package org.nuxeo.ecm.core.storage.sql.coremodel;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.nuxeo.ecm.core.api.DocumentException;
import org.nuxeo.ecm.core.api.security.ACE;
import org.nuxeo.ecm.core.api.security.ACL;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.core.api.security.Access;
import org.nuxeo.ecm.core.api.security.SecurityConstants;
import org.nuxeo.ecm.core.api.security.impl.ACLImpl;
import org.nuxeo.ecm.core.api.security.impl.ACPImpl;
import org.nuxeo.ecm.core.model.Document;
import org.nuxeo.ecm.core.model.Property;
import org.nuxeo.ecm.core.model.Session;
import org.nuxeo.ecm.core.security.SecurityException;
import org.nuxeo.ecm.core.security.SecurityManager;
import org.nuxeo.ecm.core.storage.sql.ACLRow;

/* loaded from: input_file:lib/nuxeo-core-storage-sql-1.6.2-SNAPSHOT.jar:org/nuxeo/ecm/core/storage/sql/coremodel/SQLSecurityManager.class */
public class SQLSecurityManager implements SecurityManager {
    public ACP getACP(Document document) throws SecurityException {
        try {
            return aclRowsToACP((ACLRow[]) ((SQLDocument) document).getACLProperty().getValue());
        } catch (DocumentException e) {
            throw new SecurityException(e.getMessage(), e);
        }
    }

    public void setACP(Document document, ACP acp, boolean z) throws SecurityException {
        ACLRow[] updateAclRows;
        if (z || acp != null) {
            try {
                Property aCLProperty = ((SQLDocument) document).getACLProperty();
                if (z) {
                    updateAclRows = acp == null ? null : acpToAclRows(acp);
                } else {
                    updateAclRows = updateAclRows((ACLRow[]) aCLProperty.getValue(), acp);
                }
                aCLProperty.setValue(updateAclRows);
            } catch (DocumentException e) {
                throw new SecurityException(e.getMessage(), e);
            }
        }
    }

    public ACP getMergedACP(Document document) throws SecurityException {
        try {
            Document sourceDocument = document.isVersion() ? document.getSourceDocument() : document;
            if (sourceDocument == null) {
                return null;
            }
            ACP acp = getACP(sourceDocument);
            if (document.getParent() == null) {
                return acp;
            }
            ACL inheritedACLs = getInheritedACLs(document);
            if (acp == null) {
                if (inheritedACLs == null) {
                    return null;
                }
                acp = new ACPImpl();
            }
            if (inheritedACLs != null) {
                acp.addACL(inheritedACLs);
            }
            return acp;
        } catch (DocumentException e) {
            throw new SecurityException("Failed to get merged acp", e);
        }
    }

    public boolean checkPermission(Document document, String str, String str2) throws SecurityException {
        return getAccess(document, str, str2).toBoolean();
    }

    public Access getAccess(Document document, String str, String str2) throws SecurityException {
        ACP mergedACP = getMergedACP(document);
        return mergedACP == null ? Access.UNKNOWN : mergedACP.getAccess(str, str2);
    }

    public void invalidateCache(Session session) {
    }

    protected static ACP aclRowsToACP(ACLRow[] aCLRowArr) {
        ACPImpl aCPImpl = new ACPImpl();
        ACLImpl aCLImpl = null;
        String str = null;
        for (ACLRow aCLRow : aCLRowArr) {
            if (!aCLRow.name.equals(str)) {
                if (aCLImpl != null) {
                    aCPImpl.addACL(aCLImpl);
                }
                str = aCLRow.name;
                aCLImpl = new ACLImpl(str);
            }
            String str2 = aCLRow.user;
            if (str2 == null) {
                str2 = aCLRow.group;
            }
            aCLImpl.add(new ACE(str2, aCLRow.permission, aCLRow.grant));
        }
        if (aCLImpl != null) {
            aCPImpl.addACL(aCLImpl);
        }
        return aCPImpl;
    }

    protected static ACLRow[] acpToAclRows(ACP acp) {
        LinkedList linkedList = new LinkedList();
        for (ACL acl : acp.getACLs()) {
            String name = acl.getName();
            if (!name.equals("inherited")) {
                for (ACE ace : acl.getACEs()) {
                    addACLRow(linkedList, name, ace);
                }
            }
        }
        return (ACLRow[]) linkedList.toArray(new ACLRow[linkedList.size()]);
    }

    protected static ACLRow[] updateAclRows(ACLRow[] aCLRowArr, ACP acp) {
        LinkedList linkedList = new LinkedList();
        HashMap hashMap = new HashMap();
        for (ACL acl : acp.getACLs()) {
            String name = acl.getName();
            if (!"inherited".equals(name)) {
                hashMap.put(name, acl);
            }
        }
        List emptyList = Collections.emptyList();
        HashSet hashSet = null;
        String str = null;
        for (ACLRow aCLRow : aCLRowArr) {
            if (!aCLRow.name.equals(str)) {
                Iterator it = emptyList.iterator();
                while (it.hasNext()) {
                    addACLRow(linkedList, str, (ACE) it.next());
                }
                str = aCLRow.name;
                ACL acl2 = (ACL) hashMap.remove(str);
                emptyList = acl2 == null ? Collections.emptyList() : new LinkedList(Arrays.asList(acl2.getACEs()));
                hashSet = new HashSet();
                Iterator it2 = emptyList.iterator();
                while (it2.hasNext()) {
                    hashSet.add(getACEkey((ACE) it2.next()));
                }
            }
            if (!hashSet.contains(getACLrowKey(aCLRow))) {
                linkedList.add(new ACLRow(linkedList.size(), str, aCLRow.grant, aCLRow.permission, aCLRow.user, aCLRow.group));
            }
        }
        Iterator it3 = emptyList.iterator();
        while (it3.hasNext()) {
            addACLRow(linkedList, str, (ACE) it3.next());
        }
        for (ACL acl3 : hashMap.values()) {
            String name2 = acl3.getName();
            for (ACE ace : acl3.getACEs()) {
                addACLRow(linkedList, name2, ace);
            }
        }
        return (ACLRow[]) linkedList.toArray(new ACLRow[linkedList.size()]);
    }

    protected static String getACEkey(ACE ace) {
        return ace.getUsername() + '|' + ace.getPermission();
    }

    protected static String getACLrowKey(ACLRow aCLRow) {
        String str = aCLRow.user;
        if (str == null) {
            str = aCLRow.group;
        }
        return str + '|' + aCLRow.permission;
    }

    protected static void addACLRow(List<ACLRow> list, String str, ACE ace) {
        String username = ace.getUsername();
        if (username == null) {
            return;
        }
        list.add(new ACLRow(list.size(), str, ace.isGranted(), ace.getPermission(), username, null));
    }

    protected ACL getInheritedACLs(Document document) throws DocumentException {
        ACL acl = null;
        for (Document parent = document.getParent(); parent != null; parent = parent.getParent()) {
            ACP acp = getACP(parent);
            if (acp != null) {
                ACL mergedACLs = acp.getMergedACLs("inherited");
                if (acl == null) {
                    acl = mergedACLs;
                } else {
                    acl.addAll(mergedACLs);
                }
                if (acp.getAccess(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING) == Access.DENY) {
                    break;
                }
            }
        }
        return acl;
    }
}
