package pt.digitalis.dif.model.authorization;

import com.google.inject.Inject;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.hibernate.Query;
import org.hibernate.Session;
import org.hibernate.Transaction;
import org.opensaml.saml2.metadata.EntityDescriptor;
import pt.digitalis.dif.controller.security.managers.IIdentityManager;
import pt.digitalis.dif.controller.security.managers.impl.AuthorizationManagerStaticImpl;
import pt.digitalis.dif.controller.security.objects.ACLEntry;
import pt.digitalis.dif.dem.Entity;
import pt.digitalis.dif.dem.managers.IDEMManager;
import pt.digitalis.dif.dem.managers.impl.model.DIFRepositoryFactory;
import pt.digitalis.dif.dem.managers.impl.model.IAuthorizationService;
import pt.digitalis.dif.dem.managers.impl.model.data.Acl;
import pt.digitalis.dif.exception.security.AuthorizationManagerException;
import pt.digitalis.dif.exception.security.IdentityManagerException;
import pt.digitalis.dif.ioc.DIFIoCRegistry;
import pt.digitalis.dif.model.dataset.DataSetException;
import pt.digitalis.dif.model.dataset.Filter;
import pt.digitalis.dif.model.dataset.FilterType;
import pt.digitalis.dif.utils.logging.DIFLogger;

/* loaded from: input_file:WEB-INF/lib/dif-authorization-database-2.7.2.jar:pt/digitalis/dif/model/authorization/AuthorizationManagerDataBaseImpl.class */
public class AuthorizationManagerDataBaseImpl extends AuthorizationManagerStaticImpl {
    private static boolean ENTRIES_INITIALIZED = false;
    protected IAuthorizationService authorizationService;

    @Inject
    public AuthorizationManagerDataBaseImpl(IIdentityManager iIdentityManager, IDEMManager iDEMManager) {
        super(iIdentityManager, iDEMManager);
        this.authorizationService = (IAuthorizationService) DIFIoCRegistry.getRegistry().getImplementation(IAuthorizationService.class);
    }

    private static Acl convertACLEntryToAcl(ACLEntry aCLEntry, Long l) {
        Acl acl = new Acl();
        if (aCLEntry.getUserID() != null) {
            acl.setUserId(aCLEntry.getUserID());
        }
        if (aCLEntry.getGroupID() != null) {
            acl.setGroupId(aCLEntry.getGroupID());
        }
        if (aCLEntry.getEntityType() != null) {
            acl.setEntityType(aCLEntry.getEntityType().toString());
        }
        if (aCLEntry.getEntityID() != null) {
            acl.setEntityId(aCLEntry.getEntityID());
        }
        acl.setPublicAccess(aCLEntry.isPublicAccess() ? "S" : "N");
        acl.setIsEnabled(aCLEntry.isEnabled() ? "S" : "N");
        acl.setIsDefault(aCLEntry.isDefault() ? "S" : "N");
        if (l != null) {
            acl.setId(l);
        }
        return acl;
    }

    private static List<ACLEntry> convertAclListToACLEntryList(List<Acl> list) {
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<Acl> it2 = list.iterator();
        while (it2.hasNext()) {
            arrayList.add(convertAclToACLEntry(it2.next()));
        }
        return arrayList;
    }

    private static ACLEntry convertAclToACLEntry(Acl acl) {
        ACLEntry aCLEntry = new ACLEntry();
        if (acl.getUserId() != null) {
            aCLEntry.setUserID(acl.getUserId());
        }
        if (acl.getGroupId() != null) {
            aCLEntry.setGroupID(acl.getGroupId());
        }
        if (acl.getEntityType() != null) {
            aCLEntry.setEntityType(Entity.valueOf(acl.getEntityType()));
        }
        if (acl.getEntityId() != null) {
            aCLEntry.setEntityID(acl.getEntityId());
        }
        if ("S".equals(acl.getPublicAccess())) {
            aCLEntry.setPublicAccess();
        }
        aCLEntry.setEnabled("S".equals(acl.getIsEnabled()));
        aCLEntry.setDefault("S".equals(acl.getIsDefault()));
        return aCLEntry;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // pt.digitalis.dif.controller.security.managers.impl.AbstractAuthorizationManagerImpl
    public boolean addACLEntryToGroup(ACLEntry aCLEntry, boolean z) throws AuthorizationManagerException {
        Session session = DIFRepositoryFactory.getSession();
        session.beginTransaction();
        try {
            Acl aclByGroup = getAclByGroup(aCLEntry.getGroupID(), aCLEntry.getEntityType() != null ? aCLEntry.getEntityType().toString() : null, aCLEntry.getEntityID());
            if (aclByGroup == null) {
                aCLEntry.setEnabled(true);
                persistACLEntry(aCLEntry, null);
            } else if (z) {
                aclByGroup.setIsEnabled("S");
                session.merge(aclByGroup);
            } else if (!"S".equals(aclByGroup.getIsEnabled())) {
                aCLEntry.setEnabled(false);
            }
            session.getTransaction().commit();
            return super.addACLEntryToGroup(aCLEntry, true);
        } catch (DataSetException e) {
            session.getTransaction().rollback();
            throw new AuthorizationManagerException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // pt.digitalis.dif.controller.security.managers.impl.AbstractAuthorizationManagerImpl
    public boolean addACLEntryToPublic(ACLEntry aCLEntry) throws AuthorizationManagerException {
        Session session = DIFRepositoryFactory.getSession();
        session.beginTransaction();
        try {
            ACLEntry processAcl = processAcl(aCLEntry, getAclByPublic(aCLEntry.getEntityType() != null ? aCLEntry.getEntityType().toString() : null, aCLEntry.getEntityID()));
            session.getTransaction().commit();
            return super.addACLEntryToPublic(processAcl);
        } catch (DataSetException e) {
            session.getTransaction().rollback();
            throw new AuthorizationManagerException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // pt.digitalis.dif.controller.security.managers.impl.AbstractAuthorizationManagerImpl
    public boolean addACLEntryToUser(ACLEntry aCLEntry) throws AuthorizationManagerException {
        boolean z;
        try {
            if (this.identityManager.userExists(aCLEntry.getUserID())) {
                Session session = DIFRepositoryFactory.getSession();
                session.beginTransaction();
                try {
                    aCLEntry = processAcl(aCLEntry, getAclByUser(aCLEntry.getUserID(), aCLEntry.getEntityType() != null ? aCLEntry.getEntityType().toString() : null, aCLEntry.getEntityID()));
                    session.getTransaction().commit();
                    z = true;
                } catch (DataSetException e) {
                    session.getTransaction().rollback();
                    throw new AuthorizationManagerException(e);
                }
            } else {
                z = false;
            }
            return z && super.addACLEntryToUser(aCLEntry);
        } catch (IdentityManagerException e2) {
            throw new AuthorizationManagerException("Could not access the identity manager to verify user existance!", e2);
        }
    }

    public boolean deleteAllGroupAccess(String str) {
        try {
            List<Acl> asList = this.authorizationService.getAclDataSet().query().equals("groupId", str).asList();
            Iterator<Acl> it2 = asList.iterator();
            while (it2.hasNext()) {
                this.authorizationService.getAclDataSet().getSession().delete(it2.next());
            }
            return asList.size() > 0;
        } catch (DataSetException e) {
            e.printStackTrace();
            return false;
        }
    }

    public boolean deleteAllUserAccess(String str) {
        try {
            List<Acl> asList = this.authorizationService.getAclDataSet().query().equals("userId", str).asList();
            Iterator<Acl> it2 = asList.iterator();
            while (it2.hasNext()) {
                this.authorizationService.getAclDataSet().getSession().delete(it2.next());
            }
            return asList.size() > 0;
        } catch (DataSetException e) {
            e.printStackTrace();
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // pt.digitalis.dif.controller.security.managers.impl.AbstractAuthorizationManagerImpl
    public boolean deleteGroup(String str, ACLEntry aCLEntry) {
        Transaction beginTransaction = DIFRepositoryFactory.getSession().beginTransaction();
        try {
            deleteGroupAccess(str, aCLEntry.getEntityType().toString(), aCLEntry.getEntityID());
        } catch (DataSetException e) {
            e.printStackTrace();
        }
        beginTransaction.commit();
        return super.deleteGroup(str, aCLEntry);
    }

    public boolean deleteGroupAccess(String str, String str2, String str3) throws DataSetException {
        List<Acl> asList = this.authorizationService.getAclDataSet().query().addFilter(new Filter("groupId".toString(), FilterType.EQUALS, str.toString())).addFilter(new Filter("entityType".toString(), FilterType.EQUALS, str2.toString())).addFilter(new Filter("entityId".toString(), FilterType.EQUALS_INSENSITIVE, str3.toString())).asList();
        for (Acl acl : asList) {
            if ("S".equals(acl.getIsDefault())) {
                acl.setIsEnabled("N");
                this.authorizationService.getAclDataSet().getSession().save(acl);
            } else {
                this.authorizationService.getAclDataSet().getSession().delete(acl);
            }
        }
        return asList.size() > 0;
    }

    public boolean deletePublicAccess(String str, String str2) {
        Query createQuery = this.authorizationService.getAclDataSet().getSession().createQuery("delete " + Acl.class.getCanonicalName() + " acl where acl." + Acl.Fields.PUBLICACCESS + " = 'S' and lower(acl.entityId) = :entityID and acl.entityType = :entityType and acl.isDefault = 'N'");
        createQuery.setString(EntityDescriptor.ENTITY_ID_ATTRIB_NAME, str2);
        createQuery.setString("entityType", str);
        int executeUpdate = createQuery.executeUpdate();
        int i = 0;
        try {
            for (Acl acl : this.authorizationService.getAclDataSet().query().equals(Acl.Fields.PUBLICACCESS, "S").equals("isDefault", "S").equals("entityType", str).equals("entityId", str2).asList()) {
                acl.setIsEnabled("N");
                this.authorizationService.getAclDataSet().getSession().save(acl);
                i++;
            }
        } catch (DataSetException e) {
            e.printStackTrace();
        }
        return executeUpdate > 0 || i > 0;
    }

    public boolean deleteUserAccess(String str, String str2, String str3) throws DataSetException {
        List<Acl> asList = this.authorizationService.getAclDataSet().query().addFilter(new Filter("userId".toString(), FilterType.EQUALS, str.toString())).addFilter(new Filter("entityType".toString(), FilterType.EQUALS, str2.toString())).addFilter(new Filter("entityId".toString(), FilterType.EQUALS_INSENSITIVE, str3.toString())).asList();
        for (Acl acl : asList) {
            if ("S".equals(acl.getIsDefault())) {
                acl.setIsEnabled("N");
                this.authorizationService.getAclDataSet().getSession().save(acl);
            } else {
                this.authorizationService.getAclDataSet().getSession().delete(acl);
            }
        }
        return asList.size() > 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // pt.digitalis.dif.controller.security.managers.impl.AbstractAuthorizationManagerImpl
    public boolean disableGroup(String str, ACLEntry aCLEntry, ACLEntry aCLEntry2) {
        Session session = DIFRepositoryFactory.getSession();
        session.beginTransaction();
        try {
            Acl aclByGroup = getAclByGroup(aCLEntry2.getGroupID(), aCLEntry2.getEntityType() != null ? aCLEntry2.getEntityType().toString() : null, aCLEntry2.getEntityID());
            aclByGroup.setIsEnabled("N");
            this.authorizationService.getAclDataSet().getSession().merge(aclByGroup);
            session.getTransaction().commit();
        } catch (DataSetException e) {
            session.getTransaction().rollback();
        }
        return super.disableGroup(str, aCLEntry, aCLEntry2);
    }

    public List<Acl> getAcl(Acl acl) throws DataSetException {
        pt.digitalis.dif.model.dataset.Query<Acl> query = this.authorizationService.getAclDataSet().query();
        if (acl.getUserId() != null) {
            query = query.addFilter(new Filter("userId".toString(), FilterType.EQUALS, acl.getUserId()));
        }
        if (acl.getEntityType() != null) {
            query = query.addFilter(new Filter("entityType".toString(), FilterType.EQUALS, acl.getEntityType()));
        }
        if (acl.getEntityId() != null) {
            query = query.addFilter(new Filter("entityId".toString(), FilterType.EQUALS_INSENSITIVE, acl.getEntityId()));
        }
        if (acl.getGroupId() != null) {
            query = query.addFilter(new Filter("groupId".toString(), FilterType.EQUALS, acl.getGroupId()));
        }
        if (acl.getIsDefault() != null) {
            query = query.addFilter(new Filter("isDefault".toString(), FilterType.EQUALS, acl.getIsDefault()));
        }
        if (acl.getIsEnabled() != null) {
            query = query.addFilter(new Filter("isEnabled".toString(), FilterType.EQUALS, acl.getIsEnabled()));
        }
        if (acl.getPublicAccess() != null) {
            query = query.addFilter(new Filter(Acl.Fields.PUBLICACCESS.toString(), FilterType.EQUALS, acl.getPublicAccess()));
        }
        return query.asList();
    }

    public Acl getAclByGroup(String str, String str2, String str3) throws DataSetException {
        pt.digitalis.dif.model.dataset.Query<Acl> addFilter = this.authorizationService.getAclDataSet().query().addFilter(new Filter("groupId".toString(), FilterType.EQUALS, str.toString()));
        pt.digitalis.dif.model.dataset.Query<Acl> addFilter2 = str2 != null ? addFilter.addFilter(new Filter("entityType".toString(), FilterType.EQUALS, str2.toString())) : addFilter.addFilter(new Filter("entityType".toString(), FilterType.IS_NULL));
        return (str3 != null ? addFilter2.addFilter(new Filter("entityId".toString(), FilterType.EQUALS_INSENSITIVE, str3.toString())) : addFilter2.addFilter(new Filter("entityId".toString(), FilterType.IS_NULL))).singleValue();
    }

    public Acl getAclByPublic(String str, String str2) throws DataSetException {
        pt.digitalis.dif.model.dataset.Query<Acl> addFilter = this.authorizationService.getAclDataSet().query().addFilter(new Filter(Acl.Fields.PUBLICACCESS.toString(), FilterType.EQUALS, "S"));
        pt.digitalis.dif.model.dataset.Query<Acl> addFilter2 = str != null ? addFilter.addFilter(new Filter("entityType".toString(), FilterType.EQUALS, str.toString())) : addFilter.addFilter(new Filter("entityType".toString(), FilterType.IS_NULL));
        return (str2 != null ? addFilter2.addFilter(new Filter("entityId".toString(), FilterType.EQUALS_INSENSITIVE, str2.toString())) : addFilter2.addFilter(new Filter("entityId".toString(), FilterType.IS_NULL))).singleValue();
    }

    public Acl getAclByUser(String str, String str2, String str3) throws DataSetException {
        pt.digitalis.dif.model.dataset.Query<Acl> addFilter = this.authorizationService.getAclDataSet().query().addFilter(new Filter("userId".toString(), FilterType.EQUALS, str.toString()));
        pt.digitalis.dif.model.dataset.Query<Acl> addFilter2 = str2 != null ? addFilter.addFilter(new Filter("entityType".toString(), FilterType.EQUALS, str2.toString())) : addFilter.addFilter(new Filter("entityType".toString(), FilterType.IS_NULL));
        return (str3 != null ? addFilter2.addFilter(new Filter("entityId".toString(), FilterType.EQUALS_INSENSITIVE, str3.toString())) : addFilter2.addFilter(new Filter("entityId".toString(), FilterType.IS_NULL))).singleValue();
    }

    @Override // pt.digitalis.dif.controller.security.managers.impl.AbstractAuthorizationManagerImpl
    public Map<String, Set<ACLEntry>> getGroupAccessControlList() {
        loadPersistedEntries();
        return super.getGroupAccessControlList();
    }

    @Override // pt.digitalis.dif.controller.security.managers.impl.AbstractAuthorizationManagerImpl
    public Map<String, ACLEntry> getPublicAccessControlList() {
        loadPersistedEntries();
        return super.getPublicAccessControlList();
    }

    @Override // pt.digitalis.dif.controller.security.managers.impl.AbstractAuthorizationManagerImpl
    public Map<String, Set<ACLEntry>> getUserAccessControlList() {
        loadPersistedEntries();
        return super.getUserAccessControlList();
    }

    private synchronized void loadPersistedEntries() {
        if (ENTRIES_INITIALIZED) {
            return;
        }
        DIFLogger.getLogger().debug("[AuthorizationManager] Start loading persistent Entries from Database...");
        ENTRIES_INITIALIZED = true;
        Session session = DIFRepositoryFactory.getSession();
        session.beginTransaction();
        try {
            for (ACLEntry aCLEntry : convertAclListToACLEntryList(this.authorizationService.getAclDataSet().query().asList())) {
                if (aCLEntry.isPublicAccess()) {
                    super.addACLEntryToPublic(aCLEntry);
                } else if (aCLEntry.getUserID() != null) {
                    super.addACLEntryToUser(aCLEntry);
                } else if (aCLEntry.getGroupID() != null) {
                    super.addACLEntryToGroup(aCLEntry, true);
                }
            }
            session.getTransaction().commit();
        } catch (Exception e) {
            ENTRIES_INITIALIZED = false;
            session.getTransaction().rollback();
            DIFLogger.getLogger().info("AuthorizationManager - Failed loading persistent Entries from Database... Reason: " + e.getMessage());
        }
        DIFLogger.getLogger().info("[AuthorizationManager] Finished loading persistent Entries from Database...");
    }

    private void persistACLEntry(ACLEntry aCLEntry, Long l) {
        this.authorizationService.getAclDataSet().getSession().persist(convertACLEntryToAcl(aCLEntry, l));
    }

    private ACLEntry processAcl(ACLEntry aCLEntry, Acl acl) {
        if (acl == null) {
            persistACLEntry(aCLEntry, null);
        } else if (aCLEntry.isDefault()) {
            aCLEntry = convertAclToACLEntry(acl);
        } else {
            updateACLEntry(aCLEntry, acl.getId());
        }
        return aCLEntry;
    }

    @Override // pt.digitalis.dif.controller.security.managers.impl.AbstractAuthorizationManagerImpl, pt.digitalis.dif.controller.security.managers.IAuthorizationManager
    public boolean revokeAccessFromPublic(Entity entity, String str) {
        Transaction beginTransaction = DIFRepositoryFactory.getSession().beginTransaction();
        boolean deletePublicAccess = deletePublicAccess(entity.toString(), str);
        beginTransaction.commit();
        return deletePublicAccess && super.revokeAccessFromPublic(entity, str);
    }

    @Override // pt.digitalis.dif.controller.security.managers.impl.AbstractAuthorizationManagerImpl, pt.digitalis.dif.controller.security.managers.IAuthorizationManager
    public boolean revokeAccessFromUser(String str, Entity entity, String str2) {
        Transaction beginTransaction = DIFRepositoryFactory.getSession().beginTransaction();
        boolean z = false;
        try {
            z = deleteUserAccess(str, entity.toString(), str2);
        } catch (DataSetException e) {
            e.printStackTrace();
        }
        beginTransaction.commit();
        return z && super.revokeAccessFromUser(str, entity, str2);
    }

    @Override // pt.digitalis.dif.controller.security.managers.impl.AbstractAuthorizationManagerImpl, pt.digitalis.dif.controller.security.managers.IAuthorizationManager
    public boolean revokeAllAccessFromGroup(String str) {
        Transaction beginTransaction = DIFRepositoryFactory.getSession().beginTransaction();
        boolean deleteAllGroupAccess = deleteAllGroupAccess(str);
        beginTransaction.commit();
        return deleteAllGroupAccess && super.revokeAllAccessFromGroup(str);
    }

    @Override // pt.digitalis.dif.controller.security.managers.impl.AbstractAuthorizationManagerImpl, pt.digitalis.dif.controller.security.managers.IAuthorizationManager
    public boolean revokeAllAccessFromUser(String str) {
        Transaction beginTransaction = DIFRepositoryFactory.getSession().beginTransaction();
        boolean deleteAllUserAccess = deleteAllUserAccess(str);
        beginTransaction.commit();
        return deleteAllUserAccess && super.revokeAllAccessFromUser(str);
    }

    private void updateACLEntry(ACLEntry aCLEntry, Long l) {
        this.authorizationService.getAclDataSet().getSession().merge(convertACLEntryToAcl(aCLEntry, l));
    }
}
