package biz.netcentric.cq.tools.actool.aem;

import biz.netcentric.cq.tools.actool.configmodel.AceBean;
import biz.netcentric.cq.tools.actool.helper.AccessControlUtils;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.nodetype.NodeDefinition;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:biz/netcentric/cq/tools/actool/aem/AcToolCqActions.class */
public class AcToolCqActions {
    private static final Logger LOG = LoggerFactory.getLogger(AcToolCqActions.class);
    private static final String CONTENT_RESTRICTION = "*/jcr:content*";
    private final Session session;
    private final Map<String, Set<Privilege>> map = new HashMap();

    /* loaded from: input_file:biz/netcentric/cq/tools/actool/aem/AcToolCqActions$CqActions.class */
    public enum CqActions {
        read,
        modify,
        create,
        delete,
        acl_read,
        acl_edit,
        replicate
    }

    public AcToolCqActions(Session session) throws RepositoryException {
        this.session = session;
        AccessControlManager accessControlManager = session.getAccessControlManager();
        this.map.put(CqActions.read.name(), getPrivilegeSet("{http://www.jcp.org/jcr/1.0}read", accessControlManager));
        this.map.put(CqActions.modify.name(), getPrivilegeSet(new String[]{"{http://www.jcp.org/jcr/1.0}modifyProperties", "{http://www.jcp.org/jcr/1.0}lockManagement", "{http://www.jcp.org/jcr/1.0}versionManagement"}, accessControlManager));
        this.map.put(CqActions.create.name(), getPrivilegeSet(new String[]{"{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}nodeTypeManagement"}, accessControlManager));
        this.map.put(CqActions.delete.name(), getPrivilegeSet(new String[]{"{http://www.jcp.org/jcr/1.0}removeChildNodes", "{http://www.jcp.org/jcr/1.0}removeNode"}, accessControlManager));
        this.map.put(CqActions.acl_read.name(), getPrivilegeSet("{http://www.jcp.org/jcr/1.0}readAccessControl", accessControlManager));
        this.map.put(CqActions.acl_edit.name(), getPrivilegeSet("{http://www.jcp.org/jcr/1.0}modifyAccessControl", accessControlManager));
        try {
            this.map.put(CqActions.replicate.name(), getPrivilegeSet("{http://www.day.com/crx/1.0}replicate", accessControlManager));
        } catch (AccessControlException e) {
            LOG.warn("Replicate privilege not registered");
        }
    }

    public Set<Privilege> getPrivileges(String str) {
        return this.map.get(str);
    }

    public Collection<String> getAllowedActions(String str, Set<Principal> set) throws RepositoryException {
        AccessControlManager accessControlManager = this.session.getAccessControlManager();
        HashSet hashSet = new HashSet();
        Set<Privilege> privileges = getPrivileges(str, set, accessControlManager);
        for (Map.Entry<String, Set<Privilege>> entry : this.map.entrySet()) {
            if (privileges.containsAll(entry.getValue())) {
                hashSet.add(entry.getKey());
            }
        }
        if (definesContent(this.session.getNode(str))) {
            String str2 = str + "/jcr:content";
            if (hashSet.contains(CqActions.modify.name()) && (!this.session.nodeExists(str2) || !getPrivileges(str2, set, accessControlManager).containsAll(getPrivilegeSet("rep:write", accessControlManager)))) {
                hashSet.remove(CqActions.modify.name());
            }
        }
        return hashSet;
    }

    public void installActions(String str, Principal principal, Map<String, Boolean> map, Collection<String> collection) throws RepositoryException {
        boolean contains;
        if (map.isEmpty()) {
            return;
        }
        AccessControlManager accessControlManager = this.session.getAccessControlManager();
        JackrabbitAccessControlList modifiableAcl = AccessControlUtils.getModifiableAcl(accessControlManager, str);
        for (String str2 : map.keySet()) {
            boolean booleanValue = map.get(str2).booleanValue();
            Set<Privilege> set = this.map.get(str2);
            if (set != null) {
                modifiableAcl.addEntry(principal, (Privilege[]) set.toArray(new Privilege[set.size()]), booleanValue);
            }
        }
        if (definesContent(this.session.getNode(str))) {
            Map map2 = null;
            String[] restrictionNames = modifiableAcl.getRestrictionNames();
            int length = restrictionNames.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str3 = restrictionNames[i];
                if (AceBean.RESTRICTION_NAME_GLOB.equals(str3)) {
                    map2 = Collections.singletonMap(str3, this.session.getValueFactory().createValue(CONTENT_RESTRICTION, modifiableAcl.getRestrictionType(str3)));
                    break;
                }
                i++;
            }
            if (map2 == null) {
                LOG.warn("Cannot install special permissions node with jcr:content primary item. rep:glob restriction not supported by AC model.");
            } else {
                HashSet hashSet = new HashSet();
                HashSet hashSet2 = new HashSet();
                if (map.containsKey(CqActions.modify.name())) {
                    List asList = Arrays.asList(accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}nodeTypeManagement"), accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}addChildNodes"), accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes"), accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}removeNode"));
                    if (map.get(CqActions.modify.name()).booleanValue()) {
                        hashSet.addAll(asList);
                    } else {
                        hashSet2.addAll(asList);
                    }
                    contains = map.get(CqActions.modify.name()).booleanValue();
                } else {
                    contains = collection.contains(CqActions.modify.name());
                }
                if (contains) {
                    if (map.containsKey(CqActions.create.name()) && !map.get(CqActions.create.name()).booleanValue()) {
                        hashSet.add(accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}addChildNodes"));
                        hashSet.add(accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}nodeTypeManagement"));
                    }
                    if (map.containsKey(CqActions.delete.name()) && !map.get(CqActions.delete.name()).booleanValue()) {
                        hashSet.add(accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes"));
                        hashSet.add(accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}removeNode"));
                    }
                } else {
                    if (map.containsKey(CqActions.create.name()) && map.get(CqActions.create.name()).booleanValue()) {
                        hashSet2.add(accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}addChildNodes"));
                        hashSet2.add(accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}nodeTypeManagement"));
                    }
                    if (map.containsKey(CqActions.delete.name()) && map.get(CqActions.delete.name()).booleanValue()) {
                        hashSet2.add(accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes"));
                        hashSet2.add(accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}removeNode"));
                    }
                }
                if (!hashSet.isEmpty()) {
                    modifiableAcl.addEntry(principal, (Privilege[]) hashSet.toArray(new Privilege[hashSet.size()]), true, map2);
                }
                if (!hashSet2.isEmpty()) {
                    modifiableAcl.addEntry(principal, (Privilege[]) hashSet2.toArray(new Privilege[hashSet2.size()]), false, map2);
                }
            }
        }
        accessControlManager.setPolicy(str, modifiableAcl);
    }

    public static boolean definesContent(Node node) throws RepositoryException {
        for (NodeDefinition nodeDefinition : node.getPrimaryNodeType().getChildNodeDefinitions()) {
            if ("jcr:content".equals(nodeDefinition.getName())) {
                return true;
            }
        }
        return false;
    }

    private static Set<Privilege> getPrivileges(String str, Set<Principal> set, AccessControlManager accessControlManager) throws RepositoryException {
        HashSet hashSet = new HashSet();
        for (Privilege privilege : set == null ? accessControlManager.getPrivileges(str) : ((JackrabbitAccessControlManager) accessControlManager).getPrivileges(str, set)) {
            if (privilege.isAggregate()) {
                hashSet.addAll(Arrays.asList(privilege.getAggregatePrivileges()));
            } else {
                hashSet.add(privilege);
            }
        }
        return hashSet;
    }

    private static Set<Privilege> getPrivilegeSet(String str, AccessControlManager accessControlManager) throws RepositoryException {
        Privilege privilegeFromName = accessControlManager.privilegeFromName(str);
        return privilegeFromName.isAggregate() ? new HashSet(Arrays.asList(privilegeFromName.getAggregatePrivileges())) : Collections.singleton(privilegeFromName);
    }

    private static Set<Privilege> getPrivilegeSet(String[] strArr, AccessControlManager accessControlManager) throws RepositoryException {
        HashSet hashSet = new HashSet(strArr.length);
        for (String str : strArr) {
            Privilege privilegeFromName = accessControlManager.privilegeFromName(str);
            if (privilegeFromName.isAggregate()) {
                hashSet.addAll(Arrays.asList(privilegeFromName.getAggregatePrivileges()));
            } else {
                hashSet.add(privilegeFromName);
            }
        }
        return hashSet;
    }
}
