package com.adobe.cq.dam.assetmetadatarestrictionprovider.impl;

import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionAware;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/adobe/cq/dam/assetmetadatarestrictionprovider/impl/AssetMetadataDummyAccessControlManager.class */
public final class AssetMetadataDummyAccessControlManager implements AccessControlManager {
    private final Root root;
    private final String workspaceName;
    private final NamePathMapper namePathMapper;
    private final AuthorizationConfiguration config;
    private final PrivilegeManager privilegeManager;
    private PermissionProvider permissionProvider;
    private boolean doRefresh = false;

    public AssetMetadataDummyAccessControlManager(@NotNull Root root, @NotNull NamePathMapper namePathMapper, @NotNull SecurityProvider securityProvider) {
        this.root = root;
        this.workspaceName = root.getContentSession().getWorkspaceName();
        this.namePathMapper = namePathMapper;
        this.privilegeManager = ((PrivilegeConfiguration) securityProvider.getConfiguration(PrivilegeConfiguration.class)).getPrivilegeManager(root, namePathMapper);
        this.config = (AuthorizationConfiguration) securityProvider.getConfiguration(AuthorizationConfiguration.class);
    }

    public Privilege[] getSupportedPrivileges(String str) throws RepositoryException {
        return this.privilegeManager.getRegisteredPrivileges();
    }

    public Privilege privilegeFromName(String str) throws RepositoryException {
        return this.privilegeManager.getPrivilege(str);
    }

    public boolean hasPrivileges(String str, Privilege[] privilegeArr) throws RepositoryException {
        return hasPrivileges(str, privilegeArr, getPermissionProvider(), 0L, false);
    }

    public Privilege[] getPrivileges(String str) throws RepositoryException {
        return getPrivileges(str, getPermissionProvider(), 0L);
    }

    public AccessControlPolicy[] getPolicies(String str) {
        return new AccessControlPolicy[0];
    }

    public AccessControlPolicy[] getEffectivePolicies(String str) {
        return new AccessControlPolicy[0];
    }

    public AccessControlPolicyIterator getApplicablePolicies(String str) {
        return new AccessControlPolicyIteratorAdapter(Collections.emptyIterator());
    }

    public void setPolicy(String str, AccessControlPolicy accessControlPolicy) throws RepositoryException {
        throw new AccessControlException();
    }

    public void removePolicy(String str, AccessControlPolicy accessControlPolicy) throws RepositoryException {
        throw new AccessControlException();
    }

    @NotNull
    private Tree getTree(@Nullable String str, long j, boolean z) throws RepositoryException {
        Tree tree = str == null ? this.root.getTree("/") : this.root.getTree(str);
        if (!tree.exists()) {
            throw new PathNotFoundException("No tree at " + str);
        }
        if (j != 0) {
            checkPermissions(str == null ? null : tree, j);
        }
        if (z && this.config.getContext().definesTree(tree)) {
            throw new AccessControlException("Tree " + tree.getPath() + " defines access control content.");
        }
        return tree;
    }

    private void checkPermissions(@Nullable Tree tree, long j) throws AccessDeniedException {
        if (!(tree == null ? getPermissionProvider().getRepositoryPermission().isGranted(j) : getPermissionProvider().isGranted(tree, (PropertyState) null, j))) {
            throw new AccessDeniedException("Access denied.");
        }
    }

    @NotNull
    private Privilege[] getPrivileges(@Nullable String str, @NotNull PermissionProvider permissionProvider, long j) throws RepositoryException {
        return getPrivileges(getPrivilegeNames(str, permissionProvider, j));
    }

    @NotNull
    private Privilege[] getPrivileges(@NotNull Set<String> set) throws RepositoryException {
        if (set.isEmpty()) {
            return new Privilege[0];
        }
        HashSet hashSet = new HashSet(set.size());
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(this.privilegeManager.getPrivilege(this.namePathMapper.getJcrName(it.next())));
        }
        return (Privilege[]) hashSet.toArray(new Privilege[0]);
    }

    @NotNull
    private PermissionProvider getPermissionProvider() {
        if (this.permissionProvider == null) {
            if (this.root instanceof PermissionAware) {
                this.permissionProvider = this.root.getPermissionProvider();
            } else {
                this.permissionProvider = this.config.getPermissionProvider(this.root, this.workspaceName, getPrincipals());
                this.doRefresh = true;
            }
        } else if (this.doRefresh) {
            this.permissionProvider.refresh();
        }
        return this.permissionProvider;
    }

    @NotNull
    private Set<String> getPrivilegeNames(@Nullable String str, @NotNull PermissionProvider permissionProvider, long j) throws RepositoryException {
        Tree tree;
        if (str == null) {
            tree = null;
            if (j != 0) {
                checkPermissions(null, j);
            }
        } else {
            tree = getTree(getOakPath(str), j, false);
        }
        return permissionProvider.getPrivileges(tree);
    }

    @NotNull
    private Set<Principal> getPrincipals() {
        return this.root.getContentSession().getAuthInfo().getPrincipals();
    }

    @Nullable
    private String getOakPath(@Nullable String str) throws RepositoryException {
        if (str == null) {
            return null;
        }
        String oakPath = this.namePathMapper.getOakPath(str);
        if (oakPath == null || !PathUtils.isAbsolute(oakPath)) {
            throw new RepositoryException("Failed to resolve JCR path " + str);
        }
        return oakPath;
    }

    private boolean hasPrivileges(@Nullable String str, @Nullable Privilege[] privilegeArr, @NotNull PermissionProvider permissionProvider, long j, boolean z) throws RepositoryException {
        Tree tree;
        if (str == null) {
            tree = null;
            if (j != 0) {
                checkPermissions(null, j);
            }
        } else {
            tree = getTree(getOakPath(str), j, z);
        }
        if (privilegeArr == null || privilegeArr.length == 0) {
            return true;
        }
        return permissionProvider.hasPrivileges(tree, (String[]) getOakNames((String[]) Arrays.stream(privilegeArr).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.getName();
        }).toArray(i -> {
            return new String[i];
        }), this.namePathMapper).toArray(new String[0]));
    }

    @NotNull
    private Set<String> getOakNames(@Nullable String[] strArr, @NotNull NamePathMapper namePathMapper) throws AccessControlException {
        Set<String> emptySet;
        if (strArr == null || strArr.length == 0) {
            emptySet = Collections.emptySet();
        } else {
            emptySet = new HashSet(strArr.length);
            for (String str : strArr) {
                emptySet.add(getOakName(str, namePathMapper));
            }
        }
        return emptySet;
    }

    @NotNull
    private String getOakName(@Nullable String str, @NotNull NamePathMapper namePathMapper) throws AccessControlException {
        if (str == null) {
            throw new AccessControlException("Invalid privilege name 'null'");
        }
        String oakNameOrNull = namePathMapper.getOakNameOrNull(str);
        if (oakNameOrNull == null) {
            throw new AccessControlException("Cannot resolve privilege name " + str);
        }
        return oakNameOrNull;
    }
}
