package org.modeshape.jcr;

import java.security.Principal;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.ValueFormatException;
import javax.jcr.lock.LockException;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import javax.jcr.version.VersionException;
import org.modeshape.jcr.cache.CachedNode;
import org.modeshape.jcr.cache.MutableCachedNode;
import org.modeshape.jcr.cache.NodeKey;
import org.modeshape.jcr.cache.SessionCache;
import org.modeshape.jcr.security.SecurityContext;
import org.modeshape.jcr.security.SimplePrincipal;
import org.modeshape.jcr.security.acl.AccessControlPolicyIteratorImpl;
import org.modeshape.jcr.security.acl.JcrAccessControlList;
import org.modeshape.jcr.security.acl.PrivilegeImpl;
import org.modeshape.jcr.security.acl.Privileges;
import org.modeshape.jcr.value.Path;

/* loaded from: input_file:WEB-INF/lib/modeshape-jcr-5.5.1.fcr.jar:org/modeshape/jcr/AccessControlManagerImpl.class */
public class AccessControlManagerImpl implements AccessControlManager {
    private static final AccessControlPolicy[] EMPTY_POLICIES;
    private final JcrSession session;
    private final Privileges privileges;
    private final JcrAccessControlList defaultACL = JcrAccessControlList.defaultAcl(this);
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessControlManagerImpl(JcrSession jcrSession) {
        this.session = jcrSession;
        this.privileges = new Privileges(jcrSession);
    }

    public Privilege[] privileges() {
        return this.privileges.listOfSupported();
    }

    @Override // javax.jcr.security.AccessControlManager
    public Privilege[] getSupportedPrivileges(String str) {
        return this.privileges.listOfSupported();
    }

    @Override // javax.jcr.security.AccessControlManager
    public Privilege privilegeFromName(String str) throws AccessControlException, RepositoryException {
        PrivilegeImpl forName = this.privileges.forName(str);
        if (forName == null) {
            throw new AccessControlException(str + " is not a valid name for privilege");
        }
        return forName;
    }

    @Override // javax.jcr.security.AccessControlManager
    public boolean hasPrivileges(String str, Privilege[] privilegeArr) throws PathNotFoundException, RepositoryException {
        JcrAccessControlList applicableACL = getApplicableACL(str);
        return applicableACL.isEmpty() || applicableACL.hasPrivileges(securityContext(), privilegeArr);
    }

    private JcrAccessControlList getApplicableACL(String str) throws RepositoryException {
        JcrAccessControlList findAccessList = findAccessList(str, true);
        return findAccessList != null ? findAccessList : this.defaultACL;
    }

    @Override // javax.jcr.security.AccessControlManager
    public Privilege[] getPrivileges(String str) throws PathNotFoundException, RepositoryException {
        return getApplicableACL(str).getPrivileges(securityContext());
    }

    @Override // javax.jcr.security.AccessControlManager
    public AccessControlPolicy[] getPolicies(String str) throws PathNotFoundException, AccessDeniedException, RepositoryException {
        if (this.session.isReadOnly()) {
            throw new AccessDeniedException(JcrI18n.permissionDenied.text(str, "read access control content"));
        }
        if (!hasPrivileges(str, new Privilege[]{this.privileges.forName(Privilege.JCR_READ_ACCESS_CONTROL)})) {
            throw new AccessDeniedException(JcrI18n.permissionDenied.text(str, "read access control content"));
        }
        JcrAccessControlList findAccessList = findAccessList(str, false);
        return findAccessList == null ? EMPTY_POLICIES : new AccessControlPolicy[]{findAccessList};
    }

    private SecurityContext securityContext() {
        return this.session.context().getSecurityContext();
    }

    @Override // javax.jcr.security.AccessControlManager
    public AccessControlPolicy[] getEffectivePolicies(String str) throws PathNotFoundException, AccessDeniedException, RepositoryException {
        AccessControlPolicy[] policies = getPolicies(str);
        return policies.length == 0 ? new AccessControlPolicy[]{(AccessControlPolicy) getApplicablePolicies(str).next()} : policies;
    }

    @Override // javax.jcr.security.AccessControlManager
    public AccessControlPolicyIterator getApplicablePolicies(String str) throws PathNotFoundException, AccessDeniedException, RepositoryException {
        if (this.session.isReadOnly()) {
            throw new AccessDeniedException(JcrI18n.permissionDenied.text(str, "read access control content"));
        }
        JcrAccessControlList applicableACL = getApplicableACL(str);
        if (applicableACL.isEmpty() || applicableACL.hasPrivileges(securityContext(), new Privilege[]{this.privileges.forName(Privilege.JCR_READ_ACCESS_CONTROL)})) {
            return this.session.cachedNode(this.session.pathFactory().create(str), false).hasACL(this.session.cache()) ? AccessControlPolicyIteratorImpl.EMPTY : new AccessControlPolicyIteratorImpl(new JcrAccessControlList(str));
        }
        throw new AccessDeniedException();
    }

    @Override // javax.jcr.security.AccessControlManager
    public void setPolicy(String str, AccessControlPolicy accessControlPolicy) throws PathNotFoundException, AccessControlException, AccessDeniedException, LockException, VersionException, RepositoryException {
        if (this.session.isReadOnly()) {
            throw new AccessDeniedException(JcrI18n.permissionDenied.text(str, "read access control content"));
        }
        if (!hasPrivileges(str, new Privilege[]{this.privileges.forName(Privilege.JCR_MODIFY_ACCESS_CONTROL)})) {
            throw new AccessDeniedException(JcrI18n.permissionDenied.text(str, "modify access control content"));
        }
        if (!(accessControlPolicy instanceof JcrAccessControlList)) {
            throw new AccessControlException("Invalid policy class (expected JcrAccessControlList): " + accessControlPolicy.getClass().getSimpleName());
        }
        Map<String, Set<String>> privilegesByPrincipalName = privilegesByPrincipalName((JcrAccessControlList) accessControlPolicy);
        try {
            CachedNode cachedNode = this.session.cachedNode(this.session.pathFactory().create(str), false);
            SessionCache cache = this.session.cache();
            MutableCachedNode.PermissionChanges permissions = cache.mutable(cachedNode.getKey()).setPermissions(cache, privilegesByPrincipalName);
            this.session.aclAdded(permissions.addedPrincipalsCount());
            this.session.aclRemoved(permissions.removedPrincipalsCount());
        } catch (UnsupportedOperationException e) {
            throw new RepositoryException(e);
        }
    }

    @Override // javax.jcr.security.AccessControlManager
    public void removePolicy(String str, AccessControlPolicy accessControlPolicy) throws PathNotFoundException, AccessControlException, AccessDeniedException, LockException, VersionException, RepositoryException {
        if (this.session.isReadOnly()) {
            throw new AccessDeniedException(JcrI18n.permissionDenied.text(str, "read access control content"));
        }
        if (!hasPrivileges(str, new Privilege[]{this.privileges.forName(Privilege.JCR_MODIFY_ACCESS_CONTROL)})) {
            throw new AccessDeniedException(JcrI18n.permissionDenied.text(str, "modify access control content"));
        }
        try {
            CachedNode cachedNode = this.session.cachedNode(this.session.pathFactory().create(str), false);
            SessionCache cache = this.session.cache();
            this.session.aclRemoved(cache.mutable(cachedNode.getKey()).removeACL(cache).removedPrincipalsCount());
        } catch (UnsupportedOperationException e) {
            throw new RepositoryException(e);
        }
    }

    private Map<String, Set<String>> privilegesByPrincipalName(JcrAccessControlList jcrAccessControlList) {
        HashMap hashMap = new HashMap();
        for (AccessControlEntry accessControlEntry : jcrAccessControlList.getAccessControlEntries()) {
            if (!$assertionsDisabled && accessControlEntry.getPrincipal() == null) {
                throw new AssertionError();
            }
            String name = accessControlEntry.getPrincipal().getName();
            HashSet hashSet = new HashSet();
            for (Privilege privilege : accessControlEntry.getPrivileges()) {
                hashSet.add(privilege.getName());
            }
            hashMap.put(name, hashSet);
        }
        return hashMap;
    }

    private JcrAccessControlList findAccessList(String str, boolean z) throws PathNotFoundException, RepositoryException {
        NodeKey parentKey;
        CachedNode cachedNode = this.session.cachedNode(this.session.pathFactory().create(str), false);
        SessionCache cache = this.session.cache();
        Map<String, Set<String>> permissions = cachedNode.getPermissions(cache);
        CachedNode cachedNode2 = cachedNode;
        if (z) {
            while (true) {
                if ((permissions != null && !permissions.isEmpty()) || (parentKey = cachedNode2.getParentKey(cache)) == null) {
                    break;
                }
                cachedNode2 = cache.getNode(parentKey);
                if (cachedNode2 == null) {
                    break;
                }
                permissions = cachedNode2.getPermissions(cache);
            }
        }
        if (permissions == null || cachedNode2 == null) {
            return null;
        }
        JcrAccessControlList jcrAccessControlList = new JcrAccessControlList(cachedNode.getKey().equals(cachedNode2.getKey()) ? str : cachedNode2.getPath(cache).getString());
        for (String str2 : permissions.keySet()) {
            jcrAccessControlList.addAccessControlEntry(principal(str2), privileges(permissions.get(str2)));
        }
        return jcrAccessControlList;
    }

    private Privilege[] privileges(Set<String> set) throws ValueFormatException, AccessControlException, RepositoryException {
        Privilege[] privilegeArr = new Privilege[set.size()];
        int i = 0;
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            privilegeArr[i2] = privilegeFromName(it.next());
        }
        return privilegeArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasPermission(Path path, String... strArr) {
        Privilege[] privilegeArr = new Privilege[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            privilegeArr[i] = this.privileges.forAction(strArr[i]);
        }
        try {
            return hasPrivileges(path.toString(), privilegeArr);
        } catch (Exception e) {
            return true;
        }
    }

    private Principal principal(String str) {
        return SimplePrincipal.newInstance(str);
    }

    static {
        $assertionsDisabled = !AccessControlManagerImpl.class.desiredAssertionStatus();
        EMPTY_POLICIES = new AccessControlPolicy[0];
    }
}
