package org.apache.sling.jcr.repoinit.impl;

import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.jcr.Node;
import javax.jcr.Session;
import org.apache.sling.repoinit.parser.operations.AclLine;
import org.apache.sling.repoinit.parser.operations.CreatePath;
import org.apache.sling.repoinit.parser.operations.PathSegmentDefinition;
import org.apache.sling.repoinit.parser.operations.RestrictionClause;
import org.apache.sling.repoinit.parser.operations.SetAclPaths;
import org.apache.sling.repoinit.parser.operations.SetAclPrincipalBased;
import org.apache.sling.repoinit.parser.operations.SetAclPrincipals;
import org.slf4j.Logger;

/* loaded from: input_file:org/apache/sling/jcr/repoinit/impl/AclVisitor.class */
class AclVisitor extends DoNothingVisitor {
    public AclVisitor(Session session) {
        super(session);
    }

    private List<String> require(AclLine aclLine, String str) {
        List<String> property = aclLine.getProperty(str);
        if (property == null) {
            throw new IllegalStateException("Missing property " + str + " on " + aclLine);
        }
        return property;
    }

    private void setAcl(AclLine aclLine, Session session, List<String> list, List<String> list2, List<String> list3, AclLine.Action action) {
        try {
            if (action == AclLine.Action.REMOVE) {
                throw new RuntimeException("remove not supported");
            }
            if (action == AclLine.Action.REMOVE_ALL) {
                AclUtil.removeEntries(session, list, list2);
            } else {
                boolean equals = aclLine.getAction().equals(AclLine.Action.ALLOW);
                Logger logger = this.log;
                Object[] objArr = new Object[4];
                objArr[0] = equals ? "allow" : "deny";
                objArr[1] = list3;
                objArr[2] = list;
                objArr[3] = list2;
                logger.info("Adding ACL '{}' entry '{}' for {} on {}", objArr);
                AclUtil.setAcl(session, list, list2, list3, equals, (List<RestrictionClause>) aclLine.getRestrictions());
            }
        } catch (Exception e) {
            throw new RuntimeException("Failed to set ACL (" + e.toString() + ") " + aclLine, e);
        }
    }

    private void setRepositoryAcl(AclLine aclLine, Session session, List<String> list, List<String> list2, AclLine.Action action) {
        try {
            if (action == AclLine.Action.REMOVE) {
                throw new RuntimeException("remove not supported");
            }
            if (action == AclLine.Action.REMOVE_ALL) {
                AclUtil.removeEntries(session, list, Collections.singletonList(null));
            } else {
                boolean equals = aclLine.getAction().equals(AclLine.Action.ALLOW);
                Logger logger = this.log;
                Object[] objArr = new Object[3];
                objArr[0] = equals ? "allow" : "deny";
                objArr[1] = list2;
                objArr[2] = list;
                logger.info("Adding repository level ACL '{}' entry '{}' for {}", objArr);
                AclUtil.setRepositoryAcl(session, list, list2, equals, aclLine.getRestrictions());
            }
        } catch (Exception e) {
            throw new RuntimeException("Failed to set repository level ACL (" + e.toString() + ") " + aclLine, e);
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitSetAclPrincipal(SetAclPrincipals setAclPrincipals) {
        List<String> principals = setAclPrincipals.getPrincipals();
        for (AclLine aclLine : setAclPrincipals.getLines()) {
            List<String> property = aclLine.getProperty("paths");
            if (property == null || property.isEmpty()) {
                setRepositoryAcl(aclLine, this.session, principals, require(aclLine, "privileges"), aclLine.getAction());
            } else {
                setAcl(aclLine, this.session, principals, property, require(aclLine, "privileges"), aclLine.getAction());
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitSetAclPaths(SetAclPaths setAclPaths) {
        List<String> paths = setAclPaths.getPaths();
        for (AclLine aclLine : setAclPaths.getLines()) {
            setAcl(aclLine, this.session, require(aclLine, "principals"), paths, require(aclLine, "privileges"), aclLine.getAction());
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitSetAclPrincipalBased(SetAclPrincipalBased setAclPrincipalBased) {
        for (String str : setAclPrincipalBased.getPrincipals()) {
            try {
                this.log.info("Adding principal-based access control entry for {}", str);
                AclUtil.setPrincipalAcl(this.session, str, setAclPrincipalBased.getLines());
            } catch (Exception e) {
                throw new RuntimeException("Failed to set principal-based ACL (" + e.getMessage() + ")", e);
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitCreatePath(CreatePath createPath) {
        String str = "";
        for (PathSegmentDefinition pathSegmentDefinition : createPath.getDefinitions()) {
            String str2 = str + "/" + pathSegmentDefinition.getSegment();
            try {
                if (this.session.itemExists(str2)) {
                    this.log.info("Path already exists, nothing to do (and not checking its primary type for now): {}", str2);
                } else {
                    Node rootNode = str.equals("") ? this.session.getRootNode() : this.session.getNode(str);
                    this.log.info("Creating node {} with primary type {}", str2, pathSegmentDefinition.getPrimaryType());
                    Node addNode = rootNode.addNode(pathSegmentDefinition.getSegment(), pathSegmentDefinition.getPrimaryType());
                    List mixins = pathSegmentDefinition.getMixins();
                    if (mixins != null) {
                        this.log.info("Adding mixins {} to node {}", mixins, str2);
                        Iterator it = mixins.iterator();
                        while (it.hasNext()) {
                            addNode.addMixin((String) it.next());
                        }
                    }
                }
                str = str + "/" + pathSegmentDefinition.getSegment();
            } catch (Exception e) {
                throw new RuntimeException("CreatePath execution failed at " + pathSegmentDefinition + ": " + e, e);
            }
        }
        try {
            this.session.save();
        } catch (Exception e2) {
            throw new RuntimeException("Session.save failed: " + e2, e2);
        }
    }
}
