package org.apache.jackrabbit.core.security.user;

import java.security.Principal;
import java.security.acl.Group;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.security.auth.Subject;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter;
import org.apache.jackrabbit.value.StringValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:jackrabbit-core-2.7.0.jar:org/apache/jackrabbit/core/security/user/ImpersonationImpl.class */
class ImpersonationImpl implements Impersonation, UserConstants {
    private static final Logger log = LoggerFactory.getLogger(ImpersonationImpl.class);
    private final UserImpl user;
    private final UserManagerImpl userManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ImpersonationImpl(UserImpl userImpl, UserManagerImpl userManagerImpl) throws RepositoryException {
        this.user = userImpl;
        this.userManager = userManagerImpl;
    }

    @Override // org.apache.jackrabbit.api.security.user.Impersonation
    public PrincipalIterator getImpersonators() throws RepositoryException {
        Set<String> impersonatorNames = getImpersonatorNames();
        if (impersonatorNames.isEmpty()) {
            return PrincipalIteratorAdapter.EMPTY;
        }
        PrincipalManager principalManager = this.user.getSession().getPrincipalManager();
        HashSet hashSet = new HashSet();
        for (String str : impersonatorNames) {
            Principal principal = principalManager.getPrincipal(str);
            if (principal == null) {
                log.debug("Impersonator " + str + " does not correspond to a known Principal.");
                principal = new PrincipalImpl(str);
            }
            hashSet.add(principal);
        }
        return new PrincipalIteratorAdapter(hashSet);
    }

    @Override // org.apache.jackrabbit.api.security.user.Impersonation
    public synchronized boolean grantImpersonation(Principal principal) throws RepositoryException {
        Authorizable authorizable = this.user.userManager.getAuthorizable(principal);
        if (authorizable == null || authorizable.isGroup()) {
            log.warn("Cannot grant impersonation to a principal that is a Group or an unknown Authorizable.");
            return false;
        }
        if (this.user.userManager.isAdminId(authorizable.getID())) {
            log.warn("Admin principal is already granted impersonation.");
            return false;
        }
        String name = principal.getName();
        if (this.user.getPrincipal().getName().equals(name)) {
            log.warn("Cannot grant impersonation to oneself.");
            return false;
        }
        boolean z = false;
        Set<String> impersonatorNames = getImpersonatorNames();
        if (impersonatorNames.add(name)) {
            updateImpersonatorNames(impersonatorNames);
            z = true;
        }
        return z;
    }

    @Override // org.apache.jackrabbit.api.security.user.Impersonation
    public synchronized boolean revokeImpersonation(Principal principal) throws RepositoryException {
        boolean z = false;
        String name = principal.getName();
        Set<String> impersonatorNames = getImpersonatorNames();
        if (impersonatorNames.remove(name)) {
            updateImpersonatorNames(impersonatorNames);
            z = true;
        }
        return z;
    }

    @Override // org.apache.jackrabbit.api.security.user.Impersonation
    public boolean allows(Subject subject) throws RepositoryException {
        Authorizable authorizable;
        if (subject == null) {
            return false;
        }
        HashSet hashSet = new HashSet();
        Iterator<Principal> it = subject.getPrincipals().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getName());
        }
        boolean removeAll = getImpersonatorNames().removeAll(hashSet);
        if (!removeAll) {
            Iterator<Principal> it2 = subject.getPrincipals().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Principal next = it2.next();
                if (!(next instanceof Group) && (authorizable = this.userManager.getAuthorizable(next)) != null && this.userManager.isAdminId(authorizable.getID())) {
                    removeAll = true;
                    break;
                }
            }
        }
        return removeAll;
    }

    private Set<String> getImpersonatorNames() throws RepositoryException {
        HashSet hashSet = new HashSet();
        if (this.user.getNode().hasProperty(P_IMPERSONATORS)) {
            for (Value value : this.user.getNode().getProperty(P_IMPERSONATORS).getValues()) {
                hashSet.add(value.getString());
            }
        }
        return hashSet;
    }

    private void updateImpersonatorNames(Set<String> set) throws RepositoryException {
        NodeImpl node = this.user.getNode();
        try {
            String[] strArr = (String[]) set.toArray(new String[set.size()]);
            if (strArr.length == 0) {
                this.userManager.removeProtectedItem(node.getProperty(P_IMPERSONATORS), node);
            } else {
                Value[] valueArr = new Value[strArr.length];
                for (int i = 0; i < strArr.length; i++) {
                    valueArr[i] = new StringValue(strArr[i]);
                }
                this.userManager.setProtectedProperty(node, P_IMPERSONATORS, valueArr);
            }
        } catch (RepositoryException e) {
            node.refresh(false);
            throw e;
        }
    }
}
