package org.apache.sling.jcr.repoinit.impl;

import java.security.Principal;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sling/jcr/repoinit/impl/AclUtil.class */
public class AclUtil {
    private static final Logger LOG = LoggerFactory.getLogger(AclUtil.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/sling/jcr/repoinit/impl/AclUtil$LocalAccessControlEntry.class */
    public static class LocalAccessControlEntry {
        private final Principal principal;
        private final Privilege[] privileges;
        private final boolean isAllow;

        LocalAccessControlEntry(Principal principal, Privilege[] privilegeArr, boolean z) {
            this.principal = principal;
            this.privileges = privilegeArr;
            this.isAllow = z;
        }

        public boolean isContainedIn(JackrabbitAccessControlEntry jackrabbitAccessControlEntry) throws RepositoryException {
            return jackrabbitAccessControlEntry.getPrincipal().equals(this.principal) && contains(jackrabbitAccessControlEntry.getPrivileges(), this.privileges) && jackrabbitAccessControlEntry.isAllow() == this.isAllow && (jackrabbitAccessControlEntry.getRestrictionNames() == null || jackrabbitAccessControlEntry.getRestrictionNames().length == 0);
        }

        private boolean contains(Privilege[] privilegeArr, Privilege[] privilegeArr2) {
            HashSet hashSet = new HashSet();
            hashSet.addAll(Arrays.asList(privilegeArr));
            HashSet hashSet2 = new HashSet();
            hashSet2.addAll(Arrays.asList(privilegeArr2));
            return hashSet.containsAll(hashSet2);
        }

        public String toString() {
            return "[" + getClass().getSimpleName() + "# principal " + this.principal + ", privileges: " + Arrays.toString(this.privileges) + ", isAllow : " + this.isAllow + "]";
        }
    }

    public static JackrabbitAccessControlManager getJACM(Session session) throws UnsupportedRepositoryOperationException, RepositoryException {
        JackrabbitAccessControlManager accessControlManager = session.getAccessControlManager();
        if (accessControlManager instanceof JackrabbitAccessControlManager) {
            return accessControlManager;
        }
        throw new IllegalStateException("AccessControlManager is not a JackrabbitAccessControlManager:" + accessControlManager.getClass().getName());
    }

    public static void setAcl(Session session, List<String> list, List<String> list2, List<String> list3, boolean z) throws UnsupportedRepositoryOperationException, RepositoryException {
        Principal principal;
        Privilege[] privilegesFromNames = AccessControlUtils.privilegesFromNames(session, (String[]) list3.toArray(new String[list3.size()]));
        for (String str : list2) {
            if (!session.nodeExists(str)) {
                throw new PathNotFoundException("Cannot set ACL on non-existent path " + str);
            }
            JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, str);
            AccessControlEntry[] accessControlEntries = accessControlList.getAccessControlEntries();
            boolean z2 = false;
            for (String str2 : list) {
                if ("everyone".equals(str2)) {
                    principal = AccessControlUtils.getPrincipal(session, str2);
                } else {
                    Authorizable authorizable = UserUtil.getAuthorizable(session, str2);
                    if (authorizable == null) {
                        throw new IllegalStateException("Authorizable not found:" + str2);
                    }
                    principal = authorizable.getPrincipal();
                }
                if (principal == null) {
                    throw new IllegalStateException("Principal not found: " + str2);
                }
                LocalAccessControlEntry localAccessControlEntry = new LocalAccessControlEntry(principal, privilegesFromNames, z);
                if (contains(accessControlEntries, localAccessControlEntry)) {
                    LOG.info("Not adding {} to path {} since an equivalent access control entry already exists", localAccessControlEntry, str);
                } else {
                    accessControlList.addEntry(localAccessControlEntry.principal, localAccessControlEntry.privileges, localAccessControlEntry.isAllow);
                    z2 = true;
                }
            }
            if (z2) {
                getJACM(session).setPolicy(str, accessControlList);
            }
        }
    }

    static boolean contains(AccessControlEntry[] accessControlEntryArr, LocalAccessControlEntry localAccessControlEntry) throws RepositoryException {
        for (AccessControlEntry accessControlEntry : accessControlEntryArr) {
            JackrabbitAccessControlEntry jackrabbitAccessControlEntry = (JackrabbitAccessControlEntry) accessControlEntry;
            LOG.debug("Comparing {} with {}", localAccessControlEntry, toString(jackrabbitAccessControlEntry));
            if (localAccessControlEntry.isContainedIn(jackrabbitAccessControlEntry)) {
                return true;
            }
        }
        return false;
    }

    private static String toString(JackrabbitAccessControlEntry jackrabbitAccessControlEntry) throws RepositoryException {
        return "[" + jackrabbitAccessControlEntry.getClass().getSimpleName() + "# principal: " + jackrabbitAccessControlEntry.getPrincipal() + ", privileges: " + Arrays.toString(jackrabbitAccessControlEntry.getPrivileges()) + ", isAllow: " + jackrabbitAccessControlEntry.isAllow() + ", restrictionNames: " + jackrabbitAccessControlEntry.getRestrictionNames() + "]";
    }
}
