package com.day.cq.security.impl.servlets;

import com.day.cq.commons.JSONWriterUtil;
import com.day.cq.commons.servlets.AbstractPredicateServlet;
import com.day.cq.commons.servlets.HtmlStatusResponseHelper;
import com.day.cq.security.util.AuthorizableJSONWriter;
import com.day.cq.security.util.CqActions;
import com.day.cq.security.util.RequestConstants;
import com.day.cq.xss.XSSProtectionService;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import org.apache.commons.collections.Predicate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.util.Text;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.servlets.HtmlResponse;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.io.JSONWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service({Servlet.class})
@Component(metatype = false)
@Properties({@Property(name = "sling.servlet.paths", value = {"/libs/sling/servlet/default/cqactions.json.servlet", "/libs/sling/servlet/default/cqactions.html.POST.servlet"})})
/* loaded from: input_file:com/day/cq/security/impl/servlets/CQActionsServlet.class */
public class CQActionsServlet extends AbstractPredicateServlet {
    private static final String PARAM_AUTHORIZABLE_ID = "authorizableId";
    private static final String PARAM_ACLDIALOG = "acldialog";
    private static final String PARAM_CHANGELOG = "changelog";
    private static final String PARAM_PATH = "path";
    private static final String PARAM_EXPAND_ALL = "expandAll";
    private static final String PARAM_DEPTH = "depth";
    private static final String PARAM_DETAIL = "detailView";

    @Reference(policy = ReferencePolicy.STATIC)
    private XSSProtectionService xss;
    private static final Logger log = LoggerFactory.getLogger(CQActionsServlet.class);
    private static final Set<String> CQ_ACTION_SET = new HashSet(Arrays.asList(CqActions.ACTIONS));

    /* loaded from: input_file:com/day/cq/security/impl/servlets/CQActionsServlet$Entry.class */
    private class Entry {
        private final Map<String, Boolean> actions;
        private String path;
        private String authorizableId;

        private Entry(String str) {
            this.actions = new LinkedHashMap();
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            while (stringTokenizer.hasMoreTokens()) {
                String[] split = stringTokenizer.nextToken().split(":", 2);
                String str2 = split[0];
                String unescape = Text.unescape(split[1]);
                if ("path".equals(str2)) {
                    this.path = unescape;
                } else if ("authorizable".equals(str2)) {
                    this.authorizableId = unescape;
                } else if (CQActionsServlet.CQ_ACTION_SET.contains(str2)) {
                    this.actions.put(str2, Boolean.valueOf("allow".equals(unescape) ? true : Boolean.valueOf(unescape).booleanValue()));
                }
            }
        }
    }

    protected void doGet(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        Set<Node> singleton;
        Resource resource = slingHttpServletRequest.getResource();
        Node node = (Node) resource.adaptTo(Node.class);
        String parameter = slingHttpServletRequest.getParameter(PARAM_AUTHORIZABLE_ID);
        if (parameter == null) {
            parameter = slingHttpServletRequest.getParameter(RequestConstants.PARAM_AUTHORIZABLE);
        }
        Predicate predicate = getPredicate(slingHttpServletRequest);
        HtmlResponse htmlResponse = null;
        if (node != null) {
            try {
                if (parameter != null) {
                    try {
                        try {
                            try {
                                Session session = node.getSession();
                                String unescape = Text.unescape(parameter);
                                Authorizable authorizable = getAuthorizable(unescape, session);
                                Set<Principal> principals = getPrincipals(authorizable, session);
                                String[] parameterValues = slingHttpServletRequest.getParameterValues("path");
                                if (Boolean.parseBoolean(slingHttpServletRequest.getParameter(PARAM_EXPAND_ALL))) {
                                    singleton = new HashSet();
                                    Iterator<String> it = getExpandedPaths(principals, session).iterator();
                                    while (it.hasNext()) {
                                        singleton.add(session.getNode(it.next()));
                                    }
                                } else if (parameterValues == null || parameterValues.length <= 0) {
                                    singleton = Collections.singleton(node);
                                } else {
                                    singleton = new HashSet();
                                    for (String str : parameterValues) {
                                        singleton.add(session.getNode(str));
                                    }
                                }
                                int depth = getDepth(slingHttpServletRequest);
                                boolean z = slingHttpServletRequest.getParameter(PARAM_DETAIL) != null;
                                CqActions cqActions = new CqActions(session);
                                if (slingHttpServletRequest.getParameter(PARAM_ACLDIALOG) == null) {
                                    slingHttpServletResponse.setContentType(RequestConstants.JSON_CONTENT_TYPE);
                                    slingHttpServletResponse.setCharacterEncoding(RequestConstants.ENCODING_UTF_8);
                                    JSONWriter jSONWriter = new JSONWriter(slingHttpServletResponse.getWriter());
                                    jSONWriter.object();
                                    jSONWriter.key("entries");
                                    jSONWriter.array();
                                    long j = 0;
                                    for (Node node2 : singleton) {
                                        if (predicate.evaluate(node2)) {
                                            j = z ? j + writeDetailEntries(cqActions, node, authorizable.getPrincipal(), jSONWriter) : j + writeJsonEntry(cqActions, node2, unescape, depth, principals, predicate, jSONWriter);
                                        }
                                    }
                                    jSONWriter.endArray();
                                    jSONWriter.key("results").value(j);
                                    jSONWriter.endObject();
                                } else {
                                    slingHttpServletResponse.setContentType(RequestConstants.JSON_CONTENT_TYPE);
                                    slingHttpServletResponse.setCharacterEncoding(RequestConstants.ENCODING_UTF_8);
                                    String path = node.getPath();
                                    Collection<String> allowedActions = cqActions.getAllowedActions(path, principals);
                                    String str2 = authorizable.isGroup() ? AuthorizableJSONWriter.GROUP : AuthorizableJSONWriter.USER;
                                    String name = authorizable.getPrincipal().getName();
                                    JSONWriter jSONWriter2 = new JSONWriter(slingHttpServletResponse.getWriter());
                                    jSONWriter2.object();
                                    jSONWriter2.key("acl");
                                    jSONWriter2.array();
                                    jSONWriter2.object();
                                    jSONWriter2.key("type").value(str2);
                                    jSONWriter2.key("principal").value(name);
                                    jSONWriter2.key("authorizable").value(unescape);
                                    jSONWriter2.key("path").value(path);
                                    for (String str3 : CQ_ACTION_SET) {
                                        jSONWriter2.key(str3);
                                        jSONWriter2.value(allowedActions.contains(str3) ? "allow" : "deny");
                                    }
                                    jSONWriter2.endObject();
                                    jSONWriter2.endArray();
                                    jSONWriter2.key("aces").value(1L);
                                    jSONWriter2.endObject();
                                }
                                if (htmlResponse != null) {
                                    return;
                                } else {
                                    return;
                                }
                            } catch (PathNotFoundException e) {
                                HtmlResponse createStatusResponse = HtmlStatusResponseHelper.createStatusResponse(404, e.getMessage());
                                if (createStatusResponse != null) {
                                    createStatusResponse.send(slingHttpServletResponse, true);
                                    return;
                                }
                                return;
                            }
                        } catch (AccessDeniedException e2) {
                            HtmlResponse createStatusResponse2 = HtmlStatusResponseHelper.createStatusResponse(401, e2.getMessage());
                            if (createStatusResponse2 != null) {
                                createStatusResponse2.send(slingHttpServletResponse, true);
                                return;
                            }
                            return;
                        }
                    } catch (Exception e3) {
                        HtmlResponse createStatusResponse3 = HtmlStatusResponseHelper.createStatusResponse(false, e3.getMessage());
                        if (createStatusResponse3 != null) {
                            createStatusResponse3.send(slingHttpServletResponse, true);
                            return;
                        }
                        return;
                    }
                }
            } finally {
                if (0 != 0) {
                    htmlResponse.send(slingHttpServletResponse, true);
                }
            }
        }
        HtmlStatusResponseHelper.createStatusResponse(404, "Not Found", resource.getPath()).send(slingHttpServletResponse, false);
    }

    protected void doPost(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        Node node = (Node) slingHttpServletRequest.getResource().adaptTo(Node.class);
        String parameter = slingHttpServletRequest.getParameter(PARAM_AUTHORIZABLE_ID);
        HtmlResponse htmlResponse = null;
        if (node == null) {
            HtmlStatusResponseHelper.createStatusResponse(false, "Not Found").send(slingHttpServletResponse, false);
            return;
        }
        String[] parameterValues = slingHttpServletRequest.getParameterValues(PARAM_CHANGELOG);
        try {
            try {
                try {
                    Session session = node.getSession();
                    CqActions cqActions = new CqActions(session);
                    Authorizable authorizable = null;
                    Set<Principal> set = null;
                    if (parameter != null) {
                        parameter = Text.unescape(parameter);
                        authorizable = getAuthorizable(parameter, session);
                        set = getPrincipals(authorizable, session);
                    }
                    HashSet hashSet = new HashSet();
                    for (String str : parameterValues) {
                        Entry entry = new Entry(str);
                        Authorizable authorizable2 = authorizable;
                        Set<Principal> set2 = set;
                        if (entry.authorizableId != null && !entry.authorizableId.equals(parameter)) {
                            authorizable2 = getAuthorizable(entry.authorizableId, session);
                            set2 = getPrincipals(authorizable2, session);
                        }
                        if (authorizable2 == null) {
                            HtmlResponse createStatusResponse = HtmlStatusResponseHelper.createStatusResponse(false, "Not Found");
                            createStatusResponse.send(slingHttpServletResponse, false);
                            createStatusResponse.send(slingHttpServletResponse, true);
                            return;
                        }
                        clearLocalEntries(entry.path, authorizable2.getPrincipal(), session);
                        Collection<String> allowedActions = cqActions.getAllowedActions(entry.path, set2);
                        for (String str2 : CQ_ACTION_SET) {
                            if (entry.actions.containsKey(str2) && ((Boolean) entry.actions.get(str2)).booleanValue() == allowedActions.contains(str2)) {
                                entry.actions.remove(str2);
                            }
                        }
                        cqActions.installActions(entry.path, authorizable2.getPrincipal(), entry.actions, allowedActions);
                        hashSet.add(entry.path);
                    }
                    if (session.hasPendingChanges()) {
                        session.save();
                    }
                    HtmlResponse createStatusResponse2 = HtmlStatusResponseHelper.createStatusResponse(true, "Updated permissions.", node.getPath());
                    Iterator it = hashSet.iterator();
                    while (it.hasNext()) {
                        createStatusResponse2.onModified((String) it.next());
                    }
                    createStatusResponse2.send(slingHttpServletResponse, true);
                } catch (PathNotFoundException e) {
                    HtmlStatusResponseHelper.createStatusResponse(404, e.getMessage()).send(slingHttpServletResponse, true);
                }
            } catch (AccessDeniedException e2) {
                HtmlStatusResponseHelper.createStatusResponse(401, e2.getMessage()).send(slingHttpServletResponse, true);
            } catch (Exception e3) {
                HtmlStatusResponseHelper.createStatusResponse(false, e3.getMessage()).send(slingHttpServletResponse, true);
            }
        } catch (Throwable th) {
            htmlResponse.send(slingHttpServletResponse, true);
            throw th;
        }
    }

    private long writeJsonEntry(CqActions cqActions, Node node, String str, int i, Set<Principal> set, Predicate predicate, JSONWriter jSONWriter) throws JSONException {
        Map<String, Boolean> emptyMap;
        long j = 0;
        jSONWriter.object();
        String str2 = null;
        try {
            str2 = node.getPath();
            JSONWriterUtil.write(jSONWriter, "name", node.getName(), JSONWriterUtil.WriteMode.BOTH, this.xss);
            jSONWriter.key("_id").value(str2);
            jSONWriter.key("_parent").value("/".equals(str2) ? null : Text.getRelativeParent(str2, 1));
            boolean z = true;
            if (node.hasNodes()) {
                NodeIterator nodes = node.getNodes();
                while (nodes.hasNext() && z) {
                    if (predicate.evaluate(nodes.nextNode())) {
                        z = false;
                    }
                }
            }
            jSONWriter.key("_is_leaf").value(z);
            jSONWriter.key(PARAM_AUTHORIZABLE_ID).value(str);
            try {
                emptyMap = getActions(cqActions, str2, set);
                for (String str3 : CQ_ACTION_SET) {
                    jSONWriter.key(str3);
                    jSONWriter.value(emptyMap.get(str3).booleanValue());
                }
            } catch (RepositoryException e) {
                log.debug("Failed to retrieve CQ Actions for " + str + " at " + str2);
                emptyMap = Collections.emptyMap();
            }
            jSONWriter.key("declared");
            writeDeclarationStatus(emptyMap, cqActions, str2, set, node.getSession(), jSONWriter);
            AccessControlManager accessControlManager = node.getSession().getAccessControlManager();
            jSONWriter.key("canreadac").value(accessControlManager.hasPrivileges(str2, new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}readAccessControl")}));
            jSONWriter.key("canwriteac").value(canEditAc(node, str2, accessControlManager));
            j = 0 + 1;
            if (!z) {
                jSONWriter.key("children");
                jSONWriter.array();
                NodeIterator nodes2 = node.getNodes();
                while (nodes2.hasNext()) {
                    Node nextNode = nodes2.nextNode();
                    if (predicate.evaluate(nextNode)) {
                        jSONWriter.value(nextNode.getPath());
                    }
                }
                jSONWriter.endArray();
                if (i > 0) {
                    jSONWriter.key("entries");
                    jSONWriter.array();
                    j += writeJsonEntries(cqActions, node.getNodes(), str, i - 1, set, predicate, jSONWriter);
                    jSONWriter.endArray();
                }
            }
        } catch (RepositoryException e2) {
            log.error("Unexpected error while writing permission entries for " + (str2 == null ? node.toString() : str2));
        }
        jSONWriter.endObject();
        return j;
    }

    private long writeJsonEntries(CqActions cqActions, NodeIterator nodeIterator, String str, int i, Set<Principal> set, Predicate predicate, JSONWriter jSONWriter) throws JSONException, RepositoryException {
        long j = 0;
        while (nodeIterator.hasNext()) {
            Node nextNode = nodeIterator.nextNode();
            if (predicate.evaluate(nextNode)) {
                j += writeJsonEntry(cqActions, nextNode, str, i, set, predicate, jSONWriter);
            }
        }
        return j;
    }

    private long writeDetailEntries(CqActions cqActions, Node node, Principal principal, JSONWriter jSONWriter) throws JSONException {
        boolean z;
        long j = 0;
        String str = null;
        try {
            JackrabbitSession session = node.getSession();
            str = node.getPath();
            Principal everyone = session.getPrincipalManager().getEveryone();
            for (AccessControlList accessControlList : session.getAccessControlManager().getPolicies(str)) {
                if (accessControlList instanceof AccessControlList) {
                    for (JackrabbitAccessControlEntry jackrabbitAccessControlEntry : accessControlList.getAccessControlEntries()) {
                        GroupPrincipal principal2 = jackrabbitAccessControlEntry.getPrincipal();
                        boolean equals = principal2.equals(principal);
                        if ((equals || (principal2 instanceof GroupPrincipal)) && !CqActions.hasContentRestriction(jackrabbitAccessControlEntry)) {
                            Set<Privilege> aggregatePrivileges = getAggregatePrivileges(jackrabbitAccessControlEntry.getPrivileges());
                            ArrayList arrayList = new ArrayList();
                            for (String str2 : CQ_ACTION_SET) {
                                Set<Privilege> privileges = cqActions.getPrivileges(str2);
                                if (privileges != null && aggregatePrivileges.containsAll(privileges)) {
                                    arrayList.add(str2);
                                }
                            }
                            if (!arrayList.isEmpty()) {
                                String authorizableId = getAuthorizableId(principal2, session);
                                jSONWriter.object();
                                jSONWriter.key("_id").value(jackrabbitAccessControlEntry.hashCode());
                                jSONWriter.key(PARAM_AUTHORIZABLE_ID).value(authorizableId);
                                if (principal2 instanceof GroupPrincipal) {
                                    jSONWriter.key("isMember").value(principal2.isMember(principal));
                                }
                                jSONWriter.key("editMembership").value((equals || everyone.equals(principal2)) ? false : true);
                                if (jackrabbitAccessControlEntry instanceof JackrabbitAccessControlEntry) {
                                    JackrabbitAccessControlEntry jackrabbitAccessControlEntry2 = jackrabbitAccessControlEntry;
                                    z = jackrabbitAccessControlEntry2.isAllow();
                                    String[] restrictionNames = jackrabbitAccessControlEntry2.getRestrictionNames();
                                    if (restrictionNames.length > 0) {
                                        jSONWriter.key("restrictions");
                                        jSONWriter.object();
                                        for (String str3 : restrictionNames) {
                                            jSONWriter.key(str3);
                                            jSONWriter.value(jackrabbitAccessControlEntry2.getRestriction(str3).getString());
                                        }
                                        jSONWriter.endObject();
                                    }
                                } else {
                                    z = true;
                                }
                                Iterator it = arrayList.iterator();
                                while (it.hasNext()) {
                                    jSONWriter.key((String) it.next());
                                    jSONWriter.value(z);
                                }
                                jSONWriter.endObject();
                                j++;
                            }
                        }
                    }
                }
            }
        } catch (RepositoryException e) {
            log.debug("Failed to read detail entries for node " + (str == null ? node.toString() : str));
        }
        return j;
    }

    private Map<String, Boolean> getActions(CqActions cqActions, String str, Set<Principal> set) throws RepositoryException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        Collection<String> allowedActions = cqActions.getAllowedActions(str, set);
        for (String str2 : CQ_ACTION_SET) {
            linkedHashMap.put(str2, Boolean.valueOf(allowedActions.contains(str2)));
        }
        return linkedHashMap;
    }

    private void writeDeclarationStatus(Map<String, Boolean> map, CqActions cqActions, String str, Set<Principal> set, Session session, JSONWriter jSONWriter) throws JSONException {
        boolean z;
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        if (!map.isEmpty()) {
            try {
                AccessControlManager accessControlManager = session.getAccessControlManager();
                if (accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}readAccessControl")})) {
                    for (AccessControlList accessControlList : session.getAccessControlManager().getPolicies(str)) {
                        if (accessControlList instanceof AccessControlList) {
                            for (JackrabbitAccessControlEntry jackrabbitAccessControlEntry : accessControlList.getAccessControlEntries()) {
                                Principal principal = jackrabbitAccessControlEntry.getPrincipal();
                                Authorizable authorizable = getAuthorizable(principal, session);
                                if (authorizable != null && !CqActions.hasContentRestriction(jackrabbitAccessControlEntry)) {
                                    Set<Privilege> aggregatePrivileges = getAggregatePrivileges(jackrabbitAccessControlEntry.getPrivileges());
                                    for (String str2 : CQ_ACTION_SET) {
                                        Set<Privilege> privileges = cqActions.getPrivileges(str2);
                                        if (privileges != null && aggregatePrivileges.containsAll(privileges) && set.contains(principal)) {
                                            StringBuilder sb = new StringBuilder();
                                            sb.append(authorizable.getID());
                                            boolean isAllow = jackrabbitAccessControlEntry instanceof JackrabbitAccessControlEntry ? jackrabbitAccessControlEntry.isAllow() : true;
                                            if (isAllow == map.get(str2).booleanValue()) {
                                                sb.append(isAllow ? " (allow" : " (deny");
                                                if (!(jackrabbitAccessControlEntry instanceof JackrabbitAccessControlEntry) || jackrabbitAccessControlEntry.getRestrictionNames().length <= 0) {
                                                    z = true;
                                                } else {
                                                    z = false;
                                                    sb.append(" - ");
                                                    String[] restrictionNames = jackrabbitAccessControlEntry.getRestrictionNames();
                                                    for (int i = 0; i < restrictionNames.length; i++) {
                                                        String str3 = restrictionNames[i];
                                                        String string = jackrabbitAccessControlEntry.getRestriction(str3).getString();
                                                        if ("rep:glob".equals(str3) && ("*".equals(string) || "".equals(string))) {
                                                            z = true;
                                                        }
                                                        if (i > 0) {
                                                            sb.append(", ");
                                                        }
                                                        sb.append(str3).append(":").append(string);
                                                    }
                                                }
                                                sb.append(")");
                                            } else {
                                                z = false;
                                                sb.append(isAllow ? " (allow" : " (deny");
                                                if ((jackrabbitAccessControlEntry instanceof JackrabbitAccessControlEntry) && jackrabbitAccessControlEntry.getRestrictionNames().length > 0) {
                                                    sb.append(" - ");
                                                    for (String str4 : jackrabbitAccessControlEntry.getRestrictionNames()) {
                                                        sb.append(str4).append(":").append(jackrabbitAccessControlEntry.getRestriction(str4).getString());
                                                    }
                                                }
                                                sb.append(")");
                                            }
                                            HashMap hashMap3 = z ? hashMap : hashMap2;
                                            Set set2 = (Set) hashMap3.get(str2);
                                            if (set2 == null) {
                                                set2 = new HashSet(set.size());
                                                hashMap3.put(str2, set2);
                                            }
                                            set2.add(sb.toString());
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            } catch (RepositoryException e) {
                log.warn("Failed to determine declaration status: " + e.getMessage());
            }
        }
        jSONWriter.object();
        for (String str5 : CQ_ACTION_SET) {
            jSONWriter.key(str5);
            jSONWriter.object();
            if (hashMap.containsKey(str5)) {
                jSONWriter.key("effective");
                jSONWriter.array();
                Iterator it = ((Set) hashMap.get(str5)).iterator();
                while (it.hasNext()) {
                    jSONWriter.value((String) it.next());
                }
                jSONWriter.endArray();
            }
            if (hashMap2.containsKey(str5)) {
                jSONWriter.key("non-effective");
                jSONWriter.array();
                Iterator it2 = ((Set) hashMap2.get(str5)).iterator();
                while (it2.hasNext()) {
                    jSONWriter.value((String) it2.next());
                }
                jSONWriter.endArray();
            }
            jSONWriter.endObject();
        }
        jSONWriter.endObject();
    }

    private static Set<Privilege> getAggregatePrivileges(Privilege[] privilegeArr) {
        HashSet hashSet = new HashSet();
        for (Privilege privilege : privilegeArr) {
            if (privilege.isAggregate()) {
                hashSet.addAll(Arrays.asList(privilege.getAggregatePrivileges()));
            } else {
                hashSet.add(privilege);
            }
        }
        return hashSet;
    }

    private static Authorizable getAuthorizable(Principal principal, Session session) throws RepositoryException {
        return ((JackrabbitSession) session).getUserManager().getAuthorizable(principal);
    }

    private static String getAuthorizableId(Principal principal, Session session) throws RepositoryException {
        Authorizable authorizable = getAuthorizable(principal, session);
        return authorizable == null ? principal.getName() : authorizable.getID();
    }

    private static Authorizable getAuthorizable(String str, Session session) throws RepositoryException {
        Authorizable authorizable = ((JackrabbitSession) session).getUserManager().getAuthorizable(str);
        if (authorizable == null) {
            throw new RepositoryException("No such authorizable " + str);
        }
        return authorizable;
    }

    private static Set<Principal> getPrincipals(Authorizable authorizable, Session session) throws RepositoryException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Principal principal = authorizable.getPrincipal();
        linkedHashSet.add(principal);
        PrincipalIterator groupMembership = ((JackrabbitSession) session).getPrincipalManager().getGroupMembership(principal);
        while (groupMembership.hasNext()) {
            linkedHashSet.add(groupMembership.nextPrincipal());
        }
        return linkedHashSet;
    }

    private static int getDepth(SlingHttpServletRequest slingHttpServletRequest) {
        int i = 0;
        String parameter = slingHttpServletRequest.getParameter(PARAM_DEPTH);
        if (parameter != null) {
            try {
                i = Integer.parseInt(parameter);
            } catch (NumberFormatException e) {
            }
        }
        return i;
    }

    private static boolean clearLocalEntries(String str, Principal principal, Session session) throws RepositoryException {
        boolean z = false;
        AccessControlManager accessControlManager = session.getAccessControlManager();
        AccessControlList[] policies = accessControlManager.getPolicies(str);
        AccessControlList accessControlList = null;
        int length = policies.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            AccessControlList accessControlList2 = policies[i];
            if (accessControlList2 instanceof AccessControlList) {
                accessControlList = accessControlList2;
                break;
            }
            i++;
        }
        if (accessControlList != null) {
            for (AccessControlEntry accessControlEntry : accessControlList.getAccessControlEntries()) {
                if (principal.equals(accessControlEntry.getPrincipal())) {
                    accessControlList.removeAccessControlEntry(accessControlEntry);
                    z = true;
                }
            }
            if (z) {
                accessControlManager.setPolicy(str, accessControlList);
                session.save();
            }
        }
        return z;
    }

    private static Set<String> getExpandedPaths(Set<Principal> set, Session session) throws RepositoryException {
        JackrabbitAccessControlManager accessControlManager = session.getAccessControlManager();
        if (!(accessControlManager instanceof JackrabbitAccessControlManager)) {
            return Collections.emptySet();
        }
        JackrabbitAccessControlPolicy[] effectivePolicies = accessControlManager.getEffectivePolicies(set);
        HashSet hashSet = new HashSet(effectivePolicies.length);
        for (JackrabbitAccessControlPolicy jackrabbitAccessControlPolicy : effectivePolicies) {
            if (jackrabbitAccessControlPolicy instanceof JackrabbitAccessControlPolicy) {
                hashSet.add(jackrabbitAccessControlPolicy.getPath());
            }
        }
        return hashSet;
    }

    private static boolean canEditAc(Node node, String str, AccessControlManager accessControlManager) throws RepositoryException {
        return accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}modifyAccessControl")}) && node.isCheckedOut() && !node.isLocked();
    }

    protected void bindXss(XSSProtectionService xSSProtectionService) {
        this.xss = xSSProtectionService;
    }

    protected void unbindXss(XSSProtectionService xSSProtectionService) {
        if (this.xss == xSSProtectionService) {
            this.xss = null;
        }
    }
}
