package org.apache.jackrabbit.oak.security.authorization.composite;

import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.tree.RootProvider;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.plugins.tree.TreeTypeProvider;
import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
import org.apache.jackrabbit.oak.security.authorization.permission.PermissionUtil;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.class */
class CompositePermissionProvider implements AggregatedPermissionProvider {
    private final Root root;
    private final AggregatedPermissionProvider[] pps;
    private final Context ctx;
    private final CompositeAuthorizationConfiguration.CompositionType compositionType;
    private final RootProvider rootProvider;
    private final TreeProvider treeProvider;
    private final RepositoryPermission repositoryPermission;
    private Root immutableRoot;
    private PrivilegeBitsProvider privilegeBitsProvider;
    private TreeTypeProvider typeProvider;

    /* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider$CompositeRepositoryPermission.class */
    private static final class CompositeRepositoryPermission implements RepositoryPermission {
        private final AggregatedPermissionProvider[] pps;
        private final CompositeAuthorizationConfiguration.CompositionType compositionType;

        public CompositeRepositoryPermission(@NotNull AggregatedPermissionProvider[] aggregatedPermissionProviderArr, @NotNull CompositeAuthorizationConfiguration.CompositionType compositionType) {
            this.pps = aggregatedPermissionProviderArr;
            this.compositionType = compositionType;
        }

        public boolean isGranted(long j) {
            boolean z = false;
            long j2 = 0;
            for (AggregatedPermissionProvider aggregatedPermissionProvider : this.pps) {
                long supportedPermissions = aggregatedPermissionProvider.supportedPermissions((Tree) null, (PropertyState) null, j);
                if (CompositePermissionProvider.doEvaluate(supportedPermissions)) {
                    RepositoryPermission repositoryPermission = aggregatedPermissionProvider.getRepositoryPermission();
                    if (this.compositionType == CompositeAuthorizationConfiguration.CompositionType.AND) {
                        z = repositoryPermission.isGranted(supportedPermissions);
                        if (!z) {
                            return false;
                        }
                        j2 |= supportedPermissions;
                    } else {
                        Iterator it = Permissions.aggregates(j).iterator();
                        while (it.hasNext()) {
                            long longValue = ((Long) it.next()).longValue();
                            if (repositoryPermission.isGranted(longValue)) {
                                j2 |= longValue;
                                z = true;
                            }
                        }
                    }
                }
            }
            return z && j2 == j;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CompositePermissionProvider(@NotNull Root root, @NotNull List<AggregatedPermissionProvider> list, @NotNull Context context, @NotNull CompositeAuthorizationConfiguration.CompositionType compositionType, @NotNull RootProvider rootProvider, @NotNull TreeProvider treeProvider) {
        this.root = root;
        this.pps = (AggregatedPermissionProvider[]) list.toArray(new AggregatedPermissionProvider[0]);
        this.ctx = context;
        this.compositionType = compositionType;
        this.rootProvider = rootProvider;
        this.treeProvider = treeProvider;
        this.repositoryPermission = new CompositeRepositoryPermission(this.pps, this.compositionType);
        this.immutableRoot = rootProvider.createReadOnlyRoot(root);
        this.privilegeBitsProvider = new PrivilegeBitsProvider(this.immutableRoot);
        this.typeProvider = new TreeTypeProvider(this.ctx);
    }

    public void refresh() {
        this.immutableRoot = this.rootProvider.createReadOnlyRoot(this.root);
        this.privilegeBitsProvider = new PrivilegeBitsProvider(this.immutableRoot);
        for (PermissionProvider permissionProvider : this.pps) {
            permissionProvider.refresh();
        }
    }

    @NotNull
    public Set<String> getPrivileges(@Nullable Tree tree) {
        Tree readOnlyTree = PermissionUtil.getReadOnlyTree(tree, this.immutableRoot);
        PrivilegeBits privilegeBits = PrivilegeBits.getInstance();
        PrivilegeBits privilegeBits2 = PrivilegeBits.getInstance();
        for (AggregatedPermissionProvider aggregatedPermissionProvider : this.pps) {
            PrivilegeBits modifiable = aggregatedPermissionProvider.supportedPrivileges(readOnlyTree, (PrivilegeBits) null).modifiable();
            if (doEvaluate(modifiable)) {
                PrivilegeBits bits = this.privilegeBitsProvider.getBits(aggregatedPermissionProvider.getPrivileges(readOnlyTree));
                if (!bits.isEmpty()) {
                    privilegeBits.add(bits);
                }
                if (this.compositionType == CompositeAuthorizationConfiguration.CompositionType.AND) {
                    privilegeBits2.add(modifiable.diff(bits));
                }
            }
        }
        if (!privilegeBits2.isEmpty()) {
            privilegeBits.diff(privilegeBits2);
        }
        return this.privilegeBitsProvider.getPrivilegeNames(privilegeBits);
    }

    public boolean hasPrivileges(@Nullable Tree tree, @NotNull String... strArr) {
        Tree readOnlyTree = PermissionUtil.getReadOnlyTree(tree, this.immutableRoot);
        PrivilegeBits bits = this.privilegeBitsProvider.getBits(strArr);
        if (bits.isEmpty()) {
            return true;
        }
        boolean z = false;
        PrivilegeBits privilegeBits = PrivilegeBits.getInstance();
        for (AggregatedPermissionProvider aggregatedPermissionProvider : this.pps) {
            PrivilegeBits supportedPrivileges = aggregatedPermissionProvider.supportedPrivileges(readOnlyTree, bits);
            if (doEvaluate(supportedPrivileges)) {
                Set<String> privilegeNames = this.privilegeBitsProvider.getPrivilegeNames(supportedPrivileges);
                if (this.compositionType == CompositeAuthorizationConfiguration.CompositionType.AND) {
                    z = aggregatedPermissionProvider.hasPrivileges(readOnlyTree, (String[]) privilegeNames.toArray(new String[0]));
                    if (!z) {
                        return false;
                    }
                    privilegeBits.add(supportedPrivileges);
                } else {
                    for (String str : privilegeNames) {
                        if (aggregatedPermissionProvider.hasPrivileges(readOnlyTree, new String[]{str})) {
                            privilegeBits.add(this.privilegeBitsProvider.getBits(new String[]{str}));
                            z = true;
                        }
                    }
                }
            }
        }
        return z && privilegeBits.includes(bits);
    }

    @NotNull
    public RepositoryPermission getRepositoryPermission() {
        return this.repositoryPermission;
    }

    @NotNull
    public TreePermission getTreePermission(@NotNull Tree tree, @NotNull TreePermission treePermission) {
        Tree readOnlyTree = PermissionUtil.getReadOnlyTree(tree, this.immutableRoot);
        return tree.isRoot() ? CompositeTreePermission.create(readOnlyTree, this.treeProvider, this.typeProvider, this.pps, this.compositionType) : treePermission instanceof CompositeTreePermission ? CompositeTreePermission.create(readOnlyTree, this.treeProvider, (CompositeTreePermission) treePermission) : treePermission.getChildPermission(readOnlyTree.getName(), this.treeProvider.asNodeState(readOnlyTree));
    }

    public boolean isGranted(@NotNull Tree tree, @Nullable PropertyState propertyState, long j) {
        Tree readOnlyTree = PermissionUtil.getReadOnlyTree(tree, this.immutableRoot);
        boolean z = false;
        long j2 = 0;
        for (AggregatedPermissionProvider aggregatedPermissionProvider : this.pps) {
            long supportedPermissions = aggregatedPermissionProvider.supportedPermissions(readOnlyTree, propertyState, j);
            if (doEvaluate(supportedPermissions)) {
                if (this.compositionType == CompositeAuthorizationConfiguration.CompositionType.AND) {
                    z = aggregatedPermissionProvider.isGranted(readOnlyTree, propertyState, supportedPermissions);
                    if (!z) {
                        return false;
                    }
                    j2 |= supportedPermissions;
                } else {
                    Iterator it = Permissions.aggregates(j).iterator();
                    while (it.hasNext()) {
                        long longValue = ((Long) it.next()).longValue();
                        if (aggregatedPermissionProvider.isGranted(readOnlyTree, propertyState, longValue)) {
                            j2 |= longValue;
                            z = true;
                        }
                    }
                }
            }
        }
        return z && j2 == j;
    }

    public boolean isGranted(@NotNull String str, @NotNull String str2) {
        TreeLocation create = TreeLocation.create(this.immutableRoot, str);
        return isGranted(create, Permissions.getPermissions(str2, create, this.ctx.definesLocation(create)));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean doEvaluate(long j) {
        return j != 0;
    }

    private static boolean doEvaluate(PrivilegeBits privilegeBits) {
        return !privilegeBits.isEmpty();
    }

    @NotNull
    public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) {
        PrivilegeBits privilegeBits2 = PrivilegeBits.getInstance();
        for (AggregatedPermissionProvider aggregatedPermissionProvider : this.pps) {
            privilegeBits2.add(aggregatedPermissionProvider.supportedPrivileges(tree, privilegeBits));
        }
        return privilegeBits2;
    }

    public long supportedPermissions(@Nullable Tree tree, @Nullable PropertyState propertyState, long j) {
        return supportedPermissions(aggregatedPermissionProvider -> {
            return Long.valueOf(aggregatedPermissionProvider.supportedPermissions(tree, propertyState, j));
        });
    }

    public long supportedPermissions(@NotNull TreeLocation treeLocation, long j) {
        return supportedPermissions(aggregatedPermissionProvider -> {
            return Long.valueOf(aggregatedPermissionProvider.supportedPermissions(treeLocation, j));
        });
    }

    public long supportedPermissions(@NotNull TreePermission treePermission, @Nullable PropertyState propertyState, long j) {
        return supportedPermissions(aggregatedPermissionProvider -> {
            return Long.valueOf(aggregatedPermissionProvider.supportedPermissions(treePermission, propertyState, j));
        });
    }

    private long supportedPermissions(Function<AggregatedPermissionProvider, Long> function) {
        long j = 0;
        for (AggregatedPermissionProvider aggregatedPermissionProvider : this.pps) {
            j |= function.apply(aggregatedPermissionProvider).longValue();
        }
        return j;
    }

    public boolean isGranted(@NotNull TreeLocation treeLocation, long j) {
        PropertyState property = treeLocation.getProperty();
        Tree tree = property == null ? treeLocation.getTree() : treeLocation.getParent().getTree();
        if (tree != null) {
            return isGranted(tree, property, j);
        }
        boolean z = false;
        long j2 = 0;
        for (AggregatedPermissionProvider aggregatedPermissionProvider : this.pps) {
            long supportedPermissions = aggregatedPermissionProvider.supportedPermissions(treeLocation, j);
            if (doEvaluate(supportedPermissions)) {
                if (this.compositionType == CompositeAuthorizationConfiguration.CompositionType.AND) {
                    z = aggregatedPermissionProvider.isGranted(treeLocation, supportedPermissions);
                    if (!z) {
                        return false;
                    }
                    j2 |= supportedPermissions;
                } else {
                    Iterator it = Permissions.aggregates(j).iterator();
                    while (it.hasNext()) {
                        long longValue = ((Long) it.next()).longValue();
                        if (aggregatedPermissionProvider.isGranted(treeLocation, longValue)) {
                            j2 |= longValue;
                            z = true;
                        }
                    }
                }
            }
        }
        return z && j2 == j;
    }

    @NotNull
    public TreePermission getTreePermission(@NotNull Tree tree, @NotNull TreeType treeType, @NotNull TreePermission treePermission) {
        Tree readOnlyTree = PermissionUtil.getReadOnlyTree(tree, this.immutableRoot);
        return tree.isRoot() ? CompositeTreePermission.create(readOnlyTree, this.treeProvider, this.typeProvider, this.pps, this.compositionType) : treePermission instanceof CompositeTreePermission ? CompositeTreePermission.create(readOnlyTree, this.treeProvider, (CompositeTreePermission) treePermission, treeType) : treePermission.getChildPermission(readOnlyTree.getName(), this.treeProvider.asNodeState(readOnlyTree));
    }
}
