package org.apache.sling.starter.access.models;

import jakarta.json.Json;
import jakarta.json.JsonArray;
import jakarta.json.JsonArrayBuilder;
import jakarta.json.JsonBuilderFactory;
import jakarta.json.JsonObject;
import jakarta.json.JsonObjectBuilder;
import jakarta.json.JsonString;
import jakarta.json.JsonValue;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.JackrabbitWorkspace;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.request.RequestParameter;
import org.apache.sling.api.resource.ResourceNotFoundException;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.jcr.jackrabbit.accessmanager.GetAce;
import org.apache.sling.jcr.jackrabbit.accessmanager.GetAcl;
import org.apache.sling.models.annotations.Model;
import org.apache.sling.models.annotations.injectorspecific.OSGiService;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@Model(adaptables = {SlingHttpServletRequest.class})
/* loaded from: input_file:org/apache/sling/starter/access/models/Ace.class */
public class Ace extends AccessFormPage {
    protected static final String PATH_REPOSITORY = "/:repository";
    protected static final Pattern RESTRICTION_PATTERN = Pattern.compile("^restriction@([^@]+)@([^@]+)@(Allow|Deny)$");
    protected static final Pattern RESTRICTION_PATTERN_DELETE = Pattern.compile(String.format("^restriction@([^@]+)@([^@]+)%s$", "@Delete"));
    protected static final Map<String, Integer> privilegesPriority = createPrivilegesPriorityMap();
    protected String principalId;
    private boolean aceExists;
    protected Map<Privilege, PrivilegeItem> persistedPrivilegesMap = null;

    @OSGiService
    protected List<RestrictionProvider> restrictionProviders = null;

    @OSGiService
    public GetAce getAce = null;

    @OSGiService
    public GetAcl getAcl = null;

    protected static Map<String, Integer> createPrivilegesPriorityMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("jcr:read", 1);
        hashMap.put("rep:write", 2);
        hashMap.put("jcr:readAccessControl", 3);
        hashMap.put("jcr:modifyAccessControl", 4);
        hashMap.put("jcr:write", 1);
        hashMap.put("jcr:nodeTypeManagement", 2);
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sling.starter.access.models.AccessFormPage
    @PostConstruct
    public void init() throws IOException {
        super.init();
        this.principalId = this.request.getParameter("pid");
    }

    public String getPrincipalId() {
        return this.principalId;
    }

    public boolean getIsInvalidPrincipal() throws RepositoryException {
        UserManager userManager;
        boolean z = true;
        if (this.principalId != null && !this.principalId.isEmpty()) {
            JackrabbitSession jackrabbitSession = (Session) this.request.getResourceResolver().adaptTo(Session.class);
            if ((jackrabbitSession instanceof JackrabbitSession) && (userManager = jackrabbitSession.getUserManager()) != null && userManager.getAuthorizable(this.principalId) != null) {
                z = false;
            }
        }
        return z;
    }

    protected String getAcePath() {
        return this.resource.getPath();
    }

    public boolean isExists() {
        return this.aceExists;
    }

    public Collection<PrivilegeItem> getPrivileges() throws RepositoryException {
        Map<Privilege, PrivilegeItem> persistedPrivilegesMap = getPersistedPrivilegesMap();
        if (persistedPrivilegesMap == null || persistedPrivilegesMap.isEmpty()) {
            return Collections.emptyList();
        }
        Set<RestrictionDefinition> supportedRestrictions = getSupportedRestrictions();
        Map<String, RestrictionDefinition> srMap = toSrMap(supportedRestrictions);
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        Map<String, String[]> populateEntriesFromPreviousFailedPost = populateEntriesFromPreviousFailedPost(hashMap, hashMap2, srMap);
        Map<String, String[]> fieldValuesForPattern = getFieldValuesForPattern(RESTRICTION_PATTERN_DELETE);
        for (PrivilegeItem privilegeItem : persistedPrivilegesMap.values()) {
            String name = privilegeItem.getName();
            String parameter = this.request.getParameter(String.format("privilege@%s", name));
            if (parameter == null) {
                String parameter2 = this.request.getParameter(String.format("privilege@%s@Delete", name));
                if (parameter2 != null) {
                    if ("granted".equals(parameter2)) {
                        privilegeItem.setGranted(false);
                    } else if ("denied".equals(parameter2)) {
                        privilegeItem.setDenied(false);
                    }
                }
            } else if ("granted".equals(parameter)) {
                privilegeItem.setGranted(true);
            } else if ("denied".equals(parameter)) {
                privilegeItem.setDenied(true);
            }
            boolean[] zArr = {true, false};
            int length = zArr.length;
            for (int i = 0; i < length; i++) {
                boolean z = zArr[i];
                List<RestrictionItem> computeIfAbsent = (z ? hashMap : hashMap2).computeIfAbsent(name, str -> {
                    return new ArrayList();
                });
                List<RestrictionItem> allowRestrictions = z ? privilegeItem.getAllowRestrictions() : privilegeItem.getDenyRestrictions();
                if (allowRestrictions != null && !allowRestrictions.isEmpty()) {
                    for (RestrictionItem restrictionItem : allowRestrictions) {
                        String name2 = restrictionItem.getName();
                        boolean z2 = true;
                        String format = String.format("restriction@%s@%s", name, name2);
                        Object[] objArr = new Object[2];
                        objArr[0] = format;
                        objArr[1] = z ? "Allow" : "Deny";
                        String format2 = String.format("%s@%s", objArr);
                        if (fieldValuesForPattern.containsKey(String.format("%s%s", format, "@Delete"))) {
                            z2 = false;
                        } else if (populateEntriesFromPreviousFailedPost.containsKey(format2)) {
                            computeIfAbsent.stream().filter(restrictionItem2 -> {
                                return restrictionItem2.getName().equals(name2);
                            }).forEach(restrictionItem3 -> {
                                restrictionItem3.setExists(true);
                            });
                            z2 = false;
                        }
                        if (z2) {
                            computeIfAbsent.add(restrictionItem);
                        }
                    }
                }
                populateEntriesForMissingMandatoryRestrictions(computeIfAbsent, supportedRestrictions);
                if (z) {
                    privilegeItem.setAllowRestrictions(computeIfAbsent);
                } else {
                    privilegeItem.setDenyRestrictions(computeIfAbsent);
                }
                fieldValuesForPattern.keySet().stream().filter(str2 -> {
                    return RESTRICTION_PATTERN_DELETE.matcher(str2).matches();
                }).forEach(str3 -> {
                    Matcher matcher = RESTRICTION_PATTERN_DELETE.matcher(str3);
                    if (matcher.matches()) {
                        String group = matcher.group(2);
                        if (z) {
                            privilegeItem.addAllowRestrictionToDelete(group);
                        } else {
                            privilegeItem.addDenyRestrictionToDelete(group);
                        }
                    }
                });
            }
        }
        ArrayList arrayList = new ArrayList(persistedPrivilegesMap.values());
        arrayList.sort((privilegeItem2, privilegeItem3) -> {
            String longestPath = privilegeItem2.getLongestPath();
            String[] split = longestPath.split("/");
            String longestPath2 = privilegeItem3.getLongestPath();
            String[] split2 = longestPath2.split("/");
            for (int i2 = 0; i2 < split.length; i2++) {
                Integer orDefault = privilegesPriority.getOrDefault(split[i2], 1000);
                if (split2.length <= i2) {
                    return longestPath.compareTo(longestPath2);
                }
                int compareTo = orDefault.compareTo(privilegesPriority.getOrDefault(split2[i2], 1000));
                if (compareTo != 0) {
                    return compareTo;
                }
            }
            if (split.length != split2.length) {
                return longestPath.compareTo(longestPath2);
            }
            String str4 = split[split.length - 1];
            String str5 = split2[split2.length - 1];
            return str4.substring(str4.indexOf(58)).compareTo(str5.substring(str5.indexOf(58)));
        });
        boolean z3 = true;
        for (int size = arrayList.size() - 1; size > 0; size--) {
            PrivilegeItem privilegeItem4 = (PrivilegeItem) arrayList.get(size);
            if (z3) {
                privilegeItem4.addExtraCssClass("lastBranch");
            }
            if (z3 && privilegeItem4.getDepth() == 1) {
                z3 = false;
            }
            if (size == arrayList.size() - 1) {
                privilegeItem4.addExtraCssClass("lastSibling");
            } else {
                boolean z4 = true;
                int i2 = size + 1;
                while (true) {
                    if (i2 >= arrayList.size()) {
                        break;
                    }
                    PrivilegeItem privilegeItem5 = (PrivilegeItem) arrayList.get(i2);
                    if (privilegeItem5.getDepth() == privilegeItem4.getDepth()) {
                        String parent = ResourceUtil.getParent(privilegeItem5.getLongestPath());
                        String parent2 = ResourceUtil.getParent(privilegeItem4.getLongestPath());
                        if (parent != null && parent.equals(parent2)) {
                            z4 = false;
                            break;
                        }
                    }
                    i2++;
                }
                if (z4) {
                    privilegeItem4.addExtraCssClass("lastSibling");
                }
            }
        }
        return arrayList;
    }

    protected Map<String, String[]> populateEntriesFromPreviousFailedPost(Map<String, List<RestrictionItem>> map, Map<String, List<RestrictionItem>> map2, Map<String, RestrictionDefinition> map3) {
        Map<String, String[]> fieldValuesForPattern = getFieldValuesForPattern(RESTRICTION_PATTERN_DELETE);
        Map<String, String[]> fieldValuesForPattern2 = getFieldValuesForPattern(RESTRICTION_PATTERN);
        for (Map.Entry<String, String[]> entry : fieldValuesForPattern2.entrySet()) {
            if (!fieldValuesForPattern.containsKey(String.format("%s%s", entry.getKey(), "@Delete"))) {
                Matcher matcher = RESTRICTION_PATTERN.matcher(entry.getKey());
                if (matcher.matches()) {
                    String group = matcher.group(1);
                    String group2 = matcher.group(2);
                    boolean equals = "Allow".equals(matcher.group(3));
                    RestrictionDefinition restrictionDefinition = map3.get(group2);
                    if (restrictionDefinition != null) {
                        String[] value = entry.getValue();
                        String[] value2 = entry.getValue();
                        if (restrictionDefinition.getRequiredType().isArray()) {
                            value = value2;
                        } else if (value2.length > 0) {
                            value = value2[0];
                        }
                        (equals ? map : map2).computeIfAbsent(group, str -> {
                            return new ArrayList();
                        }).add(new RestrictionItem(restrictionDefinition, value, false));
                    }
                }
            }
        }
        return fieldValuesForPattern2;
    }

    protected void populateEntriesForMissingMandatoryRestrictions(List<RestrictionItem> list, Set<RestrictionDefinition> set) {
        if (set != null) {
            for (RestrictionDefinition restrictionDefinition : set) {
                if (restrictionDefinition.isMandatory() && list.stream().noneMatch(restrictionItem -> {
                    return restrictionItem.getName().equals(restrictionDefinition.getName());
                })) {
                    list.add(new RestrictionItem(restrictionDefinition, null, false));
                }
            }
        }
    }

    protected Map<String, RestrictionDefinition> toSrMap(Set<RestrictionDefinition> set) {
        HashMap hashMap = new HashMap();
        for (RestrictionDefinition restrictionDefinition : set) {
            hashMap.put(restrictionDefinition.getName(), restrictionDefinition);
        }
        return hashMap;
    }

    @NotNull
    protected Privilege[] getSupportedOrRegisteredPrivileges(@NotNull Session session, @Nullable String str) throws RepositoryException {
        Privilege[] privilegeArr = null;
        if (str == null || !session.nodeExists(str)) {
            JackrabbitWorkspace workspace = session.getWorkspace();
            if (workspace instanceof JackrabbitWorkspace) {
                privilegeArr = workspace.getPrivilegeManager().getRegisteredPrivileges();
            }
        } else {
            privilegeArr = session.getAccessControlManager().getSupportedPrivileges(str);
        }
        return privilegeArr == null ? new Privilege[0] : privilegeArr;
    }

    protected Map<Privilege, PrivilegeItem> initialPrivilegesMap(Map<Privilege, String> map, String str) {
        Privilege[] privilegeArr;
        HashMap hashMap = new HashMap();
        try {
            privilegeArr = getSupportedOrRegisteredPrivileges((Session) this.request.getResourceResolver().adaptTo(Session.class), PATH_REPOSITORY.equals(str) ? null : str);
        } catch (RepositoryException e) {
            privilegeArr = null;
        }
        if (privilegeArr != null) {
            for (Privilege privilege : privilegeArr) {
                hashMap.put(privilege, new PrivilegeItem(privilege.getName(), false, false, map.get(privilege)));
            }
        }
        return hashMap;
    }

    protected Map<Privilege, PrivilegeItem> getPersistedPrivilegesMap() throws RepositoryException {
        JsonObject jsonObject;
        if (this.persistedPrivilegesMap == null) {
            Session session = (Session) this.request.getResourceResolver().adaptTo(Session.class);
            Map<Privilege, String> privilegeLongestPathMap = AceUtils.getPrivilegeLongestPathMap(session);
            String acePath = getAcePath();
            this.persistedPrivilegesMap = initialPrivilegesMap(privilegeLongestPathMap, acePath);
            try {
                jsonObject = this.getAce.getAce(session, acePath, getPrincipalId());
            } catch (ResourceNotFoundException e) {
                jsonObject = null;
            }
            if (jsonObject != null) {
                this.aceExists = true;
                AccessControlManager accessControlManager = session.getAccessControlManager();
                Map<String, RestrictionDefinition> srMap = toSrMap(getSupportedRestrictions());
                JsonObject jsonObject2 = jsonObject.getJsonObject("privileges");
                for (String str : jsonObject2.keySet()) {
                    PrivilegeItem computeIfAbsent = this.persistedPrivilegesMap.computeIfAbsent(accessControlManager.privilegeFromName(str), privilege -> {
                        return new PrivilegeItem(privilege.getName(), false, false, (String) privilegeLongestPathMap.get(privilege));
                    });
                    JsonObject jsonObject3 = jsonObject2.getJsonObject(str);
                    JsonValue jsonValue = (JsonValue) jsonObject3.get("allow");
                    if (jsonValue != null) {
                        computeIfAbsent.setAllowExists(true);
                        computeIfAbsent.setGranted(true);
                        if (jsonValue instanceof JsonObject) {
                            computeIfAbsent.setAllowRestrictions(jsonToRestrictionItems(srMap, (JsonObject) jsonValue));
                        }
                    }
                    JsonValue jsonValue2 = (JsonValue) jsonObject3.get("deny");
                    if (jsonValue2 != null) {
                        computeIfAbsent.setDenyExists(true);
                        computeIfAbsent.setDenied(true);
                        if (jsonValue2 instanceof JsonObject) {
                            computeIfAbsent.setDenyRestrictions(jsonToRestrictionItems(srMap, (JsonObject) jsonValue2));
                        }
                    }
                }
            }
        }
        return this.persistedPrivilegesMap;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v34, types: [java.lang.String[]] */
    protected List<RestrictionItem> jsonToRestrictionItems(Map<String, RestrictionDefinition> map, JsonObject jsonObject) {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry entry : jsonObject.entrySet()) {
            RestrictionDefinition restrictionDefinition = map.get((String) entry.getKey());
            if (restrictionDefinition != null) {
                String str = null;
                JsonArray jsonArray = (JsonValue) entry.getValue();
                if (jsonArray instanceof JsonArray) {
                    JsonArray jsonArray2 = jsonArray;
                    ?? r0 = new String[jsonArray2.size()];
                    for (int i = 0; i < r0.length; i++) {
                        r0[i] = jsonArray2.getString(i);
                    }
                    str = r0;
                } else if (jsonArray instanceof JsonString) {
                    str = ((JsonString) jsonArray).getString();
                }
                arrayList.add(new RestrictionItem(restrictionDefinition, str, true));
            }
        }
        return arrayList;
    }

    public Set<RestrictionDefinition> getSupportedRestrictions() {
        HashSet hashSet = new HashSet();
        Iterator<RestrictionProvider> it = this.restrictionProviders.iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().getSupportedRestrictions(this.resource.getPath()));
        }
        return hashSet;
    }

    public List<RestrictionDefinitionInfo> getSupportedRestrictionsInfo() {
        return (List) getSupportedRestrictions().stream().map(restrictionDefinition -> {
            return new RestrictionDefinitionInfo(restrictionDefinition.getName(), restrictionDefinition);
        }).sorted(Comparator.comparing((v0) -> {
            return v0.getDisplayName();
        })).collect(Collectors.toList());
    }

    public String getPrivilegeAggregationsAsJSON() throws RepositoryException {
        JsonBuilderFactory createBuilderFactory = Json.createBuilderFactory(Collections.emptyMap());
        JsonObjectBuilder createObjectBuilder = createBuilderFactory.createObjectBuilder();
        Session session = (Session) this.request.getResourceResolver().adaptTo(Session.class);
        Map<Privilege, String> privilegeLongestPathMap = AceUtils.getPrivilegeLongestPathMap(session);
        for (Privilege privilege : getSupportedOrRegisteredPrivileges(session, this.resource.getPath())) {
            Privilege[] aggregatePrivileges = privilege.getAggregatePrivileges();
            if (aggregatePrivileges != null && aggregatePrivileges.length > 0) {
                ArrayList arrayList = new ArrayList(Arrays.asList(aggregatePrivileges));
                arrayList.sort((privilege2, privilege3) -> {
                    return ((String) privilegeLongestPathMap.get(privilege2)).compareTo((String) privilegeLongestPathMap.get(privilege3));
                });
                JsonArrayBuilder createArrayBuilder = createBuilderFactory.createArrayBuilder();
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    createArrayBuilder.add(((Privilege) it.next()).getName());
                }
                createObjectBuilder.add(privilege.getName(), createArrayBuilder);
            }
        }
        return createObjectBuilder.build().toString();
    }

    public String getExistingRestrictionNamesAsJSON() throws RepositoryException {
        JsonObjectBuilder createObjectBuilder = Json.createObjectBuilder();
        boolean[] zArr = {true, false};
        int length = zArr.length;
        for (int i = 0; i < length; i++) {
            boolean z = zArr[i];
            JsonArrayBuilder createArrayBuilder = Json.createArrayBuilder();
            HashSet hashSet = new HashSet();
            for (PrivilegeItem privilegeItem : getPrivileges()) {
                if ((z && privilegeItem.getGranted()) || (!z && privilegeItem.getDenied())) {
                    for (RestrictionItem restrictionItem : z ? privilegeItem.getAllowRestrictions() : privilegeItem.getDenyRestrictions()) {
                        if (restrictionItem.isExists()) {
                            String format = String.format("%s@%s", privilegeItem.getName(), restrictionItem.getName());
                            if (!hashSet.contains(format)) {
                                createArrayBuilder.add(format);
                                hashSet.add(format);
                            }
                        }
                    }
                }
            }
            createObjectBuilder.add(z ? "allow" : "deny", createArrayBuilder);
        }
        return createObjectBuilder.build().toString();
    }

    public String getOrderValue() {
        String parameter = this.request.getParameter("order");
        return parameter == null ? "" : parameter;
    }

    public Collection<PrincipalPrivilege> getOrderList() throws RepositoryException {
        ArrayList arrayList = new ArrayList();
        JackrabbitSession jackrabbitSession = (Session) this.request.getResourceResolver().adaptTo(Session.class);
        PrincipalManager principalManager = jackrabbitSession.getPrincipalManager();
        String principalId = getPrincipalId();
        for (String str : this.getAcl.getAcl(jackrabbitSession, getAcePath()).keySet()) {
            if (principalId == null || !principalId.equals(str)) {
                Principal principal = principalManager.getPrincipal(str);
                if (principal != null) {
                    arrayList.add(new PrincipalPrivilege(principal));
                }
            }
        }
        return arrayList;
    }

    protected String[] fieldValuesFromReqParams(RequestParameter[] requestParameterArr) {
        String[] strArr = new String[requestParameterArr.length];
        for (int i = 0; i < requestParameterArr.length; i++) {
            strArr[i] = requestParameterArr[i].getString();
        }
        return strArr;
    }

    protected Map<String, String[]> getFieldValuesForPattern(Pattern pattern) {
        RequestParameter[] requestParameterArr;
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : this.request.getRequestParameterMap().entrySet()) {
            String str = (String) entry.getKey();
            if (!hashMap.containsKey(str) && pattern.matcher(str).matches() && (requestParameterArr = (RequestParameter[]) entry.getValue()) != null) {
                hashMap.put(str, fieldValuesFromReqParams(requestParameterArr));
            }
        }
        return hashMap;
    }
}
