package org.apache.jackrabbit.core.security.user;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.jcr.ItemNotFoundException;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.ItemImpl;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.observation.SynchronousEventListener;
import org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider;
import org.apache.jackrabbit.core.security.authorization.AbstractCompiledPermissions;
import org.apache.jackrabbit.core.security.authorization.AccessControlEditor;
import org.apache.jackrabbit.core.security.authorization.CompiledPermissions;
import org.apache.jackrabbit.core.security.authorization.NamedAccessControlPolicyImpl;
import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/jackrabbit-core-1.5.7.jar:org/apache/jackrabbit/core/security/user/UserAccessControlProvider.class */
public class UserAccessControlProvider extends AbstractAccessControlProvider implements UserConstants {
    private static Logger log;
    private final AccessControlPolicy policy = new NamedAccessControlPolicyImpl("userPolicy");
    private Path groupsPath;
    private Path usersPath;
    private String userAdminGroup;
    private String groupAdminGroup;
    static Class class$org$apache$jackrabbit$core$security$user$UserAccessControlProvider;

    /* loaded from: input_file:WEB-INF/lib/jackrabbit-core-1.5.7.jar:org/apache/jackrabbit/core/security/user/UserAccessControlProvider$CompiledPermissionsImpl.class */
    private class CompiledPermissionsImpl extends AbstractCompiledPermissions implements SynchronousEventListener {
        private final NodeImpl userNode;
        private boolean isUserAdmin;
        private boolean isGroupAdmin;
        private final UserAccessControlProvider this$0;

        protected CompiledPermissionsImpl(UserAccessControlProvider userAccessControlProvider, Set set, NodeImpl nodeImpl) throws RepositoryException {
            this.this$0 = userAccessControlProvider;
            this.userNode = nodeImpl;
            this.isUserAdmin = UserAccessControlProvider.containsGroup(set, userAccessControlProvider.userAdminGroup);
            this.isGroupAdmin = UserAccessControlProvider.containsGroup(set, userAccessControlProvider.groupAdminGroup);
            userAccessControlProvider.observationMgr.addEventListener(this, 28, UserConstants.USERS_PATH, true, (String[]) null, (String[]) null, false);
        }

        @Override // org.apache.jackrabbit.core.security.authorization.AbstractCompiledPermissions
        protected AbstractCompiledPermissions.Result buildResult(Path path) throws RepositoryException {
            int i = 1;
            boolean nodeExists = this.this$0.session.nodeExists(this.this$0.resolver.getJCRPath(path.getNormalizedPath()));
            int i2 = nodeExists ? 1 : 0;
            Path subPath = 4 > path.getLength() ? null : path.subPath(0, 4);
            if (this.this$0.usersPath.equals(subPath)) {
                NodeImpl nodeImpl = (NodeImpl) this.this$0.getExistingNode(path);
                NodeImpl nodeImpl2 = null;
                if (nodeImpl.isNodeType(UserConstants.NT_REP_AUTHORIZABLE)) {
                    nodeImpl2 = nodeImpl;
                } else if (nodeImpl.isNodeType(UserConstants.NT_REP_AUTHORIZABLE_FOLDER)) {
                    NodeImpl nodeImpl3 = nodeImpl;
                    while (nodeImpl2 == null && nodeImpl3.getDepth() > 0) {
                        nodeImpl3 = (NodeImpl) nodeImpl3.getParent();
                        if (nodeImpl3.isNodeType(UserConstants.NT_REP_AUTHORIZABLE)) {
                            nodeImpl2 = nodeImpl3;
                        } else if (!nodeImpl3.isNodeType(UserConstants.NT_REP_AUTHORIZABLE_FOLDER)) {
                            break;
                        }
                    }
                }
                if (nodeImpl2 != null && nodeImpl2.isNodeType(UserConstants.NT_REP_USER)) {
                    int relativeDepth = this.this$0.session.getHierarchyManager().getRelativeDepth(this.userNode.getNodeId(), nodeImpl2.getNodeId());
                    boolean equals = UserConstants.P_GROUPS.equals(path.getNameElement().getName());
                    boolean z = this.isUserAdmin;
                    if (z && equals) {
                        z = this.isGroupAdmin;
                    }
                    switch (relativeDepth) {
                        case -1:
                            break;
                        case 0:
                            if (!z) {
                                if (this.userNode.isSame(nodeImpl) && (!equals || this.isGroupAdmin)) {
                                    i = 1 | 18;
                                    if (nodeExists) {
                                        i2 |= 2;
                                        break;
                                    }
                                }
                            } else {
                                i = 31;
                                if (nodeExists) {
                                    i2 |= 14;
                                    break;
                                }
                            }
                            break;
                        default:
                            if (z) {
                                i = 31;
                                if (nodeExists) {
                                    i2 |= 14;
                                    break;
                                }
                            }
                            break;
                    }
                }
            } else if (this.this$0.groupsPath.equals(subPath) && this.isGroupAdmin) {
                i = 31;
                if (nodeExists) {
                    i2 |= 14;
                }
            }
            return new AbstractCompiledPermissions.Result(i, 0, i2, 0);
        }

        @Override // org.apache.jackrabbit.core.security.authorization.AbstractCompiledPermissions, org.apache.jackrabbit.core.security.authorization.CompiledPermissions
        public void close() {
            try {
                this.this$0.observationMgr.removeEventListener(this);
            } catch (RepositoryException e) {
                UserAccessControlProvider.log.error("Internal error: ", e.getMessage());
            }
            super.close();
        }

        @Override // org.apache.jackrabbit.core.security.authorization.AbstractCompiledPermissions, org.apache.jackrabbit.core.security.authorization.CompiledPermissions
        public boolean grants(Path path, int i) throws RepositoryException {
            if (i == 1) {
                return true;
            }
            return super.grants(path, i);
        }

        @Override // org.apache.jackrabbit.core.security.authorization.AbstractCompiledPermissions, org.apache.jackrabbit.core.security.authorization.CompiledPermissions
        public boolean canReadAll() throws RepositoryException {
            return true;
        }

        /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
        /* JADX WARN: Code restructure failed: missing block: B:28:0x00fc, code lost:
        
            clearCache();
         */
        /* JADX WARN: Code restructure failed: missing block: B:31:?, code lost:
        
            return;
         */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public void onEvent(javax.jcr.observation.EventIterator r5) {
            /*
                Method dump skipped, instructions count: 281
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: org.apache.jackrabbit.core.security.user.UserAccessControlProvider.CompiledPermissionsImpl.onEvent(javax.jcr.observation.EventIterator):void");
        }
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlUtils
    public boolean isAcItem(Path path) throws RepositoryException {
        return false;
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlUtils
    public boolean isAcItem(ItemImpl itemImpl) throws RepositoryException {
        return false;
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider, org.apache.jackrabbit.core.security.authorization.AccessControlProvider
    public void init(Session session, Map map) throws RepositoryException {
        super.init(session, map);
        if (!(session instanceof SessionImpl)) {
            throw new RepositoryException("SessionImpl (system session) expected.");
        }
        SessionImpl sessionImpl = (SessionImpl) session;
        this.userAdminGroup = map.containsKey(UserConstants.USER_ADMIN_GROUP_NAME) ? map.get(UserConstants.USER_ADMIN_GROUP_NAME).toString() : UserConstants.USER_ADMIN_GROUP_NAME;
        this.groupAdminGroup = map.containsKey(UserConstants.GROUP_ADMIN_GROUP_NAME) ? map.get(UserConstants.GROUP_ADMIN_GROUP_NAME).toString() : UserConstants.GROUP_ADMIN_GROUP_NAME;
        UserManager userManager = sessionImpl.getUserManager();
        if (!initGroup(userManager, this.userAdminGroup)) {
            log.warn("Unable to initialize User admininistrator group -> no user admins.");
            this.userAdminGroup = null;
        }
        if (!initGroup(userManager, this.groupAdminGroup)) {
            log.warn("Unable to initialize Group admininistrator group -> no group admins.");
            this.groupAdminGroup = null;
        }
        this.usersPath = sessionImpl.getQPath(UserConstants.USERS_PATH);
        this.groupsPath = sessionImpl.getQPath(UserConstants.GROUPS_PATH);
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlProvider
    public AccessControlPolicy[] getEffectivePolicies(Path path) throws ItemNotFoundException, RepositoryException {
        checkInitialized();
        return new AccessControlPolicy[]{this.policy};
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlProvider
    public AccessControlEditor getEditor(Session session) {
        checkInitialized();
        return null;
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlProvider
    public CompiledPermissions compilePermissions(Set set) throws RepositoryException {
        checkInitialized();
        if (isAdminOrSystem(set)) {
            return getAdminPermissions();
        }
        NodeImpl userNode = getUserNode(getUserPrincipal(set));
        return userNode == null ? getReadOnlyPermissions() : new CompiledPermissionsImpl(this, set, userNode);
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlProvider
    public boolean canAccessRoot(Set set) throws RepositoryException {
        checkInitialized();
        return true;
    }

    private ItemBasedPrincipal getUserPrincipal(Set set) {
        try {
            UserManager userManager = this.session.getUserManager();
            Iterator it = set.iterator();
            while (it.hasNext()) {
                Principal principal = (Principal) it.next();
                if (!(principal instanceof Group) && (principal instanceof ItemBasedPrincipal) && userManager.getAuthorizable(principal) != null) {
                    return (ItemBasedPrincipal) principal;
                }
            }
            return null;
        } catch (RepositoryException e) {
            log.error("Internal error while retrieving user principal", e.getMessage());
            return null;
        }
    }

    private NodeImpl getUserNode(ItemBasedPrincipal itemBasedPrincipal) {
        NodeImpl nodeImpl = null;
        if (itemBasedPrincipal != null) {
            try {
                nodeImpl = (NodeImpl) this.session.getNode(itemBasedPrincipal.getPath());
            } catch (RepositoryException e) {
                log.warn("Error while retrieving user node.", e.getMessage());
            }
        }
        return nodeImpl;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Node getExistingNode(Path path) throws RepositoryException {
        String jCRPath = this.resolver.getJCRPath(path.getNormalizedPath());
        if (this.session.nodeExists(jCRPath)) {
            return this.session.getNode(jCRPath);
        }
        if (this.session.propertyExists(jCRPath)) {
            return this.session.getProperty(jCRPath).getParent();
        }
        String relativeParent = Text.getRelativeParent(jCRPath, 1);
        if (this.session.nodeExists(relativeParent)) {
            return this.session.getNode(relativeParent);
        }
        throw new ItemNotFoundException(new StringBuffer().append("Unable to determine permissions: No item and no existing parent for target path ").append(jCRPath).toString());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean containsGroup(Set set, String str) {
        Iterator it = set.iterator();
        while (it.hasNext() && str != null) {
            if (((Principal) it.next()).getName().equals(str)) {
                return true;
            }
        }
        return false;
    }

    private static boolean initGroup(UserManager userManager, String str) {
        boolean z;
        PrincipalImpl principalImpl = new PrincipalImpl(str);
        try {
            Authorizable authorizable = userManager.getAuthorizable(principalImpl);
            if (authorizable == null) {
                z = userManager.createGroup(principalImpl) != null;
            } else {
                z = authorizable.isGroup();
                if (!z) {
                    log.warn(new StringBuffer().append("Cannot create group '").append(str).append("'; User with that principal already exists.").toString());
                }
            }
        } catch (RepositoryException e) {
            log.error("Error while initializing user/group administrators", e.getMessage());
            z = false;
        }
        return z;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$jackrabbit$core$security$user$UserAccessControlProvider == null) {
            cls = class$("org.apache.jackrabbit.core.security.user.UserAccessControlProvider");
            class$org$apache$jackrabbit$core$security$user$UserAccessControlProvider = cls;
        } else {
            cls = class$org$apache$jackrabbit$core$security$user$UserAccessControlProvider;
        }
        log = LoggerFactory.getLogger(cls);
    }
}
