package org.apache.slide.security;

import java.util.Enumeration;
import java.util.Vector;
import org.apache.slide.common.Namespace;
import org.apache.slide.common.NamespaceConfig;
import org.apache.slide.common.ServiceAccessException;
import org.apache.slide.common.SlideToken;
import org.apache.slide.common.Uri;
import org.apache.slide.content.NodeProperty;
import org.apache.slide.content.NodeRevisionNumber;
import org.apache.slide.content.RevisionDescriptorNotFoundException;
import org.apache.slide.structure.ActionNode;
import org.apache.slide.structure.ObjectNode;
import org.apache.slide.structure.ObjectNotFoundException;
import org.apache.slide.structure.SubjectNode;
import org.apache.slide.util.XMLValue;
import org.apache.slide.webdav.util.AclConstants;
import org.jdom.JDOMException;

/* loaded from: input_file:WEB-INF/lib/slide-kernel-2.1.jar:org/apache/slide/security/ACLSecurityImpl.class */
public class ACLSecurityImpl extends SecurityImpl {
    private static final String LOG_CHANNEL;
    private static final Vector EMPTY_VECTOR;
    static Class class$org$apache$slide$security$ACLSecurityImpl;

    public ACLSecurityImpl() {
    }

    public ACLSecurityImpl(Namespace namespace, NamespaceConfig namespaceConfig) {
        super(namespace, namespaceConfig);
    }

    @Override // org.apache.slide.security.SecurityImpl, org.apache.slide.security.Security
    public void init(Namespace namespace, NamespaceConfig namespaceConfig) {
        super.init(namespace, namespaceConfig);
    }

    @Override // org.apache.slide.security.SecurityImpl, org.apache.slide.security.Security
    public boolean hasPermission(ObjectNode objectNode, SubjectNode subjectNode, ActionNode actionNode) throws ServiceAccessException, ObjectNotFoundException {
        throw new UnsupportedOperationException("Please use alternate signature: hasPermission(SlideToken token, ObjectNode object, ActionNode action)");
    }

    @Override // org.apache.slide.security.SecurityImpl, org.apache.slide.security.Security
    public boolean hasPermission(SlideToken slideToken, ObjectNode objectNode, ActionNode actionNode) throws ServiceAccessException, ObjectNotFoundException {
        if (this.logger.isEnabled(LOG_CHANNEL, 7)) {
            try {
                this.logger.log(new StringBuffer().append("@@@ check object=").append(objectNode).append(", subject=").append(getPrincipal(slideToken)).append(", action=").append(actionNode).toString(), LOG_CHANNEL, 7);
            } catch (ObjectNotFoundException e) {
            }
        }
        if (actionNode == this.namespaceConfig.getDefaultAction()) {
            return true;
        }
        return evaluateAcl(slideToken, objectNode, actionNode, enumeratePermissions(slideToken, objectNode, true));
    }

    @Override // org.apache.slide.security.SecurityImpl, org.apache.slide.security.Security
    public boolean hasRole(SlideToken slideToken, String str) throws ServiceAccessException, ObjectNotFoundException {
        return hasRole(slideToken, (SubjectNode) getPrincipal(slideToken), str);
    }

    public boolean hasRole(SlideToken slideToken, SubjectNode subjectNode, String str) throws ServiceAccessException, ObjectNotFoundException {
        SubjectNode subjectNode2 = null;
        if (this.namespaceConfig.getRolesPath() != null && this.namespaceConfig.getRolesPath().length() != 0) {
            subjectNode2 = SubjectNode.getSubjectNode(new StringBuffer().append(this.namespaceConfig.getRolesPath()).append("/").append(str).toString());
        }
        if (subjectNode2 != null && matchPrincipal(slideToken, subjectNode, subjectNode2)) {
            return true;
        }
        SubjectNode subjectNode3 = null;
        if (this.namespaceConfig.getGroupsPath() != null && this.namespaceConfig.getGroupsPath().length() != 0) {
            subjectNode3 = SubjectNode.getSubjectNode(new StringBuffer().append(this.namespaceConfig.getGroupsPath()).append("/").append(str).toString());
        }
        return subjectNode3 != null && matchPrincipal(slideToken, subjectNode, subjectNode3);
    }

    @Override // org.apache.slide.security.SecurityImpl, org.apache.slide.security.Security
    public boolean hasRole(ObjectNode objectNode, String str) throws ServiceAccessException, ObjectNotFoundException {
        throw new UnsupportedOperationException("Please use alternate signature: hasRole(SlideToken token, String role)");
    }

    @Override // org.apache.slide.security.SecurityImpl, org.apache.slide.security.Security
    public Enumeration getRoles(SlideToken slideToken) throws ServiceAccessException, ObjectNotFoundException {
        return getRoles(slideToken, (SubjectNode) getPrincipal(slideToken));
    }

    @Override // org.apache.slide.security.SecurityImpl, org.apache.slide.security.Security
    public Enumeration getRoles(SlideToken slideToken, SubjectNode subjectNode) throws ServiceAccessException, ObjectNotFoundException {
        Uri uri = this.namespace.getUri(slideToken, subjectNode.getUri());
        uri.getStore().retrieveObject(uri);
        Vector vector = new Vector();
        ObjectNode objectNode = null;
        if (this.namespaceConfig.getRolesPath() != null && this.namespaceConfig.getRolesPath().length() != 0) {
            Uri uri2 = this.namespace.getUri(slideToken, this.namespaceConfig.getRolesPath());
            try {
                objectNode = uri2.getStore().retrieveObject(uri2);
            } catch (ObjectNotFoundException e) {
            }
            if (objectNode != null) {
                Enumeration enumerateBindings = objectNode.enumerateBindings();
                while (enumerateBindings.hasMoreElements()) {
                    String name = ((ObjectNode.Binding) enumerateBindings.nextElement()).getName();
                    if (hasRole(slideToken, subjectNode, name)) {
                        vector.add(name);
                    }
                }
            }
        }
        if (this.namespaceConfig.getGroupsPath() != null && this.namespaceConfig.getGroupsPath().length() != 0) {
            Uri uri3 = this.namespace.getUri(slideToken, this.namespaceConfig.getGroupsPath());
            ObjectNode retrieveObject = uri3.getStore().retrieveObject(uri3);
            if (retrieveObject != null) {
                Enumeration enumerateBindings2 = retrieveObject.enumerateBindings();
                while (enumerateBindings2.hasMoreElements()) {
                    String name2 = ((ObjectNode.Binding) enumerateBindings2.nextElement()).getName();
                    if (hasRole(slideToken, subjectNode, name2)) {
                        vector.add(name2);
                    }
                }
            }
        }
        return vector.elements();
    }

    public Enumeration getGroupMembership(SlideToken slideToken, SubjectNode subjectNode) throws ServiceAccessException, ObjectNotFoundException {
        Uri uri = this.namespace.getUri(slideToken, subjectNode.getUri());
        uri.getStore().retrieveObject(uri);
        Vector vector = new Vector();
        ObjectNode objectNode = null;
        if (this.namespaceConfig.getRolesPath() != null && this.namespaceConfig.getRolesPath().length() != 0) {
            Uri uri2 = this.namespace.getUri(slideToken, this.namespaceConfig.getRolesPath());
            try {
                objectNode = uri2.getStore().retrieveObject(uri2);
            } catch (ObjectNotFoundException e) {
            }
            if (objectNode != null) {
                Enumeration enumerateBindings = objectNode.enumerateBindings();
                while (enumerateBindings.hasMoreElements()) {
                    Uri uri3 = this.namespace.getUri(slideToken, new StringBuffer().append(this.namespaceConfig.getRolesPath()).append("/").append(((ObjectNode.Binding) enumerateBindings.nextElement()).getName()).toString());
                    try {
                        NodeProperty property = uri3.getStore().retrieveRevisionDescriptor(uri3, new NodeRevisionNumber()).getProperty(AclConstants.P_GROUP_MEMBER_SET);
                        if (property != null && property.getValue() != null && new XMLValue((String) property.getValue()).getHrefNodes().contains(subjectNode)) {
                            vector.add(uri3.toString());
                        }
                    } catch (RevisionDescriptorNotFoundException e2) {
                    } catch (JDOMException e3) {
                    }
                }
            }
        }
        ObjectNode objectNode2 = null;
        if (this.namespaceConfig.getGroupsPath() != null && this.namespaceConfig.getGroupsPath().length() != 0) {
            Uri uri4 = this.namespace.getUri(slideToken, this.namespaceConfig.getGroupsPath());
            try {
                objectNode2 = uri4.getStore().retrieveObject(uri4);
            } catch (ObjectNotFoundException e4) {
            }
            if (objectNode2 != null) {
                Enumeration enumerateBindings2 = objectNode2.enumerateBindings();
                while (enumerateBindings2.hasMoreElements()) {
                    Uri uri5 = this.namespace.getUri(slideToken, new StringBuffer().append(this.namespaceConfig.getGroupsPath()).append("/").append(((ObjectNode.Binding) enumerateBindings2.nextElement()).getName()).toString());
                    try {
                        NodeProperty property2 = uri5.getStore().retrieveRevisionDescriptor(uri5, new NodeRevisionNumber()).getProperty(AclConstants.P_GROUP_MEMBER_SET);
                        if (property2 != null && property2.getValue() != null && new XMLValue((String) property2.getValue()).getHrefNodes().contains(subjectNode)) {
                            vector.add(uri5.toString());
                        }
                    } catch (RevisionDescriptorNotFoundException e5) {
                    } catch (JDOMException e6) {
                    }
                }
            }
        }
        return vector.elements();
    }

    @Override // org.apache.slide.security.SecurityImpl, org.apache.slide.security.Security
    public Enumeration getRoles(ObjectNode objectNode) {
        return EMPTY_VECTOR.elements();
    }

    private boolean evaluateAcl(SlideToken slideToken, ObjectNode objectNode, ActionNode actionNode, Enumeration enumeration) throws ServiceAccessException, ObjectNotFoundException {
        boolean z = false;
        SubjectNode subjectNode = (SubjectNode) getPrincipal(slideToken);
        while (true) {
            if (!enumeration.hasMoreElements()) {
                break;
            }
            NodePermission nodePermission = (NodePermission) enumeration.nextElement();
            if (match(slideToken, objectNode, subjectNode, actionNode, nodePermission)) {
                z = !nodePermission.isNegative();
            }
        }
        return z;
    }

    private boolean match(SlideToken slideToken, ObjectNode objectNode, SubjectNode subjectNode, ActionNode actionNode, NodePermission nodePermission) throws ServiceAccessException {
        boolean z = matchAction(slideToken, actionNode, nodePermission.getActionNode()) && matchSubject(slideToken, objectNode, subjectNode, nodePermission.getSubjectNode());
        if (this.logger.isEnabled(LOG_CHANNEL, 7)) {
            this.logger.log(new StringBuffer().append("    permission=").append(nodePermission).append(", match=").append(z).toString(), LOG_CHANNEL, 7);
        }
        return z;
    }

    private boolean matchSubject(SlideToken slideToken, ObjectNode objectNode, SubjectNode subjectNode, SubjectNode subjectNode2) throws ServiceAccessException {
        if (subjectNode2.equals(SubjectNode.ALL)) {
            return true;
        }
        return subjectNode2.equals(SubjectNode.AUTHENTICATED) ? !subjectNode.equals(SubjectNode.UNAUTHENTICATED) : subjectNode2.equals(SubjectNode.UNAUTHENTICATED) ? subjectNode.equals(SubjectNode.UNAUTHENTICATED) : subjectNode2.equals(SubjectNode.OWNER) ? matchOwner(slideToken, objectNode, subjectNode) : subjectNode2.equals(SubjectNode.SELF) ? matchPrincipal(slideToken, subjectNode, (SubjectNode) objectNode) : matchPrincipal(slideToken, subjectNode, subjectNode2);
    }

    private boolean matchOwner(SlideToken slideToken, ObjectNode objectNode, SubjectNode subjectNode) throws ServiceAccessException {
        Uri uri = this.namespace.getUri(slideToken, objectNode.getUri());
        try {
            NodeProperty property = uri.getStore().retrieveRevisionDescriptor(uri, new NodeRevisionNumber()).getProperty("owner");
            if (property == null || property.getValue() == null) {
                return false;
            }
            return SubjectNode.getSubjectNode(new StringBuffer().append(this.namespace.getConfig().getUsersPath()).append("/").append(property.getValue()).toString()).equals(subjectNode);
        } catch (ServiceAccessException e) {
            throw e;
        } catch (RevisionDescriptorNotFoundException e2) {
            return false;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$slide$security$ACLSecurityImpl == null) {
            cls = class$("org.apache.slide.security.ACLSecurityImpl");
            class$org$apache$slide$security$ACLSecurityImpl = cls;
        } else {
            cls = class$org$apache$slide$security$ACLSecurityImpl;
        }
        LOG_CHANNEL = cls.getName();
        EMPTY_VECTOR = new Vector();
    }
}
