package ch.cyberduck.core.s3;

import ch.cyberduck.core.Acl;
import ch.cyberduck.core.LocaleFactory;
import ch.cyberduck.core.Path;
import ch.cyberduck.core.PathContainerService;
import ch.cyberduck.core.exception.BackgroundException;
import ch.cyberduck.core.features.AclPermission;
import ch.cyberduck.core.shared.DefaultAclFeature;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.apache.log4j.Logger;
import org.jets3t.service.ServiceException;
import org.jets3t.service.acl.AccessControlList;
import org.jets3t.service.acl.CanonicalGrantee;
import org.jets3t.service.acl.EmailAddressGrantee;
import org.jets3t.service.acl.GrantAndPermission;
import org.jets3t.service.acl.GroupGrantee;
import org.jets3t.service.acl.Permission;
import org.jets3t.service.model.S3Owner;

/* loaded from: input_file:ch/cyberduck/core/s3/S3AccessControlListFeature.class */
public class S3AccessControlListFeature extends DefaultAclFeature implements AclPermission {
    private static final Logger log = Logger.getLogger(S3AccessControlListFeature.class);
    private final S3Session session;
    private final PathContainerService containerService = new S3PathContainerService();

    public S3AccessControlListFeature(S3Session s3Session) {
        this.session = s3Session;
    }

    public Acl getPermission(Path path) throws BackgroundException {
        try {
            return this.containerService.isContainer(path) ? convert(((RequestEntityRestStorageService) this.session.getClient()).getBucketAcl(this.containerService.getContainer(path).getName())) : (path.isFile() || path.isPlaceholder()) ? convert(((RequestEntityRestStorageService) this.session.getClient()).getVersionedObjectAcl(path.attributes().getVersionId(), this.containerService.getContainer(path).getName(), this.containerService.getKey(path))) : Acl.EMPTY;
        } catch (ServiceException e) {
            throw new S3ExceptionMappingService().map("Failure to read attributes of {0}", e, path);
        }
    }

    public void setPermission(Path path, Acl acl) throws BackgroundException {
        try {
            Path container = this.containerService.getContainer(path);
            if (null == acl.getOwner()) {
                acl.setOwner(path.attributes().getAcl().getOwner());
            }
            if (null == acl.getOwner()) {
                acl.setOwner(getPermission(container).getOwner());
            }
            if (this.containerService.isContainer(path)) {
                ((RequestEntityRestStorageService) this.session.getClient()).putBucketAcl(container.getName(), convert(acl));
            } else if (path.isFile() || path.isPlaceholder()) {
                ((RequestEntityRestStorageService) this.session.getClient()).putObjectAcl(container.getName(), this.containerService.getKey(path), convert(acl));
            }
        } catch (ServiceException e) {
            throw new S3ExceptionMappingService().map("Cannot change permissions of {0}", e, path);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessControlList convert(Acl acl) {
        if (Acl.EMPTY.equals(acl)) {
            return null;
        }
        AccessControlList accessControlList = new AccessControlList();
        Acl.CanonicalUser owner = acl.getOwner();
        if (null != owner) {
            accessControlList.setOwner(new S3Owner(owner.getIdentifier(), owner.getDisplayName()));
            accessControlList.grantPermission(new CanonicalGrantee(owner.getIdentifier()), Permission.PERMISSION_FULL_CONTROL);
        }
        for (Acl.UserAndRole userAndRole : acl.asList()) {
            if (userAndRole.isValid()) {
                if (userAndRole.getUser() instanceof Acl.EmailUser) {
                    accessControlList.grantPermission(new EmailAddressGrantee(userAndRole.getUser().getIdentifier()), Permission.parsePermission(userAndRole.getRole().getName()));
                } else if (userAndRole.getUser() instanceof Acl.GroupUser) {
                    if (userAndRole.getUser().getIdentifier().equals(GroupGrantee.ALL_USERS.getIdentifier()) || userAndRole.getUser().getIdentifier().equals("AllUsers")) {
                        accessControlList.grantPermission(GroupGrantee.ALL_USERS, Permission.parsePermission(userAndRole.getRole().getName()));
                    } else if (userAndRole.getUser().getIdentifier().equals("AllAuthenticatedUsers")) {
                        accessControlList.grantPermission(GroupGrantee.AUTHENTICATED_USERS, Permission.parsePermission(userAndRole.getRole().getName()));
                    } else {
                        accessControlList.grantPermission(new GroupGrantee(userAndRole.getUser().getIdentifier()), Permission.parsePermission(userAndRole.getRole().getName()));
                    }
                } else if (userAndRole.getUser() instanceof Acl.CanonicalUser) {
                    accessControlList.grantPermission(new CanonicalGrantee(userAndRole.getUser().getIdentifier()), Permission.parsePermission(userAndRole.getRole().getName()));
                } else {
                    log.warn(String.format("Unsupported user %s", userAndRole.getUser()));
                }
            }
        }
        if (log.isDebugEnabled()) {
            try {
                log.debug(accessControlList.toXml());
            } catch (ServiceException e) {
                log.error(e.getMessage());
            }
        }
        return accessControlList;
    }

    protected Acl convert(AccessControlList accessControlList) {
        if (log.isDebugEnabled()) {
            try {
                log.debug(accessControlList.toXml());
            } catch (ServiceException e) {
                log.error(e.getMessage());
            }
        }
        Acl acl = new Acl();
        acl.setOwner(new Acl.CanonicalUser(accessControlList.getOwner().getId(), accessControlList.getOwner().getDisplayName()));
        for (GrantAndPermission grantAndPermission : accessControlList.getGrantAndPermissions()) {
            Acl.Role role = new Acl.Role(grantAndPermission.getPermission().toString());
            if (grantAndPermission.getGrantee() instanceof CanonicalGrantee) {
                acl.addAll(new Acl.CanonicalUser(grantAndPermission.getGrantee().getIdentifier(), grantAndPermission.getGrantee().getDisplayName(), false), new Acl.Role[]{role});
            } else if (grantAndPermission.getGrantee() instanceof EmailAddressGrantee) {
                acl.addAll(new Acl.EmailUser(grantAndPermission.getGrantee().getIdentifier()), new Acl.Role[]{role});
            } else if (grantAndPermission.getGrantee() instanceof GroupGrantee) {
                acl.addAll(new Acl.GroupUser(grantAndPermission.getGrantee().getIdentifier()), new Acl.Role[]{role});
            }
        }
        return acl;
    }

    public List<Acl.Role> getAvailableAclRoles(List<Path> list) {
        return Arrays.asList(new Acl.Role(Permission.PERMISSION_FULL_CONTROL.toString()), new Acl.Role(Permission.PERMISSION_READ.toString()), new Acl.Role(Permission.PERMISSION_WRITE.toString()), new Acl.Role(Permission.PERMISSION_READ_ACP.toString()), new Acl.Role(Permission.PERMISSION_WRITE_ACP.toString()));
    }

    public List<Acl.User> getAvailableAclUsers() {
        return new ArrayList(Arrays.asList(new Acl.CanonicalUser(), new Acl.GroupUser("AllUsers", false), new Acl.EmailUser() { // from class: ch.cyberduck.core.s3.S3AccessControlListFeature.1
            public String getPlaceholder() {
                return LocaleFactory.localizedString("Amazon Customer Email Address", "S3");
            }
        }));
    }
}
