package org.gcube.common.homelibrary.jcr.workspace.accessmanager;

import java.security.Principal;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import javax.jcr.Node;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
import org.gcube.common.homelibrary.home.exceptions.InternalErrorException;
import org.gcube.common.homelibrary.home.workspace.accessmanager.ACLType;
import org.gcube.common.homelibrary.jcr.repository.JCRRepository;

/* loaded from: input_file:WEB-INF/lib/home-library-jcr-1.6.0-3.5.0.jar:org/gcube/common/homelibrary/jcr/workspace/accessmanager/JCRPrivilegesInfo.class */
public class JCRPrivilegesInfo {
    private static final String NO_LIMIT = "hl:noOwnershipLimit";
    private static final String REMOVE_ROOT = "hl:removeSharedRoot";
    private static final String WRITE_ALL = "hl:writeAll";
    private static final String READ = "jcr:read";
    private static final String WRITE = "jcr:write";
    private static final String ADMINISTRATOR = "jcr:all";
    public static final String OWNER = "hl:owner";
    public static final String PORTAL_LOGIN = "hl:portalLogin";

    /* loaded from: input_file:WEB-INF/lib/home-library-jcr-1.6.0-3.5.0.jar:org/gcube/common/homelibrary/jcr/workspace/accessmanager/JCRPrivilegesInfo$AccessRights.class */
    public static class AccessRights {
        private Set<Privilege> granted = new HashSet();
        private Set<Privilege> denied = new HashSet();
        private static transient ResourceBundle resBundle = null;

        private ResourceBundle getResourceBundle(Locale locale) {
            if (resBundle == null || !resBundle.getLocale().equals(locale)) {
                resBundle = ResourceBundle.getBundle(getClass().getPackage().getName() + ".PrivilegesResources", locale);
            }
            return resBundle;
        }

        public Set<Privilege> getGranted() {
            return this.granted;
        }

        public Set<Privilege> getDenied() {
            return this.denied;
        }

        public String getPrivilegeSetDisplayName(Locale locale) {
            if (this.denied != null && !this.denied.isEmpty()) {
                return getResourceBundle(locale).getString("privilegeset.custom");
            }
            if (this.granted.isEmpty()) {
                return getResourceBundle(locale).getString("privilegeset.none");
            }
            if (this.granted.size() == 1) {
                Privilege next = this.granted.iterator().next();
                if (JCRPrivilegesInfo.ADMINISTRATOR.equals(next.getName())) {
                    return getResourceBundle(locale).getString("privilegeset.all");
                }
                if (JCRPrivilegesInfo.READ.equals(next.getName())) {
                    return getResourceBundle(locale).getString("privilegeset.readonly");
                }
            } else if (this.granted.size() == 2) {
                Iterator<Privilege> it = this.granted.iterator();
                Privilege next2 = it.next();
                Privilege next3 = it.next();
                if ((JCRPrivilegesInfo.READ.equals(next2.getName()) && JCRPrivilegesInfo.WRITE.equals(next3.getName())) || (JCRPrivilegesInfo.READ.equals(next3.getName()) && JCRPrivilegesInfo.WRITE.equals(next2.getName()))) {
                    return getResourceBundle(locale).getString("privilegeset.readwrite");
                }
            }
            return getResourceBundle(locale).getString("privilegeset.custom");
        }
    }

    public Privilege[] getSupportedPrivileges(Node node) throws RepositoryException {
        return getSupportedPrivileges(node.getSession(), node.getPath());
    }

    public Privilege[] getSupportedPrivileges(Session session, String str) throws RepositoryException {
        return AccessControlUtil.getAccessControlManager(session).getSupportedPrivileges(str);
    }

    public Map<Principal, AccessRights> getDeclaredAccessRights(Node node) throws RepositoryException {
        return getDeclaredAccessRights(node.getSession(), node.getPath());
    }

    public Map<Principal, AccessRights> getDeclaredAccessRights(Session session, String str) throws RepositoryException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        AccessControlEntry[] declaredAccessControlEntries = getDeclaredAccessControlEntries(session, str);
        if (declaredAccessControlEntries != null) {
            for (AccessControlEntry accessControlEntry : declaredAccessControlEntries) {
                Principal principal = accessControlEntry.getPrincipal();
                AccessRights accessRights = (AccessRights) linkedHashMap.get(principal);
                if (accessRights == null) {
                    accessRights = new AccessRights();
                    linkedHashMap.put(principal, accessRights);
                }
                if (AccessControlUtil.isAllow(accessControlEntry)) {
                    accessRights.getGranted().addAll(Arrays.asList(accessControlEntry.getPrivileges()));
                } else {
                    accessRights.getDenied().addAll(Arrays.asList(accessControlEntry.getPrivileges()));
                }
            }
        }
        return linkedHashMap;
    }

    private AccessControlEntry[] getDeclaredAccessControlEntries(Session session, String str) throws RepositoryException {
        for (AccessControlPolicy accessControlPolicy : AccessControlUtil.getAccessControlManager(session).getPolicies(str)) {
            if (accessControlPolicy instanceof AccessControlList) {
                return ((AccessControlList) accessControlPolicy).getAccessControlEntries();
            }
        }
        return new AccessControlEntry[0];
    }

    public AccessRights getDeclaredAccessRightsForPrincipal(Node node, String str) throws RepositoryException {
        return getDeclaredAccessRightsForPrincipal(node.getSession(), node.getPath(), str);
    }

    public AccessRights getDeclaredAccessRightsForPrincipal(Session session, String str, String str2) throws RepositoryException {
        AccessRights accessRights = new AccessRights();
        if (str2 != null && str2.length() > 0) {
            for (AccessControlPolicy accessControlPolicy : AccessControlUtil.getAccessControlManager(session).getPolicies(str)) {
                if (accessControlPolicy instanceof AccessControlList) {
                    for (AccessControlEntry accessControlEntry : ((AccessControlList) accessControlPolicy).getAccessControlEntries()) {
                        if (str2.equals(accessControlEntry.getPrincipal().getName())) {
                            if (AccessControlUtil.isAllow(accessControlEntry)) {
                                accessRights.getGranted().addAll(Arrays.asList(accessControlEntry.getPrivileges()));
                            } else {
                                accessRights.getDenied().addAll(Arrays.asList(accessControlEntry.getPrivileges()));
                            }
                        }
                    }
                }
            }
        }
        return accessRights;
    }

    public Map<Principal, AccessRights> getEffectiveAccessRights(Node node) throws RepositoryException {
        return getEffectiveAccessRights(node.getSession(), node.getPath());
    }

    public Map<Principal, AccessRights> getEffectiveAccessRights(Session session, String str) throws RepositoryException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        AccessControlEntry[] effectiveAccessControlEntries = getEffectiveAccessControlEntries(session, str);
        if (effectiveAccessControlEntries != null) {
            for (AccessControlEntry accessControlEntry : effectiveAccessControlEntries) {
                Principal principal = accessControlEntry.getPrincipal();
                AccessRights accessRights = (AccessRights) linkedHashMap.get(principal);
                if (accessRights == null) {
                    accessRights = new AccessRights();
                    linkedHashMap.put(principal, accessRights);
                }
                if (AccessControlUtil.isAllow(accessControlEntry)) {
                    accessRights.getGranted().addAll(Arrays.asList(accessControlEntry.getPrivileges()));
                } else {
                    accessRights.getDenied().addAll(Arrays.asList(accessControlEntry.getPrivileges()));
                }
            }
        }
        return linkedHashMap;
    }

    private AccessControlEntry[] getEffectiveAccessControlEntries(Session session, String str) throws RepositoryException {
        for (AccessControlPolicy accessControlPolicy : AccessControlUtil.getAccessControlManager(session).getEffectivePolicies(str)) {
            if (accessControlPolicy instanceof AccessControlList) {
                return ((AccessControlList) accessControlPolicy).getAccessControlEntries();
            }
        }
        return new AccessControlEntry[0];
    }

    public AccessRights getEffectiveAccessRightsForPrincipal(Node node, String str) throws RepositoryException {
        return getEffectiveAccessRightsForPrincipal(node.getSession(), node.getPath(), str);
    }

    public AccessRights getEffectiveAccessRightsForPrincipal(Session session, String str, String str2) throws RepositoryException {
        AccessRights accessRights = new AccessRights();
        if (str2 != null && str2.length() > 0) {
            for (AccessControlPolicy accessControlPolicy : AccessControlUtil.getAccessControlManager(session).getEffectivePolicies(str)) {
                if (accessControlPolicy instanceof AccessControlList) {
                    for (AccessControlEntry accessControlEntry : ((AccessControlList) accessControlPolicy).getAccessControlEntries()) {
                        if (str2.equals(accessControlEntry.getPrincipal().getName())) {
                            if (AccessControlUtil.isAllow(accessControlEntry)) {
                                accessRights.getGranted().addAll(Arrays.asList(accessControlEntry.getPrivileges()));
                            } else {
                                accessRights.getDenied().addAll(Arrays.asList(accessControlEntry.getPrivileges()));
                            }
                        }
                    }
                }
            }
        }
        return accessRights;
    }

    public static boolean canAddChildren(String str, String str2, String str3) throws InternalErrorException {
        Session session = JCRRepository.getSession(str2);
        if (str.equals(str2)) {
            return true;
        }
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            boolean hasPrivileges = accessControlManager.hasPrivileges(str3, new Privilege[]{accessControlManager.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES)});
            session.logout();
            return hasPrivileges;
        } catch (RepositoryException e) {
            session.logout();
            return false;
        } catch (Throwable th) {
            session.logout();
            throw th;
        }
    }

    public static boolean canDeleteChildren(String str, String str2) throws InternalErrorException {
        Session session = JCRRepository.getSession(str);
        try {
            boolean canDeleteChildren = canDeleteChildren(session, str2);
            session.logout();
            return canDeleteChildren;
        } catch (Throwable th) {
            session.logout();
            throw th;
        }
    }

    private static boolean canDeleteChildren(Session session, String str) {
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            return accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName(Privilege.JCR_REMOVE_CHILD_NODES), accessControlManager.privilegeFromName(NO_LIMIT)});
        } catch (RepositoryException e) {
            return false;
        }
    }

    public static boolean canDelete(String str, String str2, String str3, boolean z) throws InternalErrorException {
        boolean z2;
        if (str.equals(str2)) {
            return true;
        }
        Session session = JCRRepository.getSession(str2);
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            int lastIndexOf = str3.lastIndexOf(47);
            String substring = lastIndexOf == 0 ? "/" : str3.substring(0, lastIndexOf);
            try {
                accessControlManager.hasPrivileges(str3, new Privilege[]{accessControlManager.privilegeFromName(NO_LIMIT), accessControlManager.privilegeFromName(Privilege.JCR_REMOVE_NODE)});
                if (z) {
                    z2 = accessControlManager.hasPrivileges(str3, new Privilege[]{accessControlManager.privilegeFromName(Privilege.JCR_REMOVE_NODE), accessControlManager.privilegeFromName(NO_LIMIT), accessControlManager.privilegeFromName(REMOVE_ROOT)});
                } else {
                    z2 = accessControlManager.hasPrivileges(str3, new Privilege[]{accessControlManager.privilegeFromName(Privilege.JCR_REMOVE_NODE), accessControlManager.privilegeFromName(NO_LIMIT)}) && canDeleteChildren(session, substring);
                }
                boolean z3 = z2;
                session.logout();
                return z3;
            } catch (Exception e) {
                throw new InternalErrorException("Error retrieving privilege: " + e);
            }
        } catch (RepositoryException e2) {
            session.logout();
            return false;
        } catch (Throwable th) {
            session.logout();
            throw th;
        }
    }

    public static boolean canModifyProperties(String str, String str2, String str3, boolean z) throws InternalErrorException {
        if (str.equals(str2)) {
            return true;
        }
        Session session = JCRRepository.getSession(str2);
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            boolean hasPrivileges = z ? accessControlManager.hasPrivileges(str3, new Privilege[]{accessControlManager.privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES), accessControlManager.privilegeFromName(NO_LIMIT), accessControlManager.privilegeFromName(REMOVE_ROOT)}) : accessControlManager.hasPrivileges(str3, new Privilege[]{accessControlManager.privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES), accessControlManager.privilegeFromName(NO_LIMIT)});
            session.logout();
            return hasPrivileges;
        } catch (RepositoryException e) {
            session.logout();
            return false;
        } catch (Throwable th) {
            session.logout();
            throw th;
        }
    }

    public static ACLType getACLByUser(String str, String str2) throws InternalErrorException {
        Session session = JCRRepository.getSession(str);
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            if (!getOwner(session.getNode(str2)).equals(str) && !accessControlManager.hasPrivileges(str2, new Privilege[]{accessControlManager.privilegeFromName(ADMINISTRATOR)})) {
                if (accessControlManager.hasPrivileges(str2, new Privilege[]{accessControlManager.privilegeFromName(WRITE_ALL)})) {
                    return ACLType.WRITE_ALL;
                }
                if (accessControlManager.hasPrivileges(str2, new Privilege[]{accessControlManager.privilegeFromName(WRITE)})) {
                    return ACLType.WRITE_OWNER;
                }
                if (accessControlManager.hasPrivileges(str2, new Privilege[]{accessControlManager.privilegeFromName(READ)})) {
                    return ACLType.READ_ONLY;
                }
                return null;
            }
            return ACLType.ADMINISTRATOR;
        } catch (RepositoryException e) {
            throw new InternalErrorException("ACLType Unknown " + e);
        }
    }

    private static String getOwner(Node node) throws PathNotFoundException, RepositoryException {
        String string;
        try {
            string = node.getProperty("hl:portalLogin").getString();
        } catch (Exception e) {
            string = node.getNode("hl:owner").getProperty("hl:portalLogin").getString();
        }
        return string;
    }

    public static boolean canReadNode(String str, String str2, String str3) throws InternalErrorException {
        if (str.equals(str2)) {
            return true;
        }
        Session session = JCRRepository.getSession(str2);
        try {
            AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
            boolean hasPrivileges = accessControlManager.hasPrivileges(str3, new Privilege[]{accessControlManager.privilegeFromName(Privilege.JCR_READ)});
            session.logout();
            return hasPrivileges;
        } catch (RepositoryException e) {
            session.logout();
            return false;
        } catch (Throwable th) {
            session.logout();
            throw th;
        }
    }
}
