package org.exoplatform.services.jcr.access;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.jcr.RepositoryException;
import org.exoplatform.services.ext.action.InvocationContext;
import org.exoplatform.services.jcr.config.RepositoryEntry;
import org.exoplatform.services.jcr.config.SimpleParameterEntry;
import org.exoplatform.services.jcr.config.WorkspaceEntry;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.exoplatform.services.security.Identity;

/* loaded from: input_file:APP-INF/lib/exo.jcr.component.core-1.14.6-GA.jar:org/exoplatform/services/jcr/access/AccessManager.class */
public abstract class AccessManager {
    protected final Map<String, String> parameters = new HashMap();
    protected static Log log = ExoLogger.getLogger("exo.jcr.component.core.AccessManager");
    private static ThreadLocal<InvocationContext> contextHolder = new ThreadLocal<>();

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessManager(RepositoryEntry repositoryEntry, WorkspaceEntry workspaceEntry) throws RepositoryException {
        if (workspaceEntry == null || workspaceEntry.getAccessManager() == null) {
            return;
        }
        for (SimpleParameterEntry simpleParameterEntry : workspaceEntry.getAccessManager().getParameters()) {
            this.parameters.put(simpleParameterEntry.getName(), simpleParameterEntry.getValue());
        }
    }

    protected final InvocationContext context() {
        return contextHolder.get();
    }

    public final void setContext(InvocationContext invocationContext) {
        contextHolder.set(invocationContext);
    }

    public final boolean hasPermission(AccessControlList accessControlList, String str, Identity identity) throws RepositoryException {
        return hasPermission(accessControlList, parseStringPermissions(str), identity);
    }

    public boolean hasPermission(AccessControlList accessControlList, String[] strArr, Identity identity) {
        String userId = identity.getUserId();
        if (userId.equals(SystemIdentity.SYSTEM) || userId.equals(accessControlList.getOwner())) {
            return true;
        }
        if (userId.equals(SystemIdentity.ANONIM)) {
            List<String> permissions = accessControlList.getPermissions(SystemIdentity.ANY);
            if (permissions.size() < strArr.length) {
                return false;
            }
            for (String str : strArr) {
                if (!permissions.contains(str)) {
                    return false;
                }
            }
            return true;
        }
        if (accessControlList.getPermissionsSize() <= 0 || strArr.length <= 0) {
            return false;
        }
        for (String str2 : strArr) {
            if (!isPermissionMatch(accessControlList.getPermissionsList(), str2, identity)) {
                return false;
            }
        }
        return true;
    }

    private String[] parseStringPermissions(String str) throws RepositoryException {
        ArrayList arrayList = new ArrayList();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (!"read".equals(nextToken) && !PermissionType.ADD_NODE.equals(nextToken) && !PermissionType.REMOVE.equals(nextToken) && !PermissionType.SET_PROPERTY.equals(nextToken)) {
                throw new RepositoryException("Unknown permission entry " + nextToken);
            }
            arrayList.add(nextToken);
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private boolean isPermissionMatch(List<AccessControlEntry> list, String str, Identity identity) {
        int size = list.size();
        for (int i = 0; i < size; i++) {
            AccessControlEntry accessControlEntry = list.get(i);
            if (accessControlEntry.getPermission().equals(str)) {
                if (accessControlEntry.getIdentity().equals(SystemIdentity.ANY)) {
                    return true;
                }
                if (accessControlEntry.getIdentity().indexOf(":") == -1) {
                    if (accessControlEntry.getIdentity().equals(identity.getUserId())) {
                        return true;
                    }
                } else if (identity.isMemberOf(accessControlEntry.getMembershipEntry())) {
                    return true;
                }
            }
        }
        return false;
    }
}
