package org.apache.jackrabbit.oak.security.authorization.accesscontrol;

import java.security.Principal;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlPolicy;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/oak-core-1.5.6.jar:org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.class
 */
/* loaded from: input_file:WEB-INF/lib/oak-upgrade-1.5.6.jar:org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.class */
final class Util implements AccessControlConstants {
    private Util() {
    }

    public static void checkValidPrincipal(@Nullable Principal principal, @Nonnull PrincipalManager principalManager) throws AccessControlException {
        checkValidPrincipal(principal, principalManager, 3);
    }

    public static boolean checkValidPrincipal(@Nullable Principal principal, @Nonnull PrincipalManager principalManager, int i) throws AccessControlException {
        String name = principal == null ? null : principal.getName();
        if (name == null || name.isEmpty()) {
            throw new AccessControlException("Invalid principal " + name);
        }
        if ((principal instanceof PrincipalImpl) || principalManager.hasPrincipal(name)) {
            return true;
        }
        switch (i) {
            case 1:
                return false;
            case 2:
                return true;
            case 3:
                throw new AccessControlException("Unknown principal " + name);
            default:
                throw new IllegalArgumentException("Invalid import behavior " + i);
        }
    }

    public static void checkValidPrincipals(@Nullable Set<Principal> set, @Nonnull PrincipalManager principalManager) throws AccessControlException {
        if (set == null) {
            throw new AccessControlException("Valid principals expected. Found null.");
        }
        Iterator<Principal> it = set.iterator();
        while (it.hasNext()) {
            checkValidPrincipal(it.next(), principalManager);
        }
    }

    public static boolean isValidPolicy(@Nullable String str, @Nonnull AccessControlPolicy accessControlPolicy) {
        if (!(accessControlPolicy instanceof ACL)) {
            return false;
        }
        String oakPath = ((ACL) accessControlPolicy).getOakPath();
        return (oakPath != null || str == null) && (oakPath == null || oakPath.equals(str));
    }

    public static void checkValidPolicy(@Nullable String str, @Nonnull AccessControlPolicy accessControlPolicy) throws AccessControlException {
        if (!isValidPolicy(str, accessControlPolicy)) {
            throw new AccessControlException("Invalid access control policy " + accessControlPolicy);
        }
    }

    public static boolean isAccessControlled(@Nullable String str, @Nonnull Tree tree, @Nonnull ReadOnlyNodeTypeManager readOnlyNodeTypeManager) {
        return readOnlyNodeTypeManager.isNodeType(tree, getMixinName(str));
    }

    public static boolean isACE(@Nonnull Tree tree, @Nonnull ReadOnlyNodeTypeManager readOnlyNodeTypeManager) {
        return tree.exists() && readOnlyNodeTypeManager.isNodeType(tree, AccessControlConstants.NT_REP_ACE);
    }

    @Nonnull
    public static String getMixinName(@Nullable String str) {
        return str == null ? AccessControlConstants.MIX_REP_REPO_ACCESS_CONTROLLABLE : AccessControlConstants.MIX_REP_ACCESS_CONTROLLABLE;
    }

    @Nonnull
    public static String getAclName(@Nullable String str) {
        return str == null ? AccessControlConstants.REP_REPO_POLICY : AccessControlConstants.REP_POLICY;
    }

    @Nonnull
    public static String generateAceName(@Nonnull Tree tree, boolean z) {
        int i = 0;
        String str = z ? "allow" : "deny";
        String str2 = str;
        while (tree.hasChild(str2)) {
            str2 = str + i;
            i++;
        }
        return str2;
    }

    public static int getImportBehavior(AuthorizationConfiguration authorizationConfiguration) {
        return ImportBehavior.valueFromString((String) authorizationConfiguration.getParameters().getConfigValue("importBehavior", "abort"));
    }
}
