package org.apache.jackrabbit.oak.exercise.security.authorization.models.readonly;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.security.Principal;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.NamedAccessControlPolicy;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.ConfigurationPolicy;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.ThreeWayConflictHandler;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;

@Service({AuthorizationConfiguration.class, SecurityConfiguration.class})
@Component(metatype = true, policy = ConfigurationPolicy.REQUIRE)
@Properties({@Property(name = "configurationRanking", label = "Ranking", description = "Ranking of this configuration in a setup with multiple authorization configurations.", intValue = {300}), @Property(name = "oak.security.name", propertyPrivate = true, value = {"org.apache.jackrabbit.oak.exercise.security.authorization.models.readonly.ReadOnlyAuthorizationConfiguration"})})
/* loaded from: input_file:org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.class */
public final class ReadOnlyAuthorizationConfiguration extends ConfigurationBase implements AuthorizationConfiguration {
    private static final long READ_PERMISSIONS = 131;
    private static final Set<String> READ_PRIVILEGE_NAMES = ImmutableSet.of("jcr:read", "jcr:readAccessControl", "rep:readNodes", "rep:readProperties");

    /* loaded from: input_file:org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration$ReadOnlyPermissions.class */
    private static final class ReadOnlyPermissions implements TreePermission {
        private static final TreePermission INSTANCE = new ReadOnlyPermissions();

        private ReadOnlyPermissions() {
        }

        @Nonnull
        public TreePermission getChildPermission(@Nonnull String str, @Nonnull NodeState nodeState) {
            return this;
        }

        public boolean canRead() {
            return true;
        }

        public boolean canRead(@Nonnull PropertyState propertyState) {
            return true;
        }

        public boolean canReadAll() {
            return true;
        }

        public boolean canReadProperties() {
            return true;
        }

        public boolean isGranted(long j) {
            return ReadOnlyAuthorizationConfiguration.onlyReadPermissions(j);
        }

        public boolean isGranted(long j, @Nonnull PropertyState propertyState) {
            return ReadOnlyAuthorizationConfiguration.onlyReadPermissions(j);
        }
    }

    /* loaded from: input_file:org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration$ReadOnlyPolicy.class */
    private static final class ReadOnlyPolicy implements NamedAccessControlPolicy {
        private static final NamedAccessControlPolicy INSTANCE = new ReadOnlyPolicy();

        private ReadOnlyPolicy() {
        }

        public String getName() {
            return "Read-only Policy defined by 'ReadOnlyAuthorizationConfiguration'";
        }
    }

    @Nonnull
    public AccessControlManager getAccessControlManager(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper) {
        return new AbstractAccessControlManager(root, namePathMapper, getSecurityProvider()) { // from class: org.apache.jackrabbit.oak.exercise.security.authorization.models.readonly.ReadOnlyAuthorizationConfiguration.1
            public AccessControlPolicy[] getPolicies(String str) {
                return new AccessControlPolicy[0];
            }

            public AccessControlPolicy[] getEffectivePolicies(String str) {
                return new AccessControlPolicy[]{ReadOnlyPolicy.INSTANCE};
            }

            public AccessControlPolicyIterator getApplicablePolicies(String str) {
                return new AccessControlPolicyIteratorAdapter(Collections.emptyIterator());
            }

            public void setPolicy(String str, AccessControlPolicy accessControlPolicy) throws AccessControlException {
                throw new AccessControlException();
            }

            public void removePolicy(String str, AccessControlPolicy accessControlPolicy) throws AccessControlException {
                throw new AccessControlException();
            }

            public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) {
                return new JackrabbitAccessControlPolicy[0];
            }

            public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) {
                return new JackrabbitAccessControlPolicy[0];
            }

            public AccessControlPolicy[] getEffectivePolicies(Set<Principal> set) {
                return new AccessControlPolicy[]{ReadOnlyPolicy.INSTANCE};
            }
        };
    }

    @Nonnull
    public RestrictionProvider getRestrictionProvider() {
        return RestrictionProvider.EMPTY;
    }

    @Nonnull
    public PermissionProvider getPermissionProvider(@Nonnull final Root root, @Nonnull String str, @Nonnull Set<Principal> set) {
        return set.contains(SystemPrincipal.INSTANCE) ? EmptyPermissionProvider.getInstance() : new AggregatedPermissionProvider() { // from class: org.apache.jackrabbit.oak.exercise.security.authorization.models.readonly.ReadOnlyAuthorizationConfiguration.2
            @Nonnull
            public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) {
                return privilegeBits != null ? privilegeBits : new PrivilegeBitsProvider(root).getBits(new String[]{"jcr:all"});
            }

            public long supportedPermissions(@Nullable Tree tree, @Nullable PropertyState propertyState, long j) {
                return j;
            }

            public long supportedPermissions(@Nonnull TreeLocation treeLocation, long j) {
                return j;
            }

            public long supportedPermissions(@Nonnull TreePermission treePermission, @Nullable PropertyState propertyState, long j) {
                return j;
            }

            public boolean isGranted(@Nonnull TreeLocation treeLocation, long j) {
                return ReadOnlyAuthorizationConfiguration.onlyReadPermissions(j);
            }

            @Nonnull
            public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreeType treeType, @Nonnull TreePermission treePermission) {
                return new ReadOnlyPermissions();
            }

            public void refresh() {
            }

            @Nonnull
            public Set<String> getPrivileges(@Nullable Tree tree) {
                return ReadOnlyAuthorizationConfiguration.READ_PRIVILEGE_NAMES;
            }

            public boolean hasPrivileges(@Nullable Tree tree, @Nonnull String... strArr) {
                HashSet newHashSet = Sets.newHashSet(strArr);
                newHashSet.removeAll(ReadOnlyAuthorizationConfiguration.READ_PRIVILEGE_NAMES);
                return newHashSet.isEmpty();
            }

            @Nonnull
            public RepositoryPermission getRepositoryPermission() {
                return RepositoryPermission.EMPTY;
            }

            @Nonnull
            public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission treePermission) {
                return ReadOnlyPermissions.INSTANCE;
            }

            public boolean isGranted(@Nonnull Tree tree, @Nullable PropertyState propertyState, long j) {
                return ReadOnlyAuthorizationConfiguration.onlyReadPermissions(j);
            }

            public boolean isGranted(@Nonnull String str2, @Nonnull String str3) {
                return ReadOnlyAuthorizationConfiguration.onlyReadPermissions(Permissions.getPermissions(str3, TreeLocation.create(root, str2), false));
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final boolean onlyReadPermissions(long j) {
        return Permissions.diff(j, READ_PERMISSIONS) == 0;
    }

    @Nonnull
    public String getName() {
        return "org.apache.jackrabbit.oak.authorization";
    }

    @Nonnull
    public ConfigurationParameters getParameters() {
        return ConfigurationParameters.EMPTY;
    }

    @Nonnull
    public WorkspaceInitializer getWorkspaceInitializer() {
        return WorkspaceInitializer.DEFAULT;
    }

    @Nonnull
    public RepositoryInitializer getRepositoryInitializer() {
        return RepositoryInitializer.DEFAULT;
    }

    @Nonnull
    public List<? extends CommitHook> getCommitHooks(@Nonnull String str) {
        return ImmutableList.of();
    }

    @Nonnull
    public List<? extends ValidatorProvider> getValidators(@Nonnull String str, @Nonnull Set<Principal> set, @Nonnull MoveTracker moveTracker) {
        return ImmutableList.of();
    }

    @Nonnull
    public List<ThreeWayConflictHandler> getConflictHandlers() {
        return ImmutableList.of();
    }

    @Nonnull
    public List<ProtectedItemImporter> getProtectedItemImporters() {
        return ImmutableList.of();
    }

    @Nonnull
    public Context getContext() {
        return Context.DEFAULT;
    }
}
