package org.apache.sling.jcr.jackrabbit.accessmanager.post;

import java.security.Principal;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.servlet.Servlet;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.jcr.jackrabbit.accessmanager.DeleteAces;
import org.apache.sling.servlets.post.Modification;
import org.apache.sling.servlets.post.PostResponse;
import org.apache.sling.servlets.post.PostResponseCreator;
import org.jetbrains.annotations.NotNull;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicyOption;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {Servlet.class, DeleteAces.class}, property = {"sling.servlet.resourceTypes=sling/servlet/default", "sling.servlet.methods=POST", "sling.servlet.selectors=deleteAce", "sling.servlet.prefix:Integer=-1"}, reference = {@Reference(name = "PostResponseCreator", bind = "bindPostResponseCreator", cardinality = ReferenceCardinality.MULTIPLE, policyOption = ReferencePolicyOption.GREEDY, service = PostResponseCreator.class)})
/* loaded from: input_file:org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.class */
public class DeleteAcesServlet extends AbstractAccessPostServlet implements DeleteAces {
    private static final long serialVersionUID = 3784866802938282971L;
    private final transient Logger log = LoggerFactory.getLogger(getClass());

    @Override // org.apache.sling.jcr.jackrabbit.accessmanager.post.AbstractAccessPostServlet
    protected void handleOperation(SlingHttpServletRequest slingHttpServletRequest, PostResponse postResponse, List<Modification> list) throws RepositoryException {
        deleteAces((Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class), getItemPath(slingHttpServletRequest), slingHttpServletRequest.getParameterValues(":applyTo"), list);
    }

    @Override // org.apache.sling.jcr.jackrabbit.accessmanager.DeleteAces
    public void deleteAces(Session session, String str, String[] strArr) throws RepositoryException {
        deleteAces(session, str, strArr, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NotNull
    public Set<Principal> validateArgs(Session session, String str, String[] strArr) throws RepositoryException {
        HashSet hashSet = new HashSet();
        if (strArr == null) {
            throw new RepositoryException("principalIds were not sumitted.");
        }
        if (session == null) {
            throw new RepositoryException("JCR Session not found");
        }
        validateResourcePath(session, str);
        PrincipalManager principalManager = ((JackrabbitSession) session).getPrincipalManager();
        for (String str2 : strArr) {
            Principal principal = principalManager.getPrincipal(str2);
            if (principal == null) {
                throw new RepositoryException("Invalid principalId was submitted.");
            }
            hashSet.add(principal);
        }
        return hashSet;
    }

    protected void deleteAces(Session session, String str, String[] strArr, List<Modification> list) throws RepositoryException {
        Set<Principal> validateArgs = validateArgs(session, str, strArr);
        try {
            AccessControlManager accessControlManager = session.getAccessControlManager();
            AccessControlList accessControlListOrNull = getAccessControlListOrNull(accessControlManager, str, false);
            if (accessControlListOrNull == null) {
                Iterator<Principal> it = validateArgs.iterator();
                while (it.hasNext()) {
                    this.log.warn("No AccessControlEntry was found to be deleted for principal: {}", it.next().getName());
                }
            } else {
                AccessControlEntry[] accessControlEntries = accessControlListOrNull.getAccessControlEntries();
                ArrayList<AccessControlEntry> arrayList = new ArrayList();
                for (AccessControlEntry accessControlEntry : accessControlEntries) {
                    if (validateArgs.contains(accessControlEntry.getPrincipal())) {
                        arrayList.add(accessControlEntry);
                    }
                }
                HashSet hashSet = new HashSet();
                if (!arrayList.isEmpty()) {
                    for (AccessControlEntry accessControlEntry2 : arrayList) {
                        accessControlListOrNull.removeAccessControlEntry(accessControlEntry2);
                        hashSet.add(accessControlEntry2.getPrincipal());
                    }
                }
                for (Principal principal : validateArgs) {
                    if (!hashSet.contains(principal)) {
                        this.log.warn("No AccessControlEntry was found to be deleted for principal: {}", principal.getName());
                    } else if (list != null) {
                        list.add(Modification.onDeleted(principal.getName()));
                    }
                }
                accessControlManager.setPolicy(str, accessControlListOrNull);
            }
        } catch (RepositoryException e) {
            throw new RepositoryException("Failed to delete access control.", e);
        }
    }
}
