package org.modeshape.jcr;

import java.security.Principal;
import javax.jcr.AccessDeniedException;
import javax.jcr.ItemNotFoundException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.ValueFormatException;
import javax.jcr.lock.LockException;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import javax.jcr.version.VersionException;
import org.modeshape.jcr.security.SimplePrincipal;
import org.modeshape.jcr.security.acl.AccessControlPolicyIteratorImpl;
import org.modeshape.jcr.security.acl.JcrAccessControlList;
import org.modeshape.jcr.security.acl.PrivilegeImpl;
import org.modeshape.jcr.security.acl.Privileges;
import org.modeshape.jcr.value.Path;
import org.modeshape.jcr.value.basic.SimpleNamespaceRegistry;

/* loaded from: input_file:org/modeshape/jcr/AccessControlManagerImpl.class */
public class AccessControlManagerImpl implements AccessControlManager {
    public static final String MODE_ACCESS_CONTROLLABLE = "mode:accessControllable";
    public static final String MODE_ACCESS_LIST_NODE = "mode:Acl";
    private static final String ACCESS_LIST_NODE = "mode:acl";
    private static final String MODE_ACCESS_LIST_ENTRY_NODE = "mode:Permission";
    private static final String PRINCIPAL_NAME = "name";
    private static final String PRIVILEGES = "privileges";
    private final JcrSession session;
    private final Privileges privileges;
    private final JcrAccessControlList defaultACL = JcrAccessControlList.defaultAcl(this);
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessControlManagerImpl(JcrSession jcrSession) {
        this.session = jcrSession;
        this.privileges = new Privileges(jcrSession);
    }

    public Privilege[] privileges() {
        return this.privileges.listOfSupported();
    }

    public Privilege[] getSupportedPrivileges(String str) {
        return this.privileges.listOfSupported();
    }

    public Privilege privilegeFromName(String str) throws AccessControlException, RepositoryException {
        PrivilegeImpl forName = this.privileges.forName(str);
        if (forName == null) {
            throw new AccessControlException(str + " is not a valid name for privilege");
        }
        return forName;
    }

    public boolean hasPrivileges(String str, Privilege[] privilegeArr) throws PathNotFoundException, RepositoryException {
        JcrAccessControlList findAccessList = findAccessList(str);
        return !found(findAccessList) ? this.defaultACL.hasPrivileges(this.session.context().getSecurityContext(), privilegeArr) : findAccessList.isEmpty() || findAccessList.hasPrivileges(this.session.context().getSecurityContext(), privilegeArr);
    }

    public Privilege[] getPrivileges(String str) throws PathNotFoundException, RepositoryException {
        JcrAccessControlList findAccessList = findAccessList(str);
        return !found(findAccessList) ? this.defaultACL.getPrivileges(this.session.context().getSecurityContext()) : findAccessList.getPrivileges(this.session.context().getSecurityContext());
    }

    public AccessControlPolicy[] getPolicies(String str) throws PathNotFoundException, AccessDeniedException, RepositoryException {
        if (this.session.isReadOnly()) {
            throw new AccessDeniedException(JcrI18n.permissionDenied.text(new Object[]{str, "read access control content"}));
        }
        if (!hasPrivileges(str, new Privilege[]{this.privileges.forName("{http://www.jcp.org/jcr/1.0}readAccessControl")})) {
            throw new AccessDeniedException();
        }
        AbstractJcrNode node = this.session.getNode(str, true);
        if (!node.hasNode(ACCESS_LIST_NODE)) {
            return new AccessControlPolicy[0];
        }
        AccessControlPolicy jcrAccessControlList = new JcrAccessControlList(this, str);
        NodeIterator nodesInternal = node.getNode(ACCESS_LIST_NODE, true).getNodesInternal();
        while (nodesInternal.hasNext()) {
            Node nextNode = nodesInternal.nextNode();
            String string = nextNode.getProperty("name").getString();
            Value[] values = nextNode.getProperty(PRIVILEGES).getValues();
            Privilege[] privilegeArr = new Privilege[values.length];
            for (int i = 0; i < privilegeArr.length; i++) {
                privilegeArr[i] = privilegeFromName(values[i].getString());
            }
            jcrAccessControlList.addAccessControlEntry(principal(string), privilegeArr);
        }
        return new AccessControlPolicy[]{jcrAccessControlList};
    }

    public AccessControlPolicy[] getEffectivePolicies(String str) throws PathNotFoundException, AccessDeniedException, RepositoryException {
        AccessControlPolicy[] policies = getPolicies(str);
        return policies.length == 0 ? new AccessControlPolicy[]{(AccessControlPolicy) getApplicablePolicies(str).next()} : policies;
    }

    public AccessControlPolicyIterator getApplicablePolicies(String str) throws PathNotFoundException, AccessDeniedException, RepositoryException {
        if (this.session.isReadOnly()) {
            throw new AccessDeniedException(JcrI18n.permissionDenied.text(new Object[]{str, "read access control content"}));
        }
        return this.session.getNode(str, true).hasNode(ACCESS_LIST_NODE) ? AccessControlPolicyIteratorImpl.EMPTY : new AccessControlPolicyIteratorImpl(new JcrAccessControlList(this, str));
    }

    public void setPolicy(String str, AccessControlPolicy accessControlPolicy) throws PathNotFoundException, AccessControlException, AccessDeniedException, LockException, VersionException, RepositoryException {
        AbstractJcrNode addAclNode;
        if (this.session.isReadOnly()) {
            throw new AccessDeniedException(JcrI18n.permissionDenied.text(new Object[]{str, "read access control content"}));
        }
        if (!hasPrivileges(str, new Privilege[]{this.privileges.forName("{http://www.jcp.org/jcr/1.0}modifyAccessControl")})) {
            throw new AccessDeniedException();
        }
        if (!(accessControlPolicy instanceof AccessControlList)) {
            throw new AccessControlException(SimpleNamespaceRegistry.DEFAULT_NAMESPACE_URI);
        }
        JcrAccessControlList jcrAccessControlList = (JcrAccessControlList) accessControlPolicy;
        AbstractJcrNode node = this.session.getNode(str, true);
        if (node.isExternal()) {
            throw new RepositoryException(JcrI18n.aclsOnExternalNodesNotAllowed.text(new Object[0]));
        }
        node.addMixin(MODE_ACCESS_CONTROLLABLE, false);
        AbstractJcrNode node2 = node.hasNode(ACCESS_LIST_NODE) ? node.getNode(ACCESS_LIST_NODE, true) : node.addAclNode(ACCESS_LIST_NODE, MODE_ACCESS_LIST_NODE);
        for (AccessControlEntry accessControlEntry : jcrAccessControlList.getAccessControlEntries()) {
            if (!$assertionsDisabled && accessControlEntry.getPrincipal() == null) {
                throw new AssertionError();
            }
            String name = accessControlEntry.getPrincipal().getName();
            if (node2.hasNode(name)) {
                addAclNode = node2.getNode(name, true);
            } else {
                addAclNode = node2.addAclNode(name, MODE_ACCESS_LIST_ENTRY_NODE);
                this.session.aclAdded(1L);
            }
            addAclNode.setPropertyInAccessControlScope("name", accessControlEntry.getPrincipal().getName());
            addAclNode.setPropertyInAccessControlScope(PRIVILEGES, privileges(accessControlEntry.getPrivileges()));
        }
        NodeIterator nodesInternal = node2.getNodesInternal();
        while (nodesInternal.hasNext()) {
            Node nextNode = nodesInternal.nextNode();
            if (!jcrAccessControlList.hasEntry(nextNode.getProperty("name").getString())) {
                nextNode.remove();
                this.session.aclRemoved(1L);
            }
        }
    }

    public void removePolicy(String str, AccessControlPolicy accessControlPolicy) throws PathNotFoundException, AccessControlException, AccessDeniedException, LockException, VersionException, RepositoryException {
        if (this.session.isReadOnly()) {
            throw new AccessDeniedException(JcrI18n.permissionDenied.text(new Object[]{str, "read access control content"}));
        }
        try {
            if (!hasPrivileges(str, new Privilege[]{this.privileges.forName("{http://www.jcp.org/jcr/1.0}modifyAccessControl")})) {
                throw new AccessDeniedException();
            }
            AbstractJcrNode m130getNode = this.session.m130getNode(str);
            if (m130getNode.isExternal()) {
                throw new RepositoryException(JcrI18n.aclsOnExternalNodesNotAllowed.text(new Object[0]));
            }
            if (m130getNode.hasNode(ACCESS_LIST_NODE)) {
                AbstractJcrNode node = m130getNode.getNode(ACCESS_LIST_NODE, true);
                this.session.aclRemoved(node.childCount());
                node.remove();
                m130getNode.removeMixin(MODE_ACCESS_CONTROLLABLE);
            }
        } catch (PathNotFoundException e) {
        }
    }

    public JcrAccessControlList findAccessList(String str) throws PathNotFoundException, RepositoryException {
        AbstractJcrNode node = this.session.getNode(str, true);
        while (!node.hasNode(ACCESS_LIST_NODE)) {
            try {
                node = node.mo5getParent();
            } catch (ItemNotFoundException e) {
            }
        }
        if (node.hasNode(ACCESS_LIST_NODE)) {
            return acl(node.getNode(ACCESS_LIST_NODE, true));
        }
        return null;
    }

    private JcrAccessControlList acl(AbstractJcrNode abstractJcrNode) throws RepositoryException {
        JcrAccessControlList jcrAccessControlList = new JcrAccessControlList(this, abstractJcrNode.getPath());
        NodeIterator nodesInternal = abstractJcrNode.getNodesInternal();
        while (nodesInternal.hasNext()) {
            Node nextNode = nodesInternal.nextNode();
            jcrAccessControlList.addAccessControlEntry(principal(nextNode.getProperty("name").getString()), privileges(nextNode.getProperty(PRIVILEGES).getValues()));
        }
        return jcrAccessControlList;
    }

    private String[] privileges(Privilege[] privilegeArr) {
        String[] strArr = new String[privilegeArr.length];
        for (int i = 0; i < privilegeArr.length; i++) {
            strArr[i] = privilegeArr[i].getName();
        }
        return strArr;
    }

    private Privilege[] privileges(Value[] valueArr) throws ValueFormatException, AccessControlException, RepositoryException {
        Privilege[] privilegeArr = new Privilege[valueArr.length];
        for (int i = 0; i < valueArr.length; i++) {
            privilegeArr[i] = privilegeFromName(valueArr[i].getString());
        }
        return privilegeArr;
    }

    private boolean found(Object obj) {
        return obj != null;
    }

    public boolean hasPermission(Path path, String... strArr) {
        Privilege[] privilegeArr = new Privilege[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            privilegeArr[i] = this.privileges.forAction(strArr[i]);
        }
        try {
            return hasPrivileges(path.toString(), privilegeArr);
        } catch (Exception e) {
            return true;
        }
    }

    private Principal principal(String str) {
        return SimplePrincipal.newInstance(str);
    }

    static {
        $assertionsDisabled = !AccessControlManagerImpl.class.desiredAssertionStatus();
    }
}
