package org.nuxeo.ecm.core.api.security.impl;

import java.io.IOException;
import java.io.ObjectInputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.nuxeo.ecm.core.api.security.ACE;
import org.nuxeo.ecm.core.api.security.ACL;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.core.api.security.Access;
import org.nuxeo.ecm.core.api.security.SecurityConstants;
import org.nuxeo.ecm.core.api.security.UserAccess;
import org.nuxeo.ecm.core.api.security.UserEntry;

/* loaded from: input_file:org/nuxeo/ecm/core/api/security/impl/ACPImpl.class */
public class ACPImpl implements ACP {
    private static final long serialVersionUID = -2640696060701197284L;
    private final ArrayList<String> owners = new ArrayList<>();
    private final List<ACL> acls = new ArrayList();
    private transient Map<String, Access> cache = new HashMap();
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public String[] getOwners() {
        return (String[]) this.owners.toArray(new String[this.owners.size()]);
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public boolean isOwner(String str) {
        return this.owners.contains(str);
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public void addOwner(String str) {
        this.owners.add(str);
        this.cache.clear();
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public void removeOwner(String str) {
        this.owners.remove(str);
        this.cache.clear();
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public void setOwners(String[] strArr) {
        this.owners.clear();
        this.owners.addAll(Arrays.asList(strArr));
        this.cache.clear();
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public void addACL(ACL acl) {
        if (!$assertionsDisabled && acl == null) {
            throw new AssertionError();
        }
        ACL acl2 = getACL(acl.getName());
        if (!acl.equals(acl2)) {
            if (acl2 != null) {
                acl2.clear();
                acl2.addAll(acl);
            } else {
                this.acls.add(acl);
            }
        }
        this.cache.clear();
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public void addACL(int i, ACL acl) {
        this.acls.add(i, acl);
        this.cache.clear();
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public void addACL(String str, ACL acl) {
        if (str == null) {
            addACL(0, acl);
            return;
        }
        int size = this.acls.size();
        int i = 0;
        while (i < size && !this.acls.get(i).getName().equals(str)) {
            i++;
        }
        addACL(i + 1, acl);
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public ACL getACL(String str) {
        if (str == null) {
            str = ACL.LOCAL_ACL;
        }
        int size = this.acls.size();
        for (int i = 0; i < size; i++) {
            ACL acl = this.acls.get(i);
            if (acl.getName().equals(str)) {
                return acl;
            }
        }
        return null;
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public ACL[] getACLs() {
        return (ACL[]) this.acls.toArray(new ACL[this.acls.size()]);
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public ACL getMergedACLs(String str) {
        ACLImpl aCLImpl = new ACLImpl(str, true);
        Iterator<ACL> it = this.acls.iterator();
        while (it.hasNext()) {
            aCLImpl.addAll(it.next());
        }
        return aCLImpl;
    }

    public static ACL newACL(String str) {
        return new ACLImpl(str);
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public ACL removeACL(String str) {
        int size = this.acls.size();
        for (int i = 0; i < size; i++) {
            if (this.acls.get(i).getName().equals(str)) {
                this.cache.clear();
                return this.acls.remove(i);
            }
        }
        return null;
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public Access getAccess(String str, String str2) {
        String str3 = str + ':' + str2;
        Access access = this.cache.get(str3);
        if (access == null) {
            access = Access.UNKNOWN;
            Iterator<ACL> it = this.acls.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                for (ACE ace : it.next()) {
                    if (permissionsMatch(ace, str2) && principalsMatch(ace, str)) {
                        access = ace.isGranted() ? Access.GRANT : Access.DENY;
                    }
                }
            }
            this.cache.put(str3, access);
        }
        return access;
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public Access getAccess(String[] strArr, String[] strArr2) {
        Iterator<ACL> it = this.acls.iterator();
        while (it.hasNext()) {
            Iterator<ACE> it2 = it.next().iterator();
            while (it2.hasNext()) {
                Access access = getAccess(it2.next(), strArr, strArr2);
                if (access != Access.UNKNOWN) {
                    return access;
                }
            }
        }
        return Access.UNKNOWN;
    }

    public static Access getAccess(ACE ace, String[] strArr, String[] strArr2) {
        String permission = ace.getPermission();
        String username = ace.getUsername();
        for (String str : strArr) {
            if (principalsMatch(username, str)) {
                for (String str2 : strArr2) {
                    if (permissionsMatch(permission, str2)) {
                        return ace.isGranted() ? Access.GRANT : Access.DENY;
                    }
                }
            }
        }
        return Access.UNKNOWN;
    }

    private static boolean permissionsMatch(ACE ace, String str) {
        String permission = ace.getPermission();
        if (str.equals(SecurityConstants.RESTRICTED_READ) || !permission.equals(SecurityConstants.EVERYTHING)) {
            return permission.equals(str);
        }
        return true;
    }

    private static boolean permissionsMatch(String str, String str2) {
        if (!str.equals(SecurityConstants.EVERYTHING) || str2.equals(SecurityConstants.RESTRICTED_READ)) {
            return str.equals(str2);
        }
        return true;
    }

    private static boolean principalsMatch(ACE ace, String str) {
        String username = ace.getUsername();
        if (username.equals(SecurityConstants.EVERYONE)) {
            return true;
        }
        return username.equals(str);
    }

    private static boolean principalsMatch(String str, String str2) {
        if (str.equals(SecurityConstants.EVERYONE)) {
            return true;
        }
        return str.equals(str2);
    }

    public void addAccessRule(String str, ACE ace) {
        ACL acl = getACL(str);
        if (acl == null) {
            acl = new ACLImpl(str);
            addACL(acl);
        }
        acl.add(ace);
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public ACL getOrCreateACL(String str) {
        ACL acl = getACL(str);
        if (acl == null) {
            acl = new ACLImpl(str);
            addACL(acl);
        }
        return acl;
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public ACL getOrCreateACL() {
        return getOrCreateACL(ACL.LOCAL_ACL);
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public void setRules(String str, UserEntry[] userEntryArr) {
        setRules(str, userEntryArr, true);
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public void setRules(String str, UserEntry[] userEntryArr, boolean z) {
        ACL acl = getACL(str);
        if (acl == null) {
            acl = new ACLImpl(str);
            addACL(acl);
        } else if (z) {
            acl.clear();
        }
        for (UserEntry userEntry : userEntryArr) {
            for (String str2 : userEntry.getPermissions()) {
                UserAccess access = userEntry.getAccess(str2);
                if (!access.isReadOnly()) {
                    acl.add(new ACE(userEntry.getUserName(), str2, access.isGranted()));
                }
            }
        }
        this.cache.clear();
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public void setRules(UserEntry[] userEntryArr) {
        setRules(ACL.LOCAL_ACL, userEntryArr);
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public void setRules(UserEntry[] userEntryArr, boolean z) {
        setRules(ACL.LOCAL_ACL, userEntryArr, z);
    }

    private void readObject(ObjectInputStream objectInputStream) throws ClassNotFoundException, IOException {
        objectInputStream.defaultReadObject();
        this.cache = new HashMap();
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public String[] listUsernamesForPermission(String str) {
        ArrayList arrayList = new ArrayList();
        for (ACE ace : getMergedACLs("merged").getACEs()) {
            if (ace.getPermission().equals(str) && ace.isGranted() && !arrayList.contains(ace.getUsername())) {
                arrayList.add(ace.getUsername());
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public String[] listUsernamesForAnyPermission(Set<String> set) {
        ArrayList arrayList = new ArrayList();
        for (ACE ace : getMergedACLs("merged").getACEs()) {
            if (set.contains(ace.getPermission()) && ace.isGranted()) {
                String username = ace.getUsername();
                if (!arrayList.contains(username)) {
                    arrayList.add(username);
                }
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    @Override // org.nuxeo.ecm.core.api.security.ACP
    public Object clone() {
        ACPImpl aCPImpl = new ACPImpl();
        Iterator<ACL> it = this.acls.iterator();
        while (it.hasNext()) {
            aCPImpl.acls.add((ACL) it.next().clone());
        }
        aCPImpl.owners.addAll((ArrayList) this.owners.clone());
        return aCPImpl;
    }

    static {
        $assertionsDisabled = !ACPImpl.class.desiredAssertionStatus();
    }
}
