package com.day.crx.security.authorization;

import EDU.oswego.cs.dl.util.concurrent.ReadWriteLock;
import EDU.oswego.cs.dl.util.concurrent.ReentrantWriterPreferenceReadWriteLock;
import com.day.crx.core.CRXSystemSession;
import com.day.crx.security.ACE;
import com.day.crx.security.ACEIterator;
import com.day.crx.security.EditableACL;
import com.day.crx.security.spi.ACLEditor;
import com.day.crx.security.spi.ACLProvider;
import com.day.crx.security.spi.AbstractACL;
import com.day.crx.security.spi.WorkspaceACLProvider;
import java.util.HashSet;
import java.util.Iterator;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.observation.EventIterator;
import javax.jcr.observation.EventListener;
import javax.jcr.observation.ObservationManager;
import org.apache.jackrabbit.core.ItemId;
import org.apache.jackrabbit.core.ItemImpl;
import org.apache.jackrabbit.core.ItemManager;
import org.apache.jackrabbit.core.NodeId;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.PropertyId;
import org.apache.jackrabbit.core.observation.EventImpl;
import org.apache.jackrabbit.name.MalformedPathException;
import org.apache.jackrabbit.name.PathFormat;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/day/crx/security/authorization/DefaultACLProvider.class */
public class DefaultACLProvider implements ACLProvider {
    static final String CVS_ID = "$URL: http://svn.day.com/repos/crx/tags/crx-1.4.2-load3/repository/crx-core/src/main/java/com/day/crx/security/authorization/DefaultACLProvider.java $ $Rev: 32279 $ $Date: 2007-12-21 14:11:26 +0100 (Fri, 21 Dec 2007) $";
    public static final String PROP_REP_ACTIONS = "rep:actions";
    public static final String NODE_REP_ACCESS_CONTROL = "rep:accessControl";
    public static final String NT_REP_ACCESS_CONTROLLABLE = "rep:AccessControllable";
    public static final String NT_REP_ACCESS_CONTROL = "rep:AccessControl";
    public static final String NT_REP_PERMISSION = "rep:Permission";
    public static final String NT_REP_GRANT_PERMISSION = "rep:GrantPermission";
    public static final String NT_REP_DENY_PERMISSION = "rep:DenyPermission";
    public static final String PROP_REP_PRINCIPAL = "rep:principal";
    private static final Logger log;
    private final ItemManager itemMgr;
    private final ACLCache cache;
    private final NodeId rootNodeId;
    private final ReadWriteLock lock = new ReentrantWriterPreferenceReadWriteLock();
    private final PermissionListener permListener = new PermissionListener(this, null);
    private final AclListener aclListener;
    private final ItemListener itemListener;
    private final CRXSystemSession systemSession;
    private final WorkspaceACLProvider wspAclProvider;
    static Class class$com$day$crx$security$authorization$DefaultACLProvider;
    public static final Name QPROP_REP_ACTIONS = NameFactoryImpl.getInstance().create("internal", "actions");
    public static final Name QNODE_REP_ACCESS_CONTROL = NameFactoryImpl.getInstance().create("internal", "accessControl");
    public static final Name QNT_REP_ACCESS_CONTROLLABLE = NameFactoryImpl.getInstance().create("internal", "AccessControllable");
    public static final Name QNT_REP_ACCESS_CONTROL = NameFactoryImpl.getInstance().create("internal", "AccessControl");
    public static final Name QNT_REP_PERMISSION = NameFactoryImpl.getInstance().create("internal", "Permission");
    public static final Name QNT_REP_GRANT_PERMISSION = NameFactoryImpl.getInstance().create("internal", "GrantPermission");
    public static final Name QNT_REP_DENY_PERMISSION = NameFactoryImpl.getInstance().create("internal", "DenyPermission");
    public static final Name QPROP_REP_PRINCIPAL = NameFactoryImpl.getInstance().create("internal", "principal");

    /* renamed from: com.day.crx.security.authorization.DefaultACLProvider$1, reason: invalid class name */
    /* loaded from: input_file:com/day/crx/security/authorization/DefaultACLProvider$1.class */
    static class AnonymousClass1 {
    }

    /* loaded from: input_file:com/day/crx/security/authorization/DefaultACLProvider$AclListener.class */
    private class AclListener implements EventListener {
        private final DefaultACLProvider this$0;

        private AclListener(DefaultACLProvider defaultACLProvider) {
            this.this$0 = defaultACLProvider;
        }

        public void onEvent(EventIterator eventIterator) {
            HashSet hashSet = new HashSet();
            while (eventIterator.hasNext()) {
                EventImpl nextEvent = eventIterator.nextEvent();
                if (nextEvent.getType() == 1) {
                    try {
                        NodeImpl parent = this.this$0.systemSession.getItem(nextEvent.getPath()).getParent();
                        NodeId id = parent.getId();
                        while (!id.equals(this.this$0.rootNodeId)) {
                            parent = (NodeImpl) parent.getParent();
                            id = (NodeId) parent.getId();
                            if (this.this$0.isAccessControlled(parent)) {
                                break;
                            }
                        }
                        hashSet.add(id);
                    } catch (RepositoryException e) {
                        DefaultACLProvider.log.info("Error while accessing node: {}", e.toString());
                    }
                } else {
                    hashSet.add(nextEvent.getParentId());
                }
            }
            Iterator it = hashSet.iterator();
            if (it.hasNext()) {
                this.this$0.acquireWriteLock();
                while (it.hasNext()) {
                    try {
                        this.this$0.cache.removeItem((NodeId) it.next());
                    } finally {
                        this.this$0.releaseWriteLock();
                    }
                }
            }
        }

        AclListener(DefaultACLProvider defaultACLProvider, AnonymousClass1 anonymousClass1) {
            this(defaultACLProvider);
        }
    }

    /* loaded from: input_file:com/day/crx/security/authorization/DefaultACLProvider$DefaultACLEditor.class */
    private class DefaultACLEditor implements ACLEditor {
        private static final String DEFAULT_PERMISSION_NAME = "permission";
        private final DefaultACLProvider this$0;

        private DefaultACLEditor(DefaultACLProvider defaultACLProvider) {
            this.this$0 = defaultACLProvider;
        }

        @Override // com.day.crx.security.spi.ACLEditor
        public EditableACL editAcl(ItemId itemId) throws RepositoryException {
            DefaultEditableACL defaultEditableACL = null;
            DefaultACL defaultACL = (DefaultACL) this.this$0.getAcl(itemId);
            if (defaultACL == null) {
                defaultEditableACL = new DefaultEditableACL(itemId);
            } else if (this.this$0.itemMgr.itemExists(itemId)) {
                defaultEditableACL = new DefaultEditableACL(itemId, defaultACL);
            }
            return defaultEditableACL;
        }

        @Override // com.day.crx.security.spi.ACLEditor
        public void setAcl(ItemId itemId, EditableACL editableACL) throws RepositoryException {
            writeAcl(editableACL, getAclNode(itemId, true));
        }

        @Override // com.day.crx.security.spi.ACLEditor
        public void removeAcl(ItemId itemId) throws RepositoryException {
            Node aclNode = getAclNode(itemId, false);
            if (aclNode != null) {
                Node parent = aclNode.getParent();
                aclNode.remove();
                try {
                    parent.save();
                } catch (RepositoryException e) {
                    parent.refresh(false);
                    throw e;
                }
            }
        }

        private Node getAclNode(ItemId itemId, boolean z) throws RepositoryException {
            Node node = null;
            ItemImpl item = this.this$0.itemMgr.getItem(itemId);
            Node parent = item.isNode() ? (Node) item : item.getParent();
            if (parent.isNodeType(DefaultACLProvider.NT_REP_ACCESS_CONTROLLABLE) && parent.hasNode(DefaultACLProvider.NODE_REP_ACCESS_CONTROL)) {
                node = parent.getNode(DefaultACLProvider.NODE_REP_ACCESS_CONTROL);
            } else if (parent.isNodeType(DefaultACLProvider.NT_REP_ACCESS_CONTROL)) {
                node = parent;
                parent = node.getParent();
            }
            if (z) {
                boolean z2 = (parent.isModified() && parent.isNew()) ? false : true;
                if (node == null) {
                    if (!parent.isNodeType(DefaultACLProvider.NT_REP_ACCESS_CONTROLLABLE)) {
                        parent.addMixin(DefaultACLProvider.NT_REP_ACCESS_CONTROLLABLE);
                    }
                    node = parent.addNode(DefaultACLProvider.NODE_REP_ACCESS_CONTROL, DefaultACLProvider.NT_REP_ACCESS_CONTROL);
                } else {
                    NodeIterator nodes = node.getNodes();
                    while (nodes.hasNext()) {
                        Node nextNode = nodes.nextNode();
                        if (nextNode.isNodeType(DefaultACLProvider.NT_REP_PERMISSION)) {
                            nextNode.remove();
                        }
                    }
                }
                if (z2) {
                    try {
                        parent.save();
                    } catch (RepositoryException e) {
                        parent.refresh(false);
                        DefaultACLProvider.log.error(new StringBuffer().append("setAcl: failed to create Node for ACL ").append(itemId).append(": ").append(e).toString());
                        throw e;
                    }
                }
            }
            return node;
        }

        private void writeAcl(EditableACL editableACL, Node node) throws RepositoryException {
            if (node == null || editableACL == null) {
                return;
            }
            try {
                ACEIterator entries = editableACL.getEntries();
                while (entries.hasNext()) {
                    ACE nextACE = entries.nextACE();
                    if (!nextACE.getActionSet().isEmpty()) {
                        Node addNode = node.addNode(getItemName(node, nextACE.getName()), nextACE.isAllow() ? DefaultACLProvider.NT_REP_GRANT_PERMISSION : DefaultACLProvider.NT_REP_DENY_PERMISSION);
                        addNode.setProperty(DefaultACLProvider.PROP_REP_PRINCIPAL, nextACE.getPrincipal().getName());
                        if (!nextACE.getActionSet().isEmpty()) {
                            addNode.setProperty(DefaultACLProvider.PROP_REP_ACTIONS, nextACE.getActionSet().getActions());
                        }
                    }
                }
                node.save();
            } catch (RepositoryException e) {
                node.refresh(false);
                DefaultACLProvider.log.error(new StringBuffer().append("setAcl: failed to persiste ACL ").append(editableACL.getName()).append(": ").append(e).toString());
                throw e;
            }
        }

        private String getItemName(Node node, String str) throws RepositoryException {
            if (str == null) {
                str = DEFAULT_PERMISSION_NAME;
            } else {
                try {
                    PathFormat.checkFormat(str);
                } catch (MalformedPathException e) {
                    str = DEFAULT_PERMISSION_NAME;
                    DefaultACLProvider.log.debug(new StringBuffer().append("Invalid path name for Permission: ").append(str).append(" set to ").append(DEFAULT_PERMISSION_NAME).toString());
                }
            }
            int i = 0;
            String str2 = str;
            while (node.hasNode(str2)) {
                str2 = new StringBuffer().append(str).append(i).toString();
                i++;
            }
            return str2;
        }

        DefaultACLEditor(DefaultACLProvider defaultACLProvider, AnonymousClass1 anonymousClass1) {
            this(defaultACLProvider);
        }
    }

    /* loaded from: input_file:com/day/crx/security/authorization/DefaultACLProvider$ItemListener.class */
    private class ItemListener implements EventListener {
        private final DefaultACLProvider this$0;

        private ItemListener(DefaultACLProvider defaultACLProvider) {
            this.this$0 = defaultACLProvider;
        }

        public void onEvent(EventIterator eventIterator) {
            HashSet hashSet = new HashSet();
            while (eventIterator.hasNext()) {
                hashSet.add(eventIterator.nextEvent().getChildId());
            }
            Iterator it = hashSet.iterator();
            if (it.hasNext()) {
                this.this$0.acquireWriteLock();
                while (it.hasNext()) {
                    try {
                        this.this$0.cache.removeItem((NodeId) it.next());
                    } finally {
                        this.this$0.releaseWriteLock();
                    }
                }
            }
        }

        ItemListener(DefaultACLProvider defaultACLProvider, AnonymousClass1 anonymousClass1) {
            this(defaultACLProvider);
        }
    }

    /* loaded from: input_file:com/day/crx/security/authorization/DefaultACLProvider$PermissionListener.class */
    private class PermissionListener implements EventListener {
        private final DefaultACLProvider this$0;

        private PermissionListener(DefaultACLProvider defaultACLProvider) {
            this.this$0 = defaultACLProvider;
        }

        public void onEvent(EventIterator eventIterator) {
            HashSet hashSet = new HashSet();
            while (eventIterator.hasNext()) {
                EventImpl nextEvent = eventIterator.nextEvent();
                if (nextEvent.getType() == 16) {
                    try {
                        hashSet.add(this.this$0.systemSession.getItem(nextEvent.getPath()).getParent().getParent().getId());
                    } catch (RepositoryException e) {
                        if (DefaultACLProvider.log.isDebugEnabled()) {
                            try {
                                DefaultACLProvider.log.debug("CacheEvent: acl-node not found for: {}", nextEvent.getPath());
                            } catch (RepositoryException e2) {
                            }
                        }
                    }
                } else {
                    hashSet.add(nextEvent.getParentId());
                }
            }
            Iterator it = hashSet.iterator();
            if (it.hasNext()) {
                this.this$0.acquireWriteLock();
                while (it.hasNext()) {
                    try {
                        this.this$0.cache.invalidateAcl((NodeId) it.next());
                    } finally {
                        this.this$0.releaseWriteLock();
                    }
                }
            }
        }

        PermissionListener(DefaultACLProvider defaultACLProvider, AnonymousClass1 anonymousClass1) {
            this(defaultACLProvider);
        }
    }

    public DefaultACLProvider(CRXSystemSession cRXSystemSession, WorkspaceACLProvider workspaceACLProvider) throws RepositoryException {
        this.itemMgr = cRXSystemSession.getItemManager();
        this.wspAclProvider = workspaceACLProvider;
        this.cache = new ACLCache(cRXSystemSession.getWorkspace().getName());
        this.systemSession = cRXSystemSession;
        this.rootNodeId = cRXSystemSession.getRootNode().getId();
        ObservationManager observationManager = cRXSystemSession.getWorkspace().getObservationManager();
        observationManager.addEventListener(this.permListener, 19, "/", true, (String[]) null, new String[]{NT_REP_PERMISSION, NT_REP_ACCESS_CONTROL}, false);
        this.aclListener = new AclListener(this, null);
        observationManager.addEventListener(this.aclListener, 3, "/", true, (String[]) null, new String[]{NT_REP_ACCESS_CONTROLLABLE}, false);
        this.itemListener = new ItemListener(this, null);
        observationManager.addEventListener(this.itemListener, 2, "/", true, (String[]) null, (String[]) null, false);
    }

    @Override // com.day.crx.security.spi.ACLProvider
    public void close() {
        try {
            ObservationManager observationManager = this.systemSession.getWorkspace().getObservationManager();
            observationManager.removeEventListener(this.permListener);
            observationManager.removeEventListener(this.aclListener);
            observationManager.removeEventListener(this.itemListener);
        } catch (RepositoryException e) {
            log.warn("close: failed to unregister Listeners: {}", e.getMessage());
        }
        acquireWriteLock();
        try {
            this.cache.close();
            releaseWriteLock();
        } catch (Throwable th) {
            releaseWriteLock();
            throw th;
        }
    }

    @Override // com.day.crx.security.spi.ACLProvider
    public AbstractACL getAcl(ItemId itemId) throws RepositoryException {
        NodeId parentId = itemId.denotesNode() ? (NodeId) itemId : ((PropertyId) itemId).getParentId();
        acquireReadLock();
        try {
            DefaultACL acl = this.cache.getAcl(parentId, true);
            if (acl != null) {
                if (acl.isValid()) {
                    return acl;
                }
            }
            releaseReadLock();
            if (!this.itemMgr.itemExists(parentId)) {
                return null;
            }
            acquireWriteLock();
            try {
                DefaultACL acl2 = this.cache.getAcl(parentId, true);
                if (acl2 == null || !acl2.isValid()) {
                    NodeImpl nodeImpl = (NodeImpl) this.itemMgr.getItem(parentId);
                    acl2 = nodeImpl.isNodeType(NT_REP_ACCESS_CONTROL) ? buildAcl(parentId, (NodeImpl) nodeImpl.getParent(), true) : nodeImpl.isNodeType(NT_REP_PERMISSION) ? buildAcl(parentId, (NodeImpl) nodeImpl.getParent().getParent(), true) : buildAcl(parentId, nodeImpl, false);
                }
                return acl2;
            } finally {
                releaseWriteLock();
            }
        } finally {
            releaseReadLock();
        }
    }

    @Override // com.day.crx.security.spi.ACLProvider
    public ACLEditor getEditor() {
        return new DefaultACLEditor(this, null);
    }

    @Override // com.day.crx.security.spi.ACLProvider
    public AbstractACL getWorkspaceAcl() throws RepositoryException {
        return this.wspAclProvider.getAcl(this.systemSession.getWorkspace().getName());
    }

    private DefaultACL buildAcl(ItemId itemId, NodeImpl nodeImpl, boolean z) throws RepositoryException {
        NodeImpl nodeImpl2 = nodeImpl;
        ItemId id = nodeImpl2.getId();
        if (!z) {
            if (!itemId.equals(this.rootNodeId)) {
                nodeImpl2 = (NodeImpl) nodeImpl2.getParent();
                ItemId id2 = nodeImpl2.getId();
                while (true) {
                    id = id2;
                    if (nodeImpl2 == null || isAccessControlled(nodeImpl2)) {
                        break;
                    }
                    if (id.equals(this.rootNodeId)) {
                        nodeImpl2 = null;
                        id2 = null;
                    } else {
                        nodeImpl2 = (NodeImpl) nodeImpl2.getParent();
                        id2 = nodeImpl2.getId();
                    }
                }
            } else {
                id = null;
                nodeImpl2 = null;
            }
        }
        DefaultACL defaultACL = null;
        if (nodeImpl2 != null) {
            defaultACL = this.cache.getAcl(id, false);
            if (defaultACL == null) {
                defaultACL = buildAcl(id, nodeImpl2, false);
            }
        }
        if (!z && isAccessControlled(nodeImpl)) {
            DefaultACL defaultACL2 = new DefaultACL(nodeImpl.getNode(QNODE_REP_ACCESS_CONTROL), defaultACL);
            this.cache.cache(itemId, id, defaultACL2);
            return defaultACL2;
        }
        if (defaultACL == null) {
            return null;
        }
        DefaultACL defaultACL3 = new DefaultACL((NodeId) itemId, defaultACL, z);
        this.cache.cache(itemId, id, defaultACL3);
        return defaultACL3;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isAccessControlled(NodeImpl nodeImpl) throws RepositoryException {
        return nodeImpl.isNodeType(QNT_REP_ACCESS_CONTROLLABLE) && nodeImpl.hasNode(QNODE_REP_ACCESS_CONTROL);
    }

    private void acquireReadLock() {
        try {
            this.lock.readLock().acquire();
        } catch (InterruptedException e) {
            log.error("interrupted while waiting for read-lock: {} ", e.getMessage());
        }
    }

    private void releaseReadLock() {
        this.lock.readLock().release();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void acquireWriteLock() {
        try {
            this.lock.writeLock().acquire();
        } catch (InterruptedException e) {
            log.error("interrupted while waiting for write-lock {}", e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void releaseWriteLock() {
        this.lock.writeLock().release();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$day$crx$security$authorization$DefaultACLProvider == null) {
            cls = class$("com.day.crx.security.authorization.DefaultACLProvider");
            class$com$day$crx$security$authorization$DefaultACLProvider = cls;
        } else {
            cls = class$com$day$crx$security$authorization$DefaultACLProvider;
        }
        log = LoggerFactory.getLogger(cls);
    }
}
