package org.genesys.blocks.security.service.impl;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.genesys.blocks.security.SecurityContextUtil;
import org.genesys.blocks.security.model.AclAwareModel;
import org.genesys.blocks.security.model.AclClass;
import org.genesys.blocks.security.model.AclEntry;
import org.genesys.blocks.security.model.AclObjectIdentity;
import org.genesys.blocks.security.model.AclSid;
import org.genesys.blocks.security.persistence.AclClassPersistence;
import org.genesys.blocks.security.persistence.AclEntryPersistence;
import org.genesys.blocks.security.persistence.AclObjectIdentityPersistence;
import org.genesys.blocks.security.persistence.AclSidPersistence;
import org.genesys.blocks.security.service.CustomAclService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@Transactional
@Service
/* loaded from: input_file:org/genesys/blocks/security/service/impl/CustomAclServiceImpl.class */
public class CustomAclServiceImpl implements CustomAclService {

    @Autowired
    private AclObjectIdentityPersistence aclObjectIdentityPersistence;

    @Autowired
    private AclSidPersistence aclSidPersistence;

    @Autowired
    private AclClassPersistence aclClassPersistence;

    @Autowired
    private AclEntryPersistence aclEntryPersistence;

    @Autowired
    private CacheManager cacheManager;
    private static Permission[] basePermissions = {BasePermission.CREATE, BasePermission.READ, BasePermission.WRITE, BasePermission.DELETE, BasePermission.ADMINISTRATION};
    private static final Logger LOG = LoggerFactory.getLogger(CustomAclServiceImpl.class);

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(propagation = Propagation.REQUIRED)
    public void addCreatorPermissions(AclAwareModel aclAwareModel) {
        if (aclAwareModel == null || aclAwareModel.getId().longValue() <= 0) {
            LOG.warn("No target specified for ACL permissions, bailing out!");
            return;
        }
        String username = SecurityContextUtil.getUsername();
        if (username == null) {
            LOG.warn("No user in security context, not doing ACL");
            return;
        }
        LOG.debug("Inserting owner ACL entries for owner={} class={} id={}", new Object[]{username, aclAwareModel.getClass().getName(), aclAwareModel.getId()});
        AclSid ensureSid = ensureSid(username, true);
        AclClass ensureAclClass = ensureAclClass(aclAwareModel.getClass().getName());
        AclObjectIdentity aclObjectIdentity = new AclObjectIdentity();
        aclObjectIdentity.setObjectIdIdentity(aclAwareModel.getId().longValue());
        aclObjectIdentity.setAclClass(ensureAclClass);
        aclObjectIdentity.setOwnerSid(ensureSid);
        aclObjectIdentity.setParentObject(null);
        aclObjectIdentity.setEntriesInheriting(false);
        if (this.aclObjectIdentityPersistence.findByObjectIdIdentityAndClassName(aclObjectIdentity.getObjectIdIdentity(), aclObjectIdentity.getAclClass().getAclClass()) == null) {
            AclObjectIdentity aclObjectIdentity2 = (AclObjectIdentity) this.aclObjectIdentityPersistence.save(aclObjectIdentity);
            HashMap hashMap = new HashMap();
            for (Permission permission : basePermissions) {
                hashMap.put(Integer.valueOf(permission.getMask()), true);
            }
            addPermissions(ensureSid, aclObjectIdentity2, hashMap);
        }
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(propagation = Propagation.REQUIRED)
    public void removePermissions(AclAwareModel aclAwareModel) {
        List<AclEntry> findByObjectIdentity;
        AclObjectIdentity findByObjectIdIdentityAndClassName = this.aclObjectIdentityPersistence.findByObjectIdIdentityAndClassName(aclAwareModel.getId().longValue(), aclAwareModel.getClass().getName());
        if (findByObjectIdIdentityAndClassName == null || (findByObjectIdentity = this.aclEntryPersistence.findByObjectIdentity(findByObjectIdIdentityAndClassName)) == null) {
            return;
        }
        this.aclEntryPersistence.delete(findByObjectIdentity);
        this.aclObjectIdentityPersistence.delete(findByObjectIdIdentityAndClassName.getId());
    }

    private void addPermissions(AclSid aclSid, AclObjectIdentity aclObjectIdentity, Map<Integer, Boolean> map) {
        for (Permission permission : basePermissions) {
            int mask = permission.getMask();
            AclEntry aclEntry = new AclEntry();
            aclEntry.setAclObjectIdentity(aclObjectIdentity);
            aclEntry.setAclSid(aclSid);
            aclEntry.setAceOrder(getAceOrder(aclObjectIdentity.getId().longValue()).longValue());
            aclEntry.setGranting(map.get(Integer.valueOf(mask)).booleanValue());
            aclEntry.setAuditSuccess(true);
            aclEntry.setAuditFailure(true);
            aclEntry.setMask(mask);
            this.aclEntryPersistence.save(aclEntry);
        }
        Cache cache = this.cacheManager.getCache("aclCache");
        if (cache != null) {
            cache.clear();
        }
    }

    private Long getAceOrder(long j) {
        Long maxAceOrderForObjectEntity = this.aclEntryPersistence.getMaxAceOrderForObjectEntity(j);
        return Long.valueOf(maxAceOrderForObjectEntity != null ? maxAceOrderForObjectEntity.longValue() + 1 : 1L);
    }

    private AclClass ensureAclClass(String str) {
        AclClass findByAclClass = this.aclClassPersistence.findByAclClass(str);
        if (findByAclClass != null) {
            return findByAclClass;
        }
        LOG.warn("Missing AclClass '{}'", str);
        AclClass aclClass = new AclClass();
        aclClass.setAclClass(str);
        return (AclClass) this.aclClassPersistence.save(aclClass);
    }

    private AclSid ensureSid(String str, boolean z) {
        AclSid findBySidAndPrincipal = this.aclSidPersistence.findBySidAndPrincipal(str, z);
        if (findBySidAndPrincipal != null) {
            return findBySidAndPrincipal;
        }
        AclSid aclSid = new AclSid();
        aclSid.setPrincipal(z);
        aclSid.setSid(str);
        LOG.warn("New SID sid={} principal={}", aclSid.getSid(), Boolean.valueOf(aclSid.isPrincipal()));
        return (AclSid) this.aclSidPersistence.save(aclSid);
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    public AclObjectIdentity getObjectIdentity(String str, long j) {
        return this.aclObjectIdentityPersistence.findByObjectIdIdentityAndClassName(j, str);
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    public AclObjectIdentity getObjectIdentity(long j) {
        return (AclObjectIdentity) this.aclObjectIdentityPersistence.findOne(Long.valueOf(j));
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    public AclObjectIdentity getObjectIdentity(AclAwareModel aclAwareModel) {
        if (aclAwareModel == null) {
            LOG.error("getObjectIdentity: Entity is null");
        }
        AclObjectIdentity findByObjectIdIdentityAndClassName = this.aclObjectIdentityPersistence.findByObjectIdIdentityAndClassName(aclAwareModel.getId().longValue(), aclAwareModel.getClass().getName());
        if (findByObjectIdIdentityAndClassName == null) {
            LOG.warn("ACL object identity not found for class={} id={}", aclAwareModel.getClass().getName(), aclAwareModel.getId());
        }
        return findByObjectIdIdentityAndClassName;
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    public Permission[] getAvailablePermissions(String str) {
        return basePermissions;
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'ADMINISTRATION')")
    public Map<String, Map<Integer, Boolean>> getPermissions(long j, String str) {
        HashMap hashMap = new HashMap();
        for (AclEntry aclEntry : getAclEntries(getObjectIdentity(str, j))) {
            Map map = (Map) hashMap.get(aclEntry.getAclSid().getSid());
            if (map == null) {
                String sid = aclEntry.getAclSid().getSid();
                HashMap hashMap2 = new HashMap();
                map = hashMap2;
                hashMap.put(sid, hashMap2);
            }
            map.put(Integer.valueOf((int) aclEntry.getMask()), Boolean.valueOf(aclEntry.isGranting()));
        }
        return hashMap;
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
    public Map<String, Map<Integer, Boolean>> getPermissions(AclAwareModel aclAwareModel) {
        return getPermissions(aclAwareModel.getId().longValue(), aclAwareModel.getClass().getName());
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity.aclClass.id, #entity.aclClass.aclClass, 'ADMINISTRATION')")
    public void updatePermission(AclObjectIdentity aclObjectIdentity, String str, Map<Integer, Boolean> map) {
        boolean z = false;
        List<AclEntry> findBySidAndAclClass = this.aclEntryPersistence.findBySidAndAclClass(str, aclObjectIdentity.getAclClass().getAclClass());
        for (AclEntry aclEntry : findBySidAndAclClass) {
            aclEntry.setGranting(map.get(Integer.valueOf((int) aclEntry.getMask())).booleanValue());
            z |= aclEntry.isGranting();
        }
        if (z) {
            LOG.info("Saving " + findBySidAndAclClass);
            this.aclEntryPersistence.save(findBySidAndAclClass);
        } else {
            LOG.info("Deleting " + findBySidAndAclClass);
            this.aclEntryPersistence.delete(findBySidAndAclClass);
        }
        this.cacheManager.getCache("aclCache").clear();
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    public List<AclEntry> getAclEntries(AclObjectIdentity aclObjectIdentity) {
        return this.aclEntryPersistence.findByObjectIdentity(aclObjectIdentity);
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    public List<AclEntry> getAclEntries(AclAwareModel aclAwareModel) {
        return this.aclEntryPersistence.findByObjectIdentity(getObjectIdentity(aclAwareModel));
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    public List<AclSid> getSids(long j, String str) {
        return this.aclEntryPersistence.getSids(j, str);
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
    public List<AclSid> getSids(AclAwareModel aclAwareModel) {
        return this.aclEntryPersistence.getSids(aclAwareModel.getId().longValue(), aclAwareModel.getClass().getName());
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    public List<AclSid> getAllSids() {
        return this.aclSidPersistence.findAll();
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#objectIdIdentity, #className, 'ADMINISTRATION')")
    public boolean addPermissions(long j, String str, String str2, boolean z, Map<Integer, Boolean> map) {
        addPermissions(ensureSid(str2, z), ensureObjectIdentity(str, j), map);
        return true;
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional
    public AclObjectIdentity ensureObjectIdentity(String str, long j) {
        AclObjectIdentity findByObjectIdIdentityAndClassName = this.aclObjectIdentityPersistence.findByObjectIdIdentityAndClassName(j, str);
        if (findByObjectIdIdentityAndClassName == null) {
            AclObjectIdentity aclObjectIdentity = new AclObjectIdentity();
            aclObjectIdentity.setObjectIdIdentity(j);
            aclObjectIdentity.setAclClass(ensureAclClass(str));
            aclObjectIdentity.setOwnerSid(ensureSid(SecurityContextUtil.getMe().getUuid(), true));
            findByObjectIdIdentityAndClassName = (AclObjectIdentity) this.aclObjectIdentityPersistence.save(aclObjectIdentity);
        }
        return findByObjectIdIdentityAndClassName;
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    public List<Integer> permissionsBySid(String str, Long l, String str2) {
        Map<Integer, Boolean> map = getPermissions(l.longValue(), str).get(str2);
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<Integer, Boolean> entry : map.entrySet()) {
            Integer key = entry.getKey();
            if (entry.getValue().booleanValue()) {
                arrayList.add(key);
            }
        }
        return arrayList;
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    public List<Long> listIdentitiesForSid(Class<? extends AclAwareModel> cls, UserDetails userDetails, Permission permission) {
        return this.aclEntryPersistence.findObjectIdentitiesBySidAndAclClassAndMask(userDetails.getUsername(), cls.getName(), permission.getMask());
    }
}
