package org.nuxeo.ecm.core.security;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.core.api.security.Access;
import org.nuxeo.ecm.core.model.Document;
import org.nuxeo.ecm.core.query.sql.model.SQLQuery;

/* loaded from: input_file:org/nuxeo/ecm/core/security/SecurityPolicyServiceImpl.class */
public class SecurityPolicyServiceImpl implements SecurityPolicyService {
    private static final long serialVersionUID = 482814921906794786L;
    private static final Log log = LogFactory.getLog(SecurityPolicyServiceImpl.class);
    private final Map<String, SecurityPolicyDescriptor> policyDescriptors = new Hashtable();
    private List<SecurityPolicy> policies;

    private void computePolicies() {
        this.policies = new ArrayList();
        ArrayList<SecurityPolicyDescriptor> arrayList = new ArrayList();
        for (SecurityPolicyDescriptor securityPolicyDescriptor : this.policyDescriptors.values()) {
            if (securityPolicyDescriptor.isEnabled()) {
                arrayList.add(securityPolicyDescriptor);
            }
        }
        Collections.sort(arrayList);
        ArrayList arrayList2 = new ArrayList();
        for (SecurityPolicyDescriptor securityPolicyDescriptor2 : arrayList) {
            if (securityPolicyDescriptor2.isEnabled()) {
                try {
                    Object newInstance = securityPolicyDescriptor2.getPolicy().newInstance();
                    if (newInstance instanceof SecurityPolicy) {
                        this.policies.add((SecurityPolicy) newInstance);
                        arrayList2.add(securityPolicyDescriptor2.getName());
                    } else {
                        log.error(String.format("Invalid contribution to security policy service %s: must implement SecurityPolicy interface", securityPolicyDescriptor2.getName()));
                    }
                } catch (Exception e) {
                    log.error(e);
                }
            }
        }
        log.debug("Ordered security policies: " + arrayList2.toString());
    }

    private List<SecurityPolicy> getPolicies() {
        if (this.policies == null) {
            computePolicies();
        }
        return this.policies;
    }

    private void resetPolicies() {
        this.policies = null;
    }

    @Override // org.nuxeo.ecm.core.security.SecurityPolicyService
    public boolean arePoliciesRestrictingPermission(String str) {
        Iterator<SecurityPolicy> it = getPolicies().iterator();
        while (it.hasNext()) {
            if (it.next().isRestrictingPermission(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.nuxeo.ecm.core.security.SecurityPolicyService
    public boolean arePoliciesExpressibleInQuery() {
        Iterator<SecurityPolicy> it = getPolicies().iterator();
        while (it.hasNext()) {
            if (!it.next().isExpressibleInQuery()) {
                return false;
            }
        }
        return true;
    }

    @Override // org.nuxeo.ecm.core.security.SecurityPolicyService
    public Collection<SQLQuery.Transformer> getPoliciesQueryTransformers() {
        LinkedList linkedList = new LinkedList();
        for (SecurityPolicy securityPolicy : getPolicies()) {
            if (securityPolicy.isExpressibleInQuery()) {
                linkedList.add(securityPolicy.getQueryTransformer());
            }
        }
        return linkedList;
    }

    @Override // org.nuxeo.ecm.core.security.SecurityPolicyService
    public void registerDescriptor(SecurityPolicyDescriptor securityPolicyDescriptor) throws Exception {
        String name = securityPolicyDescriptor.getName();
        if (this.policyDescriptors.containsKey(name)) {
            log.info("Overriding security policy " + name);
        }
        this.policyDescriptors.put(name, securityPolicyDescriptor);
        resetPolicies();
    }

    @Override // org.nuxeo.ecm.core.security.SecurityPolicyService
    public void unregisterDescriptor(SecurityPolicyDescriptor securityPolicyDescriptor) throws Exception {
        String name = securityPolicyDescriptor.getName();
        if (this.policyDescriptors.containsKey(name)) {
            this.policyDescriptors.remove(name);
            resetPolicies();
        }
    }

    @Override // org.nuxeo.ecm.core.security.SecurityPolicyService
    public Access checkPermission(Document document, ACP acp, Principal principal, String str, String[] strArr, String[] strArr2) throws SecurityException {
        Access access = Access.UNKNOWN;
        Iterator<SecurityPolicy> it = getPolicies().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Access checkPermission = it.next().checkPermission(document, acp, principal, str, strArr, strArr2);
            if (checkPermission != null && !Access.UNKNOWN.equals(checkPermission)) {
                access = checkPermission;
                break;
            }
        }
        return access;
    }
}
