package org.apache.jackrabbit.core.security.authorization;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import javax.jcr.NamespaceRegistry;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
import org.apache.commons.collections.map.ReferenceMap;
import org.apache.commons.io.FileUtils;
import org.apache.jackrabbit.core.NamespaceRegistryImpl;
import org.apache.jackrabbit.core.cluster.PrivilegeEventChannel;
import org.apache.jackrabbit.core.cluster.PrivilegeEventListener;
import org.apache.jackrabbit.core.fs.FileSystem;
import org.apache.jackrabbit.core.fs.FileSystemException;
import org.apache.jackrabbit.core.fs.FileSystemResource;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.NameFactory;
import org.apache.jackrabbit.spi.PrivilegeDefinition;
import org.apache.jackrabbit.spi.commons.conversion.DefaultNamePathResolver;
import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
import org.apache.jackrabbit.spi.commons.name.NameConstants;
import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl;
import org.apache.jackrabbit.spi.commons.privilege.ParseException;
import org.apache.jackrabbit.spi.commons.privilege.PrivilegeDefinitionImpl;
import org.apache.jackrabbit.spi.commons.privilege.PrivilegeDefinitionReader;
import org.apache.jackrabbit.spi.commons.privilege.PrivilegeDefinitionWriter;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/jackrabbit-core-2.4.7.jar:org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.class */
public final class PrivilegeRegistry implements PrivilegeEventListener {
    public static final int NO_PRIVILEGE = 0;
    private static final int READ = 1;
    private static final int MODIFY_PROPERTIES = 2;
    private static final int ADD_CHILD_NODES = 4;
    private static final int REMOVE_CHILD_NODES = 8;
    private static final int REMOVE_NODE = 16;
    private static final int READ_AC = 32;
    private static final int MODIFY_AC = 64;
    private static final int NODE_TYPE_MNGMT = 128;
    private static final int VERSION_MNGMT = 256;
    private static final int LOCK_MNGMT = 512;
    private static final int LIFECYCLE_MNGMT = 1024;
    private static final int RETENTION_MNGMT = 2048;
    private static final int WORKSPACE_MNGMT = 4096;
    private static final int NODE_TYPE_DEF_MNGMT = 8192;
    private static final int NAMESPACE_MNGMT = 16384;
    private static final int PRIVILEGE_MNGMT = 32768;
    private static final String CUSTOM_PRIVILEGES_RESOURCE_NAME = "/privileges/custom_privileges.xml";
    private final NamespaceRegistry namespaceRegistry;
    private final CustomPrivilegeStore customPrivilegesStore;
    private final NameResolver resolver;
    private PrivilegeEventChannel eventChannel;
    private static final Logger log = LoggerFactory.getLogger(PrivilegeRegistry.class);
    private static final NameFactory NAME_FACTORY = NameFactoryImpl.getInstance();
    public static final String REP_WRITE = "{internal}write";
    public static final Name REP_WRITE_NAME = NAME_FACTORY.create(REP_WRITE);
    public static final String REP_PRIVILEGE_MANAGEMENT = "{internal}privilegeManagement";
    public static final Name REP_PRIVILEGE_MANAGEMENT_NAME = NAME_FACTORY.create(REP_PRIVILEGE_MANAGEMENT);
    private static final Map<Name, Integer> PRIVILEGE_NAMES = new HashMap();
    private final Map<Name, Definition> registeredPrivileges = new HashMap();
    private final Map<PrivilegeBits, Set<Name>> bitsToNames = new HashMap();
    private final Map<Listener, Listener> listeners = Collections.synchronizedMap(new ReferenceMap(2, 2));
    private PrivilegeBits nextBits = PrivilegeBits.getInstance(32768).nextBits();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/jackrabbit-core-2.4.7.jar:org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry$CustomPrivilegeStore.class */
    public final class CustomPrivilegeStore {
        private final FileSystemResource customPrivilegesResource;

        private CustomPrivilegeStore(FileSystemResource fileSystemResource) throws RepositoryException {
            this.customPrivilegesResource = fileSystemResource;
            try {
                if (!fileSystemResource.exists()) {
                    fileSystemResource.makeParentDirs();
                }
            } catch (FileSystemException e) {
                String str = "Internal error: Failed to access/create file system resource for custom privileges at " + fileSystemResource.getPath();
                PrivilegeRegistry.log.debug(str);
                throw new RepositoryException(str, e);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Map<Name, PrivilegeDefinition> load() throws FileSystemException, RepositoryException, ParseException, IOException {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            if (this.customPrivilegesResource.exists()) {
                InputStream inputStream = this.customPrivilegesResource.getInputStream();
                try {
                    for (PrivilegeDefinition privilegeDefinition : new PrivilegeDefinitionReader(inputStream, "text/xml").getPrivilegeDefinitions()) {
                        Name name = privilegeDefinition.getName();
                        if (linkedHashMap.containsKey(name)) {
                            throw new RepositoryException("Duplicate entry for custom privilege with name " + name.toString());
                        }
                        linkedHashMap.put(name, privilegeDefinition);
                    }
                } finally {
                    inputStream.close();
                }
            }
            return linkedHashMap;
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* JADX WARN: Multi-variable type inference failed */
        public void append(Map<Name, Definition> map) throws IOException, FileSystemException, RepositoryException, ParseException {
            ArrayList arrayList;
            Map hashMap;
            if (this.customPrivilegesResource.exists()) {
                InputStream inputStream = this.customPrivilegesResource.getInputStream();
                try {
                    PrivilegeDefinitionReader privilegeDefinitionReader = new PrivilegeDefinitionReader(inputStream, "text/xml");
                    arrayList = new ArrayList(Arrays.asList(privilegeDefinitionReader.getPrivilegeDefinitions()));
                    hashMap = privilegeDefinitionReader.getNamespaces();
                    inputStream.close();
                } catch (Throwable th) {
                    inputStream.close();
                    throw th;
                }
            } else {
                arrayList = new ArrayList();
                hashMap = new HashMap();
            }
            for (Definition definition : map.values()) {
                String namespaceURI = definition.getName().getNamespaceURI();
                hashMap.put(PrivilegeRegistry.this.namespaceRegistry.getPrefix(namespaceURI), namespaceURI);
                Iterator<Name> it = definition.getDeclaredAggregateNames().iterator();
                while (it.hasNext()) {
                    String namespaceURI2 = it.next().getNamespaceURI();
                    hashMap.put(PrivilegeRegistry.this.namespaceRegistry.getPrefix(namespaceURI2), namespaceURI2);
                }
                arrayList.add(definition);
            }
            OutputStream outputStream = this.customPrivilegesResource.getOutputStream();
            try {
                new PrivilegeDefinitionWriter("text/xml").writeDefinitions(outputStream, (PrivilegeDefinition[]) arrayList.toArray(new PrivilegeDefinition[arrayList.size()]), (Map<String, String>) hashMap);
                outputStream.close();
            } catch (Throwable th2) {
                outputStream.close();
                throw th2;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/jackrabbit-core-2.4.7.jar:org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry$Definition.class */
    public static final class Definition extends PrivilegeDefinitionImpl {
        private final PrivilegeBits bits;
        private final boolean isCustom;
        private int hashCode;

        private Definition(PrivilegeDefinition privilegeDefinition, PrivilegeBits privilegeBits) {
            this(privilegeDefinition.getName(), privilegeDefinition.isAbstract(), privilegeDefinition.getDeclaredAggregateNames(), privilegeBits, true);
        }

        private Definition(Name name, boolean z, long j) {
            this(name, z, (Set<Name>) Collections.emptySet(), PrivilegeBits.getInstance(j), false);
        }

        private Definition(Name name, boolean z, Set<Name> set, long j) {
            this(name, z, set, PrivilegeBits.getInstance(j), false);
        }

        private Definition(Name name, boolean z, Set<Name> set, PrivilegeBits privilegeBits, boolean z2) {
            super(name, z, set);
            if (privilegeBits == null || privilegeBits.isEmpty()) {
                throw new IllegalArgumentException("Failed to build bit representation of PrivilegeDefinition.");
            }
            this.bits = privilegeBits.unmodifiable();
            this.isCustom = z2;
        }

        @Override // org.apache.jackrabbit.spi.commons.privilege.PrivilegeDefinitionImpl
        public int hashCode() {
            if (this.hashCode == 0) {
                this.hashCode = (37 * super.hashCode()) + this.bits.hashCode();
            }
            return this.hashCode;
        }

        @Override // org.apache.jackrabbit.spi.commons.privilege.PrivilegeDefinitionImpl
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof Definition)) {
                return false;
            }
            Definition definition = (Definition) obj;
            return this.bits.equals(definition.bits) && super.equals(definition);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/jackrabbit-core-2.4.7.jar:org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry$Listener.class */
    public interface Listener {
        void privilegesRegistered(Set<Name> set);
    }

    public PrivilegeRegistry(NamespaceRegistry namespaceRegistry, FileSystem fileSystem) throws RepositoryException {
        this.namespaceRegistry = namespaceRegistry;
        this.customPrivilegesStore = new CustomPrivilegeStore(new FileSystemResource(fileSystem, CUSTOM_PRIVILEGES_RESOURCE_NAME));
        cacheDefinitions(createBuiltInPrivilegeDefinitions());
        try {
            cacheDefinitions(createCustomDefinitions(this.customPrivilegesStore.load()));
            this.resolver = new DefaultNamePathResolver(namespaceRegistry);
        } catch (IOException e) {
            throw new RepositoryException("Failed to load custom privileges", e);
        } catch (FileSystemException e2) {
            throw new RepositoryException("Failed to load custom privileges", e2);
        } catch (ParseException e3) {
            throw new RepositoryException("Failed to load custom privileges", e3);
        }
    }

    public PrivilegeRegistry(NameResolver nameResolver) {
        cacheDefinitions(createBuiltInPrivilegeDefinitions());
        this.namespaceRegistry = null;
        this.customPrivilegesStore = null;
        this.resolver = nameResolver;
    }

    @Override // org.apache.jackrabbit.core.cluster.PrivilegeEventListener
    public void externalRegisteredPrivileges(Collection<PrivilegeDefinition> collection) throws RepositoryException {
        HashMap hashMap = new HashMap(collection.size());
        for (PrivilegeDefinition privilegeDefinition : collection) {
            hashMap.put(privilegeDefinition.getName(), privilegeDefinition);
        }
        registerCustomDefinitions(hashMap);
    }

    public void setEventChannel(PrivilegeEventChannel privilegeEventChannel) {
        this.eventChannel = privilegeEventChannel;
        privilegeEventChannel.setListener(this);
    }

    public Privilege[] getRegisteredPrivileges() {
        try {
            return new PrivilegeManagerImpl(this, this.resolver).getRegisteredPrivileges();
        } catch (RepositoryException e) {
            throw new UnsupportedOperationException("No supported any more. Use PrivilegeManager#getRegisteredPrivileges() instead.");
        }
    }

    public Privilege getPrivilege(String str) throws AccessControlException, RepositoryException {
        return new PrivilegeManagerImpl(this, this.resolver).getPrivilege(str);
    }

    public Privilege[] getPrivileges(int i) {
        Set<Privilege> privileges = new PrivilegeManagerImpl(this, this.resolver).getPrivileges(PrivilegeBits.getInstance(i));
        return (Privilege[]) privileges.toArray(new Privilege[privileges.size()]);
    }

    public static int getBits(Privilege[] privilegeArr) throws AccessControlException {
        if (privilegeArr == null || privilegeArr.length == 0) {
            throw new AccessControlException("Privilege array is empty or null.");
        }
        HashMap hashMap = new HashMap(2);
        hashMap.put(Name.NS_REP_PREFIX, Name.NS_REP_URI);
        hashMap.put(Name.NS_JCR_PREFIX, "http://www.jcp.org/jcr/1.0");
        int i = 0;
        for (Privilege privilege : privilegeArr) {
            String namespacePrefix = Text.getNamespacePrefix(privilege.getName());
            if (!hashMap.containsKey(namespacePrefix)) {
                throw new AccessControlException("Unknown privilege '" + privilege.getName() + "'.");
            }
            Name create = NAME_FACTORY.create((String) hashMap.get(namespacePrefix), Text.getLocalName(privilege.getName()));
            if (PRIVILEGE_NAMES.containsKey(create)) {
                i |= PRIVILEGE_NAMES.get(create).intValue();
            } else if (NameConstants.JCR_WRITE.equals(create)) {
                i = (int) (i | createJcrWriteDefinition().bits.longValue());
            } else if (REP_WRITE_NAME.equals(create)) {
                i = (int) (i | createRepWriteDefinition(createJcrWriteDefinition()).bits.longValue());
            } else {
                if (!NameConstants.JCR_ALL.equals(create)) {
                    throw new AccessControlException("Unknown privilege '" + privilege.getName() + "'.");
                }
                Iterator<Name> it = PRIVILEGE_NAMES.keySet().iterator();
                while (it.hasNext()) {
                    i |= PRIVILEGE_NAMES.get(it.next()).intValue();
                }
            }
        }
        return i;
    }

    public static int calculatePermissions(PrivilegeBits privilegeBits, PrivilegeBits privilegeBits2, boolean z, boolean z2) {
        return calculatePermissions(privilegeBits.longValue(), privilegeBits2.longValue(), z, z2);
    }

    public static int calculatePermissions(int i, int i2, boolean z, boolean z2) {
        return calculatePermissions(i, i2, z, z2);
    }

    private static int calculatePermissions(long j, long j2, boolean z, boolean z2) {
        int i = 0;
        if (z2) {
            if ((j2 & 32) == 32) {
                i = 0 | 1;
            }
            if ((j2 & 64) == 64) {
                i = i | 4 | 2 | 8 | 16 | 128;
            }
        } else {
            if ((j & 1) == 1) {
                i = 0 | 1;
            }
            if ((j & 2) == 2) {
                i = i | 2 | 16;
            }
            if ((j2 & 4) == 4) {
                i |= 4;
            }
            if (z) {
                if ((j2 & 8) == 8 && (j & 16) == 16) {
                    i |= 8;
                }
            } else if ((j2 & 8) == 8 || (j & 16) == 16) {
                i |= 8;
            }
        }
        if ((j2 & 4) == 4 && (j2 & 8) == 8) {
            i |= 4096;
        }
        if ((j & 32) == 32) {
            i |= 32;
        }
        if ((j & 64) == 64) {
            i |= 64;
        }
        if ((j & FileUtils.ONE_KB) == FileUtils.ONE_KB) {
            i |= 1024;
        }
        if ((j & 512) == 512) {
            i |= 512;
        }
        if ((j & 128) == 128) {
            i |= 128;
        }
        if ((j & 2048) == 2048) {
            i |= 2048;
        }
        if ((j & 256) == 256) {
            i |= 256;
        }
        if ((j & 4096) == 4096) {
            i |= 32768;
        }
        if ((j & 8192) == 8192) {
            i |= 8192;
        }
        if ((j & 16384) == 16384) {
            i |= 16384;
        }
        if ((j & 32768) == 32768) {
            i |= 65536;
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void registerDefinition(Name name, boolean z, Set<Name> set) throws RepositoryException {
        Map<Name, PrivilegeDefinition> singletonMap = Collections.singletonMap(name, new PrivilegeDefinitionImpl(name, z, set));
        registerCustomDefinitions(singletonMap);
        if (this.eventChannel != null) {
            this.eventChannel.registeredPrivileges(singletonMap.values());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivilegeDefinition[] getAll() {
        return (PrivilegeDefinition[]) this.registeredPrivileges.values().toArray(new Definition[this.registeredPrivileges.size()]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivilegeDefinition get(Name name) {
        return this.registeredPrivileges.get(name);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Name[] getNames(PrivilegeBits privilegeBits) {
        if (privilegeBits == null || privilegeBits.isEmpty()) {
            return Name.EMPTY_ARRAY;
        }
        if (this.bitsToNames.containsKey(privilegeBits)) {
            Set<Name> set = this.bitsToNames.get(privilegeBits);
            return (Name[]) set.toArray(new Name[set.size()]);
        }
        HashSet hashSet = new HashSet();
        long longValue = privilegeBits.longValue();
        if ((longValue & 1) == 1) {
            hashSet.add(NameConstants.JCR_READ);
        }
        long longValue2 = this.registeredPrivileges.get(REP_WRITE_NAME).bits.longValue();
        long longValue3 = this.registeredPrivileges.get(NameConstants.JCR_WRITE).bits.longValue();
        if ((longValue & longValue2) == longValue2) {
            hashSet.add(REP_WRITE_NAME);
        } else if ((longValue & longValue3) == longValue3) {
            hashSet.add(NameConstants.JCR_WRITE);
        } else {
            if ((longValue & 2) == 2) {
                hashSet.add(NameConstants.JCR_MODIFY_PROPERTIES);
            }
            if ((longValue & 4) == 4) {
                hashSet.add(NameConstants.JCR_ADD_CHILD_NODES);
            }
            if ((longValue & 8) == 8) {
                hashSet.add(NameConstants.JCR_REMOVE_CHILD_NODES);
            }
            if ((longValue & 16) == 16) {
                hashSet.add(NameConstants.JCR_REMOVE_NODE);
            }
            if ((longValue & 128) == 128) {
                hashSet.add(NameConstants.JCR_NODE_TYPE_MANAGEMENT);
            }
        }
        if ((longValue & 32) == 32) {
            hashSet.add(NameConstants.JCR_READ_ACCESS_CONTROL);
        }
        if ((longValue & 64) == 64) {
            hashSet.add(NameConstants.JCR_MODIFY_ACCESS_CONTROL);
        }
        if ((longValue & 256) == 256) {
            hashSet.add(NameConstants.JCR_VERSION_MANAGEMENT);
        }
        if ((longValue & 512) == 512) {
            hashSet.add(NameConstants.JCR_LOCK_MANAGEMENT);
        }
        if ((longValue & FileUtils.ONE_KB) == FileUtils.ONE_KB) {
            hashSet.add(NameConstants.JCR_LIFECYCLE_MANAGEMENT);
        }
        if ((longValue & 2048) == 2048) {
            hashSet.add(NameConstants.JCR_RETENTION_MANAGEMENT);
        }
        if ((longValue & 4096) == 4096) {
            hashSet.add(NameConstants.JCR_WORKSPACE_MANAGEMENT);
        }
        if ((longValue & 8192) == 8192) {
            hashSet.add(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT);
        }
        if ((longValue & 16384) == 16384) {
            hashSet.add(NameConstants.JCR_NAMESPACE_MANAGEMENT);
        }
        if ((longValue & 32768) == 32768) {
            hashSet.add(REP_PRIVILEGE_MANAGEMENT_NAME);
        }
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        for (Definition definition : this.registeredPrivileges.values()) {
            if (definition.isCustom && privilegeBits.includes(definition.bits)) {
                hashSet2.add(definition.getName());
                if (!definition.getDeclaredAggregateNames().isEmpty()) {
                    hashSet3.add(definition);
                }
            }
        }
        Iterator it = hashSet3.iterator();
        while (it.hasNext()) {
            hashSet2.removeAll(((Definition) it.next()).getDeclaredAggregateNames());
        }
        hashSet.addAll(hashSet2);
        if (!hashSet.isEmpty()) {
            this.bitsToNames.put(privilegeBits, hashSet);
        }
        return (Name[]) hashSet.toArray(new Name[hashSet.size()]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivilegeBits getBits(PrivilegeDefinition... privilegeDefinitionArr) {
        switch (privilegeDefinitionArr.length) {
            case 0:
                return PrivilegeBits.EMPTY;
            case 1:
                return privilegeDefinitionArr[0] instanceof Definition ? ((Definition) privilegeDefinitionArr[0]).bits : PrivilegeBits.EMPTY;
            default:
                PrivilegeBits privilegeBits = PrivilegeBits.getInstance();
                for (PrivilegeDefinition privilegeDefinition : privilegeDefinitionArr) {
                    if (privilegeDefinition instanceof Definition) {
                        privilegeBits.add(((Definition) privilegeDefinition).bits);
                    }
                }
                return privilegeBits;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivilegeBits getBits(Name... nameArr) {
        switch (nameArr.length) {
            case 0:
                return PrivilegeBits.EMPTY;
            case 1:
                return getBits(nameArr[0]);
            default:
                PrivilegeBits privilegeBits = PrivilegeBits.getInstance();
                for (Name name : nameArr) {
                    privilegeBits.add(getBits(name));
                }
                return privilegeBits;
        }
    }

    PrivilegeBits getBits(Name name) {
        Definition definition = this.registeredPrivileges.get(name);
        return definition == null ? PrivilegeBits.EMPTY : definition.bits;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addListener(Listener listener) {
        this.listeners.put(listener, listener);
    }

    public void removeListener(Listener listener) {
        this.listeners.remove(listener);
    }

    private void registerCustomDefinitions(Map<Name, PrivilegeDefinition> map) throws RepositoryException {
        if (this.customPrivilegesStore == null) {
            throw new UnsupportedOperationException("No privilege store defined.");
        }
        synchronized (this.registeredPrivileges) {
            Map<Name, Definition> createCustomDefinitions = createCustomDefinitions(map);
            try {
                this.customPrivilegesStore.append(createCustomDefinitions);
                cacheDefinitions(createCustomDefinitions);
            } catch (IOException e) {
                throw new RepositoryException("Failed to register custom privilegess.", e);
            } catch (FileSystemException e2) {
                throw new RepositoryException("Failed to register custom privileges.", e2);
            } catch (ParseException e3) {
                throw new RepositoryException("Failed to register custom privileges.", e3);
            }
        }
        Iterator<Listener> it = this.listeners.keySet().iterator();
        while (it.hasNext()) {
            it.next().privilegesRegistered(map.keySet());
        }
    }

    private void cacheDefinitions(Map<Name, Definition> map) {
        this.registeredPrivileges.putAll(map);
        for (Definition definition : map.values()) {
            this.bitsToNames.put(definition.bits, Collections.singleton(definition.getName()));
        }
        if (map.containsKey(NameConstants.JCR_ALL)) {
            return;
        }
        Definition definition2 = this.registeredPrivileges.get(NameConstants.JCR_ALL);
        this.bitsToNames.remove(definition2.bits);
        HashSet hashSet = new HashSet(definition2.getDeclaredAggregateNames());
        hashSet.addAll(map.keySet());
        PrivilegeBits privilegeBits = PrivilegeBits.getInstance(definition2.bits);
        Iterator<Definition> it = map.values().iterator();
        while (it.hasNext()) {
            privilegeBits.add(it.next().bits);
        }
        Definition definition3 = new Definition(NameConstants.JCR_ALL, false, hashSet, privilegeBits, false);
        this.registeredPrivileges.put(NameConstants.JCR_ALL, definition3);
        this.bitsToNames.put(definition3.bits, Collections.singleton(NameConstants.JCR_ALL));
    }

    private Map<Name, Definition> createBuiltInPrivilegeDefinitions() {
        HashMap hashMap = new HashMap();
        int i = 0;
        for (Name name : PRIVILEGE_NAMES.keySet()) {
            int intValue = PRIVILEGE_NAMES.get(name).intValue();
            hashMap.put(name, new Definition(name, false, intValue));
            i |= intValue;
        }
        Definition createJcrWriteDefinition = createJcrWriteDefinition();
        hashMap.put(createJcrWriteDefinition.getName(), createJcrWriteDefinition);
        Definition createRepWriteDefinition = createRepWriteDefinition(createJcrWriteDefinition);
        hashMap.put(createRepWriteDefinition.getName(), createRepWriteDefinition);
        HashSet hashSet = new HashSet(10);
        hashSet.add(NameConstants.JCR_READ);
        hashSet.add(NameConstants.JCR_READ_ACCESS_CONTROL);
        hashSet.add(NameConstants.JCR_MODIFY_ACCESS_CONTROL);
        hashSet.add(NameConstants.JCR_LOCK_MANAGEMENT);
        hashSet.add(NameConstants.JCR_VERSION_MANAGEMENT);
        hashSet.add(NameConstants.JCR_NODE_TYPE_MANAGEMENT);
        hashSet.add(NameConstants.JCR_RETENTION_MANAGEMENT);
        hashSet.add(NameConstants.JCR_LIFECYCLE_MANAGEMENT);
        hashSet.add(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT);
        hashSet.add(NameConstants.JCR_NAMESPACE_MANAGEMENT);
        hashSet.add(NameConstants.JCR_WORKSPACE_MANAGEMENT);
        hashSet.add(NameConstants.JCR_WRITE);
        hashSet.add(REP_WRITE_NAME);
        hashSet.add(REP_PRIVILEGE_MANAGEMENT_NAME);
        Definition definition = new Definition(NameConstants.JCR_ALL, false, (Set) hashSet, i);
        hashMap.put(definition.getName(), definition);
        return hashMap;
    }

    private Map<Name, Definition> createCustomDefinitions(Map<Name, PrivilegeDefinition> map) throws RepositoryException {
        HashMap hashMap = new HashMap(map.size());
        HashSet hashSet = new HashSet();
        for (PrivilegeDefinition privilegeDefinition : map.values()) {
            Name name = privilegeDefinition.getName();
            if (name == null) {
                throw new RepositoryException("Name of custom privilege may not be null.");
            }
            if (this.registeredPrivileges.containsKey(name)) {
                throw new RepositoryException("Registered privilege with name " + name + " already exists.");
            }
            this.namespaceRegistry.getPrefix(name.getNamespaceURI());
            if (isReservedNamespaceURI(name.getNamespaceURI())) {
                throw new RepositoryException("Failed to register custom privilege: Reserved namespace URI: " + name.getNamespaceURI());
            }
            Set<Name> declaredAggregateNames = privilegeDefinition.getDeclaredAggregateNames();
            if (declaredAggregateNames.isEmpty()) {
                hashMap.put(name, new Definition(privilegeDefinition, nextBits()));
            } else {
                for (Name name2 : declaredAggregateNames) {
                    if (name.equals(name2)) {
                        throw new RepositoryException("Declared aggregate name '" + name2.toString() + "'refers to the same custom privilege.");
                    }
                    if (this.registeredPrivileges.containsKey(name2)) {
                        log.debug("Declared aggregate name '" + name2.toString() + "' referring to registered privilege.");
                    } else {
                        if (!map.containsKey(name2)) {
                            throw new RepositoryException("Found unresolvable name of declared aggregate privilege " + name2.toString());
                        }
                        log.debug("Declared aggregate name '" + name2.toString() + "' referring to un-registered privilege.");
                        if (isCircularAggregation(privilegeDefinition, name2, map)) {
                            throw new RepositoryException("Detected circular aggregation within custom privilege caused by " + name2.toString());
                        }
                    }
                }
                hashSet.add(privilegeDefinition);
            }
        }
        while (hashSet.size() > 0) {
            int size = hashSet.size();
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                PrivilegeDefinition privilegeDefinition2 = (PrivilegeDefinition) it.next();
                PrivilegeBits aggregateBits = getAggregateBits(privilegeDefinition2.getDeclaredAggregateNames(), hashMap);
                if (!aggregateBits.isEmpty()) {
                    if (this.bitsToNames.containsKey(aggregateBits) && this.bitsToNames.get(aggregateBits).size() == 1) {
                        throw new RepositoryException("Custom aggregate privilege '" + privilegeDefinition2.getName() + "' is already covered by '" + this.bitsToNames.get(aggregateBits).iterator().next().toString() + "'");
                    }
                    for (Definition definition : hashMap.values()) {
                        if (aggregateBits.equals(definition.bits)) {
                            throw new RepositoryException("Custom aggregate privilege '" + privilegeDefinition2.getName() + "' is already defined by '" + definition.getName() + "'");
                        }
                    }
                    Definition definition2 = new Definition(privilegeDefinition2, aggregateBits);
                    hashMap.put(definition2.getName(), definition2);
                    it.remove();
                }
            }
            if (size == hashSet.size()) {
                throw new RepositoryException("Invalid aggregate privilege definition. Failed to resolve aggregate names.");
            }
        }
        return hashMap;
    }

    private boolean isReservedNamespaceURI(String str) {
        return this.namespaceRegistry instanceof NamespaceRegistryImpl ? ((NamespaceRegistryImpl) this.namespaceRegistry).isReservedURI(str) : Name.NS_REP_URI.equals(str) || str.startsWith("http://www.w3.org") || str.startsWith("http://www.jcp.org");
    }

    private PrivilegeBits nextBits() {
        PrivilegeBits privilegeBits = this.nextBits;
        this.nextBits = this.nextBits.nextBits();
        return privilegeBits;
    }

    private PrivilegeBits getAggregateBits(Set<Name> set, Map<Name, Definition> map) {
        PrivilegeBits privilegeBits = PrivilegeBits.getInstance();
        for (Name name : set) {
            if (this.registeredPrivileges.containsKey(name)) {
                privilegeBits.add(this.registeredPrivileges.get(name).bits);
            } else {
                if (!map.containsKey(name)) {
                    return PrivilegeBits.EMPTY;
                }
                privilegeBits.add(map.get(name).bits);
            }
        }
        return privilegeBits.unmodifiable();
    }

    private boolean isCircularAggregation(PrivilegeDefinition privilegeDefinition, Name name, Map<Name, PrivilegeDefinition> map) {
        PrivilegeDefinition privilegeDefinition2 = map.get(name);
        if (privilegeDefinition2.getDeclaredAggregateNames().isEmpty()) {
            return false;
        }
        boolean z = false;
        for (Name name2 : privilegeDefinition2.getDeclaredAggregateNames()) {
            if (privilegeDefinition.getName().equals(name2)) {
                return true;
            }
            if (map.containsKey(name2)) {
                z = isCircularAggregation(privilegeDefinition, name2, map);
            }
        }
        return z;
    }

    private static Definition createJcrWriteDefinition() {
        HashSet hashSet = new HashSet(4);
        hashSet.add(NameConstants.JCR_MODIFY_PROPERTIES);
        hashSet.add(NameConstants.JCR_ADD_CHILD_NODES);
        hashSet.add(NameConstants.JCR_REMOVE_CHILD_NODES);
        hashSet.add(NameConstants.JCR_REMOVE_NODE);
        int i = 0;
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            i |= PRIVILEGE_NAMES.get((Name) it.next()).intValue();
        }
        return new Definition(NameConstants.JCR_WRITE, false, (Set) hashSet, i);
    }

    private static Definition createRepWriteDefinition(Definition definition) {
        HashSet hashSet = new HashSet(2);
        hashSet.add(NameConstants.JCR_WRITE);
        hashSet.add(NameConstants.JCR_NODE_TYPE_MANAGEMENT);
        return new Definition(REP_WRITE_NAME, false, (Set) hashSet, definition.bits.longValue() | PRIVILEGE_NAMES.get(NameConstants.JCR_NODE_TYPE_MANAGEMENT).intValue());
    }

    static {
        PRIVILEGE_NAMES.put(NameConstants.JCR_READ, 1);
        PRIVILEGE_NAMES.put(NameConstants.JCR_MODIFY_PROPERTIES, 2);
        PRIVILEGE_NAMES.put(NameConstants.JCR_ADD_CHILD_NODES, 4);
        PRIVILEGE_NAMES.put(NameConstants.JCR_REMOVE_CHILD_NODES, 8);
        PRIVILEGE_NAMES.put(NameConstants.JCR_REMOVE_NODE, 16);
        PRIVILEGE_NAMES.put(NameConstants.JCR_READ_ACCESS_CONTROL, 32);
        PRIVILEGE_NAMES.put(NameConstants.JCR_MODIFY_ACCESS_CONTROL, 64);
        PRIVILEGE_NAMES.put(NameConstants.JCR_NODE_TYPE_MANAGEMENT, 128);
        PRIVILEGE_NAMES.put(NameConstants.JCR_VERSION_MANAGEMENT, 256);
        PRIVILEGE_NAMES.put(NameConstants.JCR_LOCK_MANAGEMENT, 512);
        PRIVILEGE_NAMES.put(NameConstants.JCR_LIFECYCLE_MANAGEMENT, 1024);
        PRIVILEGE_NAMES.put(NameConstants.JCR_RETENTION_MANAGEMENT, 2048);
        PRIVILEGE_NAMES.put(NameConstants.JCR_WORKSPACE_MANAGEMENT, 4096);
        PRIVILEGE_NAMES.put(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, 8192);
        PRIVILEGE_NAMES.put(NameConstants.JCR_NAMESPACE_MANAGEMENT, 16384);
        PRIVILEGE_NAMES.put(REP_PRIVILEGE_MANAGEMENT_NAME, 32768);
    }
}
