package org.ametys.plugins.repository.jcr;

import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.lock.LockManager;
import org.ametys.core.group.GroupIdentity;
import org.ametys.core.user.UserIdentity;
import org.ametys.core.util.LambdaUtils;
import org.ametys.plugins.repository.AmetysObjectResolver;
import org.ametys.plugins.repository.AmetysRepositoryException;
import org.ametys.plugins.repository.RepositoryConstants;
import org.ametys.plugins.repository.provider.AbstractRepository;
import org.ametys.plugins.repository.query.expression.Expression;
import org.ametys.plugins.repository.query.expression.OrExpression;
import org.apache.avalon.framework.component.Component;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;
import org.apache.jackrabbit.util.ISO9075;
import org.apache.jackrabbit.util.Text;

/* loaded from: input_file:org/ametys/plugins/repository/jcr/ACLJCRAmetysObjectHelper.class */
public class ACLJCRAmetysObjectHelper implements Component, Serviceable {
    protected static AmetysObjectResolver _resolver;
    protected static Repository _repository;
    private static final String __NODE_NAME_ROOT_ACL = "ametys-internal:acl";
    private static final String __NODETYPE_ROOT_ACL = "ametys:acl";
    private static final String __NODE_NAME_ACL_USERS = "users";
    private static final String __NODE_NAME_ACL_GROUPS = "groups";
    private static final String __NODETYPE_ACL_USER = "ametys:acl-user";
    private static final String __NODETYPE_ACL_GROUP = "ametys:acl-group";
    private static final String __NODETYPE_UNSTRUCTURED = "nt:unstructured";
    private static final String __PROPERTY_NAME_ALLOWED_ANY_CONNECTED_PROFILES = "ametys:allowed-any-connected-profiles";
    private static final String __PROPERTY_NAME_DENIED_ANY_CONNECTED_PROFILES = "ametys:denied-any-connected-profiles";
    private static final String __PROPERTY_NAME_ALLOWED_ANONYMOUS_PROFILES = "ametys:allowed-anonymous-profiles";
    private static final String __PROPERTY_NAME_DENIED_ANONYMOUS_PROFILES = "ametys:denied-anonymous-profiles";
    private static final String __PROPERTY_NAME_ALLOWED_PROFILES = "ametys:allowed-profiles";
    private static final String __PROPERTY_NAME_DENIED_PROFILES = "ametys:denied-profiles";
    private static final String __PROPERTY_NAME_DISALLOW_INHERITANCE = "ametys:disallow-inheritance";

    /* loaded from: input_file:org/ametys/plugins/repository/jcr/ACLJCRAmetysObjectHelper$ACLProfileExpression.class */
    static class ACLProfileExpression implements Expression {
        private String[] _profileIds;
        private String _propertyName;

        public ACLProfileExpression(String str, String... strArr) {
            this._propertyName = str;
            this._profileIds = strArr;
        }

        @Override // org.ametys.plugins.repository.query.expression.Expression
        public String build() {
            boolean z = true;
            StringBuilder sb = new StringBuilder("(");
            for (String str : this._profileIds) {
                if (z) {
                    z = false;
                } else {
                    sb.append(" or ");
                }
                sb.append("@").append(this._propertyName).append(Expression.Operator.EQ).append("'").append(str).append("'");
            }
            return z ? "" : sb.append(")").toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/ametys/plugins/repository/jcr/ACLJCRAmetysObjectHelper$AllowedProfileExpression.class */
    public static class AllowedProfileExpression extends ACLProfileExpression {
        public AllowedProfileExpression(String... strArr) {
            super(ACLJCRAmetysObjectHelper.__PROPERTY_NAME_ALLOWED_PROFILES, strArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/ametys/plugins/repository/jcr/ACLJCRAmetysObjectHelper$AnonymousAllowedProfileExpression.class */
    public static class AnonymousAllowedProfileExpression extends ACLProfileExpression {
        public AnonymousAllowedProfileExpression(String... strArr) {
            super(ACLJCRAmetysObjectHelper.__PROPERTY_NAME_ALLOWED_ANONYMOUS_PROFILES, strArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/ametys/plugins/repository/jcr/ACLJCRAmetysObjectHelper$AnonymousDeniedProfileExpression.class */
    public static class AnonymousDeniedProfileExpression extends ACLProfileExpression {
        public AnonymousDeniedProfileExpression(String... strArr) {
            super(ACLJCRAmetysObjectHelper.__PROPERTY_NAME_DENIED_ANONYMOUS_PROFILES, strArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/ametys/plugins/repository/jcr/ACLJCRAmetysObjectHelper$AnyConnectedAllowedProfileExpression.class */
    public static class AnyConnectedAllowedProfileExpression extends ACLProfileExpression {
        public AnyConnectedAllowedProfileExpression(String... strArr) {
            super(ACLJCRAmetysObjectHelper.__PROPERTY_NAME_ALLOWED_ANY_CONNECTED_PROFILES, strArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/ametys/plugins/repository/jcr/ACLJCRAmetysObjectHelper$AnyConnectedDeniedProfileExpression.class */
    public static class AnyConnectedDeniedProfileExpression extends ACLProfileExpression {
        public AnyConnectedDeniedProfileExpression(String... strArr) {
            super(ACLJCRAmetysObjectHelper.__PROPERTY_NAME_DENIED_ANY_CONNECTED_PROFILES, strArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/ametys/plugins/repository/jcr/ACLJCRAmetysObjectHelper$DeniedProfileExpression.class */
    public static class DeniedProfileExpression extends ACLProfileExpression {
        public DeniedProfileExpression(String... strArr) {
            super(ACLJCRAmetysObjectHelper.__PROPERTY_NAME_DENIED_PROFILES, strArr);
        }
    }

    public void service(ServiceManager serviceManager) throws ServiceException {
        _resolver = (AmetysObjectResolver) serviceManager.lookup(AmetysObjectResolver.ROLE);
        _repository = (Repository) serviceManager.lookup(AbstractRepository.ROLE);
    }

    private static Set<String> _convertNodeToPath(Set<? extends Object> set) {
        Stream<? extends Object> stream = set.stream();
        Class<JCRAmetysObject> cls = JCRAmetysObject.class;
        Objects.requireNonNull(JCRAmetysObject.class);
        return (Set) stream.map(cls::cast).map(LambdaUtils.wrap(jCRAmetysObject -> {
            return ISO9075.encodePath(jCRAmetysObject.getNode().getPath());
        })).collect(Collectors.toSet());
    }

    public static boolean hasUserDeniedProfile(Set<? extends Object> set, UserIdentity userIdentity, Set<String> set2) {
        DeniedProfileExpression deniedProfileExpression = new DeniedProfileExpression((String[]) set2.toArray(new String[set2.size()]));
        Iterator<String> it = _convertNodeToPath(set).iterator();
        while (it.hasNext()) {
            if (getACLUsers(userIdentity, it.next(), deniedProfileExpression).hasNext()) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasUserAllowedProfile(Set<? extends Object> set, UserIdentity userIdentity, Set<String> set2) {
        AllowedProfileExpression allowedProfileExpression = new AllowedProfileExpression((String[]) set2.toArray(new String[set2.size()]));
        Iterator<String> it = _convertNodeToPath(set).iterator();
        while (it.hasNext()) {
            if (getACLUsers(userIdentity, it.next(), allowedProfileExpression).hasNext()) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasGroupDeniedProfile(Set<? extends Object> set, GroupIdentity groupIdentity, Set<String> set2) {
        DeniedProfileExpression deniedProfileExpression = new DeniedProfileExpression((String[]) set2.toArray(new String[set2.size()]));
        Iterator<String> it = _convertNodeToPath(set).iterator();
        while (it.hasNext()) {
            if (getACLGroups(groupIdentity, it.next(), deniedProfileExpression).hasNext()) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasGroupAllowedProfile(Set<? extends Object> set, GroupIdentity groupIdentity, Set<String> set2) {
        AllowedProfileExpression allowedProfileExpression = new AllowedProfileExpression((String[]) set2.toArray(new String[set2.size()]));
        Iterator<String> it = _convertNodeToPath(set).iterator();
        while (it.hasNext()) {
            if (getACLGroups(groupIdentity, it.next(), allowedProfileExpression).hasNext()) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasAnyConnectedDeniedProfile(Set<? extends Object> set, Set<String> set2) {
        AnyConnectedDeniedProfileExpression anyConnectedDeniedProfileExpression = new AnyConnectedDeniedProfileExpression((String[]) set2.toArray(new String[set2.size()]));
        Iterator<String> it = _convertNodeToPath(set).iterator();
        while (it.hasNext()) {
            if (getACLRoots(it.next(), anyConnectedDeniedProfileExpression).hasNext()) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasAnyConnectedAllowedProfile(Set<? extends Object> set, Set<String> set2) {
        AnyConnectedAllowedProfileExpression anyConnectedAllowedProfileExpression = new AnyConnectedAllowedProfileExpression((String[]) set2.toArray(new String[set2.size()]));
        Iterator<String> it = _convertNodeToPath(set).iterator();
        while (it.hasNext()) {
            if (getACLRoots(it.next(), anyConnectedAllowedProfileExpression).hasNext()) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasAnonymousDeniedProfile(Set<? extends Object> set, Set<String> set2) {
        AnonymousDeniedProfileExpression anonymousDeniedProfileExpression = new AnonymousDeniedProfileExpression((String[]) set2.toArray(new String[set2.size()]));
        Iterator<String> it = _convertNodeToPath(set).iterator();
        while (it.hasNext()) {
            if (getACLRoots(it.next(), anonymousDeniedProfileExpression).hasNext()) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasAnonymousAllowedProfile(Set<? extends Object> set, Set<String> set2) {
        AnonymousAllowedProfileExpression anonymousAllowedProfileExpression = new AnonymousAllowedProfileExpression((String[]) set2.toArray(new String[set2.size()]));
        Iterator<String> it = _convertNodeToPath(set).iterator();
        while (it.hasNext()) {
            if (getACLRoots(it.next(), anonymousAllowedProfileExpression).hasNext()) {
                return true;
            }
        }
        return false;
    }

    public static NodeIterator getACLRoots(String str) {
        return getACLRoots(str, null);
    }

    public static NodeIterator getACLRoots(String str, Expression expression) {
        StringBuilder sb = new StringBuilder("/jcr:root");
        if (str != null) {
            sb.append(str);
        }
        sb.append("//element(*, ").append(__NODETYPE_ROOT_ACL).append(")");
        if (expression != null) {
            sb.append("[").append(expression.build()).append("]");
        }
        return _query(sb.toString());
    }

    public static NodeIterator getACLUsers(UserIdentity userIdentity, String str) {
        return getACLUsers(userIdentity, str, null);
    }

    public static NodeIterator getACLUsers(UserIdentity userIdentity, String str, Expression expression) {
        StringBuilder sb = new StringBuilder("/jcr:root");
        if (str != null) {
            sb.append(str);
        }
        sb.append("//element(*, ").append(__NODETYPE_ROOT_ACL).append(")").append("/").append(__NODE_NAME_ACL_USERS).append("/").append(userIdentity.getPopulationId()).append("/").append(ISO9075.encode(userIdentity.getLogin()));
        if (expression != null) {
            sb.append("[").append(expression.build()).append("]");
        }
        return _query(sb.toString());
    }

    public static NodeIterator getACLUsers() {
        return getACLUsers(null);
    }

    public static NodeIterator getACLUsers(Expression expression) {
        StringBuilder sb = new StringBuilder();
        sb.append("//element(*, ").append(__NODETYPE_ACL_USER).append(")");
        if (expression != null) {
            sb.append("[").append(expression.build()).append("]");
        }
        return _query(sb.toString());
    }

    public static NodeIterator getACLGroups(Expression expression) {
        StringBuilder sb = new StringBuilder();
        sb.append("//element(*, ").append(__NODETYPE_ACL_GROUP).append(")");
        if (expression != null) {
            sb.append("[").append(expression.build()).append("]");
        }
        return _query(sb.toString());
    }

    public static NodeIterator getACLGroups(GroupIdentity groupIdentity, String str) {
        return getACLGroups(groupIdentity, str, null);
    }

    public static NodeIterator getACLGroups(GroupIdentity groupIdentity, String str, Expression expression) {
        StringBuilder sb = new StringBuilder("/jcr:root");
        if (str != null) {
            sb.append(str);
        }
        sb.append("//element(*, ").append(__NODETYPE_ROOT_ACL).append(")").append("/").append(__NODE_NAME_ACL_GROUPS).append("/").append(groupIdentity.getDirectoryId()).append("/").append(ISO9075.encode(Text.escapeIllegalJcrChars(groupIdentity.getId())));
        if (expression != null) {
            sb.append("[").append(expression.build()).append("]");
        }
        return _query(sb.toString());
    }

    protected static Set<String> _getAllowedProfiles(UserIdentity userIdentity, String str) {
        HashSet hashSet = new HashSet();
        NodeIterator aCLUsers = getACLUsers(userIdentity, str);
        while (aCLUsers.hasNext()) {
            Node node = (Node) aCLUsers.next();
            Set<String> _getProperty = _getProperty(node, __PROPERTY_NAME_ALLOWED_PROFILES);
            _getProperty.removeAll(_getProperty(node, __PROPERTY_NAME_DENIED_PROFILES));
            hashSet.addAll(_getProperty);
        }
        return hashSet;
    }

    protected static Set<String> _getAllowedProfiles(GroupIdentity groupIdentity, String str) {
        HashSet hashSet = new HashSet();
        NodeIterator aCLGroups = getACLGroups(groupIdentity, str);
        while (aCLGroups.hasNext()) {
            Node node = (Node) aCLGroups.next();
            Set<String> _getProperty = _getProperty(node, __PROPERTY_NAME_ALLOWED_PROFILES);
            _getProperty.removeAll(_getProperty(node, __PROPERTY_NAME_DENIED_PROFILES));
            hashSet.addAll(_getProperty);
        }
        return hashSet;
    }

    protected static Set<String> _getAnyConnectedAllowedProfiles(String str) {
        HashSet hashSet = new HashSet();
        NodeIterator aCLRoots = getACLRoots(str);
        while (aCLRoots.hasNext()) {
            Node node = (Node) aCLRoots.next();
            Set<String> _getProperty = _getProperty(node, __PROPERTY_NAME_ALLOWED_ANY_CONNECTED_PROFILES);
            _getProperty.removeAll(_getProperty(node, __PROPERTY_NAME_DENIED_ANY_CONNECTED_PROFILES));
            hashSet.addAll(_getProperty);
        }
        return hashSet;
    }

    protected static Set<String> _getAnonymousAllowedProfiles(String str) {
        HashSet hashSet = new HashSet();
        NodeIterator aCLRoots = getACLRoots(str);
        while (aCLRoots.hasNext()) {
            Node node = (Node) aCLRoots.next();
            Set<String> _getProperty = _getProperty(node, __PROPERTY_NAME_ALLOWED_ANONYMOUS_PROFILES);
            _getProperty.removeAll(_getProperty(node, __PROPERTY_NAME_DENIED_ANONYMOUS_PROFILES));
            hashSet.addAll(_getProperty);
        }
        return hashSet;
    }

    private static NodeIterator _query(String str) {
        Session session = null;
        try {
            session = _repository.login();
            return session.getWorkspace().getQueryManager().createQuery(str, "xpath").execute().getNodes();
        } catch (RepositoryException e) {
            if (session != null) {
                session.logout();
            }
            throw new AmetysRepositoryException("An error occured executing the JCR query : " + str, e);
        }
    }

    public static Set<String> getAllowedProfilesForAnyConnectedUser(Node node) {
        Node _getACLNode = _getACLNode(node);
        return _getACLNode == null ? Collections.EMPTY_SET : _getProperty(_getACLNode, __PROPERTY_NAME_ALLOWED_ANY_CONNECTED_PROFILES);
    }

    public static void addAllowedProfilesForAnyConnectedUser(Node node, Set<String> set) {
        Node _getOrCreateACLNode = _getOrCreateACLNode(node);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            _addProperty(_getOrCreateACLNode, __PROPERTY_NAME_ALLOWED_ANY_CONNECTED_PROFILES, it.next());
        }
        _save(node);
    }

    public static void removeAllowedProfilesForAnyConnectedUser(Node node, Set<String> set) {
        Node _getOrCreateACLNode = _getOrCreateACLNode(node);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            _removeProperty(_getOrCreateACLNode, __PROPERTY_NAME_ALLOWED_ANY_CONNECTED_PROFILES, it.next());
        }
        _save(node);
    }

    public static Set<String> getDeniedProfilesForAnyConnectedUser(Node node) {
        Node _getACLNode = _getACLNode(node);
        return _getACLNode == null ? Collections.EMPTY_SET : _getProperty(_getACLNode, __PROPERTY_NAME_DENIED_ANY_CONNECTED_PROFILES);
    }

    public static void addDeniedProfilesForAnyConnectedUser(Node node, Set<String> set) {
        Node _getOrCreateACLNode = _getOrCreateACLNode(node);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            _addProperty(_getOrCreateACLNode, __PROPERTY_NAME_DENIED_ANY_CONNECTED_PROFILES, it.next());
        }
        _save(node);
    }

    public static void removeDeniedProfilesForAnyConnectedUser(Node node, Set<String> set) {
        Node _getOrCreateACLNode = _getOrCreateACLNode(node);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            _removeProperty(_getOrCreateACLNode, __PROPERTY_NAME_DENIED_ANY_CONNECTED_PROFILES, it.next());
        }
        _save(node);
    }

    public static Set<String> getAllowedProfilesForAnonymous(Node node) {
        Node _getACLNode = _getACLNode(node);
        return _getACLNode == null ? Collections.EMPTY_SET : _getProperty(_getACLNode, __PROPERTY_NAME_ALLOWED_ANONYMOUS_PROFILES);
    }

    public static void addAllowedProfilesForAnonymous(Node node, Set<String> set) {
        Node _getOrCreateACLNode = _getOrCreateACLNode(node);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            _addProperty(_getOrCreateACLNode, __PROPERTY_NAME_ALLOWED_ANONYMOUS_PROFILES, it.next());
        }
        _save(node);
    }

    public static void removeAllowedProfilesForAnonymous(Node node, Set<String> set) {
        Node _getOrCreateACLNode = _getOrCreateACLNode(node);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            _removeProperty(_getOrCreateACLNode, __PROPERTY_NAME_ALLOWED_ANONYMOUS_PROFILES, it.next());
        }
        _save(node);
    }

    public static Set<String> getDeniedProfilesForAnonymous(Node node) {
        Node _getACLNode = _getACLNode(node);
        return _getACLNode == null ? Collections.EMPTY_SET : _getProperty(_getACLNode, __PROPERTY_NAME_DENIED_ANONYMOUS_PROFILES);
    }

    public static void addDeniedProfilesForAnonymous(Node node, Set<String> set) {
        Node _getOrCreateACLNode = _getOrCreateACLNode(node);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            _addProperty(_getOrCreateACLNode, __PROPERTY_NAME_DENIED_ANONYMOUS_PROFILES, it.next());
        }
        _save(node);
    }

    public static void removeDeniedProfilesForAnonymous(Node node, Set<String> set) {
        Node _getOrCreateACLNode = _getOrCreateACLNode(node);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            _removeProperty(_getOrCreateACLNode, __PROPERTY_NAME_DENIED_ANONYMOUS_PROFILES, it.next());
        }
        _save(node);
    }

    public static Set<String> getAllowedProfilesForUser(Node node, UserIdentity userIdentity) {
        Node _getUserNode = _getUserNode(node, userIdentity);
        return _getUserNode == null ? new HashSet() : _getProperty(_getUserNode, __PROPERTY_NAME_ALLOWED_PROFILES);
    }

    public static Map<UserIdentity, Set<String>> getAllowedProfilesForUsers(Node node) {
        HashMap hashMap = new HashMap();
        try {
            Node _getUsersNode = _getUsersNode(node);
            if (_getUsersNode == null) {
                return hashMap;
            }
            NodeIterator nodes = _getUsersNode.getNodes();
            while (nodes.hasNext()) {
                Node nextNode = nodes.nextNode();
                NodeIterator nodes2 = nextNode.getNodes();
                while (nodes2.hasNext()) {
                    Node nextNode2 = nodes2.nextNode();
                    Set<String> _getProperty = _getProperty(nextNode2, __PROPERTY_NAME_ALLOWED_PROFILES);
                    if (!_getProperty.isEmpty()) {
                        hashMap.put(new UserIdentity(nextNode2.getName(), nextNode.getName()), _getProperty);
                    }
                }
            }
            return hashMap;
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Unable to get allowed users", e);
        }
    }

    public static Set<UserIdentity> getAllowedUsers(Node node, String str) {
        try {
            HashSet hashSet = new HashSet();
            Node _getUsersNode = _getUsersNode(node);
            if (_getUsersNode == null) {
                return hashSet;
            }
            NodeIterator nodes = _getUsersNode.getNodes();
            while (nodes.hasNext()) {
                Node node2 = (Node) nodes.next();
                NodeIterator nodes2 = node2.getNodes();
                while (nodes2.hasNext()) {
                    Node node3 = (Node) nodes2.next();
                    if (_getProperty(node3, __PROPERTY_NAME_ALLOWED_PROFILES).contains(str)) {
                        hashSet.add(new UserIdentity(node3.getName(), node2.getName()));
                    }
                }
            }
            return hashSet;
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException((Throwable) e);
        }
    }

    public static void addAllowedUsers(Set<UserIdentity> set, Node node, String str) {
        Iterator<UserIdentity> it = set.iterator();
        while (it.hasNext()) {
            _addProperty(_getOrCreateUserNode(node, it.next()), __PROPERTY_NAME_ALLOWED_PROFILES, str);
        }
        _save(node);
    }

    public static void removeAllowedUsers(Set<UserIdentity> set, Node node, String str) {
        Iterator<UserIdentity> it = set.iterator();
        while (it.hasNext()) {
            _removeProperty(_getOrCreateUserNode(node, it.next()), __PROPERTY_NAME_ALLOWED_PROFILES, str);
        }
        _save(node);
    }

    public static void removeAllowedUsers(Set<UserIdentity> set, Node node) {
        Iterator<UserIdentity> it = set.iterator();
        while (it.hasNext()) {
            _setProperty(_getOrCreateUserNode(node, it.next()), __PROPERTY_NAME_ALLOWED_PROFILES, Collections.EMPTY_SET);
        }
        _save(node);
    }

    public static Map<GroupIdentity, Set<String>> getAllowedProfilesForGroups(Node node) {
        HashMap hashMap = new HashMap();
        try {
            Node _getGroupsNode = _getGroupsNode(node);
            if (_getGroupsNode == null) {
                return hashMap;
            }
            NodeIterator nodes = _getGroupsNode.getNodes();
            while (nodes.hasNext()) {
                Node nextNode = nodes.nextNode();
                NodeIterator nodes2 = nextNode.getNodes();
                while (nodes2.hasNext()) {
                    Node nextNode2 = nodes2.nextNode();
                    Set<String> _getProperty = _getProperty(nextNode2, __PROPERTY_NAME_ALLOWED_PROFILES);
                    if (!_getProperty.isEmpty()) {
                        hashMap.put(new GroupIdentity(Text.unescapeIllegalJcrChars(nextNode2.getName()), nextNode.getName()), _getProperty);
                    }
                }
            }
            return hashMap;
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Unable to get allowed groups", e);
        }
    }

    public static Set<GroupIdentity> getAllowedGroups(Node node, String str) {
        try {
            HashSet hashSet = new HashSet();
            Node _getGroupsNode = _getGroupsNode(node);
            if (_getGroupsNode == null) {
                return hashSet;
            }
            NodeIterator nodes = _getGroupsNode.getNodes();
            while (nodes.hasNext()) {
                Node node2 = (Node) nodes.next();
                NodeIterator nodes2 = node2.getNodes();
                while (nodes2.hasNext()) {
                    Node node3 = (Node) nodes2.next();
                    if (_getProperty(node3, __PROPERTY_NAME_ALLOWED_PROFILES).contains(str)) {
                        hashSet.add(new GroupIdentity(node3.getName(), node2.getName()));
                    }
                }
            }
            return hashSet;
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException((Throwable) e);
        }
    }

    public static void addAllowedGroups(Set<GroupIdentity> set, Node node, String str) {
        Iterator<GroupIdentity> it = set.iterator();
        while (it.hasNext()) {
            _addProperty(_getOrCreateGroupNode(node, it.next()), __PROPERTY_NAME_ALLOWED_PROFILES, str);
        }
        _save(node);
    }

    public static void removeAllowedGroups(Set<GroupIdentity> set, Node node, String str) {
        Iterator<GroupIdentity> it = set.iterator();
        while (it.hasNext()) {
            _removeProperty(_getOrCreateGroupNode(node, it.next()), __PROPERTY_NAME_ALLOWED_PROFILES, str);
        }
        _save(node);
    }

    public static void removeAllowedGroups(Set<GroupIdentity> set, Node node) {
        Iterator<GroupIdentity> it = set.iterator();
        while (it.hasNext()) {
            _setProperty(_getOrCreateGroupNode(node, it.next()), __PROPERTY_NAME_ALLOWED_PROFILES, Collections.EMPTY_SET);
        }
        _save(node);
    }

    public static Set<String> getDeniedProfilesForUser(Node node, UserIdentity userIdentity) {
        Node _getUserNode = _getUserNode(node, userIdentity);
        return _getUserNode == null ? new HashSet() : _getProperty(_getUserNode, __PROPERTY_NAME_DENIED_PROFILES);
    }

    public static Map<UserIdentity, Set<String>> getDeniedProfilesForUsers(Node node) {
        HashMap hashMap = new HashMap();
        try {
            Node _getUsersNode = _getUsersNode(node);
            if (_getUsersNode == null) {
                return hashMap;
            }
            NodeIterator nodes = _getUsersNode.getNodes();
            while (nodes.hasNext()) {
                Node nextNode = nodes.nextNode();
                NodeIterator nodes2 = nextNode.getNodes();
                while (nodes2.hasNext()) {
                    Node nextNode2 = nodes2.nextNode();
                    Set<String> _getProperty = _getProperty(nextNode2, __PROPERTY_NAME_DENIED_PROFILES);
                    if (!_getProperty.isEmpty()) {
                        hashMap.put(new UserIdentity(nextNode2.getName(), nextNode.getName()), _getProperty);
                    }
                }
            }
            return hashMap;
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Unable to get denied users", e);
        }
    }

    public static Set<UserIdentity> getDeniedUsers(Node node, String str) {
        try {
            HashSet hashSet = new HashSet();
            Node _getUsersNode = _getUsersNode(node);
            if (_getUsersNode == null) {
                return hashSet;
            }
            NodeIterator nodes = _getUsersNode.getNodes();
            while (nodes.hasNext()) {
                Node node2 = (Node) nodes.next();
                NodeIterator nodes2 = node2.getNodes();
                while (nodes2.hasNext()) {
                    Node node3 = (Node) nodes2.next();
                    if (_getProperty(node3, __PROPERTY_NAME_DENIED_PROFILES).contains(str)) {
                        hashSet.add(new UserIdentity(node3.getName(), node2.getName()));
                    }
                }
            }
            return hashSet;
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException((Throwable) e);
        }
    }

    public static void addDeniedUsers(Set<UserIdentity> set, Node node, String str) {
        Iterator<UserIdentity> it = set.iterator();
        while (it.hasNext()) {
            _addProperty(_getOrCreateUserNode(node, it.next()), __PROPERTY_NAME_DENIED_PROFILES, str);
        }
        _save(node);
    }

    public static void removeDeniedUsers(Set<UserIdentity> set, Node node, String str) {
        Iterator<UserIdentity> it = set.iterator();
        while (it.hasNext()) {
            _removeProperty(_getOrCreateUserNode(node, it.next()), __PROPERTY_NAME_DENIED_PROFILES, str);
        }
        _save(node);
    }

    public static void removeDeniedUsers(Set<UserIdentity> set, Node node) {
        Iterator<UserIdentity> it = set.iterator();
        while (it.hasNext()) {
            _setProperty(_getOrCreateUserNode(node, it.next()), __PROPERTY_NAME_DENIED_PROFILES, Collections.EMPTY_SET);
        }
        _save(node);
    }

    public static Map<GroupIdentity, Set<String>> getDeniedProfilesForGroups(Node node) {
        HashMap hashMap = new HashMap();
        try {
            Node _getGroupsNode = _getGroupsNode(node);
            if (_getGroupsNode == null) {
                return hashMap;
            }
            NodeIterator nodes = _getGroupsNode.getNodes();
            while (nodes.hasNext()) {
                Node nextNode = nodes.nextNode();
                NodeIterator nodes2 = nextNode.getNodes();
                while (nodes2.hasNext()) {
                    Node nextNode2 = nodes2.nextNode();
                    Set<String> _getProperty = _getProperty(nextNode2, __PROPERTY_NAME_DENIED_PROFILES);
                    if (!_getProperty.isEmpty()) {
                        hashMap.put(new GroupIdentity(nextNode2.getName(), nextNode.getName()), _getProperty);
                    }
                }
            }
            return hashMap;
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Unable to get allowed groups", e);
        }
    }

    public static Set<GroupIdentity> getDeniedGroups(Node node, String str) {
        try {
            HashSet hashSet = new HashSet();
            Node _getGroupsNode = _getGroupsNode(node);
            if (_getGroupsNode == null) {
                return hashSet;
            }
            NodeIterator nodes = _getGroupsNode.getNodes();
            while (nodes.hasNext()) {
                Node node2 = (Node) nodes.next();
                NodeIterator nodes2 = node2.getNodes();
                while (nodes2.hasNext()) {
                    Node node3 = (Node) nodes2.next();
                    if (_getProperty(node3, __PROPERTY_NAME_DENIED_PROFILES).contains(str)) {
                        hashSet.add(new GroupIdentity(node3.getName(), node2.getName()));
                    }
                }
            }
            return hashSet;
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException((Throwable) e);
        }
    }

    public static void addDeniedGroups(Set<GroupIdentity> set, Node node, String str) {
        Iterator<GroupIdentity> it = set.iterator();
        while (it.hasNext()) {
            _addProperty(_getOrCreateGroupNode(node, it.next()), __PROPERTY_NAME_DENIED_PROFILES, str);
        }
        _save(node);
    }

    public static void removeDeniedGroups(Set<GroupIdentity> set, Node node, String str) {
        Iterator<GroupIdentity> it = set.iterator();
        while (it.hasNext()) {
            _removeProperty(_getOrCreateGroupNode(node, it.next()), __PROPERTY_NAME_DENIED_PROFILES, str);
        }
        _save(node);
    }

    public static void removeDeniedGroups(Set<GroupIdentity> set, Node node) {
        Iterator<GroupIdentity> it = set.iterator();
        while (it.hasNext()) {
            _setProperty(_getOrCreateGroupNode(node, it.next()), __PROPERTY_NAME_DENIED_PROFILES, Collections.EMPTY_SET);
        }
        _save(node);
    }

    public static void removeProfile(String str) {
        OrExpression orExpression = new OrExpression(new AllowedProfileExpression(str), new DeniedProfileExpression(str));
        NodeIterator aCLUsers = getACLUsers(orExpression);
        while (aCLUsers.hasNext()) {
            Node node = (Node) aCLUsers.next();
            _removeProperty(node, __PROPERTY_NAME_ALLOWED_PROFILES, str);
            _removeProperty(node, __PROPERTY_NAME_DENIED_PROFILES, str);
            _save(node);
        }
        NodeIterator aCLGroups = getACLGroups(orExpression);
        while (aCLGroups.hasNext()) {
            Node node2 = (Node) aCLGroups.next();
            _removeProperty(node2, __PROPERTY_NAME_ALLOWED_PROFILES, str);
            _removeProperty(node2, __PROPERTY_NAME_DENIED_PROFILES, str);
            _save(node2);
        }
        NodeIterator aCLRoots = getACLRoots(null, new OrExpression(new AnonymousAllowedProfileExpression(str), new AnonymousDeniedProfileExpression(str), new AnyConnectedAllowedProfileExpression(str), new AnyConnectedDeniedProfileExpression(str)));
        while (aCLRoots.hasNext()) {
            Node node3 = (Node) aCLRoots.next();
            _removeProperty(node3, __PROPERTY_NAME_ALLOWED_ANY_CONNECTED_PROFILES, str);
            _removeProperty(node3, __PROPERTY_NAME_DENIED_ANY_CONNECTED_PROFILES, str);
            _removeProperty(node3, __PROPERTY_NAME_ALLOWED_ANONYMOUS_PROFILES, str);
            _removeProperty(node3, __PROPERTY_NAME_DENIED_ANONYMOUS_PROFILES, str);
            _save(node3);
        }
    }

    public static void removeUser(UserIdentity userIdentity) {
        NodeIterator aCLUsers = getACLUsers(userIdentity, null);
        while (aCLUsers.hasNext()) {
            Node node = (Node) aCLUsers.next();
            try {
                node.remove();
                _save(node);
            } catch (RepositoryException e) {
                throw new AmetysRepositoryException((Throwable) e);
            }
        }
    }

    public static void removeGroup(GroupIdentity groupIdentity) {
        NodeIterator aCLGroups = getACLGroups(groupIdentity, null);
        while (aCLGroups.hasNext()) {
            Node node = (Node) aCLGroups.next();
            try {
                node.remove();
                _save(node);
            } catch (RepositoryException e) {
                throw new AmetysRepositoryException((Throwable) e);
            }
        }
    }

    public static boolean isInheritanceDisallowed(Node node) {
        try {
            Node _getACLNode = _getACLNode(node);
            if (_getACLNode == null || !_getACLNode.hasProperty(__PROPERTY_NAME_DISALLOW_INHERITANCE)) {
                return false;
            }
            return _getACLNode.getProperty(__PROPERTY_NAME_DISALLOW_INHERITANCE).getBoolean();
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Unable to get ametys:disallow-inheritance property", e);
        }
    }

    public static void disallowInheritance(Node node, boolean z) {
        try {
            _getOrCreateACLNode(node).setProperty(__PROPERTY_NAME_DISALLOW_INHERITANCE, z);
            _save(node);
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Unable to set ametys:disallow-inheritance property", e);
        }
    }

    private static void _checkLock(Node node) throws AmetysRepositoryException {
        try {
            if (node.isLocked()) {
                LockManager lockManager = node.getSession().getWorkspace().getLockManager();
                lockManager.addLockToken(lockManager.getLock(node.getPath()).getNode().getProperty(RepositoryConstants.METADATA_LOCKTOKEN).getString());
            }
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Unable to add lock token on ACL node", e);
        }
    }

    private static Node _getOrCreateACLNode(Node node) {
        try {
            if (node.hasNode(__NODE_NAME_ROOT_ACL)) {
                return node.getNode(__NODE_NAME_ROOT_ACL);
            }
            _checkLock(node);
            return node.addNode(__NODE_NAME_ROOT_ACL, __NODETYPE_ROOT_ACL);
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Error while getting root ACL node.", e);
        }
    }

    private static Node _getACLNode(Node node) {
        try {
            if (node.hasNode(__NODE_NAME_ROOT_ACL)) {
                return node.getNode(__NODE_NAME_ROOT_ACL);
            }
            return null;
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Error while getting root ACL node.", e);
        }
    }

    private static Node _getOrCreateUsersNode(Node node) {
        try {
            Node _getOrCreateACLNode = _getOrCreateACLNode(node);
            return _getOrCreateACLNode.hasNode(__NODE_NAME_ACL_USERS) ? _getOrCreateACLNode.getNode(__NODE_NAME_ACL_USERS) : _getOrCreateACLNode.addNode(__NODE_NAME_ACL_USERS, __NODETYPE_UNSTRUCTURED);
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Error while getting 'users' ACL node.", e);
        }
    }

    private static Node _getUserNode(Node node, UserIdentity userIdentity) {
        try {
            Node _getACLNode = _getACLNode(node);
            if (_getACLNode == null || !_getACLNode.hasNode(__NODE_NAME_ACL_USERS)) {
                return null;
            }
            Node node2 = _getACLNode.getNode(__NODE_NAME_ACL_USERS);
            if (!node2.hasNode(userIdentity.getPopulationId())) {
                return null;
            }
            Node node3 = node2.getNode(userIdentity.getPopulationId());
            if (node3.hasNode(userIdentity.getLogin())) {
                return node3.getNode(userIdentity.getLogin());
            }
            return null;
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Error while getting 'users' ACL node.", e);
        }
    }

    private static Node _getUsersNode(Node node) {
        try {
            Node _getACLNode = _getACLNode(node);
            if (_getACLNode == null || !_getACLNode.hasNode(__NODE_NAME_ACL_USERS)) {
                return null;
            }
            return _getACLNode.getNode(__NODE_NAME_ACL_USERS);
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Error while getting 'users' ACL node.", e);
        }
    }

    private static Node _getOrCreateGroupsNode(Node node) {
        try {
            Node _getOrCreateACLNode = _getOrCreateACLNode(node);
            return _getOrCreateACLNode.hasNode(__NODE_NAME_ACL_GROUPS) ? _getOrCreateACLNode.getNode(__NODE_NAME_ACL_GROUPS) : _getOrCreateACLNode.addNode(__NODE_NAME_ACL_GROUPS, __NODETYPE_UNSTRUCTURED);
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Error while getting 'groups' ACL node.", e);
        }
    }

    private static Node _getGroupsNode(Node node) {
        try {
            Node _getACLNode = _getACLNode(node);
            if (_getACLNode == null || !_getACLNode.hasNode(__NODE_NAME_ACL_GROUPS)) {
                return null;
            }
            return _getACLNode.getNode(__NODE_NAME_ACL_GROUPS);
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Error while getting 'groups' ACL node.", e);
        }
    }

    private static Node _getOrCreateUserNode(Node node, UserIdentity userIdentity) {
        try {
            Node _getOrCreateUsersNode = _getOrCreateUsersNode(node);
            String populationId = userIdentity.getPopulationId();
            String login = userIdentity.getLogin();
            if (!_getOrCreateUsersNode.hasNode(populationId)) {
                return _getOrCreateUsersNode.addNode(populationId, __NODETYPE_UNSTRUCTURED).addNode(login, __NODETYPE_ACL_USER);
            }
            Node node2 = _getOrCreateUsersNode.getNode(populationId);
            return node2.hasNode(login) ? node2.getNode(login) : node2.addNode(login, __NODETYPE_ACL_USER);
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException(String.format("Error while getting 'user' ACL node for %s.", userIdentity.toString()), e);
        }
    }

    private static Node _getOrCreateGroupNode(Node node, GroupIdentity groupIdentity) {
        try {
            Node _getOrCreateGroupsNode = _getOrCreateGroupsNode(node);
            String directoryId = groupIdentity.getDirectoryId();
            String escapeIllegalJcrChars = Text.escapeIllegalJcrChars(groupIdentity.getId());
            if (!_getOrCreateGroupsNode.hasNode(directoryId)) {
                return _getOrCreateGroupsNode.addNode(directoryId, __NODETYPE_UNSTRUCTURED).addNode(Text.escapeIllegalJcrChars(escapeIllegalJcrChars), __NODETYPE_ACL_GROUP);
            }
            Node node2 = _getOrCreateGroupsNode.getNode(directoryId);
            return node2.hasNode(escapeIllegalJcrChars) ? node2.getNode(escapeIllegalJcrChars) : node2.addNode(escapeIllegalJcrChars, __NODETYPE_ACL_GROUP);
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException(String.format("Error while getting 'group' ACL node for %s.", groupIdentity.toString()), e);
        }
    }

    private static Set<String> _getProperty(Node node, String str) {
        try {
            Value[] values = node.getProperty(str).getValues();
            HashSet hashSet = new HashSet();
            for (Value value : values) {
                hashSet.add(value.getString());
            }
            return hashSet;
        } catch (PathNotFoundException e) {
            return new HashSet();
        } catch (RepositoryException e2) {
            throw new AmetysRepositoryException("Unable to get " + str + " property", e2);
        }
    }

    private static void _setProperty(Node node, String str, Set<String> set) {
        try {
            node.setProperty(str, (String[]) set.toArray(new String[set.size()]));
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Unable to set " + str + " property", e);
        }
    }

    private static void _addProperty(Node node, String str, String str2) {
        Set<String> _getProperty = _getProperty(node, str);
        if (_getProperty.contains(str2)) {
            return;
        }
        _getProperty.add(str2);
        _setProperty(node, str, _getProperty);
    }

    private static void _removeProperty(Node node, String str, String str2) {
        Set<String> _getProperty = _getProperty(node, str);
        if (_getProperty.contains(str2)) {
            _getProperty.remove(str2);
            _setProperty(node, str, _getProperty);
        }
    }

    private static void _save(Node node) {
        try {
            node.getSession().save();
        } catch (RepositoryException e) {
            throw new AmetysRepositoryException("Unable to save changes", e);
        }
    }
}
