package org.jahia.services.content;

import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import org.apache.commons.lang.StringUtils;
import org.jahia.services.categories.Category;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jahia/services/content/RBACUtils.class */
public final class RBACUtils {
    private static final Logger logger = LoggerFactory.getLogger(RBACUtils.class);

    public static JCRNodeWrapper getOrCreatePermission(String str, JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
        JCRNodeWrapper orCreatePermission;
        JCRNodeWrapper mo171getNode;
        if (str == null || !str.startsWith("/permissions/")) {
            throw new IllegalArgumentException("Illegal value for the permission path: " + str);
        }
        String substringBeforeLast = StringUtils.substringBeforeLast(str, Category.PATH_DELIMITER);
        String substringAfterLast = StringUtils.substringAfterLast(str, Category.PATH_DELIMITER);
        try {
            orCreatePermission = jCRSessionWrapper.m201getNode(substringBeforeLast);
        } catch (PathNotFoundException e) {
            orCreatePermission = getOrCreatePermission(substringBeforeLast, jCRSessionWrapper);
        }
        if (orCreatePermission.hasNode(substringAfterLast)) {
            mo171getNode = orCreatePermission.mo171getNode(substringAfterLast);
        } else {
            jCRSessionWrapper.checkout(orCreatePermission);
            mo171getNode = orCreatePermission.m188addNode(substringAfterLast, "jnt:permission");
            logger.info("Added permission node {}", mo171getNode.getPath());
        }
        return mo171getNode;
    }

    public static JCRNodeWrapper getOrCreateRole(String str, JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
        JCRNodeWrapper mo171getNode;
        if (str == null || !str.startsWith("/roles/")) {
            throw new IllegalArgumentException("Illegal value for the role path: " + str);
        }
        String substringAfterLast = StringUtils.substringAfterLast(str, Category.PATH_DELIMITER);
        JCRNodeWrapper m201getNode = jCRSessionWrapper.m201getNode("/roles");
        if (m201getNode.hasNode(substringAfterLast)) {
            mo171getNode = m201getNode.mo171getNode(substringAfterLast);
        } else {
            jCRSessionWrapper.checkout(m201getNode);
            mo171getNode = m201getNode.m188addNode(substringAfterLast, "jnt:role");
            logger.info("Added role node {}", mo171getNode.getPath());
        }
        return mo171getNode;
    }

    public static boolean grantPermissionToRole(String str, String str2, JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
        if (str == null || !str.startsWith("/permissions/")) {
            throw new IllegalArgumentException("Illegal value for the permission path: " + str);
        }
        if (str2 == null || str2.length() == 0) {
            throw new IllegalArgumentException("Illegal value for the role: " + str2);
        }
        boolean z = true;
        JCRNodeWrapper m201getNode = jCRSessionWrapper.m201getNode(str);
        String identifier = m201getNode.getIdentifier();
        JCRNodeWrapper m201getNode2 = jCRSessionWrapper.m201getNode(str2.contains(Category.PATH_DELIMITER) ? str2 : "/roles/" + str2);
        if (m201getNode2.hasProperty("j:permissions")) {
            Value[] values = m201getNode2.mo236getProperty("j:permissions").getValues();
            boolean z2 = false;
            int length = values.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (identifier.equals(values[i].getString())) {
                    z2 = true;
                    break;
                }
                i++;
            }
            if (z2) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Role {} already has permission {} granted", m201getNode2.getPath(), m201getNode.getPath());
                }
                z = false;
            } else {
                Value[] valueArr = new Value[values.length + 1];
                System.arraycopy(values, 0, valueArr, 0, values.length);
                valueArr[values.length] = jCRSessionWrapper.getValueFactory().createValue(m201getNode, true);
                m201getNode2.m250setProperty("j:permissions", valueArr);
                logger.info("Granted permission {} to role {}", m201getNode.getPath(), m201getNode2.getPath());
            }
        } else {
            m201getNode2.m250setProperty("j:permissions", new Value[]{jCRSessionWrapper.getValueFactory().createValue(m201getNode, true)});
            logger.info("Granted permission {} to role {}", m201getNode.getPath(), m201getNode2.getPath());
        }
        return z;
    }

    public static boolean hasPermission(String str, String str2, JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
        Value[] values;
        if (str2 == null || !str2.startsWith("/permissions/")) {
            throw new IllegalArgumentException("Illegal value for the permission path: " + str2);
        }
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Illegal value for the role: " + str);
        }
        String identifier = jCRSessionWrapper.m201getNode(str2).getIdentifier();
        JCRNodeWrapper m201getNode = jCRSessionWrapper.m201getNode(str.contains(Category.PATH_DELIMITER) ? str : "/roles/" + str);
        if (!m201getNode.hasProperty("j:permissions") || (values = m201getNode.mo236getProperty("j:permissions").getValues()) == null || values.length == 0) {
            return false;
        }
        boolean z = false;
        int length = values.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (StringUtils.equals(identifier, values[i].getString())) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    public static boolean revokePermissionFromRole(String str, String str2, JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
        Value[] values;
        if (str == null || !str.startsWith("/permissions/")) {
            throw new IllegalArgumentException("Illegal value for the permission path: " + str);
        }
        if (str2 == null || str2.length() == 0) {
            throw new IllegalArgumentException("Illegal value for the role: " + str2);
        }
        boolean z = false;
        JCRNodeWrapper m201getNode = jCRSessionWrapper.m201getNode(str);
        String identifier = m201getNode.getIdentifier();
        JCRNodeWrapper m201getNode2 = jCRSessionWrapper.m201getNode(str2.contains(Category.PATH_DELIMITER) ? str2 : "/roles/" + str2);
        if (!m201getNode2.hasProperty("j:permissions") || (values = m201getNode2.mo236getProperty("j:permissions").getValues()) == null || values.length == 0) {
            return false;
        }
        LinkedList linkedList = new LinkedList();
        Collections.addAll(linkedList, values);
        boolean z2 = false;
        Iterator it = linkedList.iterator();
        while (it.hasNext()) {
            if (StringUtils.equals(identifier, ((Value) it.next()).getString())) {
                z2 = true;
                it.remove();
            }
        }
        if (z2) {
            z = true;
            if (linkedList.isEmpty()) {
                m201getNode2.m250setProperty("j:permissions", (Value[]) null);
            } else {
                m201getNode2.m250setProperty("j:permissions", (Value[]) linkedList.toArray(new Value[0]));
            }
            logger.info("Revoked permission {} from role {}", m201getNode.getPath(), m201getNode2.getPath());
        }
        return z;
    }

    private RBACUtils() {
    }
}
