package org.apache.sling.jcr.jackrabbit.accessmanager.post;

import jakarta.json.Json;
import jakarta.json.JsonObject;
import jakarta.json.stream.JsonGenerator;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.TreeMap;
import java.util.function.Predicate;
import java.util.stream.Stream;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
import javax.servlet.ServletException;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.authorization.PrincipalAccessControlList;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.ResourceNotFoundException;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.apache.sling.jcr.jackrabbit.accessmanager.LocalPrivilege;
import org.apache.sling.jcr.jackrabbit.accessmanager.LocalRestriction;
import org.apache.sling.jcr.jackrabbit.accessmanager.impl.PrincipalAceHelper;
import org.apache.sling.jcr.jackrabbit.accessmanager.impl.PrivilegesHelper;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:lib/slingcms.far:org/apache/sling/org.apache.sling.jcr.jackrabbit.accessmanager/4.0.0/org.apache.sling.jcr.jackrabbit.accessmanager-4.0.0.jar:org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessGetServlet.class */
public abstract class AbstractAccessGetServlet extends AbstractAccessServlet {
    @Override // org.apache.sling.api.servlets.SlingSafeMethodsServlet
    protected void doGet(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        try {
            JsonObject internalJson = internalJson((Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class), getItemPath(slingHttpServletRequest), slingHttpServletRequest.getParameter("pid"));
            slingHttpServletResponse.setContentType("application/json");
            slingHttpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
            boolean z = false;
            String[] selectors = slingHttpServletRequest.getRequestPathInfo().getSelectors();
            if (selectors.length > 0) {
                int length = selectors.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if ("tidy".equals(selectors[i])) {
                        z = true;
                        break;
                    }
                    i++;
                }
            }
            HashMap hashMap = new HashMap();
            hashMap.put(JsonGenerator.PRETTY_PRINTING, Boolean.valueOf(z));
            JsonGenerator createGenerator = Json.createGeneratorFactory(hashMap).createGenerator(slingHttpServletResponse.getWriter());
            try {
                createGenerator.write(internalJson).flush();
                if (createGenerator != null) {
                    createGenerator.close();
                }
            } catch (Throwable th) {
                if (createGenerator != null) {
                    try {
                        createGenerator.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (AccessDeniedException e) {
            slingHttpServletResponse.sendError(404);
        } catch (ResourceNotFoundException e2) {
            slingHttpServletResponse.sendError(404, e2.getMessage());
        } catch (Exception e3) {
            throw new ServletException(String.format("Exception while handling GET %s with %s", slingHttpServletRequest.getResource().getPath(), getClass().getName()), e3);
        }
    }

    @Nullable
    protected String getItemPath(SlingHttpServletRequest slingHttpServletRequest) {
        return slingHttpServletRequest.getResource().getPath();
    }

    protected abstract JsonObject internalJson(Session session, String str, String str2) throws RepositoryException;

    /* JADX INFO: Access modifiers changed from: protected */
    @NotNull
    public Principal validateArgs(Session session, String str, String str2) throws RepositoryException {
        validateArgs(session, str);
        if (str2 == null) {
            throw new RepositoryException("principalId was not submitted.");
        }
        Principal principal = AccessControlUtil.getPrincipalManager(session).getPrincipal(str2);
        if (principal == null) {
            throw new RepositoryException("Invalid principalId was submitted.");
        }
        return principal;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NotNull
    public void validateArgs(Session session, String str) throws RepositoryException {
        if (session == null) {
            throw new RepositoryException("JCR Session not found");
        }
        validateResourcePath(session, str);
    }

    protected void validateResourcePath(Session session, String str) throws RepositoryException {
        if (str == null) {
            throw new ResourceNotFoundException("Resource path was not supplied.");
        }
        if (!session.nodeExists(str)) {
            throw new ResourceNotFoundException("Resource is not a JCR Node");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processACE(Map<String, RestrictionDefinition> map, JackrabbitAccessControlEntry jackrabbitAccessControlEntry, Privilege[] privilegeArr, Map<Privilege, LocalPrivilege> map2) throws RepositoryException {
        boolean isAllow = jackrabbitAccessControlEntry.isAllow();
        String[] restrictionNames = jackrabbitAccessControlEntry.getRestrictionNames();
        HashSet hashSet = new HashSet();
        for (String str : restrictionNames) {
            RestrictionDefinition restrictionDefinition = map.get(str);
            if (restrictionDefinition.getRequiredType().isArray()) {
                hashSet.add(new LocalRestriction(restrictionDefinition, jackrabbitAccessControlEntry.getRestrictions(str)));
            } else {
                hashSet.add(new LocalRestriction(restrictionDefinition, jackrabbitAccessControlEntry.getRestriction(str)));
            }
        }
        if (isAllow) {
            PrivilegesHelper.allow(map2, hashSet, Arrays.asList(privilegeArr));
        } else {
            PrivilegesHelper.deny(map2, hashSet, Arrays.asList(privilegeArr));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NotNull
    public Map<String, List<AccessControlEntry>> entriesSortedByEffectivePath(@NotNull AccessControlPolicy[] accessControlPolicyArr, @NotNull Predicate<? super AccessControlEntry> predicate, Map<Principal, Map<DeclarationType, Set<String>>> map) throws RepositoryException {
        TreeMap treeMap = new TreeMap((str, str2) -> {
            return Objects.compare(str, str2, Comparator.nullsFirst((v0, v1) -> {
                return v0.compareTo(v1);
            }));
        });
        for (AccessControlPolicy accessControlPolicy : accessControlPolicyArr) {
            AccessControlEntry[] accessControlEntries = ((AccessControlList) accessControlPolicy).getAccessControlEntries();
            if (accessControlPolicy instanceof AccessControlList) {
                Stream.of((Object[]) accessControlEntries).filter(predicate).forEach(accessControlEntry -> {
                    DeclarationType declarationType = null;
                    String str3 = null;
                    if (accessControlEntry instanceof PrincipalAccessControlList.Entry) {
                        str3 = ((PrincipalAccessControlList.Entry) accessControlEntry).getEffectivePath();
                        if (str3 == null) {
                            str3 = PrincipalAceHelper.RESOURCE_PATH_REPOSITORY;
                        }
                        declarationType = DeclarationType.PRINCIPAL;
                    } else if (accessControlPolicy instanceof JackrabbitAccessControlList) {
                        str3 = ((JackrabbitAccessControlList) accessControlPolicy).getPath();
                        declarationType = DeclarationType.NODE;
                    }
                    ((List) treeMap.computeIfAbsent(str3, str4 -> {
                        return new ArrayList();
                    })).add(accessControlEntry);
                    ((Set) ((Map) map.computeIfAbsent(accessControlEntry.getPrincipal(), principal -> {
                        return new HashMap();
                    })).computeIfAbsent(declarationType, declarationType2 -> {
                        return new HashSet();
                    })).add(str3);
                });
            }
        }
        return treeMap;
    }
}
