package com.adobe.acs.commons.users.impl;

import com.adobe.acs.commons.forms.helpers.impl.PostRedirectGetWithCookiesFormHelperImpl;
import com.adobe.acs.commons.util.ParameterUtil;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/acs/commons/users/impl/Ace.class */
public final class Ace {
    private static final Logger log = LoggerFactory.getLogger(Ace.class);
    private static final String PARAM_DELIMITER = ";";
    private static final String KEY_VALUE_SEPARATOR = "=";
    private static final String LIST_SEPARATOR = ",";
    private static final String PROP_TYPE = "type";
    private static final String PROP_PATH = "path";
    private static final String PROP_PRIVILEGES = "privileges";
    private static final String PROP_REP_GLOB = "rep:glob";
    private static final String PROP_REP_NT_NAMES = "rep:ntNames";
    private static final String PROP_REP_ITEM_NAMES = "rep:itemNames";
    private static final String PROP_REP_PREFIXES = "rep:prefixes";
    private String type;
    private String path;
    private String repGlob;
    private List<String> repNtNames = new ArrayList();
    private List<String> repItemNames = new ArrayList();
    private List<String> repPrefixes = new ArrayList();
    private final List<String> privilegeNames = new ArrayList();
    private boolean exists = false;

    public Ace(String str) throws EnsureAuthorizableException {
        this.repGlob = null;
        for (String str2 : StringUtils.split(str, PARAM_DELIMITER)) {
            Map.Entry<String, String> mapEntry = ParameterUtil.toMapEntry(str2, KEY_VALUE_SEPARATOR);
            if (mapEntry != null) {
                if (StringUtils.equals("type", mapEntry.getKey())) {
                    this.type = StringUtils.stripToNull(mapEntry.getValue());
                } else if (StringUtils.equals("path", mapEntry.getKey())) {
                    this.path = StringUtils.stripToNull(mapEntry.getValue());
                } else if (StringUtils.equals(PROP_REP_GLOB, mapEntry.getKey())) {
                    this.repGlob = StringUtils.stripToEmpty(mapEntry.getValue());
                } else if (StringUtils.equals(PROP_REP_NT_NAMES, mapEntry.getKey())) {
                    this.repNtNames.addAll(Arrays.asList(StringUtils.split(StringUtils.stripToEmpty(mapEntry.getValue()), ",")));
                } else if (StringUtils.equals(PROP_REP_ITEM_NAMES, mapEntry.getKey())) {
                    this.repItemNames.addAll(Arrays.asList(StringUtils.split(StringUtils.stripToEmpty(mapEntry.getValue()), ",")));
                } else if (StringUtils.equals(PROP_REP_PREFIXES, mapEntry.getKey())) {
                    this.repPrefixes.addAll(Arrays.asList(StringUtils.split(StringUtils.stripToEmpty(mapEntry.getValue()), ",")));
                } else if (StringUtils.equals(PROP_PRIVILEGES, mapEntry.getKey())) {
                    for (String str3 : StringUtils.split(mapEntry.getValue(), ",")) {
                        String stripToNull = StringUtils.stripToNull(str3);
                        if (stripToNull != null) {
                            this.privilegeNames.add(stripToNull);
                        }
                    }
                }
            }
        }
        validate(this.type, this.path, this.privilegeNames);
    }

    protected void validate(String str, String str2, List<String> list) throws EnsureAuthorizableException {
        if (!ArrayUtils.contains(new String[]{"allow", "deny"}, str)) {
            throw new EnsureAuthorizableException("Ensure Service User requires valid type. [ " + str + " ] type is invalid");
        }
        if (!StringUtils.startsWith(str2, PostRedirectGetWithCookiesFormHelperImpl.ROOT_COOKIE_PATH)) {
            throw new EnsureAuthorizableException("Ensure Service User requires an absolute path. [ " + str2 + " ] path is invalid");
        }
        if (list.size() < 1) {
            throw new EnsureAuthorizableException("Ensure Service User requires at least 1 privilege to apply.");
        }
    }

    public boolean isAllow() {
        return StringUtils.equals("allow", this.type);
    }

    public String getContentPath() {
        return this.path;
    }

    public List<String> getPrivilegeNames() {
        return this.privilegeNames;
    }

    public List<Privilege> getPrivileges(AccessControlManager accessControlManager) {
        ArrayList arrayList = new ArrayList();
        for (String str : getPrivilegeNames()) {
            try {
                arrayList.add(accessControlManager.privilegeFromName(str));
            } catch (RepositoryException e) {
                log.error("Unable to convert provided privilege name [ {} ] to a JCR Privilege. Skipping...", str);
            }
        }
        return arrayList;
    }

    public void setExists(boolean z) {
        this.exists = z;
    }

    public boolean isExists() {
        return this.exists;
    }

    public String getRepGlob() {
        return this.repGlob;
    }

    public boolean hasRepGlob() {
        return getRepGlob() != null;
    }

    public List<String> getRepNtNames() {
        return this.repNtNames;
    }

    public boolean hasRepNtNames() {
        return !getRepNtNames().isEmpty();
    }

    public List<String> getRepItemNames() {
        return this.repItemNames;
    }

    public boolean hasRepItemNames() {
        return !getRepItemNames().isEmpty();
    }

    public List<String> getRepPrefixes() {
        return this.repPrefixes;
    }

    public boolean hasRepPrefixes() {
        return !getRepPrefixes().isEmpty();
    }

    public boolean isSameAs(JackrabbitAccessControlEntry jackrabbitAccessControlEntry) throws RepositoryException {
        return jackrabbitAccessControlEntry.isAllow() == isAllow() && CollectionUtils.isEqualCollection(Arrays.asList(AccessControlUtils.namesFromPrivileges(jackrabbitAccessControlEntry.getPrivileges())), getPrivilegeNames()) && isRestrictionValid(hasRepGlob(), jackrabbitAccessControlEntry.getRestrictions(PROP_REP_GLOB), Arrays.asList(getRepGlob())) && isRestrictionValid(hasRepNtNames(), jackrabbitAccessControlEntry.getRestrictions(PROP_REP_NT_NAMES), getRepNtNames()) && isRestrictionValid(hasRepItemNames(), jackrabbitAccessControlEntry.getRestrictions(PROP_REP_ITEM_NAMES), getRepItemNames()) && isRestrictionValid(hasRepPrefixes(), jackrabbitAccessControlEntry.getRestrictions(PROP_REP_PREFIXES), getRepPrefixes());
    }

    private boolean isRestrictionValid(boolean z, Value[] valueArr, List<String> list) {
        ArrayList arrayList = new ArrayList();
        if (z && valueArr == null) {
            return false;
        }
        if (!z && valueArr != null) {
            return false;
        }
        if (!z || valueArr == null) {
            return true;
        }
        for (Value value : valueArr) {
            arrayList.add(value.toString());
        }
        return CollectionUtils.isEqualCollection(arrayList, list);
    }
}
