package com.day.crx.security.user;

import com.day.crx.CRXSession;
import com.day.crx.security.ACEIterator;
import com.day.crx.security.ACLManager;
import com.day.crx.security.ActionSet;
import com.day.crx.security.EditableACE;
import com.day.crx.security.EditableACL;
import com.day.crx.security.Impersonation;
import com.day.crx.security.User;
import com.day.crx.security.authorization.ActionSetImpl;
import com.day.crx.security.authorization.DefaultEditableACE;
import java.security.Principal;
import javax.jcr.Node;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.security.auth.Subject;

/* loaded from: input_file:com/day/crx/security/user/ImpersonationImpl.class */
public class ImpersonationImpl implements Impersonation {
    static final String CVS_ID = "$URL: http://svn.day.com/repos/crx/tags/crx-1.4.2-load3/repository/crx-core/src/main/java/com/day/crx/security/user/ImpersonationImpl.java $ $Rev: 25006 $ $Date: 2007-02-05 14:59:44 +0100 (Mon, 05 Feb 2007) $";
    public static final String SUDOERS_PATH = "rep:sudoers";
    public static final String SUDOERS_NODE_TYPE = "rep:Sudoers";
    private static final ActionSet SUDO_ACTION_SET = ActionSetImpl.create(ActionSetImpl.ACTION_SUDO);
    private ACLManager aclManager;
    private String path;
    private final UserImpl user;
    static Class class$com$day$crx$security$principals$AdminPrincipal;
    static Class class$org$apache$jackrabbit$core$security$SystemPrincipal;

    /* JADX INFO: Access modifiers changed from: protected */
    public ImpersonationImpl(UserImpl userImpl) throws RepositoryException {
        this.user = userImpl;
        CRXSession session = userImpl.getNode().getSession();
        if (session instanceof CRXSession) {
            this.aclManager = session.getACLManager();
            this.path = new StringBuffer().append(userImpl.getNode().getPath()).append("/").append(SUDOERS_PATH).toString();
        }
    }

    public User getImpersonated() {
        return this.user;
    }

    public boolean grantImpersonation(Principal principal) throws RepositoryException {
        EditableACL editableACL = getEditableACL(true);
        if (editableACL == null) {
            return false;
        }
        DefaultEditableACE defaultEditableACE = new DefaultEditableACE(principal, true, editableACL);
        defaultEditableACE.addAction("sudo");
        editableACL.add(defaultEditableACE);
        setACL(editableACL);
        return true;
    }

    public boolean revokeImpersonation(Principal principal) throws RepositoryException {
        EditableACL editableACL = getEditableACL(false);
        if (editableACL == null) {
            return false;
        }
        ACEIterator entries = editableACL.getEntries();
        while (entries.hasNext()) {
            EditableACE nextACE = entries.nextACE();
            if (nextACE.getPrincipal().equals(principal) && nextACE.containsActions(ActionSetImpl.SUDO)) {
                nextACE.removeAction("sudo");
                setACL(editableACL);
                return true;
            }
        }
        return false;
    }

    public boolean impersonates(Principal principal) throws RepositoryException {
        Subject subject = new Subject();
        subject.getPrincipals().add(principal);
        return impersonates(subject);
    }

    public boolean impersonates(Subject subject) throws RepositoryException {
        Class cls;
        Class cls2;
        if (subject == null) {
            return false;
        }
        if (class$com$day$crx$security$principals$AdminPrincipal == null) {
            cls = class$("com.day.crx.security.principals.AdminPrincipal");
            class$com$day$crx$security$principals$AdminPrincipal = cls;
        } else {
            cls = class$com$day$crx$security$principals$AdminPrincipal;
        }
        if (!subject.getPrincipals(cls).isEmpty()) {
            return true;
        }
        if (class$org$apache$jackrabbit$core$security$SystemPrincipal == null) {
            cls2 = class$("org.apache.jackrabbit.core.security.SystemPrincipal");
            class$org$apache$jackrabbit$core$security$SystemPrincipal = cls2;
        } else {
            cls2 = class$org$apache$jackrabbit$core$security$SystemPrincipal;
        }
        if (!subject.getPrincipals(cls2).isEmpty()) {
            return true;
        }
        try {
            if (this.aclManager != null) {
                return this.aclManager.getAcl(this.path).grants(subject.getPrincipals(), SUDO_ACTION_SET);
            }
            return false;
        } catch (PathNotFoundException e) {
            return false;
        }
    }

    private void setACL(EditableACL editableACL) throws RepositoryException {
        if (this.aclManager != null) {
            this.aclManager.setAcl(this.path, editableACL);
        }
    }

    private EditableACL getEditableACL(boolean z) throws RepositoryException {
        if (this.aclManager == null) {
            return null;
        }
        Node node = this.user.getNode();
        if (!this.user.getNode().hasNode(SUDOERS_PATH)) {
            if (!z) {
                return null;
            }
            node.addNode(SUDOERS_PATH, SUDOERS_NODE_TYPE);
            node.save();
        }
        return this.aclManager.editAcl(this.path);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
