package org.drools.repository.security;

import java.util.ArrayList;
import javax.jcr.ItemNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.jackrabbit.core.ItemId;
import org.apache.jackrabbit.core.NodeId;
import org.apache.jackrabbit.uuid.UUID;
import org.apache.log4j.Logger;
import org.jboss.security.acl.ACLEntryImpl;
import org.jboss.security.acl.ACLPersistenceStrategy;
import org.jboss.security.acl.ACLProvider;
import org.jboss.security.acl.ACLProviderImpl;
import org.jboss.security.acl.BasicACLPermission;
import org.jboss.security.acl.BitMaskPermission;
import org.jboss.security.acl.CompositeACLPermission;
import org.jboss.security.acl.JPAPersistenceStrategy;
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.identity.Identity;

/* loaded from: input_file:WEB-INF/lib/drools-repository-5.0.0.M5.jar:org/drools/repository/security/DroolsRepositoryACLManager.class */
public class DroolsRepositoryACLManager {
    private Identity identity;
    private ACLPersistenceStrategy strategy = new JPAPersistenceStrategy();
    private DroolsACLRegistration registration = new DroolsACLRegistration(this.strategy);
    private ACLProvider provider = new ACLProviderImpl();
    private static Logger log = Logger.getLogger(DroolsRepositoryAccessManager.class);

    public DroolsRepositoryACLManager(Identity identity) {
        this.provider.setPersistenceStrategy(this.strategy);
        this.identity = identity;
        log.debug("ACL manager for user:" + identity.getName());
    }

    public void setPermission(String str, int i) {
        UUIDResource uUIDResource = new UUIDResource(str);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new ACLEntryImpl(toSecurityByteMaskPermission(i), this.identity));
        this.registration.registerACL(uUIDResource, arrayList);
    }

    public void removePermission(UUID uuid) {
        this.strategy.removeACL(this.strategy.getACL(new UUIDResource(uuid.toString())));
    }

    public boolean checkPermission(ItemId itemId, int i) throws AuthorizationException, ItemNotFoundException, RepositoryException {
        Session session = DroolsRepositoryAccessManager.adminThreadlocal.get();
        UUID nodeUUIDFromItemId = getNodeUUIDFromItemId(itemId);
        if (session == null || nodeUUIDFromItemId == null) {
            return true;
        }
        return this.provider.isAccessGranted(new UUIDResource(nodeUUIDFromItemId.toString()), this.identity, toSecurityByteMaskPermission(i));
    }

    private UUID getNodeUUIDFromItemId(ItemId itemId) {
        if (itemId.denotesNode()) {
            return ((NodeId) itemId).getUUID();
        }
        return null;
    }

    private BitMaskPermission toSecurityByteMaskPermission(int i) {
        switch (i) {
            case 1:
                return BasicACLPermission.READ;
            case 2:
                return new CompositeACLPermission(BasicACLPermission.UPDATE, BasicACLPermission.CREATE);
            case 3:
            default:
                return new CompositeACLPermission(i);
            case 4:
                return BasicACLPermission.DELETE;
        }
    }
}
