package org.apache.jackrabbit.oak.security.authorization.permission;

import com.google.common.base.Objects;
import com.google.common.base.Strings;
import com.google.common.collect.Iterables;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.google.common.primitives.Longs;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.plugins.nodetype.TypePredicate;
import org.apache.jackrabbit.oak.plugins.tree.ImmutableTree;
import org.apache.jackrabbit.oak.plugins.tree.TreeConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/oak-core-1.0.12.jar:org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor.class
 */
/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor.class */
public final class PermissionStoreEditor implements AccessControlConstants, PermissionConstants {
    private static final Logger log = LoggerFactory.getLogger(PermissionStoreEditor.class);
    final String accessControlledPath;
    final String nodeName;
    final Map<String, List<AcEntry>> entries = Maps.newHashMap();
    private final NodeBuilder permissionRoot;

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/oak-core-1.0.12.jar:org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor$AcEntry.class
     */
    /* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor$AcEntry.class */
    public class AcEntry {
        private final String accessControlledPath;
        private final String principalName;
        private final PrivilegeBits privilegeBits;
        private final boolean isAllow;
        private final Set<Restriction> restrictions;
        private final int index;
        private int hashCode;

        private AcEntry(@Nonnull NodeState nodeState, @Nonnull String str, int i, boolean z, @Nonnull PrivilegeBits privilegeBits, @Nonnull Set<Restriction> set) {
            this.hashCode = -1;
            this.accessControlledPath = str;
            this.index = i;
            this.principalName = Text.escapeIllegalJcrChars(nodeState.getString("rep:principalName"));
            this.privilegeBits = privilegeBits;
            this.isAllow = z;
            this.restrictions = set;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void writeToPermissionStore(NodeBuilder nodeBuilder) {
            NodeBuilder property = nodeBuilder.child(String.valueOf(this.index)).setProperty("jcr:primaryType", PermissionConstants.NT_REP_PERMISSIONS, Type.NAME).setProperty(PermissionConstants.REP_IS_ALLOW, Boolean.valueOf(this.isAllow)).setProperty(getPrivilegeBitsProperty());
            Iterator<Restriction> it = this.restrictions.iterator();
            while (it.hasNext()) {
                property.setProperty(it.next().getProperty());
            }
        }

        protected PropertyState getPrivilegeBitsProperty() {
            return this.privilegeBits.asPropertyState("rep:privileges");
        }

        public int hashCode() {
            if (this.hashCode == -1) {
                this.hashCode = Objects.hashCode(this.accessControlledPath, this.principalName, this.privilegeBits, Boolean.valueOf(this.isAllow), this.restrictions);
            }
            return this.hashCode;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof AcEntry)) {
                return false;
            }
            AcEntry acEntry = (AcEntry) obj;
            return this.isAllow == acEntry.isAllow && this.privilegeBits.equals(acEntry.privilegeBits) && this.principalName.equals(acEntry.principalName) && this.accessControlledPath.equals(acEntry.accessControlledPath) && this.restrictions.equals(acEntry.restrictions);
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append(this.accessControlledPath);
            sb.append(';').append(this.principalName);
            sb.append(';').append(this.isAllow ? "allow" : "deny");
            sb.append(';').append(this.privilegeBits);
            sb.append(';').append(this.restrictions);
            return sb.toString();
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/oak-core-1.0.12.jar:org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor$JcrAllAcEntry.class
     */
    /* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor$JcrAllAcEntry.class */
    private final class JcrAllAcEntry extends AcEntry {
        private JcrAllAcEntry(@Nonnull NodeState nodeState, @Nonnull String str, int i, boolean z, @Nonnull PrivilegeBits privilegeBits, @Nonnull Set<Restriction> set) {
            super(nodeState, str, i, z, privilegeBits, set);
        }

        @Override // org.apache.jackrabbit.oak.security.authorization.permission.PermissionStoreEditor.AcEntry
        protected PropertyState getPrivilegeBitsProperty() {
            return PropertyStates.createProperty("rep:privileges", Longs.asList(-1), Type.LONGS);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PermissionStoreEditor(@Nonnull String str, @Nonnull String str2, @Nonnull NodeState nodeState, @Nonnull NodeBuilder nodeBuilder, @Nonnull TypePredicate typePredicate, @Nonnull TypePredicate typePredicate2, @Nonnull PrivilegeBitsProvider privilegeBitsProvider, @Nonnull RestrictionProvider restrictionProvider) {
        this.permissionRoot = nodeBuilder;
        if (str2.equals(AccessControlConstants.REP_REPO_POLICY)) {
            this.accessControlledPath = "";
        } else {
            this.accessControlledPath = str.length() == 0 ? "/" : str;
        }
        this.nodeName = PermissionUtil.getEntryName(this.accessControlledPath);
        LinkedHashSet newLinkedHashSet = Sets.newLinkedHashSet(nodeState.getNames(TreeConstants.OAK_CHILD_ORDER));
        long size = newLinkedHashSet.size();
        if (nodeState.getChildNodeCount(size + 1) > size) {
            Iterables.addAll(newLinkedHashSet, nodeState.getChildNodeNames());
        }
        PrivilegeBits bits = privilegeBitsProvider.getBits(PrivilegeConstants.JCR_ALL);
        int i = 0;
        Iterator it = newLinkedHashSet.iterator();
        while (it.hasNext()) {
            NodeState childNode = nodeState.getChildNode((String) it.next());
            if (typePredicate.apply(childNode)) {
                boolean apply = typePredicate2.apply(childNode);
                PrivilegeBits bits2 = privilegeBitsProvider.getBits(childNode.getNames("rep:privileges"));
                Set<Restriction> readRestrictions = restrictionProvider.readRestrictions(Strings.emptyToNull(this.accessControlledPath), new ImmutableTree(childNode));
                AcEntry jcrAllAcEntry = bits2.equals(bits) ? new JcrAllAcEntry(childNode, this.accessControlledPath, i, apply, bits2, readRestrictions) : new AcEntry(childNode, this.accessControlledPath, i, apply, bits2, readRestrictions);
                List<AcEntry> list = this.entries.get(jcrAllAcEntry.principalName);
                if (list == null) {
                    list = new ArrayList();
                    this.entries.put(jcrAllAcEntry.principalName, list);
                }
                list.add(jcrAllAcEntry);
                i++;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removePermissionEntries() {
        for (String str : this.entries.keySet()) {
            if (this.permissionRoot.hasChildNode(str)) {
                NodeBuilder childNode = this.permissionRoot.getChildNode(str);
                NodeBuilder childNode2 = childNode.getChildNode(this.nodeName);
                if (childNode2.exists()) {
                    if (PermissionUtil.checkACLPath(childNode2, this.accessControlledPath)) {
                        NodeBuilder nodeBuilder = null;
                        for (String str2 : childNode2.getChildNodeNames()) {
                            if (str2.charAt(0) == 'c') {
                                NodeBuilder childNode3 = childNode2.getChildNode(str2);
                                if (nodeBuilder == null) {
                                    nodeBuilder = childNode3;
                                } else {
                                    nodeBuilder.setChildNode(str2, childNode3.getNodeState());
                                    childNode3.remove();
                                }
                            }
                        }
                        childNode2.remove();
                        if (nodeBuilder != null) {
                            childNode.setChildNode(this.nodeName, nodeBuilder.getNodeState());
                        }
                    } else {
                        for (String str3 : childNode2.getChildNodeNames()) {
                            if (str3.charAt(0) == 'c') {
                                NodeBuilder childNode4 = childNode2.getChildNode(str3);
                                if (PermissionUtil.checkACLPath(childNode4, this.accessControlledPath)) {
                                    childNode4.remove();
                                }
                            }
                        }
                    }
                }
            } else {
                log.error("Unable to remove permission entry {}: Principal root missing.", this);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updatePermissionEntries() {
        for (String str : this.entries.keySet()) {
            NodeBuilder child = this.permissionRoot.child(str);
            if (!child.hasProperty("jcr:primaryType")) {
                child.setProperty("jcr:primaryType", PermissionConstants.NT_REP_PERMISSION_STORE, Type.NAME);
            }
            NodeBuilder child2 = child.child(this.nodeName);
            if (!child2.hasProperty("jcr:primaryType")) {
                child2.setProperty("jcr:primaryType", PermissionConstants.NT_REP_PERMISSION_STORE, Type.NAME);
            }
            if (!child2.hasProperty(PermissionConstants.REP_ACCESS_CONTROLLED_PATH)) {
                child2.setProperty(PermissionConstants.REP_ACCESS_CONTROLLED_PATH, this.accessControlledPath);
            } else if (!PermissionUtil.checkACLPath(child2, this.accessControlledPath)) {
                NodeBuilder nodeBuilder = null;
                int i = 0;
                for (String str2 : child2.getChildNodeNames()) {
                    if (str2.charAt(0) == 'c') {
                        nodeBuilder = child2.getChildNode(str2);
                        if (PermissionUtil.checkACLPath(nodeBuilder, this.accessControlledPath)) {
                            break;
                        }
                        nodeBuilder = null;
                        i++;
                    }
                }
                while (nodeBuilder == null) {
                    int i2 = i;
                    i++;
                    String str3 = 'c' + String.valueOf(i2);
                    if (child2.getChildNode(str3).exists()) {
                        nodeBuilder = null;
                    } else {
                        nodeBuilder = child2.child(str3);
                        nodeBuilder.setProperty("jcr:primaryType", PermissionConstants.NT_REP_PERMISSION_STORE, Type.NAME);
                    }
                }
                child2 = nodeBuilder;
                child2.setProperty(PermissionConstants.REP_ACCESS_CONTROLLED_PATH, this.accessControlledPath);
            }
            updateEntries(child2, this.entries.get(str));
        }
    }

    private void updateEntries(NodeBuilder nodeBuilder, List<AcEntry> list) {
        for (String str : nodeBuilder.getChildNodeNames()) {
            if (str.charAt(0) != 'c') {
                nodeBuilder.getChildNode(str).remove();
            }
        }
        Iterator<AcEntry> it = list.iterator();
        while (it.hasNext()) {
            it.next().writeToPermissionStore(nodeBuilder);
        }
    }
}
