package com.day.crx.core.security;

import com.day.crx.core.CRXSecurityManager;
import com.day.crx.core.CRXSystemSession;
import com.day.crx.security.Group;
import com.day.crx.security.User;
import com.day.crx.security.authorization.CRXAccessManager;
import com.day.crx.security.authorization.DefaultACLProvider;
import com.day.crx.security.principals.CRXPrincipalImpl;
import com.day.crx.security.principals.PrincipalManagerImpl;
import com.day.crx.security.user.UserManagerImpl;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.HashSet;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.spi.commons.name.NameConstants;
import org.apache.jackrabbit.uuid.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/day/crx/core/security/SecuritySetup.class */
public class SecuritySetup {
    static final String CVS_ID = "$URL: http://svn.day.com/repos/crx/tags/crx-1.4.1-load3a/repository/crx-core/src/main/java/com/day/crx/core/security/SecuritySetup.java $ $Rev: 42598 $ $Date: 2008-10-07 16:58:22 +0200 (Tue, 07 Oct 2008) $";
    private static final Logger log;
    public static final String SECURITY_ROOT = "rep:security";
    public static final String ACCESSOR_NAME = "rep:accessors";
    public static final String FOLDER_NT = "rep:PrincipalFolder";
    public static final String MEMBER_NAME = "rep:member";
    public static final String WORKSPACE_NT = "rep:Workspace";
    public static final String WORKSPACE_FOLDER_NT = "rep:WorkspaceAccess";
    public static final String KEY_PROTECTION_LEVEL = "defaultSecurityLevel";
    public static final String OPTION_PROTECTION_LEVEL_HIGH = "high";
    public static final String OPTION_PROTECTION_LEVEL_LOW = "low";
    public static final String USER_PATH = "rep:users";
    public static final String GROUP_PATH = "rep:groups";
    private final CRXSystemSession sysWSSession;
    private final CRXSecurityManager securityMgr;
    private boolean fullAccess;
    private static final String DEFAULT_ENCRYPTION = "sha1";
    private static final String[] ACTIONS_ALL;
    private static final String[] ACTIONS_READONLY;
    static Class class$com$day$crx$core$security$SecuritySetup;

    public SecuritySetup(CRXSecurityManager cRXSecurityManager, CRXSystemSession cRXSystemSession) {
        this(cRXSecurityManager, cRXSystemSession, OPTION_PROTECTION_LEVEL_HIGH);
    }

    public SecuritySetup(CRXSecurityManager cRXSecurityManager, CRXSystemSession cRXSystemSession, String str) {
        this.securityMgr = cRXSecurityManager;
        this.sysWSSession = cRXSystemSession;
        this.fullAccess = OPTION_PROTECTION_LEVEL_LOW.equalsIgnoreCase(str);
    }

    public void setFullAccess(boolean z) {
        this.fullAccess = z;
    }

    public String getSecurityRoot() {
        return SECURITY_ROOT;
    }

    public String getUserRoot() {
        return USER_PATH;
    }

    public String getGroupRoot() {
        return GROUP_PATH;
    }

    public void setUpProtection(CRXSystemSession cRXSystemSession) throws RepositoryException {
        if (cRXSystemSession.getRootNode().hasNode(DefaultACLProvider.NODE_REP_ACCESS_CONTROL)) {
            return;
        }
        String name = cRXSystemSession.getWorkspace().getName();
        try {
            log.info("install initial ACL:...");
            NodeImpl rootNode = cRXSystemSession.getRootNode();
            if (!rootNode.isNodeType(DefaultACLProvider.QNT_REP_ACCESS_CONTROLLABLE)) {
                rootNode.addMixin(DefaultACLProvider.QNT_REP_ACCESS_CONTROLLABLE);
            }
            NodeImpl addNode = rootNode.addNode(DefaultACLProvider.QNODE_REP_ACCESS_CONTROL, DefaultACLProvider.QNT_REP_ACCESS_CONTROL, (UUID) null);
            log.info("...edit for administrators...");
            Node addNode2 = addNode.addNode("allowAdminAll", DefaultACLProvider.NT_REP_GRANT_PERMISSION);
            addNode2.setProperty(DefaultACLProvider.PROP_REP_PRINCIPAL, "administrators");
            addNode2.setProperty(DefaultACLProvider.PROP_REP_ACTIONS, ACTIONS_ALL);
            if (this.fullAccess || getDefaultWspName().equals(name)) {
                log.info("...allow read for all...");
                Node addNode3 = addNode.addNode("allowEveryoneRead", DefaultACLProvider.NT_REP_GRANT_PERMISSION);
                addNode3.setProperty(DefaultACLProvider.PROP_REP_PRINCIPAL, "everyone");
                addNode3.setProperty(DefaultACLProvider.PROP_REP_ACTIONS, ACTIONS_READONLY);
            }
            NodeImpl node = rootNode.getNode(NameConstants.JCR_SYSTEM);
            if (!node.isNodeType(DefaultACLProvider.QNT_REP_ACCESS_CONTROLLABLE)) {
                node.addMixin(DefaultACLProvider.QNT_REP_ACCESS_CONTROLLABLE);
            }
            if (!node.hasNode(DefaultACLProvider.QNODE_REP_ACCESS_CONTROL)) {
                NodeImpl addNode4 = node.addNode(DefaultACLProvider.QNODE_REP_ACCESS_CONTROL, DefaultACLProvider.QNT_REP_ACCESS_CONTROL, (UUID) null);
                Node addNode5 = addNode4.addNode("denyEveryoneRemove", DefaultACLProvider.NT_REP_DENY_PERMISSION);
                addNode5.setProperty(DefaultACLProvider.PROP_REP_PRINCIPAL, "everyone");
                addNode5.setProperty(DefaultACLProvider.PROP_REP_ACTIONS, new String[]{CRXAccessManager.REMOVE_ACTION});
                Node addNode6 = addNode4.addNode("allowEveryoneEdit", DefaultACLProvider.NT_REP_GRANT_PERMISSION);
                addNode6.setProperty(DefaultACLProvider.PROP_REP_PRINCIPAL, "everyone");
                addNode6.setProperty(DefaultACLProvider.PROP_REP_ACTIONS, new String[]{CRXAccessManager.READ_ACTION, CRXAccessManager.SET_PROPERTY_ACTION, CRXAccessManager.ADD_NODE_ACTION});
            }
            cRXSystemSession.getRootNode().save();
            log.info("...done");
        } catch (RepositoryException e) {
            log.error("failed to set-up inital protection -> workspace will be editable for all");
            cRXSystemSession.getRootNode().refresh(true);
        }
    }

    public String[] getWorkspaceAccessPrincipals(String str) throws RepositoryException {
        PrincipalManagerImpl systemPrincipalManager = this.securityMgr.getSystemPrincipalManager();
        HashSet hashSet = new HashSet(2);
        Principal principal = systemPrincipalManager.getPrincipal("administrators");
        if (principal != null) {
            hashSet.add(principal.getName());
        } else {
            log.warn(new StringBuffer().append("no administrators-group found: -> no one granted access to workspace ").append(str).toString());
        }
        if (getDefaultWspName().equals(str)) {
            hashSet.add(systemPrincipalManager.getEveryone().getName());
        }
        return (String[]) hashSet.toArray(new String[hashSet.size()]);
    }

    private String getDefaultWspName() {
        return this.sysWSSession.getRepository().getConfig().getDefaultWorkspaceName();
    }

    public void assertPrincipals() throws RepositoryException {
        UserManagerImpl userManagerImpl = new UserManagerImpl(this.sysWSSession, new StringBuffer().append("/").append(getSecurityRoot()).toString(), true, false);
        Group group = userManagerImpl.getGroup("administrators");
        if (group == null) {
            group = userManagerImpl.createGroup("administrators", new CRXPrincipalImpl("administrators"));
            log.debug("...created administrators group with name 'administrators'");
        }
        if (userManagerImpl.getAdmin() == null) {
            User createUser = userManagerImpl.createUser(UserManagerImpl.DEFAULT_ADMIN_NAME, new CRXPrincipalImpl(UserManagerImpl.DEFAULT_ADMIN_NAME));
            try {
                createUser.setPassword(UserManagerImpl.DEFAULT_ADMIN_NAME, DEFAULT_ENCRYPTION);
                log.info("...created admin-user with id 'admin' ...");
                group.addMember(createUser);
            } catch (NoSuchAlgorithmException e) {
                throw new RepositoryException("Failed to set password: sha1 not supported");
            }
        }
        if (userManagerImpl.getUser("anonymous") == null) {
            User createUser2 = userManagerImpl.createUser("anonymous", new CRXPrincipalImpl("anonymous"));
            log.info("...created anonymous-user with id 'anonymous' ...");
            if (this.fullAccess) {
                group.addMember(createUser2);
            }
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$day$crx$core$security$SecuritySetup == null) {
            cls = class$("com.day.crx.core.security.SecuritySetup");
            class$com$day$crx$core$security$SecuritySetup = cls;
        } else {
            cls = class$com$day$crx$core$security$SecuritySetup;
        }
        log = LoggerFactory.getLogger(cls);
        ACTIONS_ALL = new String[]{CRXAccessManager.READ_ACTION, CRXAccessManager.ADD_NODE_ACTION, CRXAccessManager.SET_PROPERTY_ACTION, CRXAccessManager.REMOVE_ACTION, "acl_read", "acl_edit"};
        ACTIONS_READONLY = new String[]{CRXAccessManager.READ_ACTION};
    }
}
