package info.magnolia.cms.security;

import info.magnolia.cms.core.ItemType;
import info.magnolia.cms.core.Path;
import info.magnolia.cms.security.SecuritySupport;
import info.magnolia.cms.security.auth.ACL;
import info.magnolia.cms.util.SimpleUrlPattern;
import info.magnolia.context.MgnlContext;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.jcr.ItemNotFoundException;
import javax.jcr.Node;
import javax.jcr.PathNotFoundException;
import javax.jcr.Property;
import javax.jcr.PropertyIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.ValueFormatException;
import org.apache.commons.lang.StringUtils;
import org.apache.jackrabbit.commons.iterator.FilteringNodeIterator;
import org.apache.jackrabbit.commons.predicate.NodeTypePredicate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:info/magnolia/cms/security/RepositoryBackedSecurityManager.class */
public abstract class RepositoryBackedSecurityManager {
    private static final Logger log = LoggerFactory.getLogger(RepositoryBackedSecurityManager.class);

    public boolean hasAny(final String str, final String str2, final String str3) {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            try {
                String str4 = StringUtils.equalsIgnoreCase(str3, SecurityConstants.NODE_ROLES) ? "userroles" : "usergroups";
                final Collection collection = (Collection) MgnlContext.doInSystemContext(new JCRSessionOp<Collection<String>>(getRepositoryName()) { // from class: info.magnolia.cms.security.RepositoryBackedSecurityManager.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // info.magnolia.cms.security.JCRSessionOp
                    public Collection<String> exec(Session session) throws RepositoryException {
                        ArrayList arrayList = new ArrayList();
                        Node findPrincipalNode = RepositoryBackedSecurityManager.this.findPrincipalNode(str, session);
                        if (findPrincipalNode == null) {
                            RepositoryBackedSecurityManager.log.debug("No User '" + str + "' found in repository");
                            return arrayList;
                        }
                        PropertyIterator properties = findPrincipalNode.getNode(str3).getProperties();
                        while (properties.hasNext()) {
                            Property nextProperty = properties.nextProperty();
                            try {
                                arrayList.add(nextProperty.getString());
                            } catch (ItemNotFoundException e) {
                                RepositoryBackedSecurityManager.log.debug("Role [{}] does not exist in the {} repository", str2, str3);
                            } catch (IllegalArgumentException e2) {
                                RepositoryBackedSecurityManager.log.debug("{} has invalid value", nextProperty.getPath());
                            }
                        }
                        return arrayList;
                    }
                });
                boolean booleanValue = ((Boolean) MgnlContext.doInSystemContext(new JCRSessionOp<Boolean>(str4) { // from class: info.magnolia.cms.security.RepositoryBackedSecurityManager.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // info.magnolia.cms.security.JCRSessionOp
                    public Boolean exec(Session session) throws RepositoryException {
                        Iterator it = collection.iterator();
                        while (it.hasNext()) {
                            try {
                            } catch (ItemNotFoundException e) {
                                RepositoryBackedSecurityManager.log.debug("Role [{}] does not exist in the ROLES repository", str2);
                            }
                            if (session.getNodeByIdentifier((String) it.next()).getName().equalsIgnoreCase(str2)) {
                                return true;
                            }
                            continue;
                        }
                        return false;
                    }
                })).booleanValue();
                log.debug("checked {} for {} in {}ms.", new Object[]{str2, str3, Long.valueOf(System.currentTimeMillis() - currentTimeMillis)});
                return booleanValue;
            } catch (RepositoryException e) {
                log.debug(e.getMessage(), e);
                log.debug("checked {} for {} in {}ms.", new Object[]{str2, str3, Long.valueOf(System.currentTimeMillis() - currentTimeMillis)});
                return false;
            }
        } catch (Throwable th) {
            log.debug("checked {} for {} in {}ms.", new Object[]{str2, str3, Long.valueOf(System.currentTimeMillis() - currentTimeMillis)});
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void add(String str, String str2, String str3) throws PrincipalNotFoundException {
        try {
            String linkedResourceId = getLinkedResourceId(str2, str3);
            if (!hasAny(str, str2, str3)) {
                Session jCRSession = MgnlContext.getJCRSession(getRepositoryName());
                Node findPrincipalNode = findPrincipalNode(str, jCRSession);
                if (findPrincipalNode == null) {
                    throw new PrincipalNotFoundException("Principal " + str + " of type " + str3 + " was not found.");
                }
                if (!findPrincipalNode.hasNode(str3)) {
                    findPrincipalNode.addNode(str3, ItemType.CONTENTNODE.getSystemName());
                }
                Node node = findPrincipalNode.getNode(str3);
                node.setProperty(Path.getUniqueLabel(jCRSession, node.getPath(), "0"), linkedResourceId);
                jCRSession.save();
            }
        } catch (RepositoryException e) {
            log.error("failed to add " + str3 + " " + str2 + " to  [" + str + "]", e);
        }
    }

    private String getLinkedResourceId(String str, String str2) throws AccessDeniedException {
        String id;
        if (StringUtils.equalsIgnoreCase(str2, SecurityConstants.NODE_ROLES)) {
            Role role = SecuritySupport.Factory.getInstance().getRoleManager().getRole(str);
            if (role == null) {
                log.warn("Invalid role requested: {}", str);
                id = null;
            } else {
                id = role.getId();
            }
        } else {
            id = SecuritySupport.Factory.getInstance().getGroupManager().getGroup(str).getId();
        }
        return id;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getResourceName(String str) {
        try {
            return MgnlContext.getJCRSession(getRepositoryName()).getNodeByIdentifier(str).getName();
        } catch (RepositoryException e) {
            log.error(e.getMessage(), e);
            return null;
        } catch (ItemNotFoundException e2) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void remove(final String str, String str2, final String str3) {
        try {
            final String linkedResourceId = getLinkedResourceId(str2, str3);
            if (hasAny(str, str2, str3)) {
                MgnlContext.doInSystemContext(new SilentSessionOp<MgnlContext.VoidOp>(getRepositoryName()) { // from class: info.magnolia.cms.security.RepositoryBackedSecurityManager.3
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // info.magnolia.cms.security.SilentSessionOp
                    public MgnlContext.VoidOp doExec(Session session) throws RepositoryException {
                        Node findPrincipalNode = RepositoryBackedSecurityManager.this.findPrincipalNode(str, session);
                        if (!findPrincipalNode.hasNode(str3)) {
                            log.debug("resource type {} is not set for principal {}", str3, str);
                            return null;
                        }
                        PropertyIterator properties = findPrincipalNode.getNode(str3).getProperties();
                        while (properties.hasNext()) {
                            Property nextProperty = properties.nextProperty();
                            try {
                                if (nextProperty.getString().equals(linkedResourceId)) {
                                    nextProperty.remove();
                                }
                            } catch (IllegalArgumentException e) {
                                log.debug("{} has invalid value", nextProperty.getPath());
                            }
                        }
                        return null;
                    }
                });
            }
        } catch (RepositoryException e) {
            log.error("failed to remove " + str3 + " " + str2 + " from [" + str + "]", e);
        }
    }

    protected abstract String getRepositoryName();

    protected abstract Node findPrincipalNode(String str, Session session) throws RepositoryException;

    public Map<String, ACL> getACLs(final String str) {
        return (Map) MgnlContext.doInSystemContext(new SilentSessionOp<Map<String, ACL>>(getRepositoryName()) { // from class: info.magnolia.cms.security.RepositoryBackedSecurityManager.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // info.magnolia.cms.security.SilentSessionOp
            public Map<String, ACL> doExec(Session session) throws Throwable {
                Node findPrincipalNode = RepositoryBackedSecurityManager.this.findPrincipalNode(str, session);
                return findPrincipalNode == null ? Collections.emptyMap() : RepositoryBackedSecurityManager.this.getACLs(findPrincipalNode);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, ACL> getACLs(Node node) throws RepositoryException, ValueFormatException, PathNotFoundException {
        HashMap hashMap = new HashMap();
        FilteringNodeIterator filteringNodeIterator = new FilteringNodeIterator(node.getNodes(), new NodeTypePredicate(ItemType.CONTENTNODE.getSystemName(), true));
        while (filteringNodeIterator.hasNext()) {
            Node nextNode = filteringNodeIterator.nextNode();
            if (nextNode.getName().startsWith("acl")) {
                String substringAfter = StringUtils.substringAfter(nextNode.getName(), "acl_");
                ArrayList arrayList = new ArrayList();
                FilteringNodeIterator filteringNodeIterator2 = new FilteringNodeIterator(nextNode.getNodes(), new NodeTypePredicate(ItemType.CONTENTNODE.getSystemName(), true));
                while (filteringNodeIterator2.hasNext()) {
                    Node nextNode2 = filteringNodeIterator2.nextNode();
                    SimpleUrlPattern simpleUrlPattern = new SimpleUrlPattern(nextNode2.getProperty("path").getString());
                    PermissionImpl permissionImpl = new PermissionImpl();
                    permissionImpl.setPattern(simpleUrlPattern);
                    permissionImpl.setPermissions(nextNode2.getProperty("permissions").getLong());
                    arrayList.add(permissionImpl);
                }
                if (hashMap.containsKey(substringAfter)) {
                    arrayList.addAll(((ACL) hashMap.get(substringAfter)).getList());
                }
                hashMap.put(substringAfter, new ACLImpl(substringAfter, arrayList));
            }
        }
        return hashMap;
    }
}
