package org.apache.jackrabbit.core.security.authorization.acl;

import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.id.NodeId;
import org.apache.jackrabbit.core.security.authorization.CompiledPermissions;
import org.apache.jackrabbit.spi.Path;
import org.pentaho.platform.api.engine.ISystemConfig;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jackrabbit/core/security/authorization/acl/PentahoACLProvider.class */
public class PentahoACLProvider extends ACLProvider {
    private Map configuration;
    private EntryCollector entryCollector;
    private boolean useCachingEntryCollector;
    private boolean initialized;
    private Map<Integer, PentahoCompiledPermissionsImpl> compiledPermissionsCache = new HashMap();
    private Logger logger = LoggerFactory.getLogger(getClass().getName());

    public void init(Session session, Map map) throws RepositoryException {
        this.configuration = map;
        ISystemConfig iSystemConfig = (ISystemConfig) PentahoSystem.get(ISystemConfig.class);
        if (iSystemConfig != null) {
            this.useCachingEntryCollector = "true".equals(iSystemConfig.getProperty("system.cachingEntryCollector"));
        }
        super.init(session, map);
        updateRootAcl((SessionImpl) session, new ACLEditor(this.session, this));
        this.initialized = true;
        registerEntryCollectorWithObservationManager(session);
    }

    protected void registerEntryCollectorWithObservationManager(Session session) throws RepositoryException {
        if (this.entryCollector == null || !this.initialized) {
            return;
        }
        session.getWorkspace().getObservationManager().addEventListener(this.entryCollector, 3, "/", true, (String[]) null, (String[]) null, false);
    }

    protected void updateRootAcl(SessionImpl sessionImpl, ACLEditor aCLEditor) throws RepositoryException {
        String path = this.session.getRootNode().getPath();
        AccessControlList[] policies = aCLEditor.getPolicies(path);
        if (policies.length > 0) {
            PrincipalManager principalManager = sessionImpl.getPrincipalManager();
            AccessControlManager accessControlManager = this.session.getAccessControlManager();
            Principal everyone = principalManager.getEveryone();
            Privilege[] privilegeArr = {accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}read"), accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}readAccessControl")};
            AccessControlList accessControlList = policies[0];
            for (AccessControlEntry accessControlEntry : accessControlList.getAccessControlEntries()) {
                if (accessControlEntry.getPrincipal().equals(everyone)) {
                    accessControlList.removeAccessControlEntry(accessControlEntry);
                }
            }
            accessControlList.addAccessControlEntry(everyone, privilegeArr);
            aCLEditor.setPolicy(path, accessControlList);
            this.session.save();
        }
    }

    protected EntryCollector createEntryCollector(SessionImpl sessionImpl) throws RepositoryException {
        if (this.entryCollector != null) {
            return this.entryCollector;
        }
        if (this.useCachingEntryCollector) {
            this.entryCollector = new CachingPentahoEntryCollector(sessionImpl, getRootNodeId(), this.configuration);
            this.logger.debug("Using Caching EntryCollector");
        } else {
            this.entryCollector = new PentahoEntryCollector(sessionImpl, getRootNodeId(), this.configuration);
            this.logger.debug("Using Non-Caching EntryCollector");
        }
        registerEntryCollectorWithObservationManager(sessionImpl);
        return this.entryCollector;
    }

    public CompiledPermissions compilePermissions(Set<Principal> set) throws RepositoryException {
        checkInitialized();
        return isAdminOrSystem(set) ? getAdminPermissions() : isReadOnly(set) ? getReadOnlyPermissions() : getCompiledPermissions(set);
    }

    protected PentahoCompiledPermissionsImpl getCompiledPermissions(Set<Principal> set) throws RepositoryException {
        if (this.compiledPermissionsCache.containsKey(Integer.valueOf(set.hashCode()))) {
            return this.compiledPermissionsCache.get(Integer.valueOf(set.hashCode()));
        }
        PentahoCompiledPermissionsImpl pentahoCompiledPermissionsImpl = new PentahoCompiledPermissionsImpl(set, this.session, this.entryCollector, this, true);
        this.compiledPermissionsCache.put(Integer.valueOf(set.hashCode()), pentahoCompiledPermissionsImpl);
        return pentahoCompiledPermissionsImpl;
    }

    public boolean canAccessRoot(Set<Principal> set) throws RepositoryException {
        checkInitialized();
        if (isAdminOrSystem(set)) {
            return true;
        }
        PentahoCompiledPermissionsImpl compiledPermissions = getCompiledPermissions(set);
        try {
            boolean canRead = compiledPermissions.canRead((Path) null, getRootNodeId());
            compiledPermissions.close();
            return canRead;
        } catch (Throwable th) {
            compiledPermissions.close();
            throw th;
        }
    }

    private NodeId getRootNodeId() throws RepositoryException {
        return this.session.getRootNode().getNodeId();
    }
}
