package org.apache.jackrabbit.oak.security.privilege;

import com.google.common.collect.ImmutableMap;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.spi.security.privilege.ImmutablePrivilegeDefinition;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
import org.apache.jackrabbit.oak.util.NodeUtil;

/* loaded from: input_file:WEB-INF/lib/oak-core-1.0.0.jar:org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.class */
class PrivilegeDefinitionWriter implements PrivilegeConstants {
    private static final String[] NON_AGGR_PRIVILEGES = {PrivilegeConstants.REP_READ_NODES, PrivilegeConstants.REP_READ_PROPERTIES, PrivilegeConstants.REP_ADD_PROPERTIES, PrivilegeConstants.REP_ALTER_PROPERTIES, PrivilegeConstants.REP_REMOVE_PROPERTIES, PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_NODE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL, PrivilegeConstants.JCR_MODIFY_ACCESS_CONTROL, PrivilegeConstants.JCR_NODE_TYPE_MANAGEMENT, PrivilegeConstants.JCR_VERSION_MANAGEMENT, PrivilegeConstants.JCR_LOCK_MANAGEMENT, PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT, PrivilegeConstants.JCR_RETENTION_MANAGEMENT, PrivilegeConstants.JCR_WORKSPACE_MANAGEMENT, PrivilegeConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, PrivilegeConstants.JCR_NAMESPACE_MANAGEMENT, PrivilegeConstants.REP_PRIVILEGE_MANAGEMENT, PrivilegeConstants.REP_USER_MANAGEMENT, PrivilegeConstants.REP_INDEX_DEFINITION_MANAGEMENT};
    private static final Map<String, String[]> AGGREGATE_PRIVILEGES = ImmutableMap.of("jcr:read", new String[]{PrivilegeConstants.REP_READ_NODES, PrivilegeConstants.REP_READ_PROPERTIES}, PrivilegeConstants.JCR_MODIFY_PROPERTIES, new String[]{PrivilegeConstants.REP_ADD_PROPERTIES, PrivilegeConstants.REP_ALTER_PROPERTIES, PrivilegeConstants.REP_REMOVE_PROPERTIES}, "jcr:write", new String[]{PrivilegeConstants.JCR_MODIFY_PROPERTIES, PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_NODE}, PrivilegeConstants.REP_WRITE, new String[]{"jcr:write", PrivilegeConstants.JCR_NODE_TYPE_MANAGEMENT});
    private final Root root;
    private final PrivilegeBitsProvider bitsMgr;
    private PrivilegeBits next;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivilegeDefinitionWriter(Root root) {
        this.root = root;
        this.bitsMgr = new PrivilegeBitsProvider(root);
        Tree privilegesTree = this.bitsMgr.getPrivilegesTree();
        if (privilegesTree.exists() && privilegesTree.hasProperty(PrivilegeConstants.REP_NEXT)) {
            this.next = PrivilegeBits.getInstance(privilegesTree);
        } else {
            this.next = PrivilegeBits.NEXT_AFTER_BUILT_INS;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void writeDefinition(PrivilegeDefinition privilegeDefinition) throws RepositoryException {
        writeDefinitions(Collections.singleton(privilegeDefinition));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void writeBuiltInDefinitions() throws RepositoryException {
        writeDefinitions(getBuiltInDefinitions());
    }

    @Nonnull
    private PrivilegeBits getNext() {
        return this.next;
    }

    @Nonnull
    private PrivilegeBits next() {
        PrivilegeBits privilegeBits = this.next;
        this.next = privilegeBits.nextBits();
        return privilegeBits;
    }

    private void writeDefinitions(Iterable<PrivilegeDefinition> iterable) throws RepositoryException {
        try {
            Tree tree = this.root.getTree(PrivilegeConstants.PRIVILEGES_PATH);
            if (!tree.exists()) {
                throw new RepositoryException("Privilege store does not exist.");
            }
            NodeUtil nodeUtil = new NodeUtil(tree);
            for (PrivilegeDefinition privilegeDefinition : iterable) {
                if (nodeUtil.hasChild(privilegeDefinition.getName())) {
                    throw new RepositoryException("Privilege definition with name '" + privilegeDefinition.getName() + "' already exists.");
                }
                writePrivilegeNode(nodeUtil, privilegeDefinition);
            }
            getNext().writeTo(tree);
            this.root.commit();
        } catch (CommitFailedException e) {
            throw e.asRepositoryException();
        }
    }

    private void writePrivilegeNode(NodeUtil nodeUtil, PrivilegeDefinition privilegeDefinition) throws RepositoryException {
        String name = privilegeDefinition.getName();
        NodeUtil addChild = nodeUtil.addChild(name, PrivilegeConstants.NT_REP_PRIVILEGE);
        if (privilegeDefinition.isAbstract()) {
            addChild.setBoolean(PrivilegeConstants.REP_IS_ABSTRACT, true);
        }
        String[] strArr = (String[]) privilegeDefinition.getDeclaredAggregateNames().toArray(new String[privilegeDefinition.getDeclaredAggregateNames().size()]);
        boolean z = strArr.length > 0;
        if (z) {
            addChild.setNames(PrivilegeConstants.REP_AGGREGATES, strArr);
        }
        (PrivilegeBits.BUILT_IN.containsKey(name) ? PrivilegeBits.BUILT_IN.get(name) : z ? this.bitsMgr.getBits(strArr) : next()).writeTo(addChild.getTree());
    }

    private static Collection<PrivilegeDefinition> getBuiltInDefinitions() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (String str : NON_AGGR_PRIVILEGES) {
            linkedHashMap.put(str, new ImmutablePrivilegeDefinition(str, false, null));
        }
        for (String str2 : AGGREGATE_PRIVILEGES.keySet()) {
            linkedHashMap.put(str2, new ImmutablePrivilegeDefinition(str2, false, Arrays.asList(AGGREGATE_PRIVILEGES.get(str2))));
        }
        linkedHashMap.put("jcr:all", new ImmutablePrivilegeDefinition("jcr:all", false, linkedHashMap.keySet()));
        return linkedHashMap.values();
    }
}
