package com.day.crx.security.authorization;

import com.day.crx.core.security.SecuritySetup;
import com.day.crx.security.spi.AbstractACL;
import com.day.crx.security.spi.WorkspaceACLProvider;
import javax.jcr.AccessDeniedException;
import javax.jcr.NoSuchWorkspaceException;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl;
import org.apache.jackrabbit.uuid.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/day/crx/security/authorization/DefaultWorkspaceACLProvider.class */
public class DefaultWorkspaceACLProvider implements WorkspaceACLProvider {
    static final String CVS_ID = "$URL: http://svn.day.com/repos/crx/tags/crx-1.4.2-load5/repository/crx-core/src/main/java/com/day/crx/security/authorization/DefaultWorkspaceACLProvider.java $ $Rev: 32279 $ $Date: 2007-12-21 14:11:26 +0100 (Fri, 21 Dec 2007) $";
    public static final String NT_REP_WORKSPACE = "rep:Workspace";
    public static final String NT_REP_WORKSPACE_ACCESS = "rep:WorkspaceAccess";
    public static final String NODE_REP_WORKSPACES = "rep:workspaces";
    private static final Logger log;
    private final SecuritySetup securitySetup;
    private final String securityRoot;
    private final Session session;
    static Class class$com$day$crx$security$authorization$DefaultWorkspaceACLProvider;
    public static final Name QNT_REP_WORKSPACE = NameFactoryImpl.getInstance().create("internal", "Workspace");
    public static final Name QNT_REP_WORKSPACE_ACCESS = NameFactoryImpl.getInstance().create("internal", "WorkspaceAccess");
    public static final Name QNODE_REP_WORKSPACES = NameFactoryImpl.getInstance().create("internal", "workspaces");

    public DefaultWorkspaceACLProvider(SecuritySetup securitySetup, Session session) throws RepositoryException {
        NodeImpl nodeImpl;
        this.securitySetup = securitySetup;
        try {
            NodeImpl rootNode = session.getRootNode();
            if (rootNode.hasNode(QNODE_REP_WORKSPACES)) {
                nodeImpl = rootNode.getNode(QNODE_REP_WORKSPACES);
            } else {
                NodeImpl addNode = rootNode.addNode(QNODE_REP_WORKSPACES, QNT_REP_WORKSPACE_ACCESS, (UUID) null);
                rootNode.save();
                nodeImpl = addNode;
            }
            this.securityRoot = nodeImpl.getPath();
            this.session = session;
        } catch (AccessDeniedException e) {
            log.error(new StringBuffer().append("do not have sufficent priveleges on: ").append(session.getWorkspace().getName()).toString());
            throw e;
        }
    }

    @Override // com.day.crx.security.spi.WorkspaceACLProvider
    public AbstractACL getAcl(String str) throws RepositoryException, NoSuchWorkspaceException {
        if (this.session.getRepository().getConfig().getWorkspaceConfig(str) == null) {
            throw new NoSuchWorkspaceException(str);
        }
        StringBuffer stringBuffer = new StringBuffer(this.securityRoot);
        stringBuffer.append("/");
        stringBuffer.append(str);
        stringBuffer.append("/");
        stringBuffer.append(DefaultACLProvider.NODE_REP_ACCESS_CONTROL);
        if (!this.session.itemExists(stringBuffer.toString())) {
            setWorkspaceAccess(str, this.securitySetup.getWorkspaceAccessPrincipals(str));
        }
        return new DefaultACL(this.session.getItem(stringBuffer.toString()), null);
    }

    private void setWorkspaceAccess(String str, String[] strArr) throws RepositoryException {
        NodeImpl nodeImpl = (NodeImpl) this.session.getItem(this.securityRoot);
        NodeImpl orCreate = getOrCreate(getOrCreate(nodeImpl, NameFactoryImpl.getInstance().create("", str), QNT_REP_WORKSPACE), DefaultACLProvider.QNODE_REP_ACCESS_CONTROL, DefaultACLProvider.QNT_REP_ACCESS_CONTROL);
        Value[] valueArr = {this.session.getValueFactory().createValue("workspaceAccess")};
        for (int i = 0; i < strArr.length; i++) {
            if (!orCreate.hasNode(strArr[i])) {
                Node addNode = orCreate.addNode(strArr[i], DefaultACLProvider.NT_REP_GRANT_PERMISSION);
                addNode.setProperty(DefaultACLProvider.PROP_REP_PRINCIPAL, strArr[i]);
                addNode.setProperty(DefaultACLProvider.PROP_REP_ACTIONS, valueArr);
                log.info(new StringBuffer().append("...granted ").append(strArr[i]).append(" access to workspace '").append(str).append("'...").toString());
            }
        }
        nodeImpl.save();
    }

    private NodeImpl getOrCreate(NodeImpl nodeImpl, Name name, Name name2) throws RepositoryException {
        return nodeImpl.hasNode(name) ? nodeImpl.getNode(name) : nodeImpl.addNode(name, name2, (UUID) null);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$day$crx$security$authorization$DefaultWorkspaceACLProvider == null) {
            cls = class$("com.day.crx.security.authorization.DefaultWorkspaceACLProvider");
            class$com$day$crx$security$authorization$DefaultWorkspaceACLProvider = cls;
        } else {
            cls = class$com$day$crx$security$authorization$DefaultWorkspaceACLProvider;
        }
        log = LoggerFactory.getLogger(cls);
    }
}
