package org.apache.jackrabbit.core.security.simple;

import java.security.Principal;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
import javax.security.auth.Subject;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.core.HierarchyManager;
import org.apache.jackrabbit.core.fs.FileSystem;
import org.apache.jackrabbit.core.id.ItemId;
import org.apache.jackrabbit.core.security.AMContext;
import org.apache.jackrabbit.core.security.AbstractAccessControlManager;
import org.apache.jackrabbit.core.security.AccessManager;
import org.apache.jackrabbit.core.security.AnonymousPrincipal;
import org.apache.jackrabbit.core.security.SystemPrincipal;
import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.core.security.authorization.NamedAccessControlPolicyImpl;
import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;

/* loaded from: input_file:jackrabbit-core-2.4.2.jar:org/apache/jackrabbit/core/security/simple/SimpleAccessManager.class */
public class SimpleAccessManager extends AbstractAccessControlManager implements AccessManager {
    private static final AccessControlPolicy POLICY = new NamedAccessControlPolicyImpl("Simple AccessControlPolicy");
    private Subject subject;
    private HierarchyManager hierMgr;
    private NamePathResolver resolver;
    private WorkspaceAccessManager wspAccessMgr;
    private PrivilegeManager privilegeManager;
    private boolean initialized = false;
    private boolean anonymous = false;
    private boolean system = false;

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public void init(AMContext aMContext) throws AccessDeniedException, Exception {
        init(aMContext, null, null);
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public void init(AMContext aMContext, AccessControlProvider accessControlProvider, WorkspaceAccessManager workspaceAccessManager) throws AccessDeniedException, Exception {
        if (this.initialized) {
            throw new IllegalStateException("already initialized");
        }
        this.subject = aMContext.getSubject();
        this.hierMgr = aMContext.getHierarchyManager();
        this.resolver = aMContext.getNamePathResolver();
        this.privilegeManager = aMContext.getSession().getWorkspace().getPrivilegeManager();
        this.wspAccessMgr = workspaceAccessManager;
        this.anonymous = !this.subject.getPrincipals(AnonymousPrincipal.class).isEmpty();
        this.system = !this.subject.getPrincipals(SystemPrincipal.class).isEmpty();
        this.initialized = true;
        if (!canAccess(aMContext.getWorkspaceName())) {
            throw new AccessDeniedException("Not allowed to access Workspace " + aMContext.getWorkspaceName());
        }
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public synchronized void close() throws Exception {
        checkInitialized();
        this.initialized = false;
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public void checkPermission(ItemId itemId, int i) throws AccessDeniedException, RepositoryException {
        if (!isGranted(itemId, i)) {
            throw new AccessDeniedException("Access denied");
        }
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public void checkPermission(Path path, int i) throws AccessDeniedException, RepositoryException {
        if (!isGranted(path, i)) {
            throw new AccessDeniedException("Access denied");
        }
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public void checkRepositoryPermission(int i) throws AccessDeniedException, RepositoryException {
        if (!isGranted((ItemId) null, i)) {
            throw new AccessDeniedException("Access denied");
        }
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public boolean isGranted(ItemId itemId, int i) throws RepositoryException {
        checkInitialized();
        if (!this.system && this.anonymous) {
            return ((i & 2) == 2 || (i & 4) == 4) ? false : true;
        }
        return true;
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public boolean isGranted(Path path, int i) throws RepositoryException {
        return internalIsGranted(path, i);
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public boolean isGranted(Path path, Name name, int i) throws RepositoryException {
        return internalIsGranted(path, i);
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public boolean canRead(Path path, ItemId itemId) throws RepositoryException {
        return true;
    }

    private boolean internalIsGranted(Path path, int i) throws RepositoryException {
        if (!path.isAbsolute()) {
            throw new RepositoryException("Absolute path expected");
        }
        checkInitialized();
        return this.system || !this.anonymous || i == 1;
    }

    @Override // org.apache.jackrabbit.core.security.AccessManager
    public boolean canAccess(String str) throws RepositoryException {
        if (this.system || this.wspAccessMgr == null) {
            return true;
        }
        return this.wspAccessMgr.grants(this.subject.getPrincipals(), str);
    }

    public boolean hasPrivileges(String str, Privilege[] privilegeArr) throws PathNotFoundException, RepositoryException {
        checkInitialized();
        checkValidNodePath(str);
        if (privilegeArr == null || privilegeArr.length == 0 || this.system || !this.anonymous) {
            return true;
        }
        return privilegeArr.length == 1 && privilegeArr[0].equals(this.privilegeManager.getPrivilege("{http://www.jcp.org/jcr/1.0}read"));
    }

    public Privilege[] getPrivileges(String str) throws PathNotFoundException, RepositoryException {
        checkInitialized();
        checkValidNodePath(str);
        return new Privilege[]{this.anonymous ? this.privilegeManager.getPrivilege("{http://www.jcp.org/jcr/1.0}read") : this.system ? this.privilegeManager.getPrivilege("{http://www.jcp.org/jcr/1.0}all") : this.privilegeManager.getPrivilege("{http://www.jcp.org/jcr/1.0}all")};
    }

    public AccessControlPolicy[] getEffectivePolicies(String str) throws PathNotFoundException, AccessDeniedException, RepositoryException {
        checkInitialized();
        checkPermission(str, 32);
        return new AccessControlPolicy[]{POLICY};
    }

    @Override // org.apache.jackrabbit.core.security.AbstractAccessControlManager
    protected void checkInitialized() throws IllegalStateException {
        if (!this.initialized) {
            throw new IllegalStateException("not initialized");
        }
    }

    @Override // org.apache.jackrabbit.core.security.AbstractAccessControlManager
    protected void checkPermission(String str, int i) throws AccessDeniedException, PathNotFoundException, RepositoryException {
        checkValidNodePath(str);
        if (this.anonymous && i != 1) {
            throw new AccessDeniedException("Anonymous may only READ.");
        }
    }

    @Override // org.apache.jackrabbit.core.security.AbstractAccessControlManager
    protected PrivilegeManager getPrivilegeManager() throws RepositoryException {
        return this.privilegeManager;
    }

    @Override // org.apache.jackrabbit.core.security.AbstractAccessControlManager
    protected void checkValidNodePath(String str) throws PathNotFoundException, RepositoryException {
        if (str != null) {
            Path qPath = this.resolver.getQPath(str);
            if (!qPath.isAbsolute()) {
                throw new RepositoryException("Absolute path expected. Found: " + str);
            }
            if (this.hierMgr.resolveNodePath(qPath) == null) {
                throw new PathNotFoundException(str);
            }
        }
    }

    public AccessControlPolicy[] getEffectivePolicies(Set<Principal> set) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException {
        checkInitialized();
        checkPermission(this.resolver.getQPath(FileSystem.SEPARATOR), 32);
        return new AccessControlPolicy[]{POLICY};
    }

    public boolean hasPrivileges(String str, Set<Principal> set, Privilege[] privilegeArr) throws PathNotFoundException, RepositoryException {
        if (this.anonymous) {
            throw new AccessDeniedException();
        }
        if (set.size() == 1 && (set.iterator().next() instanceof AnonymousPrincipal)) {
            return privilegeArr.length == 1 && privilegeArr[0].equals(this.privilegeManager.getPrivilege("{http://www.jcp.org/jcr/1.0}read"));
        }
        return true;
    }

    public Privilege[] getPrivileges(String str, Set<Principal> set) throws PathNotFoundException, RepositoryException {
        if (this.anonymous) {
            throw new AccessDeniedException();
        }
        return (set.size() == 1 && (set.iterator().next() instanceof AnonymousPrincipal)) ? new Privilege[]{this.privilegeManager.getPrivilege("{http://www.jcp.org/jcr/1.0}read")} : new Privilege[]{this.privilegeManager.getPrivilege("{http://www.jcp.org/jcr/1.0}all")};
    }
}
