package org.jahia.services.security.shiro;

import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.jcr.RepositoryException;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.jahia.registries.ServicesRegistry;
import org.jahia.services.categories.Category;
import org.jahia.services.content.JCRNodeWrapper;
import org.jahia.services.content.JCRTemplate;
import org.jahia.services.usermanager.JahiaUser;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jahia/services/security/shiro/JahiaAccountRealm.class */
public class JahiaAccountRealm extends AuthorizingRealm {
    public static final Logger logger = LoggerFactory.getLogger(JahiaAccountRealm.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jahia/services/security/shiro/JahiaAccountRealm$PermissionOnPath.class */
    public class PermissionOnPath {
        private String node;
        private String permission;

        public PermissionOnPath(String str) {
            String[] split = StringUtils.split(str, ':');
            if (split.length == 0) {
                this.node = Category.PATH_DELIMITER;
                this.permission = split[0].replace('_', ':');
            } else {
                this.node = split[0];
                this.permission = split[1].replace('_', ':');
            }
        }

        public String getNode() {
            return this.node;
        }

        public String getPermission() {
            return this.permission;
        }
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        if (principalCollection.getPrimaryPrincipal() instanceof JahiaUser) {
            JahiaUser jahiaUser = (JahiaUser) principalCollection.getPrimaryPrincipal();
            try {
                return new SimpleAuthorizationInfo((Set) JCRTemplate.getInstance().doExecute(jahiaUser, (String) null, (Locale) null, jCRSessionWrapper -> {
                    JCRNodeWrapper m256getNode = jCRSessionWrapper.m256getNode(Category.PATH_DELIMITER);
                    return jahiaUser.isRoot() ? (Set) m256getNode.getAvailableRoles().entrySet().stream().flatMap(entry -> {
                        return ((List) entry.getValue()).stream();
                    }).map((v0) -> {
                        return v0.getName();
                    }).collect(Collectors.toSet()) : getRoles(jahiaUser, m256getNode);
                }));
            } catch (RepositoryException e) {
                logger.error("Cannot login", e);
            }
        }
        return new SimpleAuthorizationInfo(Collections.emptySet());
    }

    public boolean isPermitted(PrincipalCollection principalCollection, String str) {
        JahiaUser jahiaUser = (JahiaUser) principalCollection.getPrimaryPrincipal();
        PermissionOnPath permissionOnPath = new PermissionOnPath(str);
        try {
            return ((Boolean) JCRTemplate.getInstance().doExecute(jahiaUser, (String) null, (Locale) null, jCRSessionWrapper -> {
                return Boolean.valueOf(jCRSessionWrapper.m256getNode(permissionOnPath.getNode()).hasPermission(permissionOnPath.getPermission()));
            })).booleanValue();
        } catch (RepositoryException e) {
            logger.error("Cannot check permission", e);
            return false;
        }
    }

    @NotNull
    private Set<String> getRoles(JahiaUser jahiaUser, JCRNodeWrapper jCRNodeWrapper) {
        HashSet hashSet = new HashSet();
        for (Map.Entry<String, Map<String, String>> entry : jCRNodeWrapper.getActualAclEntries().entrySet()) {
            String key = entry.getKey();
            String substring = key.substring(2);
            if ((key.charAt(0) == 'u' && substring.equals(jahiaUser.getName())) || (key.charAt(0) == 'g' && ServicesRegistry.getInstance().getJahiaGroupManagerService().lookupGroup(null, substring).isMember(jahiaUser.getLocalPath()))) {
                for (Map.Entry<String, String> entry2 : entry.getValue().entrySet()) {
                    if ("GRANT".equals(entry2.getValue())) {
                        hashSet.add(entry2.getKey());
                    }
                }
            }
        }
        return hashSet;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        return new SimpleAuthenticationInfo(authenticationToken.getPrincipal(), authenticationToken.getPrincipal(), getName());
    }
}
