package org.apache.jackrabbit.jcr2spi.security.authorization.jackrabbit.acl;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.ValueFormatException;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
import org.apache.jackrabbit.jcr2spi.hierarchy.HierarchyManager;
import org.apache.jackrabbit.jcr2spi.hierarchy.NodeEntry;
import org.apache.jackrabbit.jcr2spi.nodetype.ItemDefinitionProvider;
import org.apache.jackrabbit.jcr2spi.operation.AddNode;
import org.apache.jackrabbit.jcr2spi.operation.Operation;
import org.apache.jackrabbit.jcr2spi.operation.Remove;
import org.apache.jackrabbit.jcr2spi.operation.SetMixin;
import org.apache.jackrabbit.jcr2spi.operation.SetTree;
import org.apache.jackrabbit.jcr2spi.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.jcr2spi.security.authorization.jackrabbit.AccessControlConstants;
import org.apache.jackrabbit.jcr2spi.state.NodeState;
import org.apache.jackrabbit.jcr2spi.state.UpdatableItemStateManager;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.spi.QValue;
import org.apache.jackrabbit.spi.QValueFactory;
import org.apache.jackrabbit.spi.SessionInfo;
import org.apache.jackrabbit.spi.commons.conversion.NameException;
import org.apache.jackrabbit.spi.commons.conversion.NameParser;
import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:jackrabbit-jcr2spi-2.13.5.jar:org/apache/jackrabbit/jcr2spi/security/authorization/jackrabbit/acl/AccessControlManagerImpl.class */
class AccessControlManagerImpl implements AccessControlManager, AccessControlConstants {
    private static final Logger log = LoggerFactory.getLogger(AccessControlManagerImpl.class);
    private static int REMOVE_POLICY_OPTIONS = 39;
    private final SessionInfo sessionInfo;
    private final HierarchyManager hierarchyManager;
    private final NamePathResolver npResolver;
    private final QValueFactory qvf;
    private final AccessControlProvider acProvider;
    private final UpdatableItemStateManager itemStateMgr;
    private final ItemDefinitionProvider definitionProvider;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AccessControlManagerImpl(SessionInfo sessionInfo, UpdatableItemStateManager updatableItemStateManager, ItemDefinitionProvider itemDefinitionProvider, HierarchyManager hierarchyManager, NamePathResolver namePathResolver, QValueFactory qValueFactory, AccessControlProvider accessControlProvider) {
        this.sessionInfo = sessionInfo;
        this.hierarchyManager = hierarchyManager;
        this.itemStateMgr = updatableItemStateManager;
        this.npResolver = namePathResolver;
        this.qvf = qValueFactory;
        this.acProvider = accessControlProvider;
        this.definitionProvider = itemDefinitionProvider;
    }

    public Privilege[] getSupportedPrivileges(String str) throws PathNotFoundException, RepositoryException {
        Map<String, Privilege> supportedPrivileges = this.acProvider.getSupportedPrivileges(this.sessionInfo, getNodeState(this.npResolver.getQPath(str)).getNodeId(), this.npResolver);
        return (Privilege[]) supportedPrivileges.values().toArray(new Privilege[supportedPrivileges.size()]);
    }

    public Privilege privilegeFromName(String str) throws AccessControlException, RepositoryException {
        return this.acProvider.privilegeFromName(this.sessionInfo, this.npResolver, str);
    }

    public boolean hasPrivileges(String str, Privilege[] privilegeArr) throws PathNotFoundException, RepositoryException {
        Set<Privilege> privileges = this.acProvider.getPrivileges(this.sessionInfo, getNodeState(this.npResolver.getQPath(str)).getNodeId(), this.npResolver);
        List asList = Arrays.asList(privilegeArr);
        if (privileges.containsAll(asList)) {
            return true;
        }
        HashSet hashSet = new HashSet(privileges);
        for (Privilege privilege : privileges) {
            if (privilege.isAggregate()) {
                hashSet.addAll(Arrays.asList(privilege.getAggregatePrivileges()));
            }
        }
        return hashSet.containsAll(asList);
    }

    public Privilege[] getPrivileges(String str) throws PathNotFoundException, RepositoryException {
        Set<Privilege> privileges = this.acProvider.getPrivileges(this.sessionInfo, getNodeState(this.npResolver.getQPath(str)).getNodeId(), this.npResolver);
        return (Privilege[]) privileges.toArray(new Privilege[privileges.size()]);
    }

    public AccessControlPolicy[] getEffectivePolicies(String str) throws RepositoryException {
        checkValidNodePath(str);
        checkAccessControlRead(str);
        return new AccessControlPolicy[]{new AccessControlPolicy() { // from class: org.apache.jackrabbit.jcr2spi.security.authorization.jackrabbit.acl.AccessControlManagerImpl.1
        }};
    }

    public AccessControlPolicyIterator getApplicablePolicies(String str) throws RepositoryException {
        checkValidNodePath(str);
        AccessControlPolicy[] applicable = getApplicable(str);
        return (applicable == null || applicable.length <= 0) ? AccessControlPolicyIteratorAdapter.EMPTY : new AccessControlPolicyIteratorAdapter(Arrays.asList(applicable));
    }

    public AccessControlPolicy[] getPolicies(String str) throws RepositoryException {
        checkValidNodePath(str);
        ArrayList arrayList = new ArrayList();
        NodeState aclNode = getAclNode(str);
        if (aclNode != null) {
            arrayList.add(new AccessControlListImpl(aclNode, str, this.npResolver, this.qvf, this));
        }
        return (AccessControlPolicy[]) arrayList.toArray(new AccessControlList[arrayList.size()]);
    }

    public void setPolicy(String str, AccessControlPolicy accessControlPolicy) throws RepositoryException {
        SetTree create;
        NodeState nodeState;
        Name name;
        checkValidNodePath(str);
        checkValidPolicy(accessControlPolicy);
        checkAcccessControlItem(str);
        NodeState aclNode = getAclNode(str);
        if (aclNode == null) {
            Name name2 = str == null ? N_REPO_POLICY : N_POLICY;
            if (str == null) {
                nodeState = getRootNodeState();
                name = NT_REP_REPO_ACCESS_CONTROLLABLE;
            } else {
                nodeState = getNodeState(str);
                name = NT_REP_ACCESS_CONTROLLABLE;
            }
            setMixin(nodeState, name);
            create = SetTree.create(this.itemStateMgr, nodeState, name2, NT_REP_ACL, null);
            aclNode = create.getTreeState();
        } else {
            Iterator<NodeEntry> nodeEntries = getNodeEntry(aclNode).getNodeEntries();
            while (nodeEntries.hasNext()) {
                nodeEntries.next().transientRemove();
            }
            create = SetTree.create(aclNode);
        }
        for (AccessControlEntry accessControlEntry : ((AccessControlListImpl) accessControlPolicy).getAccessControlEntries()) {
            createAceNode(create, aclNode, accessControlEntry);
        }
        this.itemStateMgr.execute(create);
    }

    public void removePolicy(String str, AccessControlPolicy accessControlPolicy) throws RepositoryException {
        checkValidNodePath(str);
        checkValidPolicy(accessControlPolicy);
        NodeState aclNode = getAclNode(str);
        if (aclNode == null) {
            throw new AccessControlException("No policy exist at " + str);
        }
        removeNode(aclNode);
    }

    private AccessControlPolicy[] getApplicable(String str) throws RepositoryException {
        AccessControlListImpl accessControlListImpl = null;
        if (getAclNode(str == null ? getRootNodeState() : getNodeState(str), str) == null) {
            accessControlListImpl = new AccessControlListImpl(str, this.npResolver, this.qvf);
        }
        return accessControlListImpl == null ? new AccessControlPolicy[0] : new AccessControlPolicy[]{accessControlListImpl};
    }

    private NodeState getAclNode(String str) throws RepositoryException {
        return getAclNode(str == null ? getRootNodeState() : getNodeState(str), str);
    }

    private NodeState getAclNode(NodeState nodeState, String str) throws RepositoryException {
        NodeState nodeState2 = null;
        if (str == null) {
            if (isRepoAccessControlled(nodeState)) {
                nodeState2 = nodeState.getChildNodeState(N_REPO_POLICY, 1);
            }
        } else if (isAccessControlled(nodeState)) {
            nodeState2 = nodeState.getChildNodeState(N_POLICY, 1);
        }
        return nodeState2;
    }

    private boolean isRepoAccessControlled(NodeState nodeState) throws RepositoryException {
        return isNodeType(nodeState, NT_REP_REPO_ACCESS_CONTROLLABLE) && nodeState.hasChildNodeEntry(N_REPO_POLICY, 1);
    }

    private boolean isAccessControlled(NodeState nodeState) throws RepositoryException {
        return isNodeType(nodeState, NT_REP_ACCESS_CONTROLLABLE) && nodeState.hasChildNodeEntry(N_POLICY, 1);
    }

    private boolean isNodeType(NodeState nodeState, Name name) throws RepositoryException {
        List asList = Arrays.asList(nodeState.getAllNodeTypeNames());
        if (asList == null) {
            return false;
        }
        return asList.contains(name);
    }

    private void checkAcccessControlItem(String str) throws AccessControlException, RepositoryException {
        Name nodeTypeName = getNodeState(str).getNodeTypeName();
        if (nodeTypeName.equals(NT_REP_ACL) || nodeTypeName.equals(NT_REP_GRANT_ACE) || nodeTypeName.equals(NT_REP_DENY_ACE)) {
            throw new AccessControlException("The path: " + str + " points to an access control content node");
        }
    }

    private void checkAccessControlRead(String str) throws RepositoryException {
        if (!hasPrivileges(str, new Privilege[]{privilegeFromName("{http://www.jcp.org/jcr/1.0}readAccessControl")})) {
            throw new AccessDeniedException();
        }
    }

    private void createAceNode(SetTree setTree, NodeState nodeState, AccessControlEntry accessControlEntry) throws RepositoryException {
        AccessControlEntryImpl accessControlEntryImpl = (AccessControlEntryImpl) accessControlEntry;
        boolean isAllow = accessControlEntryImpl.isAllow();
        NodeState addNode = addNode(setTree, nodeState, getUniqueNodeName(nodeState, isAllow ? "allow" : "deny"), null, isAllow ? NT_REP_GRANT_ACE : NT_REP_DENY_ACE);
        addProperty(setTree, addNode, N_REP_PRINCIPAL_NAME, 1, new QValue[]{this.qvf.create(accessControlEntryImpl.getPrincipal().getName(), 1)});
        Privilege[] privileges = accessControlEntryImpl.getPrivileges();
        QValue[] qValueArr = new QValue[privileges.length];
        for (int i = 0; i < privileges.length; i++) {
            try {
                qValueArr[i] = this.qvf.create(this.npResolver.getQName(privileges[i].getName()).toString(), 7);
            } catch (ValueFormatException e) {
                throw new RepositoryException(e.getMessage());
            }
        }
        addProperty(setTree, addNode, N_REP_PRIVILEGES, 7, qValueArr);
    }

    private NodeState getNodeState(String str) throws RepositoryException {
        return getNodeState(this.npResolver.getQPath(str));
    }

    private NodeState getRootNodeState() throws RepositoryException {
        return this.hierarchyManager.getRootEntry().getNodeState();
    }

    private NodeState getNodeState(Path path) throws RepositoryException {
        return this.hierarchyManager.getNodeState(path);
    }

    private NodeEntry getNodeEntry(NodeState nodeState) throws RepositoryException {
        return this.hierarchyManager.getNodeEntry(nodeState.getPath());
    }

    private void checkValidNodePath(String str) throws PathNotFoundException, RepositoryException {
        if (str != null) {
            Path qPath = this.npResolver.getQPath(str);
            if (!qPath.isAbsolute()) {
                throw new RepositoryException("Absolute path expected. Found: " + str);
            }
            if (this.hierarchyManager.getNodeEntry(qPath).getNodeState() == null) {
                throw new PathNotFoundException(str);
            }
        }
    }

    private void checkValidPolicy(AccessControlPolicy accessControlPolicy) throws AccessControlException {
        if (accessControlPolicy == null || !(accessControlPolicy instanceof AccessControlListImpl)) {
            throw new AccessControlException("Policy is not applicable ");
        }
    }

    private NodeState addNode(SetTree setTree, NodeState nodeState, Name name, String str, Name name2) throws RepositoryException {
        Operation addChildNode = setTree.addChildNode(nodeState, name, name2, str);
        this.itemStateMgr.execute(addChildNode);
        return (NodeState) ((AddNode) addChildNode).getAddedStates().get(0);
    }

    private void addProperty(SetTree setTree, NodeState nodeState, Name name, int i, QValue[] qValueArr) throws RepositoryException {
        this.itemStateMgr.execute(setTree.addChildProperty(nodeState, name, i, qValueArr, this.definitionProvider.getQPropertyDefinition(nodeState.getAllNodeTypeNames(), name, i)));
    }

    private void removeNode(NodeState nodeState) throws RepositoryException {
        this.itemStateMgr.execute(Remove.create(nodeState, REMOVE_POLICY_OPTIONS));
    }

    private void setMixin(NodeState nodeState, Name name) throws RepositoryException {
        if (isNodeType(nodeState, name)) {
            log.debug(name.toString() + " is already present on the given node state " + nodeState.getName().toString());
        } else {
            this.itemStateMgr.execute(SetMixin.create(nodeState, new Name[]{name}));
        }
    }

    private Name getUniqueNodeName(NodeState nodeState, String str) throws RepositoryException {
        try {
            NameParser.checkFormat(str);
        } catch (NameException e) {
            log.debug("Invalid path name for Permission: " + str + ".");
        }
        int i = 0;
        Name qName = this.npResolver.getQName(str);
        while (nodeState.hasChildNodeEntry(qName, 1)) {
            qName = this.npResolver.getQName(str + i);
            i++;
        }
        return qName;
    }
}
