package org.apache.jackrabbit.oak.security.authorization.permission;

import java.security.Principal;
import java.util.Set;
import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.plugins.tree.RootFactory;
import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.state.NodeState;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/oak-upgrade-1.5.17.jar:org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.class
 */
/* loaded from: input_file:WEB-INF/lib/oak-core-1.5.17.jar:org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.class */
public class PermissionValidatorProvider extends ValidatorProvider {
    private final SecurityProvider securityProvider;
    private final AuthorizationConfiguration acConfig;
    private final long jr2Permissions;
    private final String workspaceName;
    private final Set<Principal> principals;
    private final MoveTracker moveTracker;
    private Context acCtx;
    private Context userCtx;

    public PermissionValidatorProvider(SecurityProvider securityProvider, String str, Set<Principal> set, MoveTracker moveTracker) {
        this.securityProvider = securityProvider;
        this.acConfig = (AuthorizationConfiguration) securityProvider.getConfiguration(AuthorizationConfiguration.class);
        this.jr2Permissions = Permissions.getPermissions((String) this.acConfig.getParameters().getConfigValue(PermissionConstants.PARAM_PERMISSIONS_JR2, null, String.class));
        this.workspaceName = str;
        this.principals = set;
        this.moveTracker = moveTracker;
    }

    @Override // org.apache.jackrabbit.oak.spi.commit.ValidatorProvider
    @Nonnull
    public Validator getRootValidator(NodeState nodeState, NodeState nodeState2, CommitInfo commitInfo) {
        PermissionProvider permissionProvider = this.acConfig.getPermissionProvider(RootFactory.createReadOnlyRoot(nodeState), this.workspaceName, this.principals);
        return this.moveTracker.isEmpty() ? new PermissionValidator(nodeState, nodeState2, permissionProvider, this) : new MoveAwarePermissionValidator(nodeState, nodeState2, permissionProvider, this, this.moveTracker);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Context getAccessControlContext() {
        if (this.acCtx == null) {
            this.acCtx = this.acConfig.getContext();
        }
        return this.acCtx;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Context getUserContext() {
        if (this.userCtx == null) {
            this.userCtx = ((UserConfiguration) this.securityProvider.getConfiguration(UserConfiguration.class)).getContext();
        }
        return this.userCtx;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean requiresJr2Permissions(long j) {
        return Permissions.includes(this.jr2Permissions, j);
    }
}
