package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;

import java.security.AccessControlException;
import java.util.HashSet;
import java.util.Iterator;
import javax.annotation.Nonnull;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.nodetype.PropertyDefinition;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.xml.PropInfo;
import org.apache.jackrabbit.oak.spi.xml.ProtectedPropertyImporter;
import org.apache.jackrabbit.oak.spi.xml.ReferenceChangeTracker;
import org.apache.jackrabbit.oak.spi.xml.TextValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporter.class */
class CugImporter implements ProtectedPropertyImporter, CugConstants {
    private static final Logger log = LoggerFactory.getLogger(CugImporter.class);
    private boolean initialized;
    private ConfigurationParameters config;
    private int importBehavior;
    private PrincipalManager principalManager;

    public boolean init(@Nonnull Session session, @Nonnull Root root, @Nonnull NamePathMapper namePathMapper, boolean z, int i, @Nonnull ReferenceChangeTracker referenceChangeTracker, @Nonnull SecurityProvider securityProvider) {
        if (this.initialized) {
            throw new IllegalStateException("Already initialized");
        }
        try {
            this.config = ((AuthorizationConfiguration) securityProvider.getConfiguration(AuthorizationConfiguration.class)).getParameters();
            this.importBehavior = CugUtil.getImportBehavior(this.config);
            if (z) {
                this.principalManager = ((PrincipalConfiguration) securityProvider.getConfiguration(PrincipalConfiguration.class)).getPrincipalManager(root, namePathMapper);
            } else {
                this.principalManager = ((JackrabbitSession) session).getPrincipalManager();
            }
            this.initialized = true;
        } catch (RepositoryException e) {
            log.warn("Error while initializing cug importer", e);
        }
        return this.initialized;
    }

    public void processReferences() throws RepositoryException {
    }

    public boolean handlePropInfo(@Nonnull Tree tree, @Nonnull PropInfo propInfo, @Nonnull PropertyDefinition propertyDefinition) throws RepositoryException {
        if (!CugUtil.definesCug(tree) || !isValid(propInfo, propertyDefinition) || !CugUtil.isSupportedPath(tree.getPath(), this.config)) {
            return false;
        }
        HashSet hashSet = new HashSet();
        Iterator it = propInfo.getTextValues().iterator();
        while (it.hasNext()) {
            String string = ((TextValue) it.next()).getString();
            if (this.principalManager.getPrincipal(string) == null) {
                switch (this.importBehavior) {
                    case 1:
                        log.debug("Ignoring unknown principal with name '" + string + "'.");
                        break;
                    case 2:
                        log.debug("Importing unknown principal '" + string + '\'');
                        hashSet.add(string);
                        break;
                    case 3:
                        throw new AccessControlException("Unknown principal '" + string + "'.");
                    default:
                        throw new IllegalArgumentException("Invalid import behavior " + this.importBehavior);
                }
            } else {
                hashSet.add(string);
            }
        }
        tree.setProperty(CugConstants.REP_PRINCIPAL_NAMES, hashSet, Type.STRINGS);
        return true;
    }

    public void propertiesCompleted(@Nonnull Tree tree) throws IllegalStateException, RepositoryException {
        if (!CugUtil.definesCug(tree) || tree.hasProperty(CugConstants.REP_PRINCIPAL_NAMES)) {
            return;
        }
        log.debug("Removing incomplete rep:cugPolicy node (due to missing mandatory property or unsupported path).");
        tree.remove();
    }

    private boolean isValid(@Nonnull PropInfo propInfo, @Nonnull PropertyDefinition propertyDefinition) {
        return CugConstants.REP_PRINCIPAL_NAMES.equals(propInfo.getName()) && propertyDefinition.isMultiple() && CugConstants.NT_REP_CUG_POLICY.equals(propertyDefinition.getDeclaringNodeType().getName());
    }
}
