package org.apache.sling.serviceuser.webconsole.impl;

import java.io.IOException;
import java.io.PrintWriter;
import java.lang.reflect.Array;
import java.net.URL;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.nodetype.NodeType;
import javax.jcr.query.Query;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.ImmutablePair;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.felix.webconsole.AbstractWebConsolePlugin;
import org.apache.felix.webconsole.WebConsoleUtil;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ModifiableValueMap;
import org.apache.sling.api.resource.PersistenceException;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.api.resource.ValueMap;
import org.apache.sling.auth.core.AuthenticationSupport;
import org.apache.sling.hc.util.HealthCheckFilter;
import org.apache.sling.installer.provider.jcr.impl.ConfigNodeConverter;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.apache.sling.serviceusermapping.Mapping;
import org.apache.sling.serviceusermapping.ServiceUserMapper;
import org.apache.sling.xss.XSSAPI;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.framework.Constants;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferencePolicyOption;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {Servlet.class}, property = {"service.description=Apache Sling Service User Manager Web Console Plugin", "felix.webconsole.label=serviceusers", "felix.webconsole.title=Service Users", "felix.webconsole.category=Sling"})
/* loaded from: input_file:resources/install/0/org.apache.sling.serviceuser.webconsole-1.0.0.jar:org/apache/sling/serviceuser/webconsole/impl/ServiceUserWebConsolePlugin.class */
public class ServiceUserWebConsolePlugin extends AbstractWebConsolePlugin {
    public static final String COMPONENT_NAME = "org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended";
    public static final String LABEL = "serviceusers";
    public static final String TITLE = "Service Users";
    public static final String PN_ACTION = "action";
    public static final String PN_ALERT = "alert";
    public static final String PN_APP_PATH = "appPath";
    public static final String PN_BUNDLE = "bundle";
    public static final String PN_NAME = "name";
    public static final String PN_SUB_SERVICE = "subService";
    public static final String PN_USER = "user";
    public static final String PN_USER_PATH = "userPath";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ServiceUserWebConsolePlugin.class);
    private BundleContext bundleContext;

    @Reference(policyOption = ReferencePolicyOption.GREEDY)
    private XSSAPI xss;

    @Reference(policyOption = ReferencePolicyOption.GREEDY)
    private ResourceResolverFactory resolverFactory;

    @Reference
    private ServiceUserMapper mapper;

    private boolean createOrUpdateMapping(HttpServletRequest httpServletRequest, ResourceResolver resourceResolver) {
        Resource orCreateResource;
        String parameter = getParameter(httpServletRequest, PN_APP_PATH, "");
        Iterator<Resource> findResources = resourceResolver.findResources("SELECT * FROM [sling:OsgiConfig] WHERE ISDESCENDANTNODE([" + parameter + "]) AND NAME() LIKE '" + COMPONENT_NAME + "%'", Query.JCR_SQL2);
        try {
            boolean z = false;
            if (findResources.hasNext()) {
                orCreateResource = findResources.next();
                log.debug("Using existing configuration {}", orCreateResource);
            } else {
                String str = parameter + "/config/" + COMPONENT_NAME + HealthCheckFilter.OMIT_PREFIX + parameter.substring(parameter.lastIndexOf(47) + 1);
                log.debug("Creating new configuration {}", str);
                orCreateResource = ResourceUtil.getOrCreateResource(resourceResolver, str, (Map<String, Object>) new HashMap<String, Object>() { // from class: org.apache.sling.serviceuser.webconsole.impl.ServiceUserWebConsolePlugin.1
                    {
                        put("jcr:primaryType", ConfigNodeConverter.CONFIG_NODE_TYPE);
                    }
                }, NodeType.NT_FOLDER, false);
                z = true;
            }
            String parameter2 = getParameter(httpServletRequest, "bundle", "");
            String parameter3 = getParameter(httpServletRequest, PN_SUB_SERVICE, "");
            String str2 = parameter2 + (StringUtils.isNotBlank(parameter3) ? ":" + parameter3 : "") + "=" + getParameter(httpServletRequest, "name", "");
            ModifiableValueMap modifiableValueMap = (ModifiableValueMap) orCreateResource.adaptTo(ModifiableValueMap.class);
            String[] strArr = (String[]) modifiableValueMap.get("user.mapping", (String) new String[0]);
            if (ArrayUtils.contains(strArr, str2)) {
                log.debug("Already found {} in service user mapping", str2);
            } else {
                log.debug("Adding {} into service user mapping", str2);
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(Arrays.asList(strArr));
                arrayList.add(str2);
                modifiableValueMap.put("user.mapping", arrayList.toArray(new String[arrayList.size()]));
                z = true;
            }
            if (z) {
                log.debug("Saving changes to osgi config");
                resourceResolver.commit();
            }
            return true;
        } catch (PersistenceException e) {
            log.warn("Exception creating service mapping", (Throwable) e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.servlet.http.HttpServlet
    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        log.debug("Creating service user");
        if (StringUtils.isBlank(getParameter(httpServletRequest, "name", "")) || StringUtils.isBlank(getParameter(httpServletRequest, "bundle", "")) || StringUtils.isBlank(getParameter(httpServletRequest, PN_APP_PATH, ""))) {
            sendErrorRedirect(httpServletRequest, httpServletResponse, "Missing required parameters!");
            return;
        }
        ResourceResolver resourceResolver = getResourceResolver(httpServletRequest);
        if (resourceResolver == null) {
            log.warn("Unable to get serviceresolver from request!");
            sendErrorRedirect(httpServletRequest, httpServletResponse, "Unable to get serviceresolver from request!");
            return;
        }
        Resource orCreateServiceUser = getOrCreateServiceUser(httpServletRequest, resourceResolver);
        if (orCreateServiceUser == null) {
            log.warn("Unable to create service user!");
            sendErrorRedirect(httpServletRequest, httpServletResponse, "Unable to create service user!");
            return;
        }
        if (!createOrUpdateMapping(httpServletRequest, resourceResolver)) {
            sendErrorRedirect(httpServletRequest, httpServletResponse, "Unable to create service user mapping!");
            return;
        }
        if (!updatePrivileges(httpServletRequest, resourceResolver)) {
            sendErrorRedirect(httpServletRequest, httpServletResponse, "Unable to update service user permissions!");
            return;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add("action=details");
        arrayList.add("alert=" + URLEncoder.encode("Service user " + orCreateServiceUser.getName() + " created / updated successfully!", "UTF-8"));
        arrayList.add("user=" + URLEncoder.encode(orCreateServiceUser.getName(), "UTF-8"));
        WebConsoleUtil.sendRedirect(httpServletRequest, httpServletResponse, "/system/console/serviceusers?" + StringUtils.join(arrayList, "&"));
    }

    private List<String> extractPrincipals(Mapping mapping) {
        ArrayList arrayList = new ArrayList();
        String map = mapping.map(mapping.getServiceName(), mapping.getSubServiceName());
        if (StringUtils.isNotBlank(map)) {
            arrayList.add(map);
        }
        Iterable<String> mapPrincipals = mapping.mapPrincipals(mapping.getServiceName(), mapping.getSubServiceName());
        if (mapPrincipals != null) {
            Iterator<String> it = mapPrincipals.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        return arrayList;
    }

    private String[] findACLs(ResourceResolver resourceResolver, String str, List<String> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<Resource> findResources = resourceResolver.findResources("SELECT * FROM [rep:GrantACE] AS s WHERE  [rep:principalName] = '" + str + "'", Query.JCR_SQL2);
        while (findResources.hasNext()) {
            Resource next = findResources.next();
            list.add(next.getPath());
            arrayList.add(next.getPath().substring(0, next.getPath().indexOf("/rep:policy")) + "=" + StringUtils.join((Object[]) ((ValueMap) next.adaptTo(ValueMap.class)).get("rep:privileges", String[].class), ","));
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private Bundle findBundle(String str, Map<String, Bundle> map) {
        if (map.isEmpty()) {
            for (Bundle bundle : this.bundleContext.getBundles()) {
                map.put(bundle.getSymbolicName(), bundle);
            }
        }
        return map.get(str);
    }

    private Object findConfigurations(ResourceResolver resourceResolver, String str, List<String> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<Resource> findResources = resourceResolver.findResources("SELECT * FROM [sling:OsgiConfig] AS s WHERE (ISDESCENDANTNODE([/apps]) OR ISDESCENDANTNODE([/libs])) AND NAME(s) LIKE 'org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended%' AND [user.mapping] LIKE '%=" + str + "'", Query.JCR_SQL2);
        while (findResources.hasNext()) {
            Resource next = findResources.next();
            list.add(next.getPath());
            arrayList.add(next.getPath());
        }
        Iterator<Resource> findResources2 = resourceResolver.findResources("SELECT * FROM [nt:file] AS s WHERE (ISDESCENDANTNODE([/apps]) OR ISDESCENDANTNODE([/libs])) AND NAME(s) LIKE 'org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended%' AND [jcr:content/jcr:data] LIKE '%=" + str + "%'", Query.JCR_SQL2);
        while (findResources2.hasNext()) {
            Resource next2 = findResources2.next();
            list.add(next2.getPath());
            arrayList.add(next2.getPath());
        }
        return arrayList.toArray();
    }

    private String[] findMappings(ResourceResolver resourceResolver, String str) {
        ArrayList arrayList = new ArrayList();
        for (Mapping mapping : this.mapper.getActiveMappings()) {
            if (str.equals(mapping.map(mapping.getServiceName(), mapping.getSubServiceName())) || hasPrincipal(mapping, str)) {
                arrayList.add(mapping.getServiceName() + (mapping.getSubServiceName() != null ? ":" + mapping.getSubServiceName() : ""));
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private Collection<String> getBundles() {
        ArrayList arrayList = new ArrayList();
        for (Bundle bundle : this.bundleContext.getBundles()) {
            arrayList.add(bundle.getSymbolicName());
        }
        Collections.sort(arrayList);
        return arrayList;
    }

    @Override // org.apache.felix.webconsole.AbstractWebConsolePlugin
    public String getLabel() {
        return LABEL;
    }

    private Resource getOrCreateServiceUser(HttpServletRequest httpServletRequest, ResourceResolver resourceResolver) {
        String parameter = getParameter(httpServletRequest, "name", "");
        Session session = (Session) resourceResolver.adaptTo(Session.class);
        try {
            UserManager userManager = AccessControlUtil.getUserManager(session);
            if (userManager.getAuthorizable(parameter) != null) {
                Authorizable authorizable = userManager.getAuthorizable(parameter);
                log.debug("Using existing user: {}", authorizable);
                return resourceResolver.getResource(authorizable.getPath());
            }
            String parameter2 = getParameter(httpServletRequest, PN_USER_PATH, "system");
            log.debug("Creating new user with name {} and intermediate path {}", parameter, parameter2);
            User createSystemUser = userManager.createSystemUser(parameter, parameter2);
            session.save();
            String str = "/home/users/" + parameter2 + "/" + parameter;
            log.debug("Moving {} to {}", createSystemUser.getPath(), str);
            session.getWorkspace().move(createSystemUser.getPath(), str);
            session.save();
            return resourceResolver.getResource(str);
        } catch (RepositoryException e) {
            log.warn("Exception getting / creating service user {}", parameter, e);
            try {
                session.refresh(false);
                return null;
            } catch (RepositoryException e2) {
                log.error("Unexpected exception reverting changes", (Throwable) e2);
                return null;
            }
        }
    }

    private String getParameter(HttpServletRequest httpServletRequest, String str, String str2) {
        String parameter = httpServletRequest.getParameter(str);
        return (parameter == null || parameter.trim().isEmpty()) ? str2 : parameter.trim();
    }

    private List<Pair<String, String>> getPrivileges(HttpServletRequest httpServletRequest) {
        ArrayList arrayList = new ArrayList();
        for (String str : Collections.list(httpServletRequest.getParameterNames())) {
            if (str.startsWith("acl-path-")) {
                String parameter = httpServletRequest.getParameter(str);
                String parameter2 = httpServletRequest.getParameter(str.replace("-path-", "-privilege-"));
                if (StringUtils.isNotBlank(parameter) && StringUtils.isNotBlank(parameter2)) {
                    arrayList.add(new ImmutablePair(parameter, parameter2));
                } else {
                    log.warn("Unable to load ACL due to missing value {}={}", parameter, parameter2);
                }
            }
        }
        return arrayList;
    }

    private ResourceResolver getResourceResolver(HttpServletRequest httpServletRequest) {
        try {
            ResourceResolver resourceResolver = (ResourceResolver) httpServletRequest.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER);
            if (resourceResolver == null) {
                log.warn("Resource resolver not available in request, falling back to adminstrative resource resolver");
                resourceResolver = this.resolverFactory.getAdministrativeResourceResolver(null);
            }
            return resourceResolver;
        } catch (LoginException e) {
            throw new RuntimeException("Unable to get Administrative Resource Resolver, add the bundle org.apache.sling.serviceuser.webconsole in the Apache Sling Login Admin Whitelist", e);
        }
    }

    protected URL getResource(String str) {
        if (str == null || !str.startsWith("/serviceusers/")) {
            return null;
        }
        return getClass().getResource(str.substring("/serviceusers/".length() - 1));
    }

    private String[] getSupportedPrivileges(HttpServletRequest httpServletRequest) {
        String[] strArr = null;
        try {
            Privilege[] supportedPrivileges = ((Session) getResourceResolver(httpServletRequest).adaptTo(Session.class)).getAccessControlManager().getSupportedPrivileges("/");
            strArr = new String[supportedPrivileges.length];
            for (int i = 0; i < supportedPrivileges.length; i++) {
                strArr[i] = supportedPrivileges[i].getName();
            }
            Arrays.sort(strArr);
        } catch (RepositoryException e) {
            log.error("Exception loading Supported Privileges", (Throwable) e);
        }
        return strArr;
    }

    @Override // org.apache.felix.webconsole.AbstractWebConsolePlugin
    public String getTitle() {
        return TITLE;
    }

    private boolean hasPrincipal(Mapping mapping, String str) {
        Iterable<String> mapPrincipals = mapping.mapPrincipals(mapping.getServiceName(), mapping.getSubServiceName());
        if (mapPrincipals == null) {
            return false;
        }
        Iterator<String> it = mapPrincipals.iterator();
        while (it.hasNext()) {
            if (it.next().equals(str)) {
                return true;
            }
        }
        return false;
    }

    private void info(PrintWriter printWriter, String str) {
        printWriter.print("<p class='statline ui-state-highlight'>");
        printWriter.print(this.xss.encodeForHTML(str));
        printWriter.println("</p>");
    }

    private void infoDiv(PrintWriter printWriter, String str) {
        if (StringUtils.isBlank(str)) {
            return;
        }
        printWriter.println("<div>");
        printWriter.print("<span style='float:left'>");
        printWriter.print(this.xss.encodeForHTML(str));
        printWriter.println("</span>");
        printWriter.println("</div>");
    }

    @Activate
    protected void init(ComponentContext componentContext) {
        this.bundleContext = componentContext.getBundleContext();
    }

    private void printPrincipals(List<Mapping> list, PrintWriter printWriter) {
        ArrayList<Pair> arrayList = new ArrayList();
        for (Mapping mapping : list) {
            Iterator<String> it = extractPrincipals(mapping).iterator();
            while (it.hasNext()) {
                arrayList.add(new ImmutablePair(it.next(), mapping));
            }
        }
        Collections.sort(arrayList, new Comparator<Pair<String, Mapping>>() { // from class: org.apache.sling.serviceuser.webconsole.impl.ServiceUserWebConsolePlugin.2
            @Override // java.util.Comparator
            public int compare(Pair<String, Mapping> pair, Pair<String, Mapping> pair2) {
                return pair.getKey().equals(pair2.getKey()) ? pair.getValue().getServiceName().compareTo(pair2.getValue().getServiceName()) : pair.getKey().compareTo(pair2.getKey());
            }
        });
        for (Pair pair : arrayList) {
            tableRows(printWriter);
            printWriter.println("<td><a href=\"/system/console/serviceusers?action=details&amp;user=" + this.xss.encodeForHTML((String) pair.getKey()) + "\">" + this.xss.encodeForHTML((String) pair.getKey()) + "</a></td>");
            Bundle findBundle = findBundle(((Mapping) pair.getValue()).getServiceName(), new HashMap());
            if (findBundle != null) {
                this.bundleContext.getBundle();
                printWriter.println("<td><a href=\"/system/console/bundles/" + findBundle.getBundleId() + "\">" + this.xss.encodeForHTML(findBundle.getHeaders().get(Constants.BUNDLE_NAME) + " (" + findBundle.getSymbolicName()) + ")</a></td>");
                printWriter.println("<td>" + this.xss.encodeForHTML(((Mapping) pair.getValue()).getSubServiceName()) + "</td>");
            } else {
                this.bundleContext.getBundle();
                printWriter.println("<td>" + this.xss.encodeForHTML(((Mapping) pair.getValue()).getServiceName()) + "</td>");
                printWriter.println("<td>" + this.xss.encodeForHTML(((Mapping) pair.getValue()).getSubServiceName() != null ? ((Mapping) pair.getValue()).getSubServiceName() : "") + "</td>");
            }
        }
    }

    private void printPrivilegeSelect(PrintWriter printWriter, String str, List<Pair<String, String>> list, String[] strArr, String str2) {
        printWriter.print("<td style='width:20%'>");
        printWriter.print(this.xss.encodeForHTMLAttr(str));
        printWriter.println("</td>");
        printWriter.print("<td><table class=\"repeating-container\" style=\"width: 100%\" data-length=\"" + list.size() + "\"><tr><td>Path</td><td>Privilege</td><td></td>");
        for (Pair<String, String> pair : list) {
            printWriter.print("</tr><tr class=\"repeating-item\"><td>");
            printWriter.print("<input type=\"text\"  name=\"acl-path-0\" value='");
            printWriter.print(this.xss.encodeForHTMLAttr(StringUtils.defaultString(pair.getKey())));
            printWriter.print("' style='width:100%' />");
            printWriter.print("</td><td>");
            printWriter.print("<input type=\"text\" list=\"data-privileges\" name=\"acl-privilege-0\" value='");
            printWriter.print(this.xss.encodeForHTMLAttr(StringUtils.defaultString(pair.getValue())));
            printWriter.print("' style='width:100%' />");
            printWriter.print("</td><td>");
            printWriter.print("<input type=\"button\" value=\"&nbsp;-&nbsp;\" class=\"repeating-remove\" /></td>");
        }
        printWriter.print("</tr></table>");
        printWriter.print("<input type=\"button\" value=\"&nbsp;+&nbsp;\" class=\"repeating-add\" />");
        printWriter.print("<datalist id=\"data-privileges\">");
        for (String str3 : strArr) {
            printWriter.print("<option");
            printWriter.print(">");
            printWriter.print(this.xss.encodeForHTMLAttr(str3));
            printWriter.print("</option>");
        }
        printWriter.print("</datalist><script src=\"/system/console/serviceusers/res/ui/serviceusermanager.js\"></script>");
        infoDiv(printWriter, str2);
        printWriter.println("</td>");
    }

    private void printServiceUserDetails(HttpServletRequest httpServletRequest, PrintWriter printWriter) throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException {
        String parameter = getParameter(httpServletRequest, "user", "");
        tableStart(printWriter, "Details for " + parameter, 2);
        ResourceResolver resourceResolver = getResourceResolver(httpServletRequest);
        ArrayList arrayList = new ArrayList();
        td(printWriter, "Service User Name", new String[0]);
        td(printWriter, parameter, new String[0]);
        tableRows(printWriter);
        td(printWriter, "User Path", new String[0]);
        UserManager userManager = AccessControlUtil.getUserManager((Session) resourceResolver.adaptTo(Session.class));
        if (userManager.getAuthorizable(parameter) != null) {
            Authorizable authorizable = userManager.getAuthorizable(parameter);
            td(printWriter, authorizable.getPath(), new String[0]);
            arrayList.add(authorizable.getPath());
        }
        tableRows(printWriter);
        String[] findMappings = findMappings(resourceResolver, parameter);
        td(printWriter, "Mappings", new String[0]);
        td(printWriter, findMappings, new String[0]);
        tableRows(printWriter);
        td(printWriter, "OSGi Configurations", new String[0]);
        td(printWriter, findConfigurations(resourceResolver, parameter, arrayList), new String[0]);
        tableRows(printWriter);
        td(printWriter, "ACLs", new String[0]);
        td(printWriter, findACLs(resourceResolver, parameter, arrayList), new String[0]);
        tableEnd(printWriter);
        printWriter.write("<br/>");
        printWriter.write("<h3>Example Filter</h3>");
        printWriter.write("<br/>");
        printWriter.write("<pre><code>&lt;workspaceFilter version=\"1.0\"&gt;<br/>");
        Iterator<String> it = arrayList.iterator();
        while (it.hasNext()) {
            printWriter.write("  &lt;filter root=\"" + it.next() + "\" /&gt;<br/>");
        }
        printWriter.write("&lt;/workspaceFilter\"&gt</code></pre>");
        printWriter.write("<br/>");
        printWriter.write("<h3>Use Example(s)</h3>");
        printWriter.write("<br/>");
        printWriter.write("<pre><code>");
        boolean z = false;
        for (String str : findMappings) {
            if (str.contains(":")) {
                String substringAfter = StringUtils.substringAfter(str, ":");
                printWriter.write("// Example using Sub Service " + substringAfter + "<br/>ResourceResolver resolver = resolverFactory.getServiceResourceResolver(new HashMap<String, Object>() {<br/>  private static final long serialVersionUID = 1L;<br/>  {<br/>    put(ResourceResolverFactory.SUBSERVICE,\"" + substringAfter + "\");<br/>  }<br/>});<br/><br/>");
            } else {
                z = true;
            }
        }
        if (z) {
            printWriter.write("// Example using bundle authentication<br/>ResourceResolver resolver = resolverFactory.getServiceResourceResolver(null);");
        }
        printWriter.write("</code></pre>");
    }

    private void printServiceUsers(HttpServletRequest httpServletRequest, PrintWriter printWriter) {
        printWriter.println("<form method='post' action='/system/console/serviceusers'>");
        tableStart(printWriter, "Create Service User", 2);
        textField(printWriter, "Service User Name", "name", getParameter(httpServletRequest, "name", ""), "The name of the service user to create, can already exist");
        tableRows(printWriter);
        textField(printWriter, "Intermediate Path", PN_USER_PATH, getParameter(httpServletRequest, PN_USER_PATH, ""), "Optional: The intermediate path under which to create the user. Should start with system, e.g. system/myapp");
        tableRows(printWriter);
        selectField(printWriter, "Bundle", "bundle", getParameter(httpServletRequest, "bundle", ""), getBundles(), "The bundle from which this service user will be useable");
        tableRows(printWriter);
        textField(printWriter, "Sub Service Name", PN_SUB_SERVICE, getParameter(httpServletRequest, PN_SUB_SERVICE, ""), "Optional: Allows for different permissions for different services within a bundle");
        tableRows(printWriter);
        textField(printWriter, "Application Path", PN_APP_PATH, getParameter(httpServletRequest, PN_APP_PATH, ""), "The application under which to create the OSGi Configuration for the Service User Mapping, e.g. /apps/myapp");
        tableRows(printWriter);
        printPrivilegeSelect(printWriter, "ACLs", getPrivileges(httpServletRequest), getSupportedPrivileges(httpServletRequest), "Set the privileges for this service user");
        tableRows(printWriter);
        printWriter.println("<td></td>");
        printWriter.println("<td><input type='submit' value='Create / Update'/></td>");
        tableEnd(printWriter);
        printWriter.println("</form>");
        printWriter.println("<br/><br/>");
        List<Mapping> activeMappings = this.mapper.getActiveMappings();
        tableStart(printWriter, "Active Service Users", 3);
        printWriter.println("<th>Name</th>");
        printWriter.println("<th>Bundle</th>");
        printWriter.println("<th>SubService</th>");
        printPrincipals(activeMappings, printWriter);
        tableEnd(printWriter);
        printWriter.println("<br/>");
    }

    @Override // org.apache.felix.webconsole.AbstractWebConsolePlugin
    protected void renderContent(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        PrintWriter writer = httpServletResponse.getWriter();
        writer.println("<br/>");
        String parameter = getParameter(httpServletRequest, PN_ALERT, "");
        if (StringUtils.isNotBlank(parameter)) {
            info(writer, parameter);
        }
        String parameter2 = getParameter(httpServletRequest, "action", "");
        if (StringUtils.isBlank(parameter2)) {
            log.debug("Rendering service users page");
            info(writer, "Service users are used by OSGi Services to access the Sling repository. Use this form to find and create service users.");
            printServiceUsers(httpServletRequest, writer);
        } else {
            if (!"details".equals(parameter2)) {
                info(writer, "Unknown action: " + parameter2);
                return;
            }
            log.debug("Rendering service user details page");
            try {
                printServiceUserDetails(httpServletRequest, writer);
            } catch (RepositoryException e) {
                log.warn("Exception rendering details for user", (Throwable) e);
                info(writer, "Exception rendering details for user");
            }
        }
    }

    private void selectField(PrintWriter printWriter, String str, String str2, String str3, Collection<String> collection, String... strArr) {
        printWriter.print("<td style='width:20%'>");
        printWriter.print(this.xss.encodeForHTMLAttr(str));
        printWriter.println("</td>");
        printWriter.print("<td><input type=\"text\" list=\"data-" + this.xss.encodeForHTMLAttr(str2) + "\" name='");
        printWriter.print(this.xss.encodeForHTMLAttr(str2));
        printWriter.print("' value='");
        printWriter.print(this.xss.encodeForHTMLAttr(StringUtils.defaultString(str3)));
        printWriter.print("' style='width:100%' />");
        printWriter.print("<datalist id=\"data-" + this.xss.encodeForHTMLAttr(str2) + "\">");
        for (String str4 : collection) {
            printWriter.print("<option");
            printWriter.print(">");
            printWriter.print(this.xss.encodeForHTMLAttr(str4));
            printWriter.print("</option>");
        }
        printWriter.print("</datalist>");
        for (String str5 : strArr) {
            infoDiv(printWriter, str5);
        }
        printWriter.println("</td>");
    }

    private void sendErrorRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        ArrayList arrayList = new ArrayList();
        for (String str2 : new String[]{PN_APP_PATH, "bundle", "name", PN_SUB_SERVICE, PN_USER_PATH}) {
            arrayList.add(str2 + "=" + URLEncoder.encode(getParameter(httpServletRequest, str2, ""), "UTF-8"));
        }
        int i = 0;
        for (Pair<String, String> pair : getPrivileges(httpServletRequest)) {
            arrayList.add("acl-path-" + i + "=" + URLEncoder.encode(pair.getKey(), "UTF-8"));
            arrayList.add("acl-privilege-" + i + "=" + URLEncoder.encode(pair.getValue(), "UTF-8"));
            i++;
        }
        if (StringUtils.isNotBlank(str)) {
            arrayList.add("alert=" + URLEncoder.encode(str, "UTF-8"));
        }
        WebConsoleUtil.sendRedirect(httpServletRequest, httpServletResponse, "/system/console/serviceusers?" + StringUtils.join(arrayList, "&"));
    }

    private void tableEnd(PrintWriter printWriter) {
        printWriter.println("</tr>");
        printWriter.println("</tbody>");
        printWriter.println("</table>");
    }

    private void tableRows(PrintWriter printWriter) {
        printWriter.println("</tr>");
        printWriter.println("<tr>");
    }

    private void tableStart(PrintWriter printWriter, String str, int i) {
        printWriter.println("<table class='nicetable ui-widget'>");
        printWriter.println("<thead class='ui-widget-header'>");
        printWriter.println("<tr>");
        printWriter.print("<th colspan=");
        printWriter.print(String.valueOf(i));
        printWriter.print(">");
        printWriter.print(this.xss.encodeForHTML(str));
        printWriter.println("</th>");
        printWriter.println("</tr>");
        printWriter.println("</thead>");
        printWriter.println("<tbody class='ui-widget-content'>");
        printWriter.println("<tr>");
    }

    private void td(PrintWriter printWriter, Object obj, String... strArr) {
        printWriter.print("<td");
        if (strArr.length > 0 && !StringUtils.isBlank(strArr[0])) {
            printWriter.print(" title='");
            printWriter.print(this.xss.encodeForHTML(strArr[0]));
            printWriter.print("'");
        }
        printWriter.print(">");
        if (obj != null) {
            if (obj.getClass().isArray()) {
                for (int i = 0; i < Array.getLength(obj); i++) {
                    printWriter.print(this.xss.encodeForHTML(ObjectUtils.defaultIfNull(Array.get(obj, i), "").toString()));
                    printWriter.println("<br>");
                }
            } else {
                printWriter.print(this.xss.encodeForHTML(obj.toString()));
            }
        }
        if (strArr.length > 0 && !StringUtils.isBlank(strArr[0])) {
            printWriter.print("<span class='ui-icon ui-icon-info' style='float:left'></span>");
        }
        printWriter.print("</td>");
    }

    private void textField(PrintWriter printWriter, String str, String str2, String str3, String... strArr) {
        printWriter.print("<td style='width:20%'>");
        printWriter.print(this.xss.encodeForHTMLAttr(str));
        printWriter.println("</td>");
        printWriter.print("<td><input name='");
        printWriter.print(this.xss.encodeForHTMLAttr(str2));
        printWriter.print("' value='");
        printWriter.print(this.xss.encodeForHTMLAttr(StringUtils.defaultString(str3)));
        printWriter.print("' style='width:100%'/>");
        for (String str4 : strArr) {
            infoDiv(printWriter, str4);
        }
        printWriter.println("</td>");
    }

    private boolean updatePrivileges(HttpServletRequest httpServletRequest, ResourceResolver resourceResolver) {
        List<Pair<String, String>> privileges = getPrivileges(httpServletRequest);
        String parameter = getParameter(httpServletRequest, "name", "");
        ArrayList arrayList = new ArrayList();
        findACLs(resourceResolver, parameter, arrayList);
        for (int i = 0; i < arrayList.size(); i++) {
            String substringBefore = StringUtils.substringBefore(arrayList.get(i), "/rep:policy");
            arrayList.set(i, StringUtils.isNotBlank(substringBefore) ? substringBefore : "/");
        }
        log.debug("Loaded current policy paths: {}", arrayList);
        HashMap hashMap = new HashMap();
        for (Pair<String, String> pair : privileges) {
            if (!hashMap.containsKey(pair.getKey())) {
                hashMap.put(pair.getKey(), new ArrayList());
            }
            ((List) hashMap.get(pair.getKey())).add(pair.getValue());
        }
        log.debug("Loaded updated policy paths: {}", arrayList);
        String str = null;
        try {
            Session session = (Session) resourceResolver.adaptTo(Session.class);
            AccessControlManager accessControlManager = session.getAccessControlManager();
            PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(session);
            for (Map.Entry entry : hashMap.entrySet()) {
                str = (String) entry.getKey();
                arrayList.remove(entry.getKey());
                log.debug("Updating policies for {}", entry.getKey());
                AccessControlPolicy[] policies = accessControlManager.getPolicies((String) entry.getKey());
                ArrayList arrayList2 = new ArrayList();
                for (AccessControlPolicy accessControlPolicy : policies) {
                    if (accessControlPolicy instanceof AccessControlList) {
                        for (AccessControlEntry accessControlEntry : ((AccessControlList) accessControlPolicy).getAccessControlEntries()) {
                            if (accessControlEntry.getPrincipal().getName().equals(parameter)) {
                                for (Privilege privilege : accessControlEntry.getPrivileges()) {
                                    if (!((List) entry.getValue()).contains(privilege.getName())) {
                                        log.debug("Removing privilege {}", privilege);
                                        arrayList2.add(privilege.getName());
                                    }
                                }
                            }
                        }
                    }
                }
                AccessControlUtil.replaceAccessControlEntry(session, (String) entry.getKey(), principalManager.getPrincipal(parameter), (String[]) ((List) entry.getValue()).toArray(new String[((List) entry.getValue()).size()]), new String[0], (String[]) arrayList2.toArray(new String[arrayList2.size()]), null);
            }
            session.save();
            for (String str2 : arrayList) {
                boolean z = false;
                log.debug("Removing policy for {}", str2);
                AccessControlEntry accessControlEntry2 = null;
                for (AccessControlPolicy accessControlPolicy2 : accessControlManager.getPolicies(str2)) {
                    if (accessControlPolicy2 instanceof AccessControlList) {
                        AccessControlList accessControlList = (AccessControlList) accessControlPolicy2;
                        AccessControlEntry[] accessControlEntries = accessControlList.getAccessControlEntries();
                        int length = accessControlEntries.length;
                        int i2 = 0;
                        while (true) {
                            if (i2 >= length) {
                                break;
                            }
                            AccessControlEntry accessControlEntry3 = accessControlEntries[i2];
                            if (accessControlEntry3.getPrincipal().getName().equals(parameter)) {
                                accessControlEntry2 = accessControlEntry3;
                                break;
                            }
                            i2++;
                        }
                        if (accessControlEntry2 != null) {
                            z = true;
                            accessControlList.removeAccessControlEntry(accessControlEntry2);
                            accessControlManager.setPolicy(str2, accessControlList);
                            session.save();
                            log.debug("Removed access control entry {}", accessControlEntry2);
                        }
                    }
                }
                if (!z) {
                    log.warn("No policy found for {}", str2);
                }
            }
            return true;
        } catch (RepositoryException e) {
            log.error("Exception updating principals with {}, failed on {}", hashMap, str, e);
            return false;
        }
    }
}
