package org.nuxeo.ecm.permissions;

import java.io.Closeable;
import java.io.IOException;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import org.codehaus.jackson.JsonGenerator;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormatter;
import org.joda.time.format.ISODateTimeFormat;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.NuxeoGroup;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.core.api.security.ACE;
import org.nuxeo.ecm.core.api.security.ACL;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.core.io.marshallers.json.enrichers.AbstractJsonEnricher;
import org.nuxeo.ecm.core.io.registry.context.MaxDepthReachedException;
import org.nuxeo.ecm.core.io.registry.reflect.Instantiations;
import org.nuxeo.ecm.core.io.registry.reflect.Setup;
import org.nuxeo.ecm.directory.Session;
import org.nuxeo.ecm.directory.api.DirectoryService;
import org.nuxeo.ecm.platform.usermanager.UserManager;
import org.nuxeo.runtime.api.Framework;

@Setup(mode = Instantiations.SINGLETON, priority = 2000)
/* loaded from: input_file:org/nuxeo/ecm/permissions/ACLJsonEnricher.class */
public class ACLJsonEnricher extends AbstractJsonEnricher<DocumentModel> {
    public static final String NAME = "acls";
    public static final String USERNAME_PROPERTY = "username";
    public static final String CREATOR_PROPERTY = "creator";
    public static final String EXTENDED_ACLS_PROPERTY = "extended";

    public ACLJsonEnricher() {
        super(NAME);
    }

    public void write(JsonGenerator jsonGenerator, DocumentModel documentModel) throws IOException {
        ACP acp = documentModel.getACP();
        jsonGenerator.writeArrayFieldStart(NAME);
        for (ACL acl : acp.getACLs()) {
            jsonGenerator.writeStartObject();
            jsonGenerator.writeStringField("name", acl.getName());
            jsonGenerator.writeArrayFieldStart("aces");
            for (ACE ace : acl.getACEs()) {
                jsonGenerator.writeStartObject();
                jsonGenerator.writeStringField("id", ace.getId());
                String username = ace.getUsername();
                writePrincipalOrGroup(USERNAME_PROPERTY, username, jsonGenerator);
                jsonGenerator.writeBooleanField("externalUser", NuxeoPrincipal.isTransientUsername(username));
                jsonGenerator.writeStringField("permission", ace.getPermission());
                jsonGenerator.writeBooleanField("granted", ace.isGranted());
                writePrincipalOrGroup(CREATOR_PROPERTY, ace.getCreator(), jsonGenerator);
                DateTimeFormatter dateTime = ISODateTimeFormat.dateTime();
                jsonGenerator.writeStringField("begin", ace.getBegin() != null ? dateTime.print(new DateTime(ace.getBegin())) : null);
                jsonGenerator.writeStringField("end", ace.getEnd() != null ? dateTime.print(new DateTime(ace.getEnd())) : null);
                jsonGenerator.writeStringField("status", ace.getStatus().toString().toLowerCase());
                if (this.ctx.getFetched(NAME).contains(EXTENDED_ACLS_PROPERTY)) {
                    for (Map.Entry<String, Serializable> entry : computeAdditionalFields(documentModel, acl.getName(), ace.getId()).entrySet()) {
                        jsonGenerator.writeObjectField(entry.getKey(), entry.getValue());
                    }
                }
                jsonGenerator.writeEndObject();
            }
            jsonGenerator.writeEndArray();
            jsonGenerator.writeEndObject();
        }
        jsonGenerator.writeEndArray();
    }

    protected void writePrincipalOrGroup(String str, String str2, JsonGenerator jsonGenerator) throws IOException {
        if (str2 != null && this.ctx.getFetched(NAME).contains(str)) {
            try {
                Closeable open = this.ctx.wrap().controlDepth().open();
                Throwable th = null;
                try {
                    try {
                        UserManager userManager = (UserManager) Framework.getService(UserManager.class);
                        NuxeoGroup principal = userManager.getPrincipal(str2);
                        if (principal == null) {
                            principal = userManager.getGroup(str2);
                        }
                        if (principal != null) {
                            writeEntityField(str, principal, jsonGenerator);
                            if (open != null) {
                                if (0 == 0) {
                                    open.close();
                                    return;
                                }
                                try {
                                    open.close();
                                    return;
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                    return;
                                }
                            }
                            return;
                        }
                        if (open != null) {
                            if (0 != 0) {
                                try {
                                    open.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                open.close();
                            }
                        }
                    } catch (Throwable th4) {
                        th = th4;
                        throw th4;
                    }
                } finally {
                }
            } catch (MaxDepthReachedException e) {
            }
        }
        jsonGenerator.writeStringField(str, str2);
    }

    protected Map<String, Serializable> computeAdditionalFields(DocumentModel documentModel, String str, String str2) {
        HashMap hashMap = new HashMap();
        DirectoryService directoryService = (DirectoryService) Framework.getLocalService(DirectoryService.class);
        Framework.doPrivileged(() -> {
            Session open = directoryService.open(Constants.ACE_INFO_DIRECTORY);
            Throwable th = null;
            try {
                DocumentModel entry = open.getEntry(computeDirectoryId(documentModel, str, str2));
                if (entry != null) {
                    hashMap.put(Constants.NOTIFY_KEY, entry.getPropertyValue(Constants.ACE_INFO_NOTIFY));
                    hashMap.put(Constants.COMMENT_KEY, entry.getPropertyValue(Constants.ACE_INFO_COMMENT));
                }
                if (open != null) {
                    if (0 == 0) {
                        open.close();
                        return;
                    }
                    try {
                        open.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        open.close();
                    }
                }
                throw th3;
            }
        });
        return hashMap;
    }

    protected String computeDirectoryId(DocumentModel documentModel, String str, String str2) {
        return String.format("%s:%s:%s:%s", documentModel.getId(), documentModel.getRepositoryName(), str, str2);
    }
}
