package org.apache.jackrabbit.core.security;

import java.io.File;
import java.io.FileInputStream;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.Properties;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.core.id.ItemId;
import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.Path;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:jackrabbit-core-2.16.0.jar:org/apache/jackrabbit/core/security/SimpleJBossAccessManager.class */
public class SimpleJBossAccessManager implements AccessManager {
    private static Logger log = LoggerFactory.getLogger(SimpleJBossAccessManager.class);
    protected boolean system;
    protected boolean anonymous;

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public void init(AMContext aMContext) throws AccessDeniedException, Exception {
        init(aMContext, null, null);
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public void init(AMContext aMContext, AccessControlProvider accessControlProvider, WorkspaceAccessManager workspaceAccessManager) throws AccessDeniedException, Exception {
        Properties properties = new Properties();
        File file = new File(aMContext.getHomeDir(), "rolemapping.properties");
        log.info("Loading jbossgroup role mappings from {}", file.getPath());
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            properties.load(fileInputStream);
            fileInputStream.close();
            for (Principal principal : aMContext.getSubject().getPrincipals()) {
                if ((principal instanceof Group) && principal.getName().equalsIgnoreCase("Roles")) {
                    Enumeration<? extends Principal> members = ((Group) principal).members();
                    while (members.hasMoreElements()) {
                        String property = properties.getProperty(members.nextElement().getName());
                        this.system = this.system || "full".equalsIgnoreCase(property);
                        this.anonymous = this.anonymous || org.apache.jackrabbit.jcr2spi.security.AccessManager.READ_ACTION.equalsIgnoreCase(property);
                    }
                }
            }
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public synchronized void close() {
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public void checkPermission(ItemId itemId, int i) throws AccessDeniedException, RepositoryException {
        if (!isGranted(itemId, i)) {
            throw new AccessDeniedException("Access denied");
        }
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public void checkPermission(Path path, int i) throws AccessDeniedException, RepositoryException {
        if (!isGranted(path, i)) {
            throw new AccessDeniedException("Access denied");
        }
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public void checkRepositoryPermission(int i) throws AccessDeniedException, RepositoryException {
        if (!isGranted((ItemId) null, i)) {
            throw new AccessDeniedException("Access denied");
        }
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public boolean isGranted(ItemId itemId, int i) throws RepositoryException {
        return this.system || (this.anonymous && (i & 6) == 0);
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public boolean isGranted(Path path, int i) throws RepositoryException {
        return internalIsGranted(i);
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public boolean isGranted(Path path, Name name, int i) throws RepositoryException {
        return internalIsGranted(i);
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public boolean canRead(Path path, ItemId itemId) throws RepositoryException {
        return true;
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public boolean canAccess(String str) throws RepositoryException {
        return this.system || this.anonymous;
    }

    private boolean internalIsGranted(int i) {
        return this.system || (this.anonymous && 1 == i);
    }
}
