package org.apache.jackrabbit.core.security;

import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.jcr.AccessDeniedException;
import javax.jcr.Item;
import javax.jcr.ItemNotFoundException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.PropertyIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.Value;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
import javax.jcr.version.Version;
import javax.jcr.version.VersionHistory;
import javax.security.auth.Subject;
import org.apache.commons.collections.map.LRUMap;
import org.apache.commons.lang.StringUtils;
import org.apache.jackrabbit.core.HierarchyManager;
import org.apache.jackrabbit.core.RepositoryContext;
import org.apache.jackrabbit.core.config.WorkspaceConfig;
import org.apache.jackrabbit.core.id.ItemId;
import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.spi.commons.conversion.DefaultNamePathResolver;
import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
import org.apache.jackrabbit.spi.commons.namespace.SessionNamespaceResolver;
import org.jahia.content.ObjectKeyInterface;
import org.jahia.exceptions.JahiaException;
import org.jahia.jaas.JahiaPrincipal;
import org.jahia.registries.ServicesRegistry;
import org.jahia.services.categories.Category;
import org.jahia.services.sites.JahiaSite;
import org.jahia.services.sites.JahiaSitesBaseService;
import org.jahia.services.sites.JahiaSitesService;
import org.jahia.services.usermanager.JahiaGroup;
import org.jahia.services.usermanager.JahiaGroupManagerService;
import org.jahia.services.usermanager.JahiaUser;
import org.jahia.services.usermanager.JahiaUserManagerService;
import org.jahia.settings.SettingsBean;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jackrabbit/core/security/JahiaAccessManager.class */
public class JahiaAccessManager extends AbstractAccessControlManager implements AccessManager, AccessControlManager {
    protected Subject subject;
    protected HierarchyManager hierMgr;
    protected NamePathResolver resolver;
    private JahiaPrivilegeRegistry privilegeRegistry;
    protected String workspaceName;
    private JahiaUserManagerService userService;
    private JahiaGroupManagerService groupService;
    private JahiaSitesService sitesService;
    private Session securitySession;
    private RepositoryContext repositoryContext;
    private WorkspaceConfig workspaceConfig;
    private Set<String> userMembership;
    private JahiaUser jahiaUser;
    private static final Logger logger = LoggerFactory.getLogger(JahiaAccessManager.class);
    private static final Map<String, Map<String, String>> PRIVILEGE_NAMES = new ConcurrentHashMap(2);
    private static ThreadLocal<Collection<String>> deniedPathes = new ThreadLocal<>();
    private Map<String, Set<Privilege>> privilegesInRole = new HashMap();
    private Map<String, Boolean> pathPermissionCache = null;
    private Map<String, CompiledAcl> compiledAcls = new HashMap();
    private Boolean isAdmin = null;
    private boolean isAliased = false;
    private boolean globalGroupMembershipCheckActivated = false;
    private boolean initialized = false;
    protected JahiaPrincipal jahiaPrincipal = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/jackrabbit/core/security/JahiaAccessManager$CompiledAce.class */
    public class CompiledAce {
        String principal;
        Set<String> roles = new HashSet();
        boolean granted;

        CompiledAce() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/jackrabbit/core/security/JahiaAccessManager$CompiledAcl.class */
    public class CompiledAcl {
        boolean broken = false;
        Set<CompiledAce> aces = new HashSet();

        CompiledAcl() {
        }
    }

    public static String getPrivilegeName(String str, String str2) {
        if (str2 == null) {
            return str;
        }
        Map<String, String> map = PRIVILEGE_NAMES.get(str2);
        if (map == null) {
            map = new ConcurrentHashMap();
            PRIVILEGE_NAMES.put(str2, map);
        }
        String str3 = map.get(str);
        if (str3 == null) {
            str3 = str + ObjectKeyInterface.KEY_SEPARATOR + str2;
            map.put(str, str3);
        }
        return str3;
    }

    public static void setDeniedPaths(Collection<String> collection) {
        deniedPathes.set(collection);
    }

    public void init(AMContext aMContext) throws AccessDeniedException, Exception {
        init(aMContext, null, null, null, null);
    }

    public void init(AMContext aMContext, AccessControlProvider accessControlProvider, WorkspaceAccessManager workspaceAccessManager) throws AccessDeniedException, Exception {
        init(aMContext, null, null, null, null);
    }

    public Session getSecuritySession() throws RepositoryException {
        if (this.securitySession != null) {
            return this.securitySession;
        }
        HashSet hashSet = new HashSet();
        hashSet.add(new SystemPrincipal());
        this.securitySession = new JahiaSystemSession(this.repositoryContext, new Subject(true, hashSet, Collections.EMPTY_SET, Collections.EMPTY_SET), this.workspaceConfig);
        return this.securitySession;
    }

    public boolean isSystemPrincipal() {
        return this.jahiaPrincipal != null && this.jahiaPrincipal.isSystem();
    }

    public void init(AMContext aMContext, AccessControlProvider accessControlProvider, WorkspaceAccessManager workspaceAccessManager, RepositoryContext repositoryContext, WorkspaceConfig workspaceConfig) throws AccessDeniedException, Exception {
        if (this.initialized) {
            throw new IllegalStateException("already initialized");
        }
        this.pathPermissionCache = Collections.synchronizedMap(new LRUMap(SettingsBean.getInstance().getAccessManagerPathPermissionCacheMaxSize()));
        this.globalGroupMembershipCheckActivated = SettingsBean.getInstance().isGlobalGroupMembershipCheckActivated();
        this.subject = aMContext.getSubject();
        this.resolver = aMContext.getNamePathResolver();
        this.hierMgr = aMContext.getHierarchyManager();
        this.workspaceName = aMContext.getWorkspaceName();
        this.repositoryContext = repositoryContext;
        this.workspaceConfig = workspaceConfig;
        this.privilegeRegistry = new JahiaPrivilegeRegistry(aMContext.getSession().getWorkspace().getNamespaceRegistry());
        Set principals = this.subject.getPrincipals(JahiaPrincipal.class);
        if (!principals.isEmpty()) {
            this.jahiaPrincipal = (JahiaPrincipal) principals.iterator().next();
        }
        this.userService = ServicesRegistry.getInstance().getJahiaUserManagerService();
        this.groupService = ServicesRegistry.getInstance().getJahiaGroupManagerService();
        this.sitesService = ServicesRegistry.getInstance().getJahiaSitesService();
        if (this.jahiaPrincipal.isSystem()) {
            this.userMembership = new HashSet();
        } else if (!JahiaLoginModule.GUEST.equals(this.jahiaPrincipal.getName())) {
            this.jahiaUser = this.userService.lookupUser(this.jahiaPrincipal.getName());
            if (this.jahiaUser != null) {
                this.userMembership = new HashSet(this.groupService.getUserMembership(this.jahiaUser));
            }
        }
        this.initialized = true;
    }

    public void close() throws Exception {
        if (this.securitySession != null) {
            this.securitySession.logout();
        }
    }

    public void checkPermission(ItemId itemId, int i) throws AccessDeniedException, ItemNotFoundException, RepositoryException {
        if (!isGranted(itemId, i)) {
            throw new AccessDeniedException("Not sufficient privileges for permissions : " + i + " on " + itemId);
        }
    }

    public void checkPermission(Path path, int i) throws AccessDeniedException, RepositoryException {
        if (!isGranted(path, i)) {
            throw new AccessDeniedException("Not sufficient privileges for permissions : " + i + " on " + path + " [" + deniedPathes.get() + "]");
        }
    }

    protected void checkPermission(String str, int i) throws AccessDeniedException, PathNotFoundException, RepositoryException {
        checkValidNodePath(str);
        checkPermission(this.resolver.getQPath(str), i);
    }

    public boolean hasPrivileges(String str, Set<Principal> set, Privilege[] privilegeArr) throws PathNotFoundException, AccessDeniedException, RepositoryException {
        checkInitialized();
        checkValidNodePath(str);
        checkPermission(str, 32);
        if (privilegeArr != null && privilegeArr.length != 0) {
            return isGranted(this.resolver.getQPath(str), PrivilegeRegistry.getBits(privilegeArr));
        }
        if (!logger.isDebugEnabled()) {
            return true;
        }
        logger.debug("No privileges passed -> allowed.");
        return true;
    }

    protected void checkInitialized() throws IllegalStateException {
        if (!this.initialized) {
            throw new IllegalStateException("not initialized");
        }
    }

    public Privilege privilegeFromName(String str) throws AccessControlException, RepositoryException {
        checkInitialized();
        return this.privilegeRegistry.getPrivilege(str, this.workspaceName);
    }

    public Privilege[] getSupportedPrivileges(String str) throws PathNotFoundException, RepositoryException {
        checkInitialized();
        checkValidNodePath(str);
        return this.privilegeRegistry.getRegisteredPrivileges();
    }

    protected PrivilegeRegistry getPrivilegeRegistry() throws RepositoryException {
        return null;
    }

    protected void checkValidNodePath(String str) throws PathNotFoundException, RepositoryException {
        Path qPath = this.resolver.getQPath(str);
        if (!qPath.isAbsolute()) {
            throw new RepositoryException("Absolute path expected.");
        }
        if (this.hierMgr.resolveNodePath(qPath) == null) {
            throw new PathNotFoundException("No such node " + str);
        }
    }

    public AccessControlPolicy[] getEffectivePolicies(Set<Principal> set) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException {
        return new AccessControlPolicy[0];
    }

    public Privilege[] getPrivileges(String str, Set<Principal> set) throws PathNotFoundException, AccessDeniedException, RepositoryException {
        return new Privilege[0];
    }

    public boolean isGranted(ItemId itemId, int i) throws ItemNotFoundException, RepositoryException {
        if (isSystemPrincipal() && deniedPathes.get() == null) {
            return true;
        }
        HashSet hashSet = new HashSet();
        if ((i & 1) == 1) {
            hashSet.add(getPrivilegeName("{http://www.jcp.org/jcr/1.0}read", this.workspaceName));
        }
        if ((i & 2) == 2) {
            if (itemId.denotesNode()) {
                hashSet.add(getPrivilegeName("{http://www.jcp.org/jcr/1.0}addChildNodes", this.workspaceName));
                hashSet.add(getPrivilegeName("{http://www.jcp.org/jcr/1.0}modifyProperties", this.workspaceName));
            } else {
                hashSet.add(getPrivilegeName("{http://www.jcp.org/jcr/1.0}modifyProperties", this.workspaceName));
            }
        }
        if ((i & 4) == 4) {
            hashSet.add(itemId.denotesNode() ? getPrivilegeName("{http://www.jcp.org/jcr/1.0}removeChildNodes", this.workspaceName) : getPrivilegeName("{http://www.jcp.org/jcr/1.0}removeNode", this.workspaceName));
        }
        return isGranted(this.hierMgr.getPath(itemId), hashSet);
    }

    public boolean isGranted(Path path, int i) throws RepositoryException {
        if (isSystemPrincipal() && deniedPathes.get() == null) {
            return true;
        }
        HashSet hashSet = new HashSet();
        Iterator<Privilege> it = this.privilegeRegistry.getPrivileges(i, this.workspaceName).iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getName());
        }
        return isGranted(path, hashSet);
    }

    public boolean isGranted(Path path, Set<String> set) throws RepositoryException {
        DefaultNamePathResolver defaultNamePathResolver;
        String jCRPath;
        Node parent;
        if (isSystemPrincipal() && deniedPathes.get() == null) {
            return true;
        }
        String obj = path.toString();
        if (set.size() == 1 && obj.equals("{}") && set.contains(getPrivilegeName("{http://www.jcp.org/jcr/1.0}read", this.workspaceName))) {
            return true;
        }
        boolean z = false;
        String str = obj + " : " + set;
        Boolean bool = this.pathPermissionCache.get(str);
        if (bool != null) {
            return bool.booleanValue();
        }
        try {
            defaultNamePathResolver = new DefaultNamePathResolver(new SessionNamespaceResolver(getSecuritySession()));
            jCRPath = defaultNamePathResolver.getJCRPath(path);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        if (deniedPathes.get() != null && deniedPathes.get().contains(jCRPath)) {
            this.pathPermissionCache.put(str, false);
            return false;
        }
        if (isSystemPrincipal()) {
            this.pathPermissionCache.put(str, true);
            return true;
        }
        Item item = null;
        Boolean bool2 = null;
        if (set.contains(getPrivilegeName("{http://www.jcp.org/jcr/1.0}write", this.workspaceName)) || set.contains(getPrivilegeName("{http://www.jcp.org/jcr/1.0}modifyProperties", this.workspaceName)) || set.contains(getPrivilegeName("{http://www.jcp.org/jcr/1.0}removeNode", this.workspaceName))) {
            bool2 = Boolean.valueOf(getSecuritySession().itemExists(jCRPath));
            if (bool2.booleanValue()) {
                item = getSecuritySession().getItem(jCRPath);
                if (item.isNode() && ((Node) item).isNodeType("jmix:systemNode")) {
                    this.pathPermissionCache.put(str, false);
                    return false;
                }
            }
        }
        if (set.size() != 1 || !set.contains(getPrivilegeName("{http://www.jcp.org/jcr/1.0}addChildNodes", this.workspaceName))) {
            if (bool2 == null) {
                bool2 = Boolean.valueOf(getSecuritySession().itemExists(jCRPath));
            }
            if (!bool2.booleanValue()) {
                this.pathPermissionCache.put(str, true);
                return true;
            }
        }
        if (this.jahiaPrincipal != null && isAdmin(this.jahiaPrincipal.getName(), 0)) {
            this.pathPermissionCache.put(str, true);
            return true;
        }
        int i = 1;
        if (bool2 == null) {
            bool2 = Boolean.valueOf(getSecuritySession().itemExists(jCRPath));
        }
        while (!bool2.booleanValue()) {
            int i2 = i;
            i++;
            jCRPath = defaultNamePathResolver.getJCRPath(path.getAncestor(i2));
            bool2 = Boolean.valueOf(getSecuritySession().itemExists(jCRPath));
        }
        if (item == null) {
            item = getSecuritySession().getItem(jCRPath);
        }
        if (item instanceof Version) {
            item = ((Version) item).getContainingHistory();
        }
        if (item instanceof VersionHistory) {
            PropertyIterator references = ((VersionHistory) item).getReferences();
            if (references.hasNext()) {
                item = references.nextProperty().getParent();
                jCRPath = item.getPath();
            }
        }
        if (item.isNode()) {
            parent = (Node) item;
        } else {
            parent = item.getParent();
            jCRPath = StringUtils.substringBeforeLast(jCRPath, Category.PATH_DELIMITER);
        }
        String substringAfterLast = StringUtils.substringAfterLast(jCRPath, Category.PATH_DELIMITER);
        if (substringAfterLast.startsWith("j:translation_")) {
            String substringAfter = StringUtils.substringAfter(substringAfterLast, "j:translation_");
            if (set.contains(getPrivilegeName("{http://www.jcp.org/jcr/1.0}modifyProperties", this.workspaceName))) {
                set.remove(getPrivilegeName("{http://www.jcp.org/jcr/1.0}modifyProperties", this.workspaceName));
                set.add(getPrivilegeName("{http://www.jcp.org/jcr/1.0}modifyProperties", this.workspaceName) + ObjectKeyInterface.KEY_SEPARATOR + substringAfter);
            }
        }
        if (set.contains(getPrivilegeName("{http://www.jcp.org/jcr/1.0}addChildNodes", this.workspaceName))) {
            String jCRName = defaultNamePathResolver.getJCRName(path.getName());
            if (jCRName.startsWith("j:translation_") && hasPrivileges(jCRPath + Category.PATH_DELIMITER + jCRName, new Privilege[]{privilegeFromName(getPrivilegeName("{http://www.jcp.org/jcr/1.0}modifyProperties", this.workspaceName))})) {
                return true;
            }
        }
        String name2 = parent.getPrimaryNodeType().getName();
        if (name2.equals("jnt:acl") || name2.equals("jnt:ace")) {
            if (set.contains(getPrivilegeName("{http://www.jcp.org/jcr/1.0}read", this.workspaceName))) {
                set.add(getPrivilegeName("{http://www.jcp.org/jcr/1.0}readAccessControl", this.workspaceName));
            }
            if (set.contains(getPrivilegeName("{http://www.jcp.org/jcr/1.0}modifyProperties", this.workspaceName))) {
                set.add(getPrivilegeName("{http://www.jcp.org/jcr/1.0}modifyAccessControl", this.workspaceName));
            }
        }
        String str2 = null;
        if (!jCRPath.startsWith(JahiaSitesBaseService.SITES_JCR_PATH)) {
            Node node = parent;
            while (!node.isNodeType("jnt:virtualsite")) {
                try {
                    node = node.getParent();
                } catch (ItemNotFoundException e2) {
                } catch (PathNotFoundException e3) {
                }
            }
            str2 = node.getName();
        } else if (jCRPath.length() > JahiaSitesBaseService.SITES_JCR_PATH.length() + 1) {
            str2 = StringUtils.substringBefore(jCRPath.substring(JahiaSitesBaseService.SITES_JCR_PATH.length() + 1), Category.PATH_DELIMITER);
        }
        z = recurseOnACPs(jCRPath, getSecuritySession(), set, str2);
        this.pathPermissionCache.put(obj + " : " + set, Boolean.valueOf(z));
        return z;
    }

    public boolean isGranted(Path path, Name name2, int i) throws RepositoryException {
        return isGranted(path, i);
    }

    public boolean canRead(Path path, ItemId itemId) throws RepositoryException {
        if (path != null) {
            return isGranted(path, 1);
        }
        if (itemId != null) {
            return isGranted(itemId, 1);
        }
        return false;
    }

    public boolean canAccess(String str) throws RepositoryException {
        return true;
    }

    private boolean recurseOnACPs(String str, Session session, Set<String> set, String str2) throws RepositoryException {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet(set);
        while (str.length() > 0) {
            CompiledAcl compiledAcl = this.compiledAcls.get(str);
            if (compiledAcl == null) {
                compiledAcl = new CompiledAcl();
                this.compiledAcls.put(str, compiledAcl);
                Node item = session.getItem(str);
                if (item.isNode()) {
                    Node node = item;
                    if (node.hasNode("j:acl")) {
                        Node node2 = node.getNode("j:acl");
                        NodeIterator nodes = node2.getNodes();
                        while (nodes.hasNext()) {
                            Node nextNode = nodes.nextNode();
                            String string = nextNode.getProperty("j:principal").getString();
                            if (matchUser(string, str2)) {
                                CompiledAce compiledAce = new CompiledAce();
                                compiledAcl.aces.add(compiledAce);
                                compiledAce.principal = string;
                                compiledAce.granted = !nextNode.getProperty("j:aceType").getString().equals("DENY");
                                if (nextNode.isNodeType("jnt:externalAce")) {
                                    for (Value value : nextNode.getProperty("j:roles").getValues()) {
                                        compiledAce.roles.add(value.getString() + Category.PATH_DELIMITER + nextNode.getProperty("j:externalPermissionsName").getString());
                                    }
                                } else {
                                    for (Value value2 : nextNode.getProperty("j:roles").getValues()) {
                                        compiledAce.roles.add(value2.getString());
                                    }
                                }
                            }
                        }
                        compiledAcl.broken = node2.hasProperty("j:inherit") && !node2.getProperty("j:inherit").getBoolean();
                    }
                }
            }
            for (CompiledAce compiledAce2 : compiledAcl.aces) {
                for (String str3 : compiledAce2.roles) {
                    String str4 = compiledAce2.principal + ":" + str3;
                    if (!hashSet.contains(str4)) {
                        hashSet.add(str4);
                        if (compiledAce2.granted && matchPermission(hashSet2, str3, session)) {
                            return true;
                        }
                    }
                }
            }
            if (compiledAcl.broken || Category.PATH_DELIMITER.equals(str)) {
                return false;
            }
            str = str.lastIndexOf(47) > 0 ? str.substring(0, str.lastIndexOf(47)) : Category.PATH_DELIMITER;
        }
        return false;
    }

    public Set<Privilege> getPermissionsInRole(String str, Session session) throws RepositoryException {
        if (this.privilegesInRole.containsKey(str)) {
            return this.privilegesInRole.get(str);
        }
        HashSet hashSet = new HashSet();
        try {
            Node node = this.securitySession.getNode("/roles/" + str);
            if (node.hasProperty("j:permissions")) {
                for (Value value : node.getProperty("j:permissions").getValues()) {
                    Node nodeByIdentifier = session.getNodeByIdentifier(value.getString());
                    try {
                        hashSet.add(this.privilegeRegistry.getPrivilege(nodeByIdentifier));
                    } catch (AccessControlException e) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Permission not available: " + nodeByIdentifier, e);
                        }
                    }
                }
            }
            this.privilegesInRole.put(node.getName(), hashSet);
        } catch (PathNotFoundException e2) {
        }
        return hashSet;
    }

    public boolean matchPermission(Set<String> set, String str, Session session) throws RepositoryException {
        Set<Privilege> permissionsInRole = getPermissionsInRole(str, session);
        if (logger.isDebugEnabled()) {
            logger.debug("Checking role {}", str);
        }
        for (Privilege privilege : permissionsInRole) {
            String name2 = privilege.getName();
            if (checkPrivilege(set, name2)) {
                return true;
            }
            if (this.isAliased && name2.contains("_live") && checkPrivilege(set, name2.replaceAll("_live", ObjectKeyInterface.KEY_SEPARATOR + this.workspaceName))) {
                return true;
            }
            for (Privilege privilege2 : privilege.getAggregatePrivileges()) {
                if (checkPrivilege(set, privilege2.getName())) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean checkPrivilege(Set<String> set, String str) {
        if (!set.contains(str)) {
            return false;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Found privilege {}", str);
        }
        set.remove(str);
        return set.isEmpty();
    }

    private boolean matchUser(String str, String str2) {
        String substring = str.substring(2);
        if (str.charAt(0) == 'u') {
            return (this.jahiaPrincipal.isGuest() && substring.equals("guest")) || substring.equals(this.jahiaPrincipal.getName());
        }
        if (str.charAt(0) != 'g') {
            return false;
        }
        if (substring.equals("guest")) {
            return true;
        }
        if (this.jahiaPrincipal.isGuest()) {
            return false;
        }
        if (isUserMemberOf(substring, str2)) {
            return true;
        }
        return this.globalGroupMembershipCheckActivated && isUserMemberOf(substring, null);
    }

    public boolean hasPrivileges(String str, Privilege[] privilegeArr) throws PathNotFoundException, RepositoryException {
        checkInitialized();
        checkValidNodePath(str);
        if (privilegeArr == null || privilegeArr.length == 0) {
            if (!logger.isDebugEnabled()) {
                return true;
            }
            logger.debug("No privileges passed -> allowed.");
            return true;
        }
        HashSet hashSet = new HashSet();
        for (Privilege privilege : privilegeArr) {
            hashSet.add(privilege.getName());
        }
        return isGranted(this.resolver.getQPath(str), hashSet);
    }

    public Privilege[] getPrivileges(String str) throws PathNotFoundException, RepositoryException {
        HashSet hashSet = new HashSet();
        if (isAdmin(this.jahiaPrincipal.getName(), 0)) {
            return getSupportedPrivileges(str);
        }
        Session securitySession = getSecuritySession();
        for (String str2 : getRoles(str)) {
            try {
                Node node = this.securitySession.getNode("/roles/" + str2);
                if (node.hasProperty("j:permissions")) {
                    for (Value value : node.getProperty("j:permissions").getValues()) {
                        Node nodeByIdentifier = securitySession.getNodeByIdentifier(value.getString());
                        try {
                            hashSet.add(this.privilegeRegistry.getPrivilege(nodeByIdentifier));
                        } catch (AccessControlException e) {
                            if (logger.isDebugEnabled()) {
                                logger.debug("Permission not available : " + nodeByIdentifier, e);
                            }
                        }
                    }
                }
            } catch (PathNotFoundException e2) {
                logger.warn("Role " + str2 + " is missing despite still being in use in path " + str + " (or parent). Please re-create it in the administration, remove all uses and then you can delete it !");
            }
        }
        return (Privilege[]) hashSet.toArray(new Privilege[hashSet.size()]);
    }

    public AccessControlPolicy[] getEffectivePolicies(String str) throws PathNotFoundException, AccessDeniedException, RepositoryException {
        return new AccessControlPolicy[0];
    }

    public void setAliased(boolean z) {
        this.isAliased = z;
    }

    public boolean isAdmin(String str, int i) {
        if (this.isAdmin != null) {
            return this.isAdmin.booleanValue();
        }
        if (JahiaLoginModule.GUEST.equals(str)) {
            return false;
        }
        JahiaUser lookupUser = this.userService.lookupUser(str);
        if (lookupUser != null) {
            Boolean valueOf = Boolean.valueOf(lookupUser.isAdminMember(i));
            this.isAdmin = valueOf;
            return valueOf.booleanValue();
        }
        Boolean bool = false;
        this.isAdmin = bool;
        return bool.booleanValue();
    }

    private boolean isUserMemberOf(String str, String str2) {
        if ("guest".equals(str)) {
            return true;
        }
        if (JahiaGroupManagerService.USERS_GROUPNAME.equals(str) && str2 == null && !"guest".equals(this.jahiaPrincipal.getName())) {
            return true;
        }
        int i = 0;
        if (str2 != null) {
            try {
                JahiaSite siteByKey = this.sitesService.getSiteByKey(str2);
                if (siteByKey != null) {
                    i = siteByKey.getID();
                }
            } catch (JahiaException e) {
                logger.error("Error while retrieving site key" + str2, e);
            }
        }
        JahiaGroup lookupGroup = this.groupService.lookupGroup(i, str);
        if (lookupGroup == null) {
            lookupGroup = this.groupService.lookupGroup(0, str);
        }
        return (this.jahiaUser == null || lookupGroup == null || !lookupGroup.isMember(this.jahiaUser)) ? false : true;
    }

    /* JADX WARN: Code restructure failed: missing block: B:55:0x01fa, code lost:
    
        return r0;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.util.Set<java.lang.String> getRoles(java.lang.String r5) throws javax.jcr.PathNotFoundException, javax.jcr.RepositoryException {
        /*
            Method dump skipped, instructions count: 507
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.jackrabbit.core.security.JahiaAccessManager.getRoles(java.lang.String):java.util.Set");
    }
}
