package com.composum.sling.nodes.servlet;

import com.composum.sling.core.ResourceHandle;
import com.composum.sling.core.servlet.AbstractServiceServlet;
import com.composum.sling.core.servlet.ServletOperation;
import com.composum.sling.core.servlet.ServletOperationSet;
import com.composum.sling.core.util.JsonUtil;
import com.composum.sling.core.util.RequestUtil;
import com.composum.sling.core.util.ResponseUtil;
import com.composum.sling.nodes.NodesConfiguration;
import com.google.gson.stream.JsonWriter;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.NamedAccessControlPolicy;
import javax.jcr.security.Privilege;
import javax.servlet.ServletException;
import org.apache.batik.css.parser.CSSLexicalUnit;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.sling.SlingServlet;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Query;
import org.apache.jackrabbit.api.security.user.QueryBuilder;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.value.StringValue;
import org.apache.jackrabbit.webdav.ordering.OrderingConstants;
import org.apache.jackrabbit.webdav.security.Principal;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@SlingServlet(paths = {"/bin/cpm/nodes/security"}, methods = {"GET", "POST", "PUT", "DELETE"})
/* loaded from: input_file:WEB-INF/resources/install/20/composum-sling-core-console-1.8.2.jar:com/composum/sling/nodes/servlet/SecurityServlet.class */
public class SecurityServlet extends AbstractServiceServlet {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SecurityServlet.class);
    public static final String PARAM_SCOPE = "scope";

    @Reference
    private NodesConfiguration coreConfig;
    protected ServletOperationSet<Extension, Operation> operations = new ServletOperationSet<>(Extension.json);

    /* loaded from: input_file:WEB-INF/resources/install/20/composum-sling-core-console-1.8.2.jar:com/composum/sling/nodes/servlet/SecurityServlet$AccessPolicyEntry.class */
    public static class AccessPolicyEntry {
        public String principal;
        public String path;
        public boolean allow;
        public String[] privileges;
        public String[] restrictions;
        public String[] restrictionName;
        public String[] restrictionPattern;
    }

    /* loaded from: input_file:WEB-INF/resources/install/20/composum-sling-core-console-1.8.2.jar:com/composum/sling/nodes/servlet/SecurityServlet$Extension.class */
    public enum Extension {
        json,
        html
    }

    /* loaded from: input_file:WEB-INF/resources/install/20/composum-sling-core-console-1.8.2.jar:com/composum/sling/nodes/servlet/SecurityServlet$GetAccessPolicies.class */
    public class GetAccessPolicies implements ServletOperation {
        public GetAccessPolicies() {
        }

        @Override // com.composum.sling.core.servlet.ServletOperation
        public void doIt(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, ResourceHandle resourceHandle) throws ServletException, IOException {
            AccessControlPolicy[] policies;
            try {
                AccessControlManager accessControlManager = ((Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class)).getAccessControlManager();
                String path = AbstractServiceServlet.getPath(slingHttpServletRequest);
                switch ((PolicyScope) RequestUtil.getParameter(slingHttpServletRequest, "scope", RequestUtil.getSelector(slingHttpServletRequest, PolicyScope.local))) {
                    case effective:
                        policies = accessControlManager.getEffectivePolicies(path);
                        break;
                    default:
                        policies = accessControlManager.getPolicies(path);
                        break;
                }
                writePolicies(ResponseUtil.getJsonWriter(slingHttpServletResponse), policies);
            } catch (RepositoryException e) {
                SecurityServlet.LOG.error(e.getMessage(), (Throwable) e);
                slingHttpServletResponse.sendError(400, e.getMessage());
            }
        }

        protected void writePolicies(JsonWriter jsonWriter, AccessControlPolicy[] accessControlPolicyArr) throws IOException, RepositoryException {
            jsonWriter.beginArray();
            for (AccessControlPolicy accessControlPolicy : accessControlPolicyArr) {
                writePolicy(jsonWriter, accessControlPolicy);
            }
            jsonWriter.endArray();
        }

        protected void writePolicies(JsonWriter jsonWriter, AccessControlPolicyIterator accessControlPolicyIterator) throws IOException, RepositoryException {
            jsonWriter.beginArray();
            while (accessControlPolicyIterator.hasNext()) {
                writePolicy(jsonWriter, accessControlPolicyIterator.nextAccessControlPolicy());
            }
            jsonWriter.endArray();
        }

        protected void writePolicy(JsonWriter jsonWriter, AccessControlPolicy accessControlPolicy) throws IOException, RepositoryException {
            if (accessControlPolicy instanceof JackrabbitAccessControlList) {
                JackrabbitAccessControlList jackrabbitAccessControlList = (JackrabbitAccessControlList) accessControlPolicy;
                for (AccessControlEntry accessControlEntry : jackrabbitAccessControlList.getAccessControlEntries()) {
                    JackrabbitAccessControlEntry jackrabbitAccessControlEntry = (JackrabbitAccessControlEntry) accessControlEntry;
                    jsonWriter.beginObject();
                    jsonWriter.name(Principal.XML_PRINCIPAL).value(accessControlEntry.getPrincipal().getName());
                    jsonWriter.name("path").value(jackrabbitAccessControlList.getPath());
                    jsonWriter.name("allow").value(jackrabbitAccessControlEntry.isAllow());
                    writePrivileges(jsonWriter, accessControlEntry);
                    writeRestrictions(jsonWriter, jackrabbitAccessControlEntry);
                    jsonWriter.endObject();
                }
            }
        }

        protected void writePrivileges(JsonWriter jsonWriter, AccessControlEntry accessControlEntry) throws IOException, RepositoryException {
            Privilege[] privileges = accessControlEntry.getPrivileges();
            jsonWriter.name("privileges");
            writePrivileges(jsonWriter, privileges);
        }

        protected void writePrivileges(JsonWriter jsonWriter, Privilege[] privilegeArr) throws IOException, RepositoryException {
            jsonWriter.beginArray();
            for (Privilege privilege : privilegeArr) {
                jsonWriter.value(privilege.getName());
            }
            jsonWriter.endArray();
        }

        protected void writeRestrictions(JsonWriter jsonWriter, JackrabbitAccessControlEntry jackrabbitAccessControlEntry) throws IOException, RepositoryException {
            String[] restrictionNames = jackrabbitAccessControlEntry.getRestrictionNames();
            jsonWriter.name("restrictions").beginArray();
            for (String str : restrictionNames) {
                jsonWriter.value(str + "=" + jackrabbitAccessControlEntry.getRestriction(str).getString());
            }
            jsonWriter.endArray();
        }
    }

    /* loaded from: input_file:WEB-INF/resources/install/20/composum-sling-core-console-1.8.2.jar:com/composum/sling/nodes/servlet/SecurityServlet$GetAllAccessPolicies.class */
    public class GetAllAccessPolicies extends GetAccessPolicies {
        public GetAllAccessPolicies() {
            super();
        }

        @Override // com.composum.sling.nodes.servlet.SecurityServlet.GetAccessPolicies, com.composum.sling.core.servlet.ServletOperation
        public void doIt(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, ResourceHandle resourceHandle) throws ServletException, IOException {
            try {
                AccessControlManager accessControlManager = ((Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class)).getAccessControlManager();
                String path = AbstractServiceServlet.getPath(slingHttpServletRequest);
                JsonWriter jsonWriter = ResponseUtil.getJsonWriter(slingHttpServletResponse);
                jsonWriter.setIndent("  ");
                jsonWriter.beginObject();
                jsonWriter.name("policies");
                writePolicies(jsonWriter, accessControlManager.getPolicies(path));
                jsonWriter.name("effective");
                writePolicies(jsonWriter, accessControlManager.getEffectivePolicies(path));
                jsonWriter.name("applicable");
                writePolicies(jsonWriter, accessControlManager.getApplicablePolicies(path));
                jsonWriter.name("privileges");
                writePrivileges(jsonWriter, accessControlManager.getPrivileges(path));
                jsonWriter.name("supported");
                writePrivileges(jsonWriter, accessControlManager.getSupportedPrivileges(path));
                jsonWriter.endObject();
            } catch (RepositoryException e) {
                SecurityServlet.LOG.error(e.getMessage(), (Throwable) e);
                slingHttpServletResponse.sendError(400, e.getMessage());
            }
        }
    }

    /* loaded from: input_file:WEB-INF/resources/install/20/composum-sling-core-console-1.8.2.jar:com/composum/sling/nodes/servlet/SecurityServlet$GetHtmlAccessRules.class */
    public class GetHtmlAccessRules implements ServletOperation {
        public GetHtmlAccessRules() {
        }

        @Override // com.composum.sling.core.servlet.ServletOperation
        public void doIt(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, ResourceHandle resourceHandle) throws ServletException, IOException {
            try {
                AccessControlManager accessControlManager = ((Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class)).getAccessControlManager();
                String path = AbstractServiceServlet.getPath(slingHttpServletRequest);
                PrintWriter writer = slingHttpServletResponse.getWriter();
                writer.append("<tbody>");
                writer.append("<tr class=\"policies info\"><th colspan=\"5\">node policies</th></tr>");
                writePolicies(writer, accessControlManager.getPolicies(path), "policies");
                writer.append("<tr class=\"effective info\"><th colspan=\"5\">effective policies</th></tr>");
                writePolicies(writer, accessControlManager.getEffectivePolicies(path), "effective");
                writer.append("</tbody>");
            } catch (RepositoryException e) {
                SecurityServlet.LOG.error(e.getMessage(), (Throwable) e);
                slingHttpServletResponse.sendError(400, e.getMessage());
            }
        }

        protected void writePolicies(PrintWriter printWriter, AccessControlPolicy[] accessControlPolicyArr, String str) throws IOException, RepositoryException {
            if (accessControlPolicyArr.length <= 0) {
                printWriter.append("<tr class=\"empty\"><td colspan=\"5\">no rules found</td></tr>");
                return;
            }
            for (AccessControlPolicy accessControlPolicy : accessControlPolicyArr) {
                writePolicy(printWriter, accessControlPolicy, str);
            }
        }

        protected void writePolicies(PrintWriter printWriter, AccessControlPolicyIterator accessControlPolicyIterator, String str) throws IOException, RepositoryException {
            if (!accessControlPolicyIterator.hasNext()) {
                printWriter.append("<tr class=\"empty\"><td colspan=\"5\">no rules found</td></tr>");
            } else {
                while (accessControlPolicyIterator.hasNext()) {
                    writePolicy(printWriter, accessControlPolicyIterator.nextAccessControlPolicy(), str);
                }
            }
        }

        protected void writePolicy(PrintWriter printWriter, AccessControlPolicy accessControlPolicy, String str) throws IOException, RepositoryException {
            if (accessControlPolicy instanceof JackrabbitAccessControlList) {
                JackrabbitAccessControlList jackrabbitAccessControlList = (JackrabbitAccessControlList) accessControlPolicy;
                for (AccessControlEntry accessControlEntry : jackrabbitAccessControlList.getAccessControlEntries()) {
                    JackrabbitAccessControlEntry jackrabbitAccessControlEntry = (JackrabbitAccessControlEntry) accessControlEntry;
                    printWriter.append("<tr class=\"").append((CharSequence) str).append("\">");
                    printWriter.append("<td class=\"principal\">").append((CharSequence) accessControlEntry.getPrincipal().getName()).append("</td>");
                    printWriter.append("<td class=\"path\">").append((CharSequence) jackrabbitAccessControlList.getPath()).append("</td>");
                    printWriter.append("<td class=\"type ").append((CharSequence) (jackrabbitAccessControlEntry.isAllow() ? "allow" : "deny")).append("\">").append((CharSequence) (jackrabbitAccessControlEntry.isAllow() ? "allow" : "deny")).append("</td>");
                    printWriter.append("<td class=\"privileges\">");
                    writePrivileges(printWriter, accessControlEntry);
                    printWriter.append("</td>");
                    printWriter.append("<td class=\"restrictions\">");
                    writeRestrictions(printWriter, jackrabbitAccessControlEntry);
                    printWriter.append("</td>");
                }
                printWriter.append("</tr>");
                return;
            }
            if (!(accessControlPolicy instanceof AccessControlList)) {
                if (accessControlPolicy instanceof NamedAccessControlPolicy) {
                    printWriter.append("<tr class=\"named warning\"><td colspan=\"5\">named policy: ").append((CharSequence) ((NamedAccessControlPolicy) accessControlPolicy).getName()).append("</td></tr>");
                    return;
                } else {
                    printWriter.append("<tr class=\"unknown warning\"><td colspan=\"5\">uknown policy type: ").append((CharSequence) accessControlPolicy.getClass().getName()).append("</td></tr>");
                    return;
                }
            }
            for (AccessControlEntry accessControlEntry2 : ((AccessControlList) accessControlPolicy).getAccessControlEntries()) {
                printWriter.append("<tr class=\"").append((CharSequence) str).append("\">");
                printWriter.append("<td class=\"principal\">").append((CharSequence) accessControlEntry2.getPrincipal().getName()).append("</td>");
                printWriter.append("<td class=\"path\">").append("").append("</td>");
                printWriter.append("<td class=\"type\">").append("</td>");
                printWriter.append("<td class=\"privileges\">");
                writePrivileges(printWriter, accessControlEntry2);
                printWriter.append("</td>");
                printWriter.append("<td class=\"restrictions\">");
                printWriter.append("</td>");
            }
            printWriter.append("</tr>");
        }

        protected void writePrivileges(PrintWriter printWriter, AccessControlEntry accessControlEntry) throws IOException, RepositoryException {
            Privilege[] privileges = accessControlEntry.getPrivileges();
            int i = 0;
            while (i < privileges.length) {
                printWriter.append((CharSequence) privileges[i].getName());
                i++;
                if (i < privileges.length) {
                    printWriter.append(", ");
                }
            }
        }

        protected void writeRestrictions(PrintWriter printWriter, JackrabbitAccessControlEntry jackrabbitAccessControlEntry) throws IOException, RepositoryException {
            String[] restrictionNames = jackrabbitAccessControlEntry.getRestrictionNames();
            int i = 0;
            while (i < restrictionNames.length) {
                printWriter.append((CharSequence) restrictionNames[i]).append((CharSequence) "=").append((CharSequence) jackrabbitAccessControlEntry.getRestriction(restrictionNames[i]).getString());
                i++;
                if (i < restrictionNames.length) {
                    printWriter.append((CharSequence) ", ");
                }
            }
        }
    }

    /* loaded from: input_file:WEB-INF/resources/install/20/composum-sling-core-console-1.8.2.jar:com/composum/sling/nodes/servlet/SecurityServlet$GetPrincipals.class */
    public class GetPrincipals implements ServletOperation {
        public GetPrincipals() {
        }

        @Override // com.composum.sling.core.servlet.ServletOperation
        public void doIt(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, ResourceHandle resourceHandle) throws IOException, ServletException {
            try {
                JackrabbitSession jackrabbitSession = (JackrabbitSession) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class);
                String path = AbstractServiceServlet.getPath(slingHttpServletRequest);
                String substring = path.startsWith("/") ? path.substring(1) : path;
                final String str = substring;
                Iterator<Authorizable> findAuthorizables = jackrabbitSession.getUserManager().findAuthorizables(new Query() { // from class: com.composum.sling.nodes.servlet.SecurityServlet.GetPrincipals.1
                    @Override // org.apache.jackrabbit.api.security.user.Query
                    public <T> void build(QueryBuilder<T> queryBuilder) {
                        queryBuilder.setCondition(queryBuilder.nameMatches(str + CSSLexicalUnit.UNIT_TEXT_PERCENTAGE));
                        queryBuilder.setSortOrder("@name", QueryBuilder.Direction.ASCENDING);
                        queryBuilder.setSelector(Authorizable.class);
                    }
                });
                ArrayList arrayList = new ArrayList();
                while (findAuthorizables.hasNext()) {
                    arrayList.add(findAuthorizables.next().getPrincipal().getName());
                }
                if (EveryonePrincipal.NAME.startsWith(substring)) {
                    arrayList.add(EveryonePrincipal.NAME);
                }
                Collections.sort(arrayList);
                JsonWriter jsonWriter = ResponseUtil.getJsonWriter(slingHttpServletResponse);
                slingHttpServletResponse.setStatus(200);
                JsonUtil.writeJsonArray(jsonWriter, (Iterator<String>) arrayList.iterator());
            } catch (RepositoryException e) {
                SecurityServlet.LOG.error(e.getMessage(), (Throwable) e);
                slingHttpServletResponse.sendError(400, e.getMessage());
            }
        }
    }

    /* loaded from: input_file:WEB-INF/resources/install/20/composum-sling-core-console-1.8.2.jar:com/composum/sling/nodes/servlet/SecurityServlet$Operation.class */
    public enum Operation {
        accessPolicy,
        accessPolicies,
        allPolicies,
        reorder,
        supportedPrivileges,
        principals,
        restrictionNames
    }

    /* loaded from: input_file:WEB-INF/resources/install/20/composum-sling-core-console-1.8.2.jar:com/composum/sling/nodes/servlet/SecurityServlet$PolicyScope.class */
    public enum PolicyScope {
        local,
        effective
    }

    /* loaded from: input_file:WEB-INF/resources/install/20/composum-sling-core-console-1.8.2.jar:com/composum/sling/nodes/servlet/SecurityServlet$PutAccessPolicy.class */
    public class PutAccessPolicy implements ServletOperation {
        public PutAccessPolicy() {
        }

        @Override // com.composum.sling.core.servlet.ServletOperation
        public void doIt(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, ResourceHandle resourceHandle) throws ServletException, IOException {
            try {
                JackrabbitSession jackrabbitSession = (JackrabbitSession) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class);
                AccessControlManager accessControlManager = jackrabbitSession.getAccessControlManager();
                PrincipalManager principalManager = jackrabbitSession.getPrincipalManager();
                String path = AbstractServiceServlet.getPath(slingHttpServletRequest);
                AccessPolicyEntry accessPolicyEntry = (AccessPolicyEntry) AbstractServiceServlet.getJsonObject(slingHttpServletRequest, AccessPolicyEntry.class);
                JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, path);
                java.security.Principal principal = principalManager.getPrincipal(accessPolicyEntry.principal);
                Privilege[] privilegesFromNames = AccessControlUtils.privilegesFromNames(accessControlManager, accessPolicyEntry.privileges);
                HashMap hashMap = new HashMap();
                for (String str : accessPolicyEntry.restrictions) {
                    hashMap.put(str.substring(0, str.indexOf(61)), new StringValue(str.substring(str.indexOf(61) + 1)));
                }
                accessControlList.addEntry(principal, privilegesFromNames, accessPolicyEntry.allow, hashMap);
                accessControlManager.setPolicy(path, accessControlList);
                jackrabbitSession.save();
            } catch (RepositoryException e) {
                SecurityServlet.LOG.error(e.getMessage(), (Throwable) e);
                slingHttpServletResponse.sendError(400, e.getMessage());
            }
        }
    }

    /* loaded from: input_file:WEB-INF/resources/install/20/composum-sling-core-console-1.8.2.jar:com/composum/sling/nodes/servlet/SecurityServlet$RemoveAccessPolicy.class */
    public class RemoveAccessPolicy implements ServletOperation {
        public RemoveAccessPolicy() {
        }

        @Override // com.composum.sling.core.servlet.ServletOperation
        public void doIt(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, ResourceHandle resourceHandle) throws ServletException, IOException {
            try {
                Session session = (Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class);
                AccessControlManager accessControlManager = session.getAccessControlManager();
                String path = AbstractServiceServlet.getPath(slingHttpServletRequest);
                AccessPolicyEntry[] accessPolicyEntryArr = (AccessPolicyEntry[]) AbstractServiceServlet.getJsonObject(slingHttpServletRequest, AccessPolicyEntry[].class);
                JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, path);
                for (AccessPolicyEntry accessPolicyEntry : accessPolicyEntryArr) {
                    for (AccessControlEntry accessControlEntry : accessControlList.getAccessControlEntries()) {
                        if (SecurityServlet.this.sameEntry((JackrabbitAccessControlEntry) accessControlEntry, accessPolicyEntry)) {
                            accessControlList.removeAccessControlEntry(accessControlEntry);
                        }
                    }
                }
                accessControlManager.setPolicy(path, accessControlList);
                if (accessControlList.isEmpty()) {
                    accessControlManager.removePolicy(path, accessControlList);
                }
                session.save();
            } catch (RepositoryException e) {
                SecurityServlet.LOG.error(e.getMessage(), (Throwable) e);
                slingHttpServletResponse.sendError(400, e.getMessage());
            }
        }
    }

    /* loaded from: input_file:WEB-INF/resources/install/20/composum-sling-core-console-1.8.2.jar:com/composum/sling/nodes/servlet/SecurityServlet$ReorderOperation.class */
    public class ReorderOperation implements ServletOperation {
        public ReorderOperation() {
        }

        @Override // com.composum.sling.core.servlet.ServletOperation
        public void doIt(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, ResourceHandle resourceHandle) throws IOException, ServletException {
            try {
                JackrabbitSession jackrabbitSession = (JackrabbitSession) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class);
                AccessControlManager accessControlManager = jackrabbitSession.getAccessControlManager();
                String path = AbstractServiceServlet.getPath(slingHttpServletRequest);
                String parameter = slingHttpServletRequest.getParameter("object");
                String parameter2 = slingHttpServletRequest.getParameter(OrderingConstants.XML_BEFORE);
                AccessPolicyEntry accessPolicyEntry = (AccessPolicyEntry) AbstractServiceServlet.getJsonObject(parameter, AccessPolicyEntry.class);
                AccessPolicyEntry accessPolicyEntry2 = (AccessPolicyEntry) AbstractServiceServlet.getJsonObject(parameter2, AccessPolicyEntry.class);
                JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, path);
                JackrabbitAccessControlEntry jackrabbitAccessControlEntry = null;
                JackrabbitAccessControlEntry jackrabbitAccessControlEntry2 = null;
                for (AccessControlEntry accessControlEntry : accessControlList.getAccessControlEntries()) {
                    JackrabbitAccessControlEntry jackrabbitAccessControlEntry3 = (JackrabbitAccessControlEntry) accessControlEntry;
                    if (SecurityServlet.this.sameEntry(jackrabbitAccessControlEntry3, accessPolicyEntry2)) {
                        jackrabbitAccessControlEntry = jackrabbitAccessControlEntry3;
                    }
                    if (SecurityServlet.this.sameEntry(jackrabbitAccessControlEntry3, accessPolicyEntry)) {
                        jackrabbitAccessControlEntry2 = jackrabbitAccessControlEntry3;
                    }
                }
                if (jackrabbitAccessControlEntry2 != null) {
                    accessControlList.orderBefore(jackrabbitAccessControlEntry2, jackrabbitAccessControlEntry);
                    accessControlManager.setPolicy(path, accessControlList);
                    jackrabbitSession.save();
                }
            } catch (RepositoryException e) {
                SecurityServlet.LOG.error(e.getMessage(), (Throwable) e);
                slingHttpServletResponse.sendError(400, e.getMessage());
            }
        }
    }

    /* loaded from: input_file:WEB-INF/resources/install/20/composum-sling-core-console-1.8.2.jar:com/composum/sling/nodes/servlet/SecurityServlet$RestrictionNames.class */
    public class RestrictionNames implements ServletOperation {
        public RestrictionNames() {
        }

        @Override // com.composum.sling.core.servlet.ServletOperation
        public void doIt(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, ResourceHandle resourceHandle) throws IOException, ServletException {
            try {
                String[] restrictionNames = AccessControlUtils.getAccessControlList(((JackrabbitSession) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class)).getAccessControlManager(), AbstractServiceServlet.getPath(slingHttpServletRequest)).getRestrictionNames();
                Arrays.sort(restrictionNames);
                JsonWriter jsonWriter = ResponseUtil.getJsonWriter(slingHttpServletResponse);
                slingHttpServletResponse.setStatus(200);
                JsonUtil.writeJsonArray(jsonWriter, restrictionNames);
            } catch (RepositoryException e) {
                SecurityServlet.LOG.error(e.getMessage(), (Throwable) e);
                slingHttpServletResponse.sendError(400, e.getMessage());
            }
        }
    }

    /* loaded from: input_file:WEB-INF/resources/install/20/composum-sling-core-console-1.8.2.jar:com/composum/sling/nodes/servlet/SecurityServlet$SupportedPrivileges.class */
    public class SupportedPrivileges implements ServletOperation {
        public SupportedPrivileges() {
        }

        @Override // com.composum.sling.core.servlet.ServletOperation
        public void doIt(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, ResourceHandle resourceHandle) throws IOException, ServletException {
            try {
                Privilege[] supportedPrivileges = ((JackrabbitSession) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class)).getAccessControlManager().getSupportedPrivileges(AbstractServiceServlet.getPath(slingHttpServletRequest));
                ArrayList arrayList = new ArrayList(supportedPrivileges.length);
                for (Privilege privilege : supportedPrivileges) {
                    arrayList.add(privilege.getName());
                }
                Collections.sort(arrayList);
                JsonWriter jsonWriter = ResponseUtil.getJsonWriter(slingHttpServletResponse);
                slingHttpServletResponse.setStatus(200);
                JsonUtil.writeJsonArray(jsonWriter, (Iterator<String>) arrayList.iterator());
            } catch (RepositoryException e) {
                SecurityServlet.LOG.error(e.getMessage(), (Throwable) e);
                slingHttpServletResponse.sendError(400, e.getMessage());
            }
        }
    }

    @Override // com.composum.sling.core.servlet.AbstractServiceServlet
    protected ServletOperationSet getOperations() {
        return this.operations;
    }

    @Override // com.composum.sling.core.servlet.AbstractServiceServlet
    protected boolean isEnabled() {
        return this.coreConfig.isEnabled(this);
    }

    public void init() throws ServletException {
        super.init();
        this.operations.setOperation(ServletOperationSet.Method.GET, Extension.json, Operation.accessPolicies, new GetAccessPolicies());
        this.operations.setOperation(ServletOperationSet.Method.GET, Extension.json, Operation.allPolicies, new GetAllAccessPolicies());
        this.operations.setOperation(ServletOperationSet.Method.GET, Extension.html, Operation.allPolicies, new GetHtmlAccessRules());
        this.operations.setOperation(ServletOperationSet.Method.GET, Extension.json, Operation.supportedPrivileges, new SupportedPrivileges());
        this.operations.setOperation(ServletOperationSet.Method.GET, Extension.json, Operation.restrictionNames, new RestrictionNames());
        this.operations.setOperation(ServletOperationSet.Method.GET, Extension.json, Operation.principals, new GetPrincipals());
        this.operations.setOperation(ServletOperationSet.Method.POST, Extension.json, Operation.reorder, new ReorderOperation());
        this.operations.setOperation(ServletOperationSet.Method.PUT, Extension.json, Operation.accessPolicy, new PutAccessPolicy());
        this.operations.setOperation(ServletOperationSet.Method.DELETE, Extension.json, Operation.accessPolicy, new RemoveAccessPolicy());
    }

    protected boolean sameEntry(JackrabbitAccessControlEntry jackrabbitAccessControlEntry, AccessPolicyEntry accessPolicyEntry) throws RepositoryException {
        return jackrabbitAccessControlEntry.getPrincipal().getName().equals(accessPolicyEntry.principal) && jackrabbitAccessControlEntry.isAllow() == accessPolicyEntry.allow && samePrivileges(jackrabbitAccessControlEntry, accessPolicyEntry) && sameRestrictions(jackrabbitAccessControlEntry, accessPolicyEntry);
    }

    protected boolean samePrivileges(JackrabbitAccessControlEntry jackrabbitAccessControlEntry, AccessPolicyEntry accessPolicyEntry) {
        if (jackrabbitAccessControlEntry.getPrivileges().length != accessPolicyEntry.privileges.length) {
            return false;
        }
        for (Privilege privilege : jackrabbitAccessControlEntry.getPrivileges()) {
            boolean z = false;
            String[] strArr = accessPolicyEntry.privileges;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (privilege.getName().equals(strArr[i])) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }

    protected boolean sameRestrictions(JackrabbitAccessControlEntry jackrabbitAccessControlEntry, AccessPolicyEntry accessPolicyEntry) throws RepositoryException {
        if (jackrabbitAccessControlEntry.getRestrictionNames().length != accessPolicyEntry.restrictions.length) {
            return false;
        }
        for (String str : jackrabbitAccessControlEntry.getRestrictionNames()) {
            String str2 = str + "=" + jackrabbitAccessControlEntry.getRestriction(str).getString();
            boolean z = false;
            String[] strArr = accessPolicyEntry.restrictions;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (strArr[i].equals(str2)) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }

    protected void bindCoreConfig(NodesConfiguration nodesConfiguration) {
        this.coreConfig = nodesConfiguration;
    }

    protected void unbindCoreConfig(NodesConfiguration nodesConfiguration) {
        if (this.coreConfig == nodesConfiguration) {
            this.coreConfig = null;
        }
    }
}
