package org.apache.jackrabbit.oak.security.authorization.permission;

import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeSet;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:resources/install/15/oak-core-1.8.8.jar:org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreImpl.class */
public class PermissionStoreImpl implements PermissionStore, PermissionConstants {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PermissionStoreImpl.class);
    private final String permissionRootName;
    private final RestrictionProvider restrictionProvider;
    private final Map<String, Tree> principalTreeMap = new HashMap();
    private Tree permissionsTree;
    private PrivilegeBits allBits;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PermissionStoreImpl(Root root, String str, RestrictionProvider restrictionProvider) {
        this.permissionRootName = str;
        this.restrictionProvider = restrictionProvider;
        reset(root);
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.permission.PermissionStore
    public void flush(@Nonnull Root root) {
        this.principalTreeMap.clear();
        reset(root);
    }

    private void reset(@Nonnull Root root) {
        this.permissionsTree = PermissionUtil.getPermissionsRoot(root, this.permissionRootName);
        this.allBits = new PrivilegeBitsProvider(root).getBits(PrivilegeConstants.JCR_ALL);
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.permission.PermissionStore
    @CheckForNull
    public Collection<PermissionEntry> load(@Nullable Collection<PermissionEntry> collection, @Nonnull String str, @Nonnull String str2) {
        Tree principalRoot = getPrincipalRoot(str);
        if (principalRoot != null) {
            String entryName = PermissionUtil.getEntryName(str2);
            if (principalRoot.hasChild(entryName)) {
                Tree child = principalRoot.getChild(entryName);
                if (PermissionUtil.checkACLPath(child, str2)) {
                    collection = loadPermissionEntries(str2, collection, child);
                } else {
                    for (Tree tree : child.getChildren()) {
                        if (PermissionUtil.checkACLPath(tree, str2)) {
                            collection = loadPermissionEntries(str2, collection, tree);
                        }
                    }
                }
            }
        }
        if (collection == null || collection.isEmpty()) {
            return null;
        }
        return collection;
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.permission.PermissionStore
    public long getNumEntries(@Nonnull String str, long j) {
        Tree principalRoot = getPrincipalRoot(str);
        if (principalRoot == null) {
            return 0L;
        }
        return principalRoot.getChildrenCount(j);
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.permission.PermissionStore
    @Nonnull
    public PrincipalPermissionEntries load(@Nonnull String str) {
        long nanoTime = System.nanoTime();
        PrincipalPermissionEntries principalPermissionEntries = new PrincipalPermissionEntries();
        Tree principalRoot = getPrincipalRoot(str);
        if (principalRoot != null) {
            Iterator<Tree> it = principalRoot.getChildren().iterator();
            while (it.hasNext()) {
                loadPermissionEntries(it.next(), principalPermissionEntries.getEntries());
            }
        }
        principalPermissionEntries.setFullyLoaded(true);
        long nanoTime2 = System.nanoTime();
        if (log.isDebugEnabled()) {
            log.debug(String.format("loaded %d entries in %.2fus for %s.%n", Long.valueOf(principalPermissionEntries.getSize()), Double.valueOf((nanoTime2 - nanoTime) / 1000.0d), str));
        }
        return principalPermissionEntries;
    }

    @CheckForNull
    private Tree getPrincipalRoot(@Nonnull String str) {
        if (this.principalTreeMap.containsKey(str)) {
            return this.principalTreeMap.get(str);
        }
        Tree principalRoot = PermissionUtil.getPrincipalRoot(this.permissionsTree, str);
        if (!principalRoot.exists()) {
            principalRoot = null;
        }
        this.principalTreeMap.put(str, principalRoot);
        return principalRoot;
    }

    private void loadPermissionEntries(@Nonnull Tree tree, @Nonnull Map<String, Collection<PermissionEntry>> map) {
        String string = TreeUtil.getString(tree, PermissionConstants.REP_ACCESS_CONTROLLED_PATH);
        if (string == null) {
            log.error("Permission entry at '{}' without rep:accessControlledPath property.", tree.getPath());
            return;
        }
        Collection<PermissionEntry> collection = map.get(string);
        if (collection == null) {
            collection = new TreeSet();
            map.put(string, collection);
        }
        for (Tree tree2 : tree.getChildren()) {
            if (tree2.getName().charAt(0) == 'c') {
                loadPermissionEntries(tree2, map);
            } else {
                collection.add(createPermissionEntry(string, tree2));
            }
        }
    }

    @CheckForNull
    private Collection<PermissionEntry> loadPermissionEntries(@Nonnull String str, @Nullable Collection<PermissionEntry> collection, @Nonnull Tree tree) {
        for (Tree tree2 : tree.getChildren()) {
            if (tree2.getName().charAt(0) != 'c') {
                if (collection == null) {
                    collection = new TreeSet();
                }
                collection.add(createPermissionEntry(str, tree2));
            }
        }
        return collection;
    }

    @Nonnull
    private PermissionEntry createPermissionEntry(@Nonnull String str, @Nonnull Tree tree) {
        PropertyState property = tree.getProperty("rep:privileges");
        return new PermissionEntry(str, TreeUtil.getBoolean(tree, PermissionConstants.REP_IS_ALLOW), Integer.parseInt(tree.getName()), isJcrAll(property) ? this.allBits : PrivilegeBits.getInstance(property), this.restrictionProvider.getPattern(str, tree));
    }

    private static boolean isJcrAll(@CheckForNull PropertyState propertyState) {
        return propertyState != null && propertyState.count() == 1 && ((Long) propertyState.getValue(Type.LONG, 0)).longValue() == -1;
    }
}
