package net.sf.jguard.ext.authorization.manager;

import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.Stack;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import net.sf.jguard.core.authorization.permissions.Domain;
import net.sf.jguard.core.authorization.permissions.JGNegativePermissionCollection;
import net.sf.jguard.core.authorization.permissions.JGPermissionCollection;
import net.sf.jguard.core.authorization.permissions.JGPositivePermissionCollection;
import net.sf.jguard.core.authorization.permissions.NoSuchPermissionException;
import net.sf.jguard.core.authorization.permissions.PermissionUtils;
import net.sf.jguard.core.principals.RolePrincipal;
import net.sf.jguard.core.principals.UserPrincipal;
import net.sf.jguard.ext.SecurityConstants;
import net.sf.jguard.ext.authorization.AuthorizationException;
import net.sf.jguard.ext.principals.PrincipalUtils;

/* loaded from: input_file:net/sf/jguard/ext/authorization/manager/AbstractAuthorizationManager.class */
public abstract class AbstractAuthorizationManager implements AuthorizationManager {
    private static final Logger logger;
    protected String applicationName = null;
    protected Map principals = new HashMap();
    protected Set principalsSet = new TreeSet();
    protected Map domains = new HashMap();
    protected static Set domainsSet;
    protected JGPermissionCollection urlp;
    protected Map permissions;
    protected Set permissionsSet;
    protected Map domainsPermissions;
    protected Map hierarchyMap;
    protected Map options;
    private boolean negativePermissions;
    static Class class$net$sf$jguard$ext$authorization$manager$AbstractAuthorizationManager;
    static Class class$net$sf$jguard$core$principals$RolePrincipal;

    public AbstractAuthorizationManager() {
        domainsSet = new TreeSet();
        this.permissions = new HashMap();
        this.permissionsSet = new HashSet();
        this.domainsPermissions = new HashMap();
        this.hierarchyMap = new HashMap();
        this.urlp = null;
    }

    public void setApplicationName(String str) {
        this.applicationName = str;
        Iterator it = this.principalsSet.iterator();
        while (it.hasNext()) {
            ((RolePrincipal) it.next()).setApplicationName(str);
        }
        Iterator it2 = this.principals.values().iterator();
        while (it2.hasNext()) {
            ((RolePrincipal) it2.next()).setApplicationName(str);
        }
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public Set getDomains(Collection collection) {
        HashSet hashSet = new HashSet();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add((JGPermissionCollection) this.domains.get(it.next()));
        }
        return hashSet;
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public Set getPermissions(Collection collection) {
        HashSet hashSet = new HashSet();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            try {
                hashSet.add(this.urlp.getPermission(str));
            } catch (NoSuchPermissionException e) {
                logger.finest(new StringBuffer().append(" permission ").append(str).append(" not found in JGPermissionCollection ").toString());
            }
        }
        return hashSet;
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public void init(Map map) {
        String str = (String) map.get(SecurityConstants.NEGATIVE_PERMISSIONS);
        if (str == null || !str.equalsIgnoreCase("true")) {
            this.urlp = new JGPositivePermissionCollection();
            this.negativePermissions = false;
        } else {
            this.urlp = new JGNegativePermissionCollection();
            this.negativePermissions = true;
        }
    }

    public void refresh() {
        init(this.options);
    }

    public PermissionCollection getPermissionCollection(Set set, ProtectionDomain protectionDomain) {
        if (logger.isLoggable(Level.FINEST)) {
            logger.finest(new StringBuffer().append(" user has got ").append(set.size()).append(" principals ").append(set.toString()).toString());
        }
        JGPositivePermissionCollection jGPositivePermissionCollection = !this.negativePermissions ? new JGPositivePermissionCollection() : new JGNegativePermissionCollection();
        UserPrincipal userPrincipal = null;
        Iterator it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Principal principal = (Principal) it.next();
            if (principal instanceof UserPrincipal) {
                userPrincipal = (UserPrincipal) principal;
                break;
            }
        }
        Iterator it2 = set.iterator();
        while (it2.hasNext()) {
            RolePrincipal rolePrincipal = (Principal) it2.next();
            if (rolePrincipal instanceof RolePrincipal) {
                RolePrincipal rolePrincipal2 = rolePrincipal;
                if (PermissionUtils.evaluatePrincipal(rolePrincipal2, userPrincipal)) {
                    if (logger.isLoggable(Level.FINEST)) {
                        logger.finest(new StringBuffer().append("getPermissionCollection() -  user's principal name=").append(rolePrincipal2.getLocalName()).toString());
                        logger.finest(new StringBuffer().append("getPermissionCollection() -  user's principal applicationName=").append(rolePrincipal2.getApplicationName()).toString());
                    }
                    Iterator it3 = this.principalsSet.iterator();
                    while (true) {
                        if (it3.hasNext()) {
                            RolePrincipal rolePrincipal3 = (RolePrincipal) it3.next();
                            if (logger.isLoggable(Level.FINEST)) {
                                logger.finest(new StringBuffer().append("getPermissionCollection() -  system's principal name=").append(rolePrincipal3.getLocalName()).toString());
                                logger.finest(new StringBuffer().append("getPermissionCollection() -  system's principal applicationName=").append(this.applicationName).toString());
                            }
                            if (rolePrincipal3.equals(rolePrincipal2)) {
                                if (logger.isLoggable(Level.FINEST)) {
                                    logger.finest(new StringBuffer().append("getPermissionCollection() -  principal name=").append(rolePrincipal2.getLocalName()).append(" is declared in this application ").toString());
                                }
                                jGPositivePermissionCollection.addAll(rolePrincipal3.getAllPermissions());
                                Set allPermissions = rolePrincipal3.getAllPermissions();
                                if (logger.isLoggable(Level.FINEST)) {
                                    logger.finest(new StringBuffer().append("getPermissionCollection() -  permissions granted are :").append(allPermissions.toString()).toString());
                                }
                            }
                        }
                    }
                }
            }
        }
        if (logger.isLoggable(Level.FINEST)) {
            logger.finest(new StringBuffer().append(" user has got ").append(jGPositivePermissionCollection.size()).append(" permissions: \n").append(jGPositivePermissionCollection).toString());
        }
        JGPermissionCollection evaluatePermissionCollection = PermissionUtils.evaluatePermissionCollection(protectionDomain, jGPositivePermissionCollection);
        jGPositivePermissionCollection.clear();
        jGPositivePermissionCollection.addAll(evaluatePermissionCollection);
        return jGPositivePermissionCollection;
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public Principal clonePrincipal(String str) throws AuthorizationException {
        return clonePrincipal(str, new StringBuffer().append(str).append(new Random().nextInt(99999)).toString());
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public Principal clonePrincipal(String str, String str2) throws AuthorizationException {
        RolePrincipal principal;
        String name = RolePrincipal.getName(str2, this.applicationName);
        RolePrincipal rolePrincipal = (Principal) this.principals.get(str);
        if (rolePrincipal instanceof RolePrincipal) {
            principal = (RolePrincipal) rolePrincipal.clone();
            principal.setName(name);
        } else {
            principal = PrincipalUtils.getPrincipal(rolePrincipal.getClass().getName(), name);
        }
        createPrincipal(principal);
        return principal;
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public Set listDomains() throws AuthorizationException {
        return domainsSet;
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public Permission readPermission(String str) throws AuthorizationException {
        try {
            return this.urlp.getPermission(str);
        } catch (NoSuchPermissionException e) {
            throw new AuthorizationException(new StringBuffer().append(" permission ").append(str).append(" not found ").toString());
        }
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public JGPermissionCollection readDomain(String str) throws AuthorizationException {
        JGPermissionCollection jGPermissionCollection = (JGPermissionCollection) this.domains.get(str);
        if (jGPermissionCollection == null) {
            throw new AuthorizationException(new StringBuffer().append(" domain with name=").append(str).append(" is not found").toString());
        }
        return jGPermissionCollection;
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public Principal readPrincipal(String str) throws AuthorizationException {
        Principal principal = (Principal) this.principals.get(str);
        if (principal == null) {
            throw new AuthorizationException(new StringBuffer().append(" principal with name=").append(str).append(" is not found").toString());
        }
        return principal;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updatePrincipals(Domain domain) {
        for (RolePrincipal rolePrincipal : this.principalsSet) {
            if (rolePrincipal.getDomains().contains(domain)) {
                rolePrincipal.removeDomain(domain);
                rolePrincipal.addDomain(domain);
                domainsSet.remove(domain);
                domainsSet.add(domain);
                this.domains.remove(domain.getName());
                this.domains.put(domain.getName(), domain);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updatePrincipals(Permission permission) {
        for (RolePrincipal rolePrincipal : this.principalsSet) {
            Domain domain = getDomain(permission);
            if (rolePrincipal.getDomains().contains(domain)) {
                rolePrincipal.removeDomain(domain);
                rolePrincipal.addDomain(domain);
                domainsSet.remove(domain);
                domainsSet.add(domain);
                this.domains.remove(domain.getName());
                this.domains.put(domain.getName(), domain);
            } else if (rolePrincipal.getOrphanedPermissions().contains(permission)) {
                rolePrincipal.getOrphanedPermissions().remove(permission);
                rolePrincipal.getOrphanedPermissions().add(permission);
                rolePrincipal.getPermissions().remove(permission);
                rolePrincipal.getPermissions().add(permission);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updatePrincipals(JGPermissionCollection jGPermissionCollection, String str) {
        Domain domain = new Domain(str);
        for (RolePrincipal rolePrincipal : this.principalsSet) {
            if (rolePrincipal.getDomains().contains(domain)) {
                rolePrincipal.removeDomain(domain);
                rolePrincipal.addDomain(jGPermissionCollection);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeDomainFromPrincipals(String str) {
        Domain domain = new Domain(str);
        for (RolePrincipal rolePrincipal : this.principalsSet) {
            if (rolePrincipal.getDomains().contains(domain)) {
                rolePrincipal.removeDomain(domain);
                this.domains.remove(domain);
                domainsSet.remove(domain);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removePermissionFromPrincipals(String str) {
        Permission permission = (Permission) this.permissions.get(str);
        for (RolePrincipal rolePrincipal : this.principalsSet) {
            if (rolePrincipal.getOrphanedPermissions().contains(permission)) {
                rolePrincipal.getOrphanedPermissions().remove(permission);
                rolePrincipal.getPermissions().remove(permission);
                logger.finest(new StringBuffer().append("removePermissionFromPrincipals: ").append(permission).toString());
            } else if (rolePrincipal.getPermissionsFromDomains().contains(permission)) {
                rolePrincipal.getPermissionsFromDomains().remove(permission);
                rolePrincipal.getPermissions().remove(permission);
                logger.finest(new StringBuffer().append("removePermissionFromPrincipals: ").append(permission).toString());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Domain getDomain(Permission permission) {
        for (Domain domain : domainsSet) {
            if (domain.containsPermission(permission)) {
                return domain;
            }
        }
        return null;
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public void addToPrincipal(String str, Permission permission) throws AuthorizationException {
        RolePrincipal rolePrincipal = (RolePrincipal) this.principals.get(str);
        if (rolePrincipal == null) {
            throw new SecurityException(new StringBuffer().append(" Principal/role ").append(str).append(" does not exists ").toString());
        }
        if (!this.permissionsSet.contains(permission)) {
            this.permissionsSet.add(permission);
            this.permissions.put(permission.getName(), permission);
            createDomain(permission.getName());
            createPermission(permission, permission.getName());
        }
        rolePrincipal.addPermission(permission);
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public void addToPrincipal(String str, Domain domain) throws AuthorizationException {
        RolePrincipal rolePrincipal = (RolePrincipal) this.principals.get(str);
        if (rolePrincipal == null) {
            throw new SecurityException(new StringBuffer().append(" Principal/role ").append(str).append(" does not exists ").toString());
        }
        if (domainsSet.contains(domain)) {
            domainsSet.add(domain);
            this.domains.put(domain.getName(), domain);
            createDomain(domain.getName());
        }
        rolePrincipal.addDomain(domain);
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public void addInheritance(String str, String str2) throws AuthorizationException {
        Class cls;
        Class cls2;
        Principal principal = (Principal) this.principals.get(str);
        RolePrincipal rolePrincipal = (Principal) this.principals.get(str2);
        if (str.equals(str2)) {
            logger.severe("ascendant and descendant cannot be the same principal ");
            throw new AuthorizationException("ascendant and descendant cannot be the same principal ");
        }
        if (principal == null) {
            logger.severe(new StringBuffer().append("Role ").append(str).append(" not found!").toString());
            throw new AuthorizationException(new StringBuffer().append("Role ").append(str).append(" not found!").toString());
        }
        if (rolePrincipal == null) {
            logger.severe(new StringBuffer().append("Role ").append(str2).append(" not found!").toString());
            throw new AuthorizationException(new StringBuffer().append("Role ").append(str2).append(" not found!").toString());
        }
        if (class$net$sf$jguard$core$principals$RolePrincipal == null) {
            cls = class$("net.sf.jguard.core.principals.RolePrincipal");
            class$net$sf$jguard$core$principals$RolePrincipal = cls;
        } else {
            cls = class$net$sf$jguard$core$principals$RolePrincipal;
        }
        if (cls.isAssignableFrom(principal.getClass())) {
            if (class$net$sf$jguard$core$principals$RolePrincipal == null) {
                cls2 = class$("net.sf.jguard.core.principals.RolePrincipal");
                class$net$sf$jguard$core$principals$RolePrincipal = cls2;
            } else {
                cls2 = class$net$sf$jguard$core$principals$RolePrincipal;
            }
            if (cls2.isAssignableFrom(rolePrincipal.getClass())) {
                Iterator it = ((RolePrincipal) principal).getDescendants().iterator();
                while (it.hasNext()) {
                    if (rolePrincipal.equals(it.next())) {
                        logger.severe(new StringBuffer().append("Role ").append(str).append(" is immediate ascendant of role ").append(str2).append("!").toString());
                        throw new AuthorizationException(new StringBuffer().append("Role ").append(str).append(" is immediate ascendant of role ").append(str2).append("!").toString());
                    }
                }
                Stack stack = new Stack();
                Stack stack2 = new Stack();
                stack.addAll(rolePrincipal.getDescendants());
                while (!stack.isEmpty()) {
                    RolePrincipal rolePrincipal2 = (RolePrincipal) stack.pop();
                    if (principal.equals(rolePrincipal2)) {
                        logger.severe(new StringBuffer().append("Role ").append(str).append(" cannot inherit role ").append(str2).append(" because ").append(str2).append(" inherit ").append(str).toString());
                        throw new AuthorizationException(new StringBuffer().append("Role ").append(str).append(" cannot inherit role ").append(str2).append(" because ").append(str2).append(" inherit ").append(str).toString());
                    }
                    stack2.addAll(rolePrincipal2.getDescendants());
                    if (stack.isEmpty()) {
                        stack.addAll(stack2);
                        stack2.clear();
                    }
                }
                ((RolePrincipal) principal).getDescendants().add(rolePrincipal);
                updatePrincipal((RolePrincipal) principal);
                return;
            }
        }
        throw new AuthorizationException(new StringBuffer().append(" role inheritance is only supported by RolePrincipal \n roleAsc class=").append(principal.getClass().getName()).append(" \n roleDesc class=").append(rolePrincipal.getClass().getName()).toString());
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public void deleteInheritance(String str, String str2) throws AuthorizationException {
        RolePrincipal rolePrincipal = (RolePrincipal) this.principals.get(str);
        rolePrincipal.getDescendants().remove(this.principals.get(str2));
        updatePrincipal(rolePrincipal);
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public void updatePrincipal(Principal principal) throws AuthorizationException {
        deletePrincipal(principal);
        createPrincipal(principal);
        logger.finest(new StringBuffer().append(" updated principal=").append(principal).toString());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assemblyHierarchy() {
        for (String str : this.hierarchyMap.keySet()) {
            RolePrincipal rolePrincipal = (RolePrincipal) this.principals.get(str);
            for (RolePrincipal rolePrincipal2 : (List) this.hierarchyMap.get(str)) {
                rolePrincipal.getDescendants().add(rolePrincipal2);
                logger.finest(new StringBuffer().append("Role ").append(str).append(" inherits from role ").append(rolePrincipal2.getLocalName()).toString());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void deleteReferenceInHierarchy(RolePrincipal rolePrincipal) {
        String localName = rolePrincipal.getLocalName();
        for (String str : this.hierarchyMap.keySet()) {
            if (localName.equals(str)) {
                this.hierarchyMap.remove(str);
            } else {
                ((List) this.hierarchyMap.get(str)).remove(rolePrincipal);
            }
        }
        Iterator it = this.principals.values().iterator();
        while (it.hasNext()) {
            ((RolePrincipal) it.next()).getDescendants().remove(rolePrincipal);
        }
        Iterator it2 = this.principalsSet.iterator();
        while (it2.hasNext()) {
            ((RolePrincipal) it2.next()).getDescendants().remove(rolePrincipal);
        }
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public Set listPrincipals() {
        return this.principalsSet;
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public JGPermissionCollection listPermissions() {
        return new JGPositivePermissionCollection(this.permissionsSet);
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public void importAuthorizationManager(AuthorizationManager authorizationManager) throws AuthorizationException {
        if (authorizationManager.isEmpty()) {
            logger.warning(" authManager to import is empty ");
            return;
        }
        for (Domain domain : authorizationManager.getDomainsSet()) {
            createDomain(domain.getName());
            Iterator it = domain.getPermissions().iterator();
            while (it.hasNext()) {
                createPermission((Permission) it.next(), domain.getName());
            }
        }
        Set<RolePrincipal> principalsSet = authorizationManager.getPrincipalsSet();
        Iterator it2 = principalsSet.iterator();
        while (it2.hasNext()) {
            createPrincipal((Principal) it2.next());
        }
        for (RolePrincipal rolePrincipal : principalsSet) {
            if (rolePrincipal instanceof RolePrincipal) {
                Iterator it3 = rolePrincipal.getDescendants().iterator();
                while (it3.hasNext()) {
                    addInheritance(getLocalName(rolePrincipal), getLocalName((RolePrincipal) it3.next()));
                }
            }
        }
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public final Set getDomainsSet() {
        return Collections.unmodifiableSet(domainsSet);
    }

    public final Map getDomains() {
        return Collections.unmodifiableMap(this.domains);
    }

    public final Map getDomainsPermissions() {
        return Collections.unmodifiableMap(this.domainsPermissions);
    }

    public final Map getHierarchyMap() {
        return Collections.unmodifiableMap(this.hierarchyMap);
    }

    public final Map getPermissions() {
        return Collections.unmodifiableMap(this.permissions);
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public final Set getPermissionsSet() {
        return Collections.unmodifiableSet(this.permissionsSet);
    }

    public final Map getPrincipals() {
        return Collections.unmodifiableMap(this.principals);
    }

    @Override // net.sf.jguard.ext.authorization.manager.AuthorizationManager
    public final Set getPrincipalsSet() {
        return Collections.unmodifiableSet(this.principalsSet);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getLocalName(Principal principal) {
        return principal instanceof RolePrincipal ? ((RolePrincipal) principal).getLocalName() : principal.getName();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$net$sf$jguard$ext$authorization$manager$AbstractAuthorizationManager == null) {
            cls = class$("net.sf.jguard.ext.authorization.manager.AbstractAuthorizationManager");
            class$net$sf$jguard$ext$authorization$manager$AbstractAuthorizationManager = cls;
        } else {
            cls = class$net$sf$jguard$ext$authorization$manager$AbstractAuthorizationManager;
        }
        logger = Logger.getLogger(cls.getName());
    }
}
