package io.uhndata.cards.permissions.internal;

import io.uhndata.cards.permissions.spi.PermissionsManager;
import java.security.Principal;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.osgi.service.component.annotations.Component;

@Component(service = {PermissionsManager.class})
/* loaded from: input_file:io/uhndata/cards/permissions/internal/PermissionsManagerService.class */
public class PermissionsManagerService implements PermissionsManager {
    @Override // io.uhndata.cards.permissions.spi.PermissionsManager
    public void addAccessControlEntry(String str, boolean z, Principal principal, String[] strArr, Map<String, Value> map, Session session) throws RepositoryException {
        addAccessControlEntry(str, z, principal, parsePrivileges(strArr, session.getAccessControlManager()), map, session);
    }

    @Override // io.uhndata.cards.permissions.spi.PermissionsManager
    public void addAccessControlEntry(String str, boolean z, Principal principal, Privilege[] privilegeArr, Map<String, Value> map, Session session) throws RepositoryException {
        AccessControlManager accessControlManager = session.getAccessControlManager();
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, str);
        if (accessControlList != null) {
            accessControlList.addEntry(principal, privilegeArr, z, map);
            accessControlManager.setPolicy(str, accessControlList);
        }
    }

    @Override // io.uhndata.cards.permissions.spi.PermissionsManager
    public void removeAccessControlEntry(String str, boolean z, Principal principal, String[] strArr, Map<String, Value> map, Session session) throws RepositoryException {
        removeAccessControlEntry(str, z, principal, parsePrivileges(strArr, session.getAccessControlManager()), map, session);
    }

    @Override // io.uhndata.cards.permissions.spi.PermissionsManager
    public void removeAccessControlEntry(String str, boolean z, Principal principal, Privilege[] privilegeArr, Map<String, Value> map, Session session) throws RepositoryException {
        AccessControlManager accessControlManager = session.getAccessControlManager();
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, str);
        if (accessControlList != null) {
            JackrabbitAccessControlEntry[] accessControlEntries = accessControlList.getAccessControlEntries();
            JackrabbitAccessControlEntry jackrabbitAccessControlEntry = null;
            int length = accessControlEntries.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                JackrabbitAccessControlEntry jackrabbitAccessControlEntry2 = accessControlEntries[i];
                if (entryHasDetails(jackrabbitAccessControlEntry2, z, principal, privilegeArr, map)) {
                    jackrabbitAccessControlEntry = jackrabbitAccessControlEntry2;
                    break;
                }
                i++;
            }
            if (jackrabbitAccessControlEntry == null) {
                throw new RepositoryException("Target ACL does not exist");
            }
            accessControlList.removeAccessControlEntry(jackrabbitAccessControlEntry);
            accessControlManager.setPolicy(str, accessControlList);
        }
    }

    private boolean entryHasDetails(JackrabbitAccessControlEntry jackrabbitAccessControlEntry, boolean z, Principal principal, Privilege[] privilegeArr, Map<String, Value> map) throws RepositoryException {
        return jackrabbitAccessControlEntry.isAllow() == z && jackrabbitAccessControlEntry.getPrincipal().equals(principal) && entryHasPrivileges(jackrabbitAccessControlEntry, privilegeArr) && entryHasRestrictions(jackrabbitAccessControlEntry, map);
    }

    private boolean entryHasPrivileges(JackrabbitAccessControlEntry jackrabbitAccessControlEntry, Privilege[] privilegeArr) {
        List asList = Arrays.asList(jackrabbitAccessControlEntry.getPrivileges());
        if (asList.size() != privilegeArr.length) {
            return false;
        }
        for (Privilege privilege : privilegeArr) {
            if (!asList.contains(privilege)) {
                return false;
            }
        }
        return true;
    }

    private boolean entryHasRestrictions(JackrabbitAccessControlEntry jackrabbitAccessControlEntry, Map<String, Value> map) throws RepositoryException {
        String[] restrictionNames = jackrabbitAccessControlEntry.getRestrictionNames();
        if (restrictionNames.length != map.size()) {
            return false;
        }
        for (String str : restrictionNames) {
            if (!map.containsKey(str) || !jackrabbitAccessControlEntry.getRestriction(str).equals(map.get(str))) {
                return false;
            }
        }
        return true;
    }

    private static Privilege[] parsePrivileges(String[] strArr, AccessControlManager accessControlManager) throws AccessControlException, RepositoryException {
        Privilege[] privilegeArr = new Privilege[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            privilegeArr[i] = accessControlManager.privilegeFromName(strArr[i]);
        }
        return privilegeArr;
    }
}
