package info.magnolia.cms.security;

import info.magnolia.cms.security.SecuritySupport;
import info.magnolia.cms.security.auth.ACL;
import info.magnolia.context.MgnlContext;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.security.auth.Subject;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/magnolia-core-5.5.3.jar:info/magnolia/cms/security/PermissionUtil.class */
public class PermissionUtil {
    private static final Logger log = LoggerFactory.getLogger(PermissionUtil.class);

    public static AccessManager getAccessManager(String str, Subject subject) {
        List<Permission> permissions = getPermissions(subject, str);
        if (permissions == null) {
            log.warn("no permissions found for {}", subject.getPrincipals(User.class));
        }
        AccessManagerImpl accessManagerImpl = new AccessManagerImpl();
        accessManagerImpl.setPermissionList(permissions);
        return accessManagerImpl;
    }

    static List<Permission> getPermissions(Subject subject, String str) {
        if (subject != null) {
            ACL findAccessControlList = PrincipalUtil.findAccessControlList(subject, str);
            if (findAccessControlList != null) {
                return findAccessControlList.getList();
            }
            return null;
        }
        log.warn("no session == running as anonymous");
        SecuritySupport factory = SecuritySupport.Factory.getInstance();
        Collection<String> allRoles = factory.getUserManager().getAnonymousUser().getAllRoles();
        RoleManager roleManager = factory.getRoleManager();
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = allRoles.iterator();
        while (it.hasNext()) {
            for (ACL acl : roleManager.getACLs(it.next()).values()) {
                if (str.equals(acl.getName())) {
                    arrayList.addAll(acl.getList());
                }
            }
        }
        return arrayList;
    }

    public static boolean isGranted(Node node, long j) throws RepositoryException {
        if (node == null) {
            throw new IllegalArgumentException("Node can't be null for evaluating permissions.");
        }
        return MgnlContext.getAccessManager(node.getSession().getWorkspace().getName()).isGranted(node.getPath(), j);
    }

    public static boolean isGranted(String str, String str2, String str3) {
        return MgnlContext.getAccessManager(str).isGranted(str2, convertPermissions(str3));
    }

    public static boolean isGranted(Session session, String str, long j) {
        String str2 = null;
        try {
            str2 = convertPermissions(j);
        } catch (IllegalArgumentException e) {
            MgnlContext.getAccessManager(session.getWorkspace().getName()).isGranted(str, j);
        }
        try {
            return session.hasPermission(str, str2);
        } catch (RepositoryException e2) {
            return false;
        }
    }

    public static boolean isGranted(Session session, String str, String str2) {
        if (StringUtils.isBlank(str2)) {
            throw new IllegalArgumentException("Empty action value is not valid for permission check. Please make sure you don't check against empty permissions or contact administrator.");
        }
        try {
            return session.hasPermission(str, str2);
        } catch (RepositoryException e) {
            return false;
        }
    }

    public static long convertPermissions(String str) {
        long j = 0;
        for (String str2 : StringUtils.split(str, ", ")) {
            if (Session.ACTION_ADD_NODE.equals(str2)) {
                j += 11;
            } else if (Session.ACTION_READ.equals(str2)) {
                j += 8;
            } else if (Session.ACTION_REMOVE.equals(str2)) {
                j += 4;
            } else if (Session.ACTION_SET_PROPERTY.equals(str2)) {
                j += 2;
            }
        }
        return j;
    }

    static String convertPermissions(long j) {
        StringBuilder sb = new StringBuilder();
        if ((j & 63) == 63) {
            sb.append(Session.ACTION_ADD_NODE).append(",").append(Session.ACTION_READ).append(",").append("remove,").append(Session.ACTION_SET_PROPERTY);
        } else {
            if ((j & 11) == 11) {
                if (sb.length() > 0) {
                    sb.append(",");
                }
                sb.append(Session.ACTION_ADD_NODE);
            }
            if ((j & 8) == 8) {
                if (sb.length() > 0) {
                    sb.append(",");
                }
                sb.append(Session.ACTION_READ);
            }
            if ((j & 4) == 4) {
                if (sb.length() > 0) {
                    sb.append(",");
                }
                sb.append(Session.ACTION_REMOVE);
            }
            if ((j & 2) == 2) {
                if (sb.length() > 0) {
                    sb.append(",");
                }
                sb.append(Session.ACTION_SET_PROPERTY);
            }
        }
        String sb2 = sb.toString();
        if (StringUtils.isEmpty(sb2)) {
            throw new IllegalArgumentException("Unknown permissions: " + j);
        }
        return sb2;
    }

    public static void verifyIsGrantedOrThrowException(Session session, String str, String str2) throws AccessDeniedException {
        try {
            if (session.hasPermission(str, str2)) {
            } else {
                throw new AccessDeniedException("Not allowed to access " + str + " with permission " + str2);
            }
        } catch (RepositoryException e) {
            throw new AccessDeniedException("Exception occurred while checking permissions for " + str + " with permission " + str2, e);
        }
    }
}
