.keySet());
                arrayList2.removeAll(hashMap.keySet());
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    String str3 = (String) it.next();
                    jackrabbitGroup.removeMember((Authorizable) hashMap.get(str3));
                    purgeUserFromCache(str3);
                }
                Iterator it2 = arrayList2.iterator();
                while (it2.hasNext()) {
                    String str4 = (String) it2.next();
                    jackrabbitGroup.addMember((Authorizable) hashMap2.get(str4));
                    purgeUserFromCache(str4);
                }
                return;
            }
        }
        throw new NotFoundException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0002_ROLE_NOT_FOUND"));
    }

    private void setUserRolesForNewUser(Session session, ITenant iTenant, String str, String[] strArr) throws RepositoryException, NotFoundException {
        HashSet<String> hashSet = new HashSet();
        if (strArr != null) {
            hashSet.addAll(Arrays.asList(strArr));
        }
        hashSet.add(this.authenticatedRoleName);
        User jackrabbitUser = getJackrabbitUser(iTenant, str, session);
        if (jackrabbitUser != null) {
            if (TenantUtils.isAccessibleTenant(iTenant == null ? this.tenantedUserNameUtils.getTenant(jackrabbitUser.getID()) : iTenant)) {
                HashMap hashMap = new HashMap();
                ITenant tenant = iTenant == null ? JcrTenantUtils.getTenant(str, true) : iTenant;
                for (String str2 : hashSet) {
                    Group jackrabbitGroup = getJackrabbitGroup(tenant, str2, session);
                    if (jackrabbitGroup != null) {
                        hashMap.put(this.tenantedRoleNameUtils.getPrincipleId(tenant, str2), jackrabbitGroup);
                    }
                }
                Iterator it = new ArrayList(hashMap.keySet()).iterator();
                while (it.hasNext()) {
                    ((Group) hashMap.get((String) it.next())).addMember(jackrabbitUser);
                    purgeUserFromCache(str);
                }
                return;
            }
        }
        throw new NotFoundException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0003_USER_NOT_FOUND"));
    }

    private void purgeUserFromCache(String str) {
        this.userDetailsCache.removeUserFromCache(getTenantedUserNameUtils().getPrincipleName(str));
    }

    private boolean oneOfUserIsMySelf(String[] strArr) {
        for (String str : strArr) {
            if (isMyself(str)) {
                return true;
            }
        }
        return false;
    }

    private boolean oneOfUserIsDefaultAdminUser(String[] strArr) {
        for (String str : strArr) {
            if (isDefaultAdminUser(str)) {
                return true;
            }
        }
        return false;
    }

    private boolean isMyself(String str) {
        return PentahoSessionHolder.getSession().getName().equals(str);
    }

    private boolean isDefaultAdminUser(String str) {
        String str2 = (String) PentahoSystem.get(String.class, "singleTenantAdminUserName", PentahoSessionHolder.getSession());
        if (str2 != null) {
            return str2.equals(str);
        }
        return false;
    }

    private boolean adminRoleExist(String[] strArr) {
        return Arrays.asList(strArr).contains(this.tenantAdminRoleName);
    }

    public void setUserRoles(Session session, ITenant iTenant, String str, String[] strArr) throws RepositoryException, NotFoundException {
        if ((isMyself(str) || isDefaultAdminUser(str)) && !adminRoleExist(strArr)) {
            throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0005_YOURSELF_OR_DEFAULT_ADMIN_USER"));
        }
        HashSet<String> hashSet = new HashSet();
        if (strArr != null) {
            hashSet.addAll(Arrays.asList(strArr));
        }
        hashSet.add(this.authenticatedRoleName);
        User jackrabbitUser = getJackrabbitUser(iTenant, str, session);
        if (jackrabbitUser != null) {
            if (TenantUtils.isAccessibleTenant(iTenant == null ? this.tenantedUserNameUtils.getTenant(jackrabbitUser.getID()) : iTenant)) {
                HashMap hashMap = new HashMap();
                Iterator memberOf = jackrabbitUser.memberOf();
                while (memberOf.hasNext()) {
                    Group group = (Group) memberOf.next();
                    hashMap.put(group.getID(), group);
                }
                HashMap hashMap2 = new HashMap();
                ITenant tenant = iTenant == null ? JcrTenantUtils.getTenant(str, true) : iTenant;
                for (String str2 : hashSet) {
                    Group jackrabbitGroup = getJackrabbitGroup(tenant, str2, session);
                    if (jackrabbitGroup != null) {
                        hashMap2.put(this.tenantedRoleNameUtils.getPrincipleId(tenant, str2), jackrabbitGroup);
                    }
                }
                ArrayList arrayList = new ArrayList(hashMap.keySet());
                arrayList.removeAll(hashMap2.keySet());
                ArrayList arrayList2 = new ArrayList(hashMap2.keySet());
                arrayList2.removeAll(hashMap.keySet());
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    ((Group) hashMap.get((String) it.next())).removeMember(jackrabbitUser);
                }
                Iterator it2 = arrayList2.iterator();
                while (it2.hasNext()) {
                    ((Group) hashMap2.get((String) it2.next())).addMember(jackrabbitUser);
                }
                purgeUserFromCache(str);
                return;
            }
        }
        throw new NotFoundException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0003_USER_NOT_FOUND"));
    }

    public IPentahoRole createRole(Session session, ITenant iTenant, String str, String str2, String[] strArr) throws AuthorizableExistsException, RepositoryException {
        ITenant iTenant2 = iTenant;
        String str3 = str;
        if (iTenant2 == null) {
            iTenant2 = JcrTenantUtils.getTenant(str, false);
            str3 = JcrTenantUtils.getPrincipalName(str, false);
        }
        if (iTenant2 == null || iTenant2.getId() == null) {
            iTenant2 = JcrTenantUtils.getCurrentTenant();
        }
        if (!TenantUtils.isAccessibleTenant(iTenant2)) {
            throw new NotFoundException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0006_TENANT_NOT_FOUND", new Object[]{iTenant.getId()}));
        }
        getUserManager(iTenant2, session).createGroup(new PrincipalImpl(this.tenantedRoleNameUtils.getPrincipleId(iTenant2, str3)), "");
        setRoleMembers(session, iTenant2, str3, strArr);
        setRoleDescription(session, iTenant2, str3, str2);
        return getRole(session, iTenant, str);
    }

    public IPentahoUser createUser(Session session, ITenant iTenant, String str, String str2, String str3, String[] strArr) throws AuthorizableExistsException, RepositoryException {
        ITenant iTenant2 = iTenant;
        String str4 = str;
        if (iTenant2 == null) {
            iTenant2 = JcrTenantUtils.getTenant(str, true);
            str4 = JcrTenantUtils.getPrincipalName(str, true);
        }
        if (iTenant2 == null || iTenant2.getId() == null) {
            iTenant2 = JcrTenantUtils.getCurrentTenant();
        }
        if (!TenantUtils.isAccessibleTenant(iTenant2)) {
            throw new NotFoundException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0006_TENANT_NOT_FOUND", new Object[]{iTenant.getId()}));
        }
        String principleId = this.tenantedUserNameUtils.getPrincipleId(iTenant2, str4);
        getUserManager(iTenant2, session).createUser(principleId, str2, new PrincipalImpl(principleId), "");
        session.save();
        setUserRolesForNewUser(session, iTenant2, str4, strArr);
        setUserDescription(session, iTenant2, str4, str3);
        session.save();
        createUserHomeFolder(iTenant2, str4, session);
        session.save();
        this.userDetailsCache.removeUserFromCache(str);
        return getUser(session, iTenant2, str);
    }

    public void deleteRole(Session session, IPentahoRole iPentahoRole) throws NotFoundException, RepositoryException {
        if (!canDeleteRole(session, iPentahoRole)) {
            throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0007_ATTEMPTED_SYSTEM_ROLE_DELETE"));
        }
        List<IPentahoUser> roleMembers = getRoleMembers(session, iPentahoRole.getTenant(), iPentahoRole.getName());
        Group jackrabbitGroup = getJackrabbitGroup(iPentahoRole.getTenant(), iPentahoRole.getName(), session);
        if (jackrabbitGroup == null || !TenantUtils.isAccessibleTenant(this.tenantedRoleNameUtils.getTenant(jackrabbitGroup.getID()))) {
            throw new NotFoundException("");
        }
        jackrabbitGroup.remove();
        Iterator<IPentahoUser> it = roleMembers.iterator();
        while (it.hasNext()) {
            purgeUserFromCache(it.next().getUsername());
        }
    }

    public void deleteUser(Session session, IPentahoUser iPentahoUser) throws NotFoundException, RepositoryException {
        if (!canDeleteUser(session, iPentahoUser)) {
            throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0004_LAST_USER_NEEDED_IN_ROLE", new Object[]{this.tenantAdminRoleName}));
        }
        User jackrabbitUser = getJackrabbitUser(iPentahoUser.getTenant(), iPentahoUser.getUsername(), session);
        if (jackrabbitUser == null || !TenantUtils.isAccessibleTenant(this.tenantedUserNameUtils.getTenant(jackrabbitUser.getID()))) {
            throw new NotFoundException("");
        }
        Iterator memberOf = jackrabbitUser.memberOf();
        while (memberOf.hasNext()) {
            ((Group) memberOf.next()).removeMember(jackrabbitUser);
        }
        purgeUserFromCache(iPentahoUser.getUsername());
        jackrabbitUser.remove();
    }

    public List<IPentahoRole> getRoles(Session session) throws RepositoryException {
        return getRoles(session, JcrTenantUtils.getCurrentTenant());
    }

    private IPentahoUser convertToPentahoUser(User user) throws RepositoryException {
        if (this.userCache.containsKey(user.getID())) {
            return (IPentahoUser) this.userCache.get(user.getID());
        }
        String str = null;
        try {
            Value[] property = user.getProperty("description");
            str = property.length > 0 ? property[0].getString() : null;
        } catch (Exception e) {
        }
        CryptedSimpleCredentials credentials = user.getCredentials();
        String str2 = null;
        if (credentials instanceof CryptedSimpleCredentials) {
            str2 = new String(credentials.getPassword());
        }
        PentahoUser pentahoUser = new PentahoUser(this.tenantedUserNameUtils.getTenant(user.getID()), this.tenantedUserNameUtils.getPrincipleName(user.getID()), str2, str, !user.isDisabled());
        this.userCache.put(user.getID(), pentahoUser);
        return pentahoUser;
    }

    private IPentahoRole convertToPentahoRole(Group group) throws RepositoryException {
        String str = null;
        try {
            Value[] property = group.getProperty("description");
            str = property.length > 0 ? property[0].getString() : null;
        } catch (Exception e) {
        }
        return new PentahoRole(this.tenantedRoleNameUtils.getTenant(group.getID()), this.tenantedRoleNameUtils.getPrincipleName(group.getID()), str);
    }

    public List<IPentahoUser> getUsers(Session session) throws RepositoryException {
        return getUsers(session, JcrTenantUtils.getCurrentTenant());
    }

    public void setRoleDescription(Session session, ITenant iTenant, String str, String str2) throws NotFoundException, RepositoryException {
        Group jackrabbitGroup = getJackrabbitGroup(iTenant, str, session);
        if (jackrabbitGroup != null) {
            if (TenantUtils.isAccessibleTenant(iTenant == null ? this.tenantedRoleNameUtils.getTenant(jackrabbitGroup.getID()) : iTenant)) {
                if (str2 == null) {
                    jackrabbitGroup.removeProperty("description");
                    return;
                } else {
                    jackrabbitGroup.setProperty("description", session.getValueFactory().createValue(str2));
                    return;
                }
            }
        }
        throw new NotFoundException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0002_ROLE_NOT_FOUND"));
    }

    public void setUserDescription(Session session, ITenant iTenant, String str, String str2) throws NotFoundException, RepositoryException {
        User jackrabbitUser = getJackrabbitUser(iTenant, str, session);
        if (jackrabbitUser != null) {
            if (TenantUtils.isAccessibleTenant(iTenant == null ? this.tenantedUserNameUtils.getTenant(jackrabbitUser.getID()) : iTenant)) {
                if (str2 == null) {
                    jackrabbitUser.removeProperty("description");
                    return;
                } else {
                    jackrabbitUser.setProperty("description", session.getValueFactory().createValue(str2));
                    return;
                }
            }
        }
        throw new NotFoundException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0003_USER_NOT_FOUND"));
    }

    public void setPassword(Session session, ITenant iTenant, String str, String str2) throws NotFoundException, RepositoryException {
        User jackrabbitUser = getJackrabbitUser(iTenant, str, session);
        if (jackrabbitUser != null) {
            if (TenantUtils.isAccessibleTenant(iTenant == null ? this.tenantedUserNameUtils.getTenant(jackrabbitUser.getID()) : iTenant)) {
                jackrabbitUser.changePassword(str2);
                purgeUserFromCache(str);
                this.userCache.remove(jackrabbitUser.getID());
                return;
            }
        }
        throw new NotFoundException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0003_USER_NOT_FOUND"));
    }

    public ITenantedPrincipleNameResolver getTenantedUserNameUtils() {
        return this.tenantedUserNameUtils;
    }

    public ITenantedPrincipleNameResolver getTenantedRoleNameUtils() {
        return this.tenantedRoleNameUtils;
    }

    public List<IPentahoRole> getRoles(Session session, ITenant iTenant) throws RepositoryException, NamespaceException {
        return getRoles(session, iTenant, false);
    }

    public List<IPentahoRole> getRoles(Session session, ITenant iTenant, boolean z) throws RepositoryException {
        ArrayList arrayList = new ArrayList();
        if (iTenant == null || iTenant.getId() == null) {
            iTenant = JcrTenantUtils.getTenant();
        }
        if (TenantUtils.isAccessibleTenant(iTenant)) {
            PentahoUserManagerImpl userManager = getUserManager(iTenant, session);
            this.pPrincipalName = ((SessionImpl) session).getJCRName(this.P_PRINCIPAL_NAME);
            Iterator findAuthorizables = userManager.findAuthorizables(this.pPrincipalName, (String) null, 2);
            while (findAuthorizables.hasNext()) {
                IPentahoRole convertToPentahoRole = convertToPentahoRole((Group) findAuthorizables.next());
                if (!this.extraRoles.contains(convertToPentahoRole.getName())) {
                    if (z) {
                        arrayList.add(convertToPentahoRole);
                    } else if (convertToPentahoRole.getTenant() != null && convertToPentahoRole.getTenant().equals(iTenant)) {
                        arrayList.add(convertToPentahoRole);
                    }
                }
            }
        }
        return arrayList;
    }

    public List<IPentahoUser> getUsers(Session session, ITenant iTenant) throws RepositoryException {
        return getUsers(session, iTenant, false);
    }

    public List<IPentahoUser> getUsers(Session session, ITenant iTenant, boolean z) throws RepositoryException {
        ArrayList arrayList = new ArrayList();
        if (iTenant == null || iTenant.getId() == null) {
            iTenant = JcrTenantUtils.getTenant();
        }
        if (TenantUtils.isAccessibleTenant(iTenant)) {
            PentahoUserManagerImpl userManager = getUserManager(iTenant, session);
            this.pPrincipalName = ((SessionImpl) session).getJCRName(this.P_PRINCIPAL_NAME);
            Iterator findAuthorizables = userManager.findAuthorizables(this.pPrincipalName, (String) null, 1);
            while (findAuthorizables.hasNext()) {
                IPentahoUser convertToPentahoUser = convertToPentahoUser((User) findAuthorizables.next());
                if (z) {
                    arrayList.add(convertToPentahoUser);
                } else if (convertToPentahoUser.getTenant() != null && convertToPentahoUser.getTenant().equals(iTenant)) {
                    arrayList.add(convertToPentahoUser);
                }
            }
        }
        return arrayList;
    }

    public IPentahoRole getRole(Session session, ITenant iTenant, String str) throws RepositoryException {
        Group jackrabbitGroup = getJackrabbitGroup(iTenant, str, session);
        if (jackrabbitGroup != null) {
            if (TenantUtils.isAccessibleTenant(iTenant == null ? this.tenantedRoleNameUtils.getTenant(jackrabbitGroup.getID()) : iTenant)) {
                return convertToPentahoRole(jackrabbitGroup);
            }
        }
        return null;
    }

    private PentahoUserManagerImpl getUserManager(ITenant iTenant, Session session) throws RepositoryException {
        Properties properties = new Properties();
        properties.put("usersPath", "/rep:security/rep:authorizables/rep:users" + iTenant.getRootFolderAbsolutePath());
        properties.put("groupsPath", "/rep:security/rep:authorizables/rep:groups" + iTenant.getRootFolderAbsolutePath());
        return new PentahoUserManagerImpl((SessionImpl) session, session.getUserID(), properties);
    }

    public IPentahoUser getUser(Session session, ITenant iTenant, String str) throws RepositoryException {
        User jackrabbitUser = getJackrabbitUser(iTenant, str, session);
        if (jackrabbitUser != null) {
            if (TenantUtils.isAccessibleTenant(iTenant == null ? this.tenantedUserNameUtils.getTenant(jackrabbitUser.getID()) : iTenant)) {
                return convertToPentahoUser(jackrabbitUser);
            }
        }
        return null;
    }

    private Group getJackrabbitGroup(ITenant iTenant, String str, Session session) throws RepositoryException {
        Group group = null;
        String str2 = str;
        ITenant iTenant2 = iTenant;
        if (iTenant2 == null) {
            iTenant2 = JcrTenantUtils.getTenant(str2, false);
            str2 = JcrTenantUtils.getPrincipalName(str2, false);
        }
        if (iTenant2 == null || iTenant2.getId() == null) {
            iTenant2 = JcrTenantUtils.getCurrentTenant();
        }
        if (iTenant2 == null || iTenant2.getId() == null) {
            iTenant2 = JcrTenantUtils.getDefaultTenant();
        }
        Group authorizable = getUserManager(iTenant2, session).getAuthorizable(this.tenantedRoleNameUtils.getPrincipleId(iTenant2, str2));
        if (authorizable instanceof Group) {
            group = authorizable;
        }
        return group;
    }

    private User getJackrabbitUser(ITenant iTenant, String str, Session session) throws RepositoryException {
        User user = null;
        String str2 = str;
        ITenant iTenant2 = iTenant;
        if (iTenant2 == null) {
            iTenant2 = JcrTenantUtils.getTenant(str2, true);
            str2 = JcrTenantUtils.getPrincipalName(str2, true);
        }
        if (iTenant2 == null || iTenant2.getId() == null) {
            iTenant2 = JcrTenantUtils.getCurrentTenant();
        }
        if (iTenant2 == null || iTenant2.getId() == null) {
            iTenant2 = JcrTenantUtils.getDefaultTenant();
        }
        if (iTenant2 != null) {
            Authorizable authorizable = getUserManager(iTenant2, session).getAuthorizable(this.tenantedUserNameUtils.getPrincipleId(iTenant2, str2));
            if (authorizable instanceof User) {
                user = (User) authorizable;
            }
        }
        return user;
    }

    protected boolean tenantExists(String str) {
        return str != null && str.trim().length() > 0;
    }

    public List<IPentahoUser> getRoleMembers(Session session, ITenant iTenant, String str) throws RepositoryException {
        ArrayList arrayList = new ArrayList();
        Group jackrabbitGroup = getJackrabbitGroup(iTenant, str, session);
        if (jackrabbitGroup != null) {
            if (TenantUtils.isAccessibleTenant(iTenant == null ? this.tenantedRoleNameUtils.getTenant(jackrabbitGroup.getID()) : iTenant)) {
                Iterator members = jackrabbitGroup.getMembers();
                while (members.hasNext()) {
                    Authorizable authorizable = (Authorizable) members.next();
                    if (authorizable instanceof User) {
                        arrayList.add(convertToPentahoUser((User) authorizable));
                    }
                }
            }
        }
        return arrayList;
    }

    public List<IPentahoRole> getUserRoles(Session session, ITenant iTenant, String str) throws RepositoryException {
        ArrayList arrayList = new ArrayList();
        User jackrabbitUser = getJackrabbitUser(iTenant, str, session);
        if (jackrabbitUser != null) {
            if (TenantUtils.isAccessibleTenant(iTenant == null ? this.tenantedUserNameUtils.getTenant(jackrabbitUser.getID()) : iTenant)) {
                Iterator memberOf = jackrabbitUser.memberOf();
                while (memberOf.hasNext()) {
                    IPentahoRole convertToPentahoRole = convertToPentahoRole((Group) memberOf.next());
                    if (!this.extraRoles.contains(convertToPentahoRole.getName())) {
                        arrayList.add(convertToPentahoRole);
                    }
                }
            }
        }
        return arrayList;
    }

    private RepositoryFile createUserHomeFolder(ITenant iTenant, String str, Session session) throws RepositoryException {
        RepositoryFileAcl.Builder ace;
        if (iTenant == null) {
            iTenant = JcrTenantUtils.getTenant(str, true);
            str = JcrTenantUtils.getPrincipalName(str, true);
        }
        if (iTenant == null || iTenant.getId() == null) {
            iTenant = JcrTenantUtils.getCurrentTenant();
        }
        if (iTenant == null || iTenant.getId() == null) {
            iTenant = JcrTenantUtils.getDefaultTenant();
        }
        RepositoryFile repositoryFile = null;
        RepositoryFileSid repositoryFileSid = new RepositoryFileSid(this.tenantedUserNameUtils.getPrincipleId(iTenant, str));
        RepositoryFile fileByAbsolutePath = JcrRepositoryFileUtils.getFileByAbsolutePath(session, ServerRepositoryPaths.getTenantRootFolderPath(iTenant), this.pathConversionHelper, this.lockHelper, false, null);
        if (fileByAbsolutePath != null) {
            RepositoryFile fileByAbsolutePath2 = JcrRepositoryFileUtils.getFileByAbsolutePath(session, ServerRepositoryPaths.getTenantHomeFolderPath(iTenant), this.pathConversionHelper, this.lockHelper, false, null);
            if (fileByAbsolutePath2 == null) {
                RepositoryFileSid repositoryFileSid2 = new RepositoryFileSid(this.tenantedUserNameUtils.getPrincipleId(iTenant, str), RepositoryFileSid.Type.USER);
                RepositoryFileAcl.Builder ace2 = new RepositoryFileAcl.Builder(repositoryFileSid).ace(new RepositoryFileSid(this.tenantedRoleNameUtils.getPrincipleId(iTenant, this.authenticatedRoleName), RepositoryFileSid.Type.ROLE), EnumSet.of(RepositoryFilePermission.READ));
                ace = new RepositoryFileAcl.Builder(repositoryFileSid).ace(repositoryFileSid2, EnumSet.of(RepositoryFilePermission.ALL));
                fileByAbsolutePath2 = internalCreateFolder(session, fileByAbsolutePath.getId(), new RepositoryFile.Builder(ServerRepositoryPaths.getTenantHomeFolderName()).folder(true).title(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.usersFolderDisplayName")).build(), ace2.build(), "tenant home folder");
            } else {
                ace = new RepositoryFileAcl.Builder(repositoryFileSid).ace(new RepositoryFileSid(this.tenantedUserNameUtils.getPrincipleId(iTenant, str), RepositoryFileSid.Type.USER), EnumSet.of(RepositoryFilePermission.ALL));
            }
            repositoryFile = JcrRepositoryFileUtils.getFileByAbsolutePath(session, ServerRepositoryPaths.getUserHomeFolderPath(iTenant, str), this.pathConversionHelper, this.lockHelper, false, null);
            if (repositoryFile == null) {
                repositoryFile = internalCreateFolder(session, fileByAbsolutePath2.getId(), new RepositoryFile.Builder(str).folder(true).build(), ace.build(), "user home folder");
            }
        }
        return repositoryFile;
    }

    private RepositoryFile internalCreateFolder(Session session, Serializable serializable, RepositoryFile repositoryFile, RepositoryFileAcl repositoryFileAcl, String str) throws RepositoryException {
        PentahoJcrConstants pentahoJcrConstants = new PentahoJcrConstants(session);
        JcrRepositoryFileUtils.checkoutNearestVersionableFileIfNecessary(session, pentahoJcrConstants, serializable);
        Node createFolderNode = JcrRepositoryFileUtils.createFolderNode(session, pentahoJcrConstants, serializable, repositoryFile);
        JcrRepositoryFileAclUtils.createAcl(session, pentahoJcrConstants, createFolderNode.getIdentifier(), repositoryFileAcl == null ? this.defaultAclHandler.createDefaultAcl(repositoryFile) : repositoryFileAcl);
        session.save();
        if (repositoryFile.isVersioned()) {
            JcrRepositoryFileUtils.checkinNearestVersionableNodeIfNecessary(session, pentahoJcrConstants, createFolderNode, str);
        }
        Messages messages = Messages.getInstance();
        Object[] objArr = new Object[2];
        objArr[0] = repositoryFile.getName();
        objArr[1] = serializable == null ? "root" : serializable.toString();
        JcrRepositoryFileUtils.checkinNearestVersionableFileIfNecessary(session, pentahoJcrConstants, serializable, messages.getString("JcrRepositoryFileDao.USER_0001_VER_COMMENT_ADD_FOLDER", objArr));
        return JcrRepositoryFileUtils.nodeToFile(session, pentahoJcrConstants, this.pathConversionHelper, this.lockHelper, createFolderNode);
    }

    private boolean canDeleteUser(Session session, IPentahoUser iPentahoUser) throws RepositoryException {
        boolean z = false;
        Iterator it = getUserRoles(null, iPentahoUser.getUsername()).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (this.tenantAdminRoleName.equals(((IPentahoRole) it.next()).getName())) {
                z = true;
                break;
            }
        }
        if ((isMyself(iPentahoUser.getUsername()) || isDefaultAdminUser(iPentahoUser.getUsername())) && z) {
            throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0008_UNABLE_TO_DELETE_USER_IS_YOURSELF_OR_DEFAULT_ADMIN_USER"));
        }
        if (!z) {
            return true;
        }
        List<IPentahoUser> roleMembers = getRoleMembers(session, null, this.tenantAdminRoleName);
        if (roleMembers == null) {
            throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0004_LAST_USER_NEEDED_IN_ROLE", new Object[]{this.tenantAdminRoleName}));
        }
        if (roleMembers.size() > 1) {
            return true;
        }
        if (roleMembers.size() == 1) {
            return false;
        }
        throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0004_LAST_USER_NEEDED_IN_ROLE", new Object[]{this.tenantAdminRoleName}));
    }

    private boolean canDeleteRole(Session session, IPentahoRole iPentahoRole) {
        return iPentahoRole == null || !this.systemRoles.contains(iPentahoRole.getName());
    }

    private String[] findRemovedUsers(List<IPentahoUser> list, String[] strArr) {
        ArrayList arrayList = new ArrayList();
        List asList = Arrays.asList(strArr);
        for (int i = 0; i < list.size(); i++) {
            if (asList == null || strArr.length <= 0) {
                arrayList.add(list.get(i).getUsername());
            } else if (!asList.contains(list.get(i).getUsername())) {
                arrayList.add(list.get(i).getUsername());
            }
        }
        return (String[]) arrayList.toArray(new String[0]);
    }
}
