package org.apache.sling.jcr.jackrabbit.accessmanager.post;

import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.jcr.Item;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
import org.apache.jackrabbit.api.jsr283.security.AccessControlList;
import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
import org.apache.jackrabbit.api.jsr283.security.Privilege;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceNotFoundException;
import org.apache.sling.api.servlets.HtmlResponse;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.apache.sling.servlets.post.Modification;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/resources/bundles/15/org.apache.sling.jcr.jackrabbit.accessmanager-2.0.2-incubator.jar:org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.class */
public class ModifyAceServlet extends AbstractAccessPostServlet {
    private static final long serialVersionUID = -9182485466670280437L;
    private final Logger log = LoggerFactory.getLogger(getClass());

    @Override // org.apache.sling.jcr.jackrabbit.accessmanager.post.AbstractAccessPostServlet
    protected void handleOperation(SlingHttpServletRequest slingHttpServletRequest, HtmlResponse htmlResponse, List<Modification> list) throws RepositoryException {
        String parameter;
        Session session = (Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class);
        if (session == null) {
            throw new RepositoryException("JCR Session not found");
        }
        String parameter2 = slingHttpServletRequest.getParameter("principalId");
        if (parameter2 == null) {
            throw new RepositoryException("principalId was not submitted.");
        }
        Authorizable authorizable = AccessControlUtil.getUserManager(session).getAuthorizable(parameter2);
        if (authorizable == null) {
            throw new RepositoryException("No principal found for id: " + parameter2);
        }
        Resource resource = slingHttpServletRequest.getResource();
        if (resource == null) {
            throw new ResourceNotFoundException("Resource not found.");
        }
        Item item = (Item) resource.adaptTo(Item.class);
        if (item == null) {
            throw new ResourceNotFoundException("Resource is not a JCR Node");
        }
        String path = item.getPath();
        ArrayList<String> arrayList = new ArrayList();
        ArrayList<String> arrayList2 = new ArrayList();
        Enumeration parameterNames = slingHttpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            Object nextElement = parameterNames.nextElement();
            if (nextElement instanceof String) {
                String str = (String) nextElement;
                if (str.startsWith("privilege@") && (parameter = slingHttpServletRequest.getParameter(str)) != null && parameter.length() > 0) {
                    if ("granted".equals(parameter)) {
                        arrayList.add(str.substring(10));
                    } else if ("denied".equals(parameter)) {
                        arrayList2.add(str.substring(10));
                    }
                }
            }
        }
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            AccessControlList accessControlList = null;
            AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(path);
            while (true) {
                if (!applicablePolicies.hasNext()) {
                    break;
                }
                AccessControlPolicy nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
                if (nextAccessControlPolicy instanceof AccessControlList) {
                    accessControlList = (AccessControlList) nextAccessControlPolicy;
                    break;
                }
            }
            if (accessControlList == null) {
                throw new RepositoryException("Unable to find an access conrol policy to update.");
            }
            StringBuilder sb = null;
            StringBuilder sb2 = null;
            if (this.log.isDebugEnabled()) {
                sb = new StringBuilder();
                sb2 = new StringBuilder();
            }
            AccessControlEntry[] accessControlEntries = accessControlList.getAccessControlEntries();
            ArrayList arrayList3 = new ArrayList();
            for (AccessControlEntry accessControlEntry : accessControlEntries) {
                if (parameter2.equals(accessControlEntry.getPrincipal().getName())) {
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("Found Existing ACE for principal {0} on resource: ", new Object[]{parameter2, path});
                    }
                    arrayList3.add(accessControlEntry);
                    if (this.log.isDebugEnabled()) {
                        boolean isAllow = AccessControlUtil.isAllow(accessControlEntry);
                        for (Privilege privilege : accessControlEntry.getPrivileges()) {
                            if (sb.length() > 0) {
                                sb.append(", ");
                            }
                            if (isAllow) {
                                sb.append("granted=");
                            } else {
                                sb.append("denied=");
                            }
                            sb.append(privilege.getName());
                        }
                    }
                }
            }
            if (!arrayList3.isEmpty()) {
                Iterator it = arrayList3.iterator();
                while (it.hasNext()) {
                    accessControlList.removeAccessControlEntry((AccessControlEntry) it.next());
                }
            }
            ArrayList arrayList4 = new ArrayList();
            for (String str2 : arrayList) {
                if (str2.length() != 0) {
                    Privilege privilegeFromName = accessControlManager.privilegeFromName(str2);
                    arrayList4.add(privilegeFromName);
                    if (this.log.isDebugEnabled()) {
                        if (sb2.length() > 0) {
                            sb2.append(", ");
                        }
                        sb2.append("granted=");
                        sb2.append(privilegeFromName.getName());
                    }
                }
            }
            if (arrayList4.size() > 0) {
                accessControlList.addAccessControlEntry(authorizable.getPrincipal(), (Privilege[]) arrayList4.toArray(new Privilege[arrayList4.size()]));
            }
            if (!authorizable.isGroup()) {
                ArrayList arrayList5 = new ArrayList();
                for (String str3 : arrayList2) {
                    if (str3.length() != 0) {
                        Privilege privilegeFromName2 = accessControlManager.privilegeFromName(str3);
                        arrayList5.add(privilegeFromName2);
                        if (this.log.isDebugEnabled()) {
                            if (sb2.length() > 0) {
                                sb2.append(", ");
                            }
                            sb2.append("denied=");
                            sb2.append(privilegeFromName2.getName());
                        }
                    }
                }
                if (arrayList5.size() > 0) {
                    AccessControlUtil.addEntry(accessControlList, authorizable.getPrincipal(), (Privilege[]) arrayList5.toArray(new Privilege[arrayList5.size()]), false);
                }
            }
            accessControlManager.setPolicy(path, accessControlList);
            if (session.hasPendingChanges()) {
                session.save();
            }
            if (this.log.isDebugEnabled()) {
                this.log.debug("Updated ACE for principalId {0} for resource {1) from {2} to {3}", new Object[]{authorizable.getID(), path, sb.toString(), sb2.toString()});
            }
        } catch (RepositoryException e) {
            throw new RepositoryException("Failed to create ace.", e);
        }
    }
}
