package org.apache.jackrabbit.core.security.authorization.principalbased;

import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.jcr.Item;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
import org.apache.jackrabbit.api.jsr283.security.AccessControlException;
import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
import org.apache.jackrabbit.api.jsr283.security.Privilege;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.PropertyImpl;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.core.security.authorization.AccessControlEntryImpl;
import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/jackrabbit-core-1.6.2.jar:org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplate.class */
public class ACLTemplate implements JackrabbitAccessControlList, AccessControlConstants {
    private static Logger log;
    static final Name P_NODE_PATH;
    static final Name P_GLOB;
    private final Principal principal;
    private final String path;
    private final ValueFactory valueFactory;
    private final List entries;
    private final String jcrNodePathName;
    private final String jcrGlobName;
    static Class class$org$apache$jackrabbit$core$security$authorization$principalbased$ACLTemplate;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.jackrabbit.core.security.authorization.principalbased.ACLTemplate$1, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/jackrabbit-core-1.6.2.jar:org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplate$1.class */
    public static class AnonymousClass1 {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/jackrabbit-core-1.6.2.jar:org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplate$Entry.class */
    public class Entry extends AccessControlEntryImpl {
        private final String nodePath;
        private final GlobPattern pattern;
        private final ACLTemplate this$0;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        private Entry(ACLTemplate aCLTemplate, Principal principal, Privilege[] privilegeArr, boolean z, Map map) throws AccessControlException, RepositoryException {
            super(principal, privilegeArr, z, map, aCLTemplate.valueFactory);
            this.this$0 = aCLTemplate;
            getRestriction(aCLTemplate.jcrNodePathName);
            this.nodePath = getRestriction(aCLTemplate.jcrNodePathName).getString();
            Value restriction = getRestriction(aCLTemplate.jcrGlobName);
            if (restriction == null) {
                this.pattern = GlobPattern.create(this.nodePath);
                return;
            }
            StringBuffer stringBuffer = new StringBuffer(this.nodePath);
            stringBuffer.append(restriction.getString());
            this.pattern = GlobPattern.create(stringBuffer.toString());
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean matches(String str) throws RepositoryException {
            return this.pattern.matches(str);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean matches(Item item) throws RepositoryException {
            return this.pattern.matches(item);
        }

        boolean matchesNodePath(String str) {
            return this.nodePath.equals(str);
        }

        Entry(ACLTemplate aCLTemplate, Principal principal, Privilege[] privilegeArr, boolean z, Map map, AnonymousClass1 anonymousClass1) throws AccessControlException, RepositoryException {
            this(aCLTemplate, principal, privilegeArr, z, map);
        }
    }

    ACLTemplate(Principal principal, String str, NamePathResolver namePathResolver, ValueFactory valueFactory) throws RepositoryException {
        this(principal, str, null, namePathResolver, valueFactory);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ACLTemplate(Principal principal, NodeImpl nodeImpl) throws RepositoryException {
        this(principal, nodeImpl.getPath(), nodeImpl, (SessionImpl) nodeImpl.getSession(), nodeImpl.getSession().getValueFactory());
    }

    private ACLTemplate(Principal principal, String str, NodeImpl nodeImpl, NamePathResolver namePathResolver, ValueFactory valueFactory) throws RepositoryException {
        this.entries = new ArrayList();
        this.principal = principal;
        this.path = str;
        this.valueFactory = valueFactory;
        this.jcrNodePathName = namePathResolver.getJCRName(P_NODE_PATH);
        this.jcrGlobName = namePathResolver.getJCRName(P_GLOB);
        if (nodeImpl == null || !nodeImpl.hasNode(N_POLICY)) {
            return;
        }
        NodeImpl node = nodeImpl.getNode(N_POLICY);
        AccessControlManager accessControlManager = ((SessionImpl) node.getSession()).getAccessControlManager();
        NodeIterator nodes = node.getNodes();
        while (nodes.hasNext()) {
            NodeImpl nodeImpl2 = (NodeImpl) nodes.nextNode();
            if (nodeImpl2.isNodeType(NT_REP_ACE)) {
                boolean isNodeType = nodeImpl2.isNodeType(NT_REP_GRANT_ACE);
                Value[] values = nodeImpl2.getProperty(P_PRIVILEGES).getValues();
                Privilege[] privilegeArr = new Privilege[values.length];
                for (int i = 0; i < values.length; i++) {
                    privilegeArr[i] = accessControlManager.privilegeFromName(values[i].getString());
                }
                HashMap hashMap = new HashMap(2);
                PropertyImpl property = nodeImpl2.getProperty(P_NODE_PATH);
                hashMap.put(property.getName(), property.getValue());
                if (nodeImpl2.hasProperty(P_GLOB)) {
                    PropertyImpl property2 = nodeImpl2.getProperty(P_GLOB);
                    hashMap.put(property2.getName(), property2.getValue());
                }
                this.entries.add(createEntry(principal, privilegeArr, isNodeType, hashMap));
            } else {
                log.warn(new StringBuffer().append("ACE must be of nodetype rep:ACE -> ignored child-node ").append(nodeImpl2.getPath()).toString());
            }
        }
    }

    AccessControlEntry createEntry(Principal principal, Privilege[] privilegeArr, boolean z, Map map) throws RepositoryException {
        if (!this.principal.equals(principal)) {
            throw new AccessControlException(new StringBuffer().append("Invalid principal. Expected: ").append(this.principal).toString());
        }
        if (!z && (this.principal instanceof Group)) {
            throw new AccessControlException("For group principals permissions can only be added but not denied.");
        }
        if (!map.keySet().contains(this.jcrNodePathName)) {
            throw new AccessControlException(new StringBuffer().append("Missing mandatory restriction: ").append(this.jcrNodePathName).toString());
        }
        Value value = (Value) map.get(this.jcrNodePathName);
        if (value.getType() != 8) {
            map.put(this.jcrNodePathName, this.valueFactory.createValue(value.getString(), 8));
        }
        Value value2 = (Value) map.get(this.jcrGlobName);
        if (value2 != null && value2.getType() != 1) {
            map.put(this.jcrGlobName, this.valueFactory.createValue(value2.getString(), 1));
        }
        return new Entry(this, principal, privilegeArr, z, map, null);
    }

    @Override // org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlPolicy
    public String getPath() {
        return this.path;
    }

    @Override // org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList
    public String[] getRestrictionNames() {
        return new String[]{this.jcrNodePathName, this.jcrGlobName};
    }

    @Override // org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList
    public int getRestrictionType(String str) {
        if (this.jcrNodePathName.equals(str)) {
            return 8;
        }
        return this.jcrGlobName.equals(str) ? 1 : 0;
    }

    @Override // org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList
    public boolean isEmpty() {
        return this.entries.isEmpty();
    }

    @Override // org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList
    public int size() {
        return this.entries.size();
    }

    @Override // org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList
    public boolean addEntry(Principal principal, Privilege[] privilegeArr, boolean z) throws AccessControlException, RepositoryException {
        return addEntry(principal, privilegeArr, z, null);
    }

    @Override // org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList
    public boolean addEntry(Principal principal, Privilege[] privilegeArr, boolean z, Map map) throws AccessControlException, RepositoryException {
        if (map == null || map.isEmpty()) {
            log.debug(new StringBuffer().append("Restrictions missing. Using default: rep:nodePath = ").append(getPath()).append("; rep:glob = null.").toString());
            map = Collections.singletonMap(this.jcrNodePathName, this.valueFactory.createValue(getPath(), 8));
        }
        AccessControlEntry createEntry = createEntry(principal, privilegeArr, z, map);
        if (this.entries.contains(createEntry)) {
            log.debug("Entry is already contained in policy -> no modification.");
            return false;
        }
        this.entries.add(0, createEntry);
        return true;
    }

    @Override // org.apache.jackrabbit.api.jsr283.security.AccessControlList
    public AccessControlEntry[] getAccessControlEntries() throws RepositoryException {
        return (AccessControlEntry[]) this.entries.toArray(new AccessControlEntry[this.entries.size()]);
    }

    @Override // org.apache.jackrabbit.api.jsr283.security.AccessControlList
    public boolean addAccessControlEntry(Principal principal, Privilege[] privilegeArr) throws AccessControlException, RepositoryException {
        return addEntry(principal, privilegeArr, true, Collections.EMPTY_MAP);
    }

    @Override // org.apache.jackrabbit.api.jsr283.security.AccessControlList
    public void removeAccessControlEntry(AccessControlEntry accessControlEntry) throws AccessControlException, RepositoryException {
        if (!(accessControlEntry instanceof Entry)) {
            throw new AccessControlException(new StringBuffer().append("Invalid AccessControlEntry implementation ").append(accessControlEntry.getClass().getName()).append(".").toString());
        }
        if (!this.entries.remove(accessControlEntry)) {
            throw new AccessControlException(new StringBuffer().append("Cannot remove AccessControlEntry ").append(accessControlEntry).toString());
        }
    }

    public int hashCode() {
        return 0;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof ACLTemplate)) {
            return false;
        }
        ACLTemplate aCLTemplate = (ACLTemplate) obj;
        return this.principal.equals(aCLTemplate.principal) && this.path.equals(aCLTemplate.path) && this.entries.equals(aCLTemplate.entries);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$jackrabbit$core$security$authorization$principalbased$ACLTemplate == null) {
            cls = class$("org.apache.jackrabbit.core.security.authorization.principalbased.ACLTemplate");
            class$org$apache$jackrabbit$core$security$authorization$principalbased$ACLTemplate = cls;
        } else {
            cls = class$org$apache$jackrabbit$core$security$authorization$principalbased$ACLTemplate;
        }
        log = LoggerFactory.getLogger(cls);
        P_NODE_PATH = NF.create("internal", "nodePath");
        P_GLOB = NF.create("internal", "glob");
    }
}
