package org.apache.jackrabbit.oak.security.privilege;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.InvalidItemStateException;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.privilege.ImmutablePrivilegeDefinition;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.class */
public class PrivilegeManagerImpl implements PrivilegeManager {
    private static final Logger log = LoggerFactory.getLogger(PrivilegeManagerImpl.class);
    private final Root root;
    private final NamePathMapper namePathMapper;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl$PrivilegeImpl.class */
    public final class PrivilegeImpl implements Privilege {
        private final PrivilegeDefinition definition;

        private PrivilegeImpl(PrivilegeDefinition privilegeDefinition) {
            this.definition = privilegeDefinition;
        }

        public String getName() {
            return PrivilegeManagerImpl.this.namePathMapper.getJcrName(this.definition.getName());
        }

        public boolean isAbstract() {
            return this.definition.isAbstract();
        }

        public boolean isAggregate() {
            return !this.definition.getDeclaredAggregateNames().isEmpty();
        }

        public Privilege[] getDeclaredAggregatePrivileges() {
            Set<String> declaredAggregateNames = this.definition.getDeclaredAggregateNames();
            HashSet hashSet = new HashSet(declaredAggregateNames.size());
            for (String str : declaredAggregateNames) {
                if (str.equals(this.definition.getName())) {
                    PrivilegeManagerImpl.log.warn("Found cyclic privilege aggregation -> ignore declared aggregate " + str);
                } else {
                    PrivilegeDefinition privilegeDefinition = PrivilegeManagerImpl.this.getPrivilegeDefinition(str);
                    if (privilegeDefinition != null) {
                        hashSet.add(PrivilegeManagerImpl.this.getPrivilege(privilegeDefinition));
                    } else {
                        PrivilegeManagerImpl.log.warn("Invalid privilege '{}' in declared aggregates of '{}'", str, getName());
                    }
                }
            }
            return (Privilege[]) hashSet.toArray(new Privilege[hashSet.size()]);
        }

        public Privilege[] getAggregatePrivileges() {
            HashSet hashSet = new HashSet();
            for (Privilege privilege : getDeclaredAggregatePrivileges()) {
                hashSet.add(privilege);
                if (privilege.isAggregate()) {
                    hashSet.addAll(Arrays.asList(privilege.getAggregatePrivileges()));
                }
            }
            return (Privilege[]) hashSet.toArray(new Privilege[hashSet.size()]);
        }

        public int hashCode() {
            return this.definition.hashCode();
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (obj instanceof PrivilegeImpl) {
                return this.definition.equals(((PrivilegeImpl) obj).definition);
            }
            return false;
        }

        public String toString() {
            return this.definition.getName();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivilegeManagerImpl(Root root, NamePathMapper namePathMapper) {
        this.root = root;
        this.namePathMapper = namePathMapper;
    }

    public Privilege[] getRegisteredPrivileges() throws RepositoryException {
        HashSet hashSet = new HashSet();
        for (PrivilegeDefinition privilegeDefinition : getPrivilegeDefinitions()) {
            hashSet.add(getPrivilege(privilegeDefinition));
        }
        return (Privilege[]) hashSet.toArray(new Privilege[hashSet.size()]);
    }

    public Privilege getPrivilege(String str) throws RepositoryException {
        PrivilegeDefinition privilegeDefinition = getPrivilegeDefinition(getOakName(str));
        if (privilegeDefinition == null) {
            throw new AccessControlException("No such privilege " + str);
        }
        return getPrivilege(privilegeDefinition);
    }

    public Privilege registerPrivilege(String str, boolean z, String[] strArr) throws RepositoryException {
        if (this.root.hasPendingChanges()) {
            throw new InvalidItemStateException("Attempt to register a new privilege while there are pending changes.");
        }
        if (str == null || str.isEmpty()) {
            throw new RepositoryException("Invalid privilege name " + str);
        }
        ImmutablePrivilegeDefinition immutablePrivilegeDefinition = new ImmutablePrivilegeDefinition(getOakName(str), z, getOakNames(strArr));
        new PrivilegeDefinitionWriter(getWriteRoot()).writeDefinition(immutablePrivilegeDefinition);
        this.root.refresh();
        return getPrivilege(immutablePrivilegeDefinition);
    }

    @Nonnull
    private Root getWriteRoot() {
        return this.root.getContentSession().getLatestRoot();
    }

    @Nonnull
    private Set<String> getOakNames(String[] strArr) throws RepositoryException {
        Set<String> emptySet;
        if (strArr == null || strArr.length == 0) {
            emptySet = Collections.emptySet();
        } else {
            emptySet = new HashSet(strArr.length);
            for (String str : strArr) {
                emptySet.add(getOakName(str));
            }
        }
        return emptySet;
    }

    @Nonnull
    private String getOakName(String str) throws RepositoryException {
        if (str == null) {
            throw new AccessControlException("Invalid privilege name 'null'");
        }
        return this.namePathMapper.getOakName(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nonnull
    public Privilege getPrivilege(PrivilegeDefinition privilegeDefinition) {
        return new PrivilegeImpl(privilegeDefinition);
    }

    @Nonnull
    private PrivilegeDefinition[] getPrivilegeDefinitions() {
        Map<String, PrivilegeDefinition> readDefinitions = getReader().readDefinitions();
        return (PrivilegeDefinition[]) readDefinitions.values().toArray(new PrivilegeDefinition[readDefinitions.size()]);
    }

    /* JADX INFO: Access modifiers changed from: private */
    @CheckForNull
    public PrivilegeDefinition getPrivilegeDefinition(String str) {
        return getReader().readDefinition(str);
    }

    @Nonnull
    private PrivilegeDefinitionReader getReader() {
        return new PrivilegeDefinitionReader(this.root);
    }
}
