package org.jahia.modules.external;

import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.jcr.AccessDeniedException;
import javax.jcr.NamespaceRegistry;
import javax.jcr.Node;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.lock.LockException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import javax.jcr.version.VersionException;
import org.apache.commons.collections.map.LRUMap;
import org.apache.commons.lang.StringUtils;
import org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
import org.apache.jackrabbit.core.security.JahiaPrivilegeRegistry;
import org.jahia.exceptions.JahiaRuntimeException;
import org.jahia.jaas.JahiaPrincipal;
import org.jahia.modules.external.ExternalDataSource;
import org.jahia.services.content.JCRNodeWrapper;
import org.jahia.services.content.JCRSessionFactory;
import org.jahia.services.content.JCRSessionWrapper;
import org.jahia.settings.SettingsBean;
import org.jahia.utils.security.AccessManagerUtils;

/* loaded from: input_file:org/jahia/modules/external/ExternalAccessControlManager.class */
public class ExternalAccessControlManager implements AccessControlManager {
    private static final AccessControlPolicy[] POLICIES = new AccessControlPolicy[0];
    private Map<String, Boolean> pathPermissionCache;
    private Map<Object, AccessManagerUtils.CompiledAcl> compiledAcls = new HashMap();
    private JahiaPrivilegeRegistry registry;
    private final ExternalSessionImpl session;
    private final String workspaceName;
    private final JahiaPrincipal jahiaPrincipal;
    private final boolean aclReadOnly;
    private final boolean writable;
    private final Privilege modifyAccessControlPrivilege;
    private final Privilege writePrivilege;

    public ExternalAccessControlManager(NamespaceRegistry namespaceRegistry, ExternalSessionImpl externalSessionImpl, ExternalDataSource externalDataSource) {
        this.pathPermissionCache = null;
        this.session = externalSessionImpl;
        this.workspaceName = externalSessionImpl.getWorkspace().getName();
        this.aclReadOnly = externalDataSource instanceof ExternalDataSource.AccessControllable;
        this.writable = externalDataSource instanceof ExternalDataSource.Writable;
        this.pathPermissionCache = Collections.synchronizedMap(new LRUMap(SettingsBean.getInstance().getAccessManagerPathPermissionCacheMaxSize()));
        this.jahiaPrincipal = new JahiaPrincipal(externalSessionImpl.getUserID(), externalSessionImpl.getRealm(), externalSessionImpl.getUserID().startsWith(" system "), " guest ".equals(externalSessionImpl.getUserID()));
        try {
            this.registry = new JahiaPrivilegeRegistry(namespaceRegistry);
            this.modifyAccessControlPrivilege = this.registry.getPrivilege("jcr:modifyAccessControl", this.workspaceName);
            this.writePrivilege = this.registry.getPrivilege("jcr:write", this.workspaceName);
        } catch (RepositoryException e) {
            throw new JahiaRuntimeException(e);
        }
    }

    public AccessControlPolicyIterator getApplicablePolicies(String str) throws PathNotFoundException, AccessDeniedException, RepositoryException {
        return AccessControlPolicyIteratorAdapter.EMPTY;
    }

    public AccessControlPolicy[] getEffectivePolicies(String str) throws PathNotFoundException, AccessDeniedException, RepositoryException {
        return POLICIES;
    }

    public AccessControlPolicy[] getPolicies(String str) throws PathNotFoundException, AccessDeniedException, RepositoryException {
        return POLICIES;
    }

    public Privilege[] getSupportedPrivileges(String str) throws PathNotFoundException, RepositoryException {
        return JahiaPrivilegeRegistry.getRegisteredPrivileges();
    }

    public Privilege[] getPrivileges(String str) throws PathNotFoundException, RepositoryException {
        JCRNodeWrapper node = JCRSessionFactory.getInstance().getCurrentSystemSession(this.workspaceName, (Locale) null, (Locale) null).getNode(this.session.m11getRepository().getStoreProvider().getMountPoint() + str);
        Privilege[] privileges = AccessManagerUtils.getPrivileges(node, this.jahiaPrincipal, this.registry);
        List<Privilege> privilegesToFilter = getPrivilegesToFilter(node.getRealNode());
        return privilegesToFilter.size() > 0 ? filterPrivileges(privileges, privilegesToFilter) : privileges;
    }

    public boolean hasPrivileges(String str, Privilege[] privilegeArr) throws PathNotFoundException, RepositoryException {
        if (privilegeArr == null || privilegeArr.length == 0) {
            return true;
        }
        HashSet hashSet = new HashSet();
        for (Privilege privilege : privilegeArr) {
            hashSet.add(privilege.getName());
        }
        String mountPoint = this.session.m11getRepository().getStoreProvider().getMountPoint();
        JCRSessionWrapper currentSystemSession = JCRSessionFactory.getInstance().getCurrentSystemSession(this.session.getWorkspace().getName(), (Locale) null, (Locale) null);
        return AccessManagerUtils.isGranted(new ExternalPathWrapperImpl(StringUtils.equals(str, "/") ? mountPoint : mountPoint + str, currentSystemSession), hashSet, currentSystemSession, this.jahiaPrincipal, this.workspaceName, false, this.pathPermissionCache, this.compiledAcls, this.registry);
    }

    public Privilege privilegeFromName(String str) throws AccessControlException, RepositoryException {
        try {
            return this.registry.getPrivilege(str, (String) null);
        } catch (AccessControlException e) {
            if (e.getMessage() == null || !e.getMessage().startsWith("Unknown privilege {http://www.jcp.org/jcr/1.0}")) {
                throw e;
            }
            return this.registry.getPrivilege(str, "default");
        }
    }

    public void removePolicy(String str, AccessControlPolicy accessControlPolicy) throws PathNotFoundException, AccessControlException, AccessDeniedException, LockException, VersionException, RepositoryException {
    }

    public void setPolicy(String str, AccessControlPolicy accessControlPolicy) throws PathNotFoundException, AccessControlException, AccessDeniedException, LockException, VersionException, RepositoryException {
    }

    public void checkRead(String str) throws RepositoryException {
        if (!hasPrivileges(str, new Privilege[]{this.registry.getPrivilege("{http://www.jcp.org/jcr/1.0}read_" + this.session.getWorkspace().getName(), (String) null)})) {
            throw new PathNotFoundException(str);
        }
    }

    public void checkModify(String str) throws RepositoryException {
        if (!hasPrivileges(str, new Privilege[]{this.registry.getPrivilege("{http://www.jcp.org/jcr/1.0}modifyProperties_" + this.session.getWorkspace().getName(), (String) null)})) {
            throw new AccessDeniedException(str);
        }
    }

    public void checkAddChildNodes(String str) throws RepositoryException {
        if (!hasPrivileges(str, new Privilege[]{this.registry.getPrivilege("{http://www.jcp.org/jcr/1.0}addChildNodes_" + this.session.getWorkspace().getName(), (String) null)})) {
            throw new AccessDeniedException(str);
        }
    }

    public void checkRemoveNode(String str) throws RepositoryException {
        if (!hasPrivileges(str, new Privilege[]{this.registry.getPrivilege("{http://www.jcp.org/jcr/1.0}removeNode_" + this.session.getWorkspace().getName(), (String) null)})) {
            throw new AccessDeniedException(str);
        }
    }

    public boolean canManageNodeTypes(String str) throws RepositoryException {
        return hasPrivileges(str, new Privilege[]{this.registry.getPrivilege("{http://www.jcp.org/jcr/1.0}nodeTypeManagement_" + this.session.getWorkspace().getName(), (String) null)});
    }

    private List<Privilege> getPrivilegesToFilter(Node node) {
        ArrayList arrayList = new ArrayList();
        if (this.aclReadOnly && (node instanceof ExternalNodeImpl)) {
            arrayList.add(this.modifyAccessControlPrivilege);
        }
        if (!this.writable && (node instanceof ExternalNodeImpl) && (this.session.getOverridableProperties() == null || this.session.getOverridableProperties().size() == 0)) {
            arrayList.add(this.writePrivilege);
            arrayList.addAll(Lists.newArrayList(this.writePrivilege.getAggregatePrivileges()));
        }
        return arrayList;
    }

    private static Privilege[] filterPrivileges(Privilege[] privilegeArr, List<Privilege> list) {
        HashSet hashSet = new HashSet();
        for (Privilege privilege : privilegeArr) {
            if (!list.contains(privilege)) {
                if (privilege.isAggregate() && areIntersecting(privilege.getDeclaredAggregatePrivileges(), list)) {
                    hashSet.addAll(Arrays.asList(filterPrivileges(privilege.getDeclaredAggregatePrivileges(), list)));
                } else {
                    hashSet.add(privilege);
                }
            }
        }
        return (Privilege[]) hashSet.toArray(new Privilege[hashSet.size()]);
    }

    private static boolean areIntersecting(Privilege[] privilegeArr, List<Privilege> list) {
        for (Privilege privilege : privilegeArr) {
            if (list.contains(privilege)) {
                return true;
            }
        }
        return false;
    }
}
