package com.adobe.acs.commons.remoteassets.impl;

import acscommons.com.google.common.net.HttpHeaders;
import com.adobe.acs.commons.exporters.impl.users.Constants;
import com.adobe.acs.commons.util.RequireAem;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.jcr.Session;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpHost;
import org.apache.http.client.fluent.Executor;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = Config.class)
@Component(configurationPolicy = ConfigurationPolicy.REQUIRE, service = {RemoteAssetsConfigImpl.class})
/* loaded from: input_file:com/adobe/acs/commons/remoteassets/impl/RemoteAssetsConfigImpl.class */
public class RemoteAssetsConfigImpl {
    private static final Logger LOG = LoggerFactory.getLogger(RemoteAssetsConfigImpl.class);
    private Integer retryDelay;
    private Integer saveInterval;
    private Executor remoteAssetsHttpExecutor;

    @Reference(target = "(distribution=classic)")
    RequireAem requireAem;

    @Reference
    private ResourceResolverFactory resourceResolverFactory;
    private String server = Constants.GROUP_FILTER_BOTH;
    private String username = Constants.GROUP_FILTER_BOTH;
    private String password = Constants.GROUP_FILTER_BOTH;
    private boolean allowInsecureRemote = false;
    private List<String> tagSyncPaths = new ArrayList();
    private List<String> damSyncPaths = new ArrayList();
    private String eventUserData = Constants.GROUP_FILTER_BOTH;
    private Set<String> whitelistedServiceUsers = new HashSet();

    @ObjectClassDefinition(name = "ACS AEM Commons - Remote Assets - Config")
    /* loaded from: input_file:com/adobe/acs/commons/remoteassets/impl/RemoteAssetsConfigImpl$Config.class */
    public @interface Config {
        public static final boolean DEFAULT_ALLOW_INSECURE = false;
        public static final String DEFAULT_EVENT_USER_DATA = "changedByWorkflowProcess";
        public static final int DEFAULT_RETRY_DELAY = 15;
        public static final int DEFAULT_SAVE_INTERVAL = 100;

        @AttributeDefinition(name = HttpHeaders.SERVER, description = "URL to remote server from which to fetch assets (e.g. https://dev-aem-author.client.com:4502)")
        String server_url() default "";

        @AttributeDefinition(name = "Username", description = "User to log into the remote server")
        String server_user() default "";

        @AttributeDefinition(name = "Password", description = "Password to log into the remote server")
        String server_pass() default "";

        @AttributeDefinition(name = "Allow Insecure Connection", description = "Allow non-https connection to remote assets server, allowing potential compromise of connection credentials")
        boolean server_insecure() default false;

        @AttributeDefinition(name = "Tag Sync Paths", description = "Paths to sync tags from the remote server (e.g. /content/cq:tags/client)", cardinality = Integer.MAX_VALUE)
        String[] tag_paths() default {};

        @AttributeDefinition(name = "Asset Sync Paths", description = "Paths to sync assets from the remote server (e.g. /content/dam)", cardinality = Integer.MAX_VALUE)
        String[] dam_paths() default {};

        @AttributeDefinition(name = "Failure Retry Delay (in minutes)", description = "Number of minutes the server will wait to attempt to sync a remoteasset that failed a sync attempt (minimum 1)")
        int retry_delay() default 15;

        @AttributeDefinition(name = "Number of Assets to Sync Before Saving", description = "Number of asset nodes to sync before saving and refreshing the session during a node sync. The lower the number, the longer the sync will take (default 100)")
        int save_interval() default 100;

        @AttributeDefinition(name = "Event User Data", description = "The event user data that will be set during all JCR manipulations performed by remote assets. This can be used in workflow launchers that listen to DAM paths (such as for DAM Update Assets) to exclude unnecessary processing such as rendition generation.")
        String event_user_data() default "changedByWorkflowProcess";

        @AttributeDefinition(name = "Whitelisted Service Users", description = "Service users that are allowed to trigger remote asset binary syncs. By default, service user activity never triggers an asset binary sync.", cardinality = Integer.MAX_VALUE)
        String[] whitelisted_service_users() default {};
    }

    @Activate
    protected final void activate(Config config) {
        this.server = config.server_url();
        if (StringUtils.isBlank(this.server)) {
            throw new IllegalArgumentException("Remote server must be specified");
        }
        this.username = config.server_user();
        if (StringUtils.isBlank(this.username)) {
            throw new IllegalArgumentException("Remote server username must be specified");
        }
        this.password = config.server_pass();
        if (StringUtils.isBlank(this.password)) {
            throw new IllegalArgumentException("Remote server password must be specified");
        }
        this.allowInsecureRemote = config.server_insecure();
        this.tagSyncPaths = (List) Stream.of((Object[]) ObjectUtils.defaultIfNull(config.tag_paths(), new String[0])).filter(str -> {
            return StringUtils.isNotBlank(str);
        }).collect(Collectors.toList());
        this.damSyncPaths = (List) Stream.of((Object[]) ObjectUtils.defaultIfNull(config.dam_paths(), new String[0])).filter(str2 -> {
            return StringUtils.isNotBlank(str2);
        }).collect(Collectors.toList());
        this.retryDelay = Integer.valueOf(config.retry_delay());
        this.saveInterval = Integer.valueOf(config.save_interval());
        this.eventUserData = config.event_user_data();
        this.whitelistedServiceUsers = (Set) Stream.of((Object[]) ObjectUtils.defaultIfNull(config.whitelisted_service_users(), new String[0])).filter(str3 -> {
            return StringUtils.isNotBlank(str3);
        }).collect(Collectors.toSet());
        buildRemoteHttpExecutor();
    }

    public String getServer() {
        return this.server;
    }

    public String getUsername() {
        return this.username;
    }

    public String getPassword() {
        return this.password;
    }

    public List<String> getTagSyncPaths() {
        return this.tagSyncPaths;
    }

    public List<String> getDamSyncPaths() {
        return this.damSyncPaths;
    }

    public Integer getRetryDelay() {
        return this.retryDelay;
    }

    public Integer getSaveInterval() {
        return this.saveInterval;
    }

    public String getEventUserData() {
        return this.eventUserData;
    }

    public Set<String> getWhitelistedServiceUsers() {
        return this.whitelistedServiceUsers;
    }

    public Executor getRemoteAssetsHttpExecutor() {
        return this.remoteAssetsHttpExecutor;
    }

    public ResourceResolver getResourceResolver() {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("sling.service.subservice", RemoteAssets.SERVICE_NAME);
            ResourceResolver serviceResourceResolver = this.resourceResolverFactory.getServiceResourceResolver(hashMap);
            Session session = (Session) serviceResourceResolver.adaptTo(Session.class);
            if (StringUtils.isNotBlank(getEventUserData())) {
                session.getWorkspace().getObservationManager().setUserData(getEventUserData());
            }
            return serviceResourceResolver;
        } catch (Exception e) {
            LOG.error("Remote assets functionality cannot be enabled - service user login failed");
            throw new RemoteAssetsServiceException(e);
        }
    }

    private void buildRemoteHttpExecutor() {
        try {
            URL url = new URL(this.server);
            if (!url.getProtocol().equalsIgnoreCase("https")) {
                if (!this.allowInsecureRemote) {
                    throw new IllegalArgumentException("Remote server address must be HTTPS so that credentials cannot be compromised.  As an alternative, you may configure remote assets to allow use of a non-HTTPS connection, allowing connection credentials to potentially be compromised AT YOUR OWN RISK.");
                }
                LOG.warn("Remote Assets connection is not HTTPS - authentication username and password will be communicated in CLEAR TEXT.  This configuration is NOT recommended, as it may allow credentials to be compromised!");
            }
            HttpHost httpHost = new HttpHost(url.getHost(), url.getPort(), url.getProtocol());
            this.remoteAssetsHttpExecutor = Executor.newInstance().auth(httpHost, this.username, this.password).authPreemptive(httpHost);
        } catch (MalformedURLException e) {
            throw new IllegalArgumentException("Remote server address is malformed");
        }
    }
}
