package org.apache.sling.jackrabbit.usermanager.impl.post;

import java.util.List;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.Servlet;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.resource.ResourceNotFoundException;
import org.apache.sling.commons.osgi.OsgiUtil;
import org.apache.sling.jackrabbit.usermanager.ChangeUserPassword;
import org.apache.sling.jackrabbit.usermanager.impl.resource.AuthorizableResourceProvider;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.apache.sling.servlets.post.Modification;
import org.apache.sling.servlets.post.PostResponse;
import org.apache.sling.servlets.post.PostResponseCreator;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {Servlet.class, ChangeUserPassword.class}, property = {"sling.servlet.resourceTypes=sling/user", "sling.servlet.methods=POST", "sling.servlet.selectors=changePassword", "servlet.post.dateFormats=EEE MMM dd yyyy HH:mm:ss 'GMT'Z", "servlet.post.dateFormats=yyyy-MM-dd'T'HH:mm:ss.SSSZ", "servlet.post.dateFormats=yyyy-MM-dd'T'HH:mm:ss", "servlet.post.dateFormats=yyyy-MM-dd", "servlet.post.dateFormats=dd.MM.yyyy HH:mm:ss", "servlet.post.dateFormats=dd.MM.yyyy", "user.admin.group.name=UserAdmin"})
/* loaded from: input_file:WEB-INF/resources/install/15/org.apache.sling.jcr.jackrabbit.usermanager-2.2.8.jar:org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.class */
public class ChangeUserPasswordServlet extends AbstractAuthorizablePostServlet implements ChangeUserPassword {
    private static final long serialVersionUID = 1923614318474654502L;
    static final String DEFAULT_USER_ADMIN_GROUP_NAME = "UserAdmin";
    static final String PAR_USER_ADMIN_GROUP_NAME = "user.admin.group.name";
    private final Logger log = LoggerFactory.getLogger(getClass());
    private String userAdminGroupName = DEFAULT_USER_ADMIN_GROUP_NAME;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractAuthorizablePostServlet
    @Activate
    public void activate(Map<String, Object> map) {
        super.activate(map);
        this.userAdminGroupName = OsgiUtil.toString(map.get(PAR_USER_ADMIN_GROUP_NAME), DEFAULT_USER_ADMIN_GROUP_NAME);
        this.log.debug("User Admin Group Name {}", this.userAdminGroupName);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractAuthorizablePostServlet
    @Deactivate
    public void deactivate() {
        super.deactivate();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractPostServlet
    @Reference(service = PostResponseCreator.class, cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
    public void bindPostResponseCreator(PostResponseCreator postResponseCreator, Map<String, Object> map) {
        super.bindPostResponseCreator(postResponseCreator, map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractPostServlet
    public void unbindPostResponseCreator(PostResponseCreator postResponseCreator, Map<String, Object> map) {
        super.unbindPostResponseCreator(postResponseCreator, map);
    }

    @Override // org.apache.sling.jackrabbit.usermanager.impl.post.AbstractPostServlet
    protected void handleOperation(SlingHttpServletRequest slingHttpServletRequest, PostResponse postResponse, List<Modification> list) throws RepositoryException {
        changePassword((Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class), slingHttpServletRequest.getResource().getName(), slingHttpServletRequest.getParameter("oldPwd"), slingHttpServletRequest.getParameter("newPwd"), slingHttpServletRequest.getParameter("newPwdConfirm"), list);
    }

    @Override // org.apache.sling.jackrabbit.usermanager.ChangeUserPassword
    public User changePassword(Session session, String str, String str2, String str3, String str4, List<Modification> list) throws RepositoryException {
        boolean z;
        if (UserConstants.DEFAULT_ANONYMOUS_ID.equals(str)) {
            throw new RepositoryException("Can not change the password of the anonymous user.");
        }
        Authorizable authorizable = AccessControlUtil.getUserManager(session).getAuthorizable(str);
        if (!(authorizable instanceof User)) {
            throw new ResourceNotFoundException("User to update could not be determined");
        }
        User user = (User) authorizable;
        if (str2 == null || str2.length() == 0) {
            try {
                UserManager userManager = AccessControlUtil.getUserManager(session);
                User user2 = (User) userManager.getAuthorizable(session.getUserID());
                z = user2.isAdmin();
                if (!z) {
                    Authorizable authorizable2 = userManager.getAuthorizable(this.userAdminGroupName);
                    if (authorizable2 instanceof Group) {
                        if (((Group) authorizable2).isMember(user2)) {
                            z = true;
                        }
                    }
                }
            } catch (Exception e) {
                this.log.warn("Failed to determine if the user is an admin, assuming not. Cause: " + e.getMessage());
                z = false;
            }
            if (!z) {
                throw new RepositoryException("Old Password was not submitted");
            }
        }
        if (str3 == null || str3.length() == 0) {
            throw new RepositoryException("New Password was not submitted");
        }
        if (!str3.equals(str4)) {
            throw new RepositoryException("New Password does not match the confirmation password");
        }
        if (str2 == null || str2.length() <= 0) {
            user.changePassword(str3);
        } else {
            user.changePassword(str3, str2);
        }
        list.add(Modification.onModified(AuthorizableResourceProvider.SYSTEM_USER_MANAGER_USER_PREFIX + user.getID() + "/rep:password"));
        return user;
    }
}
