package org.exist.xquery.functions.securitymanager;

import java.util.Optional;
import org.exist.Indexer;
import org.exist.client.CollectionXConf;
import org.exist.collections.Collection;
import org.exist.dom.QName;
import org.exist.dom.memtree.DocumentImpl;
import org.exist.dom.memtree.MemTreeBuilder;
import org.exist.security.ACLPermission;
import org.exist.security.AbstractUnixStylePermission;
import org.exist.security.Permission;
import org.exist.security.PermissionDeniedException;
import org.exist.security.PermissionFactory;
import org.exist.security.SimpleACLPermission;
import org.exist.storage.DBBroker;
import org.exist.storage.txn.TransactionException;
import org.exist.storage.txn.Txn;
import org.exist.util.SyntaxException;
import org.exist.util.XMLReaderObjectFactory;
import org.exist.xmldb.XmldbURI;
import org.exist.xquery.BasicFunction;
import org.exist.xquery.FunctionSignature;
import org.exist.xquery.PathExpr;
import org.exist.xquery.XPathException;
import org.exist.xquery.XQueryContext;
import org.exist.xquery.value.AnyURIValue;
import org.exist.xquery.value.BooleanValue;
import org.exist.xquery.value.FunctionParameterSequenceType;
import org.exist.xquery.value.FunctionReturnSequenceType;
import org.exist.xquery.value.Sequence;
import org.exist.xquery.value.SequenceType;
import org.exist.xquery.value.StringValue;

/* loaded from: input_file:org/exist/xquery/functions/securitymanager/PermissionsFunction.class */
public class PermissionsFunction extends BasicFunction {
    private static final QName qnGetPermissions = new QName("get-permissions", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnAddUserACE = new QName("add-user-ace", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnAddGroupACE = new QName("add-group-ace", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnInsertUserACE = new QName("insert-user-ace", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnInsertGroupACE = new QName("insert-group-ace", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnModifyACE = new QName("modify-ace", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnRemoveACE = new QName("remove-ace", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnClearACL = new QName("clear-acl", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnChMod = new QName("chmod", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnChOwn = new QName("chown", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnChGrp = new QName("chgrp", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnHasAccess = new QName("has-access", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnModeToOctal = new QName("mode-to-octal", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnOctalToMode = new QName("octal-to-mode", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    public static final FunctionSignature FNS_GET_PERMISSIONS = new FunctionSignature(qnGetPermissions, "Gets the permissions of a resource or collection.", new SequenceType[]{new FunctionParameterSequenceType(CollectionXConf.TYPE_PATH, 25, 2, "The path to the resource or collection to get permissions of.")}, new FunctionReturnSequenceType(6, 2, "The permissions of the resource or collection"));
    public static final FunctionSignature FNS_ADD_USER_ACE = new FunctionSignature(qnAddUserACE, "Adds a User ACE to the ACL of a resource or collection.", new SequenceType[]{new FunctionParameterSequenceType(CollectionXConf.TYPE_PATH, 25, 2, "The path to the resource or collection whose ACL you wish to add the ACE to."), new FunctionParameterSequenceType("user-name", 22, 2, "The name of the user to create an ACE for."), new FunctionParameterSequenceType("allowed", 23, 2, "true() if the ACE is allowing the permission mode, or false() if we are denying the permission mode"), new FunctionParameterSequenceType(XMLReaderObjectFactory.VALIDATION_MODE_ATTRIBUTE, 22, 2, "The mode to set on the ACE e.g. 'rwx'")}, new SequenceType(10, 1));
    public static final FunctionSignature FNS_ADD_GROUP_ACE = new FunctionSignature(qnAddGroupACE, "Adds a Group ACE to the ACL of a resource or collection.", new SequenceType[]{new FunctionParameterSequenceType(CollectionXConf.TYPE_PATH, 25, 2, "The path to the resource or collection whose ACL you wish to add the ACE to."), new FunctionParameterSequenceType("group-name", 22, 2, "The name of the group to create an ACE for."), new FunctionParameterSequenceType("allowed", 23, 2, "true() if the ACE is allowing the permission mode, or false() if we are denying the permission mode"), new FunctionParameterSequenceType(XMLReaderObjectFactory.VALIDATION_MODE_ATTRIBUTE, 22, 2, "The mode to set on the ACE e.g. 'rwx'")}, new SequenceType(10, 1));
    public static final FunctionSignature FNS_INSERT_USER_ACE = new FunctionSignature(qnInsertUserACE, "Inserts a User ACE into the ACL of a resource or collection.", new SequenceType[]{new FunctionParameterSequenceType(CollectionXConf.TYPE_PATH, 25, 2, "The path to the resource or collection whose ACL you wish to add the ACE to."), new FunctionParameterSequenceType(Indexer.CONFIGURATION_INDEX_ELEMENT_NAME, 38, 2, "The index in the ACL to insert the ACE before, subsequent entries will be renumbered"), new FunctionParameterSequenceType("user-name", 22, 2, "The name of the user to create an ACE for."), new FunctionParameterSequenceType("allowed", 23, 2, "true() if the ACE is allowing the permission mode, or false() if we are denying the permission mode"), new FunctionParameterSequenceType(XMLReaderObjectFactory.VALIDATION_MODE_ATTRIBUTE, 22, 2, "The mode to set on the ACE e.g. 'rwx'")}, new SequenceType(10, 1));
    public static final FunctionSignature FNS_INSERT_GROUP_ACE = new FunctionSignature(qnInsertGroupACE, "Inserts a Group ACE into the ACL of a resource or collection.", new SequenceType[]{new FunctionParameterSequenceType(CollectionXConf.TYPE_PATH, 25, 2, "The path to the resource or collection whose ACL you wish to add the ACE to."), new FunctionParameterSequenceType(Indexer.CONFIGURATION_INDEX_ELEMENT_NAME, 38, 2, "The index in the ACL to insert the ACE before, subsequent entries will be renumbered"), new FunctionParameterSequenceType("group-name", 22, 2, "The name of the group to create an ACE for."), new FunctionParameterSequenceType("allowed", 23, 2, "true() if the ACE is allowing the permission mode, or false() if we are denying the permission mode"), new FunctionParameterSequenceType(XMLReaderObjectFactory.VALIDATION_MODE_ATTRIBUTE, 22, 2, "The mode to set on the ACE e.g. 'rwx'")}, new SequenceType(10, 1));
    public static final FunctionSignature FNS_MODIFY_ACE = new FunctionSignature(qnModifyACE, "Modified an ACE of an ACL of a resource or collection.", new SequenceType[]{new FunctionParameterSequenceType(CollectionXConf.TYPE_PATH, 25, 2, "The path to the resource or collection whose ACL you wish to modify the ACE of."), new FunctionParameterSequenceType(Indexer.CONFIGURATION_INDEX_ELEMENT_NAME, 38, 2, "The index of the ACE in the ACL to modify"), new FunctionParameterSequenceType("allowed", 23, 2, "true() if the ACE is allowing the permission mode, or false() if we are denying the permission mode"), new FunctionParameterSequenceType(XMLReaderObjectFactory.VALIDATION_MODE_ATTRIBUTE, 22, 2, "The mode to set on the ACE e.g. 'rwx'")}, new SequenceType(10, 1));
    public static final FunctionSignature FNS_REMOVE_ACE = new FunctionSignature(qnRemoveACE, "Removes an ACE from the ACL of a resource or collection.", new SequenceType[]{new FunctionParameterSequenceType(CollectionXConf.TYPE_PATH, 25, 2, "The path to the resource or collection whose ACL you wish to remove the ACE from."), new FunctionParameterSequenceType(Indexer.CONFIGURATION_INDEX_ELEMENT_NAME, 38, 2, "The index of the ACE in the ACL to remove, subsequent entries will be renumbered")}, new SequenceType(10, 1));
    public static final FunctionSignature FNS_CLEAR_ACL = new FunctionSignature(qnClearACL, "Removes all ACEs from the ACL of a resource or collection.", new SequenceType[]{new FunctionParameterSequenceType(CollectionXConf.TYPE_PATH, 25, 2, "The path to the resource or collection whose ACL you wish to clear.")}, new SequenceType(10, 1));
    public static final FunctionSignature FNS_CHMOD = new FunctionSignature(qnChMod, "Changes the mode of a resource or collection.", new SequenceType[]{new FunctionParameterSequenceType(CollectionXConf.TYPE_PATH, 25, 2, "The path to the resource or collection whose mode you wish to set"), new FunctionParameterSequenceType(XMLReaderObjectFactory.VALIDATION_MODE_ATTRIBUTE, 22, 2, "The mode to set on the resource or collection e.g. 'rwxrwxrwx'")}, new SequenceType(10, 1));
    public static final FunctionSignature FNS_CHOWN = new FunctionSignature(qnChOwn, "Changes the owner of a resource or collection.", new SequenceType[]{new FunctionParameterSequenceType(CollectionXConf.TYPE_PATH, 25, 2, "The path to the resource or collection whose owner you wish to set"), new FunctionParameterSequenceType("owner", 22, 2, "The name of the user owner to set on the resource or collection e.g. 'guest'. You may also provide a group owner, by using the syntax 'user:group' if you wish.")}, new SequenceType(10, 1));
    public static final FunctionSignature FNS_CHGRP = new FunctionSignature(qnChGrp, "Changes the group owner of a resource or collection.", new SequenceType[]{new FunctionParameterSequenceType(CollectionXConf.TYPE_PATH, 25, 2, "The path to the resource or collection whose group owner you wish to set"), new FunctionParameterSequenceType("group-name", 22, 2, "The name of the user group owner to set on the resource or collection e.g. 'guest'")}, new SequenceType(10, 1));
    public static final FunctionSignature FNS_HAS_ACCESS = new FunctionSignature(qnHasAccess, "Checks whether the current user has access to the resource or collection.", new SequenceType[]{new FunctionParameterSequenceType(CollectionXConf.TYPE_PATH, 25, 2, "The path to the resource or collection whose access of which you wish to check"), new FunctionParameterSequenceType(XMLReaderObjectFactory.VALIDATION_MODE_ATTRIBUTE, 22, 2, "The partial mode to check against the resource or collection e.g. 'rwx'")}, new SequenceType(23, 2));
    public static final FunctionSignature FNS_MODE_TO_OCTAL = new FunctionSignature(qnModeToOctal, "Converts a mode string e.g. 'rwxrwxrwx' to an octal number e.g. 0777.", new SequenceType[]{new FunctionParameterSequenceType(XMLReaderObjectFactory.VALIDATION_MODE_ATTRIBUTE, 22, 2, "The mode to convert to an octal string.")}, new SequenceType(22, 2));
    public static final FunctionSignature FNS_OCTAL_TO_MODE = new FunctionSignature(qnOctalToMode, "Converts an octal string e.g. '0777' to a mode string e.g. 'rwxrwxrwx'.", new SequenceType[]{new FunctionParameterSequenceType("octal", 22, 2, "The octal string to convert to a mode.")}, new SequenceType(22, 2));
    static final char OWNER_GROUP_SEPARATOR = ':';

    public PermissionsFunction(XQueryContext xQueryContext, FunctionSignature functionSignature) {
        super(xQueryContext, functionSignature);
    }

    @Override // org.exist.xquery.BasicFunction
    public Sequence eval(Sequence[] sequenceArr, Sequence sequence) throws XPathException {
        Sequence functionAddACE;
        if (isCalledAs(qnModeToOctal.getLocalPart())) {
            functionAddACE = functionModeToOctal(sequenceArr[0].itemAt(0).getStringValue());
        } else if (isCalledAs(qnOctalToMode.getLocalPart())) {
            functionAddACE = functionOctalToMode(sequenceArr[0].itemAt(0).getStringValue());
        } else {
            XmldbURI xmldbURI = ((AnyURIValue) sequenceArr[0].itemAt(0)).toXmldbURI();
            Throwable th = null;
            try {
                try {
                    Txn continueOrBeginTransaction = this.context.getBroker().continueOrBeginTransaction();
                    try {
                        if (isCalledAs(qnGetPermissions.getLocalPart())) {
                            functionAddACE = functionGetPermissions(xmldbURI);
                        } else if (isCalledAs(qnAddUserACE.getLocalPart()) || isCalledAs(qnAddGroupACE.getLocalPart())) {
                            functionAddACE = functionAddACE(this.context.getBroker(), continueOrBeginTransaction, xmldbURI, isCalledAs(qnAddUserACE.getLocalPart()) ? ACLPermission.ACE_TARGET.USER : ACLPermission.ACE_TARGET.GROUP, sequenceArr[1].getStringValue(), sequenceArr[2].effectiveBooleanValue() ? ACLPermission.ACE_ACCESS_TYPE.ALLOWED : ACLPermission.ACE_ACCESS_TYPE.DENIED, sequenceArr[3].itemAt(0).getStringValue());
                        } else if (isCalledAs(qnInsertUserACE.getLocalPart()) || isCalledAs(qnInsertGroupACE.getLocalPart())) {
                            functionAddACE = functionInsertACE(this.context.getBroker(), continueOrBeginTransaction, xmldbURI, ((Integer) sequenceArr[1].itemAt(0).toJavaObject(Integer.class)).intValue(), isCalledAs(qnInsertUserACE.getLocalPart()) ? ACLPermission.ACE_TARGET.USER : ACLPermission.ACE_TARGET.GROUP, sequenceArr[2].getStringValue(), sequenceArr[3].effectiveBooleanValue() ? ACLPermission.ACE_ACCESS_TYPE.ALLOWED : ACLPermission.ACE_ACCESS_TYPE.DENIED, sequenceArr[4].itemAt(0).getStringValue());
                        } else if (isCalledAs(qnModifyACE.getLocalPart())) {
                            functionAddACE = functionModifyACE(this.context.getBroker(), continueOrBeginTransaction, xmldbURI, ((Integer) sequenceArr[1].itemAt(0).toJavaObject(Integer.class)).intValue(), sequenceArr[2].effectiveBooleanValue() ? ACLPermission.ACE_ACCESS_TYPE.ALLOWED : ACLPermission.ACE_ACCESS_TYPE.DENIED, sequenceArr[3].itemAt(0).getStringValue());
                        } else {
                            functionAddACE = isCalledAs(qnRemoveACE.getLocalPart()) ? functionRemoveACE(this.context.getBroker(), continueOrBeginTransaction, xmldbURI, ((Integer) sequenceArr[1].itemAt(0).toJavaObject(Integer.class)).intValue()) : isCalledAs(qnClearACL.getLocalPart()) ? functionClearACL(this.context.getBroker(), continueOrBeginTransaction, xmldbURI) : isCalledAs(qnChMod.getLocalPart()) ? functionChMod(this.context.getBroker(), continueOrBeginTransaction, xmldbURI, sequenceArr[1].itemAt(0).getStringValue()) : isCalledAs(qnChOwn.getLocalPart()) ? functionChOwn(this.context.getBroker(), continueOrBeginTransaction, xmldbURI, sequenceArr[1].itemAt(0).getStringValue()) : isCalledAs(qnChGrp.getLocalPart()) ? functionChGrp(this.context.getBroker(), continueOrBeginTransaction, xmldbURI, sequenceArr[1].itemAt(0).getStringValue()) : isCalledAs(qnHasAccess.getLocalPart()) ? functionHasAccess(xmldbURI, sequenceArr[1].itemAt(0).getStringValue()) : Sequence.EMPTY_SEQUENCE;
                        }
                        continueOrBeginTransaction.commit();
                        if (continueOrBeginTransaction != null) {
                            continueOrBeginTransaction.close();
                        }
                    } catch (Throwable th2) {
                        if (continueOrBeginTransaction != null) {
                            continueOrBeginTransaction.close();
                        }
                        throw th2;
                    }
                } catch (Throwable th3) {
                    if (0 == 0) {
                        th = th3;
                    } else if (null != th3) {
                        th.addSuppressed(th3);
                    }
                    throw th;
                }
            } catch (PermissionDeniedException | TransactionException e) {
                throw new XPathException(this, e);
            }
        }
        return functionAddACE;
    }

    private DocumentImpl functionGetPermissions(XmldbURI xmldbURI) throws XPathException {
        try {
            return permissionsToXml(getPermissions(xmldbURI));
        } catch (PermissionDeniedException e) {
            throw new XPathException(this, "Permission to retrieve permissions is denied for user '" + this.context.getSubject().getName() + "' on '" + xmldbURI.toString() + "': " + e.getMessage(), e);
        }
    }

    private Sequence functionAddACE(DBBroker dBBroker, Txn txn, XmldbURI xmldbURI, ACLPermission.ACE_TARGET ace_target, String str, ACLPermission.ACE_ACCESS_TYPE ace_access_type, String str2) throws PermissionDeniedException {
        PermissionFactory.chacl(dBBroker, txn, xmldbURI, aCLPermission -> {
            aCLPermission.addACE(ace_access_type, ace_target, str, str2);
        });
        return Sequence.EMPTY_SEQUENCE;
    }

    private Sequence functionInsertACE(DBBroker dBBroker, Txn txn, XmldbURI xmldbURI, int i, ACLPermission.ACE_TARGET ace_target, String str, ACLPermission.ACE_ACCESS_TYPE ace_access_type, String str2) throws PermissionDeniedException {
        PermissionFactory.chacl(dBBroker, txn, xmldbURI, aCLPermission -> {
            aCLPermission.insertACE(i, ace_access_type, ace_target, str, str2);
        });
        return Sequence.EMPTY_SEQUENCE;
    }

    private Sequence functionModifyACE(DBBroker dBBroker, Txn txn, XmldbURI xmldbURI, int i, ACLPermission.ACE_ACCESS_TYPE ace_access_type, String str) throws PermissionDeniedException {
        PermissionFactory.chacl(dBBroker, txn, xmldbURI, aCLPermission -> {
            aCLPermission.modifyACE(i, ace_access_type, str);
        });
        return Sequence.EMPTY_SEQUENCE;
    }

    private Sequence functionRemoveACE(DBBroker dBBroker, Txn txn, XmldbURI xmldbURI, int i) throws PermissionDeniedException {
        PermissionFactory.chacl(dBBroker, txn, xmldbURI, aCLPermission -> {
            aCLPermission.removeACE(i);
        });
        return Sequence.EMPTY_SEQUENCE;
    }

    private Sequence functionClearACL(DBBroker dBBroker, Txn txn, XmldbURI xmldbURI) throws PermissionDeniedException {
        PermissionFactory.chacl(dBBroker, txn, xmldbURI, (v0) -> {
            v0.clear();
        });
        return Sequence.EMPTY_SEQUENCE;
    }

    private Sequence functionChMod(DBBroker dBBroker, Txn txn, XmldbURI xmldbURI, String str) throws PermissionDeniedException {
        PermissionFactory.chmod_str(dBBroker, txn, xmldbURI, Optional.ofNullable(str), Optional.empty());
        return Sequence.EMPTY_SEQUENCE;
    }

    private Sequence functionChOwn(DBBroker dBBroker, Txn txn, XmldbURI xmldbURI, String str) throws PermissionDeniedException {
        Optional filter;
        Optional empty;
        if (str.indexOf(58) > -1) {
            filter = Optional.of(str.substring(0, str.indexOf(58))).filter(str2 -> {
                return !str2.isEmpty();
            });
            empty = Optional.of(str.substring(str.indexOf(58) + 1)).filter(str3 -> {
                return !str3.isEmpty();
            });
        } else {
            filter = Optional.of(str).filter(str4 -> {
                return !str4.isEmpty();
            });
            empty = Optional.empty();
        }
        PermissionFactory.chown(dBBroker, txn, xmldbURI, filter, empty);
        return Sequence.EMPTY_SEQUENCE;
    }

    private Sequence functionChGrp(DBBroker dBBroker, Txn txn, XmldbURI xmldbURI, String str) throws PermissionDeniedException {
        PermissionFactory.chown(dBBroker, txn, xmldbURI, Optional.empty(), Optional.ofNullable(str).filter(str2 -> {
            return !str2.isEmpty();
        }));
        return Sequence.EMPTY_SEQUENCE;
    }

    private Sequence functionHasAccess(XmldbURI xmldbURI, String str) throws XPathException {
        if (str == null || str.length() == 0 || str.length() > 3) {
            throw new XPathException("Mode string must be partial i.e. rwx not rwxrwxrwx");
        }
        int i = 0;
        if (str.indexOf(114) > -1) {
            i = 0 | 4;
        }
        if (str.indexOf(119) > -1) {
            i |= 2;
        }
        if (str.indexOf(120) > -1) {
            i |= 1;
        }
        try {
            return BooleanValue.valueOf(getPermissions(xmldbURI).validate(this.context.getEffectiveUser(), i));
        } catch (PermissionDeniedException unused) {
            return BooleanValue.FALSE;
        } catch (XPathException e) {
            PathExpr.LOG.error(e.getMessage(), e);
            return BooleanValue.FALSE;
        }
    }

    private Sequence functionModeToOctal(String str) throws XPathException {
        try {
            int simpleSymbolicModeToInt = AbstractUnixStylePermission.simpleSymbolicModeToInt(str);
            return new StringValue(simpleSymbolicModeToInt == 0 ? "0" : "0" + Integer.toOctalString(simpleSymbolicModeToInt));
        } catch (SyntaxException e) {
            throw new XPathException(e.getMessage(), e);
        }
    }

    private Sequence functionOctalToMode(String str) {
        return new StringValue(AbstractUnixStylePermission.modeToSimpleSymbolicMode(Integer.parseInt(str, 8)));
    }

    private Permission getPermissions(XmldbURI xmldbURI) throws XPathException, PermissionDeniedException {
        Permission permissions;
        Collection collection = this.context.getBroker().getCollection(xmldbURI);
        if (collection != null) {
            permissions = collection.getPermissionsNoLock();
        } else {
            org.exist.dom.persistent.DocumentImpl resource = this.context.getBroker().getResource(xmldbURI, 4);
            if (resource == null) {
                throw new XPathException("Resource or collection '" + xmldbURI.toString() + "' does not exist.");
            }
            permissions = resource.getPermissions();
        }
        return permissions;
    }

    private DocumentImpl permissionsToXml(Permission permission) {
        MemTreeBuilder documentBuilder = this.context.getDocumentBuilder();
        documentBuilder.startDocument();
        documentBuilder.startElement(new QName("permission", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
        documentBuilder.addAttribute(new QName("owner", ""), permission.getOwner().getName());
        documentBuilder.addAttribute(new QName(Permission.GROUP_STRING, ""), permission.getGroup().getName());
        documentBuilder.addAttribute(new QName(XMLReaderObjectFactory.VALIDATION_MODE_ATTRIBUTE, ""), permission.toString());
        if (permission instanceof SimpleACLPermission) {
            SimpleACLPermission simpleACLPermission = (SimpleACLPermission) permission;
            documentBuilder.startElement(new QName("acl", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
            documentBuilder.addAttribute(new QName("entries", ""), String.valueOf(simpleACLPermission.getACECount()));
            for (int i = 0; i < simpleACLPermission.getACECount(); i++) {
                documentBuilder.startElement(new QName("ace", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
                documentBuilder.addAttribute(new QName(Indexer.CONFIGURATION_INDEX_ELEMENT_NAME, ""), String.valueOf(i));
                documentBuilder.addAttribute(new QName("target", ""), simpleACLPermission.getACETarget(i).name());
                documentBuilder.addAttribute(new QName("who", ""), simpleACLPermission.getACEWho(i));
                documentBuilder.addAttribute(new QName("access_type", ""), simpleACLPermission.getACEAccessType(i).name());
                documentBuilder.addAttribute(new QName(XMLReaderObjectFactory.VALIDATION_MODE_ATTRIBUTE, ""), simpleACLPermission.getACEModeString(i));
                documentBuilder.endElement();
            }
            documentBuilder.endElement();
        }
        documentBuilder.endElement();
        documentBuilder.endDocument();
        return documentBuilder.getDocument();
    }
}
