package org.bedework.webdav.servlet.access;

import java.util.Collection;
import java.util.TreeSet;
import org.apache.log4j.Logger;
import org.bedework.access.Access;
import org.bedework.access.AccessPrincipal;
import org.bedework.access.Ace;
import org.bedework.access.AceWho;
import org.bedework.access.Acl;
import org.bedework.access.PrivilegeSet;
import org.bedework.webdav.servlet.access.AccessHelperI;
import org.bedework.webdav.servlet.shared.WebdavException;
import org.bedework.webdav.servlet.shared.WebdavForbidden;

/* loaded from: input_file:lib/bw-webdav-4.0.4.jar:org/bedework/webdav/servlet/access/AccessHelper.class */
public class AccessHelper implements AccessHelperI {
    private boolean debug;
    private Access access;
    private boolean superUser;
    private AccessPrincipal authPrincipal;
    private AccessHelperI.CallBack cb;
    private PrivilegeSet maxAllowedPrivs;
    private transient Logger log;

    @Override // org.bedework.webdav.servlet.access.AccessHelperI
    public void init(AccessHelperI.CallBack callBack) throws WebdavException {
        this.cb = callBack;
        this.debug = getLog().isDebugEnabled();
        try {
            this.access = new Access();
        } catch (Throwable th) {
            throw new WebdavException(th);
        }
    }

    @Override // org.bedework.webdav.servlet.access.AccessHelperI
    public void setSuperUser(boolean z) {
        this.superUser = z;
    }

    @Override // org.bedework.webdav.servlet.access.AccessHelperI
    public boolean getSuperUser() {
        return this.superUser;
    }

    public void setMaximumAllowedPrivs(PrivilegeSet privilegeSet) {
        this.maxAllowedPrivs = privilegeSet;
    }

    @Override // org.bedework.webdav.servlet.access.AccessHelperI
    public void setAuthPrincipal(AccessPrincipal accessPrincipal) {
        this.authPrincipal = accessPrincipal;
    }

    @Override // org.bedework.webdav.servlet.access.AccessHelperI
    public void open() {
    }

    @Override // org.bedework.webdav.servlet.access.AccessHelperI
    public void close() {
    }

    @Override // org.bedework.webdav.servlet.access.AccessHelperI
    public SharedEntity getParent(SharedEntity sharedEntity) throws WebdavException {
        if (sharedEntity.getParentPath() == null) {
            return null;
        }
        return this.cb.getCollection(sharedEntity.getParentPath());
    }

    @Override // org.bedework.webdav.servlet.access.AccessHelperI
    public String getDefaultPublicAccess() {
        return Access.getDefaultPublicAccess();
    }

    @Override // org.bedework.webdav.servlet.access.AccessHelperI
    public String getDefaultPersonalAccess() {
        return Access.getDefaultPersonalAccess();
    }

    @Override // org.bedework.webdav.servlet.access.AccessHelperI
    public void changeAccess(SharedEntity sharedEntity, Collection<Ace> collection, boolean z) throws WebdavException {
        Collection<Ace> aces;
        try {
            Acl acl = checkAccess(sharedEntity, 6, false).getAcl();
            if (z) {
                aces = collection;
            } else {
                aces = acl.getAces();
                aces.addAll(collection);
            }
            sharedEntity.setAccess(new Acl(aces).encodeStr());
        } catch (WebdavException e) {
            throw e;
        } catch (Throwable th) {
            throw new WebdavException(th);
        }
    }

    @Override // org.bedework.webdav.servlet.access.AccessHelperI
    public void defaultAccess(SharedEntity sharedEntity, AceWho aceWho) throws WebdavException {
        try {
            Acl acl = checkAccess(sharedEntity, 6, false).getAcl();
            if (acl.removeWho(aceWho) != null) {
                sharedEntity.setAccess(acl.encodeStr());
            }
        } catch (WebdavException e) {
            throw e;
        } catch (Throwable th) {
            throw new WebdavException(th);
        }
    }

    @Override // org.bedework.webdav.servlet.access.AccessHelperI
    public Collection<? extends SharedEntity> checkAccess(Collection<? extends SharedEntity> collection, int i, boolean z) throws WebdavException {
        TreeSet treeSet = new TreeSet();
        for (SharedEntity sharedEntity : collection) {
            if (checkAccess(sharedEntity, i, z).getAccessAllowed()) {
                treeSet.add(sharedEntity);
            }
        }
        return treeSet;
    }

    @Override // org.bedework.webdav.servlet.access.AccessHelperI
    public Acl.CurrentAccess checkAccess(SharedEntity sharedEntity, int i, boolean z) throws WebdavException {
        Acl.CurrentAccess currentAccess;
        if (sharedEntity == null) {
            return null;
        }
        AccessState accessState = sharedEntity.getAccessState();
        if (accessState != null && (currentAccess = accessState.getCurrentAccess(i)) != null) {
            if (currentAccess.getAccessAllowed() || z) {
                return currentAccess;
            }
            throw new WebdavForbidden();
        }
        try {
            Acl.CurrentAccess currentAccess2 = null;
            AccessPrincipal principal = this.cb.getPrincipal(sharedEntity.getOwnerHref());
            PrivilegeSet privilegeSet = null;
            if (sharedEntity.isCollection()) {
                String path = sharedEntity.getPath();
                if (!getSuperUser()) {
                    if (this.cb.getUserHomeRoot().equals(path)) {
                        currentAccess2 = Acl.defaultNonOwnerAccess;
                    } else if (path.equals(this.cb.getUserHomeRoot() + principal.getAccount() + "/")) {
                        privilegeSet = PrivilegeSet.userHomeMaxPrivileges;
                    }
                }
            }
            if (privilegeSet == null) {
                privilegeSet = this.maxAllowedPrivs;
            } else if (this.maxAllowedPrivs != null) {
                privilegeSet = PrivilegeSet.filterPrivileges(privilegeSet, this.maxAllowedPrivs);
            }
            if (currentAccess2 == null) {
                char[] aclChars = getAclChars(sharedEntity);
                if (this.debug) {
                    getLog().debug("aclChars = " + new String(aclChars));
                }
                currentAccess2 = i == 25 ? this.access.checkAny(this.cb, this.authPrincipal, principal, aclChars, privilegeSet) : i == 1 ? this.access.checkRead(this.cb, this.authPrincipal, principal, aclChars, privilegeSet) : i == 5 ? this.access.checkReadWrite(this.cb, this.authPrincipal, principal, aclChars, privilegeSet) : this.access.evaluateAccess(this.cb, this.authPrincipal, principal, i, aclChars, privilegeSet);
            }
            if (this.authPrincipal != null && this.superUser) {
                if (this.debug && !currentAccess2.getAccessAllowed()) {
                    getLog().debug("Override for superuser");
                }
                currentAccess2 = Acl.forceAccessAllowed(currentAccess2);
            }
            if (sharedEntity.isCollection()) {
                if (accessState == null) {
                    accessState = new AccessState(sharedEntity);
                    sharedEntity.setAccessState(accessState);
                }
                accessState.setCurrentAccess(currentAccess2, i);
            }
            if (currentAccess2.getAccessAllowed() || z) {
                return currentAccess2;
            }
            throw new WebdavForbidden();
        } catch (WebdavException e) {
            throw e;
        } catch (Throwable th) {
            throw new WebdavException(th);
        }
    }

    private char[] getAclChars(SharedEntity sharedEntity) throws WebdavException {
        String access;
        SharedEntity parent = sharedEntity.isCollection() ? sharedEntity : getParent(sharedEntity);
        String path = parent.getPath();
        SharedEntity parent2 = getParent(parent);
        if (parent2 != null) {
            access = new String(merged(getAclChars(parent2), parent2.getPath(), parent.getAccess()));
        } else {
            if (parent.getAccess() == null) {
                throw new WebdavException("Collections must have default access set at root");
            }
            access = parent.getAccess();
        }
        char[] charArray = access.toCharArray();
        return sharedEntity.isCollection() ? charArray : merged(charArray, path, sharedEntity.getAccess());
    }

    private char[] merged(char[] cArr, String str, String str2) throws WebdavException {
        Acl acl = null;
        if (str2 != null) {
            try {
                acl = Acl.decode(str2.toCharArray());
            } catch (Throwable th) {
                throw new WebdavException(th);
            }
        }
        return (acl == null ? Acl.decode(cArr, str) : acl.merge(cArr, str)).encodeAll();
    }

    private Logger getLog() {
        if (this.log == null) {
            this.log = Logger.getLogger(getClass());
        }
        return this.log;
    }
}
