package org.jboss.portal.cms.security;

import java.io.InputStream;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.management.ObjectName;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import org.hibernate.Query;
import org.hibernate.SQLQuery;
import org.hibernate.Transaction;
import org.hibernate.classic.Session;
import org.jboss.mx.util.MBeanProxy;
import org.jboss.portal.cms.impl.jcr.JCRCMS;
import org.jboss.portal.cms.util.HibernateUtil;
import org.jboss.portal.cms.util.NodeUtil;
import org.jboss.portal.common.io.IOTools;
import org.jboss.portal.identity.AnonymousRole;
import org.jboss.portal.identity.IdentityConfiguration;
import org.jboss.portal.identity.IdentityException;
import org.jboss.portal.identity.IdentityServiceController;
import org.jboss.portal.identity.MembershipModule;
import org.jboss.portal.identity.Role;
import org.jboss.portal.identity.User;
import org.jboss.portal.identity.UserModule;
import org.jboss.portal.identity.db.HibernateUserModuleImpl;
import org.jboss.portal.jems.as.system.AbstractJBossService;
import org.jboss.portal.jems.hibernate.HibernateProvider;
import org.jboss.portal.security.impl.jacc.JACCPortalPrincipal;
import org.jboss.portal.security.spi.provider.DomainConfigurator;
import org.jboss.portal.security.spi.provider.PermissionFactory;
import org.jboss.portal.security.spi.provider.PermissionRepository;
import org.jboss.portal.security.spi.provider.SecurityConfigurationException;

/* loaded from: input_file:org/jboss/portal/cms/security/AuthorizationProviderImpl.class */
public class AuthorizationProviderImpl extends AbstractJBossService implements AuthorizationProvider {
    private IdentityServiceController identityServiceController = null;
    private MembershipModule membershipModule = null;
    private UserModule userModule = null;
    private String cmsRootUserName = null;
    private User adminUser = null;
    private String cmsSessionFactory = null;
    private String schemaName = null;
    private String nativePermissionQuery;

    public void startService() throws Exception {
        super.startService();
        this.membershipModule = (MembershipModule) this.identityServiceController.getIdentityContext().getObject("Membership");
        this.userModule = (UserModule) this.identityServiceController.getIdentityContext().getObject("User");
        try {
            HibernateProvider hibernateProvider = (HibernateProvider) MBeanProxy.get(HibernateProvider.class, new ObjectName("portal:service=Hibernate,type=Instance"), getServer());
            if (hibernateProvider != null) {
                this.schemaName = hibernateProvider.getConfig().getProperty("hibernate.default_schema");
            }
        } catch (Exception e) {
            this.log.warn("Can't access \"portal:service=Hibernate,type=Instance\" MBean");
        }
        InputStream inputStream = null;
        try {
            inputStream = Thread.currentThread().getContextClassLoader().getResourceAsStream("findPermissionsByUser.sql");
            this.nativePermissionQuery = MessageFormat.format(new String(IOTools.getBytes(inputStream)).trim(), this.schemaName != null ? this.schemaName + "." : "");
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Exception e2) {
                }
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Exception e3) {
                }
            }
            throw th;
        }
    }

    public DomainConfigurator getConfigurator() {
        return this;
    }

    public PermissionFactory getPermissionFactory() {
        return null;
    }

    public PermissionRepository getPermissionRepository() {
        return null;
    }

    public String getType() {
        return getClass().getName();
    }

    public String getCmsRootUserName() {
        return this.cmsRootUserName;
    }

    public void setCmsRootUserName(String str) {
        this.cmsRootUserName = str;
    }

    public String getCmsSessionFactory() {
        return this.cmsSessionFactory;
    }

    public void setCmsSessionFactory(String str) {
        this.cmsSessionFactory = str;
    }

    public void setSecurityBindings(String str, Set set) throws SecurityConfigurationException {
        if (set != null) {
            Iterator it = set.iterator();
            while (it.hasNext()) {
                Permission permission = (Permission) it.next();
                if (permission.getRoles() == null && permission.getUsers() == null) {
                    store(permission);
                } else {
                    store(permission, permission.getRoles(), permission.getUsers());
                }
            }
        }
    }

    public void removeSecurityBindings(String str) throws SecurityConfigurationException {
        remove(getSecurityBindings(str));
    }

    public Set getSecurityBindings(String str) {
        HashSet hashSet = new HashSet();
        if (str.startsWith("user://")) {
            Collection findPermissionsByUser = findPermissionsByUser(str.substring("user://".length()));
            if (findPermissionsByUser != null) {
                hashSet.addAll(findPermissionsByUser);
            }
        } else if (str.startsWith("role://")) {
            Collection findPermissionsByRole = findPermissionsByRole(str.substring("role://".length()));
            if (findPermissionsByRole != null) {
                hashSet.addAll(findPermissionsByRole);
            }
        } else if (str.startsWith("criteria://")) {
            String substring = str.substring("criteria://".length());
            int indexOf = substring.indexOf(47);
            Collection findPermissionsByCriteria = findPermissionsByCriteria(new Criteria(substring.substring(0, indexOf), substring.substring(indexOf + 1)));
            if (findPermissionsByCriteria != null) {
                hashSet.addAll(findPermissionsByCriteria);
            }
        }
        return hashSet;
    }

    @Override // org.jboss.portal.cms.security.AuthorizationProvider
    public User getRoot() {
        if (this.adminUser == null) {
            Transaction beginTransaction = HibernateUtil.getSessionFactory(this.cmsSessionFactory).getCurrentSession().beginTransaction();
            try {
                this.adminUser = this.userModule.findUserByUserName(this.cmsRootUserName);
            } catch (Exception e) {
                if (beginTransaction != null) {
                    beginTransaction.rollback();
                }
                throw new RuntimeException(e);
            }
        }
        return this.adminUser;
    }

    @Override // org.jboss.portal.cms.security.AuthorizationProvider
    public String getDefaultAdminRole() {
        try {
            return ((IdentityConfiguration) this.identityServiceController.getIdentityContext().getObject("IdentityConfiguration")).getValue("defaultAdminRole");
        } catch (IdentityException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    @Override // org.jboss.portal.cms.security.AuthorizationProvider
    public String getUserURI(String str) {
        return "user://" + str;
    }

    @Override // org.jboss.portal.cms.security.AuthorizationProvider
    public String getRoleURI(String str) {
        return "role://" + str;
    }

    @Override // org.jboss.portal.cms.security.AuthorizationProvider
    public String getCriteriaURI(String str, String str2) {
        return "criteria://" + str + NodeUtil.PATH_SEPARATOR + str2;
    }

    @Override // org.jboss.portal.cms.security.AuthorizationProvider
    public MembershipModule getMembershipModule() {
        return this.membershipModule;
    }

    public IdentityServiceController getIdentityServiceController() {
        return this.identityServiceController;
    }

    public void setIdentityServiceController(IdentityServiceController identityServiceController) {
        this.identityServiceController = identityServiceController;
    }

    private void store(Permission permission, Collection collection, Collection collection2) {
        if (collection != null) {
            HashSet hashSet = new HashSet();
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                Role role = (Role) it.next();
                PermRoleAssoc permRoleAssoc = new PermRoleAssoc();
                if (role instanceof AnonymousRole) {
                    permRoleAssoc.setRoleId(AuthorizationManager.Anonymous);
                } else {
                    permRoleAssoc.setRoleId(role.getName());
                }
                hashSet.add(permRoleAssoc);
            }
            permission.setRoleAssoc(hashSet);
        } else {
            permission.setRoleAssoc(null);
        }
        if (collection2 != null) {
            HashSet hashSet2 = new HashSet();
            Iterator it2 = collection2.iterator();
            while (it2.hasNext()) {
                User user = (User) it2.next();
                PermUserAssoc permUserAssoc = new PermUserAssoc();
                permUserAssoc.setUserId(user.getUserName());
                hashSet2.add(permUserAssoc);
            }
            permission.setUserAssoc(hashSet2);
        } else {
            permission.setUserAssoc(null);
        }
        store(permission);
    }

    private void store(Permission permission) {
        HibernateUtil.getSessionFactory(this.cmsSessionFactory).getCurrentSession().saveOrUpdate(permission);
    }

    private void remove(Collection collection) {
        Session currentSession = HibernateUtil.getSessionFactory(this.cmsSessionFactory).getCurrentSession();
        if (collection != null) {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                currentSession.delete((Permission) it.next());
            }
        }
    }

    private Collection findPermissionsByUser(String str) {
        Session currentSession = HibernateUtil.getSessionFactory(this.cmsSessionFactory).getCurrentSession();
        try {
            HashSet hashSet = new HashSet();
            Query createQuery = currentSession.createQuery("SELECT permission from Permission permission JOIN permission.userAssoc user WHERE user.userId=?");
            createQuery.setString(0, str);
            createQuery.setCacheable(true);
            hashSet.addAll(createQuery.list());
            if (this.userModule instanceof HibernateUserModuleImpl) {
                SQLQuery addEntity = currentSession.createSQLQuery(this.nativePermissionQuery).addEntity(Permission.class);
                addEntity.setString(0, str);
                addEntity.setCacheable(true);
                hashSet.addAll(addEntity.list());
            } else {
                Set currentRoles = getCurrentRoles();
                if (currentRoles != null) {
                    Iterator it = currentRoles.iterator();
                    while (it.hasNext()) {
                        Collection findPermissionsByRole = findPermissionsByRole((String) it.next());
                        if (findPermissionsByRole != null && !findPermissionsByRole.isEmpty()) {
                            hashSet.addAll(findPermissionsByRole);
                        }
                    }
                }
            }
            return hashSet;
        } catch (Exception e) {
            this.log.error(this, e);
            throw new RuntimeException(e);
        }
    }

    private Collection findPermissionsByRole(String str) {
        HashSet hashSet = new HashSet();
        try {
            Query createQuery = HibernateUtil.getSessionFactory(this.cmsSessionFactory).getCurrentSession().createQuery("SELECT permission from Permission permission JOIN permission.roleAssoc role WHERE role.roleId=?");
            createQuery.setString(0, str);
            createQuery.setCacheable(true);
            hashSet.addAll(createQuery.list());
            return hashSet;
        } catch (Exception e) {
            this.log.error(this, e);
            throw new RuntimeException(e);
        }
    }

    private Collection findPermissionsByCriteria(Criteria criteria) {
        HashSet hashSet = new HashSet();
        try {
            Query createQuery = HibernateUtil.getSessionFactory(this.cmsSessionFactory).getCurrentSession().createQuery("SELECT permission from Permission permission JOIN permission.criteria criteria WHERE criteria.name=? AND criteria.value=?");
            createQuery.setString(0, criteria.getName());
            createQuery.setString(1, criteria.getValue());
            createQuery.setCacheable(true);
            hashSet.addAll(createQuery.list());
            return hashSet;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Set getCurrentRoles() throws PolicyContextException {
        Set hashSet = new HashSet();
        Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
        if (subject != null) {
            Set<JACCPortalPrincipal> principals = subject.getPrincipals(JACCPortalPrincipal.class);
            r8 = null;
            for (JACCPortalPrincipal jACCPortalPrincipal : principals) {
                if (jACCPortalPrincipal != null) {
                    break;
                }
            }
            if (jACCPortalPrincipal == null) {
                JACCPortalPrincipal jACCPortalPrincipal2 = new JACCPortalPrincipal(subject);
                principals.add(jACCPortalPrincipal2);
                Iterator it = jACCPortalPrincipal2.getRoles().iterator();
                while (it.hasNext()) {
                    hashSet.add(((Principal) it.next()).getName());
                }
            }
        }
        if (hashSet.isEmpty()) {
            hashSet = JCRCMS.getRoles();
        }
        return hashSet;
    }
}
