package org.apache.jackrabbit.oak.security.authorization.permission;

import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeSet;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.security.authorization.monitor.AuthorizationMonitor;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.JcrAllUtil;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:lib/slingcms.far:org/apache/jackrabbit/oak-core/1.58.0/oak-core-1.58.0.jar:org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreImpl.class */
public class PermissionStoreImpl implements PermissionStore, PermissionConstants {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PermissionStoreImpl.class);
    private final String permissionRootName;
    private final RestrictionProvider restrictionProvider;
    private final AuthorizationMonitor monitor;
    private final Map<String, Tree> principalTreeMap = new HashMap();
    private Tree permissionsTree;
    private PrivilegeBitsProvider bitsProvider;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PermissionStoreImpl(@NotNull Root root, @NotNull String str, @NotNull RestrictionProvider restrictionProvider, @NotNull AuthorizationMonitor authorizationMonitor) {
        this.permissionRootName = str;
        this.restrictionProvider = restrictionProvider;
        this.monitor = authorizationMonitor;
        reset(root);
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.permission.PermissionStore
    public void flush(@NotNull Root root) {
        this.principalTreeMap.clear();
        reset(root);
    }

    private void reset(@NotNull Root root) {
        this.permissionsTree = PermissionUtil.getPermissionsRoot(root, this.permissionRootName);
        this.bitsProvider = new PrivilegeBitsProvider(root);
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.permission.PermissionStore
    @Nullable
    public Collection<PermissionEntry> load(@NotNull String str, @NotNull String str2) {
        Tree principalRoot = getPrincipalRoot(str);
        Collection<PermissionEntry> collection = null;
        if (principalRoot != null) {
            String entryName = PermissionUtil.getEntryName(str2);
            if (principalRoot.hasChild(entryName)) {
                Tree child = principalRoot.getChild(entryName);
                if (!PermissionUtil.checkACLPath(child, str2)) {
                    Iterator<Tree> it = child.getChildren().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Tree next = it.next();
                        if (PermissionUtil.checkACLPath(next, str2)) {
                            collection = loadPermissionEntries(str2, next);
                            break;
                        }
                    }
                } else {
                    collection = loadPermissionEntries(str2, child);
                }
            }
        }
        return collection;
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.permission.PermissionStore
    @NotNull
    public NumEntries getNumEntries(@NotNull String str, long j) {
        Tree principalRoot = getPrincipalRoot(str);
        if (principalRoot == null) {
            return NumEntries.ZERO;
        }
        long j2 = TreeUtil.getLong(principalRoot, PermissionConstants.REP_NUM_PERMISSIONS, -1L);
        return j2 >= 0 ? NumEntries.valueOf(j2, true) : NumEntries.valueOf(principalRoot.getChildrenCount(j), false);
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.permission.PermissionStore
    @NotNull
    public PrincipalPermissionEntries load(@NotNull String str) {
        long nanoTime = System.nanoTime();
        PrincipalPermissionEntries principalPermissionEntries = new PrincipalPermissionEntries();
        Tree principalRoot = getPrincipalRoot(str);
        if (principalRoot != null) {
            Iterator<Tree> it = principalRoot.getChildren().iterator();
            while (it.hasNext()) {
                loadPermissionEntries(it.next(), principalPermissionEntries);
            }
        }
        principalPermissionEntries.setFullyLoaded(true);
        long nanoTime2 = System.nanoTime() - nanoTime;
        this.monitor.permissionAllLoaded(nanoTime2);
        log.debug("loaded {} entries in {}us for {}.", Long.valueOf(principalPermissionEntries.getSize()), Double.valueOf(nanoTime2 / 1000.0d), str);
        return principalPermissionEntries;
    }

    @Nullable
    private Tree getPrincipalRoot(@NotNull String str) {
        if (this.principalTreeMap.containsKey(str)) {
            return this.principalTreeMap.get(str);
        }
        Tree principalRoot = PermissionUtil.getPrincipalRoot(this.permissionsTree, str);
        if (!principalRoot.exists()) {
            principalRoot = null;
        }
        this.principalTreeMap.put(str, principalRoot);
        return principalRoot;
    }

    private void loadPermissionEntries(@NotNull Tree tree, @NotNull PrincipalPermissionEntries principalPermissionEntries) {
        String string = TreeUtil.getString(tree, PermissionConstants.REP_ACCESS_CONTROLLED_PATH);
        if (string == null) {
            this.monitor.permissionError();
            log.error("Permission entry at '{}' without rep:accessControlledPath property.", tree.getPath());
            return;
        }
        Collection<PermissionEntry> entriesByPath = principalPermissionEntries.getEntriesByPath(string);
        if (entriesByPath == null) {
            entriesByPath = new TreeSet();
            principalPermissionEntries.putEntriesByPath(string, entriesByPath);
        }
        for (Tree tree2 : tree.getChildren()) {
            if (tree2.getName().charAt(0) == 'c') {
                loadPermissionEntries(tree2, principalPermissionEntries);
            } else {
                entriesByPath.add(createPermissionEntry(string, tree2));
            }
        }
    }

    @NotNull
    private Collection<PermissionEntry> loadPermissionEntries(@NotNull String str, @NotNull Tree tree) {
        TreeSet treeSet = new TreeSet();
        for (Tree tree2 : tree.getChildren()) {
            if (tree2.getName().charAt(0) != 'c') {
                treeSet.add(createPermissionEntry(str, tree2));
            }
        }
        return treeSet;
    }

    @NotNull
    private PermissionEntry createPermissionEntry(@NotNull String str, @NotNull Tree tree) {
        return new PermissionEntry(str, TreeUtil.getBoolean(tree, PermissionConstants.REP_IS_ALLOW), Integer.parseInt(tree.getName()), JcrAllUtil.getPrivilegeBits(tree.getProperty("rep:privileges"), this.bitsProvider), this.restrictionProvider.getPattern(str, tree));
    }
}
