package org.apache.sling.distribution.agent.impl;

import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.util.Text;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.distribution.DistributionRequest;
import org.apache.sling.distribution.DistributionRequestType;
import org.apache.sling.distribution.common.DistributionException;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:org/apache/sling/distribution/agent/impl/PrivilegeDistributionRequestAuthorizationStrategy.class */
public class PrivilegeDistributionRequestAuthorizationStrategy implements DistributionRequestAuthorizationStrategy {
    private final String jcrPrivilege;

    public PrivilegeDistributionRequestAuthorizationStrategy(String str) {
        if (str == null) {
            throw new IllegalArgumentException("Jcr Privilege is required");
        }
        this.jcrPrivilege = str;
    }

    @Override // org.apache.sling.distribution.agent.impl.DistributionRequestAuthorizationStrategy
    public void checkPermission(@NotNull ResourceResolver resourceResolver, @NotNull DistributionRequest distributionRequest) throws DistributionException {
        Session session = (Session) resourceResolver.adaptTo(Session.class);
        if (session == null) {
            throw new DistributionException("cannot obtain a Session");
        }
        try {
            if (DistributionRequestType.ADD.equals(distributionRequest.getRequestType())) {
                checkPermissionForAdd(session, distributionRequest.getPaths());
            } else if (DistributionRequestType.DELETE.equals(distributionRequest.getRequestType())) {
                checkPermissionForDelete(session, distributionRequest.getPaths());
            }
        } catch (RepositoryException e) {
            throw new DistributionException("Not enough privileges");
        }
    }

    private void checkPermissionForAdd(Session session, String[] strArr) throws RepositoryException, DistributionException {
        AccessControlManager accessControlManager = session.getAccessControlManager();
        Privilege[] privilegeArr = {accessControlManager.privilegeFromName(this.jcrPrivilege), accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}read")};
        for (String str : strArr) {
            if (!accessControlManager.hasPrivileges(str, privilegeArr)) {
                throw new DistributionException("Not enough privileges");
            }
        }
    }

    private void checkPermissionForDelete(Session session, String[] strArr) throws RepositoryException, DistributionException {
        AccessControlManager accessControlManager = session.getAccessControlManager();
        Privilege[] privilegeArr = {accessControlManager.privilegeFromName(this.jcrPrivilege), accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}removeNode")};
        for (String str : strArr) {
            String closestParent = getClosestParent(session, str);
            if (closestParent == null || !accessControlManager.hasPrivileges(closestParent, privilegeArr)) {
                throw new DistributionException("Not enough privileges");
            }
        }
    }

    private String getClosestParent(Session session, String str) throws RepositoryException {
        while (!session.nodeExists(str)) {
            str = Text.getRelativeParent(str, 1);
            if (str == null || str.length() <= 0) {
                return null;
            }
        }
        return str;
    }
}
