package net.sf.jguard.ext.authorization.manager;

import com.google.inject.persist.Transactional;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.Stack;
import java.util.TreeSet;
import net.sf.ehcache.CacheException;
import net.sf.jguard.core.authorization.Permission;
import net.sf.jguard.core.authorization.manager.AuthorizationManager;
import net.sf.jguard.core.authorization.manager.AuthorizationManagerException;
import net.sf.jguard.core.authorization.permissions.JGNegativePermissionCollection;
import net.sf.jguard.core.authorization.permissions.JGPermissionCollection;
import net.sf.jguard.core.authorization.permissions.JGPositivePermissionCollection;
import net.sf.jguard.core.authorization.permissions.PermissionUtils;
import net.sf.jguard.core.authorization.policy.ProtectionDomainUtils;
import net.sf.jguard.core.principals.PrincipalUtils;
import net.sf.jguard.core.principals.RolePrincipal;
import net.sf.jguard.core.principals.UserPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:net/sf/jguard/ext/authorization/manager/AbstractAuthorizationManager.class */
public abstract class AbstractAuthorizationManager implements AuthorizationManager {
    protected String applicationName;
    protected JGPermissionCollection urlp;
    protected Map options;
    private boolean negativePermissions;
    private boolean permissionResolutionCaching;
    protected Permissions alwaysGrantedPermissions;
    private static final int SALT = 99999;
    private static final String TRUE = "true";
    private static final Logger logger = LoggerFactory.getLogger(AbstractAuthorizationManager.class.getName());
    private static final Random rnd = new Random();
    protected Map<Long, RolePrincipal> principals = new HashMap();
    protected Set<RolePrincipal> principalsSet = new TreeSet();
    protected Map<Long, Permission> permissions = new HashMap();
    protected Set<Permission> permissionsSet = new HashSet();
    protected Map<Long, List<RolePrincipal>> hierarchyMap = new HashMap();

    public AbstractAuthorizationManager(String str, boolean z, boolean z2) {
        this.applicationName = null;
        this.alwaysGrantedPermissions = null;
        this.applicationName = str;
        this.negativePermissions = z;
        this.permissionResolutionCaching = z2;
        this.alwaysGrantedPermissions = new Permissions();
        if (z) {
            this.urlp = new JGNegativePermissionCollection();
        } else {
            this.urlp = new JGPositivePermissionCollection();
        }
        if (!z2) {
            PermissionUtils.setCachesEnabled(false);
            return;
        }
        try {
            PermissionUtils.createCaches();
            PermissionUtils.setCachesEnabled(true);
        } catch (CacheException e) {
            logger.warn("Failed to activate permission resolution caching : " + e.getMessage(), e);
            PermissionUtils.setCachesEnabled(false);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkInitialState() {
        if (null == this.applicationName || "".equals(this.applicationName)) {
            logger.warn("applicationName[" + this.applicationName + "] must not be null or empty");
        }
        if (this.permissions.size() == 0 || this.permissionsSet.size() == 0) {
            logger.warn("permissions[" + this.permissions.size() + "] or permissionsSet[" + this.permissionsSet.size() + "] is empty");
        }
        if (this.principals.size() == 0 || this.principalsSet.size() == 0) {
            logger.warn("principals[" + this.principals.size() + "] or principalsSet[" + this.principalsSet.size() + "] is empty");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setApplicationNameForPrincipals(String str) {
        Iterator<RolePrincipal> it = this.principalsSet.iterator();
        while (it.hasNext()) {
            it.next().setApplicationName(str);
        }
        Iterator<RolePrincipal> it2 = this.principals.values().iterator();
        while (it2.hasNext()) {
            it2.next().setApplicationName(str);
        }
    }

    public Set<Permission> getPermissions(Collection<Long> collection) {
        HashSet hashSet = new HashSet();
        Iterator<Long> it = collection.iterator();
        while (it.hasNext()) {
            try {
                hashSet.add(readPermission(it.next().longValue()));
            } catch (AuthorizationManagerException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
        return hashSet;
    }

    public abstract void refresh();

    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        HashSet<RolePrincipal> hashSet = new HashSet(Arrays.asList(protectionDomain.getPrincipals()));
        UserPrincipal userPrincipal = ProtectionDomainUtils.getUserPrincipal(protectionDomain);
        JGPositivePermissionCollection jGPositivePermissionCollection = !isNegativePermissions() ? new JGPositivePermissionCollection() : new JGNegativePermissionCollection();
        for (RolePrincipal rolePrincipal : hashSet) {
            if (rolePrincipal instanceof RolePrincipal) {
                RolePrincipal rolePrincipal2 = rolePrincipal;
                if (PrincipalUtils.evaluatePrincipal(rolePrincipal2, userPrincipal)) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("  user's principal name=" + rolePrincipal2.getLocalName());
                        logger.debug(" user's principal applicationName=" + rolePrincipal2.getApplicationName());
                    }
                    Iterator<RolePrincipal> it = listPrincipals().iterator();
                    while (true) {
                        if (it.hasNext()) {
                            RolePrincipal next = it.next();
                            if (logger.isDebugEnabled()) {
                                logger.debug("system's principal name=" + next.getLocalName());
                                logger.debug("system's principal applicationName=" + this.applicationName);
                            }
                            if (next.equals(rolePrincipal2)) {
                                if (logger.isDebugEnabled()) {
                                    logger.debug("principal name=" + rolePrincipal2.getLocalName() + " is declared in this application ");
                                }
                                jGPositivePermissionCollection.addAll(next.getAllPermissions());
                                Set allPermissions = next.getAllPermissions();
                                if (logger.isDebugEnabled()) {
                                    logger.debug("permissions granted are :" + allPermissions.toString());
                                }
                            }
                        }
                    }
                }
            }
        }
        if (protectionDomain.getPermissions() != null) {
            jGPositivePermissionCollection.addAll(protectionDomain.getPermissions());
        }
        if (logger.isDebugEnabled()) {
            logger.debug(" user has got " + jGPositivePermissionCollection.size() + " permissions: \n" + jGPositivePermissionCollection);
        }
        JGPermissionCollection evaluatePermissionCollection = PrincipalUtils.evaluatePermissionCollection(protectionDomain, jGPositivePermissionCollection);
        jGPositivePermissionCollection.clear();
        jGPositivePermissionCollection.addAll(evaluatePermissionCollection);
        return PermissionUtils.mergePermissionCollections(jGPositivePermissionCollection, this.alwaysGrantedPermissions);
    }

    public abstract Permission readPermission(long j) throws AuthorizationManagerException;

    public RolePrincipal readPrincipal(long j) throws AuthorizationManagerException {
        return this.principals.get(Long.valueOf(j));
    }

    protected void updatePrincipals(Permission permission) {
        for (RolePrincipal rolePrincipal : this.principalsSet) {
            rolePrincipal.getPermissions().remove(permission);
            rolePrincipal.addPermission(permission);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removePermissionFromPrincipals(long j) {
        Permission permission = this.permissions.get(Long.valueOf(j));
        for (RolePrincipal rolePrincipal : this.principalsSet) {
            if (rolePrincipal.getPermissions().contains(permission)) {
                rolePrincipal.getPermissions().remove(permission);
                logger.debug("removePermissionFromPrincipals: " + permission);
            }
        }
    }

    public void addToPrincipal(long j, Permission permission) throws AuthorizationManagerException {
        RolePrincipal readPrincipal = readPrincipal(j);
        if (readPrincipal == null) {
            throw new SecurityException(" Principal/role " + j + " does not exists ");
        }
        if (!this.permissionsSet.contains(permission)) {
            this.permissionsSet.add(permission);
            this.permissions.put(Long.valueOf(permission.getId()), permission);
            createPermission(permission);
        }
        readPrincipal.addPermission(permission);
    }

    @Transactional
    public void addInheritance(long j, long j2) throws AuthorizationManagerException {
        RolePrincipal readPrincipal = readPrincipal(j);
        RolePrincipal readPrincipal2 = readPrincipal(j2);
        if (j == j2) {
            logger.error("ascendant and descendant cannot be the same principal ");
            throw new AuthorizationManagerException("ascendant and descendant cannot be the same principal ");
        }
        if (readPrincipal == null) {
            logger.error("Role " + j + " not found!");
            throw new AuthorizationManagerException("Role " + j + " not found!");
        }
        if (readPrincipal2 == null) {
            logger.error("Role " + j2 + " not found!");
            throw new AuthorizationManagerException("Role " + j2 + " not found!");
        }
        Iterator it = readPrincipal.getDescendants().iterator();
        while (it.hasNext()) {
            if (readPrincipal2.equals((RolePrincipal) it.next())) {
                logger.error("Role " + j + " is immediate ascendant of role " + j2 + "!");
                throw new AuthorizationManagerException("Role " + j + " is immediate ascendant of role " + j2 + "!");
            }
        }
        Stack stack = new Stack();
        Stack stack2 = new Stack();
        stack.addAll(readPrincipal2.getDescendants());
        while (!stack.isEmpty()) {
            RolePrincipal rolePrincipal = (RolePrincipal) stack.pop();
            if (readPrincipal.equals(rolePrincipal)) {
                logger.error("Role " + j + " cannot inherit role " + j2 + " because " + j2 + " inherit " + j);
                throw new AuthorizationManagerException("Role " + j + " cannot inherit role " + j2 + " because " + j2 + " inherit " + j);
            }
            stack2.addAll(rolePrincipal.getDescendants());
            if (stack.isEmpty()) {
                stack.addAll(stack2);
                stack2.clear();
            }
        }
        readPrincipal.getDescendants().add(readPrincipal2);
        readPrincipal2.setAscendant(readPrincipal);
        updatePrincipal(readPrincipal);
        updatePrincipal(readPrincipal2);
    }

    public void deleteInheritance(Long l, Long l2) throws AuthorizationManagerException {
        RolePrincipal readPrincipal = readPrincipal(l.longValue());
        RolePrincipal readPrincipal2 = readPrincipal(l2.longValue());
        readPrincipal.getDescendants().remove(readPrincipal2);
        readPrincipal2.setAscendant((RolePrincipal) null);
        updatePrincipal(readPrincipal);
        updatePrincipal(readPrincipal2);
    }

    public void updatePrincipal(RolePrincipal rolePrincipal) throws AuthorizationManagerException {
        deletePrincipal(rolePrincipal);
        createPrincipal(rolePrincipal);
        logger.debug(" updated principal=" + rolePrincipal);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assemblyHierarchy() {
        Iterator<Long> it = this.hierarchyMap.keySet().iterator();
        while (it.hasNext()) {
            long longValue = it.next().longValue();
            RolePrincipal rolePrincipal = this.principals.get(Long.valueOf(longValue));
            for (RolePrincipal rolePrincipal2 : this.hierarchyMap.get(Long.valueOf(longValue))) {
                rolePrincipal.getDescendants().add(rolePrincipal2);
                logger.debug("Role " + longValue + " inherits from role " + rolePrincipal2.getId());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void deleteReferenceInHierarchy(RolePrincipal rolePrincipal) {
        long id = rolePrincipal.getId();
        Iterator<Long> it = this.hierarchyMap.keySet().iterator();
        while (it.hasNext()) {
            long longValue = it.next().longValue();
            if (id == longValue) {
                this.hierarchyMap.remove(Long.valueOf(longValue));
            } else {
                this.hierarchyMap.get(Long.valueOf(longValue)).remove(rolePrincipal);
            }
        }
        Iterator<RolePrincipal> it2 = this.principals.values().iterator();
        while (it2.hasNext()) {
            it2.next().getDescendants().remove(rolePrincipal);
        }
        Iterator<RolePrincipal> it3 = this.principalsSet.iterator();
        while (it3.hasNext()) {
            it3.next().getDescendants().remove(rolePrincipal);
        }
    }

    public List<RolePrincipal> listPrincipals() {
        return new ArrayList(this.principalsSet);
    }

    public List<Permission> listPermissions() {
        return new ArrayList(this.permissionsSet);
    }

    public void importAuthorizationManager(AuthorizationManager authorizationManager) throws AuthorizationManagerException {
        if (authorizationManager.isEmpty()) {
            logger.warn(" authManager to import is empty ");
            return;
        }
        Iterator it = authorizationManager.listPermissions().iterator();
        while (it.hasNext()) {
            createPermission((Permission) it.next());
        }
        List<RolePrincipal> listPrincipals = authorizationManager.listPrincipals();
        Iterator it2 = listPrincipals.iterator();
        while (it2.hasNext()) {
            createPrincipal((RolePrincipal) it2.next());
        }
        for (RolePrincipal rolePrincipal : listPrincipals) {
            Iterator it3 = rolePrincipal.getDescendants().iterator();
            while (it3.hasNext()) {
                addInheritance(rolePrincipal.getId(), ((RolePrincipal) it3.next()).getId());
            }
        }
    }

    public final Map<Long, Principal> getPrincipals() {
        return new HashMap(this.principals);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getLocalName(Principal principal) {
        return principal instanceof RolePrincipal ? ((RolePrincipal) principal).getLocalName() : principal.getName();
    }

    public final void addAlwaysGrantedPermissions(Permissions permissions) {
        Enumeration<java.security.Permission> elements = permissions.elements();
        while (elements.hasMoreElements()) {
            this.alwaysGrantedPermissions.add(elements.nextElement());
        }
    }

    public XmlAuthorizationManager exportAsXmlAuthorizationManager(String str) throws AuthorizationManagerException {
        XmlAuthorizationManager xmlAuthorizationManager;
        if (XmlAuthorizationManager.class.isAssignableFrom(getClass())) {
            xmlAuthorizationManager = (XmlAuthorizationManager) this;
        } else {
            xmlAuthorizationManager = new XmlAuthorizationManager(getApplicationName(), isNegativePermissions(), isPermissionResolutionCaching(), str);
            xmlAuthorizationManager.importAuthorizationManager(this);
        }
        return xmlAuthorizationManager;
    }

    public String exportAsXMLString() throws AuthorizationManagerException {
        File tempFile = getTempFile();
        String exportAsXMLString = exportAsXmlAuthorizationManager(tempFile.getAbsolutePath()).exportAsXMLString();
        tempFile.delete();
        return exportAsXMLString;
    }

    private static File getTempFile() {
        try {
            return File.createTempFile("xmlAuthorizationManagerTempFile" + rnd.nextInt(), null);
        } catch (IOException e) {
            throw new RuntimeException("cannot create a temporary file to store XmlAuthorizationManager data", e);
        }
    }

    public void writeAsHTML(OutputStream outputStream) throws IOException, AuthorizationManagerException {
        File tempFile = getTempFile();
        exportAsXmlAuthorizationManager(tempFile.getAbsolutePath()).writeAsHTML(outputStream);
        tempFile.delete();
    }

    public void writeAsXML(OutputStream outputStream, String str) throws IOException, AuthorizationManagerException {
        File tempFile = getTempFile();
        exportAsXmlAuthorizationManager(tempFile.getAbsolutePath()).writeAsXML(outputStream, str);
        tempFile.delete();
    }

    public void exportAsXMLFile(String str) throws IOException, AuthorizationManagerException {
        exportAsXmlAuthorizationManager(str).exportAsXMLFile(str);
    }

    public String getApplicationName() {
        return this.applicationName;
    }

    public boolean isNegativePermissions() {
        return this.negativePermissions;
    }

    public boolean isPermissionResolutionCaching() {
        return this.permissionResolutionCaching;
    }
}
