package org.apache.jackrabbit.oak.security.user;

import java.security.Principal;
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
import org.apache.jackrabbit.oak.spi.security.user.UserIdCredentials;
import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/UserImpl.class */
class UserImpl extends AuthorizableImpl implements User {
    private final boolean isAdmin;
    private final PasswordHistory pwHistory;

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserImpl(String str, Tree tree, UserManagerImpl userManagerImpl) throws RepositoryException {
        super(str, tree, userManagerImpl);
        this.isAdmin = UserUtil.isAdmin(userManagerImpl.getConfig(), str);
        this.pwHistory = new PasswordHistory(userManagerImpl.getConfig());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.apache.jackrabbit.oak.security.user.AuthorizableImpl
    public void checkValidTree(@NotNull Tree tree) throws RepositoryException {
        if (!UserUtil.isType(tree, AuthorizableType.USER)) {
            throw new IllegalArgumentException("Invalid user node: node type rep:User expected.");
        }
    }

    public boolean isGroup() {
        return false;
    }

    public Principal getPrincipal() throws RepositoryException {
        Tree tree = getTree();
        String principalName = getPrincipalName();
        NamePathMapper namePathMapper = getUserManager().getNamePathMapper();
        return isAdmin() ? new AdminPrincipalImpl(principalName, tree, namePathMapper) : new TreeBasedPrincipal(principalName, tree, namePathMapper);
    }

    public boolean isAdmin() {
        return this.isAdmin;
    }

    public boolean isSystemUser() {
        return false;
    }

    public Credentials getCredentials() {
        String passwordHash = getPasswordHash();
        return passwordHash == null ? new UserIdCredentials(getID()) : new CredentialsImpl(getID(), passwordHash);
    }

    public Impersonation getImpersonation() throws RepositoryException {
        return new ImpersonationImpl(this);
    }

    public void changePassword(String str) throws RepositoryException {
        if (str == null) {
            throw new RepositoryException("Attempt to set 'null' password for user " + getID());
        }
        UserManagerImpl userManager = getUserManager();
        userManager.onPasswordChange(this, str);
        this.pwHistory.updatePasswordHistory(getTree(), str);
        userManager.setPassword(getTree(), getID(), str, true);
    }

    public void changePassword(String str, String str2) throws RepositoryException {
        if (!PasswordUtil.isSame(getPasswordHash(), str2)) {
            throw new RepositoryException("Failed to change password: Old password does not match.");
        }
        changePassword(str);
    }

    public void disable(String str) throws RepositoryException {
        if (this.isAdmin) {
            throw new RepositoryException("The administrator user cannot be disabled.");
        }
        Tree tree = getTree();
        if (str != null) {
            tree.setProperty("rep:disabled", str);
        } else if (tree.hasProperty("rep:disabled")) {
            tree.removeProperty("rep:disabled");
        }
    }

    public boolean isDisabled() throws RepositoryException {
        return getTree().hasProperty("rep:disabled");
    }

    public String getDisabledReason() throws RepositoryException {
        PropertyState property = getTree().getProperty("rep:disabled");
        if (property != null) {
            return (String) property.getValue(Type.STRING);
        }
        return null;
    }

    @Nullable
    private String getPasswordHash() {
        return TreeUtil.getString(getTree(), "rep:password");
    }
}
