package org.apache.jackrabbit.oak.security.privilege;

import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Set;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.privilege.ImmutablePrivilegeDefinition;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.class */
class PrivilegeDefinitionWriter implements PrivilegeConstants {
    private final Root root;
    private final PrivilegeBitsProvider bitsMgr;
    private PrivilegeBits next;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivilegeDefinitionWriter(@NotNull Root root) {
        this.root = root;
        this.bitsMgr = new PrivilegeBitsProvider(root);
        Tree privilegesTree = this.bitsMgr.getPrivilegesTree();
        if (privilegesTree.exists() && privilegesTree.hasProperty("rep:next")) {
            this.next = PrivilegeBits.getInstance(privilegesTree);
        } else {
            this.next = PrivilegeBits.NEXT_AFTER_BUILT_INS;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void writeDefinition(@NotNull PrivilegeDefinition privilegeDefinition) throws RepositoryException {
        writeDefinitions(Collections.singleton(privilegeDefinition));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void writeBuiltInDefinitions() throws RepositoryException {
        writeDefinitions(getBuiltInDefinitions());
    }

    @NotNull
    private PrivilegeBits getNext() {
        return this.next;
    }

    @NotNull
    private PrivilegeBits next() {
        PrivilegeBits privilegeBits = this.next;
        this.next = privilegeBits.nextBits();
        return privilegeBits;
    }

    private void writeDefinitions(@NotNull Iterable<PrivilegeDefinition> iterable) throws RepositoryException {
        try {
            Tree tree = this.root.getTree("/jcr:system/rep:privileges");
            if (!tree.exists()) {
                throw new RepositoryException("Privilege store does not exist.");
            }
            for (PrivilegeDefinition privilegeDefinition : iterable) {
                if (tree.hasChild(privilegeDefinition.getName())) {
                    throw new RepositoryException("Privilege definition with name '" + privilegeDefinition.getName() + "' already exists.");
                }
                writePrivilegeNode(tree, privilegeDefinition);
            }
            getNext().writeTo(tree);
            this.root.commit();
        } catch (CommitFailedException e) {
            throw e.asRepositoryException();
        }
    }

    private void writePrivilegeNode(@NotNull Tree tree, @NotNull PrivilegeDefinition privilegeDefinition) throws RepositoryException {
        PrivilegeBits next;
        String name = privilegeDefinition.getName();
        Tree addChild = TreeUtil.addChild(tree, name, "rep:Privilege");
        if (privilegeDefinition.isAbstract()) {
            addChild.setProperty("rep:isAbstract", true);
        }
        Set declaredAggregateNames = privilegeDefinition.getDeclaredAggregateNames();
        boolean z = !declaredAggregateNames.isEmpty();
        if (z) {
            addChild.setProperty("rep:aggregates", declaredAggregateNames, Type.NAMES);
        }
        if (PrivilegeBits.BUILT_IN.containsKey(name)) {
            next = (PrivilegeBits) PrivilegeBits.BUILT_IN.get(name);
        } else if (z) {
            next = this.bitsMgr.getBits(declaredAggregateNames);
            if (next.isEmpty()) {
                throw new RepositoryException("Illegal aggregation of non-exising privileges on '" + name + "'.");
            }
        } else {
            next = next();
        }
        next.writeTo(addChild);
    }

    @NotNull
    private static Collection<PrivilegeDefinition> getBuiltInDefinitions() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        NON_AGGREGATE_PRIVILEGES.forEach(str -> {
            linkedHashMap.put(str, new ImmutablePrivilegeDefinition(str, false, (Iterable) null));
        });
        AGGREGATE_PRIVILEGES.forEach((str2, strArr) -> {
            linkedHashMap.put(str2, new ImmutablePrivilegeDefinition(str2, false, Arrays.asList(strArr)));
        });
        linkedHashMap.put("jcr:all", new ImmutablePrivilegeDefinition("jcr:all", false, linkedHashMap.keySet()));
        return linkedHashMap.values();
    }
}
