package org.nuxeo.ecm.core.security;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.DocumentException;
import org.nuxeo.ecm.core.api.IdRef;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.core.api.PathRef;
import org.nuxeo.ecm.core.api.security.ACL;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.core.api.security.Access;
import org.nuxeo.ecm.core.api.security.PermissionProvider;
import org.nuxeo.ecm.core.api.security.PolicyService;
import org.nuxeo.ecm.core.api.security.SecuritySummaryEntry;
import org.nuxeo.ecm.core.api.security.impl.SecuritySummaryEntryImpl;
import org.nuxeo.ecm.core.model.Document;
import org.nuxeo.ecm.core.model.Session;
import org.nuxeo.runtime.api.Framework;
import org.nuxeo.runtime.model.ComponentContext;
import org.nuxeo.runtime.model.ComponentInstance;
import org.nuxeo.runtime.model.ComponentName;
import org.nuxeo.runtime.model.DefaultComponent;

/* loaded from: input_file:org/nuxeo/ecm/core/security/SecurityService.class */
public class SecurityService extends DefaultComponent {
    public static final String PERMISSIONS_EXTENSION_POINT = "permissions";
    private static final String PERMISSIONS_VISIBILITY_EXTENSION_POINT = "permissionsVisibility";
    private static final String POLICIES_EXTENSION_POINT = "policies";
    private PermissionProviderLocal permissionProvider;
    private SecurityPolicyService securityPolicyService;
    public static final ComponentName NAME = new ComponentName("org.nuxeo.ecm.core.security.SecurityService");
    private static final Log log = LogFactory.getLog(SecurityService.class);

    public void activate(ComponentContext componentContext) throws Exception {
        super.activate(componentContext);
        this.permissionProvider = new DefaultPermissionProvider();
        this.securityPolicyService = new SecurityPolicyServiceImpl();
    }

    public void deactivate(ComponentContext componentContext) throws Exception {
        super.deactivate(componentContext);
        this.permissionProvider = null;
        this.securityPolicyService = null;
    }

    public void registerContribution(Object obj, String str, ComponentInstance componentInstance) throws Exception {
        if (PERMISSIONS_EXTENSION_POINT.equals(str) && (obj instanceof PermissionDescriptor)) {
            this.permissionProvider.registerDescriptor((PermissionDescriptor) obj);
            return;
        }
        if (PERMISSIONS_VISIBILITY_EXTENSION_POINT.equals(str) && (obj instanceof PermissionVisibilityDescriptor)) {
            this.permissionProvider.registerDescriptor((PermissionVisibilityDescriptor) obj);
        } else if (POLICIES_EXTENSION_POINT.equals(str) && (obj instanceof SecurityPolicyDescriptor)) {
            this.securityPolicyService.registerDescriptor((SecurityPolicyDescriptor) obj);
        }
    }

    public void unregisterContribution(Object obj, String str, ComponentInstance componentInstance) throws Exception {
        if (PERMISSIONS_EXTENSION_POINT.equals(str) && (obj instanceof PermissionDescriptor)) {
            this.permissionProvider.unregisterDescriptor((PermissionDescriptor) obj);
            return;
        }
        if (PERMISSIONS_VISIBILITY_EXTENSION_POINT.equals(str) && (obj instanceof PermissionVisibilityDescriptor)) {
            this.permissionProvider.unregisterDescriptor((PermissionVisibilityDescriptor) obj);
        } else if (POLICIES_EXTENSION_POINT.equals(str) && (obj instanceof SecurityPolicyDescriptor)) {
            this.securityPolicyService.unregisterDescriptor((SecurityPolicyDescriptor) obj);
        }
    }

    public PermissionProvider getPermissionProvider() {
        return this.permissionProvider;
    }

    public void invalidateCache(Session session, String str) {
        session.getRepository().getSecurityManager().invalidateCache(session);
    }

    public boolean checkPermission(Document document, Principal principal, String str) throws SecurityException {
        CorePolicyService corePolicyService;
        if (principal.getName().equals("system")) {
            return true;
        }
        PolicyService policyService = (PolicyService) Framework.getLocalService(PolicyService.class);
        if (policyService != null && (corePolicyService = (CorePolicyService) policyService.getCorePolicy()) != null && (principal instanceof NuxeoPrincipal) && !corePolicyService.checkPolicy(document, (NuxeoPrincipal) principal, str)) {
            return false;
        }
        SecurityManager securityManager = document.getSession().getRepository().getSecurityManager();
        String[] permissionsToCheck = getPermissionsToCheck(str);
        String[] principalsToCheck = getPrincipalsToCheck(principal);
        ACP mergedACP = securityManager.getMergedACP(document);
        Access checkPermission = this.securityPolicyService.checkPermission(document, mergedACP, principal, str, permissionsToCheck, principalsToCheck);
        if (checkPermission != null && !Access.UNKNOWN.equals(checkPermission)) {
            return checkPermission.toBoolean();
        }
        if (mergedACP == null) {
            return false;
        }
        return mergedACP.getAccess(principalsToCheck, permissionsToCheck).toBoolean();
    }

    public String[] getPermissionsToCheck(String str) {
        String[] permissionGroups = this.permissionProvider.getPermissionGroups(str);
        if (permissionGroups == null) {
            return new String[]{str};
        }
        String[] strArr = new String[permissionGroups.length + 1];
        strArr[0] = str;
        System.arraycopy(permissionGroups, 0, strArr, 1, permissionGroups.length);
        return strArr;
    }

    protected String[] getPrincipalsToCheck(Principal principal) {
        List list = null;
        if (principal instanceof NuxeoPrincipal) {
            list = ((NuxeoPrincipal) principal).getAllGroups();
        }
        if (list == null) {
            return new String[]{principal.getName()};
        }
        String[] strArr = (String[]) list.toArray(new String[list.size()]);
        String[] strArr2 = new String[strArr.length + 1];
        strArr2[0] = principal.getName();
        System.arraycopy(strArr, 0, strArr2, 1, strArr.length);
        return strArr2;
    }

    @Deprecated
    public boolean checkPermissionOld(Document document, Principal principal, String str) throws SecurityException {
        List allGroups;
        String name = principal.getName();
        if (name.equals("system")) {
            return true;
        }
        try {
            String lock = document.getLock();
            if (lock != null && !lock.startsWith(name + ':')) {
                if (str.equals("Write")) {
                    return false;
                }
            }
        } catch (Exception e) {
            log.debug("Failed to get lock status on document ", e);
        }
        SecurityManager securityManager = document.getSession().getRepository().getSecurityManager();
        Access checkPermissionForUser = checkPermissionForUser(securityManager, document, name, str);
        if (checkPermissionForUser == Access.UNKNOWN && (principal instanceof NuxeoPrincipal) && (allGroups = ((NuxeoPrincipal) principal).getAllGroups()) != null && !allGroups.isEmpty()) {
            Iterator it = allGroups.iterator();
            while (it.hasNext()) {
                checkPermissionForUser = checkPermissionForUser(securityManager, document, (String) it.next(), str);
                if (checkPermissionForUser != Access.UNKNOWN) {
                    break;
                }
            }
        }
        return checkPermissionForUser.toBoolean();
    }

    @Deprecated
    private Access checkPermissionForUser(SecurityManager securityManager, Document document, String str, String str2) throws SecurityException {
        Access access = securityManager.getAccess(document, str, str2);
        if (access != Access.UNKNOWN) {
            return access;
        }
        String[] permissionGroups = this.permissionProvider.getPermissionGroups(str2);
        if (permissionGroups != null) {
            for (String str3 : permissionGroups) {
                Access access2 = securityManager.getAccess(document, str, str3);
                if (access2 != Access.UNKNOWN) {
                    return access2;
                }
            }
        }
        return Access.UNKNOWN;
    }

    public List<SecuritySummaryEntry> getSecuritySummary(Document document, Boolean bool) {
        ArrayList arrayList = new ArrayList();
        if (document == null) {
            return arrayList;
        }
        addChildrenToSecuritySummary(document, arrayList);
        if (bool.booleanValue()) {
            addParentsToSecurirySummary(document, arrayList);
        }
        return arrayList;
    }

    private SecuritySummaryEntry createSecuritySummaryEntry(Document document) throws DocumentException {
        return new SecuritySummaryEntryImpl(new IdRef(document.getUUID()), new PathRef(document.getPath()), document.getSession().getSecurityManager().getACP(document));
    }

    private void addParentsToSecurirySummary(Document document, List<SecuritySummaryEntry> list) {
        ACL[] aCLs;
        try {
            Document parent = document.getParent();
            if (parent == null) {
                return;
            }
            try {
                SecuritySummaryEntry createSecuritySummaryEntry = createSecuritySummaryEntry(parent);
                ACP acp = createSecuritySummaryEntry.getAcp();
                if (acp != null && (aCLs = acp.getACLs()) != null && aCLs.length > 0) {
                    list.add(0, createSecuritySummaryEntry);
                }
                addParentsToSecurirySummary(parent, list);
            } catch (DocumentException e) {
            }
        } catch (DocumentException e2) {
        }
    }

    private void addChildrenToSecuritySummary(Document document, List<SecuritySummaryEntry> list) {
        try {
            SecuritySummaryEntry createSecuritySummaryEntry = createSecuritySummaryEntry(document);
            ACP acp = createSecuritySummaryEntry.getAcp();
            if (acp != null && acp.getACLs() != null && acp.getACLs().length > 0) {
                list.add(createSecuritySummaryEntry);
            }
            try {
                Iterator<Document> children = document.getChildren();
                while (children.hasNext()) {
                    addChildrenToSecuritySummary(children.next(), list);
                }
            } catch (DocumentException e) {
            }
        } catch (DocumentException e2) {
        }
    }

    public <T> T getAdapter(Class<T> cls) {
        return cls.isAssignableFrom(PermissionProvider.class) ? (T) this.permissionProvider : cls.isAssignableFrom(SecurityPolicyService.class) ? (T) this.securityPolicyService : cls.cast(this);
    }
}
