package org.apache.jackrabbit.oak.security.authorization.permission;

import java.security.Principal;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.tree.RootFactory;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.class */
public class PermissionProviderImpl implements PermissionProvider, AccessControlConstants, PermissionConstants, AggregatedPermissionProvider {
    private final Root root;
    private final String workspaceName;
    private final String permissionRootName;
    private final Set<Principal> principals;
    private final RestrictionProvider restrictionProvider;
    private final ConfigurationParameters options;
    private final Context ctx;
    private CompiledPermissions compiledPermissions;
    private Root immutableRoot;

    public PermissionProviderImpl(@Nonnull Root root, @Nonnull String str, @Nonnull String str2, @Nonnull Set<Principal> set, @Nonnull RestrictionProvider restrictionProvider, @Nonnull ConfigurationParameters configurationParameters, @Nonnull Context context) {
        this.root = root;
        this.workspaceName = str;
        this.permissionRootName = str2;
        this.principals = set;
        this.restrictionProvider = restrictionProvider;
        this.options = configurationParameters;
        this.ctx = context;
        this.immutableRoot = RootFactory.createReadOnlyRoot(root);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    public void refresh() {
        this.immutableRoot = RootFactory.createReadOnlyRoot(this.root);
        getCompiledPermissions().refresh(this.immutableRoot, this.workspaceName);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    @Nonnull
    public Set<String> getPrivileges(@Nullable Tree tree) {
        return getCompiledPermissions().getPrivileges(PermissionUtil.getImmutableTree(tree, this.immutableRoot));
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    public boolean hasPrivileges(@Nullable Tree tree, @Nonnull String... strArr) {
        return getCompiledPermissions().hasPrivileges(PermissionUtil.getImmutableTree(tree, this.immutableRoot), strArr);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    @Nonnull
    public RepositoryPermission getRepositoryPermission() {
        return getCompiledPermissions().getRepositoryPermission();
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    @Nonnull
    public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission treePermission) {
        return getCompiledPermissions().getTreePermission(PermissionUtil.getImmutableTree(tree, this.immutableRoot), treePermission);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    public boolean isGranted(@Nonnull Tree tree, @Nullable PropertyState propertyState, long j) {
        return getCompiledPermissions().isGranted(PermissionUtil.getImmutableTree(tree, this.immutableRoot), propertyState, j);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    public boolean isGranted(@Nonnull String str, @Nonnull String str2) {
        TreeLocation create = TreeLocation.create(this.immutableRoot, str);
        return isGranted(create, str, Permissions.getPermissions(str2, create, this.ctx.definesLocation(create)));
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider
    @Nonnull
    public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) {
        return privilegeBits != null ? privilegeBits : new PrivilegeBitsProvider(this.immutableRoot).getBits(PrivilegeConstants.JCR_ALL);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider
    public long supportedPermissions(@Nullable Tree tree, @Nullable PropertyState propertyState, long j) {
        return j;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider
    public long supportedPermissions(@Nonnull TreeLocation treeLocation, long j) {
        return j;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider
    public long supportedPermissions(@Nonnull TreePermission treePermission, @Nullable PropertyState propertyState, long j) {
        return j;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider
    public boolean isGranted(@Nonnull TreeLocation treeLocation, long j) {
        return isGranted(treeLocation, treeLocation.getPath(), j);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider
    @Nonnull
    public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreeType treeType, @Nonnull TreePermission treePermission) {
        return getCompiledPermissions().getTreePermission(PermissionUtil.getImmutableTree(tree, this.immutableRoot), treeType, treePermission);
    }

    private CompiledPermissions getCompiledPermissions() {
        CompiledPermissions compiledPermissions = this.compiledPermissions;
        if (compiledPermissions == null) {
            compiledPermissions = PermissionUtil.isAdminOrSystem(this.principals, this.options) ? AllPermissions.getInstance() : CompiledPermissionImpl.create(this.immutableRoot, this.workspaceName, this.permissionRootName, this.principals, this.restrictionProvider, this.options, this.ctx);
            this.compiledPermissions = compiledPermissions;
        }
        return compiledPermissions;
    }

    private static boolean isVersionStorePath(@Nonnull String str) {
        return str.startsWith("/jcr:system/jcr:versionStorage");
    }

    private boolean isGranted(@Nonnull TreeLocation treeLocation, @Nonnull String str, long j) {
        boolean z = false;
        PropertyState property = treeLocation.getProperty();
        Tree tree = property == null ? treeLocation.getTree() : treeLocation.getParent().getTree();
        if (tree != null) {
            z = isGranted(tree, property, j);
        } else if (!isVersionStorePath(treeLocation.getPath())) {
            z = getCompiledPermissions().isGranted(str, j);
        }
        return z;
    }
}
