package com.day.cq.security.util;

import com.day.cq.security.util.AclPolicy;
import java.security.Principal;
import java.util.HashSet;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.sling.api.SlingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Deprecated
/* loaded from: input_file:com/day/cq/security/util/CRXPolicyManager.class */
public class CRXPolicyManager {
    private final JackrabbitSession session;
    private final AccessControlManager acManager;
    private final PrincipalManager principalManager;
    private static final Logger log = LoggerFactory.getLogger(CRXPolicyManager.class);

    public CRXPolicyManager(Session session) throws RepositoryException {
        if (!(session instanceof JackrabbitSession)) {
            throw new RepositoryException("CRXPolicyManager only usable with a jackrabbit session.");
        }
        this.session = (JackrabbitSession) session;
        this.acManager = session.getAccessControlManager();
        this.principalManager = this.session.getPrincipalManager();
    }

    public boolean applyPolicy(String str, AclPolicy aclPolicy) throws AccessDeniedException {
        try {
            try {
                try {
                    boolean z = false;
                    if (this.session.itemExists(str)) {
                        JackrabbitAccessControlList acl = getAcl(str);
                        if (acl != null) {
                            for (AclPolicy.Entry entry : aclPolicy.getEntries()) {
                                if (this.principalManager.hasPrincipal(entry.getPrincipal())) {
                                    Principal principal = this.principalManager.getPrincipal(entry.getPrincipal());
                                    if (setAce(principal, entry, acl)) {
                                        z = true;
                                        log.debug("Allow not contained in ACL on {}: added for {}", str, principal.getName());
                                    } else {
                                        log.debug("Allow for {} contained in ACL on {}: no changes", principal.getName(), str);
                                    }
                                }
                            }
                        }
                        if (z) {
                            this.acManager.setPolicy(str, acl);
                            this.session.save();
                        }
                    }
                    boolean z2 = z;
                    if (1 == 0) {
                        try {
                            this.session.refresh(false);
                        } catch (RepositoryException e) {
                            log.error("Failed to revert pending changes.", e);
                            throw new SlingException(e.getMessage(), e);
                        }
                    }
                    return z2;
                } catch (Throwable th) {
                    if (0 == 0) {
                        try {
                            this.session.refresh(false);
                        } catch (RepositoryException e2) {
                            log.error("Failed to revert pending changes.", e2);
                            throw new SlingException(e2.getMessage(), e2);
                        }
                    }
                    throw th;
                }
            } catch (RepositoryException e3) {
                throw new SlingException(e3.getMessage(), e3);
            }
        } catch (AccessDeniedException e4) {
            throw e4;
        }
    }

    public AclPolicy privatePolicy() {
        return new AclPolicy(this.principalManager.getEveryone().getName(), new String[]{"{http://www.jcp.org/jcr/1.0}all"}, false);
    }

    private JackrabbitAccessControlList getAcl(String str) throws RepositoryException {
        AccessControlPolicyIterator applicablePolicies = this.acManager.getApplicablePolicies(str);
        while (applicablePolicies.hasNext()) {
            AccessControlPolicy nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
            if (nextAccessControlPolicy instanceof JackrabbitAccessControlPolicy) {
                log.debug("No Policy present create a new ACL Policy");
                return (JackrabbitAccessControlList) nextAccessControlPolicy;
            }
        }
        for (AccessControlPolicy accessControlPolicy : this.acManager.getPolicies(str)) {
            if (accessControlPolicy instanceof JackrabbitAccessControlPolicy) {
                log.debug("Found existing ACL Policy");
                return (JackrabbitAccessControlList) accessControlPolicy;
            }
        }
        return null;
    }

    private boolean setAce(Principal principal, AclPolicy.Entry entry, JackrabbitAccessControlList jackrabbitAccessControlList) throws RepositoryException {
        Privilege[] privilegesFromName = privilegesFromName(entry.getPrivileges());
        if (privilegesFromName.length < 0) {
            log.debug("No Privleges for {} to set on {}: no change", principal, jackrabbitAccessControlList.getPath());
            return false;
        }
        jackrabbitAccessControlList.addEntry(principal, privilegesFromName, entry.isAllow());
        return true;
    }

    private Privilege[] privilegesFromName(String[] strArr) throws RepositoryException {
        HashSet hashSet = new HashSet();
        for (String str : strArr) {
            try {
                hashSet.add(this.acManager.privilegeFromName(str));
            } catch (AccessControlException e) {
                log.debug("Could not resolve Privilege for name {}: {}", str, e);
            }
        }
        return (Privilege[]) hashSet.toArray(new Privilege[hashSet.size()]);
    }
}
