package org.exoplatform.services.jcr.webdav.command;

import java.security.AccessControlException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.ws.rs.core.Response;
import org.exoplatform.common.util.HierarchicalProperty;
import org.exoplatform.services.jcr.access.PermissionType;
import org.exoplatform.services.jcr.impl.core.NodeImpl;
import org.exoplatform.services.jcr.webdav.command.acl.ACLProperties;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.exoplatform.services.security.IdentityConstants;

/* loaded from: input_file:APP-INF/lib/exo.jcr.component.webdav-1.15.4-GA.jar:org/exoplatform/services/jcr/webdav/command/AclCommand.class */
public class AclCommand {
    private static final Log LOG = ExoLogger.getLogger(AclCommand.class);

    public Response acl(Session session, String str, HierarchicalProperty hierarchicalProperty) {
        try {
            NodeImpl nodeImpl = (NodeImpl) session.getItem(str);
            boolean z = false;
            boolean z2 = nodeImpl.isNodeType("mix:versionable") && !nodeImpl.isCheckedOut();
            if (!nodeImpl.isNodeType("exo:owneable")) {
                if (z2) {
                    nodeImpl.checkout();
                }
                nodeImpl.addMixin("exo:owneable");
                z = true;
            }
            if (!nodeImpl.isNodeType("exo:privilegeable")) {
                if (z2) {
                    nodeImpl.checkout();
                }
                nodeImpl.addMixin("exo:privilegeable");
                z = true;
            }
            if (z) {
                session.save();
                if (z2) {
                    nodeImpl.checkin();
                    session.save();
                }
            }
            changeNodeACL(nodeImpl, hierarchicalProperty);
            return Response.status(200).build();
        } catch (IllegalArgumentException e) {
            LOG.error(e.getMessage(), e);
            return Response.status(400).entity(e.getMessage()).build();
        } catch (AccessControlException e2) {
            LOG.error(e2.getMessage(), e2);
            return Response.status(403).entity(e2.getMessage()).build();
        } catch (PathNotFoundException e3) {
            return Response.status(404).entity(e3.getMessage()).build();
        } catch (RepositoryException e4) {
            LOG.error(e4.getMessage(), e4);
            return Response.status(500).entity(e4.getMessage()).build();
        } catch (Exception e5) {
            LOG.error(e5.getMessage(), e5);
            return Response.status(400).build();
        }
    }

    private void changeNodeACL(NodeImpl nodeImpl, HierarchicalProperty hierarchicalProperty) throws AccessControlException, RepositoryException {
        String str;
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (HierarchicalProperty hierarchicalProperty2 : hierarchicalProperty.getChildren()) {
            HierarchicalProperty child = hierarchicalProperty2.getChild(ACLProperties.PRINCIPAL);
            if (child == null) {
                throw new IllegalArgumentException("Malformed ace element (seems that no principal element specified)");
            }
            if (child.getChild(ACLProperties.HREF) != null) {
                str = child.getChild(ACLProperties.HREF).getValue();
            } else {
                if (child.getChild(ACLProperties.ALL) == null) {
                    throw new IllegalArgumentException("Malformed principal element");
                }
                str = IdentityConstants.ANY;
            }
            HierarchicalProperty child2 = hierarchicalProperty2.getChild(ACLProperties.DENY);
            HierarchicalProperty child3 = hierarchicalProperty2.getChild(ACLProperties.GRANT);
            if (child2 == null && child3 == null) {
                throw new IllegalArgumentException("Malformed ace element (seems that no deny|grant element specified)");
            }
            if (child2 != null) {
                hashMap2.put(str, getPermissions(child2));
            }
            if (child3 != null) {
                hashMap.put(str, getPermissions(child3));
            }
            if (hashMap2.size() != 0 && hashMap.size() != 0) {
                for (String str2 : (String[]) hashMap2.get(str)) {
                    for (String str3 : (String[]) hashMap.get(str)) {
                        if (str2.equals(str3)) {
                            throw new IllegalArgumentException("Malformed ace element (seems that a client is trying to grant and denay the same privilege in a single ace)");
                        }
                    }
                }
            }
        }
        if (hashMap2.size() != 0) {
            for (Map.Entry entry : hashMap2.entrySet()) {
                for (String str4 : (String[]) entry.getValue()) {
                    nodeImpl.removePermission((String) entry.getKey(), str4);
                }
            }
            nodeImpl.getSession().save();
        }
        if (hashMap.size() != 0) {
            for (Map.Entry entry2 : hashMap.entrySet()) {
                nodeImpl.setPermission((String) entry2.getKey(), (String[]) entry2.getValue());
            }
            nodeImpl.getSession().save();
        }
    }

    private String[] getPermissions(HierarchicalProperty hierarchicalProperty) {
        HierarchicalProperty hierarchicalProperty2;
        HashSet hashSet = new HashSet();
        if (hierarchicalProperty.getChildren().size() == 0) {
            throw new IllegalArgumentException("Malformed grant|deny element (seems that no privilige is specified)");
        }
        for (HierarchicalProperty hierarchicalProperty3 : hierarchicalProperty.getChildren()) {
            if (!ACLProperties.PRIVILEGE.equals(hierarchicalProperty3.getName())) {
                hierarchicalProperty2 = hierarchicalProperty3;
            } else {
                if (hierarchicalProperty3.getChildren().size() > 1) {
                    throw new IllegalArgumentException("Malformed privilege name (element privilege must contain only one element)");
                }
                hierarchicalProperty2 = hierarchicalProperty3.getChild(0);
            }
            if (ACLProperties.READ.equals(hierarchicalProperty2.getName())) {
                hashSet.add("read");
            } else if (ACLProperties.WRITE.equals(hierarchicalProperty2.getName())) {
                hashSet.add(PermissionType.ADD_NODE);
                hashSet.add(PermissionType.SET_PROPERTY);
                hashSet.add(PermissionType.REMOVE);
            } else {
                if (!ACLProperties.ALL.equals(hierarchicalProperty2.getName())) {
                    throw new IllegalArgumentException("Malformed privilege element (unsupported privilege name)");
                }
                hashSet.add("read");
                hashSet.add(PermissionType.ADD_NODE);
                hashSet.add(PermissionType.SET_PROPERTY);
                hashSet.add(PermissionType.REMOVE);
            }
        }
        return (String[]) hashSet.toArray(new String[0]);
    }
}
