package org.jahia.services.content;

import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import org.apache.commons.lang.StringUtils;
import org.jahia.services.categories.Category;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jahia/services/content/RBACUtils.class */
public final class RBACUtils {
    private static final Logger logger = LoggerFactory.getLogger(RBACUtils.class);

    public static JCRNodeWrapper getOrCreatePermission(String str, JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
        JCRNodeWrapper orCreatePermission;
        JCRNodeWrapper mo214getNode;
        if (str == null || !str.startsWith("/permissions/")) {
            throw new IllegalArgumentException("Illegal value for the permission path: " + str);
        }
        String substringBeforeLast = StringUtils.substringBeforeLast(str, Category.PATH_DELIMITER);
        String substringAfterLast = StringUtils.substringAfterLast(str, Category.PATH_DELIMITER);
        try {
            orCreatePermission = jCRSessionWrapper.m253getNode(substringBeforeLast);
        } catch (PathNotFoundException e) {
            orCreatePermission = getOrCreatePermission(substringBeforeLast, jCRSessionWrapper);
        }
        if (orCreatePermission.hasNode(substringAfterLast)) {
            mo214getNode = orCreatePermission.mo214getNode(substringAfterLast);
        } else {
            jCRSessionWrapper.checkout(orCreatePermission);
            mo214getNode = orCreatePermission.mo231addNode(substringAfterLast, "jnt:permission");
            logger.info("Added permission node {}", mo214getNode.getPath());
        }
        return mo214getNode;
    }

    public static JCRNodeWrapper getOrCreateRole(String str, JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
        JCRNodeWrapper mo214getNode;
        if (str == null || !str.startsWith("/roles/")) {
            throw new IllegalArgumentException("Illegal value for the role path: " + str);
        }
        String substringAfterLast = StringUtils.substringAfterLast(str, Category.PATH_DELIMITER);
        JCRNodeWrapper m253getNode = jCRSessionWrapper.m253getNode(StringUtils.substringBeforeLast(str, Category.PATH_DELIMITER));
        if (m253getNode.hasNode(substringAfterLast)) {
            mo214getNode = m253getNode.mo214getNode(substringAfterLast);
        } else {
            jCRSessionWrapper.checkout(m253getNode);
            mo214getNode = m253getNode.mo231addNode(substringAfterLast, "jnt:role");
            logger.info("Added role node {}", mo214getNode.getPath());
        }
        return mo214getNode;
    }

    public static boolean grantPermissionToRole(String str, String str2, JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
        if (str == null || !str.startsWith("/permissions/")) {
            throw new IllegalArgumentException("Illegal value for the permission path: " + str);
        }
        if (str2 == null || str2.length() == 0) {
            throw new IllegalArgumentException("Illegal value for the role: " + str2);
        }
        boolean z = true;
        JCRNodeWrapper m253getNode = jCRSessionWrapper.m253getNode(str);
        String identifier = m253getNode.getIdentifier();
        JCRNodeWrapper jCRNodeWrapper = null;
        if (str2.contains(Category.PATH_DELIMITER)) {
            jCRNodeWrapper = jCRSessionWrapper.m253getNode(str2);
        } else {
            JCRNodeIteratorWrapper mo474getNodes = jCRSessionWrapper.m258getWorkspace().m267getQueryManager().mo281createQuery("select * from [jnt:role] as r where localname()='" + JCRContentUtils.sqlEncode(str2) + "' and isdescendantnode(r,['/roles'])", "JCR-SQL2").m479execute().mo474getNodes();
            if (mo474getNodes.hasNext()) {
                jCRNodeWrapper = (JCRNodeWrapper) mo474getNodes.nextNode();
            }
        }
        if (jCRNodeWrapper == null) {
            throw new RepositoryException("Failed to get role: " + str2);
        }
        if (jCRNodeWrapper.hasProperty("j:permissions")) {
            JCRValueWrapper[] mo239getValues = jCRNodeWrapper.mo210getProperty("j:permissions").mo239getValues();
            boolean z2 = false;
            int length = mo239getValues.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (identifier.equals(mo239getValues[i].getString())) {
                    z2 = true;
                    break;
                }
                i++;
            }
            if (z2) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Role {} already has permission {} granted", jCRNodeWrapper.getPath(), m253getNode.getPath());
                }
                z = false;
            } else {
                Value[] valueArr = new Value[mo239getValues.length + 1];
                System.arraycopy(mo239getValues, 0, valueArr, 0, mo239getValues.length);
                valueArr[mo239getValues.length] = jCRSessionWrapper.getValueFactory().createValue(m253getNode, true);
                jCRNodeWrapper.mo228setProperty("j:permissions", valueArr);
                logger.info("Granted permission {} to role {}", m253getNode.getPath(), jCRNodeWrapper.getPath());
            }
        } else {
            jCRNodeWrapper.mo228setProperty("j:permissions", new Value[]{jCRSessionWrapper.getValueFactory().createValue(m253getNode, true)});
            logger.info("Granted permission {} to role {}", m253getNode.getPath(), jCRNodeWrapper.getPath());
        }
        return z;
    }

    public static boolean hasPermission(String str, String str2, JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
        JCRValueWrapper[] mo239getValues;
        if (str2 == null || !str2.startsWith("/permissions/")) {
            throw new IllegalArgumentException("Illegal value for the permission path: " + str2);
        }
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Illegal value for the role: " + str);
        }
        String identifier = jCRSessionWrapper.m253getNode(str2).getIdentifier();
        JCRNodeWrapper jCRNodeWrapper = null;
        if (str.contains(Category.PATH_DELIMITER)) {
            jCRNodeWrapper = jCRSessionWrapper.m253getNode(str);
        } else {
            JCRNodeIteratorWrapper mo474getNodes = jCRSessionWrapper.m258getWorkspace().m267getQueryManager().mo281createQuery("select * from [jnt:role] as r where localname()='" + JCRContentUtils.sqlEncode(str) + "' and isdescendantnode(r,['/roles'])", "JCR-SQL2").m479execute().mo474getNodes();
            if (mo474getNodes.hasNext()) {
                jCRNodeWrapper = (JCRNodeWrapper) mo474getNodes.nextNode();
            }
        }
        if (jCRNodeWrapper == null) {
            throw new RepositoryException("Failed to get role: " + str);
        }
        if (!jCRNodeWrapper.hasProperty("j:permissions") || (mo239getValues = jCRNodeWrapper.mo210getProperty("j:permissions").mo239getValues()) == null || mo239getValues.length == 0) {
            return false;
        }
        boolean z = false;
        int length = mo239getValues.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (StringUtils.equals(identifier, mo239getValues[i].getString())) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    public static boolean revokePermissionFromRole(String str, String str2, JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
        JCRValueWrapper[] mo239getValues;
        if (str == null || !str.startsWith("/permissions/")) {
            throw new IllegalArgumentException("Illegal value for the permission path: " + str);
        }
        if (str2 == null || str2.length() == 0) {
            throw new IllegalArgumentException("Illegal value for the role: " + str2);
        }
        boolean z = false;
        JCRNodeWrapper m253getNode = jCRSessionWrapper.m253getNode(str);
        String identifier = m253getNode.getIdentifier();
        JCRNodeWrapper jCRNodeWrapper = null;
        if (str2.contains(Category.PATH_DELIMITER)) {
            jCRNodeWrapper = jCRSessionWrapper.m253getNode(str2);
        } else {
            JCRNodeIteratorWrapper mo474getNodes = jCRSessionWrapper.m258getWorkspace().m267getQueryManager().mo281createQuery("select * from [jnt:role] as r where localname()='" + JCRContentUtils.sqlEncode(str2) + "' and isdescendantnode(r,['/roles'])", "JCR-SQL2").m479execute().mo474getNodes();
            if (mo474getNodes.hasNext()) {
                jCRNodeWrapper = (JCRNodeWrapper) mo474getNodes.nextNode();
            }
        }
        if (jCRNodeWrapper == null) {
            throw new RepositoryException("Failed to get role: " + str2);
        }
        if (!jCRNodeWrapper.hasProperty("j:permissions") || (mo239getValues = jCRNodeWrapper.mo210getProperty("j:permissions").mo239getValues()) == null || mo239getValues.length == 0) {
            return false;
        }
        LinkedList linkedList = new LinkedList();
        Collections.addAll(linkedList, mo239getValues);
        boolean z2 = false;
        Iterator it = linkedList.iterator();
        while (it.hasNext()) {
            if (StringUtils.equals(identifier, ((Value) it.next()).getString())) {
                z2 = true;
                it.remove();
            }
        }
        if (z2) {
            z = true;
            if (linkedList.isEmpty()) {
                jCRNodeWrapper.mo228setProperty("j:permissions", (Value[]) null);
            } else {
                jCRNodeWrapper.mo228setProperty("j:permissions", (Value[]) linkedList.toArray(new Value[0]));
            }
            logger.info("Revoked permission {} from role {}", m253getNode.getPath(), jCRNodeWrapper.getPath());
        }
        return z;
    }

    private RBACUtils() {
    }
}
