package org.xwiki.security.authorization.internal;

import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.XWikiException;
import com.xpn.xwiki.doc.XWikiDocument;
import com.xpn.xwiki.objects.BaseObject;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.xwiki.component.annotation.Component;
import org.xwiki.context.Execution;
import org.xwiki.model.EntityType;
import org.xwiki.model.reference.DocumentReference;
import org.xwiki.model.reference.DocumentReferenceResolver;
import org.xwiki.model.reference.SpaceReference;
import org.xwiki.model.reference.WikiReference;
import org.xwiki.security.SecurityReference;
import org.xwiki.security.authorization.AuthorizationException;
import org.xwiki.security.authorization.EntityTypeNotSupportedException;
import org.xwiki.security.authorization.Right;
import org.xwiki.security.authorization.RightSet;
import org.xwiki.security.authorization.RuleState;
import org.xwiki.security.authorization.SecurityEntryReader;
import org.xwiki.security.authorization.SecurityEntryReaderExtra;
import org.xwiki.security.authorization.SecurityRule;
import org.xwiki.security.authorization.SecurityRuleEntry;
import org.xwiki.security.internal.XWikiConstants;

@Singleton
@Component
/* loaded from: input_file:WEB-INF/lib/xwiki-platform-security-bridge-10.11.jar:org/xwiki/security/authorization/internal/DefaultSecurityEntryReader.class */
public class DefaultSecurityEntryReader implements SecurityEntryReader {
    private static final SecurityRule DENY_EDIT = new AllowEditToNoOneRule();
    private static final Set<Right> MAINWIKIOWNER_RIGHTS = new RightSet(Right.PROGRAM);
    private static final Set<Right> OWNER_RIGHTS = new RightSet(Right.ADMIN);
    private static final Set<Right> CREATOR_RIGHTS = new RightSet(Right.CREATOR);

    @Inject
    @Named("user")
    private DocumentReferenceResolver<String> resolver;

    @Inject
    private Execution execution;

    @Inject
    private List<SecurityEntryReaderExtra> extras;

    /* loaded from: input_file:WEB-INF/lib/xwiki-platform-security-bridge-10.11.jar:org/xwiki/security/authorization/internal/DefaultSecurityEntryReader$InternalSecurityRuleEntry.class */
    private final class InternalSecurityRuleEntry extends AbstractSecurityRuleEntry {
        private final SecurityReference reference;
        private final Collection<SecurityRule> rules;

        private InternalSecurityRuleEntry(SecurityReference securityReference, Collection<SecurityRule> collection) {
            this.reference = securityReference;
            this.rules = Collections.unmodifiableCollection(collection);
        }

        @Override // org.xwiki.security.authorization.SecurityEntry
        public SecurityReference getReference() {
            return this.reference;
        }

        @Override // org.xwiki.security.authorization.SecurityRuleEntry
        public Collection<SecurityRule> getRules() {
            return this.rules;
        }
    }

    private XWikiContext getXWikiContext() {
        return (XWikiContext) this.execution.getContext().getProperty("xwikicontext");
    }

    @Override // org.xwiki.security.authorization.SecurityEntryReader
    public SecurityRuleEntry read(SecurityReference securityReference) throws AuthorizationException {
        WikiReference wikiReference;
        DocumentReference documentReference;
        DocumentReference documentReference2;
        if (securityReference == null) {
            return null;
        }
        if (securityReference.getOriginalReference() == null) {
            return new InternalSecurityRuleEntry(securityReference, Collections.emptyList());
        }
        switch (securityReference.getType()) {
            case WIKI:
                wikiReference = new WikiReference(securityReference);
                SpaceReference spaceReference = new SpaceReference("XWiki", wikiReference);
                documentReference = new DocumentReference("XWikiPreferences", spaceReference);
                documentReference2 = new DocumentReference(XWikiConstants.GLOBAL_CLASSNAME, spaceReference);
                break;
            case SPACE:
                wikiReference = new WikiReference(securityReference.extractReference(EntityType.WIKI));
                documentReference = new DocumentReference(XWikiConstants.SPACE_DOC, new SpaceReference(securityReference));
                documentReference2 = new DocumentReference(XWikiConstants.GLOBAL_CLASSNAME, new SpaceReference("XWiki", wikiReference));
                break;
            case DOCUMENT:
                wikiReference = new WikiReference(securityReference.extractReference(EntityType.WIKI));
                documentReference = new DocumentReference(securityReference);
                documentReference2 = new DocumentReference(XWikiConstants.LOCAL_CLASSNAME, new SpaceReference("XWiki", wikiReference));
                break;
            default:
                throw new EntityTypeNotSupportedException(securityReference.getType(), this);
        }
        Collection<SecurityRule> securityRules = getSecurityRules(documentReference, documentReference2, wikiReference);
        Iterator<SecurityEntryReaderExtra> it = this.extras.iterator();
        while (it.hasNext()) {
            Collection<SecurityRule> read = it.next().read(securityReference);
            if (read != null) {
                securityRules.addAll(read);
            }
        }
        return new InternalSecurityRuleEntry(securityReference, securityRules);
    }

    private XWikiDocument getDocument(DocumentReference documentReference) throws AuthorizationException {
        XWikiContext xWikiContext = getXWikiContext();
        try {
            XWikiDocument document = xWikiContext.getWiki().getDocument(documentReference, xWikiContext);
            if (document == null) {
                return null;
            }
            if (document.isNew()) {
                return null;
            }
            return document;
        } catch (XWikiException e) {
            throw new AuthorizationException(documentReference, "Could not retrieve the document to check security access", e);
        }
    }

    private DocumentReference getWikiOwner(WikiReference wikiReference) throws AuthorizationException {
        XWikiContext xWikiContext = getXWikiContext();
        try {
            String wikiOwner = xWikiContext.getWiki().getWikiOwner(wikiReference.getName(), xWikiContext);
            if (wikiOwner == null) {
                return null;
            }
            return this.resolver.resolve(wikiOwner, wikiReference);
        } catch (XWikiException e) {
            throw new AuthorizationException(wikiReference, "Could not retrieve the owner of this wiki", e);
        }
    }

    private Collection<SecurityRule> getSecurityRules(DocumentReference documentReference, DocumentReference documentReference2, WikiReference wikiReference) throws AuthorizationException {
        boolean isGlobalRightsReference = isGlobalRightsReference(documentReference);
        boolean equals = documentReference2.getName().equals(XWikiConstants.GLOBAL_CLASSNAME);
        XWikiDocument document = getDocument(documentReference);
        List<SecurityRule> impliedRules = getImpliedRules(documentReference, document, isGlobalRightsReference, equals);
        if (document == null) {
            return impliedRules;
        }
        List<BaseObject> xObjects = document.getXObjects(documentReference2);
        if (xObjects != null) {
            for (BaseObject baseObject : xObjects) {
                if (baseObject != null) {
                    try {
                        impliedRules.add(XWikiSecurityRule.createNewRule(baseObject, this.resolver, wikiReference, isGlobalRightsReference && !equals));
                    } catch (IllegalArgumentException e) {
                    }
                }
            }
        }
        return impliedRules;
    }

    private List<SecurityRule> getImpliedRules(DocumentReference documentReference, XWikiDocument xWikiDocument, boolean z, boolean z2) throws AuthorizationException {
        DocumentReference creatorReference;
        ArrayList arrayList = new ArrayList();
        if (z) {
            if (z2) {
                addImpliedGlobalRule(documentReference, arrayList);
            } else {
                arrayList.add(DENY_EDIT);
            }
        }
        if (!z2 && xWikiDocument != null && (creatorReference = xWikiDocument.getCreatorReference()) != null && !"XWikiGuest".equals(creatorReference.getName())) {
            arrayList.add(new XWikiSecurityRule(CREATOR_RIGHTS, RuleState.ALLOW, Collections.singleton(creatorReference), (Collection<DocumentReference>) null));
        }
        return arrayList;
    }

    private void addImpliedGlobalRule(DocumentReference documentReference, List<SecurityRule> list) throws AuthorizationException {
        WikiReference wikiReference = documentReference.getWikiReference();
        DocumentReference wikiOwner = getWikiOwner(wikiReference);
        if (wikiOwner != null) {
            if (getXWikiContext().isMainWiki(wikiReference.getName())) {
                list.add(new XWikiSecurityRule(MAINWIKIOWNER_RIGHTS, RuleState.ALLOW, Collections.singleton(wikiOwner), (Collection<DocumentReference>) null));
            } else {
                list.add(new XWikiSecurityRule(OWNER_RIGHTS, RuleState.ALLOW, Collections.singleton(wikiOwner), (Collection<DocumentReference>) null));
            }
        }
    }

    private boolean isGlobalRightsReference(DocumentReference documentReference) {
        return XWikiConstants.SPACE_DOC.equals(documentReference.getName()) || ("XWikiPreferences".equals(documentReference.getName()) && "XWiki".equals(documentReference.getParent().getName()));
    }
}
