package com.stratelia.webactiv.jaas;

import com.silverpeas.jcrutil.BasicDaoFactory;
import com.silverpeas.jcrutil.JcrConstants;
import com.silverpeas.jcrutil.converter.ConverterUtil;
import com.silverpeas.jcrutil.security.impl.SilverpeasSystemCredentials;
import com.silverpeas.jcrutil.security.impl.SilverpeasSystemPrincipal;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.ItemNotFoundException;
import javax.jcr.NamespaceException;
import javax.jcr.Node;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.nodetype.NodeType;
import javax.security.auth.Subject;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.core.HierarchyManager;
import org.apache.jackrabbit.core.id.ItemId;
import org.apache.jackrabbit.core.security.AMContext;
import org.apache.jackrabbit.core.security.AccessManager;
import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;

/* loaded from: input_file:com/stratelia/webactiv/jaas/SilverpeasAccessManager.class */
public class SilverpeasAccessManager implements AccessManager {
    private HierarchyManager manager;
    private NamePathResolver resolver;
    private WorkspaceAccessManager wspAccessMgr;
    private PrivilegeManager privilegeManager;
    private Subject subject;
    private boolean initialized;
    private boolean isSystem = false;
    private Repository repository;

    public boolean canAccess(String str) throws RepositoryException {
        if (this.isSystem || this.wspAccessMgr == null) {
            return true;
        }
        return this.wspAccessMgr.grants(this.subject.getPrincipals(), str);
    }

    public void checkPermission(ItemId itemId, int i) throws RepositoryException {
        if (!this.initialized) {
            throw new IllegalStateException("not initialized");
        }
        if (!isGranted(itemId, i)) {
            throw new AccessDeniedException();
        }
    }

    public synchronized void close() throws Exception {
        if (!this.initialized) {
            throw new IllegalStateException("not initialized");
        }
        this.initialized = false;
    }

    public void init(AMContext aMContext) throws Exception {
        if (this.initialized) {
            throw new IllegalStateException("already initialized");
        }
        this.manager = aMContext.getHierarchyManager();
        this.resolver = aMContext.getNamePathResolver();
        this.privilegeManager = aMContext.getPrivilegeManager();
        this.subject = aMContext.getSubject();
        this.isSystem = !this.subject.getPrincipals(SilverpeasSystemPrincipal.class).isEmpty();
        this.initialized = true;
    }

    public boolean isGranted(ItemId itemId, int i) throws RepositoryException {
        if (!this.initialized) {
            throw new IllegalStateException("not initialized");
        }
        if (!itemId.denotesNode() || this.isSystem) {
            return true;
        }
        Path path = this.manager.getPath(itemId);
        if (path.getDepth() > 2 && validateNode(path)) {
            return isPathAutorized(path);
        }
        if (!validateFileNode(itemId)) {
            return true;
        }
        for (SilverpeasUserPrincipal silverpeasUserPrincipal : this.subject.getPrincipals(SilverpeasUserPrincipal.class)) {
            if (silverpeasUserPrincipal.isAdministrator() || checkUserIsOwner(silverpeasUserPrincipal, itemId)) {
                return true;
            }
        }
        return false;
    }

    protected boolean checkUserIsOwner(SilverpeasUserPrincipal silverpeasUserPrincipal, ItemId itemId) throws RepositoryException {
        Session session = null;
        try {
            session = this.repository.login(new SilverpeasSystemCredentials());
            Node node = getNode(session, itemId);
            if (!node.hasProperty(JcrConstants.SLV_PROPERTY_OWNER)) {
                BasicDaoFactory.logout(session);
                return true;
            }
            boolean equals = silverpeasUserPrincipal.getUserId().equals(node.getProperty(JcrConstants.SLV_PROPERTY_OWNER).getString());
            BasicDaoFactory.logout(session);
            return equals;
        } catch (ItemNotFoundException e) {
            BasicDaoFactory.logout(session);
            return true;
        } catch (Throwable th) {
            BasicDaoFactory.logout(session);
            throw th;
        }
    }

    protected boolean checkUserIsOwner(SilverpeasUserPrincipal silverpeasUserPrincipal, Path path) throws RepositoryException {
        Session session = null;
        try {
            session = this.repository.login(new SilverpeasSystemCredentials());
            boolean equals = silverpeasUserPrincipal.getUserId().equals(getNode(session, path).getProperty(JcrConstants.SLV_PROPERTY_OWNER).getString());
            BasicDaoFactory.logout(session);
            return equals;
        } catch (ItemNotFoundException e) {
            BasicDaoFactory.logout(session);
            return true;
        } catch (Throwable th) {
            BasicDaoFactory.logout(session);
            throw th;
        }
    }

    protected boolean isPathAutorized(Path path) {
        Set<SilverpeasUserPrincipal> principals = this.subject.getPrincipals(SilverpeasUserPrincipal.class);
        Path.Element[] elements = path.getElements();
        for (SilverpeasUserPrincipal silverpeasUserPrincipal : principals) {
            for (Path.Element element : elements) {
                if (silverpeasUserPrincipal.isAdministrator() || silverpeasUserPrincipal.canAccess(element.getName().getLocalName())) {
                    return true;
                }
            }
        }
        return false;
    }

    protected boolean validateFileNode(ItemId itemId) throws RepositoryException {
        Session session = null;
        try {
            session = this.repository.login(new SilverpeasSystemCredentials());
            boolean validateFileNode = validateFileNode(getNode(session, itemId));
            BasicDaoFactory.logout(session);
            return validateFileNode;
        } catch (Throwable th) {
            BasicDaoFactory.logout(session);
            throw th;
        }
    }

    protected boolean validateNode(Path path) throws RepositoryException {
        Session session = null;
        try {
            session = this.repository.login(new SilverpeasSystemCredentials());
            boolean validateNode = validateNode(getNode(session, path));
            BasicDaoFactory.logout(session);
            return validateNode;
        } catch (Throwable th) {
            BasicDaoFactory.logout(session);
            throw th;
        }
    }

    protected boolean validateNode(Node node) throws RepositoryException {
        return node.getPrimaryNodeType().isNodeType(JcrConstants.NT_FOLDER);
    }

    protected boolean validateFileNode(Path path) throws RepositoryException {
        Session session = null;
        try {
            session = this.repository.login(new SilverpeasSystemCredentials());
            boolean validateFileNode = validateFileNode(getNode(session, path));
            BasicDaoFactory.logout(session);
            return validateFileNode;
        } catch (RepositoryException e) {
            BasicDaoFactory.logout(session);
            return false;
        } catch (Throwable th) {
            BasicDaoFactory.logout(session);
            throw th;
        }
    }

    protected boolean validateFileNode(Node node) throws RepositoryException {
        if (!JcrConstants.NT_FILE.equals(node.getPrimaryNodeType().getName())) {
            return false;
        }
        for (NodeType nodeType : node.getMixinNodeTypes()) {
            if (JcrConstants.SLV_OWNABLE_MIXIN.equals(nodeType.getName())) {
                return true;
            }
        }
        return false;
    }

    public void setRepository(Repository repository) {
        this.repository = repository;
    }

    public void init(AMContext aMContext, AccessControlProvider accessControlProvider, WorkspaceAccessManager workspaceAccessManager) throws Exception {
        if (this.initialized) {
            throw new IllegalStateException("already initialized");
        }
        this.manager = aMContext.getHierarchyManager();
        this.resolver = aMContext.getNamePathResolver();
        this.privilegeManager = aMContext.getPrivilegeManager();
        this.wspAccessMgr = workspaceAccessManager;
        this.subject = aMContext.getSubject();
        this.isSystem = !this.subject.getPrincipals(SilverpeasSystemPrincipal.class).isEmpty();
        this.initialized = true;
    }

    public void checkPermission(Path path, int i) throws RepositoryException {
        if (!isGranted(path, i)) {
            throw new AccessDeniedException("Access denied");
        }
    }

    public boolean isGranted(Path path, int i) throws RepositoryException {
        if (this.isSystem || !denotesNode(path)) {
            return true;
        }
        if (path.getDepth() > 2 && validateNode(path)) {
            return isPathAutorized(path);
        }
        if (!validateFileNode(path)) {
            return true;
        }
        for (SilverpeasUserPrincipal silverpeasUserPrincipal : this.subject.getPrincipals(SilverpeasUserPrincipal.class)) {
            if (silverpeasUserPrincipal.isAdministrator() || checkUserIsOwner(silverpeasUserPrincipal, path)) {
                return true;
            }
        }
        return false;
    }

    protected boolean denotesNode(Path path) throws NamespaceException {
        String relativePath = getRelativePath(path);
        Session session = null;
        try {
            session = this.repository.login(new SilverpeasSystemCredentials());
            Node rootNode = session.getRootNode();
            if (path.denotesRoot()) {
                BasicDaoFactory.logout(session);
                return true;
            }
            if (rootNode.hasNode(relativePath)) {
                BasicDaoFactory.logout(session);
                return true;
            }
            BasicDaoFactory.logout(session);
            return false;
        } catch (RepositoryException e) {
            BasicDaoFactory.logout(session);
            return false;
        } catch (Throwable th) {
            BasicDaoFactory.logout(session);
            throw th;
        }
    }

    protected Node getNode(Session session, Path path) throws RepositoryException {
        String relativePath = getRelativePath(path);
        Node rootNode = session.getRootNode();
        if (path.denotesRoot()) {
            return rootNode;
        }
        if (rootNode.hasNode(relativePath)) {
            return rootNode.getNode(relativePath);
        }
        return null;
    }

    protected Node getNode(Session session, ItemId itemId) throws RepositoryException {
        return session.getNodeByIdentifier(itemId.toString());
    }

    protected String getRelativePath(Path path) throws NamespaceException {
        String jCRPath = this.resolver.getJCRPath(path);
        if (jCRPath.startsWith(ConverterUtil.PATH_SEPARATOR)) {
            jCRPath = jCRPath.substring(1);
        }
        return jCRPath;
    }

    public boolean isGranted(Path path, Name name, int i) throws RepositoryException {
        boolean z = true;
        if (path != null) {
            z = isGranted(path, i);
        }
        return z;
    }

    public boolean canRead(Path path, ItemId itemId) throws RepositoryException {
        boolean z = true;
        if (path != null) {
            z = isGranted(path, 1);
        }
        return z && isGranted(itemId, 1);
    }

    public void checkRepositoryPermission(int i) throws RepositoryException {
    }
}
