package org.apache.jackrabbit.oak.exercise.security.authorization.models.simplifiedroles;

import java.security.Principal;
import java.util.Iterator;
import java.util.Set;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.guava.common.collect.Iterables;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.tree.ReadOnly;
import org.apache.jackrabbit.oak.plugins.tree.RootProvider;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.util.Text;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:org/apache/jackrabbit/oak/exercise/security/authorization/models/simplifiedroles/ThreeRolesPermissionProvider.class */
class ThreeRolesPermissionProvider implements AggregatedPermissionProvider, ThreeRolesConstants {
    private static final PrivilegeBits SUPPORTED_PRIVBITS = PrivilegeBits.getInstance(new PrivilegeBits[]{(PrivilegeBits) PrivilegeBits.BUILT_IN.get("jcr:read"), (PrivilegeBits) PrivilegeBits.BUILT_IN.get("rep:write"), (PrivilegeBits) PrivilegeBits.BUILT_IN.get("jcr:versionManagement"), (PrivilegeBits) PrivilegeBits.BUILT_IN.get("jcr:readAccessControl"), (PrivilegeBits) PrivilegeBits.BUILT_IN.get("jcr:modifyAccessControl")});
    private final Root root;
    private final Set<String> principalNames;
    private final String supportedPath;
    private final Context ctx;
    private final RootProvider rootProvider;
    private Root readOnlyRoot;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ThreeRolesPermissionProvider(@NotNull Root root, Set<Principal> set, @NotNull String str, @NotNull Context context, @NotNull RootProvider rootProvider) {
        this.root = root;
        this.principalNames = ImmutableSet.copyOf(Iterables.transform(set, (v0) -> {
            return v0.getName();
        }));
        this.supportedPath = str;
        this.ctx = context;
        this.rootProvider = rootProvider;
        this.readOnlyRoot = rootProvider.createReadOnlyRoot(root);
    }

    @NotNull
    public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) {
        PrivilegeBits privilegeBits2;
        if (tree == null) {
            return PrivilegeBits.EMPTY;
        }
        if (privilegeBits == null) {
            privilegeBits2 = SUPPORTED_PRIVBITS;
        } else {
            privilegeBits2 = PrivilegeBits.getInstance(new PrivilegeBits[]{privilegeBits});
            privilegeBits2.retain(SUPPORTED_PRIVBITS);
        }
        return (privilegeBits2.isEmpty() || !Utils.isSupportedPath(this.supportedPath, tree.getPath())) ? PrivilegeBits.EMPTY : privilegeBits2;
    }

    public long supportedPermissions(@Nullable Tree tree, @Nullable PropertyState propertyState, long j) {
        if (tree == null) {
            return 0L;
        }
        long j2 = j & ThreeRolesConstants.SUPPORTED_PERMISSIONS;
        if (j2 == 0 || !Utils.isSupportedPath(this.supportedPath, tree.getPath())) {
            return 0L;
        }
        return j2;
    }

    public long supportedPermissions(@NotNull TreeLocation treeLocation, long j) {
        long j2 = j & ThreeRolesConstants.SUPPORTED_PERMISSIONS;
        if (j2 == 0 || !Utils.isSupportedPath(this.supportedPath, treeLocation.getPath())) {
            return 0L;
        }
        return j2;
    }

    public long supportedPermissions(@NotNull TreePermission treePermission, @Nullable PropertyState propertyState, long j) {
        long j2 = j & ThreeRolesConstants.SUPPORTED_PERMISSIONS;
        if (j2 == 0 || !(treePermission instanceof ThreeRolesTreePermission)) {
            return 0L;
        }
        return j2;
    }

    public boolean isGranted(@NotNull TreeLocation treeLocation, long j) {
        if (!Utils.isSupportedPath(this.supportedPath, treeLocation.getPath())) {
            return false;
        }
        TreePermission treePermission = getTreePermission(treeLocation);
        PropertyState property = treeLocation.getProperty();
        return property == null ? treePermission.isGranted(j) : treePermission.isGranted(j, property);
    }

    @NotNull
    public TreePermission getTreePermission(@NotNull Tree tree, @NotNull TreeType treeType, @NotNull TreePermission treePermission) {
        return getTreePermission(tree, treePermission);
    }

    public void refresh() {
        this.readOnlyRoot = this.rootProvider.createReadOnlyRoot(this.root);
    }

    @NotNull
    public Set<String> getPrivileges(@Nullable Tree tree) {
        if (tree != null) {
            TreePermission treePermission = getTreePermission(getReadOnlyTree(tree));
            if (treePermission instanceof ThreeRolesTreePermission) {
                return ((ThreeRolesTreePermission) treePermission).getRole().getPrivilegeNames();
            }
        }
        return Set.of();
    }

    public boolean hasPrivileges(@Nullable Tree tree, @NotNull String... strArr) {
        return getPrivileges(tree).containsAll(ImmutableSet.copyOf(strArr));
    }

    @NotNull
    public RepositoryPermission getRepositoryPermission() {
        return RepositoryPermission.EMPTY;
    }

    @NotNull
    public TreePermission getTreePermission(@NotNull Tree tree, @NotNull TreePermission treePermission) {
        if (treePermission instanceof ThreeRolesTreePermission) {
            return treePermission;
        }
        String path = tree.getPath();
        if (!Utils.isSupportedPath(this.supportedPath, path)) {
            return isAncestor(path) ? TreePermission.EMPTY : TreePermission.NO_RECOURSE;
        }
        Tree readOnlyTree = getReadOnlyTree(tree);
        return readOnlyTree.hasChild(ThreeRolesConstants.REP_3_ROLES_POLICY) ? new ThreeRolesTreePermission(getRole(readOnlyTree), this.ctx.definesContextRoot(readOnlyTree)) : TreePermission.EMPTY;
    }

    public boolean isGranted(@NotNull Tree tree, @Nullable PropertyState propertyState, long j) {
        if (!Utils.isSupportedPath(this.supportedPath, tree.getPath())) {
            return false;
        }
        TreePermission treePermission = getTreePermission(tree);
        return propertyState == null ? treePermission.isGranted(j) : treePermission.isGranted(j, propertyState);
    }

    public boolean isGranted(@NotNull String str, @NotNull String str2) {
        TreeLocation create = TreeLocation.create(this.readOnlyRoot, str);
        return isGranted(create, Permissions.getPermissions(str2, create, this.ctx.definesLocation(create)));
    }

    private boolean isAncestor(@NotNull String str) {
        return Text.isDescendant(str, this.supportedPath);
    }

    private Role getRole(@NotNull Tree tree) {
        Tree child = tree.getChild(ThreeRolesConstants.REP_3_ROLES_POLICY);
        if (child.exists()) {
            if (containsAny(child, ThreeRolesConstants.REP_OWNERS)) {
                return Role.OWNER;
            }
            if (containsAny(child, ThreeRolesConstants.REP_EDITORS)) {
                return Role.EDITOR;
            }
            if (containsAny(child, ThreeRolesConstants.REP_READERS)) {
                return Role.READER;
            }
        }
        return Role.NONE;
    }

    private boolean containsAny(@NotNull Tree tree, @NotNull String str) {
        Iterable strings = TreeUtil.getStrings(tree, str);
        if (strings == null) {
            return false;
        }
        Iterator it = strings.iterator();
        while (it.hasNext()) {
            if (this.principalNames.contains((String) it.next())) {
                return true;
            }
        }
        return false;
    }

    private Tree getReadOnlyTree(@NotNull Tree tree) {
        return tree instanceof ReadOnly ? tree : this.readOnlyRoot.getTree(tree.getPath());
    }

    private TreePermission getTreePermission(@NotNull Tree tree) {
        Tree tree2 = tree;
        while (true) {
            Tree tree3 = tree2;
            if (!Utils.isSupportedPath(this.supportedPath, tree3.getPath())) {
                return TreePermission.EMPTY;
            }
            if (tree3.hasChild(ThreeRolesConstants.REP_3_ROLES_POLICY)) {
                return new ThreeRolesTreePermission(getRole(tree3), this.ctx.definesContextRoot(tree3));
            }
            tree2 = tree3.getParent();
        }
    }

    private TreePermission getTreePermission(@NotNull TreeLocation treeLocation) {
        TreeLocation treeLocation2 = treeLocation;
        while (true) {
            TreeLocation treeLocation3 = treeLocation2;
            if (!Utils.isSupportedPath(this.supportedPath, treeLocation3.getPath())) {
                return TreePermission.EMPTY;
            }
            Tree tree = treeLocation.getTree();
            if (tree != null) {
                return getTreePermission(getReadOnlyTree(tree));
            }
            treeLocation2 = treeLocation3.getParent();
        }
    }
}
