package org.apache.sling.jcr.jackrabbit.accessmanager.post;

import java.io.IOException;
import java.security.Principal;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.Item;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.ServletException;
import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
import org.apache.jackrabbit.api.jsr283.security.AccessControlList;
import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
import org.apache.jackrabbit.api.jsr283.security.Privilege;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceNotFoundException;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.apache.sling.commons.json.JSONObject;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.apache.sling.servlets.get.impl.helpers.JsonRendererServlet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/resources/bundles/15/org.apache.sling.jcr.jackrabbit.accessmanager-2.0.2-incubator.jar:org/apache/sling/jcr/jackrabbit/accessmanager/post/GetAclServlet.class */
public class GetAclServlet extends SlingAllMethodsServlet {
    private static final long serialVersionUID = 3391376559396223184L;
    private final Logger log = LoggerFactory.getLogger(getClass());

    @Override // org.apache.sling.api.servlets.SlingSafeMethodsServlet
    protected void doGet(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        try {
            Session session = (Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class);
            if (session == null) {
                throw new RepositoryException("JCR Session not found");
            }
            Resource resource = slingHttpServletRequest.getResource();
            if (resource == null) {
                throw new ResourceNotFoundException("Resource not found.");
            }
            Item item = (Item) resource.adaptTo(Item.class);
            if (item == null) {
                throw new ResourceNotFoundException("Resource is not a JCR Node");
            }
            AccessControlEntry[] declaredAccessControlEntries = getDeclaredAccessControlEntries(session, item.getPath());
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            for (AccessControlEntry accessControlEntry : declaredAccessControlEntries) {
                Principal principal = accessControlEntry.getPrincipal();
                Map map = (Map) linkedHashMap.get(principal.getName());
                if (map == null) {
                    map = new LinkedHashMap();
                    linkedHashMap.put(principal.getName(), map);
                }
                if (AccessControlUtil.isAllow(accessControlEntry)) {
                    Set set = (Set) map.get("granted");
                    if (set == null) {
                        set = new LinkedHashSet();
                        map.put("granted", set);
                    }
                    for (Privilege privilege : accessControlEntry.getPrivileges()) {
                        set.add(privilege.getName());
                    }
                } else {
                    Set set2 = (Set) map.get("denied");
                    if (set2 == null) {
                        set2 = new LinkedHashSet();
                        map.put("denied", set2);
                    }
                    for (Privilege privilege2 : accessControlEntry.getPrivileges()) {
                        set2.add(privilege2.getName());
                    }
                }
            }
            slingHttpServletResponse.setContentType(JsonRendererServlet.responseContentType);
            slingHttpServletResponse.setCharacterEncoding("UTF-8");
            JSONObject jSONObject = new JSONObject();
            for (Map.Entry entry : linkedHashMap.entrySet()) {
                String str = (String) entry.getKey();
                Map map2 = (Map) entry.getValue();
                JSONObject jSONObject2 = new JSONObject();
                Set set3 = (Set) map2.get("granted");
                if (set3 != null) {
                    jSONObject2.put("granted", (Collection<?>) set3);
                }
                Set set4 = (Set) map2.get("denied");
                if (set4 != null) {
                    jSONObject2.put("denied", (Collection<?>) set4);
                }
                jSONObject.put(str, jSONObject2);
            }
            jSONObject.write(slingHttpServletResponse.getWriter());
        } catch (AccessDeniedException e) {
            slingHttpServletResponse.sendError(404);
        } catch (ResourceNotFoundException e2) {
            slingHttpServletResponse.sendError(404, e2.getMessage());
        } catch (Throwable th) {
            this.log.debug("Exception while handling GET " + slingHttpServletRequest.getResource().getPath() + " with " + getClass().getName(), th);
            throw new ServletException(th);
        }
    }

    private AccessControlEntry[] getDeclaredAccessControlEntries(Session session, String str) throws RepositoryException {
        for (AccessControlPolicy accessControlPolicy : AccessControlUtil.getAccessControlManager(session).getPolicies(str)) {
            if (accessControlPolicy instanceof AccessControlList) {
                return ((AccessControlList) accessControlPolicy).getAccessControlEntries();
            }
        }
        return new AccessControlEntry[0];
    }
}
