package org.apache.jackrabbit.oak.security.authorization.accesscontrol;

import com.google.common.collect.ImmutableMap;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.jcr.RepositoryException;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
import org.apache.jackrabbit.oak.core.ImmutableTree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorProvider.class */
public class AccessControlValidatorProvider extends ValidatorProvider {
    private static final Logger log = LoggerFactory.getLogger(AccessControlValidatorProvider.class);
    private final SecurityProvider securityProvider;

    public AccessControlValidatorProvider(@Nonnull SecurityProvider securityProvider) {
        this.securityProvider = securityProvider;
    }

    @Override // org.apache.jackrabbit.oak.spi.commit.ValidatorProvider
    @Nonnull
    public Validator getRootValidator(NodeState nodeState, NodeState nodeState2) {
        ImmutableTree immutableTree = new ImmutableTree(nodeState);
        ImmutableTree immutableTree2 = new ImmutableTree(nodeState2);
        RestrictionProvider restrictionProvider = ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getRestrictionProvider();
        ImmutableRoot immutableRoot = new ImmutableRoot(nodeState);
        return new AccessControlValidator(immutableTree, immutableTree2, getPrivileges(immutableRoot), new PrivilegeBitsProvider(immutableRoot), restrictionProvider, ReadOnlyNodeTypeManager.getInstance(nodeState));
    }

    private Map<String, Privilege> getPrivileges(Root root) {
        PrivilegeManager privilegeManager = ((PrivilegeConfiguration) getConfig(PrivilegeConfiguration.class)).getPrivilegeManager(root, NamePathMapper.DEFAULT);
        ImmutableMap.Builder builder = ImmutableMap.builder();
        try {
            for (Privilege privilege : privilegeManager.getRegisteredPrivileges()) {
                builder.put(privilege.getName(), privilege);
            }
        } catch (RepositoryException e) {
            log.error("Unexpected error: failed to read privileges.", e);
        }
        return builder.build();
    }

    private <T> T getConfig(Class<T> cls) {
        return (T) this.securityProvider.getConfiguration(cls);
    }
}
