package org.apache.sling.jcr.jackrabbit.accessmanager.post;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.Item;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import javax.servlet.ServletException;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.ResourceNotFoundException;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.apache.sling.servlets.get.impl.helpers.JsonRendererServlet;
import org.apache.sling.servlets.post.JSONResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:resources/install.org.apache.sling.jcr.jackrabbit.accessmanager-2.1.2.jar/15/null:org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractGetAclServlet.class */
public abstract class AbstractGetAclServlet extends SlingAllMethodsServlet {
    private final Logger log = LoggerFactory.getLogger(getClass());

    @Override // org.apache.sling.api.servlets.SlingSafeMethodsServlet
    protected void doGet(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        try {
            JSONObject internalGetAcl = internalGetAcl((Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class), slingHttpServletRequest.getResource().getPath());
            slingHttpServletResponse.setContentType(JSONResponse.RESPONSE_CONTENT_TYPE);
            slingHttpServletResponse.setCharacterEncoding("UTF-8");
            boolean z = false;
            String[] selectors = slingHttpServletRequest.getRequestPathInfo().getSelectors();
            if (selectors != null && selectors.length > 0) {
                int length = selectors.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (JsonRendererServlet.TIDY.equals(selectors[i])) {
                        z = true;
                        break;
                    }
                    i++;
                }
            }
            if (z) {
                slingHttpServletResponse.getWriter().append((CharSequence) internalGetAcl.toString(2));
            } else {
                internalGetAcl.write(slingHttpServletResponse.getWriter());
            }
        } catch (AccessDeniedException e) {
            slingHttpServletResponse.sendError(404);
        } catch (ResourceNotFoundException e2) {
            slingHttpServletResponse.sendError(404, e2.getMessage());
        } catch (Throwable th) {
            this.log.debug("Exception while handling GET " + slingHttpServletRequest.getResource().getPath() + " with " + getClass().getName(), th);
            throw new ServletException(th);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JSONObject internalGetAcl(Session session, String str) throws RepositoryException, JSONException {
        if (session == null) {
            throw new RepositoryException("JCR Session not found");
        }
        Item item = session.getItem(str);
        if (item == null) {
            throw new ResourceNotFoundException("Resource is not a JCR Node");
        }
        String path = item.getPath();
        AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
        HashMap hashMap = new HashMap();
        for (Privilege privilege : accessControlManager.getSupportedPrivileges(item.getPath())) {
            if (privilege.isAggregate()) {
                for (Privilege privilege2 : privilege.getAggregatePrivileges()) {
                    Set<Privilege> set = hashMap.get(privilege2);
                    if (set == null) {
                        set = new HashSet();
                        hashMap.put(privilege2, set);
                    }
                    set.add(privilege);
                }
            }
        }
        AccessControlEntry[] accessControlEntries = getAccessControlEntries(session, path);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        int i = 0;
        for (AccessControlEntry accessControlEntry : accessControlEntries) {
            Principal principal = accessControlEntry.getPrincipal();
            if (((Map) linkedHashMap.get(principal.getName())) == null) {
                LinkedHashMap linkedHashMap2 = new LinkedHashMap();
                linkedHashMap.put(principal.getName(), linkedHashMap2);
                int i2 = i;
                i++;
                linkedHashMap2.put("order", Integer.valueOf(i2));
            }
        }
        for (int length = accessControlEntries.length - 1; length >= 0; length--) {
            AccessControlEntry accessControlEntry2 = accessControlEntries[length];
            Map map = (Map) linkedHashMap.get(accessControlEntry2.getPrincipal().getName());
            Set<Privilege> set2 = (Set) map.get("granted");
            if (set2 == null) {
                set2 = new LinkedHashSet();
                map.put("granted", set2);
            }
            Set<Privilege> set3 = (Set) map.get("denied");
            if (set3 == null) {
                set3 = new LinkedHashSet();
                map.put("denied", set3);
            }
            if (AccessControlUtil.isAllow(accessControlEntry2)) {
                for (Privilege privilege3 : accessControlEntry2.getPrivileges()) {
                    mergePrivilegeSets(privilege3, hashMap, set2, set3);
                }
            } else {
                for (Privilege privilege4 : accessControlEntry2.getPrivileges()) {
                    mergePrivilegeSets(privilege4, hashMap, set3, set2);
                }
            }
        }
        ArrayList<JSONObject> arrayList = new ArrayList();
        for (Map.Entry entry : linkedHashMap.entrySet()) {
            String str2 = (String) entry.getKey();
            Map map2 = (Map) entry.getValue();
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(org.apache.jackrabbit.webdav.security.Principal.XML_PRINCIPAL, str2);
            Set set4 = (Set) map2.get("granted");
            if (set4 != null && !set4.isEmpty()) {
                jSONObject.put("granted", (Collection<?>) set4);
            }
            Set set5 = (Set) map2.get("denied");
            if (set5 != null && !set5.isEmpty()) {
                jSONObject.put("denied", (Collection<?>) set5);
            }
            jSONObject.put("order", map2.get("order"));
            arrayList.add(jSONObject);
        }
        JSONObject jSONObject2 = new JSONObject(linkedHashMap);
        for (JSONObject jSONObject3 : arrayList) {
            jSONObject2.put(jSONObject3.getString(org.apache.jackrabbit.webdav.security.Principal.XML_PRINCIPAL), jSONObject3);
        }
        return jSONObject2;
    }

    private void mergePrivilegeSets(Privilege privilege, Map<Privilege, Set<Privilege>> map, Set<Privilege> set, Set<Privilege> set2) {
        if (privilege.isAggregate()) {
            List asList = Arrays.asList(privilege.getAggregatePrivileges());
            set.removeAll(asList);
            set2.removeAll(asList);
        }
        set2.remove(privilege);
        boolean z = false;
        Set<Privilege> set3 = map.get(privilege);
        if (set3 != null) {
            Iterator<Privilege> it = set3.iterator();
            while (true) {
                if (it.hasNext()) {
                    if (set.contains(it.next())) {
                        z = true;
                        break;
                    }
                } else {
                    break;
                }
            }
        }
        if (!z) {
            set.add(privilege);
        }
        Set<Privilege> set4 = map.get(privilege);
        if (set4 != null) {
            for (Privilege privilege2 : set4) {
                if (set2.contains(privilege2)) {
                    set2.remove(privilege2);
                    if (privilege2.isAggregate()) {
                        filterAndMergePrivilegesFromAggregate(privilege2, set, set2, set4, privilege);
                    }
                }
            }
        }
    }

    private void filterAndMergePrivilegesFromAggregate(Privilege privilege, Set<Privilege> set, Set<Privilege> set2, Set<Privilege> set3, Privilege privilege2) {
        for (Privilege privilege3 : privilege.getDeclaredAggregatePrivileges()) {
            if (!privilege2.equals(privilege3)) {
                if (!set.contains(privilege3) && !set3.contains(privilege3)) {
                    set2.add(privilege3);
                }
                if (privilege3.isAggregate()) {
                    for (Privilege privilege4 : privilege3.getDeclaredAggregatePrivileges()) {
                        if (!privilege2.equals(privilege4) && privilege4.isAggregate()) {
                            filterAndMergePrivilegesFromAggregate(privilege4, set, set2, set3, privilege2);
                        }
                    }
                }
            }
        }
    }

    protected abstract AccessControlEntry[] getAccessControlEntries(Session session, String str) throws RepositoryException;
}
