package com.adobe.idp.dsc.registry.security.impl;

import com.adobe.edc.server.spi.storage.pof.BOIPermissionEntity;
import com.adobe.edc.server.spi.storage.pof.BOIPrincipalResourcePermEntity;
import com.adobe.idp.Context;
import com.adobe.idp.dsc.DSCAuthorizationException;
import com.adobe.idp.dsc.DSCRuntimeException;
import com.adobe.idp.dsc.DSContainer;
import com.adobe.idp.dsc.InvocationContext;
import com.adobe.idp.dsc.registry.PermissionGrantNotFoundException;
import com.adobe.idp.dsc.registry.connector.impl.ConnectorRegistryImpl;
import com.adobe.idp.dsc.registry.impl.StoreUtils;
import com.adobe.idp.dsc.registry.infomodel.PermissionGrant;
import com.adobe.idp.dsc.registry.infomodel.Service;
import com.adobe.idp.dsc.registry.infomodel.impl.PermissionGrantImpl;
import com.adobe.idp.dsc.registry.security.SecurityProfileManager;
import com.adobe.idp.dsc.registry.security.SecurityProfileManagerInternal;
import com.adobe.idp.dsc.util.DSCUMConstants;
import com.adobe.idp.dsc.util.TextUtil;
import com.adobe.idp.um.api.AuthorizationManager;
import com.adobe.idp.um.api.UMFactory;
import com.adobe.idp.um.api.UMLocalUtils;
import com.adobe.idp.um.api.infomodel.Permission;
import com.adobe.idp.um.api.infomodel.ResourceType;
import com.adobe.idp.um.api.infomodel.ResourceTypeSearchFilter;
import com.adobe.idp.um.api.infomodel.User;
import com.adobe.logging.AdobeLogger;
import com.adobe.pof.POFException;
import com.adobe.pof.omapi.POFObjectManager;
import com.adobe.pof.omapi.POFObjectSet;
import com.adobe.pof.omapi.POFQuery;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.logging.Logger;

/* loaded from: input_file:com/adobe/idp/dsc/registry/security/impl/SecurityProfileManagerServiceImpl.class */
public class SecurityProfileManagerServiceImpl implements SecurityProfileManagerInternal {
    private static String m_sysResourceID;
    private static String m_ResourceID;
    protected static final Logger log = AdobeLogger.getLogger(ConnectorRegistryImpl.class.getName());
    private static HashMap m_permsMap = new HashMap(0);
    private static HashMap m_sysPermsMap = new HashMap(0);
    private static SecurityProfileManager INSTANCE = new SecurityProfileManagerServiceImpl();

    private SecurityProfileManagerServiceImpl() {
    }

    public static SecurityProfileManager getInstance() {
        return INSTANCE;
    }

    @Override // com.adobe.idp.dsc.registry.security.SecurityProfileManager
    public PermissionGrant addPermissionGrant(PermissionGrant permissionGrant) {
        ArrayList arrayList = new ArrayList(1);
        try {
            checkPermission(DSCUMConstants.DSC_SYS_SERVICE_SET_SECURITY);
            AuthorizationManager authorizationManager = UMFactory.getLocalInstance().getAuthorizationManager(UMLocalUtils.getSystemContext());
            String permissionId = getPermissionId(permissionGrant.getPermissionName());
            arrayList.add(permissionId);
            authorizationManager.assignPermToPrincipalForRes(permissionGrant.getRefprinid(), permissionGrant.getResourceid(), arrayList);
            PermissionGrantImpl permissionGrantImpl = new PermissionGrantImpl(permissionGrant.getRefprinid(), permissionGrant.getResourceid(), permissionGrant.getPermissionName());
            permissionGrantImpl.setRefpermid(permissionId);
            return permissionGrantImpl;
        } catch (DSCAuthorizationException e) {
            throw e;
        } catch (Exception e2) {
            throw new DSCRuntimeException(e2);
        }
    }

    @Override // com.adobe.idp.dsc.registry.security.SecurityProfileManager
    public void deletePermissionGrant(PermissionGrant permissionGrant) throws PermissionGrantNotFoundException {
        ArrayList arrayList = new ArrayList(1);
        try {
            checkPermission(DSCUMConstants.DSC_SYS_SERVICE_SET_SECURITY);
            AuthorizationManager authorizationManager = UMFactory.getLocalInstance().getAuthorizationManager(UMLocalUtils.getSystemContext());
            arrayList.add(permissionGrant.getRefpermid());
            authorizationManager.deletePermsForPrincipalForRes(permissionGrant.getRefprinid(), permissionGrant.getResourceid(), arrayList);
        } catch (DSCAuthorizationException e) {
            throw e;
        } catch (Exception e2) {
            throw new PermissionGrantNotFoundException(permissionGrant.getPermissionName());
        }
    }

    @Override // com.adobe.idp.dsc.registry.security.SecurityProfileManager
    public PermissionGrant getPermissionGrant(PermissionGrant permissionGrant) throws PermissionGrantNotFoundException {
        try {
            String permissionId = getPermissionId(permissionGrant.getPermissionName());
            POFObjectManager pOFObjectManager = StoreUtils.getInstance().getPOFObjectManager();
            POFQuery newQuery = pOFObjectManager.newQuery("user manager", "priresprmentity");
            newQuery.addFilter("resourceid", 0, permissionGrant.getResourceid());
            newQuery.addFilter("refpermid", 0, permissionId);
            newQuery.addFilter("refprinid", 0, permissionGrant.getRefprinid());
            POFObjectSet retrieveObjectSet = pOFObjectManager.retrieveObjectSet(newQuery);
            if (!retrieveObjectSet.next()) {
                return null;
            }
            BOIPrincipalResourcePermEntity bOIObject = retrieveObjectSet.getBOIObject();
            PermissionGrantImpl permissionGrantImpl = new PermissionGrantImpl(bOIObject.getRefprinid(), bOIObject.getResourceid(), permissionGrant.getPermissionName());
            permissionGrantImpl.setRefpermid(bOIObject.getRefpermid());
            permissionGrantImpl.setId(bOIObject.getId());
            return permissionGrantImpl;
        } catch (POFException e) {
            throw new DSCRuntimeException((Throwable) e);
        }
    }

    @Override // com.adobe.idp.dsc.registry.security.SecurityProfileManager
    public List getPermissionGrantsForService(Service service) {
        ArrayList arrayList = new ArrayList(0);
        try {
            POFObjectManager pOFObjectManager = StoreUtils.getInstance().getPOFObjectManager();
            POFQuery newQuery = pOFObjectManager.newQuery("user manager", "priresprmentity");
            newQuery.addFilter("resourceid", 0, service.getUuid());
            newQuery.addInnerJoin("perm", "priresprmentity_refpermid_prmentity");
            POFObjectSet retrieveObjectSet = pOFObjectManager.retrieveObjectSet(newQuery);
            while (retrieveObjectSet.next()) {
                BOIPrincipalResourcePermEntity bOIObject = retrieveObjectSet.getBOIObject();
                BOIPermissionEntity bOIObject2 = retrieveObjectSet.getBOIObject("perm");
                if (TextUtil.contains(PERM_NAMES, bOIObject2.getPermname())) {
                    PermissionGrantImpl permissionGrantImpl = new PermissionGrantImpl(bOIObject.getRefprinid(), bOIObject.getResourceid(), bOIObject2.getPermname());
                    permissionGrantImpl.setRefpermid(bOIObject.getRefpermid());
                    permissionGrantImpl.setId(bOIObject.getId());
                    arrayList.add(permissionGrantImpl);
                }
            }
            return arrayList;
        } catch (POFException e) {
            throw new DSCRuntimeException((Throwable) e);
        }
    }

    @Override // com.adobe.idp.dsc.registry.security.SecurityProfileManager
    public List getPermissionGrantsForServiceId(String str) {
        ArrayList arrayList = new ArrayList(0);
        try {
            Service service = DSContainer.getInstance().getInternalServiceRegistry().getService(str);
            POFObjectManager pOFObjectManager = StoreUtils.getInstance().getPOFObjectManager();
            POFQuery newQuery = pOFObjectManager.newQuery("user manager", "priresprmentity");
            newQuery.addFilter("resourceid", 0, service.getUuid());
            newQuery.addInnerJoin("perm", "priresprmentity_refpermid_prmentity");
            POFObjectSet retrieveObjectSet = pOFObjectManager.retrieveObjectSet(newQuery);
            while (retrieveObjectSet.next()) {
                BOIPrincipalResourcePermEntity bOIObject = retrieveObjectSet.getBOIObject();
                BOIPermissionEntity bOIObject2 = retrieveObjectSet.getBOIObject("perm");
                if (TextUtil.contains(PERM_NAMES, bOIObject2.getPermname())) {
                    PermissionGrantImpl permissionGrantImpl = new PermissionGrantImpl(bOIObject.getRefprinid(), bOIObject.getResourceid(), bOIObject2.getPermname());
                    permissionGrantImpl.setRefpermid(bOIObject.getRefpermid());
                    permissionGrantImpl.setId(bOIObject.getId());
                    arrayList.add(permissionGrantImpl);
                }
            }
            return arrayList;
        } catch (Exception e) {
            throw new DSCRuntimeException(e);
        }
    }

    @Override // com.adobe.idp.dsc.registry.security.SecurityProfileManager
    public List getPermissionNames() {
        ArrayList arrayList = new ArrayList(0);
        short s = 0;
        while (true) {
            short s2 = s;
            if (s2 >= PERM_NAMES.length) {
                return arrayList;
            }
            arrayList.add(PERM_NAMES[s2]);
            s = (short) (s2 + 1);
        }
    }

    @Override // com.adobe.idp.dsc.registry.security.SecurityProfileManager
    public String getPermissionId(String str) {
        loadPermissions();
        return (String) m_permsMap.get(str);
    }

    private String findSystemPermissionId(String str) {
        loadPermissions();
        return (String) m_sysPermsMap.get(str);
    }

    private static void loadPermissions() {
        try {
            if (m_permsMap.isEmpty()) {
                Context systemContext = UMLocalUtils.getSystemContext();
                UMFactory localInstance = UMFactory.getLocalInstance();
                AuthorizationManager authorizationManager = localInstance.getAuthorizationManager(systemContext);
                localInstance.getDirectoryManager(systemContext);
                loadSystemPermissions(authorizationManager);
                ResourceTypeSearchFilter resourceTypeSearchFilter = new ResourceTypeSearchFilter();
                resourceTypeSearchFilter.setSpecificResourceTypeName("SERVICE");
                resourceTypeSearchFilter.setResultsMax(5);
                resourceTypeSearchFilter.setSort(ResourceTypeSearchFilter.SORT_ResourceTypeName, true);
                resourceTypeSearchFilter.setResultsOffset(0);
                m_ResourceID = ((ResourceType) authorizationManager.getResourceType(resourceTypeSearchFilter).get(0)).getOid();
                new ArrayList();
                for (Permission permission : authorizationManager.getPermissions(m_ResourceID)) {
                    String name = permission.getName();
                    if (TextUtil.contains(PERM_NAMES, name)) {
                        m_permsMap.put(name, permission.getOid());
                    }
                }
            }
        } catch (Exception e) {
            throw new DSCRuntimeException(e);
        }
    }

    private static void loadSystemPermissions(AuthorizationManager authorizationManager) {
        try {
            if (m_sysPermsMap.isEmpty()) {
                ResourceTypeSearchFilter resourceTypeSearchFilter = new ResourceTypeSearchFilter();
                resourceTypeSearchFilter.setSpecificResourceTypeName("DSC");
                resourceTypeSearchFilter.setResultsMax(5);
                resourceTypeSearchFilter.setSort(ResourceTypeSearchFilter.SORT_ResourceTypeName, true);
                resourceTypeSearchFilter.setResultsOffset(0);
                m_sysResourceID = ((ResourceType) authorizationManager.getResourceType(resourceTypeSearchFilter).get(0)).getOid();
                new ArrayList();
                for (Permission permission : authorizationManager.getPermissions(m_sysResourceID)) {
                    String name = permission.getName();
                    if (TextUtil.contains(DSCUMConstants.SYSTEM_PERM_NAMES, name)) {
                        m_sysPermsMap.put(name, permission.getOid());
                    }
                }
            }
        } catch (Exception e) {
            throw new DSCRuntimeException(e);
        }
    }

    @Override // com.adobe.idp.dsc.registry.security.SecurityProfileManager
    public boolean hasSystemPermission(String str, String str2) {
        try {
            return contextHasSystemPermission(InvocationContext.getInstance().getContext(), str, str2);
        } catch (Exception e) {
            throw new DSCAuthorizationException(e);
        }
    }

    @Override // com.adobe.idp.dsc.registry.security.SecurityProfileManager
    public boolean hasPermission(String str, String str2, String str3) {
        try {
            return contextHasPermission(InvocationContext.getInstance().getContext(), str, str2, str3);
        } catch (Exception e) {
            throw new DSCAuthorizationException(e);
        }
    }

    public void checkPermission(String str) throws DSCAuthorizationException {
        checkPermission(str, null, null, null);
    }

    public void checkPermission(String str, String str2, String str3, String str4) throws DSCAuthorizationException {
        InvocationContext invocationContext = InvocationContext.getInstance();
        if (invocationContext != null) {
            Context context = invocationContext.getContext();
            if (context == null) {
                throw new DSCAuthorizationException(str);
            }
            if (UMLocalUtils.isSystemContext(context)) {
                return;
            }
            User authenticatedUser = context.getAuthenticatedUser();
            if (hasSystemPermission(authenticatedUser.getOid(), str)) {
                return;
            }
            if (str3 == null || str3.length() == 0 || str4 == null || str4.length() == 0) {
                throw new DSCAuthorizationException(str);
            }
            if (!hasPermission(authenticatedUser.getOid(), str3, str4)) {
                throw new DSCAuthorizationException(str);
            }
        }
    }

    @Override // com.adobe.idp.dsc.registry.security.SecurityProfileManagerInternal
    public boolean contextHasPermission(Context context, String str, String str2, String str3) {
        try {
            AuthorizationManager authorizationManager = UMFactory.getLocalInstance().getAuthorizationManager(context);
            loadPermissions();
            return authorizationManager.hasPermission(str, str2, getPermissionId(str3)).hasPermission();
        } catch (Exception e) {
            throw new DSCAuthorizationException(e);
        }
    }

    @Override // com.adobe.idp.dsc.registry.security.SecurityProfileManagerInternal
    public boolean contextHasSystemPermission(Context context, String str, String str2) {
        try {
            AuthorizationManager authorizationManager = UMFactory.getLocalInstance().getAuthorizationManager(context);
            loadPermissions();
            return authorizationManager.hasPermission(str, m_sysResourceID, findSystemPermissionId(str2)).hasPermission();
        } catch (Exception e) {
            throw new DSCAuthorizationException(e);
        }
    }
}
