package org.gcube.common.homelibrary.jcr.workspace.accessmanager;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/home-library-jcr-2.0.0-3.8.0.jar:org/gcube/common/homelibrary/jcr/workspace/accessmanager/AccessControlUtil.class */
public class AccessControlUtil {
    private static final String METHOD_GET_ACCESS_CONTROL_MANAGER = "getAccessControlManager";
    private static final String METHOD_GET_USER_MANAGER = "getUserManager";
    private static final String METHOD_GET_PRINCIPAL_MANAGER = "getPrincipalManager";
    private static final String METHOD_JACKRABBIT_ACL_GET_PATH = "getPath";
    private static final String METHOD_JACKRABBIT_ACL_IS_EMPTY = "isEmpty";
    private static final String METHOD_JACKRABBIT_ACL_SIZE = "size";
    private static final String METHOD_JACKRABBIT_ACL_ADD_ENTRY = "addEntry";
    private static final String METHOD_JACKRABBIT_ACE_IS_ALLOW = "isAllow";
    private static final Logger log = LoggerFactory.getLogger(AccessControlUtil.class);

    public static AccessControlManager getAccessControlManager(Session session) throws UnsupportedRepositoryOperationException, RepositoryException {
        return (AccessControlManager) safeInvokeRepoMethod(session, METHOD_GET_ACCESS_CONTROL_MANAGER, AccessControlManager.class, new Object[0]);
    }

    public static UserManager getUserManager(Session session) throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException {
        JackrabbitSession jackrabbitSession = getJackrabbitSession(session);
        return jackrabbitSession != null ? jackrabbitSession.getUserManager() : (UserManager) safeInvokeRepoMethod(session, METHOD_GET_USER_MANAGER, UserManager.class, new Object[0]);
    }

    public static PrincipalManager getPrincipalManager(Session session) throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException {
        JackrabbitSession jackrabbitSession = getJackrabbitSession(session);
        return jackrabbitSession != null ? jackrabbitSession.getPrincipalManager() : (PrincipalManager) safeInvokeRepoMethod(session, METHOD_GET_PRINCIPAL_MANAGER, PrincipalManager.class, new Object[0]);
    }

    public static String getPath(AccessControlList accessControlList) throws RepositoryException {
        return (String) safeInvokeRepoMethod(accessControlList, METHOD_JACKRABBIT_ACL_GET_PATH, String.class, new Object[0]);
    }

    public static boolean isEmpty(AccessControlList accessControlList) throws RepositoryException {
        return ((Boolean) safeInvokeRepoMethod(accessControlList, METHOD_JACKRABBIT_ACL_IS_EMPTY, Boolean.class, new Object[0])).booleanValue();
    }

    public static int size(AccessControlList accessControlList) throws RepositoryException {
        return ((Integer) safeInvokeRepoMethod(accessControlList, "size", Integer.class, new Object[0])).intValue();
    }

    public static boolean addEntry(AccessControlList accessControlList, Principal principal, Privilege[] privilegeArr, boolean z) throws AccessControlException, RepositoryException {
        return ((Boolean) safeInvokeRepoMethod(accessControlList, METHOD_JACKRABBIT_ACL_ADD_ENTRY, Boolean.class, new Object[]{principal, privilegeArr, Boolean.valueOf(z)}, new Class[]{Principal.class, Privilege[].class, Boolean.TYPE})).booleanValue();
    }

    public static boolean addEntry(AccessControlList accessControlList, Principal principal, Privilege[] privilegeArr, boolean z, Map map) throws UnsupportedRepositoryOperationException, RepositoryException {
        return ((Boolean) safeInvokeRepoMethod(accessControlList, METHOD_JACKRABBIT_ACL_ADD_ENTRY, Boolean.class, new Object[]{principal, privilegeArr, Boolean.valueOf(z), map}, new Class[]{Principal.class, Privilege[].class, Boolean.TYPE, Map.class})).booleanValue();
    }

    public static void replaceAccessControlEntry(Session session, String str, Principal principal, String[] strArr, String[] strArr2, String[] strArr3) throws RepositoryException {
        replaceAccessControlEntry(session, str, principal, strArr, strArr2, strArr3, null);
    }

    public static void replaceAccessControlEntry(Session session, String str, Principal principal, String[] strArr, String[] strArr2, String[] strArr3, String str2) throws RepositoryException {
        AccessControlManager accessControlManager = getAccessControlManager(session);
        HashSet hashSet = new HashSet();
        Set<String> disaggregateToPrivilegeNames = disaggregateToPrivilegeNames(accessControlManager, strArr, hashSet);
        Set<String> disaggregateToPrivilegeNames2 = disaggregateToPrivilegeNames(accessControlManager, strArr2, hashSet);
        disaggregateToPrivilegeNames(accessControlManager, strArr3, hashSet);
        AccessControlList accessControlList = null;
        AccessControlPolicy[] policies = accessControlManager.getPolicies(str);
        int length = policies.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            AccessControlPolicy accessControlPolicy = policies[i];
            if (accessControlPolicy instanceof AccessControlList) {
                accessControlList = (AccessControlList) accessControlPolicy;
                break;
            }
            i++;
        }
        if (accessControlList == null) {
            AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(str);
            while (true) {
                if (!applicablePolicies.hasNext()) {
                    break;
                }
                AccessControlPolicy nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
                if (nextAccessControlPolicy instanceof AccessControlList) {
                    accessControlList = (AccessControlList) nextAccessControlPolicy;
                    break;
                }
            }
        }
        if (accessControlList == null) {
            throw new RepositoryException("Could not obtain ACL for resource " + str);
        }
        HashSet hashSet2 = null;
        HashSet hashSet3 = null;
        if (log.isDebugEnabled()) {
            hashSet2 = new HashSet();
            hashSet3 = new HashSet();
        }
        AccessControlEntry[] accessControlEntries = accessControlList.getAccessControlEntries();
        for (int i2 = 0; i2 < accessControlEntries.length; i2++) {
            AccessControlEntry accessControlEntry = accessControlEntries[i2];
            if (principal.equals(accessControlEntry.getPrincipal())) {
                if (log.isDebugEnabled()) {
                    log.debug("Found Existing ACE for principal {} on resource {}", principal.getName(), str);
                }
                if (str2 == null || str2.length() == 0) {
                    str2 = String.valueOf(i2);
                }
                boolean isAllow = isAllow(accessControlEntry);
                Privilege[] privileges = accessControlEntry.getPrivileges();
                if (log.isDebugEnabled()) {
                    if (isAllow) {
                        hashSet2.addAll(Arrays.asList(privileges));
                    } else {
                        hashSet3.addAll(Arrays.asList(privileges));
                    }
                }
                for (Privilege privilege : privileges) {
                    Set<String> disaggregateToPrivilegeNames3 = disaggregateToPrivilegeNames(privilege);
                    if (!disaggregateToPrivilegeNames3.removeAll(hashSet)) {
                        disaggregateToPrivilegeNames3.clear();
                        disaggregateToPrivilegeNames3.add(privilege.getName());
                    }
                    if (!disaggregateToPrivilegeNames3.isEmpty()) {
                        if (isAllow) {
                            disaggregateToPrivilegeNames.addAll(disaggregateToPrivilegeNames3);
                        } else {
                            disaggregateToPrivilegeNames2.addAll(disaggregateToPrivilegeNames3);
                        }
                    }
                }
                accessControlList.removeAccessControlEntry(accessControlEntry);
            }
        }
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = disaggregateToPrivilegeNames.iterator();
        while (it.hasNext()) {
            arrayList.add(accessControlManager.privilegeFromName(it.next()));
        }
        if (arrayList.size() > 0) {
            accessControlList.addAccessControlEntry(principal, (Privilege[]) arrayList.toArray(new Privilege[arrayList.size()]));
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator<String> it2 = disaggregateToPrivilegeNames2.iterator();
        while (it2.hasNext()) {
            arrayList2.add(accessControlManager.privilegeFromName(it2.next()));
        }
        if (arrayList2.size() > 0) {
            addEntry(accessControlList, principal, (Privilege[]) arrayList2.toArray(new Privilege[arrayList2.size()]), false);
        }
        reorderAccessControlEntries(accessControlList, principal, str2);
        accessControlManager.setPolicy(str, accessControlList);
        if (log.isDebugEnabled()) {
            ArrayList arrayList3 = new ArrayList(hashSet2.size());
            Iterator it3 = hashSet2.iterator();
            while (it3.hasNext()) {
                arrayList3.add(((Privilege) it3.next()).getName());
            }
            ArrayList arrayList4 = new ArrayList(hashSet3.size());
            Iterator it4 = hashSet3.iterator();
            while (it4.hasNext()) {
                arrayList4.add(((Privilege) it4.next()).getName());
            }
            log.debug("Updated ACE for principalName {} for resource {} from grants {}, denies {} to grants {}, denies {}", principal.getName(), str, arrayList3, arrayList4, disaggregateToPrivilegeNames, disaggregateToPrivilegeNames2);
        }
    }

    public static boolean isAllow(AccessControlEntry accessControlEntry) throws RepositoryException {
        return ((Boolean) safeInvokeRepoMethod(accessControlEntry, METHOD_JACKRABBIT_ACE_IS_ALLOW, Boolean.class, new Object[0])).booleanValue();
    }

    private static <T> T safeInvokeRepoMethod(Object obj, String str, Class<T> cls, Object[] objArr, Class[] clsArr) throws UnsupportedRepositoryOperationException, RepositoryException {
        try {
            Method method = obj.getClass().getMethod(str, clsArr);
            if (!method.isAccessible()) {
                method.setAccessible(true);
            }
            return (T) method.invoke(obj, objArr);
        } catch (InvocationTargetException e) {
            Throwable cause = e.getCause();
            if (cause instanceof UnsupportedRepositoryOperationException) {
                throw ((UnsupportedRepositoryOperationException) cause);
            }
            if (cause instanceof AccessDeniedException) {
                throw ((AccessDeniedException) cause);
            }
            if (cause instanceof AccessControlException) {
                throw ((AccessControlException) cause);
            }
            if (cause instanceof RepositoryException) {
                throw ((RepositoryException) cause);
            }
            if (cause instanceof RuntimeException) {
                throw ((RuntimeException) cause);
            }
            if (cause instanceof Error) {
                throw ((Error) cause);
            }
            throw new RepositoryException(str, cause);
        } catch (Throwable th) {
            throw new RepositoryException(str, th);
        }
    }

    private static <T> T safeInvokeRepoMethod(Object obj, String str, Class<T> cls, Object... objArr) throws UnsupportedRepositoryOperationException, RepositoryException {
        return (T) safeInvokeRepoMethod(obj, str, cls, objArr, new Class[0]);
    }

    private static JackrabbitSession getJackrabbitSession(Session session) {
        if (session instanceof JackrabbitSession) {
            return (JackrabbitSession) session;
        }
        return null;
    }

    private static Set<String> disaggregateToPrivilegeNames(AccessControlManager accessControlManager, String[] strArr, Set<String> set) throws RepositoryException {
        HashSet hashSet = new HashSet();
        if (strArr != null) {
            for (String str : strArr) {
                hashSet.add(str);
                set.addAll(disaggregateToPrivilegeNames(accessControlManager.privilegeFromName(str)));
            }
        }
        return hashSet;
    }

    private static Set<String> disaggregateToPrivilegeNames(Privilege privilege) {
        HashSet hashSet = new HashSet();
        if (privilege.isAggregate()) {
            for (Privilege privilege2 : privilege.getAggregatePrivileges()) {
                if (!privilege2.isAggregate()) {
                    hashSet.add(privilege2.getName());
                }
            }
        } else {
            hashSet.add(privilege.getName());
        }
        return hashSet;
    }

    private static void reorderAccessControlEntries(AccessControlList accessControlList, Principal principal, String str) throws RepositoryException {
        if (str == null || str.length() == 0) {
            return;
        }
        if (!(accessControlList instanceof JackrabbitAccessControlList)) {
            throw new IllegalArgumentException("The acl must be an instance of JackrabbitAccessControlList");
        }
        JackrabbitAccessControlList jackrabbitAccessControlList = (JackrabbitAccessControlList) accessControlList;
        AccessControlEntry[] accessControlEntries = jackrabbitAccessControlList.getAccessControlEntries();
        if (accessControlEntries.length <= 1) {
            return;
        }
        AccessControlEntry accessControlEntry = null;
        if ("first".equals(str)) {
            accessControlEntry = accessControlEntries[0];
        } else if ("last".equals(str)) {
            accessControlEntry = null;
        } else if (str.startsWith("before ")) {
            String substring = str.substring(7);
            int i = 0;
            while (true) {
                if (i >= accessControlEntries.length) {
                    break;
                }
                if (substring.equals(accessControlEntries[i].getPrincipal().getName())) {
                    accessControlEntry = accessControlEntries[i];
                    break;
                }
                i++;
            }
            if (accessControlEntry == null) {
                throw new IllegalArgumentException("No ACE was found for the specified principal: " + substring);
            }
        } else if (str.startsWith("after ")) {
            String substring2 = str.substring(6);
            int length = accessControlEntries.length - 1;
            while (true) {
                if (length < 0) {
                    break;
                } else if (substring2.equals(accessControlEntries[length].getPrincipal().getName())) {
                    accessControlEntry = length >= accessControlEntries.length - 1 ? null : accessControlEntries[length + 1];
                } else {
                    length--;
                }
            }
            if (accessControlEntry == null) {
                throw new IllegalArgumentException("No ACE was found for the specified principal: " + substring2);
            }
        } else {
            try {
                int parseInt = Integer.parseInt(str);
                if (parseInt > accessControlEntries.length) {
                    throw new IndexOutOfBoundsException("Index value is too large: " + parseInt);
                }
                if (parseInt != 0) {
                    HashSet hashSet = new HashSet();
                    int i2 = 0;
                    while (true) {
                        if (i2 >= accessControlEntries.length) {
                            break;
                        }
                        Principal principal2 = accessControlEntries[i2].getPrincipal();
                        if (hashSet.size() == parseInt && !hashSet.contains(principal2)) {
                            accessControlEntry = accessControlEntries[i2];
                            break;
                        } else {
                            hashSet.add(principal2);
                            i2++;
                        }
                    }
                } else {
                    accessControlEntry = accessControlEntries[0];
                }
            } catch (NumberFormatException e) {
                throw new IllegalArgumentException("Illegal value for the order parameter: " + str);
            }
        }
        for (int length2 = accessControlEntries.length - 1; length2 >= 0; length2--) {
            AccessControlEntry accessControlEntry2 = accessControlEntries[length2];
            if (principal.equals(accessControlEntry2.getPrincipal())) {
                jackrabbitAccessControlList.orderBefore(accessControlEntry2, accessControlEntry);
            }
        }
    }
}
