package org.apache.jackrabbit.core.security.authorization;

import java.security.Principal;
import java.util.Map;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.observation.ObservationManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.core.ItemImpl;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.id.ItemId;
import org.apache.jackrabbit.core.nodetype.NodeTypeImpl;
import org.apache.jackrabbit.core.security.SystemPrincipal;
import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;

/* loaded from: input_file:WEB-INF/lib/jackrabbit-core-2.2.7.jar:org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.class */
public abstract class AbstractAccessControlProvider implements AccessControlProvider, AccessControlUtils, AccessControlConstants {
    public static final String PARAM_OMIT_DEFAULT_PERMISSIONS = "omit-default-permission";
    protected SessionImpl session;
    protected ObservationManager observationMgr;
    protected NamePathResolver resolver;
    protected int privAll;
    protected int privRead;
    private boolean initialized;

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkInitialized() {
        if (!this.initialized) {
            throw new IllegalStateException("Not initialized or already closed.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CompiledPermissions getAdminPermissions() {
        return new CompiledPermissions() { // from class: org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider.1
            @Override // org.apache.jackrabbit.core.security.authorization.CompiledPermissions
            public void close() {
            }

            @Override // org.apache.jackrabbit.core.security.authorization.CompiledPermissions
            public boolean grants(Path path, int i) {
                return true;
            }

            @Override // org.apache.jackrabbit.core.security.authorization.CompiledPermissions
            public int getPrivileges(Path path) {
                return AbstractAccessControlProvider.this.privAll;
            }

            @Override // org.apache.jackrabbit.core.security.authorization.CompiledPermissions
            public boolean canReadAll() {
                return true;
            }

            @Override // org.apache.jackrabbit.core.security.authorization.CompiledPermissions
            public boolean canRead(Path path, ItemId itemId) throws RepositoryException {
                return true;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CompiledPermissions getReadOnlyPermissions() {
        return new CompiledPermissions() { // from class: org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider.2
            @Override // org.apache.jackrabbit.core.security.authorization.CompiledPermissions
            public void close() {
            }

            @Override // org.apache.jackrabbit.core.security.authorization.CompiledPermissions
            public boolean grants(Path path, int i) throws RepositoryException {
                return !AbstractAccessControlProvider.this.isAcItem(path) && i == 1;
            }

            @Override // org.apache.jackrabbit.core.security.authorization.CompiledPermissions
            public int getPrivileges(Path path) throws RepositoryException {
                if (AbstractAccessControlProvider.this.isAcItem(path)) {
                    return 0;
                }
                return AbstractAccessControlProvider.this.privRead;
            }

            @Override // org.apache.jackrabbit.core.security.authorization.CompiledPermissions
            public boolean canReadAll() {
                return false;
            }

            @Override // org.apache.jackrabbit.core.security.authorization.CompiledPermissions
            public boolean canRead(Path path, ItemId itemId) throws RepositoryException {
                return path != null ? !AbstractAccessControlProvider.this.isAcItem(path) : !AbstractAccessControlProvider.this.isAcItem(AbstractAccessControlProvider.this.session.getItemManager().getItem(itemId));
            }
        };
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlUtils
    public boolean isAcItem(Path path) throws RepositoryException {
        Path.Element[] elements = path.getElements();
        if (elements.length <= 1) {
            return false;
        }
        int length = elements.length - 1;
        for (int i = 1; length >= 0 && i <= 3; i++) {
            if (N_POLICY.equals(elements[length].getName())) {
                return true;
            }
            length--;
        }
        return false;
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlUtils
    public boolean isAcItem(ItemImpl itemImpl) throws RepositoryException {
        Name qName = ((NodeTypeImpl) (itemImpl.isNode() ? (NodeImpl) itemImpl : (NodeImpl) itemImpl.getParent()).getPrimaryNodeType()).getQName();
        return qName.equals(NT_REP_ACL) || qName.equals(NT_REP_GRANT_ACE) || qName.equals(NT_REP_DENY_ACE);
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlUtils
    public boolean isAdminOrSystem(Set<Principal> set) {
        for (Principal principal : set) {
            if ((principal instanceof AdminPrincipal) || (principal instanceof SystemPrincipal)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlUtils
    public boolean isReadOnly(Set<Principal> set) {
        return false;
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlProvider
    public void init(Session session, Map map) throws RepositoryException {
        if (this.initialized) {
            throw new IllegalStateException("already initialized");
        }
        if (!(session instanceof SessionImpl)) {
            throw new RepositoryException("SessionImpl (system session) expected.");
        }
        this.session = (SessionImpl) session;
        this.observationMgr = session.getWorkspace().getObservationManager();
        this.resolver = (NamePathResolver) session;
        this.privAll = PrivilegeRegistry.getBits(new Privilege[]{this.session.getAccessControlManager().privilegeFromName("{http://www.jcp.org/jcr/1.0}all")});
        this.privRead = PrivilegeRegistry.getBits(new Privilege[]{this.session.getAccessControlManager().privilegeFromName("{http://www.jcp.org/jcr/1.0}read")});
        this.initialized = true;
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlProvider
    public void close() {
        checkInitialized();
        this.initialized = false;
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlProvider
    public boolean isLive() {
        return this.initialized && this.session.isLive();
    }
}
