package org.redpill.alfresco.ldap.behaviour;

import java.io.Serializable;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.Behaviour;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.namespace.QName;
import org.apache.log4j.Logger;
import org.redpill.alfresco.ldap.model.RlLdapModel;
import org.redpill.alfresco.ldap.service.LdapUserService;
import org.springframework.util.Assert;

/* loaded from: input_file:org/redpill/alfresco/ldap/behaviour/PersonPolicy.class */
public class PersonPolicy extends AbstractPolicy implements NodeServicePolicies.OnCreateNodePolicy, NodeServicePolicies.OnUpdatePropertiesPolicy, NodeServicePolicies.OnUpdateNodePolicy {
    private static final Logger LOG = Logger.getLogger(PersonPolicy.class);
    private static Boolean initialized = false;
    protected LdapUserService ldapUserService;
    protected AuthorityService authorityService;
    protected String syncZoneId;
    protected boolean enabled;

    public void onCreateNode(ChildAssociationRef childAssociationRef) {
        LOG.trace("onCreateNode begin");
        NodeRef childRef = childAssociationRef.getChildRef();
        if (!shouldSkipCreatePolicy(childRef)) {
            addUserToLdap(childRef);
        }
        LOG.trace("onCreateNode end");
    }

    protected void addUserToLdap(NodeRef nodeRef) {
        Map properties = this.nodeService.getProperties(nodeRef);
        final String str = (String) properties.get(ContentModel.PROP_USERNAME);
        String str2 = "{MD4}" + ((String) properties.get(ContentModel.PROP_PASSWORD));
        String str3 = (String) properties.get(ContentModel.PROP_EMAIL);
        if (str3 == null) {
            str3 = "";
        }
        String str4 = (String) properties.get(ContentModel.PROP_FIRSTNAME);
        String str5 = (String) properties.get(ContentModel.PROP_LASTNAME);
        if (this.nodeService.hasAspect(nodeRef, RlLdapModel.ASPECT_TEMPORARY_PASSWORD)) {
            this.ldapUserService.createUser(str, (String) this.nodeService.getProperty(nodeRef, RlLdapModel.PROP_TEMPORARY_PASSWORD), false, str3, str4, str5);
            boolean isEnabled = this.behaviourFilter.isEnabled(nodeRef);
            if (isEnabled) {
                this.behaviourFilter.disableBehaviour(nodeRef);
            }
            this.nodeService.removeAspect(nodeRef, RlLdapModel.ASPECT_TEMPORARY_PASSWORD);
            if (isEnabled) {
                this.behaviourFilter.enableBehaviour(nodeRef);
            }
        } else {
            this.ldapUserService.createUser(str, str2, true, str3, str4, str5);
        }
        final String str6 = "AUTH.EXT." + this.syncZoneId;
        final HashSet hashSet = new HashSet();
        hashSet.add(str6);
        AuthenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Void>() { // from class: org.redpill.alfresco.ldap.behaviour.PersonPolicy.1
            /* renamed from: doWork, reason: merged with bridge method [inline-methods] */
            public Void m1doWork() throws Exception {
                PersonPolicy.this.authorityService.getOrCreateZone(str6);
                PersonPolicy.this.authorityService.addAuthorityToZones(str, hashSet);
                return null;
            }
        });
        if (LOG.isInfoEnabled()) {
            LOG.info("Adding " + str + " to zone " + str6);
        }
    }

    public void onUpdateProperties(NodeRef nodeRef, Map<QName, Serializable> map, Map<QName, Serializable> map2) {
        LOG.trace("onUpdateProperties begin");
        if (!shouldSkipUpdatePropertiesPolicy(nodeRef, map, map2)) {
            updateUserInLdap(nodeRef, map2);
        }
        LOG.trace("onUpdateProperties end");
    }

    protected void updateUserInLdap(NodeRef nodeRef, Map<QName, Serializable> map) {
        this.ldapUserService.editUser((String) map.get(ContentModel.PROP_USERNAME), null, null, (String) map.get(ContentModel.PROP_EMAIL), (String) map.get(ContentModel.PROP_FIRSTNAME), (String) map.get(ContentModel.PROP_LASTNAME));
    }

    private boolean shouldSkipUpdatePropertiesPolicy(NodeRef nodeRef, Map<QName, Serializable> map, Map<QName, Serializable> map2) {
        boolean shouldSkipPolicy = super.shouldSkipPolicy(nodeRef);
        if (!this.enabled) {
            LOG.info("Skipping policy. LDAP Manager is disabled.");
            shouldSkipPolicy = true;
        }
        if (!shouldSkipPolicy) {
            if (propertyChanged(map, map2, ContentModel.PROP_EMAIL) || propertyChanged(map, map2, ContentModel.PROP_FIRSTNAME) || propertyChanged(map, map2, ContentModel.PROP_LASTNAME)) {
                if (!this.authorityService.getAuthorityZones((String) this.nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME)).contains("AUTH.EXT." + this.syncZoneId)) {
                    LOG.trace("User is not part of AUTH.EXT." + this.syncZoneId + " zone. Skipping property update in ldap.");
                    shouldSkipPolicy = true;
                }
            } else {
                LOG.trace("No ldap properties updated. Skipping property update in ldap.");
                shouldSkipPolicy = true;
            }
        }
        return shouldSkipPolicy;
    }

    protected boolean propertyChanged(Map<QName, Serializable> map, Map<QName, Serializable> map2, QName qName) {
        Serializable serializable = map == null ? null : map.get(qName);
        Serializable serializable2 = map2 == null ? null : map2.get(qName);
        return !(serializable == null || serializable.equals(serializable2)) || (serializable == null && serializable2 != null);
    }

    protected boolean shouldSkipCreatePolicy(NodeRef nodeRef) {
        boolean shouldSkipPolicy = super.shouldSkipPolicy(nodeRef);
        if (!this.enabled) {
            LOG.info("Skipping policy. LDAP Manager is disabled.");
            shouldSkipPolicy = true;
        }
        if (!shouldSkipPolicy) {
            String str = (String) this.nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME);
            Iterator it = this.authorityService.getAuthorityZones(str).iterator();
            while (it.hasNext()) {
                if (((String) it.next()).startsWith("AUTH.EXT.")) {
                    if (LOG.isTraceEnabled()) {
                        LOG.trace("User " + str + " is originating from an external zone already. Will not move to LDAP.");
                    }
                    shouldSkipPolicy = true;
                }
            }
            if (AuthenticationUtil.getAdminUserName().equals(str)) {
                LOG.info("Skipping admin user. Will not move to LDAP.");
                shouldSkipPolicy = true;
            }
            if (AuthenticationUtil.getSystemUserName().equals(str) || (AuthenticationUtil.getSystemUserName() + "User").equals(str)) {
                LOG.info("Skipping sytem user. Will not move to LDAP.");
                shouldSkipPolicy = true;
            }
        }
        return shouldSkipPolicy;
    }

    public void setAuthorityService(AuthorityService authorityService) {
        this.authorityService = authorityService;
    }

    public void setLdapUserService(LdapUserService ldapUserService) {
        this.ldapUserService = ldapUserService;
    }

    public void setSyncZoneId(String str) {
        this.syncZoneId = str;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    @Override // org.redpill.alfresco.ldap.behaviour.AbstractPolicy
    public void afterPropertiesSet() {
        super.afterPropertiesSet();
        Assert.notNull(this.authorityService);
        Assert.notNull(this.ldapUserService);
        Assert.notNull(this.syncZoneId);
        if (initialized.booleanValue()) {
            return;
        }
        LOG.info("Initialized policy");
        this.policyComponent.bindClassBehaviour(NodeServicePolicies.OnCreateNodePolicy.QNAME, ContentModel.TYPE_PERSON, new JavaBehaviour(this, "onCreateNode", Behaviour.NotificationFrequency.TRANSACTION_COMMIT));
        this.policyComponent.bindClassBehaviour(NodeServicePolicies.OnUpdatePropertiesPolicy.QNAME, ContentModel.TYPE_PERSON, new JavaBehaviour(this, "onUpdateProperties", Behaviour.NotificationFrequency.TRANSACTION_COMMIT));
        this.policyComponent.bindClassBehaviour(NodeServicePolicies.OnUpdateNodePolicy.QNAME, ContentModel.TYPE_PERSON, new JavaBehaviour(this, "onUpdateNode", Behaviour.NotificationFrequency.TRANSACTION_COMMIT));
        initialized = true;
    }

    public void onUpdateNode(NodeRef nodeRef) {
        LOG.trace("onUpdateNode begin");
        LOG.trace("onUpdateNode end");
    }
}
