package org.apache.jackrabbit.core.security.authorization.acl;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.jcr.NamespaceException;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitWorkspace;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.authorization.AbstractACLTemplate;
import org.apache.jackrabbit.core.security.authorization.AccessControlEntryImpl;
import org.apache.jackrabbit.core.security.authorization.PrivilegeBits;
import org.apache.jackrabbit.core.security.authorization.PrivilegeManagerImpl;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.core.security.principal.UnknownPrincipal;
import org.apache.jackrabbit.core.value.InternalValue;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:jackrabbit-core-2.18.0.jar:org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.class */
public class ACLTemplate extends AbstractACLTemplate {
    private static final Logger log = LoggerFactory.getLogger(ACLTemplate.class);
    private final List<AccessControlEntry> entries;
    private final PrincipalManager principalMgr;
    private final PrivilegeManagerImpl privilegeMgr;
    private final NameResolver resolver;
    private final String jcrRepGlob;
    private final boolean allowUnknownPrincipals;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:jackrabbit-core-2.18.0.jar:org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate$Entry.class */
    public class Entry extends AccessControlEntryImpl {
        private Entry(Principal principal, PrivilegeBits privilegeBits, boolean z, Map<String, Value> map) throws RepositoryException {
            super(principal, privilegeBits, z, map);
        }

        private Entry(Principal principal, Privilege[] privilegeArr, boolean z, Map<String, Value> map) throws RepositoryException {
            super(principal, privilegeArr, z, map);
        }

        private Entry(Entry entry, PrivilegeBits privilegeBits, boolean z) throws RepositoryException {
            super(entry, privilegeBits, z);
        }

        private Entry(Entry entry, Privilege[] privilegeArr, boolean z) throws RepositoryException {
            super(entry, privilegeArr, z);
        }

        @Override // org.apache.jackrabbit.core.security.authorization.AccessControlEntryImpl
        protected NameResolver getResolver() {
            return ACLTemplate.this.resolver;
        }

        @Override // org.apache.jackrabbit.core.security.authorization.AccessControlEntryImpl
        protected ValueFactory getValueFactory() {
            return ACLTemplate.this.valueFactory;
        }

        @Override // org.apache.jackrabbit.core.security.authorization.AccessControlEntryImpl
        protected PrivilegeManagerImpl getPrivilegeManager() {
            return ACLTemplate.this.privilegeMgr;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ACLTemplate(String str, PrincipalManager principalManager, PrivilegeManager privilegeManager, ValueFactory valueFactory, NamePathResolver namePathResolver, boolean z) throws NamespaceException {
        super(str, valueFactory);
        this.entries = new ArrayList();
        this.principalMgr = principalManager;
        this.privilegeMgr = (PrivilegeManagerImpl) privilegeManager;
        this.resolver = namePathResolver;
        this.allowUnknownPrincipals = z;
        this.jcrRepGlob = namePathResolver.getJCRName(P_GLOB);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ACLTemplate(NodeImpl nodeImpl, String str, boolean z) throws RepositoryException {
        super(str, nodeImpl != null ? nodeImpl.getSession().getValueFactory() : null);
        this.entries = new ArrayList();
        if (nodeImpl == null || !NT_REP_ACL.equals(nodeImpl.getPrimaryNodeTypeName())) {
            throw new IllegalArgumentException("Node must be of type 'rep:ACL'");
        }
        SessionImpl sessionImpl = (SessionImpl) nodeImpl.getSession();
        this.principalMgr = sessionImpl.getPrincipalManager();
        this.privilegeMgr = (PrivilegeManagerImpl) ((JackrabbitWorkspace) sessionImpl.getWorkspace()).getPrivilegeManager();
        this.allowUnknownPrincipals = z;
        this.resolver = sessionImpl;
        this.jcrRepGlob = sessionImpl.getJCRName(P_GLOB);
        NodeIterator nodes = nodeImpl.getNodes();
        while (nodes.hasNext()) {
            NodeImpl nodeImpl2 = (NodeImpl) nodes.nextNode();
            try {
                String string = nodeImpl2.getProperty(P_PRINCIPAL_NAME).getString();
                Principal principal = this.principalMgr.getPrincipal(string);
                if (principal == null) {
                    log.debug("Principal with name " + string + " unknown to PrincipalManager.");
                    principal = new PrincipalImpl(string);
                }
                InternalValue[] internalGetValues = nodeImpl2.getProperty(P_PRIVILEGES).internalGetValues();
                Name[] nameArr = new Name[internalGetValues.length];
                for (int i = 0; i < internalGetValues.length; i++) {
                    nameArr[i] = internalGetValues[i].getName();
                }
                this.entries.add(new Entry(principal, this.privilegeMgr.getBits(nameArr), NT_REP_GRANT_ACE.equals(nodeImpl2.getPrimaryNodeTypeName()), nodeImpl2.hasProperty(P_GLOB) ? Collections.singletonMap(this.jcrRepGlob, nodeImpl2.getProperty(P_GLOB).getValue()) : null));
            } catch (RepositoryException e) {
                log.debug("Failed to build ACE from content. {}", e.getMessage());
            }
        }
    }

    Entry createEntry(Principal principal, Privilege[] privilegeArr, boolean z, Map<String, Value> map) throws RepositoryException {
        return new Entry(principal, privilegeArr, z, map);
    }

    Entry createEntry(Entry entry, Privilege[] privilegeArr, boolean z) throws RepositoryException {
        return new Entry(entry, privilegeArr, z);
    }

    private List<Entry> internalGetEntries(Principal principal) {
        String name = principal.getName();
        ArrayList arrayList = new ArrayList(2);
        for (AccessControlEntry accessControlEntry : this.entries) {
            if (name.equals(accessControlEntry.getPrincipal().getName())) {
                arrayList.add((Entry) accessControlEntry);
            }
        }
        return arrayList;
    }

    private synchronized boolean internalAdd(Entry entry) throws RepositoryException {
        List<Entry> internalGetEntries = internalGetEntries(entry.getPrincipal());
        if (internalGetEntries.isEmpty()) {
            this.entries.add(entry);
            return true;
        }
        if (internalGetEntries.contains(entry)) {
            return false;
        }
        int i = -1;
        Entry entry2 = null;
        for (Entry entry3 : internalGetEntries) {
            if (equalRestriction(entry, entry3)) {
                if (entry.isAllow() != entry3.isAllow()) {
                    entry2 = entry3;
                } else {
                    if (entry3.getPrivilegeBits().includes(entry.getPrivilegeBits())) {
                        return false;
                    }
                    i = this.entries.indexOf(entry3);
                    this.entries.remove(entry3);
                    PrivilegeBits privilegeBits = PrivilegeBits.getInstance(entry3.getPrivilegeBits());
                    privilegeBits.add(entry.getPrivilegeBits());
                    entry = new Entry(entry, privilegeBits, entry.isAllow());
                }
            }
        }
        if (entry2 != null) {
            PrivilegeBits privilegeBits2 = entry2.getPrivilegeBits();
            PrivilegeBits privilegeBits3 = PrivilegeBits.getInstance(privilegeBits2);
            privilegeBits3.diff(entry.getPrivilegeBits());
            if (privilegeBits3.isEmpty()) {
                this.entries.remove(entry2);
                i--;
            } else if (!privilegeBits3.equals(privilegeBits2)) {
                int indexOf = this.entries.indexOf(entry2);
                this.entries.remove(entry2);
                this.entries.add(indexOf, new Entry(entry, privilegeBits3, !entry.isAllow()));
            }
        }
        if (i < 0) {
            this.entries.add(entry);
            return true;
        }
        this.entries.add(i, entry);
        return true;
    }

    private boolean equalRestriction(Entry entry, Entry entry2) throws RepositoryException {
        Value restriction = entry.getRestriction(this.jcrRepGlob);
        Value restriction2 = entry2.getRestriction(this.jcrRepGlob);
        return restriction == null ? restriction2 == null : restriction.equals(restriction2);
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AbstractACLTemplate
    protected void checkValidEntry(Principal principal, Privilege[] privilegeArr, boolean z, Map<String, Value> map) throws AccessControlException {
        if (principal instanceof UnknownPrincipal) {
            log.debug("Consider fallback principal as valid: {}", principal.getName());
        } else if (!this.principalMgr.hasPrincipal(principal.getName())) {
            if (!this.allowUnknownPrincipals) {
                throw new AccessControlException("Principal " + principal.getName() + " does not exist.");
            }
            log.debug("Consider fallback principal as valid: {}", principal.getName());
        }
        if (this.path == null && map != null && !map.isEmpty()) {
            throw new AccessControlException("Repository level policy does not support restrictions.");
        }
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AbstractACLTemplate
    protected List<AccessControlEntry> getEntries() {
        return this.entries;
    }

    public synchronized void removeAccessControlEntry(AccessControlEntry accessControlEntry) throws AccessControlException, RepositoryException {
        if (!(accessControlEntry instanceof Entry)) {
            throw new AccessControlException("Invalid AccessControlEntry implementation " + accessControlEntry.getClass().getName() + ".");
        }
        if (!this.entries.contains(accessControlEntry)) {
            throw new AccessControlException("AccessControlEntry " + accessControlEntry + " cannot be removed from ACL defined at " + getPath());
        }
        this.entries.remove(accessControlEntry);
    }

    @Override // org.apache.jackrabbit.api.security.JackrabbitAccessControlList
    public String[] getRestrictionNames() {
        return this.path == null ? new String[0] : new String[]{this.jcrRepGlob};
    }

    @Override // org.apache.jackrabbit.api.security.JackrabbitAccessControlList
    public int getRestrictionType(String str) {
        return (this.jcrRepGlob.equals(str) || P_GLOB.toString().equals(str)) ? 1 : 0;
    }

    @Override // org.apache.jackrabbit.api.security.JackrabbitAccessControlList
    public boolean isMultiValueRestriction(String str) throws RepositoryException {
        return false;
    }

    @Override // org.apache.jackrabbit.api.security.JackrabbitAccessControlList
    public boolean addEntry(Principal principal, Privilege[] privilegeArr, boolean z, Map<String, Value> map) throws AccessControlException, RepositoryException {
        checkValidEntry(principal, privilegeArr, z, map);
        return internalAdd(createEntry(principal, privilegeArr, z, map));
    }

    public int hashCode() {
        return 0;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof ACLTemplate)) {
            return false;
        }
        ACLTemplate aCLTemplate = (ACLTemplate) obj;
        return this.path.equals(aCLTemplate.path) && this.entries.equals(aCLTemplate.entries);
    }
}
