package relocated_for_contentpackage.org.apache.jackrabbit.vault.packaging.impl;

import java.security.Principal;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import relocated_for_contentpackage.javax.jcr.Repository;
import relocated_for_contentpackage.javax.jcr.RepositoryException;
import relocated_for_contentpackage.javax.jcr.Session;
import relocated_for_contentpackage.org.apache.jackrabbit.api.JackrabbitSession;
import relocated_for_contentpackage.org.apache.jackrabbit.api.security.user.Authorizable;
import relocated_for_contentpackage.org.apache.jackrabbit.api.security.user.Group;
import relocated_for_contentpackage.org.apache.maven.artifact.versioning.ComparableVersion;

/* loaded from: input_file:relocated_for_contentpackage/org/apache/jackrabbit/vault/packaging/impl/AdminPermissionChecker.class */
public class AdminPermissionChecker {
    private static final String ADMIN_USER = "admin";
    private static final String SYSTEM_USER = "system";
    private static final String ADMINISTRATORS_GROUP = "administrators";
    private static final Logger log = LoggerFactory.getLogger(AdminPermissionChecker.class);
    public static final ComparableVersion VERSION_OAK_140 = new ComparableVersion("1.40");

    private AdminPermissionChecker() {
    }

    public static boolean hasAdministrativePermissions(@NotNull Session session, String... strArr) throws RepositoryException {
        JackrabbitSession jackrabbitSession;
        List asList = Arrays.asList((String[]) Optional.ofNullable(strArr).orElse(new String[0]));
        if (session instanceof JackrabbitSession) {
            jackrabbitSession = (JackrabbitSession) session;
            if (isOakVersionExposingBoundPrincipals(session.getRepository()) && hasAdministrativePermissionsWithPrincipals(jackrabbitSession, asList)) {
                return true;
            }
        } else {
            jackrabbitSession = null;
        }
        String userID = session.getUserID();
        if (hasAdministrativePermissionsWithAuthorizableId(userID, asList)) {
            return true;
        }
        if (jackrabbitSession == null) {
            log.warn("could not evaluate group permissions but just user name");
            return false;
        }
        Authorizable authorizable = jackrabbitSession.getUserManager().getAuthorizable(userID);
        if (authorizable == null) {
            return false;
        }
        Iterator<Group> memberOf = authorizable.memberOf();
        while (memberOf.hasNext()) {
            if (hasAdministrativePermissionsWithAuthorizableId(memberOf.next().getID(), asList)) {
                return true;
            }
        }
        return false;
    }

    static boolean hasAdministrativePermissionsWithPrincipals(@NotNull Session session, List<String> list) {
        Set set = (Set) session.getAttribute("oak.bound-principals");
        if (set == null) {
            return false;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            if (list.contains(((Principal) it.next()).getName())) {
                return true;
            }
        }
        return false;
    }

    static boolean hasAdministrativePermissionsWithAuthorizableId(@NotNull String str, List<String> list) {
        return ADMIN_USER.equals(str) || "system".equals(str) || ADMINISTRATORS_GROUP.equals(str) || list.contains(str);
    }

    static boolean isOakVersionExposingBoundPrincipals(@NotNull Repository repository) {
        String descriptor;
        return "Apache Jackrabbit Oak".equals(repository.getDescriptor(Repository.REP_NAME_DESC)) && (descriptor = repository.getDescriptor(Repository.REP_VERSION_DESC)) != null && new ComparableVersion(descriptor).compareTo(VERSION_OAK_140) >= 0;
    }
}
