package de.sep.sesam.acl;

import de.sep.sesam.acl.IAclEnabledDao;
import de.sep.sesam.gui.common.DefaultGroupNames;
import de.sep.sesam.gui.common.DefaultUserNames;
import de.sep.sesam.gui.common.acl.AclObjectUtil;
import de.sep.sesam.gui.common.acl.DefaultAclProvider;
import de.sep.sesam.gui.common.json.JsonUtil;
import de.sep.sesam.gui.common.logging.RecurringLogFilter;
import de.sep.sesam.model.AclPermission;
import de.sep.sesam.model.AclUser;
import de.sep.sesam.model.Acls;
import de.sep.sesam.model.Groups;
import de.sep.sesam.model.Users;
import de.sep.sesam.model.base.AbstractSerializableObject;
import de.sep.sesam.model.interfaces.IAclEntity;
import de.sep.sesam.model.interfaces.IEntity;
import de.sep.sesam.model.type.AclGrantType;
import de.sep.sesam.model.type.AclPermissionType;
import de.sep.sesam.model.type.AclUserType;
import de.sep.sesam.restapi.authentication.SessionContext;
import de.sep.sesam.restapi.dao.DaoAccessor;
import de.sep.sesam.restapi.dao.IGenericDao;
import de.sep.sesam.restapi.dao.UsersDaoServer;
import de.sep.sesam.restapi.dao.filter.AbstractAclEnabledFilter;
import de.sep.sesam.restapi.dao.filter.AclsFilter;
import de.sep.sesam.restapi.exception.ServiceException;
import de.sep.sesam.restapi.service.impl.LoginServiceImpl;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:de/sep/sesam/acl/AclManager.class */
public final class AclManager {
    private static transient AclManager instance;
    private final ThreadLocal<Users> forcedUser = new ThreadLocal<>();
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/sep/sesam/acl/AclManager$IDelegate.class */
    public interface IDelegate {
        boolean appliesForGrantTypeDeny(AclPermissionType aclPermissionType);

        boolean appliesForGrantTypeAllow(AclPermissionType aclPermissionType);
    }

    private AclManager() {
    }

    public static synchronized AclManager getInstance() {
        if (instance == null) {
            instance = new AclManager();
        }
        return instance;
    }

    public void setForcedUser(Users users) {
        if (users != null) {
            this.forcedUser.set(users);
        } else {
            this.forcedUser.remove();
        }
    }

    public Users getForcedUser() {
        return this.forcedUser.get();
    }

    public <T extends IAclEntity<?>> List<T> filter(List<T> list, String str) throws ServiceException {
        return filter(list, str, null);
    }

    public <T extends IAclEntity<?>> List<T> filter(List<T> list, String str, AbstractAclEnabledFilter abstractAclEnabledFilter) throws ServiceException {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if (list == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (T t : list) {
            if (canRead(t, str)) {
                if (abstractAclEnabledFilter != null) {
                    if (!abstractAclEnabledFilter.excludeNotWritable || canWrite(t, str)) {
                        if (abstractAclEnabledFilter.excludeNotExecutable && !canExecute(t, str)) {
                        }
                    }
                }
                arrayList.add(t);
            }
        }
        return arrayList;
    }

    public void removeAcls(String str, String str2) throws ServiceException {
        SessionContext session;
        if (!$assertionsDisabled && str2 == null) {
            throw new AssertionError();
        }
        if (StringUtils.isBlank(str) || (session = getSession()) == null || session.getDaos() == null) {
            return;
        }
        DaoAccessor daos = session.getDaos();
        if (!$assertionsDisabled && daos == null) {
            throw new AssertionError();
        }
        AclsFilter aclsFilter = new AclsFilter();
        aclsFilter.setObject(str);
        aclsFilter.setOrigin(str2);
        Iterator<Acls> it = daos.getAclsDao().filter(aclsFilter).iterator();
        while (it.hasNext()) {
            daos.getAclsDao().remove(it.next().getPK());
        }
    }

    public <T extends IEntity<?>> Acls[] getAcls(T t, String str, boolean z) throws ServiceException {
        SessionContext session;
        if (t == null || StringUtils.isBlank(str) || (session = getSession()) == null || session.getDaos() == null || getSessionUser(session) == null) {
            return null;
        }
        DaoAccessor daos = session.getDaos();
        if (!$assertionsDisabled && daos == null) {
            throw new AssertionError();
        }
        Object obj = null;
        if (!z) {
            obj = t.getPK();
            if (obj == null) {
                return null;
            }
        }
        return getAcls(daos, t, obj != null ? obj.toString() : null, str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v102, types: [de.sep.sesam.model.interfaces.IEntity] */
    /* JADX WARN: Type inference failed for: r0v119, types: [de.sep.sesam.model.interfaces.IEntity] */
    private <T extends IEntity<?>> Acls[] getAcls(DaoAccessor daoAccessor, T t, String str, String str2) throws ServiceException {
        Acls[] acls;
        if (daoAccessor == null || StringUtils.isBlank(str2)) {
            return null;
        }
        ArrayList<Acls> arrayList = new ArrayList();
        if (StringUtils.isNotBlank(str)) {
            AclsFilter aclsFilter = new AclsFilter();
            aclsFilter.setObject(str);
            aclsFilter.setOrigin(str2);
            List<Acls> filter = daoAccessor.getAclsDao().filter(aclsFilter);
            if (filter == null || filter.size() <= 0) {
                if (t == null) {
                    t = (IEntity) AclObjectUtil.getDaoEntity(str, str2);
                }
                Acls defaultAcl = DefaultAclProvider.getDefaultAcl(t, daoAccessor.getGroupsDao().getAll(), false);
                if (defaultAcl != null) {
                    arrayList.add(defaultAcl);
                }
            } else {
                arrayList.add(filter.get(0));
            }
        }
        if (arrayList.isEmpty()) {
            Object daoForOrigin = AclObjectUtil.getDaoForOrigin(str2);
            if (daoForOrigin instanceof IAclEnabledDao) {
                IAclEnabledDao iAclEnabledDao = (IAclEnabledDao) daoForOrigin;
                boolean isBypassAcl = iAclEnabledDao.isBypassAcl();
                iAclEnabledDao.setBypassAcl(true);
                boolean z = !RecurringLogFilter.isSkip();
                if (z) {
                    RecurringLogFilter.skip();
                }
                if (t == null && (daoForOrigin instanceof IGenericDao) && StringUtils.isNotBlank(str)) {
                    t = ((IGenericDao) iAclEnabledDao).get(((IGenericDao) iAclEnabledDao).pkFromString(str));
                }
                if (t != null) {
                    try {
                        List<IAclEnabledDao.ParentObject> parentObjects = iAclEnabledDao.getParentObjects(t);
                        iAclEnabledDao.setBypassAcl(isBypassAcl);
                        if (z) {
                            RecurringLogFilter.done();
                        }
                        if (parentObjects != null) {
                            ArrayList arrayList2 = new ArrayList();
                            for (int i = 0; i < parentObjects.size(); i++) {
                                IAclEnabledDao.ParentObject parentObject = parentObjects.get(i);
                                String str3 = parentObject.object;
                                String str4 = parentObject.origin;
                                if (StringUtils.isBlank(str4)) {
                                    str4 = str2;
                                }
                                if (StringUtils.isNotBlank(str3) && (acls = getAcls(daoAccessor, null, str3, str4)) != null && acls.length > 0) {
                                    for (Acls acls2 : acls) {
                                        if (!arrayList2.contains(acls2)) {
                                            arrayList2.add(acls2);
                                        }
                                    }
                                }
                            }
                            if (!arrayList2.isEmpty()) {
                                arrayList.addAll(arrayList2);
                            }
                        }
                    } catch (Throwable th) {
                        iAclEnabledDao.setBypassAcl(isBypassAcl);
                        if (z) {
                            RecurringLogFilter.done();
                        }
                        throw th;
                    }
                } else {
                    iAclEnabledDao.setBypassAcl(isBypassAcl);
                    if (z) {
                        RecurringLogFilter.done();
                    }
                }
            }
        }
        if (!arrayList.isEmpty()) {
            for (Acls acls3 : arrayList) {
                if (acls3.getUsers() == null && StringUtils.isNotBlank(acls3.getValue())) {
                    try {
                        acls3.setUsers(JsonUtil.readList(acls3.getValue(), AclUser.class));
                    } catch (IOException e) {
                    }
                }
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return (Acls[]) arrayList.toArray(new Acls[arrayList.size()]);
    }

    public SessionContext getSession() {
        if (SecurityContextHolder.getContext() == null) {
            return null;
        }
        return (SessionContext) SecurityContextHolder.getContext().getAuthentication();
    }

    private Users getSessionUser(SessionContext sessionContext) {
        if (!$assertionsDisabled && sessionContext == null) {
            throw new AssertionError();
        }
        Users forcedUser = getForcedUser();
        return forcedUser != null ? forcedUser : sessionContext.getUser();
    }

    public <T extends IAclEntity<?>> boolean canRead(T t, String str) throws ServiceException {
        return checkPermission(t, str, new IDelegate() { // from class: de.sep.sesam.acl.AclManager.1
            static final /* synthetic */ boolean $assertionsDisabled;

            @Override // de.sep.sesam.acl.AclManager.IDelegate
            public boolean appliesForGrantTypeDeny(AclPermissionType aclPermissionType) {
                if ($assertionsDisabled || aclPermissionType != null) {
                    return AclPermissionType.FULL_CONTROL.equals(aclPermissionType) || AclPermissionType.READ.equals(aclPermissionType) || AclPermissionType.READ_EXECUTE.equals(aclPermissionType);
                }
                throw new AssertionError();
            }

            @Override // de.sep.sesam.acl.AclManager.IDelegate
            public boolean appliesForGrantTypeAllow(AclPermissionType aclPermissionType) {
                if ($assertionsDisabled || aclPermissionType != null) {
                    return AclPermissionType.FULL_CONTROL.equals(aclPermissionType) || AclPermissionType.READ.equals(aclPermissionType) || AclPermissionType.READ_EXECUTE.equals(aclPermissionType);
                }
                throw new AssertionError();
            }

            static {
                $assertionsDisabled = !AclManager.class.desiredAssertionStatus();
            }
        });
    }

    public <T extends IAclEntity<?>> boolean canWrite(T t, String str) throws ServiceException {
        return checkPermission(t, str, new IDelegate() { // from class: de.sep.sesam.acl.AclManager.2
            static final /* synthetic */ boolean $assertionsDisabled;

            @Override // de.sep.sesam.acl.AclManager.IDelegate
            public boolean appliesForGrantTypeDeny(AclPermissionType aclPermissionType) {
                if ($assertionsDisabled || aclPermissionType != null) {
                    return AclPermissionType.FULL_CONTROL.equals(aclPermissionType) || AclPermissionType.WRITE.equals(aclPermissionType);
                }
                throw new AssertionError();
            }

            @Override // de.sep.sesam.acl.AclManager.IDelegate
            public boolean appliesForGrantTypeAllow(AclPermissionType aclPermissionType) {
                if ($assertionsDisabled || aclPermissionType != null) {
                    return AclPermissionType.FULL_CONTROL.equals(aclPermissionType) || AclPermissionType.WRITE.equals(aclPermissionType);
                }
                throw new AssertionError();
            }

            static {
                $assertionsDisabled = !AclManager.class.desiredAssertionStatus();
            }
        });
    }

    public <T extends IAclEntity<?>> boolean canExecute(T t, String str) throws ServiceException {
        return checkPermission(t, str, new IDelegate() { // from class: de.sep.sesam.acl.AclManager.3
            static final /* synthetic */ boolean $assertionsDisabled;

            @Override // de.sep.sesam.acl.AclManager.IDelegate
            public boolean appliesForGrantTypeDeny(AclPermissionType aclPermissionType) {
                if ($assertionsDisabled || aclPermissionType != null) {
                    return AclPermissionType.FULL_CONTROL.equals(aclPermissionType) || AclPermissionType.READ_EXECUTE.equals(aclPermissionType);
                }
                throw new AssertionError();
            }

            @Override // de.sep.sesam.acl.AclManager.IDelegate
            public boolean appliesForGrantTypeAllow(AclPermissionType aclPermissionType) {
                if ($assertionsDisabled || aclPermissionType != null) {
                    return AclPermissionType.FULL_CONTROL.equals(aclPermissionType) || AclPermissionType.READ_EXECUTE.equals(aclPermissionType);
                }
                throw new AssertionError();
            }

            static {
                $assertionsDisabled = !AclManager.class.desiredAssertionStatus();
            }
        });
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <T extends IAclEntity<?>> boolean checkPermission(T t, String str, IDelegate iDelegate) throws ServiceException {
        if (!$assertionsDisabled && iDelegate == null) {
            throw new AssertionError();
        }
        if (t == null || StringUtils.isBlank(str)) {
            return false;
        }
        SessionContext session = getSession();
        if (session == null || session.getDaos() == null || getSessionUser(session) == null) {
            return true;
        }
        DaoAccessor daos = session.getDaos();
        if (!$assertionsDisabled && daos == null) {
            throw new AssertionError();
        }
        if (LoginServiceImpl.isPolicyBasedPermissions()) {
            List<Groups> groupsByUser = daos.getGroupsDao().getGroupsByUser(getSessionUser(session));
            if (groupsByUser != null) {
                Iterator<Groups> it = groupsByUser.iterator();
                while (it.hasNext()) {
                    if (DefaultGroupNames.ADMIN.equals(it.next().getName())) {
                        return true;
                    }
                }
            }
        } else if (DefaultUserNames.ADMIN_USER.equals(getSessionUser(session).getName())) {
            return true;
        }
        String str2 = null;
        Object pk = t.getPK();
        if (pk != null) {
            str2 = pk.toString();
            if (pk instanceof AbstractSerializableObject) {
                try {
                    str2 = JsonUtil.toString(pk);
                } catch (Exception e) {
                }
            }
        }
        Acls[] acls = getAcls(daos, t, str2, str);
        if (acls == null) {
            return true;
        }
        if (acls != null && acls.length == 0) {
            return true;
        }
        boolean z = true;
        for (int i = 0; i < acls.length && z; i++) {
            List<AclUser> users = acls[i].getUsers();
            if (users != null) {
                ArrayList arrayList = new ArrayList(users);
                Collections.sort(arrayList, AclUser.sorter());
                AclUser aclUser = null;
                boolean z2 = true;
                ArrayList arrayList2 = null;
                for (int i2 = 0; i2 < arrayList.size() && z2; i2++) {
                    AclUser aclUser2 = (AclUser) arrayList.get(i2);
                    if (aclUser2.getId() == null && AclUserType.GROUP.equals(aclUser2.getType())) {
                        aclUser = aclUser2;
                    } else if (aclUser2.getId() == null) {
                        continue;
                    } else if (AclUserType.USER.equals(aclUser2.getType())) {
                        Users users2 = null;
                        if (!$assertionsDisabled && !(daos.getUsersDao() instanceof IAclEnabledDao)) {
                            throw new AssertionError();
                        }
                        ((IAclEnabledDao) daos.getUsersDao()).setBypassAcl(true);
                        try {
                            users2 = (Users) daos.getUsersDao().get((UsersDaoServer) Long.decode(aclUser2.getId()));
                            ((IAclEnabledDao) daos.getUsersDao()).setBypassAcl(false);
                        } catch (ServiceException | NumberFormatException e2) {
                            ((IAclEnabledDao) daos.getUsersDao()).setBypassAcl(false);
                        } catch (Throwable th) {
                            ((IAclEnabledDao) daos.getUsersDao()).setBypassAcl(false);
                            throw th;
                        }
                        if (users2 == null) {
                            continue;
                        } else {
                            if (!$assertionsDisabled && users2.getId() == null) {
                                throw new AssertionError();
                            }
                            if (users2.getId().equals(getSessionUser(session).getId())) {
                                z2 = false;
                                Iterator<AclPermission> it2 = aclUser2.getPermissionsList().iterator();
                                while (true) {
                                    if (it2.hasNext()) {
                                        AclPermission next = it2.next();
                                        if (!AclGrantType.DENY.equals(next.getGrantType()) || !iDelegate.appliesForGrantTypeDeny(next.getType())) {
                                            if (AclGrantType.ALLOW.equals(next.getGrantType()) && iDelegate.appliesForGrantTypeAllow(next.getType())) {
                                                z = true;
                                                break;
                                            }
                                        } else {
                                            z = false;
                                            break;
                                        }
                                    }
                                }
                            }
                        }
                    } else if (AclUserType.GROUP.equals(aclUser2.getType())) {
                        Groups groups = null;
                        if (!$assertionsDisabled && !(daos.getGroupsDao() instanceof IAclEnabledDao)) {
                            throw new AssertionError();
                        }
                        ((IAclEnabledDao) daos.getGroupsDao()).setBypassAcl(true);
                        try {
                            groups = (Groups) daos.getGroupsDao().get(Long.decode(aclUser2.getId()));
                            ((IAclEnabledDao) daos.getGroupsDao()).setBypassAcl(false);
                        } catch (ServiceException | NumberFormatException e3) {
                            ((IAclEnabledDao) daos.getGroupsDao()).setBypassAcl(false);
                        } catch (Throwable th2) {
                            ((IAclEnabledDao) daos.getGroupsDao()).setBypassAcl(false);
                            throw th2;
                        }
                        if (groups == null) {
                            continue;
                        } else {
                            if (!$assertionsDisabled && groups.getId() == null) {
                                throw new AssertionError();
                            }
                            ((IAclEnabledDao) daos.getGroupsDao()).setBypassAcl(true);
                            List<Groups> list = null;
                            try {
                                list = daos.getGroupsDao().getGroupsByUser(getSessionUser(session));
                                ((IAclEnabledDao) daos.getGroupsDao()).setBypassAcl(false);
                            } catch (ServiceException e4) {
                                ((IAclEnabledDao) daos.getGroupsDao()).setBypassAcl(false);
                            } catch (Throwable th3) {
                                ((IAclEnabledDao) daos.getGroupsDao()).setBypassAcl(false);
                                throw th3;
                            }
                            if (list != null) {
                                if (arrayList2 == null) {
                                    arrayList2 = new ArrayList(list);
                                }
                                Iterator<Groups> it3 = list.iterator();
                                while (true) {
                                    if (it3.hasNext()) {
                                        Groups next2 = it3.next();
                                        if (groups.getId().equals(next2.getId())) {
                                            arrayList2.remove(next2);
                                            if (arrayList2.isEmpty()) {
                                                z2 = false;
                                            }
                                            Iterator<AclPermission> it4 = aclUser2.getPermissionsList().iterator();
                                            while (true) {
                                                if (it4.hasNext()) {
                                                    AclPermission next3 = it4.next();
                                                    if (!AclGrantType.DENY.equals(next3.getGrantType()) || !iDelegate.appliesForGrantTypeDeny(next3.getType())) {
                                                        if (AclGrantType.ALLOW.equals(next3.getGrantType()) && iDelegate.appliesForGrantTypeAllow(next3.getType())) {
                                                            z = true;
                                                            break;
                                                        }
                                                    } else {
                                                        z = false;
                                                        break;
                                                    }
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    } else {
                        continue;
                    }
                }
                if (z2 && aclUser != null) {
                    Iterator<AclPermission> it5 = aclUser.getPermissionsList().iterator();
                    while (true) {
                        if (it5.hasNext()) {
                            AclPermission next4 = it5.next();
                            if (!AclGrantType.DENY.equals(next4.getGrantType()) || !iDelegate.appliesForGrantTypeDeny(next4.getType())) {
                                if (AclGrantType.ALLOW.equals(next4.getGrantType()) && iDelegate.appliesForGrantTypeAllow(next4.getType())) {
                                    z = true;
                                    break;
                                }
                            } else {
                                z = false;
                                break;
                            }
                        }
                    }
                }
            }
        }
        return z;
    }

    static {
        $assertionsDisabled = !AclManager.class.desiredAssertionStatus();
    }
}
