package org.apache.jackrabbit.oak.security.authorization.composite;

import java.util.List;
import java.util.Set;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.tree.RootProvider;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
import org.apache.jackrabbit.oak.security.authorization.permission.PermissionUtil;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProviderAnd.class */
public final class CompositePermissionProviderAnd extends CompositePermissionProvider {

    /* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProviderAnd$CompositeRepositoryPermission.class */
    private final class CompositeRepositoryPermission implements RepositoryPermission {
        private CompositeRepositoryPermission() {
        }

        @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission
        public boolean isGranted(long j) {
            boolean z = false;
            long j2 = 0;
            for (AggregatedPermissionProvider aggregatedPermissionProvider : CompositePermissionProviderAnd.this.getPermissionProviders()) {
                long supportedPermissions = aggregatedPermissionProvider.supportedPermissions((Tree) null, (PropertyState) null, j);
                if (Util.doEvaluate(supportedPermissions)) {
                    z = aggregatedPermissionProvider.getRepositoryPermission().isGranted(supportedPermissions);
                    if (!z) {
                        return false;
                    }
                    j2 |= supportedPermissions;
                }
            }
            return z && j2 == j;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CompositePermissionProviderAnd(@NotNull Root root, @NotNull List<AggregatedPermissionProvider> list, @NotNull Context context, @NotNull RootProvider rootProvider, @NotNull TreeProvider treeProvider) {
        super(root, list, context, rootProvider, treeProvider);
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.composite.CompositePermissionProvider
    @NotNull
    CompositeAuthorizationConfiguration.CompositionType getCompositeType() {
        return CompositeAuthorizationConfiguration.CompositionType.AND;
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.composite.CompositePermissionProvider
    @NotNull
    RepositoryPermission createRepositoryPermission() {
        return new CompositeRepositoryPermission();
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    @NotNull
    public Set<String> getPrivileges(@Nullable Tree tree) {
        Tree readOnlyTreeOrNull = PermissionUtil.getReadOnlyTreeOrNull(tree, getImmutableRoot());
        PrivilegeBits privilegeBits = PrivilegeBits.getInstance();
        PrivilegeBits privilegeBits2 = PrivilegeBits.getInstance();
        PrivilegeBitsProvider bitsProvider = getBitsProvider();
        for (AggregatedPermissionProvider aggregatedPermissionProvider : getPermissionProviders()) {
            PrivilegeBits modifiable = aggregatedPermissionProvider.supportedPrivileges(readOnlyTreeOrNull, null).modifiable();
            if (Util.doEvaluate(modifiable)) {
                PrivilegeBits bits = bitsProvider.getBits(aggregatedPermissionProvider.getPrivileges(readOnlyTreeOrNull));
                if (!bits.isEmpty()) {
                    privilegeBits.add(bits);
                }
                privilegeBits2.add(modifiable.diff(bits));
            }
        }
        if (!privilegeBits2.isEmpty()) {
            privilegeBits.diff(privilegeBits2);
        }
        return bitsProvider.getPrivilegeNames(privilegeBits);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    public boolean hasPrivileges(@Nullable Tree tree, @NotNull String... strArr) {
        Tree readOnlyTreeOrNull = PermissionUtil.getReadOnlyTreeOrNull(tree, getImmutableRoot());
        PrivilegeBitsProvider bitsProvider = getBitsProvider();
        PrivilegeBits bits = bitsProvider.getBits(strArr);
        if (bits.isEmpty()) {
            return true;
        }
        boolean z = false;
        PrivilegeBits privilegeBits = PrivilegeBits.getInstance();
        for (AggregatedPermissionProvider aggregatedPermissionProvider : getPermissionProviders()) {
            PrivilegeBits supportedPrivileges = aggregatedPermissionProvider.supportedPrivileges(readOnlyTreeOrNull, bits);
            if (Util.doEvaluate(supportedPrivileges)) {
                z = aggregatedPermissionProvider.hasPrivileges(readOnlyTreeOrNull, (String[]) bitsProvider.getPrivilegeNames(supportedPrivileges).toArray(new String[0]));
                if (!z) {
                    return false;
                }
                privilegeBits.add(supportedPrivileges);
            }
        }
        return z && privilegeBits.includes(bits);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    public boolean isGranted(@NotNull Tree tree, @Nullable PropertyState propertyState, long j) {
        Tree readOnlyTree = PermissionUtil.getReadOnlyTree(tree, getImmutableRoot());
        boolean z = false;
        long j2 = 0;
        for (AggregatedPermissionProvider aggregatedPermissionProvider : getPermissionProviders()) {
            long supportedPermissions = aggregatedPermissionProvider.supportedPermissions(readOnlyTree, propertyState, j);
            if (Util.doEvaluate(supportedPermissions)) {
                z = aggregatedPermissionProvider.isGranted(readOnlyTree, propertyState, supportedPermissions);
                if (!z) {
                    return false;
                }
                j2 |= supportedPermissions;
            }
        }
        return z && j2 == j;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider
    public boolean isGranted(@NotNull TreeLocation treeLocation, long j) {
        PropertyState property = treeLocation.getProperty();
        Tree tree = property == null ? treeLocation.getTree() : treeLocation.getParent().getTree();
        if (tree != null) {
            return isGranted(tree, property, j);
        }
        boolean z = false;
        long j2 = 0;
        for (AggregatedPermissionProvider aggregatedPermissionProvider : getPermissionProviders()) {
            long supportedPermissions = aggregatedPermissionProvider.supportedPermissions(treeLocation, j);
            if (Util.doEvaluate(supportedPermissions)) {
                z = aggregatedPermissionProvider.isGranted(treeLocation, supportedPermissions);
                if (!z) {
                    return false;
                }
                j2 |= supportedPermissions;
            }
        }
        return z && j2 == j;
    }
}
