package org.apache.sling.jcr.jackrabbit.accessmanager.post;

import java.security.Principal;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import javax.servlet.Servlet;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.api.security.authorization.PrincipalAccessControlList;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.sling.jcr.jackrabbit.accessmanager.LocalPrivilege;
import org.apache.sling.jcr.jackrabbit.accessmanager.LocalRestriction;
import org.apache.sling.jcr.jackrabbit.accessmanager.ModifyPrincipalAce;
import org.apache.sling.jcr.jackrabbit.accessmanager.impl.PrincipalAceHelper;
import org.apache.sling.servlets.post.PostResponseCreator;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@Component(service = {Servlet.class, ModifyPrincipalAce.class}, property = {"sling.servlet.resourceTypes=sling/servlet/default", "sling.servlet.methods=POST", "sling.servlet.selectors=modifyPAce", "sling.servlet.prefix:Integer=-1"}, reference = {@Reference(name = "RestrictionProvider", bind = "bindRestrictionProvider", cardinality = ReferenceCardinality.MULTIPLE, policyOption = ReferencePolicyOption.GREEDY, service = RestrictionProvider.class), @Reference(name = "PostResponseCreator", bind = "bindPostResponseCreator", cardinality = ReferenceCardinality.MULTIPLE, policyOption = ReferencePolicyOption.GREEDY, service = PostResponseCreator.class)})
/* loaded from: input_file:lib/slingcms.far:org/apache/sling/org.apache.sling.jcr.jackrabbit.accessmanager/4.0.0/org.apache.sling.jcr.jackrabbit.accessmanager-4.0.0.jar:org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyPrincipalAceServlet.class */
public class ModifyPrincipalAceServlet extends ModifyAceServlet implements ModifyPrincipalAce {
    private static final long serialVersionUID = -4152308935573740745L;

    @Override // org.apache.sling.jcr.jackrabbit.accessmanager.post.AbstractAccessPostServlet
    protected boolean allowNonExistingPaths() {
        return true;
    }

    @Override // org.apache.sling.jcr.jackrabbit.accessmanager.ModifyPrincipalAce
    public void modifyPrincipalAce(Session session, String str, String str2, Map<String, String> map, boolean z) throws RepositoryException {
        modifyPrincipalAce(session, str, str2, map, null, null, null, z);
    }

    @Override // org.apache.sling.jcr.jackrabbit.accessmanager.ModifyPrincipalAce
    public void modifyPrincipalAce(Session session, String str, String str2, Map<String, String> map, Map<String, Value> map2, Map<String, Value[]> map3, Set<String> set, boolean z) throws RepositoryException {
        modifyAce(session, str, str2, map, null, map2, map3, set, z, null);
    }

    @Override // org.apache.sling.jcr.jackrabbit.accessmanager.ModifyPrincipalAce
    public void modifyPrincipalAce(Session session, String str, String str2, Collection<LocalPrivilege> collection, boolean z) throws RepositoryException {
        modifyAce(session, str, str2, collection, null, z, null);
    }

    @Override // org.apache.sling.jcr.jackrabbit.accessmanager.post.ModifyAceServlet
    protected JackrabbitAccessControlList getAcl(@NotNull AccessControlManager accessControlManager, String str, Principal principal) throws RepositoryException {
        PrincipalAccessControlList principalAccessControlList = null;
        if (accessControlManager instanceof JackrabbitAccessControlManager) {
            JackrabbitAccessControlManager jackrabbitAccessControlManager = (JackrabbitAccessControlManager) accessControlManager;
            JackrabbitAccessControlPolicy[] policies = jackrabbitAccessControlManager.getPolicies(principal);
            int length = policies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                JackrabbitAccessControlPolicy jackrabbitAccessControlPolicy = policies[i];
                if (jackrabbitAccessControlPolicy instanceof PrincipalAccessControlList) {
                    principalAccessControlList = (PrincipalAccessControlList) jackrabbitAccessControlPolicy;
                    break;
                }
                i++;
            }
            if (principalAccessControlList == null) {
                JackrabbitAccessControlPolicy[] applicablePolicies = jackrabbitAccessControlManager.getApplicablePolicies(principal);
                int length2 = applicablePolicies.length;
                int i2 = 0;
                while (true) {
                    if (i2 >= length2) {
                        break;
                    }
                    JackrabbitAccessControlPolicy jackrabbitAccessControlPolicy2 = applicablePolicies[i2];
                    if (jackrabbitAccessControlPolicy2 instanceof PrincipalAccessControlList) {
                        principalAccessControlList = (PrincipalAccessControlList) jackrabbitAccessControlPolicy2;
                        break;
                    }
                    i2++;
                }
            }
        }
        return principalAccessControlList;
    }

    @Override // org.apache.sling.jcr.jackrabbit.accessmanager.post.ModifyAceServlet
    protected String removeAces(@NotNull String str, @Nullable String str2, @NotNull Principal principal, @NotNull JackrabbitAccessControlList jackrabbitAccessControlList) throws RepositoryException {
        AccessControlEntry[] accessControlEntries = jackrabbitAccessControlList.getAccessControlEntries();
        for (int i = 0; i < accessControlEntries.length; i++) {
            AccessControlEntry accessControlEntry = accessControlEntries[i];
            if (getJackrabbitAccessControlEntry(accessControlEntry, str, principal) != null) {
                if (str2 == null || str2.length() == 0) {
                    str2 = String.valueOf(i);
                }
                jackrabbitAccessControlList.removeAccessControlEntry(accessControlEntry);
            }
        }
        return str2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sling.jcr.jackrabbit.accessmanager.post.ModifyAceServlet
    public void addAces(@NotNull String str, @NotNull Principal principal, @NotNull Map<Set<LocalRestriction>, List<LocalPrivilege>> map, boolean z, @NotNull JackrabbitAccessControlList jackrabbitAccessControlList, Map<Privilege, Integer> map2) throws RepositoryException {
        if (z) {
            super.addAces(str, principal, map, z, jackrabbitAccessControlList, map2);
        } else if (!map.isEmpty()) {
            throw new IllegalArgumentException("Deny privileges are not allowed in a principal ACE");
        }
    }

    @Override // org.apache.sling.jcr.jackrabbit.accessmanager.post.ModifyAceServlet
    @Nullable
    protected JackrabbitAccessControlEntry getJackrabbitAccessControlEntry(@NotNull AccessControlEntry accessControlEntry, @NotNull String str, @NotNull Principal principal) {
        JackrabbitAccessControlEntry jackrabbitAccessControlEntry = null;
        if ((accessControlEntry instanceof PrincipalAccessControlList.Entry) && accessControlEntry.getPrincipal().equals(principal) && PrincipalAceHelper.matchesResourcePath(str, accessControlEntry)) {
            jackrabbitAccessControlEntry = (JackrabbitAccessControlEntry) accessControlEntry;
        }
        return jackrabbitAccessControlEntry;
    }
}
