package org.apache.jackrabbit.core.security.authorization.acl;

import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import org.apache.commons.collections.map.ListOrderedMap;
import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
import org.apache.jackrabbit.api.jsr283.security.AccessControlException;
import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
import org.apache.jackrabbit.api.jsr283.security.Privilege;
import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.core.security.authorization.AccessControlEntryImpl;
import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
import org.apache.jackrabbit.core.security.authorization.Permission;
import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/jackrabbit-core-1.6.4.jar:org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.class */
public class ACLTemplate implements JackrabbitAccessControlList {
    private static final Logger log;
    private final String path;
    private final Map entries = new ListOrderedMap();
    private final PrincipalManager principalMgr;
    private final PrivilegeRegistry privilegeRegistry;
    private final ValueFactory valueFactory;
    static Class class$org$apache$jackrabbit$core$security$authorization$acl$ACLTemplate;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/jackrabbit-core-1.6.4.jar:org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate$Entry.class */
    public static class Entry extends AccessControlEntryImpl {
        Entry(Principal principal, Privilege[] privilegeArr, boolean z, ValueFactory valueFactory) throws AccessControlException {
            super(principal, privilegeArr, z, Collections.EMPTY_MAP, valueFactory);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ACLTemplate(String str, PrincipalManager principalManager, PrivilegeRegistry privilegeRegistry, ValueFactory valueFactory) {
        this.path = str;
        this.principalMgr = principalManager;
        this.privilegeRegistry = privilegeRegistry;
        this.valueFactory = valueFactory;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ACLTemplate(NodeImpl nodeImpl, PrivilegeRegistry privilegeRegistry) throws RepositoryException {
        if (nodeImpl == null || !nodeImpl.isNodeType(AccessControlConstants.NT_REP_ACL)) {
            throw new IllegalArgumentException("Node must be of type 'rep:ACL'");
        }
        SessionImpl sessionImpl = (SessionImpl) nodeImpl.getSession();
        this.path = nodeImpl.getParent().getPath();
        this.principalMgr = sessionImpl.getPrincipalManager();
        this.valueFactory = sessionImpl.getValueFactory();
        this.privilegeRegistry = privilegeRegistry;
        AccessControlManager accessControlManager = sessionImpl.getAccessControlManager();
        NodeIterator nodes = nodeImpl.getNodes();
        while (nodes.hasNext()) {
            NodeImpl nodeImpl2 = (NodeImpl) nodes.nextNode();
            try {
                String string = nodeImpl2.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
                Principal principal = null;
                if (this.principalMgr.hasPrincipal(string)) {
                    try {
                        principal = this.principalMgr.getPrincipal(string);
                    } catch (NoSuchPrincipalException e) {
                    }
                }
                if (principal == null) {
                    log.debug(new StringBuffer().append("Principal with name ").append(string).append(" unknown to PrincipalManager.").toString());
                    principal = new PrincipalImpl(string);
                }
                Value[] values = nodeImpl2.getProperty(AccessControlConstants.P_PRIVILEGES).getValues();
                Privilege[] privilegeArr = new Privilege[values.length];
                for (int i = 0; i < values.length; i++) {
                    privilegeArr[i] = accessControlManager.privilegeFromName(values[i].getString());
                }
                internalAdd(new Entry(principal, privilegeArr, nodeImpl2.isNodeType(AccessControlConstants.NT_REP_GRANT_ACE), this.valueFactory));
            } catch (RepositoryException e2) {
                log.debug("Failed to build ACE from content.", e2.getMessage());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void collectEntries(NodeImpl nodeImpl, Map map) throws RepositoryException {
        SessionImpl sessionImpl = (SessionImpl) nodeImpl.getSession();
        PrincipalManager principalManager = sessionImpl.getPrincipalManager();
        AccessControlManager accessControlManager = sessionImpl.getAccessControlManager();
        NodeIterator nodes = nodeImpl.getNodes();
        while (nodes.hasNext()) {
            NodeImpl nodeImpl2 = (NodeImpl) nodes.nextNode();
            String string = nodeImpl2.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
            if (map.containsKey(string)) {
                Principal principal = null;
                if (principalManager.hasPrincipal(string)) {
                    try {
                        principal = principalManager.getPrincipal(string);
                    } catch (NoSuchPrincipalException e) {
                    }
                }
                if (principal == null) {
                    log.warn(new StringBuffer().append("Principal with name ").append(string).append(" unknown to PrincipalManager.").toString());
                    principal = new PrincipalImpl(string);
                }
                Value[] values = nodeImpl2.getProperty(AccessControlConstants.P_PRIVILEGES).getValues();
                Privilege[] privilegeArr = new Privilege[values.length];
                for (int i = 0; i < values.length; i++) {
                    privilegeArr[i] = accessControlManager.privilegeFromName(values[i].getString());
                }
                ((List) map.get(string)).add(new Entry(principal, privilegeArr, nodeImpl2.isNodeType(AccessControlConstants.NT_REP_GRANT_ACE), sessionImpl.getValueFactory()));
            }
        }
    }

    private List internalGetEntries() {
        ArrayList arrayList = new ArrayList();
        Iterator it = this.entries.values().iterator();
        while (it.hasNext()) {
            arrayList.addAll((List) it.next());
        }
        return arrayList;
    }

    private List internalGetEntries(Principal principal) {
        String name = principal.getName();
        return this.entries.containsKey(name) ? (List) this.entries.get(name) : new ArrayList(2);
    }

    private synchronized boolean internalAdd(Entry entry) throws AccessControlException {
        Principal principal = entry.getPrincipal();
        List internalGetEntries = internalGetEntries(principal);
        if (internalGetEntries.isEmpty()) {
            internalGetEntries.add(entry);
            this.entries.put(principal.getName(), internalGetEntries);
            return true;
        }
        if (internalGetEntries.contains(entry)) {
            return false;
        }
        Entry entry2 = null;
        Entry[] entryArr = (Entry[]) internalGetEntries.toArray(new Entry[internalGetEntries.size()]);
        for (int i = 0; i < entryArr.length; i++) {
            if (entry.isAllow() != entryArr[i].isAllow()) {
                entry2 = entryArr[i];
            } else {
                if ((entryArr[i].getPrivilegeBits() | (entry.getPrivilegeBits() ^ (-1))) == -1) {
                    return false;
                }
                internalGetEntries.remove(i);
                entry = new Entry(entry.getPrincipal(), this.privilegeRegistry.getPrivileges(entryArr[i].getPrivilegeBits() | entry.getPrivilegeBits()), entry.isAllow(), this.valueFactory);
            }
        }
        if (entry2 != null) {
            int privilegeBits = entry2.getPrivilegeBits();
            int diff = Permission.diff(privilegeBits, entry.getPrivilegeBits());
            if (diff == 0) {
                internalGetEntries.remove(entry2);
            } else if (diff != privilegeBits) {
                internalGetEntries.remove(entry2);
                internalGetEntries.add(new Entry(entry.getPrincipal(), this.privilegeRegistry.getPrivileges(diff), !entry.isAllow(), this.valueFactory));
            }
        }
        internalGetEntries.add(entry);
        return true;
    }

    private void checkValidEntry(Principal principal, Privilege[] privilegeArr, boolean z) throws AccessControlException {
        if (!this.principalMgr.hasPrincipal(principal.getName())) {
            throw new AccessControlException(new StringBuffer().append("Principal ").append(principal.getName()).append(" does not exist.").toString());
        }
        if (!z && (principal instanceof Group)) {
            throw new AccessControlException("For group principals permissions can only be added but not denied.");
        }
    }

    @Override // org.apache.jackrabbit.api.jsr283.security.AccessControlList
    public AccessControlEntry[] getAccessControlEntries() throws RepositoryException {
        List internalGetEntries = internalGetEntries();
        return (AccessControlEntry[]) internalGetEntries.toArray(new AccessControlEntry[internalGetEntries.size()]);
    }

    @Override // org.apache.jackrabbit.api.jsr283.security.AccessControlList
    public boolean addAccessControlEntry(Principal principal, Privilege[] privilegeArr) throws AccessControlException, RepositoryException {
        return addEntry(principal, privilegeArr, true, Collections.EMPTY_MAP);
    }

    @Override // org.apache.jackrabbit.api.jsr283.security.AccessControlList
    public synchronized void removeAccessControlEntry(AccessControlEntry accessControlEntry) throws AccessControlException, RepositoryException {
        if (!(accessControlEntry instanceof Entry)) {
            throw new AccessControlException(new StringBuffer().append("Invalid AccessControlEntry implementation ").append(accessControlEntry.getClass().getName()).append(".").toString());
        }
        List internalGetEntries = internalGetEntries(accessControlEntry.getPrincipal());
        if (!internalGetEntries.remove(accessControlEntry)) {
            throw new AccessControlException(new StringBuffer().append("AccessControlEntry ").append(accessControlEntry).append(" cannot be removed from ACL defined at ").append(getPath()).toString());
        }
        if (internalGetEntries.isEmpty()) {
            this.entries.remove(accessControlEntry.getPrincipal().getName());
        }
    }

    @Override // org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlPolicy
    public String getPath() {
        return this.path;
    }

    @Override // org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList
    public String[] getRestrictionNames() {
        return new String[0];
    }

    @Override // org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList
    public int getRestrictionType(String str) {
        return 0;
    }

    @Override // org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList
    public boolean isEmpty() {
        return this.entries.isEmpty();
    }

    @Override // org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList
    public int size() {
        return internalGetEntries().size();
    }

    @Override // org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList
    public boolean addEntry(Principal principal, Privilege[] privilegeArr, boolean z) throws AccessControlException, RepositoryException {
        return addEntry(principal, privilegeArr, z, null);
    }

    @Override // org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList
    public boolean addEntry(Principal principal, Privilege[] privilegeArr, boolean z, Map map) throws AccessControlException, RepositoryException {
        if (map != null && !map.isEmpty()) {
            throw new AccessControlException("This AccessControlList does not allow for additional restrictions.");
        }
        checkValidEntry(principal, privilegeArr, z);
        return internalAdd(new Entry(principal, privilegeArr, z, this.valueFactory));
    }

    public int hashCode() {
        return 0;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof ACLTemplate)) {
            return false;
        }
        ACLTemplate aCLTemplate = (ACLTemplate) obj;
        return this.path.equals(aCLTemplate.path) && this.entries.equals(aCLTemplate.entries);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$jackrabbit$core$security$authorization$acl$ACLTemplate == null) {
            cls = class$("org.apache.jackrabbit.core.security.authorization.acl.ACLTemplate");
            class$org$apache$jackrabbit$core$security$authorization$acl$ACLTemplate = cls;
        } else {
            cls = class$org$apache$jackrabbit$core$security$authorization$acl$ACLTemplate;
        }
        log = LoggerFactory.getLogger(cls);
    }
}
