package org.openl.security.acl.repository;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.openl.security.acl.MutableAclService;
import org.openl.util.StringUtils;
import org.springframework.security.acls.domain.ObjectIdentityImpl;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.domain.SidRetrievalStrategyImpl;
import org.springframework.security.acls.domain.SpringCacheBasedAclCache;
import org.springframework.security.acls.model.AccessControlEntry;
import org.springframework.security.acls.model.MutableAcl;
import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.acls.model.SidRetrievalStrategy;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:org/openl/security/acl/repository/SimpleRepositoryAclServiceImpl.class */
public class SimpleRepositoryAclServiceImpl implements SimpleRepositoryAclService {
    protected final MutableAclService aclService;
    private Sid relevantSystemWideSid;
    private final String rootId;
    private final Class<?> objectIdentityClass;
    private final SpringCacheBasedAclCache springCacheBasedAclCache;
    private static final int MAX_LIFE_TIME = 15000;
    private final Map<ObjectIdentity, Long> objectIdentityIdCache;
    private SidRetrievalStrategy sidRetrievalStrategy;

    public SimpleRepositoryAclServiceImpl(SpringCacheBasedAclCache springCacheBasedAclCache, MutableAclService mutableAclService, String str, Class<?> cls) {
        this.objectIdentityIdCache = new ConcurrentHashMap();
        this.sidRetrievalStrategy = new SidRetrievalStrategyImpl();
        this.springCacheBasedAclCache = springCacheBasedAclCache;
        this.aclService = mutableAclService;
        this.rootId = str;
        this.objectIdentityClass = cls;
    }

    public SimpleRepositoryAclServiceImpl(SpringCacheBasedAclCache springCacheBasedAclCache, MutableAclService mutableAclService, String str, Class<?> cls, Sid sid) {
        this(springCacheBasedAclCache, mutableAclService, str, cls);
        this.relevantSystemWideSid = sid;
    }

    public static String concatPaths(String str, String str2) {
        if (!str.endsWith("/")) {
            str = str + "/";
        }
        return str + str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String concat(String str, String str2) {
        if (str2 != null) {
            String str3 = (String) Arrays.stream(str2.split("/")).map(str4 -> {
                return str4.trim() + "/";
            }).collect(Collectors.joining());
            while (true) {
                str2 = str3;
                if (!str2.contains("//")) {
                    break;
                }
                str3 = str2.replaceAll("//", "/");
            }
            if (!str2.startsWith("/")) {
                str2 = "/" + str2;
            }
            if (str2.endsWith("/")) {
                str2 = str2.substring(0, str2.length() - 1);
            }
        }
        return StringUtils.isNotBlank(str2) ? str + ":" + str2 : str;
    }

    protected void evictCache(ObjectIdentity objectIdentity) {
        this.springCacheBasedAclCache.evictFromCache(objectIdentity);
    }

    public SidRetrievalStrategy getSidRetrievalStrategy() {
        return this.sidRetrievalStrategy;
    }

    public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy) {
        this.sidRetrievalStrategy = sidRetrievalStrategy;
    }

    public static ObjectIdentity buildParentObjectIdentity(ObjectIdentity objectIdentity, Class<?> cls, String str) {
        if (Root.class.getName().equals(objectIdentity.getType())) {
            return null;
        }
        String str2 = (String) objectIdentity.getIdentifier();
        int lastIndexOf = str2.lastIndexOf("/");
        if (lastIndexOf < 0) {
            return getRootObjectIdentity(str);
        }
        String substring = str2.substring(0, lastIndexOf);
        if (substring.endsWith(":")) {
            substring = substring.substring(0, substring.length() - 1);
        }
        return new ObjectIdentityImpl(cls, substring);
    }

    protected ObjectIdentity buildParentObjectIdentity(ObjectIdentity objectIdentity) {
        return buildParentObjectIdentity(objectIdentity, getObjectIdentityClass(), getRootId());
    }

    public String getRootId() {
        return this.rootId;
    }

    public Class<?> getObjectIdentityClass() {
        return this.objectIdentityClass;
    }

    private ObjectIdentity getRootObjectIdentity() {
        return getRootObjectIdentity(getRootId());
    }

    private static ObjectIdentity getRootObjectIdentity(String str) {
        return new ObjectIdentityImpl(Root.class, str);
    }

    protected MutableAcl getOrCreateAcl(ObjectIdentity objectIdentity) {
        MutableAcl createAcl;
        try {
            evictCache(objectIdentity);
            createAcl = (MutableAcl) this.aclService.readAclById(objectIdentity);
        } catch (NotFoundException e) {
            createAcl = this.aclService.createAcl(objectIdentity);
            this.objectIdentityIdCache.remove(objectIdentity);
            createAcl.setEntriesInheriting(true);
            ObjectIdentity buildParentObjectIdentity = buildParentObjectIdentity(objectIdentity);
            if (buildParentObjectIdentity != null) {
                MutableAcl orCreateAcl = getOrCreateAcl(buildParentObjectIdentity);
                createAcl.setParent(orCreateAcl);
                createAcl.setOwner(orCreateAcl.getOwner());
            } else if (this.relevantSystemWideSid != null) {
                createAcl.setOwner(this.relevantSystemWideSid);
            }
            this.aclService.updateAcl(createAcl);
        }
        return createAcl;
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public Map<Sid, List<Permission>> listPermissions(String str, String str2) {
        Objects.requireNonNull(str, "repositoryId cannot be null");
        return listPermissions((ObjectIdentity) new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2)), (List<Sid>) null);
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public Map<Sid, List<Permission>> listPermissions(String str, String str2, List<Sid> list) {
        Objects.requireNonNull(str, "repositoryId cannot be null");
        return listPermissions((ObjectIdentity) new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2)), list);
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public Map<Sid, List<Permission>> listRootPermissions() {
        return listPermissions(getRootObjectIdentity(), (List<Sid>) null);
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public Map<Sid, List<Permission>> listRootPermissions(List<Sid> list) {
        return listPermissions(getRootObjectIdentity(), list);
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public void addPermissions(String str, String str2, Map<Sid, List<Permission>> map) {
        Objects.requireNonNull(str, "repositoryId cannot be null");
        addPermissions(new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2)), map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<Sid, List<Permission>> listPermissions(ObjectIdentity objectIdentity, List<Sid> list) {
        try {
            evictCache(objectIdentity);
            HashMap hashMap = new HashMap();
            for (AccessControlEntry accessControlEntry : (list == null ? this.aclService.readAclById(objectIdentity) : this.aclService.readAclById(objectIdentity, list)).getEntries()) {
                if (accessControlEntry.isGranting() && (list == null || list.contains(accessControlEntry.getSid()))) {
                    ((List) hashMap.computeIfAbsent(accessControlEntry.getSid(), sid -> {
                        return new ArrayList();
                    })).add(accessControlEntry.getPermission());
                }
            }
            return hashMap;
        } catch (NotFoundException e) {
            return Collections.emptyMap();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addPermissions(ObjectIdentity objectIdentity, Map<Sid, List<Permission>> map) {
        if (map == null) {
            return;
        }
        MutableAcl orCreateAcl = getOrCreateAcl(objectIdentity);
        HashMap hashMap = new HashMap();
        for (int i = 0; i < orCreateAcl.getEntries().size(); i++) {
            AccessControlEntry accessControlEntry = (AccessControlEntry) orCreateAcl.getEntries().get(i);
            if (accessControlEntry.isGranting()) {
                ((LinkedHashSet) hashMap.computeIfAbsent(accessControlEntry.getSid(), sid -> {
                    return new LinkedHashSet();
                })).add(accessControlEntry.getPermission());
            }
        }
        for (Map.Entry<Sid, List<Permission>> entry : map.entrySet()) {
            if (entry.getKey() != null) {
                Sid key = entry.getKey();
                LinkedHashSet linkedHashSet = new LinkedHashSet(entry.getValue());
                LinkedHashSet linkedHashSet2 = (LinkedHashSet) hashMap.get(key);
                Iterator it = linkedHashSet.iterator();
                while (it.hasNext()) {
                    Permission permission = (Permission) it.next();
                    if (linkedHashSet2 == null || !linkedHashSet2.contains(permission)) {
                        orCreateAcl.insertAce(orCreateAcl.getEntries().size(), permission, key, true);
                    }
                }
            }
        }
        this.aclService.updateAcl(orCreateAcl);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<Sid, List<Permission>> joinSidsAndPermissions(List<Permission> list, List<Sid> list2) {
        HashMap hashMap = new HashMap();
        Iterator<Sid> it = list2.iterator();
        while (it.hasNext()) {
            hashMap.put(it.next(), list);
        }
        return hashMap;
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public void addPermissions(String str, String str2, List<Permission> list, List<Sid> list2) {
        Objects.requireNonNull(str, "repositoryId cannot be null");
        addPermissions(new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2)), joinSidsAndPermissions(list, list2));
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public void addRootPermissions(Map<Sid, List<Permission>> map) {
        addPermissions(getRootObjectIdentity(), map);
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public void addRootPermissions(List<Permission> list, List<Sid> list2) {
        addPermissions(getRootObjectIdentity(), joinSidsAndPermissions(list, list2));
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public void removePermissions(String str, String str2) {
        Objects.requireNonNull(str, "repositoryId cannot be null");
        removePermissions(new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removePermissions(ObjectIdentity objectIdentity) {
        try {
            evictCache(objectIdentity);
            MutableAcl readAclById = this.aclService.readAclById(objectIdentity);
            for (int size = readAclById.getEntries().size() - 1; size >= 0; size--) {
                readAclById.deleteAce(size);
            }
            this.aclService.updateAcl(readAclById);
        } catch (NotFoundException e) {
        }
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public void removePermissions(String str, String str2, List<Sid> list) {
        Objects.requireNonNull(str, "repositoryId cannot be null");
        if (list == null) {
            return;
        }
        removePermissions((ObjectIdentity) new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2)), list);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removePermissions(ObjectIdentity objectIdentity, List<Sid> list) {
        if (!Objects.equals(objectIdentity.getType(), getObjectIdentityClass().getName()) && !Objects.equals(objectIdentity.getType(), Root.class.getName())) {
            throw new IllegalArgumentException("Invalid object identity");
        }
        if (list == null) {
            return;
        }
        try {
            evictCache(objectIdentity);
            MutableAcl readAclById = this.aclService.readAclById(objectIdentity);
            for (int size = readAclById.getEntries().size() - 1; size >= 0; size--) {
                if (list.contains(((AccessControlEntry) readAclById.getEntries().get(size)).getSid())) {
                    readAclById.deleteAce(size);
                }
            }
            this.aclService.updateAcl(readAclById);
        } catch (NotFoundException e) {
        }
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public void removePermissions(String str, String str2, List<Permission> list, List<Sid> list2) {
        Objects.requireNonNull(str, "repositoryId cannot be null");
        removePermissions((ObjectIdentity) new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2)), joinSidsAndPermissions(list, list2));
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public void removePermissions(String str, String str2, Map<Sid, List<Permission>> map) {
        Objects.requireNonNull(str, "repositoryId cannot be null");
        removePermissions((ObjectIdentity) new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2)), map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removePermissions(ObjectIdentity objectIdentity, Map<Sid, List<Permission>> map) {
        List<Permission> list;
        if (!Objects.equals(objectIdentity.getType(), getObjectIdentityClass().getName()) && !Objects.equals(objectIdentity.getType(), Root.class.getName())) {
            throw new IllegalArgumentException("Invalid object identity");
        }
        if (map == null) {
            return;
        }
        try {
            evictCache(objectIdentity);
            MutableAcl readAclById = this.aclService.readAclById(objectIdentity);
            for (int size = readAclById.getEntries().size() - 1; size >= 0; size--) {
                AccessControlEntry accessControlEntry = (AccessControlEntry) readAclById.getEntries().get(size);
                if (accessControlEntry.isGranting() && (list = map.get(accessControlEntry.getSid())) != null && list.contains(accessControlEntry.getPermission())) {
                    readAclById.deleteAce(size);
                }
            }
            this.aclService.updateAcl(readAclById);
        } catch (NotFoundException e) {
        }
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public void removeRootPermissions(List<Permission> list, List<Sid> list2) {
        removePermissions(getRootObjectIdentity(), joinSidsAndPermissions(list, list2));
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public void removeRootPermissions(List<Sid> list) {
        removePermissions(getRootObjectIdentity(), list);
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public void removeRootPermissions() {
        removePermissions(getRootObjectIdentity());
    }

    protected void movePermissions(ObjectIdentity objectIdentity, Function<ObjectIdentity, ObjectIdentity> function, boolean z) {
        ObjectIdentity apply = function.apply(objectIdentity);
        MutableAcl orCreateAcl = getOrCreateAcl(objectIdentity);
        MutableAcl orCreateAcl2 = getOrCreateAcl(buildParentObjectIdentity(apply));
        MutableAcl createAcl = this.aclService.createAcl(apply);
        this.objectIdentityIdCache.remove(apply);
        createAcl.setParent(orCreateAcl2);
        createAcl.setEntriesInheriting(true);
        for (AccessControlEntry accessControlEntry : orCreateAcl.getEntries()) {
            createAcl.insertAce(createAcl.getEntries().size(), accessControlEntry.getPermission(), accessControlEntry.getSid(), accessControlEntry.isGranting());
        }
        createAcl.setOwner(orCreateAcl.getOwner());
        this.aclService.updateAcl(createAcl);
        List findChildren = this.aclService.findChildren(objectIdentity);
        if (findChildren != null) {
            Iterator it = findChildren.iterator();
            while (it.hasNext()) {
                movePermissions((ObjectIdentity) it.next(), function, false);
            }
        }
        if (z) {
            this.aclService.deleteAcl(objectIdentity, true);
        }
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public void move(String str, String str2, String str3) {
        Objects.requireNonNull(str, "repositoryId cannot be null");
        Objects.requireNonNull(str2, "path cannot be null");
        moveInternal(str, new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2)), str3);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void moveInternal(String str, ObjectIdentity objectIdentity, String str2) {
        movePermissions(objectIdentity, objectIdentity2 -> {
            return new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2) + ((String) objectIdentity2.getIdentifier()).substring(((String) objectIdentity.getIdentifier()).length()));
        }, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isGranted(ObjectIdentity objectIdentity, List<Sid> list, List<Permission> list2) {
        if (list2 == null || list == null) {
            return false;
        }
        if (list.contains(this.relevantSystemWideSid)) {
            return true;
        }
        Long l = this.objectIdentityIdCache.get(objectIdentity);
        if (l != null && System.currentTimeMillis() - l.longValue() <= 15000) {
            ObjectIdentity buildParentObjectIdentity = buildParentObjectIdentity(objectIdentity);
            return buildParentObjectIdentity != null && isGranted(buildParentObjectIdentity, list, list2);
        }
        try {
            try {
                return this.aclService.readAclById(objectIdentity).isGranted(list2, list, false);
            } catch (NotFoundException e) {
                return false;
            }
        } catch (NotFoundException e2) {
            this.objectIdentityIdCache.put(objectIdentity, Long.valueOf(System.currentTimeMillis()));
            ObjectIdentity buildParentObjectIdentity2 = buildParentObjectIdentity(objectIdentity);
            return buildParentObjectIdentity2 != null && isGranted(buildParentObjectIdentity2, list, list2);
        }
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional(readOnly = true)
    public boolean isGranted(String str, String str2, List<Permission> list) {
        Objects.requireNonNull(str, "repositoryId cannot be null");
        if ("local".equals(str)) {
            return true;
        }
        return isGranted((ObjectIdentity) new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2)), getSidRetrievalStrategy().getSids(SecurityContextHolder.getContext().getAuthentication()), list);
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public void deleteAcl(String str, String str2) {
        Objects.requireNonNull(str, "repositoryId cannot be null");
        ObjectIdentity objectIdentityImpl = new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2));
        this.aclService.deleteAcl(objectIdentityImpl, true);
        this.objectIdentityIdCache.remove(objectIdentityImpl);
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public void deleteAclRoot() {
        this.aclService.deleteAcl(getRootObjectIdentity(), true);
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public boolean createAcl(String str, String str2, List<Permission> list, boolean z) {
        Objects.requireNonNull(str, "repositoryId cannot be null");
        return createAcl(new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2)), list, z);
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public boolean hasAcl(String str, String str2) {
        Objects.requireNonNull(str, "repositoryId cannot be null");
        return hasAcl(new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasAcl(ObjectIdentity objectIdentity) {
        try {
            this.aclService.readAclById(objectIdentity);
            return true;
        } catch (NotFoundException e) {
            return false;
        }
    }

    protected boolean tryCreateAcl(ObjectIdentity objectIdentity, List<Permission> list) {
        try {
            this.aclService.readAclById(objectIdentity);
            return false;
        } catch (NotFoundException e) {
            MutableAcl orCreateAcl = getOrCreateAcl(buildParentObjectIdentity(objectIdentity));
            MutableAcl createAcl = this.aclService.createAcl(objectIdentity);
            this.objectIdentityIdCache.remove(objectIdentity);
            createAcl.setParent(orCreateAcl);
            createAcl.setEntriesInheriting(true);
            int i = 0;
            PrincipalSid principalSid = new PrincipalSid(SecurityContextHolder.getContext().getAuthentication());
            Iterator<Permission> it = list.iterator();
            while (it.hasNext()) {
                createAcl.insertAce(i, it.next(), principalSid, true);
                i++;
            }
            this.aclService.updateAcl(createAcl);
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean createAcl(ObjectIdentity objectIdentity, List<Permission> list, boolean z) {
        boolean tryCreateAcl = tryCreateAcl(objectIdentity, list);
        if (tryCreateAcl || !z) {
            return tryCreateAcl;
        }
        this.aclService.deleteAcl(objectIdentity, true);
        return tryCreateAcl(objectIdentity, list);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean updateOwner(ObjectIdentity objectIdentity, Sid sid) {
        try {
            MutableAcl readAclById = this.aclService.readAclById(objectIdentity);
            readAclById.setOwner(sid);
            this.aclService.updateAcl(readAclById);
            return true;
        } catch (NotFoundException e) {
            return false;
        }
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public boolean updateOwner(String str, String str2, Sid sid) {
        Objects.requireNonNull(str, "repositoryId cannot be null");
        return updateOwner(new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2)), sid);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Sid getOwner(ObjectIdentity objectIdentity) {
        try {
            return getOrCreateAcl(objectIdentity).getOwner();
        } catch (NotFoundException e) {
            return null;
        }
    }

    @Override // org.openl.security.acl.repository.SimpleRepositoryAclService
    @Transactional
    public Sid getOwner(String str, String str2) {
        Objects.requireNonNull(str, "repositoryId cannot be null");
        return getOwner(new ObjectIdentityImpl(getObjectIdentityClass(), concat(str, str2)));
    }
}
