package com.adobe.cq.social.group.impl;

import com.adobe.cq.social.blueprint.api.SiteActivationService;
import com.adobe.cq.social.community.api.CommunityConstants;
import com.adobe.cq.social.community.api.CommunityContext;
import com.adobe.cq.social.console.utils.api.UserUtils;
import com.adobe.cq.social.group.api.GroupConstants;
import com.adobe.cq.social.group.api.GroupException;
import com.adobe.cq.social.group.api.GroupService;
import com.adobe.cq.social.group.api.GroupUtil;
import com.adobe.cq.social.group.client.api.CommunityGroupConstants;
import com.adobe.cq.social.serviceusers.internal.ServiceUserWrapper;
import com.adobe.cq.social.ugcbase.SocialUtils;
import com.day.cq.commons.jcr.JcrUtil;
import com.day.cq.replication.Replicator;
import com.day.cq.wcm.api.LanguageManager;
import com.day.cq.wcm.api.Page;
import com.day.cq.wcm.api.PageFilter;
import com.day.cq.wcm.api.PageManager;
import com.day.cq.workflow.WorkflowService;
import com.day.text.Text;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.Dictionary;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.jcr.AccessDeniedException;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.text.WordUtils;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Modified;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ModifiableValueMap;
import org.apache.sling.api.resource.PersistenceException;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.api.resource.ValueMap;
import org.apache.sling.commons.osgi.OsgiUtil;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.settings.SlingSettingsService;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(metatype = true, label = "AEM Communities GroupService", description = "to create a copy of social group")
@Property(name = "service.description", value = {"GroupService to create a live copy based on the social group blueprint"})
/* loaded from: input_file:com/adobe/cq/social/group/impl/GroupServiceImpl.class */
public class GroupServiceImpl implements GroupService {
    private static final String COMMUNITIES_USER_ADMIN = "communities-user-admin";
    private static final String USER_ADMIN = "user-admin";
    private static final String ADMIN_USER = "admin";
    private static final String ADMINISTRATORS_NAME = "administrators";

    @Reference
    private LanguageManager languageMgr;

    @Reference
    protected SlingSettingsService settingsService;

    @Reference
    private Replicator replicator;

    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY, policy = ReferencePolicy.STATIC)
    private SlingRepository repository;

    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY, policy = ReferencePolicy.STATIC)
    private WorkflowService workflowService;

    @Property(intValue = {GroupUtil.DEFAULT_MAX_WAIT_TIME})
    private static final String PROPERTY_MAX_RETRIES = "maxWaitTime";

    @Property(intValue = {GroupUtil.DEFAULT_WAIT_BETWEEN_RETRIES})
    private static final String PROPERTY_WAIT_BETWEEN_RETRIES = "minWaitBetweenRetries";

    @Reference
    private SocialUtils socialUtils;

    @Reference
    private ServiceUserWrapper serviceUserWrapper;

    @Reference
    private SiteActivationService siteActivationService;

    @Reference
    private UserUtils userUtils;
    private int maxWaitTime;
    private int waitInterval;
    private static final Logger log = LoggerFactory.getLogger(GroupServiceImpl.class);
    private static final String[] MODERATOR_UGC_PRIVILEGES = {"{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}removeChildNodes", "{http://www.jcp.org/jcr/1.0}modifyProperties", "{http://www.jcp.org/jcr/1.0}removeNode"};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/adobe/cq/social/group/impl/GroupServiceImpl$Operation.class */
    public enum Operation {
        ADD_USER,
        REMOVE_USER
    }

    @Activate
    protected void activate(ComponentContext componentContext) throws LoginException, RepositoryException, PersistenceException {
        initializeProperties(componentContext.getProperties());
    }

    @Modified
    protected void update(ComponentContext componentContext) {
        initializeProperties(componentContext.getProperties());
    }

    private void initializeProperties(Dictionary dictionary) {
        this.maxWaitTime = OsgiUtil.toInteger(dictionary.get(PROPERTY_MAX_RETRIES), GroupUtil.DEFAULT_MAX_WAIT_TIME);
        this.waitInterval = OsgiUtil.toInteger(dictionary.get(PROPERTY_WAIT_BETWEEN_RETRIES), 100);
    }

    @Override // com.adobe.cq.social.group.api.GroupService
    public Group createGroup(SlingRepository slingRepository, ResourceResolver resourceResolver, String str, String str2, String str3, String str4, String str5) throws GroupException, RepositoryException {
        return createGroup(resourceResolver, resourceResolver, str, str2, str3, str4, str5);
    }

    @Override // com.adobe.cq.social.group.api.GroupService
    public Group createGroup(ResourceResolver resourceResolver, ResourceResolver resourceResolver2, final String str, String str2, String str3, String str4, String str5) throws GroupException, RepositoryException {
        if (null == str4 || str4.equals("")) {
            log.error("GroupService: live copy name cannot be empty.");
            throw new GroupException("GroupService: live copy name cannot be empty.");
        }
        if (null == str3 || str3.equals("")) {
            log.error("GroupService: live copy path cannot be empty.");
            throw new GroupException("GroupService: live copy path cannot be empty.");
        }
        JackrabbitSession jackrabbitSession = (Session) resourceResolver.adaptTo(Session.class);
        UserManager userManager = jackrabbitSession.getUserManager();
        try {
            try {
                try {
                    Authorizable authorizable = userManager.getAuthorizable(str);
                    if (authorizable != null) {
                        if (authorizable.isGroup()) {
                            log.info("GroupService: {} already exists", str);
                        } else {
                            log.info("GroupService: {} is already used by another User", str);
                        }
                    }
                    Resource resource = resourceResolver2.getResource(str3 + "/" + str4 + "/" + CommunityGroupConstants.CONFIG_NODE_NAME);
                    CommunityContext communityContext = (CommunityContext) resource.adaptTo(CommunityContext.class);
                    if (authorizable == null) {
                        authorizable = userManager.createGroup(new Principal() { // from class: com.adobe.cq.social.group.impl.GroupServiceImpl.1
                            @Override // java.security.Principal
                            public String getName() {
                                return str;
                            }
                        }, str2);
                        authorizable.setProperty(GroupConstants.PROPERTY_LIVECOPY_PATH, jackrabbitSession.getValueFactory().createValue(str3 + "/" + str4));
                        String str6 = str;
                        int lastIndexOf = communityContext.getSiteId().lastIndexOf("-");
                        if (lastIndexOf > 0) {
                            str6 = StringUtils.replace(str6, communityContext.getSiteId().substring(lastIndexOf), "");
                        }
                        authorizable.setProperty("profile/givenName", JcrUtil.createValue(WordUtils.capitalize(StringUtils.replace(str6, "-", " ")), jackrabbitSession));
                    }
                    ((ModifiableValueMap) resource.adaptTo(ModifiableValueMap.class)).put(str5, str);
                    resourceResolver2.commit();
                    Group group = (Group) authorizable;
                    if (jackrabbitSession != null && jackrabbitSession.hasPendingChanges()) {
                        jackrabbitSession.save();
                    }
                    return group;
                } catch (AccessControlException e) {
                    log.error("GroupService: failed to grant priviledges", e);
                    if (jackrabbitSession == null || !jackrabbitSession.hasPendingChanges()) {
                        return null;
                    }
                    jackrabbitSession.save();
                    return null;
                } catch (RepositoryException e2) {
                    log.error("GroupService: failed to add user to group", e2);
                    if (jackrabbitSession == null || !jackrabbitSession.hasPendingChanges()) {
                        return null;
                    }
                    jackrabbitSession.save();
                    return null;
                }
            } catch (AuthorizableExistsException e3) {
                log.error("GroupService: group already exists", e3);
                if (jackrabbitSession == null || !jackrabbitSession.hasPendingChanges()) {
                    return null;
                }
                jackrabbitSession.save();
                return null;
            } catch (PersistenceException e4) {
                log.error("GroupService: failed to record groupId", e4);
                if (jackrabbitSession == null || !jackrabbitSession.hasPendingChanges()) {
                    return null;
                }
                jackrabbitSession.save();
                return null;
            }
        } catch (Throwable th) {
            if (jackrabbitSession != null && jackrabbitSession.hasPendingChanges()) {
                jackrabbitSession.save();
            }
            throw th;
        }
    }

    private boolean isPublishMode() {
        return this.settingsService != null && this.settingsService.getRunModes().contains("publish");
    }

    @Override // com.adobe.cq.social.group.api.GroupService
    public void addGroupMember(ResourceResolver resourceResolver, String str, String str2) throws GroupException, RepositoryException {
        addGroupMembers(resourceResolver, str, new String[]{str2});
    }

    @Override // com.adobe.cq.social.group.api.GroupService
    public void addGroupMembers(ResourceResolver resourceResolver, String str, String[] strArr) throws GroupException, RepositoryException {
        if (log.isDebugEnabled()) {
            log.debug("addGroupMembers entry: {} to {}.", Arrays.asList(strArr), str);
        }
        JackrabbitSession loginService = this.serviceUserWrapper.loginService(this.repository, USER_ADMIN);
        UserManager userManager = loginService.getUserManager();
        try {
            try {
                Group authorizable = userManager.getAuthorizable(str);
                if (authorizable == null || !authorizable.isGroup()) {
                    log.error("GroupService: Group '" + str + "' does not exist");
                    throw new GroupException("Group '" + str + "' does not exist");
                }
                validateGroupAuthorization(resourceResolver, userManager, Operation.ADD_USER, authorizable);
                for (String str2 : strArr) {
                    if (StringUtils.isEmpty(str2)) {
                        log.error("GroupService: authorizableId cannot be null");
                    } else {
                        Authorizable authorizableByPath = str2.startsWith("/") ? userManager.getAuthorizableByPath(str2) : userManager.getAuthorizable(str2);
                        if (authorizableByPath == null) {
                            if (isPublishMode()) {
                                log.error("GroupService.addGroupMembers: Authorizable '" + str2 + "' does not exist");
                            } else {
                                log.debug("GroupService.addGroupMembers: Authorizable '" + str2 + "' does not exist on author");
                            }
                        } else if (authorizable.isMember(authorizableByPath)) {
                            log.debug("addGroupMembers: {} is already a member of {}.", authorizableByPath.getID(), authorizable.getID());
                        } else {
                            authorizable.addMember(authorizableByPath);
                            log.debug("addGroupMembers: {} added to {}.", authorizableByPath.getID(), authorizable.getID());
                        }
                    }
                }
                if (loginService != null) {
                    if (loginService.hasPendingChanges()) {
                        loginService.save();
                        if (1 == 0) {
                            log.debug("addGroupMembers: Failed adding {} to {}.", Arrays.asList(strArr), str);
                        } else if (log.isDebugEnabled()) {
                            log.debug("addGroupMembers: Successfully added {} to {}.", Arrays.asList(strArr), str);
                        }
                    }
                    loginService.logout();
                }
            } catch (RepositoryException e) {
                log.error("GroupService: failed to add user to group", e);
                if (loginService != null) {
                    if (loginService.hasPendingChanges()) {
                        loginService.save();
                        if (0 == 0) {
                            log.debug("addGroupMembers: Failed adding {} to {}.", Arrays.asList(strArr), str);
                        } else if (log.isDebugEnabled()) {
                            log.debug("addGroupMembers: Successfully added {} to {}.", Arrays.asList(strArr), str);
                        }
                    }
                    loginService.logout();
                }
            }
        } catch (Throwable th) {
            if (loginService != null) {
                if (loginService.hasPendingChanges()) {
                    loginService.save();
                    if (0 == 0) {
                        log.debug("addGroupMembers: Failed adding {} to {}.", Arrays.asList(strArr), str);
                    } else if (log.isDebugEnabled()) {
                        log.debug("addGroupMembers: Successfully added {} to {}.", Arrays.asList(strArr), str);
                    }
                }
                loginService.logout();
            }
            throw th;
        }
    }

    private ValueMap getCommunityProps(ResourceResolver resourceResolver, String str) throws GroupException {
        Resource resource = resourceResolver.getResource(str);
        if (resource == null) {
            throw new GroupException("Community does not exist.");
        }
        return (ValueMap) resource.adaptTo(ValueMap.class);
    }

    private void validateSiteAuthorization(ResourceResolver resourceResolver, UserManager userManager, Operation operation, Group group) throws RepositoryException, GroupException {
        LinkedList linkedList = new LinkedList();
        String id = group.getID();
        if (id.endsWith(CommunityConstants.TENANT_GROUPADMIN_GROUP)) {
            linkedList.add(group);
        } else if (id.endsWith(CommunityConstants.TENANT_ADMINISTRATORS_GROUP)) {
            linkedList.add(group);
        } else {
            if (!id.endsWith(CommunityConstants.TENANT_MODERATORS_GROUP)) {
                throw new GroupException("Target Group " + group.getPath() + " is not a site administrative group.");
            }
            linkedList.add(group);
        }
        Authorizable authorizable = (Authorizable) resourceResolver.adaptTo(Authorizable.class);
        if (authorizable == null) {
            throw new GroupException("Identity of calling user is unavailable.");
        }
        if (!ADMIN_USER.equals(authorizable.getID()) && !userIsMemberOf(authorizable, linkedList) && !userIsMemberOf(authorizable, Collections.singletonList(getSystemAministratorsGroup(userManager)))) {
            throw new GroupException("Calling user is not an administrator of the group.");
        }
    }

    private void validateGroupAuthorization(ResourceResolver resourceResolver, UserManager userManager, Operation operation, Group group) throws RepositoryException, GroupException {
        if (resourceResolver.getUserID().equals(COMMUNITIES_USER_ADMIN) || resourceResolver.getUserID().equals(ADMIN_USER)) {
            return;
        }
        String communityPath = getCommunityPath(group);
        if (communityPath == null) {
            validateSiteAuthorization(resourceResolver, userManager, operation, group);
            return;
        }
        ValueMap communityProps = getCommunityProps(resourceResolver, communityPath);
        LinkedList linkedList = new LinkedList();
        Group group2 = null;
        try {
            linkedList.add(getCommunityAdminGroup(userManager, communityProps));
        } catch (GroupException e) {
        }
        try {
            group2 = getCommunityModeratorsGroup(userManager, communityProps);
        } catch (GroupException e2) {
        }
        Group communityMembersGroup = getCommunityMembersGroup(userManager, communityProps);
        if (group.getID().equals(communityMembersGroup.getID())) {
            if (operation == Operation.ADD_USER) {
                linkedList.add(communityMembersGroup);
            }
            if (group2 != null) {
                linkedList.add(group2);
            }
        } else if (group2 != null && group.getID().equals(group2.getID())) {
            linkedList.add(group2);
        }
        validateAuthorizingGroupsAndCommunity(linkedList, communityPath);
        linkedList.add(getSystemAministratorsGroup(userManager));
        Authorizable authorizable = (Authorizable) resourceResolver.adaptTo(Authorizable.class);
        if (authorizable == null) {
            throw new GroupException("Identity of calling user is unavailable.");
        }
        if (!userIsMemberOf(authorizable, linkedList)) {
            throw new GroupException("Calling user is not an administrator of the group.");
        }
    }

    private boolean userIsMemberOf(Authorizable authorizable, List<Group> list) throws RepositoryException {
        if (authorizable.getID().equals(ADMIN_USER)) {
            return true;
        }
        for (Group group : list) {
            if (group != null && group.isMember(authorizable)) {
                return true;
            }
        }
        return false;
    }

    private String getCommunityPath(Group group) throws RepositoryException, GroupException {
        Value[] property = group.getProperty(GroupConstants.PROPERTY_LIVECOPY_PATH);
        if (property == null || property.length < 1) {
            return null;
        }
        return property[0].getString() + "/" + CommunityGroupConstants.CONFIG_NODE_NAME;
    }

    private Group getSystemAministratorsGroup(UserManager userManager) throws RepositoryException {
        Group authorizable = userManager.getAuthorizable(ADMINISTRATORS_NAME);
        if (authorizable == null || !authorizable.isGroup()) {
            log.warn("Unable to locate administrators group.");
            authorizable = null;
        }
        return authorizable;
    }

    private void validateAuthorizingGroupsAndCommunity(List<Group> list, String str) throws RepositoryException, GroupException {
        Iterator<Group> it = list.iterator();
        while (it.hasNext()) {
            Value[] property = it.next().getProperty(GroupConstants.PROPERTY_LIVECOPY_PATH);
            if (property == null || property.length < 1) {
                throw new GroupException("No recorded liveCopyPath property.");
            }
            String str2 = property[0].getString() + "/" + CommunityGroupConstants.CONFIG_NODE_NAME;
            if (!str2.equals(str)) {
                throw new GroupException("Group community is not the same as target group community: " + str2);
            }
        }
    }

    private Group getCommunityAdminGroup(UserManager userManager, ValueMap valueMap) throws GroupException, RepositoryException {
        return getCommunityGroup(userManager, valueMap, GroupConstants.GROUP_ADMINGROUP);
    }

    private Group getCommunityMembersGroup(UserManager userManager, ValueMap valueMap) throws GroupException, RepositoryException {
        return getCommunityGroup(userManager, valueMap, GroupConstants.GROUP_MEMBERGROUP);
    }

    private Group getCommunityModeratorsGroup(UserManager userManager, ValueMap valueMap) throws GroupException, RepositoryException {
        return getCommunityGroup(userManager, valueMap, GroupConstants.GROUP_MODERATORGROUP);
    }

    private Group getCommunityGroup(UserManager userManager, ValueMap valueMap, String str) throws GroupException, RepositoryException {
        String str2 = (String) valueMap.get(str, String.class);
        if (str2 == null) {
            throw new GroupException("Community specifies no " + str + " group.");
        }
        Group authorizable = userManager.getAuthorizable(str2);
        if (authorizable == null || !authorizable.isGroup()) {
            throw new GroupException("Group '" + str2 + "' does not exist");
        }
        return authorizable;
    }

    @Override // com.adobe.cq.social.group.api.GroupService
    public void removeGroupMember(ResourceResolver resourceResolver, String str, String str2) throws GroupException, RepositoryException {
        removeGroupMembers(resourceResolver, str, new String[]{str2});
    }

    @Override // com.adobe.cq.social.group.api.GroupService
    public void removeGroupMembers(ResourceResolver resourceResolver, String str, String[] strArr) throws GroupException, RepositoryException {
        JackrabbitSession loginService = this.serviceUserWrapper.loginService(this.repository, USER_ADMIN);
        UserManager userManager = loginService.getUserManager();
        boolean z = false;
        try {
            try {
                Authorizable authorizable = userManager.getAuthorizable(str);
                if (authorizable == null || !authorizable.isGroup()) {
                    log.error("GroupService: Group '" + str + "' does not exist");
                    throw new GroupException("Group '" + str + "' does not exist");
                }
                validateGroupAuthorization(resourceResolver, userManager, Operation.REMOVE_USER, (Group) authorizable);
                for (String str2 : strArr) {
                    if (strArr == null || strArr.length == 0) {
                        log.error("GroupService: authorizableId cannot be null");
                        throw new GroupException("authorizableId cannot be null");
                    }
                    Authorizable authorizableByPath = str2.startsWith("/") ? userManager.getAuthorizableByPath(str2) : userManager.getAuthorizable(str2);
                    if (authorizableByPath == null) {
                        log.error("GroupService: Authorizable '" + str2 + "' does not exist");
                        throw new GroupException("Authorizable '" + str2 + "' does not exist");
                    }
                    removeMember((Group) authorizable, authorizableByPath);
                    z = true;
                }
                if (loginService != null) {
                    if (loginService.hasPendingChanges()) {
                        loginService.save();
                        if (!z) {
                            log.debug("removeGroupMembers: Failed to remove {} from {}.", Arrays.asList(strArr), str);
                        } else if (log.isDebugEnabled()) {
                            log.debug("removeGroupMembers: Successfully removed {} from {}.", Arrays.asList(strArr), str);
                        }
                    }
                    loginService.logout();
                }
            } catch (RepositoryException e) {
                log.error("GroupService: failed to remove members {} from group {}", new Object[]{Arrays.asList(strArr), str}, e);
                if (loginService != null) {
                    if (loginService.hasPendingChanges()) {
                        loginService.save();
                        if (0 == 0) {
                            log.debug("removeGroupMembers: Failed to remove {} from {}.", Arrays.asList(strArr), str);
                        } else if (log.isDebugEnabled()) {
                            log.debug("removeGroupMembers: Successfully removed {} from {}.", Arrays.asList(strArr), str);
                        }
                    }
                    loginService.logout();
                }
            }
        } catch (Throwable th) {
            if (loginService != null) {
                if (loginService.hasPendingChanges()) {
                    loginService.save();
                    if (0 == 0) {
                        log.debug("removeGroupMembers: Failed to remove {} from {}.", Arrays.asList(strArr), str);
                    } else if (log.isDebugEnabled()) {
                        log.debug("removeGroupMembers: Successfully removed {} from {}.", Arrays.asList(strArr), str);
                    }
                }
                loginService.logout();
            }
            throw th;
        }
    }

    private void removeMember(Group group, Authorizable authorizable) throws GroupException, RepositoryException {
        if (group.isDeclaredMember(authorizable)) {
            group.removeMember(authorizable);
            log.debug("removeMember: Removing {} from {}.", authorizable, group);
        }
        if (group.isMember(authorizable)) {
            Iterator declaredMembers = group.getDeclaredMembers();
            while (declaredMembers.hasNext()) {
                Authorizable authorizable2 = (Authorizable) declaredMembers.next();
                if (authorizable2.isGroup()) {
                    removeMember((Group) authorizable2, authorizable);
                }
            }
        }
    }

    @Override // com.adobe.cq.social.group.api.GroupService
    public void copyAccessControlPolicy(ResourceResolver resourceResolver, String str, String str2, String str3, String str4, String str5) throws GroupException, RepositoryException, AccessControlException {
        copyAccessControlPolicy(resourceResolver, resourceResolver, resourceResolver, str, str2, str3, str4, str5);
    }

    @Override // com.adobe.cq.social.group.api.GroupService
    public void copyAccessControlPolicy(ResourceResolver resourceResolver, ResourceResolver resourceResolver2, ResourceResolver resourceResolver3, String str, String str2, String str3, String str4, String str5) throws GroupException, RepositoryException, AccessControlException {
        JackrabbitSession jackrabbitSession = (Session) resourceResolver3.adaptTo(Session.class);
        try {
            try {
                try {
                    AccessControlManager accessControlManager = jackrabbitSession.getAccessControlManager();
                    UserManager userManager = ((JackrabbitSession) resourceResolver2.adaptTo(Session.class)).getUserManager();
                    userManager.getAuthorizable(str4 + GroupConstants.GROUP_ADMINGROUP_SUFFIX);
                    Authorizable authorizable = userManager.getAuthorizable(str4 + GroupConstants.GROUP_MODERATORGROUP_SUFFIX);
                    Authorizable authorizable2 = userManager.getAuthorizable(str4 + GroupConstants.GROUP_MEMBERGROUP_SUFFIX);
                    if (StringUtils.isEmpty(str5)) {
                        str5 = GroupConstants.TYPE_OPEN;
                    }
                    String lowerCase = str5.toLowerCase();
                    applyGroupACLs(resourceResolver, accessControlManager, jackrabbitSession, authorizable, str3, lowerCase);
                    copyACLFromBlueprint(resourceResolver, accessControlManager, authorizable2, str, str3, lowerCase);
                    waitForPageCreation(resourceResolver, str3);
                    Iterator listChildren = ((PageManager) resourceResolver.adaptTo(PageManager.class)).getPage(str3).listChildren(new PageFilter());
                    while (listChildren.hasNext()) {
                        String path = ((Page) listChildren.next()).getPath();
                        String str6 = str2 + path.substring(path.lastIndexOf(47));
                        applyGroupChildNodeACLs(resourceResolver, accessControlManager, jackrabbitSession, authorizable2, path, lowerCase);
                        copyACLFromBlueprint(resourceResolver, accessControlManager, authorizable2, str6, path, lowerCase);
                    }
                    if (jackrabbitSession == null || !jackrabbitSession.hasPendingChanges()) {
                        return;
                    }
                    jackrabbitSession.save();
                } catch (AccessControlException e) {
                    log.error("GroupService: failed to copy ACL", e);
                    if (jackrabbitSession == null || !jackrabbitSession.hasPendingChanges()) {
                        return;
                    }
                    jackrabbitSession.save();
                }
            } catch (RepositoryException e2) {
                log.error("GroupService: failed to copy ACL", e2);
                if (jackrabbitSession == null || !jackrabbitSession.hasPendingChanges()) {
                    return;
                }
                jackrabbitSession.save();
            }
        } catch (Throwable th) {
            if (jackrabbitSession != null && jackrabbitSession.hasPendingChanges()) {
                jackrabbitSession.save();
            }
            throw th;
        }
    }

    private AccessControlList clearACL(AccessControlManager accessControlManager, Session session, String str) throws RepositoryException {
        AccessControlPolicy acl = this.siteActivationService.getACL(accessControlManager, str);
        if (acl != null && !((JackrabbitAccessControlList) acl).isEmpty()) {
            accessControlManager.removePolicy(str, acl);
            acl = this.siteActivationService.getACL(accessControlManager, str);
        }
        if (session != null && session.hasPendingChanges()) {
            session.save();
        }
        return acl;
    }

    private void waitForPageCreation(ResourceResolver resourceResolver, String str) throws GroupException, RepositoryException {
        String str2 = (String) getCommunityProps(resourceResolver, str + "/jcr:content").get(GroupConstants.PROPERTY_FORM_PAYLOAD, String.class);
        if (StringUtils.isEmpty(str2)) {
            log.debug("formPayload is null at {}", str);
            return;
        }
        Resource resource = resourceResolver.getResource(str2);
        if (resource != null) {
            Object obj = ResourceUtil.getValueMap(resource).get(GroupConstants.PROPERTY_CHAPTER_PAGES);
            String[] strArr = null;
            if (obj instanceof String) {
                strArr = StringUtils.split(obj.toString(), ',');
            } else if (obj instanceof String[]) {
                strArr = (String[]) obj;
            }
            if (strArr != null) {
                for (String str3 : strArr) {
                    GroupUtil.waitForPageCreation(resourceResolver, str + "/" + Text.getName(str3), this.maxWaitTime, this.waitInterval);
                }
            }
        }
    }

    protected void applyGroupACLs(ResourceResolver resourceResolver, AccessControlManager accessControlManager, Session session, Authorizable authorizable, String str, String str2) throws RepositoryException, AccessControlException, GroupException {
        log.debug("start copying ACL to root {}", str);
        try {
            Resource resource = resourceResolver.getResource(str);
            if (resource == null) {
                throw new GroupException("Target destination does not exist.");
            }
            String path = this.socialUtils.getUGCResource(resource).getPath();
            log.debug("create ugc path {}", path);
            JackrabbitAccessControlList clearACL = clearACL(accessControlManager, session, path);
            JackrabbitAccessControlList clearACL2 = clearACL(accessControlManager, session, str);
            if (clearACL == null) {
                log.error("ugc ACL doesn't exist {}", path);
                return;
            }
            if (clearACL2 == null) {
                log.error("destination ACL doesn't exist {}", str);
                return;
            }
            Principal everyone = ((Session) resourceResolver.adaptTo(Session.class)).getPrincipalManager().getEveryone();
            if (everyone != null && (clearACL2 instanceof JackrabbitAccessControlList) && (clearACL instanceof JackrabbitAccessControlList)) {
                Privilege[] privilegeArr = {accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}read")};
                Privilege[] privilegeArr2 = {accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}addChildNodes")};
                if (StringUtils.startsWithIgnoreCase(str2, GroupConstants.TYPE_SECRET)) {
                    clearACL2.addEntry(everyone, privilegeArr, false);
                    clearACL.addEntry(everyone, privilegeArr, false);
                    accessControlManager.setPolicy(str, clearACL2);
                }
                if (!StringUtils.startsWithIgnoreCase(str2, GroupConstants.TYPE_PUBLIC)) {
                    clearACL.addEntry(everyone, privilegeArr2, false);
                }
                accessControlManager.setPolicy(path, clearACL);
            }
            if (authorizable != null) {
                this.userUtils.setACL(session, authorizable, path, (Map) null, true, MODERATOR_UGC_PRIVILEGES);
            }
        } catch (RuntimeException e) {
            log.error("failed to create ugc path {}", str, e);
        }
    }

    protected void applyGroupChildNodeACLs(ResourceResolver resourceResolver, AccessControlManager accessControlManager, Session session, Authorizable authorizable, String str, String str2) throws RepositoryException, AccessControlException {
        log.debug("start copying ACL to {}", str);
        try {
            if (StringUtils.startsWithIgnoreCase(str2, GroupConstants.TYPE_CLOSED) && authorizable != null) {
                String prepareUserGeneratedContent = this.socialUtils.prepareUserGeneratedContent(resourceResolver, str);
                log.debug("create ugc path {}", prepareUserGeneratedContent);
                JackrabbitAccessControlList clearACL = clearACL(accessControlManager, session, prepareUserGeneratedContent);
                JackrabbitAccessControlList clearACL2 = clearACL(accessControlManager, session, str);
                Principal everyone = ((Session) resourceResolver.adaptTo(Session.class)).getPrincipalManager().getEveryone();
                if (everyone != null && (clearACL2 instanceof JackrabbitAccessControlList)) {
                    Privilege[] privilegeArr = {accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}read")};
                    clearACL2.addEntry(everyone, privilegeArr, false);
                    clearACL2.addEntry(authorizable.getPrincipal(), privilegeArr, true);
                    accessControlManager.setPolicy(str, clearACL2);
                    clearACL.addEntry(everyone, privilegeArr, false);
                    clearACL.addEntry(authorizable.getPrincipal(), privilegeArr, true);
                    accessControlManager.setPolicy(prepareUserGeneratedContent, clearACL);
                }
            }
        } catch (RuntimeException e) {
            log.error("failed to create ugc path {}", str, e);
        }
    }

    private void copyACLFromBlueprint(ResourceResolver resourceResolver, AccessControlManager accessControlManager, Authorizable authorizable, String str, String str2, String str3) throws RepositoryException, AccessControlException {
        log.debug("start copying ACL from blueprint to {}", str2);
        try {
            if (resourceResolver.getResource(str) == null) {
                log.debug("resource does not exist {}", str);
                return;
            }
            if (resourceResolver.getResource(str2) == null) {
                log.debug("destination resource does not exist {}", str2);
                return;
            }
            String path = this.socialUtils.getUGCResource(resourceResolver.getResource(str2)).getPath();
            log.debug("get ugc path {}", path);
            AccessControlList acl = getACL(accessControlManager, path);
            AccessControlList acl2 = getACL(accessControlManager, str2);
            if (acl == null) {
                log.error("ugc ACL doesn't exist {}", path);
                return;
            }
            if (acl2 == null) {
                log.error("destination ACL doesn't exist {}", str2);
                return;
            }
            AccessControlPolicy[] policies = accessControlManager.getPolicies(str);
            if (policies.length == 0 && this.languageMgr.getCqLanguage(resourceResolver.getResource(str)) != null) {
                policies = accessControlManager.getPolicies(str.substring(0, str.lastIndexOf(47)));
            }
            AccessControlPolicy[] accessControlPolicyArr = policies;
            int length = accessControlPolicyArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                AccessControlPolicy accessControlPolicy = accessControlPolicyArr[i];
                if (accessControlPolicy instanceof AccessControlList) {
                    for (AccessControlEntry accessControlEntry : ((AccessControlList) accessControlPolicy).getAccessControlEntries()) {
                        Privilege[] privileges = accessControlEntry.getPrivileges();
                        String name = accessControlEntry.getPrincipal().getName();
                        if (name.startsWith(str3) && authorizable != null && name.contains(GroupConstants.GROUP_MEMBERGROUP_SUFFIX)) {
                            acl2.addAccessControlEntry(authorizable.getPrincipal(), privileges);
                            acl.addAccessControlEntry(authorizable.getPrincipal(), privileges);
                        }
                    }
                    accessControlManager.setPolicy(str2, acl2);
                    accessControlManager.setPolicy(path, acl);
                } else {
                    i++;
                }
            }
        } catch (RuntimeException e) {
            log.error("failed to get ugc path {}", str2, e);
        }
    }

    @Override // com.adobe.cq.social.group.api.GroupService
    public AccessControlList getACL(AccessControlManager accessControlManager, String str) {
        AccessControlList accessControlList = null;
        try {
            AccessControlPolicy[] policies = accessControlManager.getPolicies(str);
            int length = policies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                AccessControlPolicy accessControlPolicy = policies[i];
                if (accessControlPolicy instanceof AccessControlList) {
                    accessControlList = (AccessControlList) accessControlPolicy;
                    break;
                }
                i++;
            }
            if (accessControlList == null) {
                AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(str);
                while (applicablePolicies.hasNext()) {
                    AccessControlPolicy nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
                    if (nextAccessControlPolicy instanceof AccessControlList) {
                        accessControlList = (AccessControlList) nextAccessControlPolicy;
                    }
                }
            }
        } catch (RepositoryException e) {
            log.error("GroupService: failed to get ACL for path " + str, e);
        } catch (AccessDeniedException e2) {
            log.error("GroupService: failed to get ACL for path " + str, e2);
        } catch (PathNotFoundException e3) {
            log.error("GroupService: failed to get ACL for path " + str, e3);
        }
        return accessControlList;
    }

    protected void bindLanguageMgr(LanguageManager languageManager) {
        this.languageMgr = languageManager;
    }

    protected void unbindLanguageMgr(LanguageManager languageManager) {
        if (this.languageMgr == languageManager) {
            this.languageMgr = null;
        }
    }

    protected void bindSettingsService(SlingSettingsService slingSettingsService) {
        this.settingsService = slingSettingsService;
    }

    protected void unbindSettingsService(SlingSettingsService slingSettingsService) {
        if (this.settingsService == slingSettingsService) {
            this.settingsService = null;
        }
    }

    protected void bindReplicator(Replicator replicator) {
        this.replicator = replicator;
    }

    protected void unbindReplicator(Replicator replicator) {
        if (this.replicator == replicator) {
            this.replicator = null;
        }
    }

    protected void bindRepository(SlingRepository slingRepository) {
        this.repository = slingRepository;
    }

    protected void unbindRepository(SlingRepository slingRepository) {
        if (this.repository == slingRepository) {
            this.repository = null;
        }
    }

    protected void bindWorkflowService(WorkflowService workflowService) {
        this.workflowService = workflowService;
    }

    protected void unbindWorkflowService(WorkflowService workflowService) {
        if (this.workflowService == workflowService) {
            this.workflowService = null;
        }
    }

    protected void bindSocialUtils(SocialUtils socialUtils) {
        this.socialUtils = socialUtils;
    }

    protected void unbindSocialUtils(SocialUtils socialUtils) {
        if (this.socialUtils == socialUtils) {
            this.socialUtils = null;
        }
    }

    protected void bindServiceUserWrapper(ServiceUserWrapper serviceUserWrapper) {
        this.serviceUserWrapper = serviceUserWrapper;
    }

    protected void unbindServiceUserWrapper(ServiceUserWrapper serviceUserWrapper) {
        if (this.serviceUserWrapper == serviceUserWrapper) {
            this.serviceUserWrapper = null;
        }
    }

    protected void bindSiteActivationService(SiteActivationService siteActivationService) {
        this.siteActivationService = siteActivationService;
    }

    protected void unbindSiteActivationService(SiteActivationService siteActivationService) {
        if (this.siteActivationService == siteActivationService) {
            this.siteActivationService = null;
        }
    }

    protected void bindUserUtils(UserUtils userUtils) {
        this.userUtils = userUtils;
    }

    protected void unbindUserUtils(UserUtils userUtils) {
        if (this.userUtils == userUtils) {
            this.userUtils = null;
        }
    }
}
