package org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol;

import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.AccessDeniedException;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:resources/install.oak/15/oak-core-1.3.7.jar:org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManager.class */
public abstract class AbstractAccessControlManager implements JackrabbitAccessControlManager, AccessControlConstants {
    private static final Logger log = LoggerFactory.getLogger(AbstractAccessControlManager.class);
    private final Root root;
    private final String workspaceName;
    private final NamePathMapper namePathMapper;
    private final AuthorizationConfiguration config;
    private final PrivilegeManager privilegeManager;
    private PermissionProvider permissionProvider;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAccessControlManager(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper, @Nonnull SecurityProvider securityProvider) {
        this.root = root;
        this.workspaceName = root.getContentSession().getWorkspaceName();
        this.namePathMapper = namePathMapper;
        this.privilegeManager = ((PrivilegeConfiguration) securityProvider.getConfiguration(PrivilegeConfiguration.class)).getPrivilegeManager(root, namePathMapper);
        this.config = (AuthorizationConfiguration) securityProvider.getConfiguration(AuthorizationConfiguration.class);
    }

    @Override // javax.jcr.security.AccessControlManager
    @Nonnull
    public Privilege[] getSupportedPrivileges(@Nullable String str) throws RepositoryException {
        getTree(getOakPath(str), 0L, false);
        return this.privilegeManager.getRegisteredPrivileges();
    }

    @Override // javax.jcr.security.AccessControlManager
    @Nonnull
    public Privilege privilegeFromName(@Nonnull String str) throws RepositoryException {
        return this.privilegeManager.getPrivilege(str);
    }

    @Override // javax.jcr.security.AccessControlManager
    public boolean hasPrivileges(@Nullable String str, @Nullable Privilege[] privilegeArr) throws RepositoryException {
        return hasPrivileges(str, privilegeArr, getPermissionProvider(), 0L, false);
    }

    @Override // javax.jcr.security.AccessControlManager
    @Nonnull
    public Privilege[] getPrivileges(@Nullable String str) throws RepositoryException {
        return getPrivileges(str, getPermissionProvider(), 0L);
    }

    @Override // org.apache.jackrabbit.api.security.JackrabbitAccessControlManager
    public boolean hasPrivileges(@Nullable String str, @Nonnull Set<Principal> set, @Nullable Privilege[] privilegeArr) throws RepositoryException {
        return getPrincipals().equals(set) ? hasPrivileges(str, privilegeArr) : hasPrivileges(str, privilegeArr, this.config.getPermissionProvider(this.root, this.workspaceName, set), 128L, false);
    }

    @Override // org.apache.jackrabbit.api.security.JackrabbitAccessControlManager
    public Privilege[] getPrivileges(@Nullable String str, @Nonnull Set<Principal> set) throws RepositoryException {
        return getPrincipals().equals(set) ? getPrivileges(str) : getPrivileges(str, this.config.getPermissionProvider(this.root, this.workspaceName, set), 128L);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public AuthorizationConfiguration getConfig() {
        return this.config;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public Root getRoot() {
        return this.root;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public Root getLatestRoot() {
        return this.root.getContentSession().getLatestRoot();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public NamePathMapper getNamePathMapper() {
        return this.namePathMapper;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public PrivilegeManager getPrivilegeManager() {
        return this.privilegeManager;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @CheckForNull
    public String getOakPath(@Nullable String str) throws RepositoryException {
        if (str == null) {
            return null;
        }
        String oakPath = this.namePathMapper.getOakPath(str);
        if (oakPath == null || !PathUtils.isAbsolute(oakPath)) {
            throw new RepositoryException("Failed to resolve JCR path " + str);
        }
        return oakPath;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public Tree getTree(@Nullable String str, long j, boolean z) throws RepositoryException {
        Tree tree = str == null ? this.root.getTree("/") : this.root.getTree(str);
        if (!tree.exists()) {
            throw new PathNotFoundException("No tree at " + str);
        }
        if (j != 0) {
            checkPermissions(str == null ? null : tree, j);
        }
        if (z && this.config.getContext().definesTree(tree)) {
            throw new AccessControlException("Tree " + tree.getPath() + " defines access control content.");
        }
        return tree;
    }

    @Nonnull
    protected PermissionProvider getPermissionProvider() {
        if (this.permissionProvider == null) {
            this.permissionProvider = this.config.getPermissionProvider(this.root, this.workspaceName, getPrincipals());
        } else {
            this.permissionProvider.refresh();
        }
        return this.permissionProvider;
    }

    @Nonnull
    private Set<Principal> getPrincipals() {
        return this.root.getContentSession().getAuthInfo().getPrincipals();
    }

    private void checkPermissions(@Nullable Tree tree, long j) throws AccessDeniedException {
        if (!(tree == null ? getPermissionProvider().getRepositoryPermission().isGranted(j) : getPermissionProvider().isGranted(tree, null, j))) {
            throw new AccessDeniedException("Access denied.");
        }
    }

    @Nonnull
    private Privilege[] getPrivileges(@Nullable String str, @Nonnull PermissionProvider permissionProvider, long j) throws RepositoryException {
        Tree tree;
        if (str == null) {
            tree = null;
            if (j != 0) {
                checkPermissions(null, j);
            }
        } else {
            tree = getTree(getOakPath(str), j, false);
        }
        Set<String> privileges = permissionProvider.getPrivileges(tree);
        if (privileges.isEmpty()) {
            return new Privilege[0];
        }
        HashSet hashSet = new HashSet(privileges.size());
        Iterator<String> it = privileges.iterator();
        while (it.hasNext()) {
            hashSet.add(this.privilegeManager.getPrivilege(this.namePathMapper.getJcrName(it.next())));
        }
        return (Privilege[]) hashSet.toArray(new Privilege[hashSet.size()]);
    }

    private boolean hasPrivileges(@Nullable String str, @Nullable Privilege[] privilegeArr, @Nonnull PermissionProvider permissionProvider, long j, boolean z) throws RepositoryException {
        Tree tree;
        if (str == null) {
            tree = null;
            if (j != 0) {
                checkPermissions(null, j);
            }
        } else {
            tree = getTree(getOakPath(str), j, z);
        }
        if (privilegeArr == null || privilegeArr.length == 0) {
            log.debug("No privileges passed -> allowed.");
            return true;
        }
        HashSet hashSet = new HashSet(privilegeArr.length);
        for (Privilege privilege : privilegeArr) {
            hashSet.add(this.namePathMapper.getOakName(privilege.getName()));
        }
        return permissionProvider.hasPrivileges(tree, (String[]) hashSet.toArray(new String[hashSet.size()]));
    }
}
