package info.magnolia.cms.core;

import info.magnolia.cms.security.AccessManager;
import info.magnolia.cms.security.AccessManagerImpl;
import info.magnolia.cms.security.Permission;
import info.magnolia.cms.security.PrincipalUtil;
import info.magnolia.cms.security.auth.ACL;
import info.magnolia.importexport.DataTransporter;
import java.security.Principal;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.jcr.ItemNotFoundException;
import javax.jcr.NamespaceException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlPolicy;
import org.apache.jackrabbit.core.ItemImpl;
import org.apache.jackrabbit.core.cache.GrowingLRUMap;
import org.apache.jackrabbit.core.id.ItemId;
import org.apache.jackrabbit.core.id.PropertyId;
import org.apache.jackrabbit.core.security.authorization.AbstractCompiledPermissions;
import org.apache.jackrabbit.core.security.authorization.AccessControlEditor;
import org.apache.jackrabbit.core.security.authorization.CompiledPermissions;
import org.apache.jackrabbit.core.security.authorization.PrivilegeManagerImpl;
import org.apache.jackrabbit.core.security.authorization.combined.CombinedProvider;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.PathFactory;
import org.apache.jackrabbit.spi.commons.conversion.CachingPathResolver;
import org.apache.jackrabbit.spi.commons.conversion.IllegalNameException;
import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
import org.apache.jackrabbit.spi.commons.conversion.ParsingPathResolver;
import org.apache.jackrabbit.spi.commons.conversion.PathResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:info/magnolia/cms/core/MagnoliaAccessProvider.class */
public class MagnoliaAccessProvider extends CombinedProvider {
    private final PathResolver pathResolver = new CachingPathResolver(new ParsingPathResolver((PathFactory) null, new NameResolver() { // from class: info.magnolia.cms.core.MagnoliaAccessProvider.1
        public Name getQName(String str) throws IllegalNameException, NamespaceException {
            throw new UnsupportedOperationException();
        }

        public String getJCRName(Name name) throws NamespaceException {
            return name.getLocalName();
        }
    }));
    private CompiledPermissions RootOnlyPermission;
    private static final Logger log = LoggerFactory.getLogger(MagnoliaAccessProvider.class);
    private static final long[][] permissionMapping = {new long[]{1, 8}, new long[]{2, 2}, new long[]{4, 1}, new long[]{8, 4}, new long[]{16, 4}, new long[]{32, 16}, new long[]{64, 16}, new long[]{128, 1}, new long[]{256, 16}, new long[]{512, 16}, new long[]{1024, 16}, new long[]{2048, 16}};

    /* loaded from: input_file:info/magnolia/cms/core/MagnoliaAccessProvider$ACLBasedPermissions.class */
    public class ACLBasedPermissions extends AbstractCompiledPermissions {
        private final Map<ItemId, Boolean> readCache = new GrowingLRUMap(1024, 5000);
        private final Object monitor = new Object();
        private final AccessManager ami = new AccessManagerImpl();

        public ACLBasedPermissions(List<Permission> list) {
            this.ami.setPermissionList(list);
        }

        public boolean canRead(org.apache.jackrabbit.spi.Path path, ItemId itemId) throws RepositoryException {
            if (itemId != null && "cafebabe-cafe-babe-cafe-babecafebabe".equals(itemId.toString())) {
                return true;
            }
            if (path != null && DataTransporter.SLASH.equals(path.toString())) {
                return true;
            }
            if (path != null) {
                String jCRPath = MagnoliaAccessProvider.this.pathResolver.getJCRPath(path);
                MagnoliaAccessProvider.log.debug("Read request for " + jCRPath + " :: " + itemId);
                return this.ami.isGranted(jCRPath, 8L);
            }
            if (!itemId.denotesNode()) {
                itemId = ((PropertyId) itemId).getParentId();
            }
            synchronized (this.monitor) {
                if (this.readCache.containsKey(itemId)) {
                    return this.readCache.get(itemId).booleanValue();
                }
                boolean canRead = canRead(MagnoliaAccessProvider.this.session.getHierarchyManager().getPath(itemId), itemId);
                this.readCache.put(itemId, Boolean.valueOf(canRead));
                return canRead;
            }
        }

        protected AbstractCompiledPermissions.Result buildResult(org.apache.jackrabbit.spi.Path path) throws RepositoryException {
            throw new UnsupportedOperationException();
        }

        public AbstractCompiledPermissions.Result getResult(org.apache.jackrabbit.spi.Path path) throws RepositoryException {
            throw new UnsupportedOperationException();
        }

        public boolean grants(org.apache.jackrabbit.spi.Path path, int i) throws RepositoryException {
            return this.ami.isGranted(MagnoliaAccessProvider.this.pathResolver.getJCRPath(path), MagnoliaAccessProvider.this.convertJackrabbitPermissionsToMagnoliaPermissions(i));
        }

        public int getPrivileges(org.apache.jackrabbit.spi.Path path) throws RepositoryException {
            throw new UnsupportedOperationException();
        }

        protected AbstractCompiledPermissions.Result buildRepositoryResult() throws RepositoryException {
            throw new UnsupportedOperationException();
        }

        protected PrivilegeManagerImpl getPrivilegeManagerImpl() throws RepositoryException {
            throw new UnsupportedOperationException();
        }
    }

    /* loaded from: input_file:info/magnolia/cms/core/MagnoliaAccessProvider$RootOnlyPermissions.class */
    public class RootOnlyPermissions extends AbstractCompiledPermissions {
        private final Map<ItemId, Boolean> readCache = new GrowingLRUMap(1024, 5000);
        private final Object monitor = new Object();

        public RootOnlyPermissions() {
        }

        public boolean canRead(org.apache.jackrabbit.spi.Path path, ItemId itemId) throws RepositoryException {
            if (path != null) {
                MagnoliaAccessProvider.log.debug("Read request for " + MagnoliaAccessProvider.this.pathResolver.getJCRPath(path) + " :: " + itemId);
                return DataTransporter.SLASH.equals(MagnoliaAccessProvider.this.pathResolver.getJCRPath(path));
            }
            if (!itemId.denotesNode()) {
                itemId = ((PropertyId) itemId).getParentId();
            }
            synchronized (this.monitor) {
                if (this.readCache.containsKey(itemId)) {
                    return this.readCache.get(itemId).booleanValue();
                }
                boolean equals = DataTransporter.SLASH.equals(MagnoliaAccessProvider.this.pathResolver.getJCRPath(MagnoliaAccessProvider.this.session.getHierarchyManager().getPath(itemId)));
                this.readCache.put(itemId, Boolean.valueOf(equals));
                return equals;
            }
        }

        protected AbstractCompiledPermissions.Result buildResult(org.apache.jackrabbit.spi.Path path) throws RepositoryException {
            throw new UnsupportedOperationException();
        }

        public AbstractCompiledPermissions.Result getResult(org.apache.jackrabbit.spi.Path path) throws RepositoryException {
            throw new UnsupportedOperationException();
        }

        public boolean grants(org.apache.jackrabbit.spi.Path path, int i) throws RepositoryException {
            return DataTransporter.SLASH.equals(MagnoliaAccessProvider.this.pathResolver.getJCRPath(path));
        }

        public int getPrivileges(org.apache.jackrabbit.spi.Path path) throws RepositoryException {
            throw new UnsupportedOperationException();
        }

        protected AbstractCompiledPermissions.Result buildRepositoryResult() throws RepositoryException {
            throw new UnsupportedOperationException();
        }

        protected PrivilegeManagerImpl getPrivilegeManagerImpl() throws RepositoryException {
            throw new UnsupportedOperationException();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public long convertJackrabbitPermissionsToMagnoliaPermissions(long j) {
        long j2 = 0;
        for (long[] jArr : permissionMapping) {
            long j3 = jArr[0];
            long j4 = jArr[1];
            if ((j & j3) != 0) {
                j2 |= j4;
            }
        }
        return j2;
    }

    public boolean canAccessRoot(Set<Principal> set) throws RepositoryException {
        checkInitialized();
        return true;
    }

    public void close() {
        log.debug("close()");
        super.close();
    }

    public CompiledPermissions compilePermissions(Set<Principal> set) throws RepositoryException {
        log.debug("compile permissions for {} at {}", printUserNames(set), this.session == null ? null : this.session.getWorkspace().getName());
        checkInitialized();
        if (isAdminOrSystem(set)) {
            return getAdminPermissions();
        }
        ACL findAccessControlList = PrincipalUtil.findAccessControlList(set, ((CombinedProvider) this).session.getWorkspace().getName());
        return findAccessControlList != null ? getUserPermissions(findAccessControlList.getList()) : this.RootOnlyPermission;
    }

    private CompiledPermissions getUserPermissions(List<Permission> list) {
        return new ACLBasedPermissions(list);
    }

    public AccessControlEditor getEditor(Session session) {
        log.debug("getEditor({})", session);
        return new MagnoliaACLEditor(super.getEditor(session));
    }

    public AccessControlPolicy[] getEffectivePolicies(org.apache.jackrabbit.spi.Path path, CompiledPermissions compiledPermissions) throws ItemNotFoundException, RepositoryException {
        log.debug("getEffectivePolicies({}, {})", path, compiledPermissions);
        return super.getEffectivePolicies(path, compiledPermissions);
    }

    public AccessControlPolicy[] getEffectivePolicies(Set<Principal> set, CompiledPermissions compiledPermissions) throws RepositoryException {
        log.debug("getEffectivePolicies({}, {})", set, compiledPermissions);
        return super.getEffectivePolicies(set, compiledPermissions);
    }

    public void init(Session session, Map map) throws RepositoryException {
        log.debug("init({}, {})", session, map);
        super.init(session, map);
        this.RootOnlyPermission = new RootOnlyPermissions();
    }

    public boolean isAcItem(ItemImpl itemImpl) throws RepositoryException {
        log.debug("isAcItem({})", itemImpl);
        return super.isAcItem(itemImpl);
    }

    public boolean isAcItem(org.apache.jackrabbit.spi.Path path) throws RepositoryException {
        log.debug("isAcItem({})", path);
        return super.isAcItem(path);
    }

    private String printUserNames(Set<Principal> set) {
        StringBuilder sb = new StringBuilder();
        for (Principal principal : set) {
            sb.append(" or ").append(principal.getName()).append("[").append(principal.getClass().getName()).append("]");
        }
        sb.delete(0, 4);
        return sb.toString();
    }
}
