package org.apache.jackrabbit.oak.security.authorization.permission;

import com.google.common.collect.ImmutableSet;
import java.security.Principal;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
import org.apache.jackrabbit.oak.core.ImmutableTree;
import org.apache.jackrabbit.oak.core.TreeTypeProviderImpl;
import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
import org.apache.jackrabbit.oak.security.authorization.permission.PermissionEntryCache;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
import org.apache.jackrabbit.oak.util.TreeLocation;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/oak-core-0.15.jar:org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.class
 */
/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.class */
public class PermissionProviderImpl implements PermissionProvider, AccessControlConstants, PermissionConstants {
    private final Root root;
    private final String workspaceName;
    private final AuthorizationConfiguration acConfig;
    private final CompiledPermissions compiledPermissions;
    private ImmutableRoot immutableRoot;

    public PermissionProviderImpl(@Nonnull Root root, @Nonnull String str, @Nonnull Set<Principal> set, @Nonnull AuthorizationConfiguration authorizationConfiguration, @Nonnull PermissionEntryCache.Local local) {
        this.root = root;
        this.workspaceName = str;
        this.acConfig = authorizationConfiguration;
        this.immutableRoot = getImmutableRoot(root, authorizationConfiguration);
        if (set.contains(SystemPrincipal.INSTANCE) || isAdmin(set)) {
            this.compiledPermissions = AllPermissions.getInstance();
        } else {
            this.compiledPermissions = CompiledPermissionImpl.create(this.immutableRoot, str, set, authorizationConfiguration, local);
        }
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    public void refresh() {
        this.immutableRoot = getImmutableRoot(this.root, this.acConfig);
        this.compiledPermissions.refresh(this.immutableRoot, this.workspaceName);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    @Nonnull
    public Set<String> getPrivileges(@Nullable Tree tree) {
        return this.compiledPermissions.getPrivileges(getImmutableTree(tree));
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    public boolean hasPrivileges(@Nullable Tree tree, @Nonnull String... strArr) {
        return this.compiledPermissions.hasPrivileges(getImmutableTree(tree), strArr);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    public RepositoryPermission getRepositoryPermission() {
        return this.compiledPermissions.getRepositoryPermission();
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission treePermission) {
        return this.compiledPermissions.getTreePermission(getImmutableTree(tree), treePermission);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    public boolean isGranted(@Nonnull Tree tree, @Nullable PropertyState propertyState, long j) {
        return this.compiledPermissions.isGranted(getImmutableTree(tree), propertyState, j);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
    public boolean isGranted(@Nonnull String str, @Nonnull String str2) {
        TreeLocation create = TreeLocation.create(this.immutableRoot, str);
        long permissions = Permissions.getPermissions(str2, create, this.acConfig.getContext().definesLocation(create));
        boolean z = false;
        PropertyState property = create.getProperty();
        Tree tree = property == null ? create.getTree() : create.getParent().getTree();
        if (tree != null) {
            z = isGranted(tree, property, permissions);
        } else if (!isVersionStorePath(str)) {
            z = this.compiledPermissions.isGranted(str, permissions);
        }
        return z;
    }

    private boolean isAdmin(Set<Principal> set) {
        ImmutableSet copyOf = ImmutableSet.copyOf((Object[]) this.acConfig.getParameters().getConfigValue(PermissionConstants.PARAM_ADMINISTRATIVE_PRINCIPALS, new String[0]));
        for (Principal principal : set) {
            if ((principal instanceof AdminPrincipal) || copyOf.contains(principal.getName())) {
                return true;
            }
        }
        return false;
    }

    private ImmutableTree getImmutableTree(@Nullable Tree tree) {
        if (tree instanceof ImmutableTree) {
            return (ImmutableTree) tree;
        }
        if (tree == null) {
            return null;
        }
        return this.immutableRoot.getTree(tree.getPath());
    }

    private static ImmutableRoot getImmutableRoot(@Nonnull Root root, @Nonnull SecurityConfiguration securityConfiguration) {
        return root instanceof ImmutableRoot ? (ImmutableRoot) root : new ImmutableRoot(root, new TreeTypeProviderImpl(securityConfiguration.getContext()));
    }

    private static boolean isVersionStorePath(@Nonnull String str) {
        if (str.indexOf(JcrConstants.JCR_SYSTEM) != 1) {
            return false;
        }
        Iterator<String> it = VersionConstants.SYSTEM_PATHS.iterator();
        while (it.hasNext()) {
            if (str.startsWith(it.next())) {
                return true;
            }
        }
        return false;
    }
}
