package org.apache.sling.jcr.jackrabbit.server.impl.security;

import javax.jcr.AccessDeniedException;
import javax.jcr.ItemNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.security.auth.Subject;
import org.apache.jackrabbit.core.HierarchyManager;
import org.apache.jackrabbit.core.ItemId;
import org.apache.jackrabbit.core.security.AMContext;
import org.apache.jackrabbit.core.security.DefaultAccessManager;
import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
import org.apache.sling.jcr.jackrabbit.server.impl.AccessManagerFactoryTracker;
import org.apache.sling.jcr.jackrabbit.server.impl.Activator;
import org.apache.sling.jcr.jackrabbit.server.security.accessmanager.AccessManagerPlugin;
import org.apache.sling.jcr.jackrabbit.server.security.accessmanager.AccessManagerPluginFactory;
import org.apache.sling.jcr.jackrabbit.server.security.accessmanager.WorkspaceAccessManagerPlugin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sling/jcr/jackrabbit/server/impl/security/PluggableDefaultAccessManager.class */
public class PluggableDefaultAccessManager extends DefaultAccessManager {
    private AccessManagerPlugin accessManagerPlugin;
    private NamePathResolver namePathResolver;
    private HierarchyManager hierarchyManager;
    private static final Logger log = LoggerFactory.getLogger(PluggableDefaultAccessManager.class);
    protected AccessManagerPluginFactory accessManagerFactory;
    protected AccessManagerFactoryTracker accessManagerFactoryTracker;
    private Session session;
    private Subject subject;

    protected AccessManagerPluginFactory getAccessManagerFactory() {
        return this.accessManagerFactoryTracker.getFactory(this);
    }

    @Override // org.apache.jackrabbit.core.security.DefaultAccessManager, org.apache.jackrabbit.core.security.AccessManager
    public void init(AMContext aMContext) throws AccessDeniedException, Exception {
        init(aMContext, null, null);
    }

    @Override // org.apache.jackrabbit.core.security.DefaultAccessManager, org.apache.jackrabbit.core.security.AccessManager
    public void init(AMContext aMContext, AccessControlProvider accessControlProvider, WorkspaceAccessManager workspaceAccessManager) throws AccessDeniedException, Exception {
        this.accessManagerFactoryTracker = Activator.getAccessManagerFactoryTracker();
        this.accessManagerFactory = getAccessManagerFactory();
        if (this.accessManagerFactory != null) {
            this.accessManagerPlugin = this.accessManagerFactory.getAccessManager();
        }
        sanityCheck();
        super.init(aMContext, accessControlProvider, workspaceAccessManager);
        this.namePathResolver = aMContext.getNamePathResolver();
        this.hierarchyManager = aMContext.getHierarchyManager();
        if (this.accessManagerPlugin != null) {
            this.accessManagerPlugin.init(aMContext.getSubject(), aMContext.getSession());
        }
        this.session = aMContext.getSession();
        this.subject = aMContext.getSubject();
    }

    @Override // org.apache.jackrabbit.core.security.DefaultAccessManager, org.apache.jackrabbit.core.security.AccessManager
    public void close() throws Exception {
        this.accessManagerFactoryTracker.unregister(this);
        super.close();
        if (this.accessManagerPlugin != null) {
            this.accessManagerPlugin.close();
        }
    }

    public void endSession() {
        if (this.session == null || !this.session.isLive()) {
            return;
        }
        this.session.logout();
    }

    @Override // org.apache.jackrabbit.core.security.DefaultAccessManager, org.apache.jackrabbit.core.security.AccessManager
    public void checkPermission(ItemId itemId, int i) throws AccessDeniedException, ItemNotFoundException, RepositoryException {
        sanityCheck();
        super.checkPermission(itemId, i);
    }

    @Override // org.apache.jackrabbit.core.security.DefaultAccessManager, org.apache.jackrabbit.core.security.AccessManager
    public boolean isGranted(ItemId itemId, int i) throws ItemNotFoundException, RepositoryException {
        return isGranted(this.hierarchyManager.getPath(itemId), i);
    }

    @Override // org.apache.jackrabbit.core.security.DefaultAccessManager, org.apache.jackrabbit.core.security.AccessManager
    public boolean isGranted(Path path, int i) throws RepositoryException {
        return sanityCheck() ? this.accessManagerPlugin.isGranted(this.namePathResolver.getJCRPath(path), i) : super.isGranted(path, i);
    }

    @Override // org.apache.jackrabbit.core.security.DefaultAccessManager, org.apache.jackrabbit.core.security.AccessManager
    public boolean isGranted(Path path, Name name, int i) throws RepositoryException {
        return super.isGranted(path, name, i);
    }

    @Override // org.apache.jackrabbit.core.security.DefaultAccessManager, org.apache.jackrabbit.core.security.AccessManager
    public boolean canRead(Path path) throws RepositoryException {
        return sanityCheck() ? this.accessManagerPlugin.canRead(this.namePathResolver.getJCRPath(path)) : super.canRead(path);
    }

    @Override // org.apache.jackrabbit.core.security.DefaultAccessManager, org.apache.jackrabbit.core.security.AccessManager
    public boolean canAccess(String str) throws RepositoryException {
        WorkspaceAccessManagerPlugin workspaceAccessManagerPlugin = null;
        if (sanityCheck()) {
            workspaceAccessManagerPlugin = this.accessManagerPlugin.getWorkspaceAccessManager();
        }
        return workspaceAccessManagerPlugin != null ? workspaceAccessManagerPlugin.canAccess(str) : super.canAccess(str);
    }

    private boolean sanityCheck() throws RepositoryException {
        if (this.accessManagerPlugin != null) {
            return true;
        }
        AccessManagerPluginFactory factory = this.accessManagerFactoryTracker.getFactory(this);
        if (factory == null) {
            log.warn("No pluggable AccessManager available, falling back to DefaultAccessManager");
            return false;
        }
        this.accessManagerPlugin = factory.getAccessManager();
        try {
            this.accessManagerPlugin.init(this.subject, this.session);
            return true;
        } catch (Exception e) {
            throw new RepositoryException(e);
        }
    }
}
