package com.openkm.module.jcr.stuff;

import com.openkm.bean.Document;
import com.openkm.bean.Note;
import com.openkm.bean.Permission;
import com.openkm.core.Config;
import com.openkm.jaas.RoleImpl;
import com.openkm.module.jcr.JcrRepositoryModule;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.ItemNotFoundException;
import javax.jcr.Node;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.ValueFormatException;
import javax.security.auth.Subject;
import org.apache.jackrabbit.core.ItemId;
import org.apache.jackrabbit.core.NodeId;
import org.apache.jackrabbit.core.PropertyId;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.AMContext;
import org.apache.jackrabbit.core.security.AccessManager;
import org.apache.jackrabbit.core.security.UserPrincipal;
import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
import org.apache.jackrabbit.core.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.Path;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/openkm/module/jcr/stuff/RepositoryAccessManager.class */
public class RepositoryAccessManager implements AccessManager {
    private static Logger log = LoggerFactory.getLogger(RepositoryAccessManager.class);
    private AMContext context;
    private Subject subject = null;
    private String principalUser = null;
    private Set<String> principalRoles = null;

    public void init(AMContext aMContext) throws AccessDeniedException, Exception {
        log.debug("init({})", aMContext);
        this.context = aMContext;
        this.subject = aMContext.getSubject();
        this.principalRoles = new HashSet();
        for (Principal principal : this.subject.getPrincipals()) {
            log.debug("##### {}", principal.getClass());
            if (principal instanceof EveryonePrincipal) {
                log.debug("o.a.j.c.s.p.EveryonePrincipal: {}", principal);
            } else if (principal instanceof UserPrincipal) {
                log.debug("o.a.j.c.s.UserPrincipal: {}", principal);
                this.principalUser = ((UserPrincipal) principal).getName();
                this.principalRoles.add(Config.DEFAULT_USER_ROLE);
            } else if (principal instanceof Group) {
                log.debug("j.s.a.Group: {}", principal);
                Enumeration<? extends Principal> members = ((Group) principal).members();
                while (members.hasMoreElements()) {
                    Principal nextElement = members.nextElement();
                    log.debug("Rol: {}", nextElement.getName());
                    this.principalRoles.add(nextElement.getName());
                }
            } else if (principal instanceof RoleImpl) {
                RoleImpl roleImpl = (RoleImpl) principal;
                log.debug("Rol: {}", roleImpl.getName());
                this.principalRoles.add(roleImpl.getName());
            } else if (principal instanceof Principal) {
                log.debug("j.s.Principal: {}", principal);
                this.principalUser = principal.getName();
            }
        }
        log.debug("PrincipalRoles: {}", this.principalRoles);
        log.debug("init: void");
    }

    public void init(AMContext aMContext, AccessControlProvider accessControlProvider, WorkspaceAccessManager workspaceAccessManager) throws AccessDeniedException, Exception {
        log.debug("init({}, {}, {}", new Object[]{aMContext, accessControlProvider, workspaceAccessManager});
        init(aMContext);
    }

    public void close() throws Exception {
        log.debug("close()");
    }

    public boolean canAccess(String str) throws RepositoryException {
        return true;
    }

    public boolean canRead(Path path) throws RepositoryException {
        return true;
    }

    public void checkPermission(ItemId itemId, int i) throws AccessDeniedException, ItemNotFoundException, RepositoryException {
    }

    public void checkPermission(Path path, int i) throws AccessDeniedException, RepositoryException {
    }

    public boolean isGranted(ItemId itemId, int i) throws ItemNotFoundException, RepositoryException {
        log.debug("deprecated - isGranted({}, {} => {})", new Object[]{itemId, Integer.valueOf(i), permissionsToString(deprecatedPermissionsToNewApi(i))});
        boolean isGranted = isGranted(this.context.getHierarchyManager().getPath(itemId), deprecatedPermissionsToNewApi(i));
        log.debug("deprecated - isGranted: {}", Boolean.valueOf(isGranted));
        return isGranted;
    }

    public boolean isGranted(Path path, Name name, int i) throws RepositoryException {
        return true;
    }

    public boolean isGranted(Path path, int i) throws RepositoryException {
        log.debug("isGranted({}, {} => {})", new Object[]{path, Integer.valueOf(i), permissionsToString(i)});
        boolean checkAccess = checkAccess(path, i);
        log.debug("isGranted: {}", Boolean.valueOf(checkAccess));
        return checkAccess;
    }

    private boolean checkAccess(Path path, int i) throws RepositoryException {
        log.debug("checkAccess({}, {} => {})", new Object[]{path, Integer.valueOf(i), permissionsToString(i)});
        SessionImpl systemSession = JcrRepositoryModule.getSystemSession();
        boolean z = false;
        if (this.principalRoles.contains(Config.DEFAULT_ADMIN_ROLE)) {
            z = true;
        } else {
            log.debug("{} Path: {}", this.subject.getPrincipals(), path);
            NodeId resolveNodePath = this.context.getHierarchyManager().resolveNodePath(path);
            if (resolveNodePath != null) {
                log.debug("{} This is a NODE", this.subject.getPrincipals());
            } else {
                PropertyId resolvePropertyPath = this.context.getHierarchyManager().resolvePropertyPath(path);
                if (resolvePropertyPath != null) {
                    log.debug("{} This is a PROPERTY", this.subject.getPrincipals());
                    resolveNodePath = resolvePropertyPath.getParentId();
                } else {
                    log.debug("{} This is a UNKNOWN: {}", this.subject.getPrincipals(), path);
                    Path ancestor = path.getAncestor(1);
                    log.debug("UNKNOWN ancestor: {}", ancestor);
                    resolveNodePath = this.context.getHierarchyManager().resolveNodePath(ancestor);
                }
            }
            if (0 != 0 || path.denotesRoot() || resolveNodePath == null) {
                z = true;
            } else {
                Node node = null;
                try {
                    node = systemSession.getNodeById(resolveNodePath);
                } catch (ItemNotFoundException e) {
                    if ((i & 4) != 0) {
                        try {
                            node = systemSession.getNodeById(this.context.getHierarchyManager().resolveNodePath(path.getAncestor(1)));
                        } catch (ItemNotFoundException e2) {
                            z = true;
                        }
                    } else {
                        z = true;
                    }
                }
                if (node == null) {
                    z = true;
                } else {
                    log.debug("{} Node Name: {}", this.subject.getPrincipals(), node.getPath());
                    log.debug("{} Node Type: {}", this.subject.getPrincipals(), node.getPrimaryNodeType().getName());
                    if (node.isNodeType(Document.CONTENT_TYPE)) {
                        log.debug("{} Node is CONTENT_TYPE", this.subject.getPrincipals());
                        node = node.getParent();
                        log.debug("{} Real -> {}", this.subject.getPrincipals(), node.getPath());
                    } else if (node.isNodeType("okm:notes")) {
                        log.debug("{} Node is NOTE_LIST_TYPE", this.subject.getPrincipals());
                        node = node.getParent();
                        log.debug("{} Real -> {}", this.subject.getPrincipals(), node.getPath());
                    } else if (node.isNodeType(Note.TYPE)) {
                        log.debug("{} Node is NOTE_TYPE", this.subject.getPrincipals());
                        node = node.getParent().getParent();
                        log.debug("{} Real -> {}", this.subject.getPrincipals(), node.getPath());
                    } else if (node.isNodeType("nt:frozenNode")) {
                        log.debug("{} Node is FROZEN_NODE", this.subject.getPrincipals());
                        node = systemSession.getNodeByUUID(node.getProperty("jcr:frozenUuid").getString()).getParent();
                        log.debug("{} Real -> {}", this.subject.getPrincipals(), node.getPath());
                    } else if (node.isNodeType("nt:version")) {
                        log.debug("{} Node is VERSION", this.subject.getPrincipals());
                        Node node2 = node.getNode("jcr:frozenNode");
                        log.debug("{} Frozen node -> {}", this.subject.getPrincipals(), node2.getPath());
                        String string = node2.getProperty("jcr:frozenUuid").getString();
                        try {
                            node = systemSession.getNodeByUUID(string).getParent();
                            log.debug("{} Real -> {}", this.subject.getPrincipals(), node.getPath());
                        } catch (ItemNotFoundException e3) {
                            log.warn("Real node not found, so we are purging: {}", string);
                            z = true;
                        }
                    } else if (node.isNodeType("nt:versionHistory")) {
                        log.debug("{} Node is VERSION_HISTORY", this.subject.getPrincipals());
                        node = systemSession.getNodeByUUID(node.getProperty("jcr:versionableUuid").getString()).getParent();
                        log.debug("{} Real -> {}", this.subject.getPrincipals(), node.getPath());
                    }
                    if (!z) {
                        if ((i & 1) != 0) {
                            try {
                                z = checkProperties(node, Permission.USERS_READ, Permission.ROLES_READ);
                            } catch (PathNotFoundException e4) {
                                log.warn("{} PathNotFoundException({}) in {}", new Object[]{this.subject.getPrincipals(), e4.getMessage(), node.getPrimaryNodeType().getName()});
                                z = true;
                            }
                        } else if ((i & 4) != 0 || (i & 2) != 0) {
                            try {
                                z = checkProperties(node, Permission.USERS_WRITE, Permission.ROLES_WRITE);
                            } catch (PathNotFoundException e5) {
                                log.debug("{} PropertyNotFoundException({}) in {}", new Object[]{this.subject.getPrincipals(), e5.getMessage(), node.getPrimaryNodeType().getName()});
                                z = true;
                            }
                        } else if ((i & 8) != 0 || (i & 16) != 0) {
                            try {
                                z = checkProperties(node, Permission.USERS_DELETE, Permission.ROLES_DELETE);
                            } catch (PathNotFoundException e6) {
                                log.debug("{} PropertyNotFoundException({}) in {}", new Object[]{this.subject.getPrincipals(), e6.getMessage(), node.getPrimaryNodeType().getName()});
                                z = true;
                            }
                        } else if ((i & 64) != 0) {
                            try {
                                z = checkProperties(node, Permission.USERS_SECURITY, Permission.ROLES_SECURITY);
                            } catch (PathNotFoundException e7) {
                                log.debug("{} PropertyNotFoundException({}) in {}", new Object[]{this.subject.getPrincipals(), e7.getMessage(), node.getPrimaryNodeType().getName()});
                                z = true;
                            }
                        }
                    }
                }
            }
        }
        log.debug("checkAccess: {}", Boolean.valueOf(z));
        return z;
    }

    private boolean checkProperties(Node node, String str, String str2) throws ValueFormatException, RepositoryException, PathNotFoundException {
        log.debug("checkProperties({})", node);
        Value[] values = node.getProperty(str).getValues();
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= values.length) {
                break;
            }
            log.debug("{} User: {}", str, values[i].getString());
            if (this.principalUser.equals(values[i].getString())) {
                z = true;
                break;
            }
            i++;
        }
        if (!z) {
            Value[] values2 = node.getProperty(str2).getValues();
            int i2 = 0;
            while (true) {
                if (i2 >= values2.length) {
                    break;
                }
                log.debug("{} Rol: {}", str2, values2[i2].getString());
                if (this.principalRoles.contains(values2[i2].getString())) {
                    z = true;
                    break;
                }
                i2++;
            }
        }
        log.debug("checkProperties: {}", Boolean.valueOf(z));
        return z;
    }

    private int deprecatedPermissionsToNewApi(int i) {
        boolean z = (i & 1) != 0;
        boolean z2 = (i & 2) != 0;
        boolean z3 = (i & 4) != 0;
        int i2 = 0;
        if (z) {
            i2 = 0 | 1;
        }
        if (z2) {
            i2 = i2 | 4 | 2;
        }
        if (z3) {
            i2 = i2 | 8 | 16;
        }
        return i2;
    }

    private String permissionsToString(int i) {
        StringBuilder sb = new StringBuilder();
        if (i != 0) {
            if ((i & 4) != 0) {
                sb.append("add_node ");
            }
            if ((i & 1) != 0) {
                sb.append("read ");
            }
            if ((i & 8) != 0) {
                sb.append("remove_node ");
            }
            if ((i & 16) != 0) {
                sb.append("remove_property ");
            }
            if ((i & 2) != 0) {
                sb.append("set_property ");
            }
            if ((i & 32) != 0) {
                sb.append("read_ac ");
            }
            if ((i & 64) != 0) {
                sb.append("modify_ac ");
            }
        }
        return sb.toString();
    }
}
