package org.exist.security;

import java.io.IOException;
import java.lang.annotation.Annotation;
import java.util.Arrays;
import org.apache.xalan.xsltc.compiler.Constants;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.exist.security.ACLPermission;
import org.exist.storage.io.VariableByteInput;
import org.exist.storage.io.VariableByteOutputStream;

/* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/SimpleACLPermission.class */
public class SimpleACLPermission extends UnixStylePermission implements ACLPermission {
    public static final short VERSION = 1;
    private static final int MAX_ACL_LENGTH = 255;
    private int[] acl;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static Annotation ajc$anno$0;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static Annotation ajc$anno$1;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;
    private static Annotation ajc$anno$2;
    private static final JoinPoint.StaticPart ajc$tjp_3 = null;
    private static Annotation ajc$anno$3;
    private static final JoinPoint.StaticPart ajc$tjp_4 = null;
    private static Annotation ajc$anno$4;
    private static final JoinPoint.StaticPart ajc$tjp_5 = null;
    private static Annotation ajc$anno$5;

    public SimpleACLPermission(SecurityManager securityManager) {
        super(securityManager);
        this.acl = new int[0];
    }

    public SimpleACLPermission(SecurityManager securityManager, long j) {
        super(securityManager, j);
        this.acl = new int[0];
    }

    public SimpleACLPermission(SecurityManager securityManager, int i, int i2, int i3) {
        super(securityManager, i, i2, i3);
        this.acl = new int[0];
    }

    public void addUserACE(ACLPermission.ACE_ACCESS_TYPE ace_access_type, int i, int i2) throws PermissionDeniedException {
        addACE(ace_access_type, ACLPermission.ACE_TARGET.USER, i, i2);
    }

    public void addGroupACE(ACLPermission.ACE_ACCESS_TYPE ace_access_type, int i, int i2) throws PermissionDeniedException {
        addACE(ace_access_type, ACLPermission.ACE_TARGET.GROUP, i, i2);
    }

    public void addACE(ACLPermission.ACE_ACCESS_TYPE ace_access_type, ACLPermission.ACE_TARGET ace_target, String str, String str2) throws PermissionDeniedException {
        addACE(ace_access_type, ace_target, lookupTargetId(ace_target, str), modeStrToMode(str2));
    }

    @Override // org.exist.security.ACLPermission
    public void addACE(ACLPermission.ACE_ACCESS_TYPE ace_access_type, ACLPermission.ACE_TARGET ace_target, String str, int i) throws PermissionDeniedException {
        addACE(ace_access_type, ace_target, lookupTargetId(ace_target, str), i);
    }

    @PermissionRequired(user = 6, mode = 4)
    private void addACE(ACLPermission.ACE_ACCESS_TYPE ace_access_type, ACLPermission.ACE_TARGET ace_target, int i, int i2) throws PermissionDeniedException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, (Object) this, (Object) this, new Object[]{ace_access_type, ace_target, Conversions.intObject(i), Conversions.intObject(i2)});
        PermissionRequiredAspect aspectOf = PermissionRequiredAspect.aspectOf();
        Annotation annotation = ajc$anno$0;
        if (annotation == null) {
            annotation = SimpleACLPermission.class.getDeclaredMethod("addACE", ACLPermission.ACE_ACCESS_TYPE.class, ACLPermission.ACE_TARGET.class, Integer.TYPE, Integer.TYPE).getAnnotation(PermissionRequired.class);
            ajc$anno$0 = annotation;
        }
        aspectOf.enforcePermissions(makeJP, this, (PermissionRequired) annotation);
        if (this.acl.length >= 255) {
            throw new PermissionDeniedException("Maximum of 255 ACEs has been reached.");
        }
        int[] iArr = new int[this.acl.length + 1];
        System.arraycopy(this.acl, 0, iArr, 0, this.acl.length);
        iArr[iArr.length - 1] = encodeAsACE(ace_access_type, ace_target, i, i2);
        this.acl = iArr;
    }

    public void insertUserACE(int i, ACLPermission.ACE_ACCESS_TYPE ace_access_type, int i2, int i3) throws PermissionDeniedException {
        insertACE(i, ace_access_type, ACLPermission.ACE_TARGET.USER, i2, i3);
    }

    public void insertGroupACE(int i, ACLPermission.ACE_ACCESS_TYPE ace_access_type, int i2, int i3) throws PermissionDeniedException {
        insertACE(i, ace_access_type, ACLPermission.ACE_TARGET.GROUP, i2, i3);
    }

    public void insertACE(int i, ACLPermission.ACE_ACCESS_TYPE ace_access_type, ACLPermission.ACE_TARGET ace_target, String str, String str2) throws PermissionDeniedException {
        insertACE(i, ace_access_type, ace_target, lookupTargetId(ace_target, str), modeStrToMode(str2));
    }

    @PermissionRequired(user = 6, mode = 4)
    private void insertACE(int i, ACLPermission.ACE_ACCESS_TYPE ace_access_type, ACLPermission.ACE_TARGET ace_target, int i2, int i3) throws PermissionDeniedException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, (Object) this, (Object) this, new Object[]{Conversions.intObject(i), ace_access_type, ace_target, Conversions.intObject(i2), Conversions.intObject(i3)});
        PermissionRequiredAspect aspectOf = PermissionRequiredAspect.aspectOf();
        Annotation annotation = ajc$anno$1;
        if (annotation == null) {
            annotation = SimpleACLPermission.class.getDeclaredMethod("insertACE", Integer.TYPE, ACLPermission.ACE_ACCESS_TYPE.class, ACLPermission.ACE_TARGET.class, Integer.TYPE, Integer.TYPE).getAnnotation(PermissionRequired.class);
            ajc$anno$1 = annotation;
        }
        aspectOf.enforcePermissions(makeJP, this, (PermissionRequired) annotation);
        if (this.acl.length >= 255) {
            throw new PermissionDeniedException("Maximum of 255 ACEs has been reached.");
        }
        if (i < 0 || (this.acl.length > 0 && this.acl.length <= i)) {
            throw new PermissionDeniedException("No Such ACE index " + i + " in ACL.");
        }
        int[] iArr = new int[this.acl.length + 1];
        System.arraycopy(this.acl, 0, iArr, 0, i);
        iArr[i] = encodeAsACE(ace_access_type, ace_target, i2, i3);
        if (this.acl.length > 0) {
            System.arraycopy(this.acl, i, iArr, i + 1, (iArr.length - i) - 1);
        }
        this.acl = iArr;
    }

    private int modeStrToMode(String str) throws PermissionDeniedException {
        if (str == null || str.length() == 0 || str.length() > 3) {
            throw new PermissionDeniedException("Invalid mode string '" + str + "'");
        }
        int i = 0;
        for (char c : str.toCharArray()) {
            switch (c) {
                case '-':
                    break;
                case 'r':
                    i |= 4;
                    break;
                case 'w':
                    i |= 2;
                    break;
                case 'x':
                    i |= 1;
                    break;
                default:
                    throw new PermissionDeniedException("Unknown char '" + c + "' in mode string '" + str + "'");
            }
        }
        return i;
    }

    private int lookupTargetId(ACLPermission.ACE_TARGET ace_target, String str) throws PermissionDeniedException {
        int id;
        if (ace_target == ACLPermission.ACE_TARGET.USER) {
            Account account = this.sm.getAccount(str);
            if (account == null) {
                throw new PermissionDeniedException("User Account for username '" + str + "' is unknown.");
            }
            id = account.getId();
        } else {
            if (ace_target != ACLPermission.ACE_TARGET.GROUP) {
                throw new PermissionDeniedException("Unknown ACE_TARGET type");
            }
            Group group = this.sm.getGroup(str);
            if (group == null) {
                throw new PermissionDeniedException("User Group for groupname '" + str + "' is unknown.");
            }
            id = group.getId();
        }
        return id;
    }

    private int encodeAsACE(ACLPermission.ACE_ACCESS_TYPE ace_access_type, ACLPermission.ACE_TARGET ace_target, int i, int i2) {
        return (ace_target.getVal() << 26) | ((i & 1048575) << 6) | ((i2 & 7) << 3) | ace_access_type.getVal();
    }

    @PermissionRequired(user = 6, mode = 4)
    public void removeACE(int i) throws PermissionDeniedException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, Conversions.intObject(i));
        PermissionRequiredAspect aspectOf = PermissionRequiredAspect.aspectOf();
        Annotation annotation = ajc$anno$2;
        if (annotation == null) {
            annotation = SimpleACLPermission.class.getDeclaredMethod("removeACE", Integer.TYPE).getAnnotation(PermissionRequired.class);
            ajc$anno$2 = annotation;
        }
        aspectOf.enforcePermissions(makeJP, this, (PermissionRequired) annotation);
        if (i < 0 || i >= this.acl.length) {
            throw new PermissionDeniedException("ACL Entry does not exist");
        }
        int[] iArr = new int[this.acl.length - 1];
        System.arraycopy(this.acl, 0, iArr, 0, i);
        System.arraycopy(this.acl, i + 1, iArr, i, iArr.length - i);
        this.acl = iArr;
    }

    public void modifyACE(int i, ACLPermission.ACE_ACCESS_TYPE ace_access_type, String str) throws PermissionDeniedException {
        modifyACE(i, ace_access_type, modeStrToMode(str));
    }

    @PermissionRequired(user = 6, mode = 4)
    public void modifyACE(int i, ACLPermission.ACE_ACCESS_TYPE ace_access_type, int i2) throws PermissionDeniedException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_3, (Object) this, (Object) this, new Object[]{Conversions.intObject(i), ace_access_type, Conversions.intObject(i2)});
        PermissionRequiredAspect aspectOf = PermissionRequiredAspect.aspectOf();
        Annotation annotation = ajc$anno$3;
        if (annotation == null) {
            annotation = SimpleACLPermission.class.getDeclaredMethod("modifyACE", Integer.TYPE, ACLPermission.ACE_ACCESS_TYPE.class, Integer.TYPE).getAnnotation(PermissionRequired.class);
            ajc$anno$3 = annotation;
        }
        aspectOf.enforcePermissions(makeJP, this, (PermissionRequired) annotation);
        if (i < 0 || i >= this.acl.length) {
            throw new PermissionDeniedException("ACL Entry does not exist");
        }
        this.acl[i] = ((this.acl[i] >>> 6) << 6) | (i2 << 3) | ace_access_type.getVal();
    }

    @Override // org.exist.security.ACLPermission
    @PermissionRequired(user = 6, mode = 4)
    public void clear() throws PermissionDeniedException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_4, this, this);
        PermissionRequiredAspect aspectOf = PermissionRequiredAspect.aspectOf();
        Annotation annotation = ajc$anno$4;
        if (annotation == null) {
            annotation = SimpleACLPermission.class.getDeclaredMethod(Constants.CLEAR_ATTRIBUTES, new Class[0]).getAnnotation(PermissionRequired.class);
            ajc$anno$4 = annotation;
        }
        aspectOf.enforcePermissions(makeJP, this, (PermissionRequired) annotation);
        this.acl = new int[0];
    }

    public int getACEId(int i) {
        return (this.acl[i] >>> 6) & 1048575;
    }

    @Override // org.exist.security.ACLPermission
    public String getACEWho(int i) {
        switch (getACETarget(i)) {
            case USER:
                return this.sm.getAccount(getACEId(i)).getName();
            case GROUP:
                return this.sm.getGroup(getACEId(i)).getName();
            default:
                return null;
        }
    }

    @Override // org.exist.security.ACLPermission
    public int getACEMode(int i) {
        return (this.acl[i] >>> 3) & 7;
    }

    public String getACEModeString(int i) {
        int aCEMode = getACEMode(i);
        char[] cArr = new char[3];
        cArr[0] = (aCEMode & 4) != 4 ? '-' : 'r';
        cArr[1] = (aCEMode & 2) != 2 ? '-' : 'w';
        cArr[2] = (aCEMode & 1) != 1 ? '-' : 'x';
        return String.valueOf(cArr);
    }

    @Override // org.exist.security.ACLPermission
    public ACLPermission.ACE_TARGET getACETarget(int i) {
        return ACLPermission.ACE_TARGET.fromVal(this.acl[i] >>> 26);
    }

    @Override // org.exist.security.ACLPermission
    public ACLPermission.ACE_ACCESS_TYPE getACEAccessType(int i) {
        return ACLPermission.ACE_ACCESS_TYPE.fromVal(this.acl[i] & 7);
    }

    @Override // org.exist.security.ACLPermission
    public int getACECount() {
        return this.acl.length;
    }

    @Override // org.exist.security.UnixStylePermission, org.exist.security.Permission
    public void read(VariableByteInput variableByteInput) throws IOException {
        super.read(variableByteInput);
        int read = variableByteInput.read();
        this.acl = new int[read];
        for (int i = 0; i < read; i++) {
            this.acl[i] = variableByteInput.readInt();
        }
    }

    @Override // org.exist.security.UnixStylePermission, org.exist.security.Permission
    public void write(VariableByteOutputStream variableByteOutputStream) throws IOException {
        super.write(variableByteOutputStream);
        variableByteOutputStream.write(this.acl.length);
        for (int i = 0; i < this.acl.length; i++) {
            variableByteOutputStream.writeInt(this.acl[i]);
        }
    }

    @Override // org.exist.security.UnixStylePermission, org.exist.security.Permission
    public boolean validate(Subject subject, int i) {
        if (subject.hasDbaRole()) {
            return true;
        }
        int id = subject.getId();
        int[] groupIds = subject.getGroupIds();
        for (int i2 : this.acl) {
            int i3 = i2 >>> 26;
            int i4 = (i2 >>> 6) & 1048575;
            int i5 = (i2 >>> 3) & 7;
            int i6 = i2 & 7;
            if ((i3 & ACLPermission.ACE_TARGET.USER.getVal()) == ACLPermission.ACE_TARGET.USER.getVal()) {
                if (i4 == id && (i5 & i) == i) {
                    return i6 == ACLPermission.ACE_ACCESS_TYPE.ALLOWED.getVal();
                }
            } else if ((i3 & ACLPermission.ACE_TARGET.GROUP.getVal()) == ACLPermission.ACE_TARGET.GROUP.getVal()) {
                for (int i7 : groupIds) {
                    if (i7 == i4 && (i5 & i) == i) {
                        return i6 == ACLPermission.ACE_ACCESS_TYPE.ALLOWED.getVal();
                    }
                }
            } else {
                continue;
            }
        }
        if (id == (this.vector >>> 32)) {
            return (((long) i) & ((this.vector >>> 28) & 7)) == ((long) i);
        }
        int i8 = (int) ((this.vector >>> 8) & 1048575);
        for (int i9 : groupIds) {
            if (i9 == i8) {
                return (((long) i) & ((this.vector >>> 4) & 7)) == ((long) i);
            }
        }
        return (((long) i) & (this.vector & 7)) == ((long) i);
    }

    @Override // org.exist.security.ACLPermission
    public short getVersion() {
        return (short) 1;
    }

    @Override // org.exist.security.ACLPermission
    public boolean isCurrentSubjectCanWriteACL() {
        return validate(getCurrentSubject(), 2);
    }

    @Override // org.exist.security.UnixStylePermission
    public SimpleACLPermission copy() {
        SimpleACLPermission simpleACLPermission = new SimpleACLPermission(this.sm, this.vector);
        simpleACLPermission.acl = new int[this.acl.length];
        System.arraycopy(this.acl, 0, simpleACLPermission.acl, 0, this.acl.length);
        return simpleACLPermission;
    }

    @PermissionRequired(user = 6, mode = 4)
    public void copyAclOf(SimpleACLPermission simpleACLPermission) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_5, this, this, simpleACLPermission);
        PermissionRequiredAspect aspectOf = PermissionRequiredAspect.aspectOf();
        Annotation annotation = ajc$anno$5;
        if (annotation == null) {
            annotation = SimpleACLPermission.class.getDeclaredMethod("copyAclOf", SimpleACLPermission.class).getAnnotation(PermissionRequired.class);
            ajc$anno$5 = annotation;
        }
        aspectOf.enforcePermissions(makeJP, this, (PermissionRequired) annotation);
        this.acl = Arrays.copyOf(simpleACLPermission.acl, simpleACLPermission.acl.length);
    }

    static {
        ajc$preClinit();
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("SimpleACLPermission.java", SimpleACLPermission.class);
        ajc$tjp_0 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "addACE", "org.exist.security.SimpleACLPermission", "org.exist.security.ACLPermission$ACE_ACCESS_TYPE:org.exist.security.ACLPermission$ACE_TARGET:int:int", "access_type:target:id:mode", "org.exist.security.PermissionDeniedException", "void"), 81);
        ajc$tjp_1 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "insertACE", "org.exist.security.SimpleACLPermission", "int:org.exist.security.ACLPermission$ACE_ACCESS_TYPE:org.exist.security.ACLPermission$ACE_TARGET:int:int", "index:access_type:target:id:mode", "org.exist.security.PermissionDeniedException", "void"), 106);
        ajc$tjp_2 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "removeACE", "org.exist.security.SimpleACLPermission", "int", "index", "org.exist.security.PermissionDeniedException", "void"), 186);
        ajc$tjp_3 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "modifyACE", "org.exist.security.SimpleACLPermission", "int:org.exist.security.ACLPermission$ACE_ACCESS_TYPE:int", "index:access_type:mode", "org.exist.security.PermissionDeniedException", "void"), 203);
        ajc$tjp_4 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", Constants.CLEAR_ATTRIBUTES, "org.exist.security.SimpleACLPermission", "", "", "org.exist.security.PermissionDeniedException", "void"), 217);
        ajc$tjp_5 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "copyAclOf", "org.exist.security.SimpleACLPermission", "org.exist.security.SimpleACLPermission", "simpleACLPermission", "", "void"), 386);
    }
}
