package org.apache.jackrabbit.oak.exercise.security.authorization.models.simplifiedroles;

import com.google.common.collect.ImmutableList;
import java.io.ByteArrayInputStream;
import java.security.Principal;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlManager;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.ConfigurationPolicy;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Modified;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PropertiesUtil;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore;
import org.apache.jackrabbit.oak.plugins.name.NamespaceEditorProvider;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import org.apache.jackrabbit.oak.plugins.nodetype.TypeEditorProvider;
import org.apache.jackrabbit.oak.plugins.nodetype.write.NodeTypeRegistry;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
import org.apache.jackrabbit.oak.spi.commit.CompositeEditorProvider;
import org.apache.jackrabbit.oak.spi.commit.EditorHook;
import org.apache.jackrabbit.oak.spi.commit.EditorProvider;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.state.ApplyDiff;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service({AuthorizationConfiguration.class, SecurityConfiguration.class})
@Component(metatype = true, immediate = true, policy = ConfigurationPolicy.REQUIRE)
@Properties({@Property(name = "supportedPath", label = "Supported Path"), @Property(name = "configurationRanking", label = "Ranking", description = "Ranking of this configuration in a setup with multiple authorization configurations.", intValue = {10}), @Property(name = "oak.security.name", propertyPrivate = true, value = {"org.apache.jackrabbit.oak.exercise.security.authorization.models.simplifiedroles.ThreeRolesAuthorizationConfiguration"})})
/* loaded from: input_file:org/apache/jackrabbit/oak/exercise/security/authorization/models/simplifiedroles/ThreeRolesAuthorizationConfiguration.class */
public class ThreeRolesAuthorizationConfiguration extends ConfigurationBase implements AuthorizationConfiguration, ThreeRolesConstants {
    private static final Logger log = LoggerFactory.getLogger(ThreeRolesAuthorizationConfiguration.class);
    private String supportedPath;

    @Activate
    private void activate(Map<String, Object> map) {
        this.supportedPath = PropertiesUtil.toString(map.get("supportedPath"), (String) null);
    }

    @Modified
    private void modified(Map<String, Object> map) {
        this.supportedPath = PropertiesUtil.toString(map.get("supportedPath"), (String) null);
    }

    @Deactivate
    private void deactivate(Map<String, Object> map) {
        this.supportedPath = null;
    }

    @NotNull
    public AccessControlManager getAccessControlManager(@NotNull Root root, @NotNull NamePathMapper namePathMapper) {
        return new ThreeRolesAccessControlManager(root, this.supportedPath, getSecurityProvider());
    }

    @NotNull
    public RestrictionProvider getRestrictionProvider() {
        return RestrictionProvider.EMPTY;
    }

    @NotNull
    public PermissionProvider getPermissionProvider(@NotNull Root root, @NotNull String str, @NotNull Set<Principal> set) {
        return this.supportedPath == null ? EmptyPermissionProvider.getInstance() : new ThreeRolesPermissionProvider(root, set, this.supportedPath, getContext(), getRootProvider());
    }

    @NotNull
    public String getName() {
        return "org.apache.jackrabbit.oak.authorization";
    }

    @NotNull
    public RepositoryInitializer getRepositoryInitializer() {
        String str = "<rep='internal'>\n[rep:ThreeRolesMixin] \n   mixin\n   +rep:threeRolesPolicy (rep:ThreeRolesPolicy) protected IGNORE\n\n[rep:ThreeRolesPolicy] > rep:Policy\n  - rep:readers (STRING) multiple protected IGNORE\n  - rep:editors (STRING) multiple protected IGNORE\n  - rep:owners (STRING) multiple protected IGNORE";
        System.out.println("<rep='internal'>\n[rep:ThreeRolesMixin] \n   mixin\n   +rep:threeRolesPolicy (rep:ThreeRolesPolicy) protected IGNORE\n\n[rep:ThreeRolesPolicy] > rep:Policy\n  - rep:readers (STRING) multiple protected IGNORE\n  - rep:editors (STRING) multiple protected IGNORE\n  - rep:owners (STRING) multiple protected IGNORE");
        return nodeBuilder -> {
            NodeState nodeState = nodeBuilder.getNodeState();
            MemoryNodeStore memoryNodeStore = new MemoryNodeStore(nodeState);
            Root createSystemRoot = getRootProvider().createSystemRoot(memoryNodeStore, new EditorHook(new CompositeEditorProvider(new EditorProvider[]{new NamespaceEditorProvider(), new TypeEditorProvider()})));
            try {
                if (!ReadOnlyNodeTypeManager.getInstance(createSystemRoot, NamePathMapper.DEFAULT).hasNodeType(ThreeRolesConstants.MIX_REP_THREE_ROLES_POLICY)) {
                    NodeTypeRegistry.register(createSystemRoot, new ByteArrayInputStream(str.getBytes()), "oak exercise");
                    memoryNodeStore.getRoot().compareAgainstBaseState(nodeState, new ApplyDiff(nodeBuilder));
                }
            } catch (RepositoryException e) {
                log.error(e.getMessage());
            }
        };
    }

    @NotNull
    public List<? extends ValidatorProvider> getValidators(@NotNull String str, @NotNull Set<Principal> set, @NotNull MoveTracker moveTracker) {
        return ImmutableList.of(new ValidatorProvider() { // from class: org.apache.jackrabbit.oak.exercise.security.authorization.models.simplifiedroles.ThreeRolesAuthorizationConfiguration.1
            protected Validator getRootValidator(NodeState nodeState, NodeState nodeState2, CommitInfo commitInfo) {
                return null;
            }
        });
    }

    @NotNull
    public List<ProtectedItemImporter> getProtectedItemImporters() {
        return ImmutableList.of();
    }

    @NotNull
    public Context getContext() {
        return new Context() { // from class: org.apache.jackrabbit.oak.exercise.security.authorization.models.simplifiedroles.ThreeRolesAuthorizationConfiguration.2
            public boolean definesProperty(@NotNull Tree tree, @NotNull PropertyState propertyState) {
                return definesTree(tree) && ThreeRolesConstants.NAMES.contains(propertyState.getName());
            }

            public boolean definesContextRoot(@NotNull Tree tree) {
                return definesTree(tree);
            }

            public boolean definesTree(@NotNull Tree tree) {
                return ThreeRolesConstants.REP_3_ROLES_POLICY.equals(tree.getName());
            }

            public boolean definesLocation(@NotNull TreeLocation treeLocation) {
                return ThreeRolesConstants.NAMES.contains(treeLocation.getName());
            }

            public boolean definesInternal(@NotNull Tree tree) {
                return false;
            }
        };
    }

    public void setParameters(@NotNull ConfigurationParameters configurationParameters) {
        super.setParameters(configurationParameters);
        this.supportedPath = (String) configurationParameters.getConfigValue("supportedPath", (Object) null);
    }
}
