package net.sf.jguard.ext.authorization.manager;

import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.util.Arrays;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.Stack;
import java.util.TreeSet;
import net.sf.ehcache.CacheException;
import net.sf.jguard.core.authorization.manager.AuthorizationManager;
import net.sf.jguard.core.authorization.manager.AuthorizationManagerException;
import net.sf.jguard.core.authorization.manager.JGuardAuthorizationManagerMarkups;
import net.sf.jguard.core.authorization.permissions.Domain;
import net.sf.jguard.core.authorization.permissions.JGNegativePermissionCollection;
import net.sf.jguard.core.authorization.permissions.JGPermissionCollection;
import net.sf.jguard.core.authorization.permissions.JGPositivePermissionCollection;
import net.sf.jguard.core.authorization.permissions.NoSuchPermissionException;
import net.sf.jguard.core.authorization.permissions.PermissionUtils;
import net.sf.jguard.core.authorization.policy.ProtectionDomainUtils;
import net.sf.jguard.core.principals.PrincipalUtils;
import net.sf.jguard.core.principals.RolePrincipal;
import net.sf.jguard.core.principals.UserPrincipal;
import net.sf.jguard.ext.SecurityConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/sf/jguard/ext/authorization/manager/AbstractAuthorizationManager.class */
abstract class AbstractAuthorizationManager implements AuthorizationManager {
    private static final Logger logger = LoggerFactory.getLogger(AbstractAuthorizationManager.class.getName());
    private String applicationName = null;
    protected Map<String, Principal> principals = new HashMap();
    protected Set<Principal> principalsSet = new TreeSet();
    protected Map<String, Domain> domains = new HashMap();
    protected static Set<Domain> domainsSet;
    protected JGPermissionCollection urlp;
    protected Map<String, Permission> permissions;
    protected Set<Permission> permissionsSet;
    protected Map<String, Set<Permission>> domainsPermissions;
    protected Map<String, List<Principal>> hierarchyMap;
    protected Map options;
    private boolean negativePermissions;
    protected Permissions alwaysGrantedPermissions;
    private static final int SALT = 99999;
    private static final String TRUE = "true";

    public AbstractAuthorizationManager(Map<String, String> map) {
        this.alwaysGrantedPermissions = null;
        domainsSet = new TreeSet();
        this.permissions = new HashMap();
        this.permissionsSet = new HashSet();
        this.domainsPermissions = new HashMap();
        this.hierarchyMap = new HashMap();
        this.alwaysGrantedPermissions = new Permissions();
        String str = map.get(SecurityConstants.NEGATIVE_PERMISSIONS);
        if (str == null || !str.equalsIgnoreCase(TRUE)) {
            this.urlp = new JGPositivePermissionCollection();
            this.negativePermissions = false;
        } else {
            this.urlp = new JGNegativePermissionCollection();
            this.negativePermissions = true;
        }
        if (!TRUE.equals(map.get(JGuardAuthorizationManagerMarkups.AUTHORIZATION_PERMISSION_RESOLUTION_CACHING.getLabel()))) {
            PermissionUtils.setCachesEnabled(false);
            return;
        }
        try {
            PermissionUtils.createCaches();
            PermissionUtils.setCachesEnabled(true);
        } catch (CacheException e) {
            logger.warn("Failed to activate permission resolution caching : " + e.getMessage(), e);
            PermissionUtils.setCachesEnabled(false);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setApplicationName(String str) {
        this.applicationName = str;
        Iterator<Principal> it = this.principalsSet.iterator();
        while (it.hasNext()) {
            ((Principal) it.next()).setApplicationName(str);
        }
        Iterator<Principal> it2 = this.principals.values().iterator();
        while (it2.hasNext()) {
            ((Principal) it2.next()).setApplicationName(str);
        }
    }

    public Set<JGPermissionCollection> getDomains(Collection<String> collection) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(this.domains.get(it.next()));
        }
        return hashSet;
    }

    public Set<Permission> getPermissions(Collection collection) {
        HashSet hashSet = new HashSet();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            try {
                hashSet.add(this.urlp.getPermission(str));
            } catch (NoSuchPermissionException e) {
                logger.debug(" permission " + str + " not found in JGPermissionCollection ");
            }
        }
        return hashSet;
    }

    public abstract void refresh();

    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        HashSet<RolePrincipal> hashSet = new HashSet(Arrays.asList(protectionDomain.getPrincipals()));
        UserPrincipal userPrincipal = ProtectionDomainUtils.getUserPrincipal(protectionDomain);
        JGPositivePermissionCollection jGPositivePermissionCollection = !this.negativePermissions ? new JGPositivePermissionCollection() : new JGNegativePermissionCollection();
        for (RolePrincipal rolePrincipal : hashSet) {
            if (rolePrincipal instanceof RolePrincipal) {
                RolePrincipal rolePrincipal2 = rolePrincipal;
                if (PrincipalUtils.evaluatePrincipal(rolePrincipal2, userPrincipal)) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("  user's principal name=" + rolePrincipal2.getLocalName());
                        logger.debug(" user's principal applicationName=" + rolePrincipal2.getApplicationName());
                    }
                    Iterator<Principal> it = this.principalsSet.iterator();
                    while (true) {
                        if (it.hasNext()) {
                            RolePrincipal next = it.next();
                            if (logger.isDebugEnabled()) {
                                logger.debug("system's principal name=" + next.getLocalName());
                                logger.debug("system's principal applicationName=" + this.applicationName);
                            }
                            if (next.equals(rolePrincipal2)) {
                                if (logger.isDebugEnabled()) {
                                    logger.debug("principal name=" + rolePrincipal2.getLocalName() + " is declared in this application ");
                                }
                                jGPositivePermissionCollection.addAll(next.getAllPermissions());
                                Set allPermissions = next.getAllPermissions();
                                if (logger.isDebugEnabled()) {
                                    logger.debug("permissions granted are :" + allPermissions.toString());
                                }
                            }
                        }
                    }
                }
            }
        }
        if (protectionDomain.getPermissions() != null) {
            jGPositivePermissionCollection.addAll(protectionDomain.getPermissions());
        }
        if (logger.isDebugEnabled()) {
            logger.debug(" user has got " + jGPositivePermissionCollection.size() + " permissions: \n" + jGPositivePermissionCollection);
        }
        JGPermissionCollection evaluatePermissionCollection = PrincipalUtils.evaluatePermissionCollection(protectionDomain, jGPositivePermissionCollection);
        jGPositivePermissionCollection.clear();
        jGPositivePermissionCollection.addAll(evaluatePermissionCollection);
        return PermissionUtils.mergePermissionCollections(jGPositivePermissionCollection, this.alwaysGrantedPermissions);
    }

    public Principal clonePrincipal(String str) throws AuthorizationManagerException {
        return clonePrincipal(str, str + new Random().nextInt(SALT));
    }

    public Principal clonePrincipal(String str, String str2) throws AuthorizationManagerException {
        String name = RolePrincipal.getName(str2, this.applicationName);
        RolePrincipal rolePrincipal = (Principal) this.principals.get(str);
        RolePrincipal rolePrincipal2 = rolePrincipal instanceof RolePrincipal ? new RolePrincipal(name, rolePrincipal) : PrincipalUtils.getPrincipal(rolePrincipal.getClass().getName(), name);
        createPrincipal(rolePrincipal2);
        return rolePrincipal2;
    }

    public Set<Domain> listDomains() throws AuthorizationManagerException {
        return domainsSet;
    }

    public Permission readPermission(String str) throws AuthorizationManagerException {
        try {
            return this.urlp.getPermission(str);
        } catch (NoSuchPermissionException e) {
            throw new AuthorizationManagerException(" permission " + str + " not found ", e);
        }
    }

    public Domain readDomain(String str) throws AuthorizationManagerException {
        return this.domains.get(str);
    }

    public Principal readPrincipal(String str) throws AuthorizationManagerException {
        return this.principals.get(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updatePrincipals(Domain domain) {
        Iterator<Principal> it = this.principalsSet.iterator();
        while (it.hasNext()) {
            RolePrincipal rolePrincipal = (Principal) it.next();
            if (rolePrincipal.getDomains().contains(domain)) {
                rolePrincipal.removeDomain(domain);
                rolePrincipal.addDomain(domain);
                domainsSet.remove(domain);
                domainsSet.add(domain);
                this.domains.remove(domain.getName());
                this.domains.put(domain.getName(), domain);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updatePrincipals(Permission permission) {
        Iterator<Principal> it = this.principalsSet.iterator();
        while (it.hasNext()) {
            RolePrincipal rolePrincipal = (Principal) it.next();
            Domain domain = getDomain(permission);
            if (rolePrincipal.getDomains().contains(domain)) {
                rolePrincipal.removeDomain(domain);
                rolePrincipal.addDomain(domain);
                domainsSet.remove(domain);
                domainsSet.add(domain);
                this.domains.remove(domain.getName());
                this.domains.put(domain.getName(), domain);
            } else if (rolePrincipal.getOrphanedPermissions().contains(permission)) {
                rolePrincipal.getOrphanedPermissions().remove(permission);
                rolePrincipal.getOrphanedPermissions().add(permission);
                rolePrincipal.getPermissions().remove(permission);
                rolePrincipal.getPermissions().add(permission);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updatePrincipals(JGPermissionCollection jGPermissionCollection, String str) {
        Domain domain = new Domain(str);
        Iterator<Principal> it = this.principalsSet.iterator();
        while (it.hasNext()) {
            RolePrincipal rolePrincipal = (Principal) it.next();
            if (rolePrincipal.getDomains().contains(domain)) {
                rolePrincipal.removeDomain(domain);
                rolePrincipal.addDomain(jGPermissionCollection);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeDomainFromPrincipals(String str) {
        Domain domain = new Domain(str);
        Iterator<Principal> it = this.principalsSet.iterator();
        while (it.hasNext()) {
            RolePrincipal rolePrincipal = (Principal) it.next();
            if (rolePrincipal.getDomains().contains(domain)) {
                rolePrincipal.removeDomain(domain);
                this.domains.remove(domain);
                domainsSet.remove(domain);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removePermissionFromPrincipals(String str) {
        Permission permission = this.permissions.get(str);
        Iterator<Principal> it = this.principalsSet.iterator();
        while (it.hasNext()) {
            RolePrincipal rolePrincipal = (Principal) it.next();
            if (rolePrincipal.getOrphanedPermissions().contains(permission)) {
                rolePrincipal.getOrphanedPermissions().remove(permission);
                rolePrincipal.getPermissions().remove(permission);
                logger.debug("removePermissionFromPrincipals: " + permission);
            } else if (rolePrincipal.getPermissionsFromDomains().contains(permission)) {
                rolePrincipal.getPermissionsFromDomains().remove(permission);
                rolePrincipal.getPermissions().remove(permission);
                logger.debug("removePermissionFromPrincipals: " + permission);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Domain getDomain(Permission permission) {
        for (Domain domain : domainsSet) {
            if (domain.containsPermission(permission)) {
                return domain;
            }
        }
        throw new IllegalArgumentException("permission " + permission + " is not contained by any domain");
    }

    public void addToPrincipal(String str, Permission permission) throws AuthorizationManagerException {
        RolePrincipal rolePrincipal = this.principals.get(str);
        if (rolePrincipal == null) {
            throw new SecurityException(" Principal/role " + str + " does not exists ");
        }
        if (!this.permissionsSet.contains(permission)) {
            this.permissionsSet.add(permission);
            this.permissions.put(permission.getName(), permission);
            createDomain(permission.getName());
            createPermission(permission, permission.getName());
        }
        rolePrincipal.addPermission(permission);
    }

    public void addToPrincipal(String str, Domain domain) throws AuthorizationManagerException {
        RolePrincipal rolePrincipal = this.principals.get(str);
        if (rolePrincipal == null) {
            throw new SecurityException(" Principal/role " + str + " does not exists ");
        }
        if (!domainsSet.contains(domain)) {
            domainsSet.add(domain);
            this.domains.put(domain.getName(), domain);
            createDomain(domain.getName());
        }
        rolePrincipal.addDomain(domain);
    }

    public void addInheritance(String str, String str2) throws AuthorizationManagerException {
        RolePrincipal rolePrincipal = this.principals.get(str);
        RolePrincipal rolePrincipal2 = this.principals.get(str2);
        if (str.equals(str2)) {
            logger.error("ascendant and descendant cannot be the same principal ");
            throw new AuthorizationManagerException("ascendant and descendant cannot be the same principal ");
        }
        if (rolePrincipal == null) {
            logger.error("Role " + str + " not found!");
            throw new AuthorizationManagerException("Role " + str + " not found!");
        }
        if (rolePrincipal2 == null) {
            logger.error("Role " + str2 + " not found!");
            throw new AuthorizationManagerException("Role " + str2 + " not found!");
        }
        if (!RolePrincipal.class.isAssignableFrom(rolePrincipal.getClass()) || !RolePrincipal.class.isAssignableFrom(rolePrincipal2.getClass())) {
            throw new AuthorizationManagerException(" role inheritance is only supported by RolePrincipal \n roleAsc class=" + rolePrincipal.getClass().getName() + " \n roleDesc class=" + rolePrincipal2.getClass().getName());
        }
        Iterator it = rolePrincipal.getDescendants().iterator();
        while (it.hasNext()) {
            if (rolePrincipal2.equals((RolePrincipal) it.next())) {
                logger.error("Role " + str + " is immediate ascendant of role " + str2 + "!");
                throw new AuthorizationManagerException("Role " + str + " is immediate ascendant of role " + str2 + "!");
            }
        }
        Stack stack = new Stack();
        Stack stack2 = new Stack();
        stack.addAll(rolePrincipal2.getDescendants());
        while (!stack.isEmpty()) {
            RolePrincipal rolePrincipal3 = (RolePrincipal) stack.pop();
            if (rolePrincipal.equals(rolePrincipal3)) {
                logger.error("Role " + str + " cannot inherit role " + str2 + " because " + str2 + " inherit " + str);
                throw new AuthorizationManagerException("Role " + str + " cannot inherit role " + str2 + " because " + str2 + " inherit " + str);
            }
            stack2.addAll(rolePrincipal3.getDescendants());
            if (stack.isEmpty()) {
                stack.addAll(stack2);
                stack2.clear();
            }
        }
        rolePrincipal.getDescendants().add(rolePrincipal2);
        updatePrincipal(rolePrincipal);
    }

    public void deleteInheritance(String str, String str2) throws AuthorizationManagerException {
        RolePrincipal rolePrincipal = this.principals.get(str);
        rolePrincipal.getDescendants().remove(this.principals.get(str2));
        updatePrincipal(rolePrincipal);
    }

    public void updatePrincipal(Principal principal) throws AuthorizationManagerException {
        deletePrincipal(principal);
        createPrincipal(principal);
        logger.debug(" updated principal=" + principal);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assemblyHierarchy() {
        for (String str : this.hierarchyMap.keySet()) {
            RolePrincipal rolePrincipal = this.principals.get(str);
            Iterator<Principal> it = this.hierarchyMap.get(str).iterator();
            while (it.hasNext()) {
                RolePrincipal rolePrincipal2 = (Principal) it.next();
                rolePrincipal.getDescendants().add(rolePrincipal2);
                logger.debug("Role " + str + " inherits from role " + rolePrincipal2.getLocalName());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void deleteReferenceInHierarchy(RolePrincipal rolePrincipal) {
        String localName = rolePrincipal.getLocalName();
        for (String str : this.hierarchyMap.keySet()) {
            if (localName.equals(str)) {
                this.hierarchyMap.remove(str);
            } else {
                this.hierarchyMap.get(str).remove(rolePrincipal);
            }
        }
        Iterator<Principal> it = this.principals.values().iterator();
        while (it.hasNext()) {
            it.next().getDescendants().remove(rolePrincipal);
        }
        Iterator<Principal> it2 = this.principalsSet.iterator();
        while (it2.hasNext()) {
            ((Principal) it2.next()).getDescendants().remove(rolePrincipal);
        }
    }

    public Set<Principal> listPrincipals() {
        return this.principalsSet;
    }

    public JGPermissionCollection listPermissions() {
        return new JGPositivePermissionCollection(this.permissionsSet);
    }

    public void importAuthorizationManager(AuthorizationManager authorizationManager) throws AuthorizationManagerException {
        if (authorizationManager.isEmpty()) {
            logger.warn(" authManager to import is empty ");
            return;
        }
        for (Domain domain : authorizationManager.getDomainsSet()) {
            createDomain(domain.getName());
            Iterator it = domain.getPermissions().iterator();
            while (it.hasNext()) {
                createPermission((Permission) it.next(), domain.getName());
            }
        }
        Set<RolePrincipal> principalsSet = authorizationManager.getPrincipalsSet();
        Iterator it2 = principalsSet.iterator();
        while (it2.hasNext()) {
            createPrincipal((Principal) it2.next());
        }
        for (RolePrincipal rolePrincipal : principalsSet) {
            if (rolePrincipal instanceof RolePrincipal) {
                Iterator it3 = rolePrincipal.getDescendants().iterator();
                while (it3.hasNext()) {
                    addInheritance(getLocalName(rolePrincipal), getLocalName((RolePrincipal) it3.next()));
                }
            }
        }
    }

    public final Set<Domain> getDomainsSet() {
        return new HashSet(domainsSet);
    }

    public final Set<Permission> getPermissionsSet() {
        return new HashSet(this.permissionsSet);
    }

    public final Map<String, Principal> getPrincipals() {
        return new HashMap(this.principals);
    }

    public final Set<Principal> getPrincipalsSet() {
        return new HashSet(this.principalsSet);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getLocalName(Principal principal) {
        return principal instanceof RolePrincipal ? ((RolePrincipal) principal).getLocalName() : principal.getName();
    }

    public final void addAlwaysGrantedPermissions(Permissions permissions) {
        Enumeration<Permission> elements = permissions.elements();
        while (elements.hasMoreElements()) {
            this.alwaysGrantedPermissions.add(elements.nextElement());
        }
    }

    public String getApplicationName() {
        return this.applicationName;
    }
}
