package org.gcube.common.homelibrary.jcr.workspace.accessmanager;

import com.thoughtworks.xstream.XStream;
import java.net.URLEncoder;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.GetMethod;
import org.gcube.common.homelibrary.home.exceptions.InternalErrorException;
import org.gcube.common.homelibrary.home.workspace.accessmanager.AccessManager;
import org.gcube.common.homelibrary.jcr.repository.JCRRepository;
import org.gcube.common.homelibrary.jcr.workspace.accessmanager.JCRPrivilegesInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/home-library-jcr-2.0.0-3.8.0.jar:org/gcube/common/homelibrary/jcr/workspace/accessmanager/JCRAccessManager.class */
public class JCRAccessManager implements AccessManager {
    private Logger logger = LoggerFactory.getLogger(JCRAccessManager.class);
    public static final String JUST_OWNER = "hl:justOwner";
    public static String url;

    public JCRAccessManager() {
        url = JCRRepository.url;
    }

    public Map<String, List<String>> getACL(String str) throws InternalErrorException {
        Session session = JCRRepository.getSession();
        try {
            ArrayList arrayList = new ArrayList();
            for (AccessControlPolicy accessControlPolicy : session.getAccessControlManager().getPolicies(str)) {
                if (accessControlPolicy instanceof AccessControlList) {
                    for (AccessControlEntry accessControlEntry : ((AccessControlList) accessControlPolicy).getAccessControlEntries()) {
                        arrayList.add(accessControlEntry);
                    }
                }
            }
            return getMap(arrayList);
        } catch (RepositoryException e) {
            this.logger.error("Error getting ACL in AccessManager for node: " + str, e);
            throw new InternalErrorException(e);
        }
    }

    public boolean modifyAce(List<String> list, String str, List<String> list2, String str2) throws InternalErrorException {
        Boolean bool;
        try {
            deleteAces(str, list);
            GetMethod getMethod = null;
            try {
                try {
                    HttpClient httpClient = new HttpClient();
                    StringBuilder sb = new StringBuilder();
                    Iterator<String> it2 = list2.iterator();
                    while (it2.hasNext()) {
                        sb.append("&privilege@" + it2.next());
                    }
                    if (str2 == null) {
                        str2 = "first";
                    }
                    Iterator<String> it3 = list.iterator();
                    while (it3.hasNext()) {
                        try {
                            String str3 = url + "/ModifyAceServlet?" + JCRRepository.getCredetials() + "&principalId=" + it3.next() + "&resourcePath=" + URLEncoder.encode(str, "UTF-8") + sb.toString() + "&order=" + str2;
                            this.logger.debug(str3);
                            getMethod = new GetMethod(str3);
                            httpClient.executeMethod(getMethod);
                            this.logger.debug("Response " + getMethod.getResponseBodyAsString());
                            if (getMethod != null) {
                                getMethod.releaseConnection();
                            }
                        } catch (Exception e) {
                            this.logger.error("Error modifing ACLs: " + e);
                            throw new InternalErrorException(e);
                        }
                    }
                    try {
                        bool = (Boolean) new XStream().fromXML(getMethod.getResponseBodyAsString());
                    } catch (Exception e2) {
                        bool = false;
                        this.logger.error("Error in Modify ace", e2);
                    }
                    if (getMethod != null) {
                        getMethod.releaseConnection();
                    }
                } catch (Exception e3) {
                    this.logger.error("Error in Add or Modify Permissions in AccessManager", e3);
                    bool = false;
                    if (0 != 0) {
                        getMethod.releaseConnection();
                    }
                }
                return bool.booleanValue();
            } catch (Throwable th) {
                if (0 != 0) {
                    getMethod.releaseConnection();
                }
                throw th;
            }
        } catch (Exception e4) {
            this.logger.error("Error deleting old ACLs: " + e4);
            throw new InternalErrorException(e4);
        }
    }

    @Override // org.gcube.common.homelibrary.home.workspace.accessmanager.AccessManager
    public Map<String, List<String>> getEACL(String str) throws InternalErrorException {
        Session session = JCRRepository.getSession();
        try {
            ArrayList arrayList = new ArrayList();
            for (AccessControlPolicy accessControlPolicy : session.getAccessControlManager().getEffectivePolicies(str)) {
                if (accessControlPolicy instanceof AccessControlList) {
                    for (AccessControlEntry accessControlEntry : ((AccessControlList) accessControlPolicy).getAccessControlEntries()) {
                        arrayList.add(accessControlEntry);
                    }
                }
            }
            Map<String, List<String>> map = getMap(arrayList);
            this.logger.debug("ACL map on " + str + " : " + map.toString());
            return map;
        } catch (RepositoryException e) {
            this.logger.error("Error getting Effective ACL for node: " + str, e);
            throw new InternalErrorException(e);
        }
    }

    private Map<String, List<String>> getMap(List<AccessControlEntry> list) {
        HashMap hashMap = new HashMap();
        for (AccessControlEntry accessControlEntry : list) {
            List list2 = null;
            String name = accessControlEntry.getPrincipal().getName();
            if (!name.equals("everyone")) {
                try {
                    list2 = (List) hashMap.get(name);
                } catch (Exception e) {
                }
                for (Privilege privilege : accessControlEntry.getPrivileges()) {
                    if (list2 == null) {
                        list2 = new ArrayList();
                    }
                    list2.add(privilege.getName());
                }
                hashMap.put(accessControlEntry.getPrincipal().getName(), list2);
            }
        }
        return hashMap;
    }

    @Override // org.gcube.common.homelibrary.home.workspace.accessmanager.AccessManager
    public boolean setReadOnlyACL(List<String> list, String str) throws InternalErrorException {
        boolean z;
        ArrayList arrayList = new ArrayList();
        arrayList.add("jcr:read=granted");
        try {
            z = modifyAce(list, str, arrayList, null);
        } catch (Exception e) {
            this.logger.error("Error setting WriteOwner to users " + list.toString() + " to path " + str);
            z = false;
        }
        return z;
    }

    @Override // org.gcube.common.homelibrary.home.workspace.accessmanager.AccessManager
    public boolean setWriteOwnerACL(List<String> list, String str) throws InternalErrorException {
        boolean z;
        this.logger.debug("setAuthorAce - users: " + list.toString() + " - absPath: " + str);
        ArrayList arrayList = new ArrayList();
        arrayList.add("jcr:write=granted");
        try {
            z = modifyAce(list, str, arrayList, null);
        } catch (Exception e) {
            this.logger.error("Error setting WriteOwner to users " + list.toString() + " to path " + str);
            z = false;
        }
        this.logger.debug("Ace modified");
        return z;
    }

    @Override // org.gcube.common.homelibrary.home.workspace.accessmanager.AccessManager
    public boolean setWriteAllACL(List<String> list, String str) throws InternalErrorException {
        boolean z;
        ArrayList arrayList = new ArrayList();
        arrayList.add("hl:writeAll=granted");
        try {
            z = modifyAce(list, str, arrayList, null);
        } catch (Exception e) {
            this.logger.error("Error setting Write All to users " + list.toString() + " to path " + str);
            z = false;
        }
        return z;
    }

    public boolean setAccessDenied(List<String> list, String str) throws InternalErrorException {
        boolean z;
        ArrayList arrayList = new ArrayList();
        arrayList.add("jcr:read=denied");
        try {
            z = modifyAce(list, str, arrayList, null);
        } catch (Exception e) {
            this.logger.error("Error removing Read privilege to users " + list.toString() + " to path " + str);
            z = false;
        }
        return z;
    }

    @Override // org.gcube.common.homelibrary.home.workspace.accessmanager.AccessManager
    public boolean setAdminACL(List<String> list, String str) throws InternalErrorException {
        boolean z;
        ArrayList arrayList = new ArrayList();
        arrayList.add("jcr:all=granted");
        try {
            z = modifyAce(list, str, arrayList, null);
        } catch (Exception e) {
            this.logger.error("Error setting Admin to users " + list.toString() + " to path " + str);
            z = false;
        }
        return z;
    }

    @Override // org.gcube.common.homelibrary.home.workspace.accessmanager.AccessManager
    public void deleteAces(String str, List<String> list) throws InternalErrorException {
        GetMethod getMethod = null;
        try {
            try {
                HttpClient httpClient = new HttpClient();
                StringBuilder sb = new StringBuilder();
                Iterator<String> it2 = list.iterator();
                while (it2.hasNext()) {
                    sb.append("&applyTo=" + it2.next());
                }
                try {
                    String str2 = url + "/DeleteAcesServlet?" + JCRRepository.getCredetials() + "&absPath=" + URLEncoder.encode(str, "UTF-8") + ((Object) sb);
                    this.logger.debug(str2);
                    getMethod = new GetMethod(str2);
                    httpClient.executeMethod(getMethod);
                    this.logger.debug("Response " + getMethod.getResponseBodyAsString());
                    if (getMethod != null) {
                        getMethod.releaseConnection();
                    }
                } catch (Exception e) {
                }
                try {
                } catch (Exception e2) {
                    this.logger.error("Error in Modify ace", e2);
                }
            } finally {
                if (getMethod != null) {
                    getMethod.releaseConnection();
                }
            }
        } catch (Exception e3) {
            this.logger.error("Error deleting Permissions in AccessManager", e3);
            throw new InternalErrorException(e3);
        }
    }

    public Map<String, List<String>> getGrantedMap(String str) throws RepositoryException, InternalErrorException {
        Session session = JCRRepository.getSession();
        HashMap hashMap = new HashMap();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        AccessControlEntry[] declaredAccessControlEntries = getDeclaredAccessControlEntries(session, str);
        if (declaredAccessControlEntries != null) {
            for (AccessControlEntry accessControlEntry : declaredAccessControlEntries) {
                ArrayList arrayList = null;
                Principal principal = accessControlEntry.getPrincipal();
                JCRPrivilegesInfo.AccessRights accessRights = (JCRPrivilegesInfo.AccessRights) linkedHashMap.get(principal);
                if (accessRights == null) {
                    accessRights = new JCRPrivilegesInfo.AccessRights();
                    linkedHashMap.put(principal, accessRights);
                }
                accessRights.getGranted().addAll(Arrays.asList(accessControlEntry.getPrivileges()));
                for (Privilege privilege : accessRights.getDenied()) {
                    if (arrayList == null) {
                        arrayList = new ArrayList();
                    }
                    arrayList.add(privilege.getName());
                }
                hashMap.put(principal.getName(), arrayList);
            }
        }
        return hashMap;
    }

    public Map<String, List<String>> getDeniedMap(String str) throws RepositoryException, InternalErrorException {
        Session session = JCRRepository.getSession();
        HashMap hashMap = new HashMap();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        AccessControlEntry[] declaredAccessControlEntries = getDeclaredAccessControlEntries(session, str);
        if (declaredAccessControlEntries != null) {
            for (AccessControlEntry accessControlEntry : declaredAccessControlEntries) {
                ArrayList arrayList = null;
                Principal principal = accessControlEntry.getPrincipal();
                JCRPrivilegesInfo.AccessRights accessRights = (JCRPrivilegesInfo.AccessRights) linkedHashMap.get(principal);
                if (accessRights == null) {
                    accessRights = new JCRPrivilegesInfo.AccessRights();
                    linkedHashMap.put(principal, accessRights);
                }
                accessRights.getDenied().addAll(Arrays.asList(accessControlEntry.getPrivileges()));
                for (Privilege privilege : accessRights.getDenied()) {
                    if (arrayList == null) {
                        arrayList = new ArrayList();
                    }
                    arrayList.add(privilege.getName());
                }
                hashMap.put(principal.getName(), arrayList);
            }
        }
        return hashMap;
    }

    private AccessControlEntry[] getDeclaredAccessControlEntries(Session session, String str) throws RepositoryException {
        for (AccessControlPolicy accessControlPolicy : AccessControlUtil.getAccessControlManager(session).getPolicies(str)) {
            if (accessControlPolicy instanceof AccessControlList) {
                return ((AccessControlList) accessControlPolicy).getAccessControlEntries();
            }
        }
        return new AccessControlEntry[0];
    }
}
