package org.apache.sling.jcr.repoinit.impl;

import java.util.Collection;
import java.util.Collections;
import java.util.List;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.sling.repoinit.parser.operations.AclLine;
import org.apache.sling.repoinit.parser.operations.DeleteAclPaths;
import org.apache.sling.repoinit.parser.operations.DeleteAclPrincipalBased;
import org.apache.sling.repoinit.parser.operations.DeleteAclPrincipals;
import org.apache.sling.repoinit.parser.operations.EnsureAclPrincipalBased;
import org.apache.sling.repoinit.parser.operations.RemoveAcePaths;
import org.apache.sling.repoinit.parser.operations.RemoveAcePrincipalBased;
import org.apache.sling.repoinit.parser.operations.RemoveAcePrincipals;
import org.apache.sling.repoinit.parser.operations.RestrictionClause;
import org.apache.sling.repoinit.parser.operations.SetAclPaths;
import org.apache.sling.repoinit.parser.operations.SetAclPrincipalBased;
import org.apache.sling.repoinit.parser.operations.SetAclPrincipals;

/* loaded from: input_file:org/apache/sling/jcr/repoinit/impl/AclVisitor.class */
class AclVisitor extends DoNothingVisitor {
    public static final String OPTION_IGNORE_MISSING_PRINCIPAL = "ignoreMissingPrincipal";
    private final SessionContext context;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/sling/jcr/repoinit/impl/AclVisitor$Instruction.class */
    public enum Instruction {
        SET,
        REMOVE
    }

    public AclVisitor(Session session) {
        super(session);
        this.context = new SessionContext(session);
    }

    private void handleAclLine(AclLine aclLine, Instruction instruction, List<String> list, List<String> list2, List<String> list3) throws RepositoryException {
        AclLine.Action action = aclLine.getAction();
        if (action == AclLine.Action.REMOVE) {
            report("remove not supported. use 'remove acl' instead.");
            return;
        }
        if (action == AclLine.Action.REMOVE_ALL) {
            AclUtil.removeEntries(this.context, list, list2);
            return;
        }
        boolean z = action == AclLine.Action.ALLOW;
        String str = z ? "allow" : "deny";
        List property = aclLine.getProperty("privileges");
        if (instruction == Instruction.SET) {
            this.log.info("Adding ACL '{}' entry '{}' for {} on {}", new Object[]{str, property, list, list2});
            AclUtil.setAcl(this.context, list, list2, (List<String>) property, z, (List<RestrictionClause>) aclLine.getRestrictions(), list3);
        } else if (instruction == Instruction.REMOVE) {
            this.log.info("Removing ACL '{}' entry '{}' for {} on {}", new Object[]{str, property, list, list2});
            AclUtil.removeEntries(this.context, list, list2, property, z, aclLine.getRestrictions());
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitSetAclPrincipal(SetAclPrincipals setAclPrincipals) {
        List<String> principals = setAclPrincipals.getPrincipals();
        for (AclLine aclLine : setAclPrincipals.getLines()) {
            List<String> property = aclLine.getProperty("paths");
            boolean isEmpty = property.isEmpty();
            try {
                handleAclLine(aclLine, Instruction.SET, principals, isEmpty ? Collections.singletonList(":repository") : property, setAclPrincipals.getOptions());
            } catch (Exception e) {
                if (isEmpty) {
                    report(e, "Failed to set repository level ACL (" + e + ") " + aclLine);
                } else {
                    report(e, "Failed to set ACL (" + e + ") " + aclLine);
                }
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitSetAclPaths(SetAclPaths setAclPaths) {
        List<String> paths = setAclPaths.getPaths();
        for (AclLine aclLine : setAclPaths.getLines()) {
            try {
                handleAclLine(aclLine, Instruction.SET, aclLine.getProperty("principals"), paths, setAclPaths.getOptions());
            } catch (Exception e) {
                report(e, "Failed to set ACL (" + e + ") " + aclLine);
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitSetAclPrincipalBased(SetAclPrincipalBased setAclPrincipalBased) {
        for (String str : setAclPrincipalBased.getPrincipals()) {
            try {
                this.log.info("Adding principal-based access control entry for {}", str);
                AclUtil.setPrincipalAcl(this.context, str, setAclPrincipalBased.getLines(), false);
            } catch (Exception e) {
                report(e, "Failed to set principal-based ACL (" + e.getMessage() + ")");
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitEnsureAclPrincipalBased(EnsureAclPrincipalBased ensureAclPrincipalBased) {
        for (String str : ensureAclPrincipalBased.getPrincipals()) {
            try {
                this.log.info("Enforcing principal-based access control entry for {}", str);
                AclUtil.setPrincipalAcl(this.context, str, ensureAclPrincipalBased.getLines(), true);
            } catch (Exception e) {
                report(e, "Failed to set principal-based ACL (" + e.getMessage() + ")");
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitRemoveAcePrincipal(RemoveAcePrincipals removeAcePrincipals) {
        List<String> principals = removeAcePrincipals.getPrincipals();
        for (AclLine aclLine : removeAcePrincipals.getLines()) {
            try {
                handleAclLine(aclLine, Instruction.REMOVE, principals, aclLine.getProperty("paths"), removeAcePrincipals.getOptions());
            } catch (Exception e) {
                report(e, "Failed to remove access control entries (" + e.toString() + ") " + aclLine);
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitRemoveAcePaths(RemoveAcePaths removeAcePaths) {
        List<String> paths = removeAcePaths.getPaths();
        for (AclLine aclLine : removeAcePaths.getLines()) {
            try {
                handleAclLine(aclLine, Instruction.REMOVE, aclLine.getProperty("principals"), paths, removeAcePaths.getOptions());
            } catch (Exception e) {
                report(e, "Failed to remove access control entries (" + e.toString() + ") " + aclLine);
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitRemoveAcePrincipalBased(RemoveAcePrincipalBased removeAcePrincipalBased) {
        for (String str : removeAcePrincipalBased.getPrincipals()) {
            try {
                this.log.info("Removing principal-based access control entries for {}", str);
                AclUtil.removePrincipalEntries(this.context, str, (Collection<AclLine>) removeAcePrincipalBased.getLines());
            } catch (Exception e) {
                report(e, "Failed to remove principal-based access control entries (" + e.getMessage() + ")");
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitDeleteAclPrincipals(DeleteAclPrincipals deleteAclPrincipals) {
        for (String str : deleteAclPrincipals.getPrincipals()) {
            try {
                this.log.info("Removing access control policy for {}", str);
                AclUtil.removePolicy(this.context, str);
            } catch (RepositoryException e) {
                report(e, "Failed to remove ACL (" + e.getMessage() + ")");
            }
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitDeleteAclPaths(DeleteAclPaths deleteAclPaths) {
        try {
            AclUtil.removePolicies(this.context, deleteAclPaths.getPaths());
        } catch (RepositoryException e) {
            report(e, "Failed to remove ACL (" + e.getMessage() + ")");
        }
    }

    @Override // org.apache.sling.jcr.repoinit.impl.DoNothingVisitor
    public void visitDeleteAclPrincipalBased(DeleteAclPrincipalBased deleteAclPrincipalBased) {
        for (String str : deleteAclPrincipalBased.getPrincipals()) {
            try {
                this.log.info("Removing principal-based access control policy for {}", str);
                AclUtil.removePrincipalPolicy(this.context, str);
            } catch (RepositoryException e) {
                report(e, "Failed to remove principal-based ACL (" + e.getMessage() + ")");
            }
        }
    }
}
