package com.day.crx.security.authorization;

import com.day.crx.security.spi.CompiledACL;
import com.day.crx.security.spi.CompiledACLProvider;
import com.day.crx.security.spi.WorkspaceACLProvider;
import javax.jcr.AccessDeniedException;
import javax.jcr.ItemNotFoundException;
import javax.jcr.NoSuchWorkspaceException;
import javax.jcr.RepositoryException;
import javax.security.auth.Subject;
import org.apache.jackrabbit.core.HierarchyManager;
import org.apache.jackrabbit.core.ItemId;
import org.apache.jackrabbit.core.NodeId;
import org.apache.jackrabbit.core.PropertyId;
import org.apache.jackrabbit.core.security.AccessManager;
import org.apache.jackrabbit.core.state.ItemState;
import org.apache.jackrabbit.core.state.ItemStateException;
import org.apache.jackrabbit.core.state.ItemStateManager;
import org.apache.jackrabbit.core.state.NodeState;
import org.apache.jackrabbit.spi.commons.name.PathFactoryImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/day/crx/security/authorization/CRXAccessManager.class */
public class CRXAccessManager implements AccessManager {
    static final String CVS_ID = "$URL: http://svn.day.com/repos/crx/tags/crx-1.4.2-load3/repository/crx-core/src/main/java/com/day/crx/security/authorization/CRXAccessManager.java $ $Rev: 41726 $ $Date: 2008-09-19 23:04:24 +0200 (Fri, 19 Sep 2008) $";
    private boolean initialized;
    private boolean isSystem;
    private Subject subject;
    private CompiledACLProvider aclProvider;
    private WorkspaceACLProvider wspACLProvider;
    private String wspName;
    private ItemId rootNodeId;
    private HierarchyManager hierMgr;
    private ItemStateManager itemStateMgr;
    private static final Logger log;
    static Class class$com$day$crx$security$authorization$CRXAccessManager;
    static Class class$org$apache$jackrabbit$core$security$SystemPrincipal;
    static Class class$com$day$crx$security$principals$AdminPrincipal;
    public static final String READ_ACTION = "read";
    public static final String ADD_NODE_ACTION = "add_node";
    public static final String SET_PROPERTY_ACTION = "set_property";
    public static final String REMOVE_ACTION = "remove";
    public static final String[] JCR_ACTIONS = {"", READ_ACTION, ADD_NODE_ACTION, SET_PROPERTY_ACTION, REMOVE_ACTION};

    public void setItemStateManager(ItemStateManager itemStateManager) {
        this.itemStateMgr = itemStateManager;
    }

    public void setACLProvider(CompiledACLProvider compiledACLProvider) {
        this.aclProvider = compiledACLProvider;
    }

    protected CompiledACLProvider getAclProvider() {
        return this.aclProvider;
    }

    public WorkspaceACLProvider getDefaultWorkspaceACLProvider() {
        return this.wspACLProvider;
    }

    public void setGlobalWorkspaceACLProvider(WorkspaceACLProvider workspaceACLProvider) {
        this.wspACLProvider = workspaceACLProvider;
    }

    public String getWspName() {
        return this.wspName;
    }

    public void setWspName(String str) {
        this.wspName = str;
    }

    protected Subject getSubject() {
        return this.subject;
    }

    public boolean isSystem() {
        return this.isSystem;
    }

    /* JADX WARN: Removed duplicated region for block: B:14:0x0071  */
    /* JADX WARN: Removed duplicated region for block: B:17:0x008f A[RETURN] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void init(org.apache.jackrabbit.core.security.AMContext r6) throws java.lang.Exception {
        /*
            r5 = this;
            r0 = r5
            r1 = r6
            org.apache.jackrabbit.core.HierarchyManager r1 = r1.getHierarchyManager()
            r0.hierMgr = r1
            r0 = r5
            r1 = r6
            javax.security.auth.Subject r1 = r1.getSubject()
            r0.subject = r1
            r0 = r5
            r1 = r5
            javax.security.auth.Subject r1 = r1.subject
            java.lang.Class r2 = com.day.crx.security.authorization.CRXAccessManager.class$org$apache$jackrabbit$core$security$SystemPrincipal
            if (r2 != 0) goto L27
            java.lang.String r2 = "org.apache.jackrabbit.core.security.SystemPrincipal"
            java.lang.Class r2 = class$(r2)
            r3 = r2
            com.day.crx.security.authorization.CRXAccessManager.class$org$apache$jackrabbit$core$security$SystemPrincipal = r3
            goto L2a
        L27:
            java.lang.Class r2 = com.day.crx.security.authorization.CRXAccessManager.class$org$apache$jackrabbit$core$security$SystemPrincipal
        L2a:
            java.util.Set r1 = r1.getPrincipals(r2)
            int r1 = r1.size()
            if (r1 > 0) goto L59
            r1 = r5
            javax.security.auth.Subject r1 = r1.subject
            java.lang.Class r2 = com.day.crx.security.authorization.CRXAccessManager.class$com$day$crx$security$principals$AdminPrincipal
            if (r2 != 0) goto L4b
            java.lang.String r2 = "com.day.crx.security.principals.AdminPrincipal"
            java.lang.Class r2 = class$(r2)
            r3 = r2
            com.day.crx.security.authorization.CRXAccessManager.class$com$day$crx$security$principals$AdminPrincipal = r3
            goto L4e
        L4b:
            java.lang.Class r2 = com.day.crx.security.authorization.CRXAccessManager.class$com$day$crx$security$principals$AdminPrincipal
        L4e:
            java.util.Set r1 = r1.getPrincipals(r2)
            int r1 = r1.size()
            if (r1 <= 0) goto L5d
        L59:
            r1 = 1
            goto L5e
        L5d:
            r1 = 0
        L5e:
            r0.isSystem = r1
            r0 = r5
            r1 = 1
            r0.initialized = r1
            r0 = r5
            r1 = r6
            java.lang.String r1 = r1.getWorkspaceName()
            boolean r0 = r0.canAccess(r1)
            if (r0 != 0) goto L8f
            javax.jcr.AccessDeniedException r0 = new javax.jcr.AccessDeniedException
            r1 = r0
            java.lang.StringBuffer r2 = new java.lang.StringBuffer
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "Not allowed to access Workspace "
            java.lang.StringBuffer r2 = r2.append(r3)
            r3 = r6
            java.lang.String r3 = r3.getWorkspaceName()
            java.lang.StringBuffer r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r1.<init>(r2)
            throw r0
        L8f:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.day.crx.security.authorization.CRXAccessManager.init(org.apache.jackrabbit.core.security.AMContext):void");
    }

    public void close() throws Exception {
        if (!this.initialized) {
            throw new IllegalStateException("not initialized");
        }
        this.initialized = false;
        this.hierMgr = null;
        this.itemStateMgr = null;
        this.aclProvider = null;
    }

    public void checkPermission(ItemId itemId, int i) throws AccessDeniedException, ItemNotFoundException, RepositoryException {
        if (isGranted(itemId, i)) {
            return;
        }
        String str = null;
        try {
            str = this.hierMgr.getPath(itemId).getString();
        } catch (RepositoryException e) {
            if (!itemId.denotesNode()) {
                PropertyId propertyId = (PropertyId) itemId;
                try {
                    str = new StringBuffer().append(this.hierMgr.getPath(propertyId.getParentId()).getString()).append("/").append(propertyId.getName()).toString();
                } catch (RepositoryException e2) {
                    str = itemId.toString();
                }
            }
        }
        throw new AccessDeniedException(new StringBuffer().append("Not sufficient privileges for permissions : ").append(i).append(" on ").append(str).toString());
    }

    public boolean canAccess(String str) throws NoSuchWorkspaceException, RepositoryException {
        if (!this.initialized) {
            throw new IllegalStateException("not initialized");
        }
        if (this.isSystem || this.wspACLProvider == null) {
            return true;
        }
        return str.equals(this.wspName) ? getAclProvider().getWorkspaceAcl().grants(ActionSetImpl.WORKSPACE_ACCESS) : this.wspACLProvider.getAcl(str).grants(this.subject.getPrincipals(), ActionSetImpl.WORKSPACE_ACCESS);
    }

    public boolean isGranted(ItemId itemId, int i) throws ItemNotFoundException, RepositoryException {
        if (!this.initialized) {
            throw new IllegalStateException("not initialized");
        }
        if (this.isSystem) {
            return true;
        }
        if (this.aclProvider == null) {
            log.error("isGranted: no ACLProvider definied for workspace  : grant access");
            return true;
        }
        NodeId parentId = itemId.denotesNode() ? (NodeId) itemId : ((PropertyId) itemId).getParentId();
        CompiledACL acl = this.aclProvider.getAcl(parentId);
        if (acl.getSource() == null) {
            acl = getInheritedAcl(parentId);
        }
        if (acl == null || acl.getSource() == null) {
            log.info(new StringBuffer().append("isGranted: no ACL definied for ").append(itemId).append(" : grant access").toString());
            return true;
        }
        int i2 = 0;
        if (acl.protectsACL()) {
            if ((i & 1) == 1) {
                i2 = 0 | 16;
            }
            if ((i & 2) == 2) {
                i2 |= 32;
            }
            if ((i & 4) == 4) {
                i2 |= 32;
            }
        } else {
            if ((i & 1) == 1) {
                i2 = 0 | 1;
            }
            if ((i & 2) == 2) {
                if (itemId.denotesNode()) {
                    try {
                        NodeState itemState = this.itemStateMgr.getItemState(itemId);
                        if (itemState.getAddedChildNodeEntries().size() > 0) {
                            i2 |= 4;
                        }
                        if (itemState.getRemovedChildNodeEntries().size() > 0) {
                            i2 |= 8;
                        }
                        if (itemState.getAddedPropertyNames().size() > 0 || itemState.getRemovedPropertyNames().size() > 0) {
                            i2 |= 2;
                        }
                        if (i2 == 0) {
                            i2 |= 4;
                        }
                    } catch (ItemStateException e) {
                        log.error("attempt to test permissions on inexistant state {}", e);
                        return false;
                    }
                } else {
                    i2 |= 2;
                }
            }
            if ((i & 4) == 4) {
                i2 |= 8;
            }
        }
        return acl.grants(ActionSetImpl.create(i2));
    }

    private CompiledACL getInheritedAcl(NodeId nodeId) throws RepositoryException {
        if (this.itemStateMgr == null || !this.itemStateMgr.hasItemState(nodeId)) {
            log.debug(new StringBuffer().append("getInheritedAcl: can't access item-states for ").append(nodeId).toString());
            return null;
        }
        try {
            ItemState itemState = this.itemStateMgr.getItemState(nodeId);
            while (itemState.getStatus() == 4 && itemState.getId() != this.rootNodeId) {
                nodeId = getParentId(nodeId);
                if (nodeId == null) {
                    return null;
                }
                itemState = this.itemStateMgr.getItemState(nodeId);
            }
            return this.aclProvider.getAcl(nodeId);
        } catch (ItemStateException e) {
            throw new ItemNotFoundException(e);
        }
    }

    private NodeId getParentId(NodeId nodeId) throws ItemNotFoundException {
        NodeId nodeId2 = null;
        try {
            if (this.rootNodeId == null) {
                this.rootNodeId = this.hierMgr.resolvePath(PathFactoryImpl.getInstance().getRootPath());
            }
            if (!this.rootNodeId.equals(nodeId)) {
                nodeId2 = (NodeId) this.hierMgr.resolvePath(this.hierMgr.getPath(nodeId).getAncestor(1));
            }
            return nodeId2;
        } catch (RepositoryException e) {
            throw new ItemNotFoundException(new StringBuffer().append("Parent for id '").append(nodeId).append("' could not be resolved").toString());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$day$crx$security$authorization$CRXAccessManager == null) {
            cls = class$("com.day.crx.security.authorization.CRXAccessManager");
            class$com$day$crx$security$authorization$CRXAccessManager = cls;
        } else {
            cls = class$com$day$crx$security$authorization$CRXAccessManager;
        }
        log = LoggerFactory.getLogger(cls);
    }
}
