package org.apache.sling.jcr.jackrabbit.accessmanager.post;

import jakarta.json.JsonObject;
import java.security.Principal;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.servlet.Servlet;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.authorization.PrincipalAccessControlList;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.jcr.jackrabbit.accessmanager.GetPrincipalAce;
import org.apache.sling.jcr.jackrabbit.accessmanager.impl.PrincipalAceHelper;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@Component(service = {Servlet.class, GetPrincipalAce.class}, property = {"sling.servlet.resourceTypes=sling/servlet/default", "sling.servlet.methods=GET", "sling.servlet.selectors=pace", "sling.servlet.selectors=tidy.pace", "sling.servlet.extensions=json", "sling.servlet.prefix:Integer=-1"}, reference = {@Reference(name = "RestrictionProvider", bind = "bindRestrictionProvider", cardinality = ReferenceCardinality.MULTIPLE, policyOption = ReferencePolicyOption.GREEDY, service = RestrictionProvider.class)})
/* loaded from: input_file:org/apache/sling/jcr/jackrabbit/accessmanager/post/GetPrincipalAceServlet.class */
public class GetPrincipalAceServlet extends AbstractGetAceServlet implements GetPrincipalAce {
    private static final long serialVersionUID = 1654062732084983394L;

    @Override // org.apache.sling.jcr.jackrabbit.accessmanager.post.AbstractAccessGetServlet
    @Nullable
    protected String getItemPath(SlingHttpServletRequest slingHttpServletRequest) {
        return PrincipalAceHelper.getEffectivePath(slingHttpServletRequest);
    }

    @Override // org.apache.sling.jcr.jackrabbit.accessmanager.post.AbstractAccessGetServlet
    protected void validateResourcePath(Session session, String str) throws RepositoryException {
    }

    @Override // org.apache.sling.jcr.jackrabbit.accessmanager.GetPrincipalAce
    public JsonObject getPrincipalAce(Session session, String str, String str2) throws RepositoryException {
        return internalGetAce(session, str, str2);
    }

    @Override // org.apache.sling.jcr.jackrabbit.accessmanager.post.AbstractGetAceServlet
    protected Map<String, List<AccessControlEntry>> getAccessControlEntriesMap(Session session, String str, Principal principal, Map<Principal, Map<DeclarationType, Set<String>>> map) throws RepositoryException {
        JackrabbitAccessControlManager accessControlManager = session.getAccessControlManager();
        return accessControlManager instanceof JackrabbitAccessControlManager ? entriesSortedByEffectivePath(accessControlManager.getPolicies(principal), accessControlEntry -> {
            return matchesPrincipalAccessControlEntry(accessControlEntry, str, principal);
        }, map) : Collections.emptyMap();
    }

    protected boolean matchesPrincipalAccessControlEntry(@NotNull AccessControlEntry accessControlEntry, @NotNull String str, @NotNull Principal principal) {
        JackrabbitAccessControlEntry jackrabbitAccessControlEntry = null;
        if ((accessControlEntry instanceof PrincipalAccessControlList.Entry) && accessControlEntry.getPrincipal().equals(principal) && PrincipalAceHelper.matchesResourcePath(str, accessControlEntry)) {
            jackrabbitAccessControlEntry = (JackrabbitAccessControlEntry) accessControlEntry;
        }
        return jackrabbitAccessControlEntry != null;
    }
}
