package org.apache.jackrabbit.core.security.authorization.principalbased;

import java.security.Principal;
import javax.jcr.Node;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
import org.apache.jackrabbit.api.jsr283.security.AccessControlException;
import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
import org.apache.jackrabbit.api.jsr283.security.Privilege;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.ProtectedItemModifier;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.core.security.authorization.AccessControlEditor;
import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.spi.commons.conversion.NameException;
import org.apache.jackrabbit.spi.commons.conversion.NameParser;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:jackrabbit-core-1.6.0.jar:org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.class */
public class ACLEditor extends ProtectedItemModifier implements AccessControlEditor, AccessControlConstants {
    private static Logger log;
    private static final String DEFAULT_ACE_NAME = "ace";
    private final SessionImpl session;
    private final String acRootPath;
    static Class class$org$apache$jackrabbit$core$security$authorization$principalbased$ACLEditor;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ACLEditor(SessionImpl sessionImpl, Path path) throws RepositoryException {
        super(64);
        this.session = sessionImpl;
        this.acRootPath = sessionImpl.getJCRPath(path);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ACLTemplate getACL(Principal principal) throws RepositoryException {
        if (!this.session.getPrincipalManager().hasPrincipal(principal.getName())) {
            throw new AccessControlException("Unknown principal.");
        }
        String pathToAcNode = getPathToAcNode(principal);
        ACLTemplate aCLTemplate = null;
        if (this.session.nodeExists(pathToAcNode)) {
            AccessControlPolicy[] policies = getPolicies(pathToAcNode);
            if (policies.length > 0) {
                aCLTemplate = (ACLTemplate) policies[0];
            }
        }
        if (aCLTemplate == null) {
            log.debug(new StringBuffer().append("No policy template for Principal ").append(principal.getName()).toString());
        }
        return aCLTemplate;
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlEditor
    public AccessControlPolicy[] getPolicies(String str) throws AccessControlException, PathNotFoundException, RepositoryException {
        checkProtectsNode(str);
        NodeImpl acNode = getAcNode(str);
        return isAccessControlled(acNode) ? new AccessControlPolicy[]{createTemplate(acNode)} : new AccessControlPolicy[0];
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlEditor
    public AccessControlPolicy[] editAccessControlPolicies(String str) throws AccessControlException, PathNotFoundException, RepositoryException {
        checkProtectsNode(str);
        if (!Text.isDescendant(this.acRootPath, str) || getAcNode(str) != null) {
            return new AccessControlPolicy[0];
        }
        if (getPrincipal(str) == null) {
            throw new AccessControlException(new StringBuffer().append("Access control modification not allowed at ").append(str).toString());
        }
        return new AccessControlPolicy[]{createTemplate(createAcNode(str))};
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlEditor
    public JackrabbitAccessControlPolicy[] editAccessControlPolicies(Principal principal) throws RepositoryException {
        if (!this.session.getPrincipalManager().hasPrincipal(principal.getName())) {
            throw new AccessControlException(new StringBuffer().append("Cannot edit access control: ").append(principal.getName()).append(" isn't a known principal.").toString());
        }
        String pathToAcNode = getPathToAcNode(principal);
        return new JackrabbitAccessControlPolicy[]{createTemplate(!this.session.nodeExists(pathToAcNode) ? createAcNode(pathToAcNode) : (NodeImpl) this.session.getNode(pathToAcNode))};
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlEditor
    public void setPolicy(String str, AccessControlPolicy accessControlPolicy) throws AccessControlException, PathNotFoundException, RepositoryException {
        checkProtectsNode(str);
        checkValidPolicy(str, accessControlPolicy);
        ACLTemplate aCLTemplate = (ACLTemplate) accessControlPolicy;
        NodeImpl acNode = getAcNode(str);
        if (acNode == null) {
            throw new PathNotFoundException(new StringBuffer().append("No such node ").append(str).toString());
        }
        if (acNode.hasNode(N_POLICY)) {
            removeItem(acNode.getNode(N_POLICY));
        }
        NodeImpl addNode = addNode(acNode, N_POLICY, NT_REP_ACL);
        for (AccessControlEntry accessControlEntry : aCLTemplate.getAccessControlEntries()) {
            JackrabbitAccessControlEntry jackrabbitAccessControlEntry = (JackrabbitAccessControlEntry) accessControlEntry;
            NodeImpl addNode2 = addNode(addNode, getUniqueNodeName(addNode, "entry"), jackrabbitAccessControlEntry.isAllow() ? NT_REP_GRANT_ACE : NT_REP_DENY_ACE);
            ValueFactory valueFactory = this.session.getValueFactory();
            setProperty(addNode2, P_PRINCIPAL_NAME, valueFactory.createValue(jackrabbitAccessControlEntry.getPrincipal().getName()));
            Privilege[] privileges = jackrabbitAccessControlEntry.getPrivileges();
            Value[] valueArr = new Value[privileges.length];
            for (int i = 0; i < privileges.length; i++) {
                valueArr[i] = valueFactory.createValue(privileges[i].getName(), 7);
            }
            setProperty(addNode2, P_PRIVILEGES, valueArr);
            String[] restrictionNames = jackrabbitAccessControlEntry.getRestrictionNames();
            for (int i2 = 0; i2 < restrictionNames.length; i2++) {
                setProperty(addNode2, this.session.getQName(restrictionNames[i2]), jackrabbitAccessControlEntry.getRestriction(restrictionNames[i2]));
            }
        }
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AccessControlEditor
    public void removePolicy(String str, AccessControlPolicy accessControlPolicy) throws AccessControlException, PathNotFoundException, RepositoryException {
        checkProtectsNode(str);
        checkValidPolicy(str, accessControlPolicy);
        NodeImpl acNode = getAcNode(str);
        if (!isAccessControlled(acNode) || !createTemplate(acNode).equals(accessControlPolicy)) {
            throw new AccessControlException(new StringBuffer().append("Policy ").append(accessControlPolicy).append(" does not apply to ").append(str).toString());
        }
        removeItem(acNode.getNode(N_POLICY));
    }

    private NodeImpl getAcNode(String str) throws PathNotFoundException, RepositoryException {
        if (Text.isDescendant(this.acRootPath, str)) {
            return this.session.getNode(str);
        }
        return null;
    }

    private NodeImpl createAcNode(String str) throws RepositoryException {
        NodeImpl addNode;
        String[] explode = Text.explode(str, 47, false);
        NodeImpl nodeImpl = (NodeImpl) this.session.getRootNode();
        int i = 0;
        while (i < explode.length) {
            Name qName = this.session.getQName(explode[i]);
            Name name = i < explode.length - 1 ? NT_REP_ACCESS_CONTROL : NT_REP_PRINCIPAL_ACCESS_CONTROL;
            if (nodeImpl.hasNode(qName)) {
                NodeImpl node = nodeImpl.getNode(qName);
                if (!node.isNodeType(name)) {
                    throw new RepositoryException(new StringBuffer().append("Error while creating access control node: Expected nodetype ").append(this.session.getJCRName(name)).append(" below /rep:accessControl, was ").append(nodeImpl.getPrimaryNodeType().getName()).append(" instead").toString());
                }
                addNode = node;
            } else {
                addNode = addNode(nodeImpl, qName, name);
            }
            nodeImpl = addNode;
            i++;
        }
        return nodeImpl;
    }

    private void checkProtectsNode(String str) throws RepositoryException {
        if (this.session.nodeExists(str)) {
            NodeImpl node = this.session.getNode(str);
            if (node.isNodeType(NT_REP_ACL) || node.isNodeType(NT_REP_ACE)) {
                throw new AccessControlException(new StringBuffer().append("Node ").append(str).append(" defines ACL or ACE.").toString());
            }
        }
    }

    private void checkValidPolicy(String str, AccessControlPolicy accessControlPolicy) throws AccessControlException {
        if (accessControlPolicy == null || !(accessControlPolicy instanceof ACLTemplate)) {
            throw new AccessControlException(new StringBuffer().append("Attempt to set/remove invalid policy ").append(accessControlPolicy).toString());
        }
        if (!str.equals(((ACLTemplate) accessControlPolicy).getPath())) {
            throw new AccessControlException(new StringBuffer().append("Policy ").append(accessControlPolicy).append(" is not applicable or does not apply to the node at ").append(str).toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getPathToAcNode(Principal principal) throws RepositoryException {
        StringBuffer stringBuffer = new StringBuffer(this.acRootPath);
        if (principal instanceof ItemBasedPrincipal) {
            stringBuffer.append(((ItemBasedPrincipal) principal).getPath());
        } else {
            stringBuffer.append("/");
            stringBuffer.append(Text.escapeIllegalJcrChars(principal.getName()));
        }
        return stringBuffer.toString();
    }

    private Principal getPrincipal(String str) throws RepositoryException {
        String principalName = getPrincipalName(str);
        PrincipalManager principalManager = this.session.getPrincipalManager();
        if (principalManager.hasPrincipal(principalName)) {
            return principalManager.getPrincipal(principalName);
        }
        return null;
    }

    private static String getPrincipalName(String str) {
        return Text.unescapeIllegalJcrChars(Text.getName(str));
    }

    private static boolean isAccessControlled(NodeImpl nodeImpl) throws RepositoryException {
        return nodeImpl != null && nodeImpl.isNodeType(NT_REP_PRINCIPAL_ACCESS_CONTROL) && nodeImpl.hasNode(N_POLICY);
    }

    private JackrabbitAccessControlPolicy createTemplate(NodeImpl nodeImpl) throws RepositoryException {
        if (!nodeImpl.isNodeType(NT_REP_PRINCIPAL_ACCESS_CONTROL)) {
            String stringBuffer = new StringBuffer().append("Unable to edit Access Control at ").append(nodeImpl.getPath()).append(". Expected node of type rep:PrinicipalAccessControl, was ").append(nodeImpl.getPrimaryNodeType().getName()).toString();
            log.debug(stringBuffer);
            throw new AccessControlException(stringBuffer);
        }
        Principal principal = getPrincipal(nodeImpl.getPath());
        if (principal == null) {
            String principalName = getPrincipalName(nodeImpl.getPath());
            log.warn(new StringBuffer().append("Principal with name ").append(principalName).append(" unknown to PrincipalManager.").toString());
            principal = new PrincipalImpl(principalName);
        }
        return new ACLTemplate(principal, nodeImpl);
    }

    protected static Name getUniqueNodeName(Node node, String str) throws RepositoryException {
        if (str == null) {
            str = DEFAULT_ACE_NAME;
        } else {
            try {
                NameParser.checkFormat(str);
            } catch (NameException e) {
                str = DEFAULT_ACE_NAME;
                log.debug(new StringBuffer().append("Invalid path name for Permission: ").append(str).append(".").toString());
            }
        }
        int i = 0;
        String str2 = str;
        while (node.hasNode(str2)) {
            str2 = new StringBuffer().append(str).append(i).toString();
            i++;
        }
        return ((SessionImpl) node.getSession()).getQName(str2);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$jackrabbit$core$security$authorization$principalbased$ACLEditor == null) {
            cls = class$("org.apache.jackrabbit.core.security.authorization.principalbased.ACLEditor");
            class$org$apache$jackrabbit$core$security$authorization$principalbased$ACLEditor = cls;
        } else {
            cls = class$org$apache$jackrabbit$core$security$authorization$principalbased$ACLEditor;
        }
        log = LoggerFactory.getLogger(cls);
    }
}
