package org.wso2.carbon.registry.jcr.security;

import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.PathNotFoundException;
import javax.jcr.Property;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.wso2.carbon.registry.jcr.RegistrySession;
import org.wso2.carbon.registry.jcr.util.RegistryJCRSpecificStandardLoderUtil;
import org.wso2.carbon.registry.jcr.util.security.PrivilegeRegistry;

/* loaded from: input_file:org/wso2/carbon/registry/jcr/security/RegistryAccessControlManager.class */
public class RegistryAccessControlManager implements AccessControlManager {
    private RegistrySession registrySession;
    private Map<String, Set<AccessControlPolicy>> accessCtrlPolicies = new HashMap();
    private PrivilegeRegistry privilegeRegistry = new PrivilegeRegistry();

    public RegistryAccessControlManager(RegistrySession registrySession) {
        this.registrySession = registrySession;
    }

    public PrivilegeRegistry getPrivilegeRegistry() {
        return this.privilegeRegistry;
    }

    public Privilege[] getSupportedPrivileges(String str) throws RepositoryException {
        return this.privilegeRegistry.getRegisteredPrivileges();
    }

    public Privilege privilegeFromName(String str) throws RepositoryException {
        return this.privilegeRegistry.getPrivilegeFromName(str);
    }

    public boolean hasPrivileges(String str, Privilege[] privilegeArr) throws RepositoryException {
        boolean z = true;
        if (this.registrySession.getItem(str) instanceof Property) {
            throw new PathNotFoundException("No privilages can be added for Properties");
        }
        HashSet hashSet = new HashSet();
        hashSet.addAll(Arrays.asList(getPrivileges(str)));
        for (Privilege privilege : privilegeArr) {
            if (!hashSet.contains(privilege)) {
                z = false;
            }
        }
        return z;
    }

    public Privilege[] getPrivileges(String str) throws RepositoryException {
        if (this.registrySession.getItem(str) instanceof Property) {
            throw new PathNotFoundException("No privilages can be added for Properties");
        }
        HashSet hashSet = new HashSet();
        if (this.accessCtrlPolicies.get(str) instanceof RegistryAccessControlList) {
            for (AccessControlEntry accessControlEntry : ((RegistryAccessControlList) this.accessCtrlPolicies.get(str)).getAccessControlEntries()) {
                if (accessControlEntry != null) {
                    hashSet.addAll(Arrays.asList(accessControlEntry.getPrivileges()));
                }
            }
        }
        if (RegistryJCRSpecificStandardLoderUtil.isSessionReadOnly(this.registrySession.getUserID()) && !hashSet.contains(this.privilegeRegistry.getPrivilegeFromName("{http://www.jcp.org/jcr/1.0}read"))) {
            hashSet.add(this.privilegeRegistry.getPrivilegeFromName("{http://www.jcp.org/jcr/1.0}read"));
        }
        return hashSet.size() != 0 ? (Privilege[]) hashSet.toArray(new Privilege[hashSet.size()]) : new Privilege[0];
    }

    public AccessControlPolicy[] getPolicies(String str) throws RepositoryException {
        if (RegistryJCRSpecificStandardLoderUtil.isSessionReadOnly(this.registrySession.getUserID())) {
            throw new AccessDeniedException("Read only session may not read AC content");
        }
        return this.accessCtrlPolicies.get(str) != null ? (AccessControlPolicy[]) this.accessCtrlPolicies.get(str).toArray(new AccessControlPolicy[this.accessCtrlPolicies.get(str).size()]) : new AccessControlPolicy[0];
    }

    public AccessControlPolicy[] getEffectivePolicies(String str) throws RepositoryException {
        if (RegistryJCRSpecificStandardLoderUtil.isSessionReadOnly(this.registrySession.getUserID())) {
            throw new AccessDeniedException("Read only session may not read AC content");
        }
        if (this.registrySession.getItem(str) instanceof Property) {
            throw new PathNotFoundException("Cannot apply policies to a property path");
        }
        return getPolicies(str);
    }

    public AccessControlPolicyIterator getApplicablePolicies(String str) throws RepositoryException {
        if (RegistryJCRSpecificStandardLoderUtil.isSessionReadOnly(this.registrySession.getUserID())) {
            throw new AccessDeniedException("Read only session may not read AC content");
        }
        return this.accessCtrlPolicies.size() != 0 ? new RegistryAccessControlPolicyIterator(this.accessCtrlPolicies.get(str)) : new RegistryAccessControlPolicyIterator(new HashSet());
    }

    public void setPolicy(String str, AccessControlPolicy accessControlPolicy) throws RepositoryException {
        boolean z = true;
        if (RegistryJCRSpecificStandardLoderUtil.isSessionReadOnly(this.registrySession.getUserID())) {
            if (accessControlPolicy instanceof RegistryAccessControlList) {
                z = false;
            } else if (accessControlPolicy instanceof RegistryNamedAccessControlPolicy) {
                z = false;
            }
            if (z) {
                throw new AccessControlException("Invalid policy may not be set by a READ-only session");
            }
        }
        if (this.accessCtrlPolicies.get(str) != null) {
            this.accessCtrlPolicies.get(str).add(accessControlPolicy);
            return;
        }
        HashSet hashSet = new HashSet();
        hashSet.add(accessControlPolicy);
        this.accessCtrlPolicies.put(str, hashSet);
    }

    public void removePolicy(String str, AccessControlPolicy accessControlPolicy) throws RepositoryException {
        Set<AccessControlPolicy> set = this.accessCtrlPolicies.get(str);
        set.remove(accessControlPolicy);
        this.accessCtrlPolicies.remove(str);
        this.accessCtrlPolicies.put(str, set);
    }
}
