package org.apache.sling.jcr.jackrabbit.accessmanager;

import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import javax.jcr.ValueFormatException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import javax.json.JsonArray;
import javax.json.JsonObject;
import javax.json.JsonString;
import javax.json.JsonValue;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.apache.sling.jcr.jackrabbit.accessmanager.impl.JsonConvert;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.ServiceReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sling/jcr/jackrabbit/accessmanager/PrivilegesInfo.class */
public class PrivilegesInfo {
    private Logger logger = LoggerFactory.getLogger(getClass());

    /* loaded from: input_file:org/apache/sling/jcr/jackrabbit/accessmanager/PrivilegesInfo$AccessRights.class */
    public static class AccessRights {
        private Set<Privilege> granted = new HashSet();
        private Set<Privilege> denied = new HashSet();
        private ResourceBundle resBundle = null;

        private ResourceBundle getResourceBundle(Locale locale) {
            if (this.resBundle == null || !this.resBundle.getLocale().equals(locale)) {
                this.resBundle = ResourceBundle.getBundle(getClass().getPackage().getName() + ".PrivilegesResources", locale);
            }
            return this.resBundle;
        }

        public Set<Privilege> getGranted() {
            return this.granted;
        }

        public Set<Privilege> getDenied() {
            return this.denied;
        }

        public String getPrivilegeSetDisplayName(Locale locale) {
            if (this.denied != null && !this.denied.isEmpty()) {
                return getResourceBundle(locale).getString("privilegeset.custom");
            }
            if (this.granted.isEmpty()) {
                return getResourceBundle(locale).getString("privilegeset.none");
            }
            if (this.granted.size() == 1) {
                Privilege next = this.granted.iterator().next();
                if ("jcr:all".equals(next.getName())) {
                    return getResourceBundle(locale).getString("privilegeset.all");
                }
                if ("jcr:read".equals(next.getName())) {
                    return getResourceBundle(locale).getString("privilegeset.readonly");
                }
            } else if (this.granted.size() == 2) {
                Iterator<Privilege> it = this.granted.iterator();
                Privilege next2 = it.next();
                Privilege next3 = it.next();
                if (("jcr:read".equals(next2.getName()) && "jcr:write".equals(next3.getName())) || ("jcr:read".equals(next3.getName()) && "jcr:write".equals(next2.getName()))) {
                    return getResourceBundle(locale).getString("privilegeset.readwrite");
                }
            }
            return getResourceBundle(locale).getString("privilegeset.custom");
        }
    }

    public Privilege[] getSupportedPrivileges(Node node) throws RepositoryException {
        return getSupportedPrivileges(node.getSession(), node.getPath());
    }

    public Privilege[] getSupportedPrivileges(Session session, String str) throws RepositoryException {
        return AccessControlUtil.getAccessControlManager(session).getSupportedPrivileges(str);
    }

    public Map<Principal, AccessRights> getDeclaredAccessRights(Node node) throws RepositoryException {
        return getDeclaredAccessRights(node.getSession(), node.getPath());
    }

    public Map<Principal, AccessRights> getDeclaredAccessRights(Session session, String str) throws RepositoryException {
        return toMap(session, (JsonObject) useGetAcl(getAcl -> {
            try {
                return getAcl.getAcl(session, str);
            } catch (RepositoryException e) {
                this.logger.warn("Failed to load Acl", e);
                return null;
            }
        }));
    }

    protected Map<Principal, AccessRights> toMap(Session session, JsonObject jsonObject) throws RepositoryException {
        if (jsonObject == null) {
            return Collections.emptyMap();
        }
        AccessControlManager accessControlManager = session.getAccessControlManager();
        PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(session);
        return (Map) jsonObject.values().stream().collect(Collectors.toMap(jsonValue -> {
            return principalManager.getPrincipal(((JsonObject) jsonValue).getString(JsonConvert.KEY_PRINCIPAL));
        }, jsonValue2 -> {
            AccessRights accessRights = new AccessRights();
            JsonObject jsonObject2 = ((JsonObject) jsonValue2).getJsonObject(JsonConvert.KEY_PRIVILEGES);
            if (jsonObject2 != null) {
                jsonObject2.entrySet().stream().forEach(entry -> {
                    Privilege privilege = null;
                    try {
                        privilege = accessControlManager.privilegeFromName((String) entry.getKey());
                    } catch (RepositoryException e) {
                        this.logger.warn("Failed to resolve privilege", e);
                    }
                    if (privilege != null) {
                        JsonObject jsonObject3 = (JsonValue) entry.getValue();
                        if (jsonObject3 instanceof JsonObject) {
                            JsonObject jsonObject4 = jsonObject3;
                            if (jsonObject4.containsKey(JsonConvert.KEY_ALLOW)) {
                                accessRights.granted.add(privilege);
                            }
                            if (jsonObject4.containsKey(JsonConvert.KEY_DENY)) {
                                accessRights.denied.add(privilege);
                            }
                        }
                    }
                });
            }
            return accessRights;
        }));
    }

    public AccessRights getDeclaredAccessRightsForPrincipal(Node node, String str) throws RepositoryException {
        return getDeclaredAccessRightsForPrincipal(node.getSession(), node.getPath(), str);
    }

    public AccessRights getDeclaredAccessRightsForPrincipal(Session session, String str, String str2) throws RepositoryException {
        return getDeclaredAccessRights(session, str).get(AccessControlUtil.getPrincipalManager(session).getPrincipal(str2));
    }

    @Deprecated
    public Map<String, Object> getDeclaredRestrictionsForPrincipal(Node node, String str) throws RepositoryException {
        return getDeclaredRestrictionsForPrincipal(node.getSession(), node.getPath(), str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v17, types: [java.util.Map] */
    @Deprecated
    public Map<String, Object> getDeclaredRestrictionsForPrincipal(Session session, String str, String str2) throws RepositoryException {
        HashMap hashMap;
        JsonObject jsonObject = (JsonObject) useGetAcl(getAcl -> {
            try {
                return getAcl.getAcl(session, str);
            } catch (RepositoryException e) {
                this.logger.warn("Failed to load Acl", e);
                return null;
            }
        });
        if (jsonObject == null) {
            hashMap = Collections.emptyMap();
        } else {
            HashMap hashMap2 = new HashMap();
            useRestrictionProvider(restrictionProvider -> {
                for (RestrictionDefinition restrictionDefinition : restrictionProvider.getSupportedRestrictions(str)) {
                    hashMap2.put(restrictionDefinition.getName(), restrictionDefinition);
                }
                return null;
            });
            ValueFactory valueFactory = session.getValueFactory();
            hashMap = new HashMap();
            jsonObject.values().stream().filter(jsonValue -> {
                return (jsonValue instanceof JsonObject) && ((JsonObject) jsonValue).getString(JsonConvert.KEY_PRINCIPAL).equals(str2);
            }).forEach(jsonValue2 -> {
                JsonObject jsonObject2 = ((JsonObject) jsonValue2).getJsonObject(JsonConvert.KEY_PRIVILEGES);
                if (jsonObject2 != null) {
                    jsonObject2.values().forEach(jsonValue2 -> {
                        if (jsonValue2 instanceof JsonObject) {
                            JsonObject jsonObject3 = (JsonValue) ((JsonObject) jsonValue2).get(JsonConvert.KEY_ALLOW);
                            if (jsonObject3 instanceof JsonObject) {
                                jsonObject3.entrySet().stream().forEach(entry -> {
                                    String str3 = (String) entry.getKey();
                                    int tag = ((RestrictionDefinition) hashMap2.get(str3)).getRequiredType().tag();
                                    JsonArray jsonArray = (JsonValue) entry.getValue();
                                    if (!JsonValue.ValueType.ARRAY.equals(jsonArray.getValueType())) {
                                        if (jsonArray instanceof JsonString) {
                                            try {
                                                hashMap.put(str3, valueFactory.createValue(((JsonString) jsonArray).getString(), tag));
                                                return;
                                            } catch (ValueFormatException e) {
                                                this.logger.warn("Failed to create restriction value", e);
                                                return;
                                            }
                                        }
                                        return;
                                    }
                                    JsonArray jsonArray2 = jsonArray;
                                    Value[] valueArr = new Value[jsonArray2.size()];
                                    for (int i = 0; i < jsonArray2.size(); i++) {
                                        try {
                                            valueArr[i] = valueFactory.createValue(jsonArray2.getString(i), tag);
                                        } catch (ValueFormatException e2) {
                                            this.logger.warn("Failed to create restriction value", e2);
                                        }
                                    }
                                    hashMap.put(str3, valueArr);
                                });
                            }
                        }
                    });
                }
            });
        }
        return hashMap;
    }

    public Map<Principal, AccessRights> getEffectiveAccessRights(Node node) throws RepositoryException {
        return getEffectiveAccessRights(node.getSession(), node.getPath());
    }

    public Map<Principal, AccessRights> getEffectiveAccessRights(Session session, String str) throws RepositoryException {
        return toMap(session, (JsonObject) useGetEffectiveAcl(getEffectiveAcl -> {
            try {
                return getEffectiveAcl.getEffectiveAcl(session, str);
            } catch (RepositoryException e) {
                this.logger.warn("Failed to load EffectiveAcl", e);
                return null;
            }
        }));
    }

    public AccessRights getEffectiveAccessRightsForPrincipal(Node node, String str) throws RepositoryException {
        return getEffectiveAccessRightsForPrincipal(node.getSession(), node.getPath(), str);
    }

    public AccessRights getEffectiveAccessRightsForPrincipal(Session session, String str, String str2) throws RepositoryException {
        return getEffectiveAccessRights(session, str).get(AccessControlUtil.getPrincipalManager(session).getPrincipal(str2));
    }

    public boolean canAddChildren(Node node) {
        try {
            return canAddChildren(node.getSession(), node.getPath());
        } catch (RepositoryException e) {
            return false;
        }
    }

    public boolean canAddChildren(Session session, String str) {
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            return accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}addChildNodes")});
        } catch (RepositoryException e) {
            return false;
        }
    }

    public boolean canDeleteChildren(Node node) {
        try {
            return canDeleteChildren(node.getSession(), node.getPath());
        } catch (RepositoryException e) {
            return false;
        }
    }

    public boolean canDeleteChildren(Session session, String str) {
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            return accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes")});
        } catch (RepositoryException e) {
            return false;
        }
    }

    public boolean canDelete(Node node) {
        try {
            return canDelete(node.getSession(), node.getPath());
        } catch (RepositoryException e) {
            return false;
        }
    }

    public boolean canDelete(Session session, String str) {
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            int lastIndexOf = str.lastIndexOf(47);
            String substring = lastIndexOf == 0 ? "/" : str.substring(0, lastIndexOf);
            if (accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}removeNode")})) {
                if (canDeleteChildren(session, substring)) {
                    return true;
                }
            }
            return false;
        } catch (RepositoryException e) {
            return false;
        }
    }

    public boolean canModifyProperties(Node node) {
        try {
            return canModifyProperties(node.getSession(), node.getPath());
        } catch (RepositoryException e) {
            return false;
        }
    }

    public boolean canModifyProperties(Session session, String str) {
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            return accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}modifyProperties")});
        } catch (RepositoryException e) {
            return false;
        }
    }

    public boolean canReadAccessControl(Node node) {
        try {
            return canReadAccessControl(node.getSession(), node.getPath());
        } catch (RepositoryException e) {
            return false;
        }
    }

    public boolean canReadAccessControl(Session session, String str) {
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            return accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}readAccessControl")});
        } catch (RepositoryException e) {
            return false;
        }
    }

    public boolean canModifyAccessControl(Node node) {
        try {
            return canModifyAccessControl(node.getSession(), node.getPath());
        } catch (RepositoryException e) {
            return false;
        }
    }

    public boolean canModifyAccessControl(Session session, String str) {
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            return accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}modifyAccessControl")});
        } catch (RepositoryException e) {
            return false;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static <S, T> T useSvc(Class<S> cls, Function<S, T> function) {
        BundleContext bundleContext;
        ServiceReference serviceReference;
        T t = null;
        Bundle bundle = FrameworkUtil.getBundle(PrivilegesInfo.class);
        if (bundle != null && (bundleContext = bundle.getBundleContext()) != null && (serviceReference = bundleContext.getServiceReference(cls)) != null) {
            S s = null;
            try {
                s = bundleContext.getService(serviceReference);
                if (s != null) {
                    t = function.apply(s);
                }
                if (s != null) {
                    bundleContext.ungetService(serviceReference);
                }
            } catch (Throwable th) {
                if (s != null) {
                    bundleContext.ungetService(serviceReference);
                }
                throw th;
            }
        }
        return t;
    }

    private static <T> T useGetAcl(Function<GetAcl, T> function) {
        return (T) useSvc(GetAcl.class, function);
    }

    private static <T> T useGetEffectiveAcl(Function<GetEffectiveAcl, T> function) {
        return (T) useSvc(GetEffectiveAcl.class, function);
    }

    private static <T> T useRestrictionProvider(Function<RestrictionProvider, T> function) {
        return (T) useSvc(RestrictionProvider.class, function);
    }
}
