package com.atlassian.bamboo.security.acegi.acls;

import com.atlassian.bamboo.user.Authority;
import com.google.common.collect.ImmutableList;
import java.io.Serializable;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import org.acegisecurity.acls.AccessControlEntry;
import org.acegisecurity.acls.Acl;
import org.acegisecurity.acls.MutableAcl;
import org.acegisecurity.acls.NotFoundException;
import org.acegisecurity.acls.Permission;
import org.acegisecurity.acls.UnloadedSidException;
import org.acegisecurity.acls.domain.AclAuthorizationStrategy;
import org.acegisecurity.acls.objectidentity.ObjectIdentity;
import org.acegisecurity.acls.sid.GrantedAuthoritySid;
import org.acegisecurity.acls.sid.Sid;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.util.Assert;

/* loaded from: input_file:com/atlassian/bamboo/security/acegi/acls/ImmutableAcl.class */
public final class ImmutableAcl implements Acl {

    @Deprecated
    static final ImmutableAcl NULL_ACL = new ImmutableAcl(null, null, null, null, false, Collections.emptyList(), null, null);
    private final ObjectIdentity oid;
    private final Serializable id;
    private final Sid owner;
    private final Acl parent;
    private final boolean entriesInheriting;
    private final Collection<AccessControlEntry> entries;
    private final LoadedSidValidator loadedSids;
    private final AclAuthorizationStrategy aclAuthorizationStrategy;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/bamboo/security/acegi/acls/ImmutableAcl$LoadedSidValidator.class */
    public static abstract class LoadedSidValidator {
        static final LoadedSidValidator NOT_LOADED = new LoadedSidValidator() { // from class: com.atlassian.bamboo.security.acegi.acls.ImmutableAcl.LoadedSidValidator.1
            @Override // com.atlassian.bamboo.security.acegi.acls.ImmutableAcl.LoadedSidValidator
            boolean isSidLoaded(Sid[] sidArr) {
                return true;
            }

            @Override // com.atlassian.bamboo.security.acegi.acls.ImmutableAcl.LoadedSidValidator
            @Nullable
            public Sid[] entries() {
                return null;
            }
        };

        LoadedSidValidator() {
        }

        static LoadedSidValidator get(final Sid[] sidArr) {
            return sidArr == null ? NOT_LOADED : new LoadedSidValidator() { // from class: com.atlassian.bamboo.security.acegi.acls.ImmutableAcl.LoadedSidValidator.2
                private final Collection<Sid> loadedSids;

                {
                    this.loadedSids = Arrays.asList(sidArr);
                }

                @Override // com.atlassian.bamboo.security.acegi.acls.ImmutableAcl.LoadedSidValidator
                boolean isSidLoaded(Sid[] sidArr2) {
                    return this.loadedSids.containsAll(Arrays.asList(sidArr2));
                }

                @Override // com.atlassian.bamboo.security.acegi.acls.ImmutableAcl.LoadedSidValidator
                Sid[] entries() {
                    return sidArr;
                }
            };
        }

        @Nullable
        abstract Sid[] entries();

        abstract boolean isSidLoaded(Sid[] sidArr);
    }

    @Nullable
    public static ImmutableAcl copyOf(Acl acl) {
        Sid[] sidArr;
        AclAuthorizationStrategy aclAuthorizationStrategy;
        if (acl == null) {
            return null;
        }
        if (acl instanceof ImmutableAcl) {
            return (ImmutableAcl) acl;
        }
        ObjectIdentity objectIdentity = acl.getObjectIdentity();
        Sid owner = acl.getOwner();
        Acl parentAcl = acl.getParentAcl();
        boolean isEntriesInheriting = acl.isEntriesInheriting();
        ImmutableList copyOf = ImmutableList.copyOf(acl.getEntries());
        Serializable id = acl instanceof MutableAcl ? ((MutableAcl) acl).getId() : null;
        if (acl instanceof HibernateAclImpl) {
            HibernateAclImpl hibernateAclImpl = (HibernateAclImpl) acl;
            sidArr = hibernateAclImpl.getLoadedSids();
            aclAuthorizationStrategy = hibernateAclImpl.getAclAuthorizationStrategy();
        } else {
            sidArr = null;
            aclAuthorizationStrategy = null;
        }
        return new ImmutableAcl(objectIdentity, id, owner, parentAcl, isEntriesInheriting, copyOf, sidArr, aclAuthorizationStrategy);
    }

    @Deprecated
    @NotNull
    public static ImmutableAcl notNullcopyOf(@Nullable Acl acl) {
        return acl == null ? NULL_ACL : copyOf(acl);
    }

    ImmutableAcl(ObjectIdentity objectIdentity, Serializable serializable, Sid sid, Acl acl, boolean z, Collection<AccessControlEntry> collection, Sid[] sidArr, AclAuthorizationStrategy aclAuthorizationStrategy) {
        this.oid = objectIdentity;
        this.id = serializable;
        this.owner = sid;
        this.parent = copyOf(acl);
        this.entriesInheriting = z;
        this.entries = ImmutableList.copyOf(collection);
        this.loadedSids = LoadedSidValidator.get(sidArr);
        this.aclAuthorizationStrategy = aclAuthorizationStrategy;
    }

    public ObjectIdentity getObjectIdentity() {
        return this.oid;
    }

    public Sid getOwner() {
        return this.owner;
    }

    public Acl getParentAcl() {
        return this.parent;
    }

    public boolean isEntriesInheriting() {
        return this.entriesInheriting;
    }

    public AccessControlEntry[] getEntries() {
        return (AccessControlEntry[]) this.entries.toArray(new AccessControlEntry[this.entries.size()]);
    }

    public boolean isGranted(Permission[] permissionArr, Sid[] sidArr, boolean z) throws NotFoundException, UnloadedSidException {
        Assert.notEmpty(permissionArr, "Permissions required");
        Assert.notEmpty(sidArr, "SIDs required");
        if (!isSidLoaded(sidArr)) {
            throw new UnloadedSidException("ACL was not loaded for one or more SID");
        }
        AccessControlEntry accessControlEntry = null;
        for (Permission permission : permissionArr) {
            for (Sid sid : sidArr) {
                if (permission.equals(BambooPermission.CLONE) && (sid instanceof GrantedAuthoritySid) && ((GrantedAuthoritySid) sid).getGrantedAuthority().equals(Authority.RESTRICTED_ADMIN.getAuthority())) {
                    return true;
                }
                Iterator<AccessControlEntry> it = this.entries.iterator();
                boolean z2 = true;
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    AccessControlEntry next = it.next();
                    if (next.getPermission().getMask() == permission.getMask() && next.getSid().equals(sid)) {
                        if (next.isGranting()) {
                            return true;
                        }
                        if (accessControlEntry == null) {
                            accessControlEntry = next;
                        }
                        z2 = false;
                    }
                }
                if (!z2) {
                    break;
                }
            }
        }
        if (accessControlEntry != null) {
            return false;
        }
        if (!isEntriesInheriting() || this.parent == null) {
            throw new NotFoundException("Unable to locate a matching ACE for passed permissions and SIDs");
        }
        return this.parent.isGranted(permissionArr, sidArr, false);
    }

    public boolean isSidLoaded(Sid[] sidArr) {
        return this.loadedSids.isSidLoaded(sidArr);
    }
}
