package com.adobe.granite.security.authorization.internal;

import com.adobe.granite.security.authorization.AuthorizationService;
import java.security.Principal;
import java.util.Collections;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.jetbrains.annotations.NotNull;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {AuthorizationService.class})
/* loaded from: input_file:com/adobe/granite/security/authorization/internal/AuthorizationServiceImpl.class */
public class AuthorizationServiceImpl implements AuthorizationService {
    private static final Logger log = LoggerFactory.getLogger(AuthorizationServiceImpl.class);

    @Reference
    private SecurityProvider securityProvider;

    @Override // com.adobe.granite.security.authorization.AuthorizationService
    public boolean hasAdministrativeAccess(@NotNull Session session) {
        String userID = session.getUserID();
        if (!(session instanceof JackrabbitSession) || userID == null) {
            return false;
        }
        try {
            JackrabbitSession jackrabbitSession = (JackrabbitSession) session;
            User authorizable = jackrabbitSession.getUserManager().getAuthorizable(userID, User.class);
            if (authorizable == null) {
                return false;
            }
            if (authorizable.isAdmin()) {
                return true;
            }
            Set set = (Set) ((AuthorizationConfiguration) this.securityProvider.getConfiguration(AuthorizationConfiguration.class)).getParameters().getConfigValue("administrativePrincipals", Collections.emptySet());
            Principal principal = authorizable.getPrincipal();
            if (set.contains(principal.getName())) {
                return true;
            }
            PrincipalIterator groupMembership = jackrabbitSession.getPrincipalManager().getGroupMembership(principal);
            while (groupMembership.hasNext()) {
                if (set.contains(groupMembership.nextPrincipal().getName())) {
                    return true;
                }
            }
            return false;
        } catch (RepositoryException e) {
            log.warn("Failed to determine if session has administrative access: {}", e.getMessage());
            return false;
        }
    }
}
