package org.apache.sling.jcr.repoinit.impl;

import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.nodetype.ConstraintViolationException;
import org.apache.sling.repoinit.parser.operations.AclLine;
import org.apache.sling.repoinit.parser.operations.AddMixins;
import org.apache.sling.repoinit.parser.operations.CreatePath;
import org.apache.sling.repoinit.parser.operations.DeleteAclPaths;
import org.apache.sling.repoinit.parser.operations.DeleteAclPrincipalBased;
import org.apache.sling.repoinit.parser.operations.DeleteAclPrincipals;
import org.apache.sling.repoinit.parser.operations.PathSegmentDefinition;
import org.apache.sling.repoinit.parser.operations.RemoveAcePaths;
import org.apache.sling.repoinit.parser.operations.RemoveAcePrincipalBased;
import org.apache.sling.repoinit.parser.operations.RemoveAcePrincipals;
import org.apache.sling.repoinit.parser.operations.RemoveMixins;
import org.apache.sling.repoinit.parser.operations.RestrictionClause;
import org.apache.sling.repoinit.parser.operations.SetAclPaths;
import org.apache.sling.repoinit.parser.operations.SetAclPrincipalBased;
import org.apache.sling.repoinit.parser.operations.SetAclPrincipals;
import org.apache.sling.repoinit.parser.operations.SetProperties;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sling/jcr/repoinit/impl/AclVisitor.class */
class AclVisitor extends DoNothingVisitor {
    private static final Logger slog = LoggerFactory.getLogger(AclVisitor.class);

    public AclVisitor(Session session) {
        super(session);
    }

    private List<String> require(AclLine aclLine, String str) {
        List<String> property = aclLine.getProperty(str);
        if (property == null) {
            throw new IllegalStateException("Missing property " + str + " on " + aclLine);
        }
        return property;
    }

    private void setAcl(AclLine aclLine, Session session, List<String> list, List<String> list2, List<String> list3, AclLine.Action action) {
        try {
            if (action == AclLine.Action.REMOVE) {
                report("remove not supported. use 'remove acl' instead.");
            } else if (action == AclLine.Action.REMOVE_ALL) {
                AclUtil.removeEntries(session, list, list2);
            } else {
                boolean equals = aclLine.getAction().equals(AclLine.Action.ALLOW);
                Logger logger = this.log;
                Object[] objArr = new Object[4];
                objArr[0] = equals ? "allow" : "deny";
                objArr[1] = list3;
                objArr[2] = list;
                objArr[3] = list2;
                logger.info("Adding ACL '{}' entry '{}' for {} on {}", objArr);
                AclUtil.setAcl(session, list, list2, list3, equals, (List<RestrictionClause>) aclLine.getRestrictions());
            }
        } catch (Exception e) {
            report(e, "Failed to set ACL (" + e.toString() + ") " + aclLine);
        }
    }

    private void setRepositoryAcl(AclLine aclLine, Session session, List<String> list, List<String> list2, AclLine.Action action) {
        try {
            if (action == AclLine.Action.REMOVE) {
                report("remove not supported. use 'remove acl' instead.");
            } else if (action == AclLine.Action.REMOVE_ALL) {
                AclUtil.removeEntries(session, list, Collections.singletonList(null));
            } else {
                boolean equals = aclLine.getAction().equals(AclLine.Action.ALLOW);
                Logger logger = this.log;
                Object[] objArr = new Object[3];
                objArr[0] = equals ? "allow" : "deny";
                objArr[1] = list2;
                objArr[2] = list;
                logger.info("Adding repository level ACL '{}' entry '{}' for {}", objArr);
                AclUtil.setRepositoryAcl(session, list, list2, equals, aclLine.getRestrictions());
            }
        } catch (Exception e) {
            report(e, "Failed to set repository level ACL (" + e.toString() + ") " + aclLine);
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitSetAclPrincipal(SetAclPrincipals setAclPrincipals) {
        List<String> principals = setAclPrincipals.getPrincipals();
        for (AclLine aclLine : setAclPrincipals.getLines()) {
            List<String> property = aclLine.getProperty("paths");
            if (property == null || property.isEmpty()) {
                setRepositoryAcl(aclLine, this.session, principals, require(aclLine, "privileges"), aclLine.getAction());
            } else {
                setAcl(aclLine, this.session, principals, property, require(aclLine, "privileges"), aclLine.getAction());
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitSetAclPaths(SetAclPaths setAclPaths) {
        List<String> paths = setAclPaths.getPaths();
        for (AclLine aclLine : setAclPaths.getLines()) {
            setAcl(aclLine, this.session, require(aclLine, "principals"), paths, require(aclLine, "privileges"), aclLine.getAction());
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitSetAclPrincipalBased(SetAclPrincipalBased setAclPrincipalBased) {
        for (String str : setAclPrincipalBased.getPrincipals()) {
            try {
                this.log.info("Adding principal-based access control entry for {}", str);
                AclUtil.setPrincipalAcl(this.session, str, setAclPrincipalBased.getLines());
            } catch (Exception e) {
                report(e, "Failed to set principal-based ACL (" + e.getMessage() + ")");
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitRemoveAcePrincipal(RemoveAcePrincipals removeAcePrincipals) {
        List principals = removeAcePrincipals.getPrincipals();
        for (AclLine aclLine : removeAcePrincipals.getLines()) {
            try {
                AclUtil.removeEntries(this.session, principals, aclLine.getProperty("paths"), require(aclLine, "privileges"), aclLine.getAction() == AclLine.Action.ALLOW, aclLine.getRestrictions());
            } catch (Exception e) {
                report(e, "Failed to remove access control entries (" + e.toString() + ") " + aclLine);
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitRemoveAcePaths(RemoveAcePaths removeAcePaths) {
        List paths = removeAcePaths.getPaths();
        for (AclLine aclLine : removeAcePaths.getLines()) {
            try {
                AclUtil.removeEntries(this.session, require(aclLine, "principals"), paths, require(aclLine, "privileges"), aclLine.getAction() == AclLine.Action.ALLOW, aclLine.getRestrictions());
            } catch (Exception e) {
                report(e, "Failed to remove access control entries (" + e.toString() + ") " + aclLine);
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitRemoveAcePrincipalBased(RemoveAcePrincipalBased removeAcePrincipalBased) {
        for (String str : removeAcePrincipalBased.getPrincipals()) {
            try {
                this.log.info("Removing principal-based access control entries for {}", str);
                AclUtil.removePrincipalEntries(this.session, str, (Collection<AclLine>) removeAcePrincipalBased.getLines());
            } catch (Exception e) {
                report(e, "Failed to remove principal-based access control entries (" + e.getMessage() + ")");
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitCreatePath(CreatePath createPath) {
        StringBuilder sb = new StringBuilder();
        for (PathSegmentDefinition pathSegmentDefinition : createPath.getDefinitions()) {
            String sb2 = sb.toString();
            String format = String.format("%s/%s", sb2, pathSegmentDefinition.getSegment());
            try {
                if (this.session.itemExists(format)) {
                    this.log.info("Path already exists, nothing to do (and not checking its primary type for now): {}", format);
                } else {
                    Node rootNode = sb2.equals("") ? this.session.getRootNode() : this.session.getNode(sb2);
                    this.log.info("Creating node {} with primary type {}", format, pathSegmentDefinition.getPrimaryType());
                    Node addChildNode = addChildNode(rootNode, pathSegmentDefinition);
                    List mixins = pathSegmentDefinition.getMixins();
                    if (mixins != null) {
                        this.log.info("Adding mixins {} to node {}", mixins, format);
                        Iterator it = mixins.iterator();
                        while (it.hasNext()) {
                            addChildNode.addMixin((String) it.next());
                        }
                    }
                }
            } catch (Exception e) {
                report(e, "CreatePath execution failed at " + pathSegmentDefinition + ": " + e);
            }
            sb.append("/").append(pathSegmentDefinition.getSegment());
        }
        List propertyLines = createPath.getPropertyLines();
        if (!propertyLines.isEmpty()) {
            new NodePropertiesVisitor(this.session).visitSetProperties(new SetProperties(Collections.singletonList(sb.toString()), propertyLines));
        }
        try {
            this.session.save();
        } catch (Exception e2) {
            report(e2, "Session.save failed: " + e2);
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitAddMixins(AddMixins addMixins) {
        List<String> paths = addMixins.getPaths();
        if (paths != null) {
            for (String str : paths) {
                try {
                    if (this.session.itemExists(str)) {
                        List mixins = addMixins.getMixins();
                        if (mixins != null) {
                            Node node = this.session.getNode(str);
                            this.log.info("Adding mixins {} to node {}", mixins, str);
                            Iterator it = mixins.iterator();
                            while (it.hasNext()) {
                                node.addMixin((String) it.next());
                            }
                        }
                    } else {
                        this.log.warn("Path does not exist, not adding mixins: {}", str);
                    }
                } catch (Exception e) {
                    report(e, "AddMixins execution failed at " + str + ": " + e);
                }
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitRemoveMixins(RemoveMixins removeMixins) {
        List<String> paths = removeMixins.getPaths();
        if (paths != null) {
            for (String str : paths) {
                try {
                    if (this.session.itemExists(str)) {
                        List mixins = removeMixins.getMixins();
                        if (mixins != null) {
                            Node node = this.session.getNode(str);
                            this.log.info("Removing mixins {} from node {}", mixins, str);
                            Iterator it = mixins.iterator();
                            while (it.hasNext()) {
                                node.removeMixin((String) it.next());
                            }
                        }
                    } else {
                        this.log.warn("Path does not exist, not removing mixins: {}", str);
                    }
                } catch (Exception e) {
                    report(e, "RemoveMixins execution failed at " + str + ": " + e);
                }
            }
        }
    }

    @NotNull
    private static Node addChildNode(@NotNull Node node, @NotNull PathSegmentDefinition pathSegmentDefinition) throws RepositoryException {
        if (pathSegmentDefinition.getPrimaryType() != null) {
            return node.addNode(pathSegmentDefinition.getSegment(), pathSegmentDefinition.getPrimaryType());
        }
        try {
            return node.addNode(pathSegmentDefinition.getSegment());
        } catch (ConstraintViolationException e) {
            slog.info("Adding Node without node type failed ('{}'), retry with sling:Folder", e.getMessage());
            return node.addNode(pathSegmentDefinition.getSegment(), "sling:Folder");
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitDeleteAclPrincipals(DeleteAclPrincipals deleteAclPrincipals) {
        for (String str : deleteAclPrincipals.getPrincipals()) {
            try {
                this.log.info("Removing access control policy for {}", str);
                AclUtil.removePolicy(this.session, str);
            } catch (RepositoryException e) {
                report(e, "Failed to remove ACL (" + e.getMessage() + ")");
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitDeleteAclPaths(DeleteAclPaths deleteAclPaths) {
        try {
            AclUtil.removePolicies(this.session, deleteAclPaths.getPaths());
        } catch (RepositoryException e) {
            report(e, "Failed to remove ACL (" + e.getMessage() + ")");
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitDeleteAclPrincipalBased(DeleteAclPrincipalBased deleteAclPrincipalBased) {
        for (String str : deleteAclPrincipalBased.getPrincipals()) {
            try {
                this.log.info("Removing principal-based access control policy for {}", str);
                AclUtil.removePrincipalPolicy(this.session, str);
            } catch (RepositoryException e) {
                report(e, "Failed to remove principal-based ACL (" + e.getMessage() + ")");
            }
        }
    }
}
