package org.jboss.seam.security.permission;

import java.io.Serializable;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import org.jboss.seam.security.annotations.permission.PermissionProperty;
import org.jboss.seam.security.annotations.permission.PermissionPropertyType;
import org.jboss.seam.security.permission.PermissionMetadata;
import org.jboss.solder.logging.Logger;
import org.jboss.solder.properties.Property;
import org.jboss.solder.properties.query.PropertyCriteria;
import org.jboss.solder.properties.query.PropertyQueries;
import org.picketlink.idm.spi.model.IdentityObject;

@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/seam-security-3.1.0.Beta3.jar:org/jboss/seam/security/permission/JpaPermissionStore.class */
public class JpaPermissionStore implements PermissionStore, Serializable {
    private static final long serialVersionUID = 4764590939669047915L;
    private static final Logger log = Logger.getLogger((Class<?>) JpaPermissionStore.class);
    private boolean enabled;
    private Class<?> identityPermissionClass;
    private Property<Object> identityProperty;
    private Property<?> relationshipTypeProperty;
    private Property<String> relationshipNameProperty;
    private Property<String> resourceProperty;
    private Property<Object> permissionProperty;
    private Map<Integer, String> queryCache = new HashMap();
    private PermissionMetadata metadata;

    @Inject
    IdentifierPolicy identifierPolicy;

    @Inject
    BeanManager manager;

    @Inject
    Instance<EntityManager> entityManagerInstance;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/seam-security-3.1.0.Beta3.jar:org/jboss/seam/security/permission/JpaPermissionStore$PropertyTypeCriteria.class */
    public class PropertyTypeCriteria implements PropertyCriteria {
        private PermissionPropertyType pt;

        public PropertyTypeCriteria(PermissionPropertyType permissionPropertyType) {
            this.pt = permissionPropertyType;
        }

        @Override // org.jboss.solder.properties.query.PropertyCriteria
        public boolean fieldMatches(Field field) {
            return field.isAnnotationPresent(PermissionProperty.class) && ((PermissionProperty) field.getAnnotation(PermissionProperty.class)).value().equals(this.pt);
        }

        @Override // org.jboss.solder.properties.query.PropertyCriteria
        public boolean methodMatches(Method method) {
            return method.isAnnotationPresent(PermissionProperty.class) && ((PermissionProperty) method.getAnnotation(PermissionProperty.class)).value().equals(this.pt);
        }
    }

    @Inject
    public void init() {
        this.metadata = new PermissionMetadata();
        if (this.identityPermissionClass != null) {
            initProperties();
        } else {
            log.debug("No identityPermissionClass set, JpaPermissionStore will be unavailable.");
            this.enabled = false;
        }
    }

    protected void initProperties() {
        this.identityProperty = PropertyQueries.createQuery(this.identityPermissionClass).addCriteria(new PropertyTypeCriteria(PermissionPropertyType.IDENTITY)).getFirstResult();
        if (this.identityProperty == null) {
            throw new RuntimeException("Invalid identityPermissionClass " + this.identityPermissionClass.getName() + " - required annotation @PermissionProperty(IDENTITY) not found on any field or method.");
        }
        this.relationshipTypeProperty = PropertyQueries.createQuery(this.identityPermissionClass).addCriteria(new PropertyTypeCriteria(PermissionPropertyType.RELATIONSHIP_TYPE)).getFirstResult();
        if (this.relationshipTypeProperty == null) {
            throw new RuntimeException("Invalid identityPermissionClass " + this.identityPermissionClass.getName() + " - required annotation @PermissionProperty(RELATIONSHIP_TYPE) not found on any field or method.");
        }
        this.relationshipNameProperty = PropertyQueries.createQuery(this.identityPermissionClass).addCriteria(new PropertyTypeCriteria(PermissionPropertyType.RELATIONSHIP_NAME)).getFirstResult();
        if (this.relationshipNameProperty == null) {
            throw new RuntimeException("Invalid identityPermissionClass " + this.identityPermissionClass.getName() + " - required annotation @PermissionProperty(RELATIONSHIP_NAME) not found on any field or method.");
        }
        this.resourceProperty = PropertyQueries.createQuery(this.identityPermissionClass).addCriteria(new PropertyTypeCriteria(PermissionPropertyType.RESOURCE)).getFirstResult();
        if (this.resourceProperty == null) {
            throw new RuntimeException("Invalid identityPermissionClass " + this.identityPermissionClass.getName() + " - required annotation @PermissionProperty(RESOURCE) not found on any field or method.");
        }
        this.permissionProperty = PropertyQueries.createQuery(this.identityPermissionClass).addCriteria(new PropertyTypeCriteria(PermissionPropertyType.PERMISSION)).getFirstResult();
        if (this.permissionProperty == null) {
            throw new RuntimeException("Invalid identityPermissionClass " + this.identityPermissionClass.getName() + " - required annotation @PermissionProperty(PERMISSION) not found on any field or method.");
        }
        this.enabled = true;
    }

    protected Query createPermissionQuery(Object obj, Set<?> set, IdentityObject identityObject) {
        if (obj != null && set != null) {
            throw new IllegalArgumentException("Cannot specify both target and targets");
        }
        int i = (obj != null ? 1 : 0) | (set != null ? 2 : 0) | (identityObject != null ? 4 : 0);
        if (!this.queryCache.containsKey(Integer.valueOf(i))) {
            boolean z = false;
            StringBuilder sb = new StringBuilder();
            sb.append("select p from ");
            sb.append(this.identityPermissionClass.getName());
            sb.append(" p");
            if (obj != null) {
                sb.append(" where p.");
                sb.append(this.resourceProperty.getName());
                sb.append(" = :target");
                z = true;
            }
            if (set != null) {
                sb.append(" where p.");
                sb.append(this.resourceProperty.getName());
                sb.append(" in (:targets)");
                z = true;
            }
            if (identityObject != null) {
                sb.append(z ? " and p." : " where p.");
                sb.append(this.identityProperty.getName());
                sb.append(" = :identity");
            }
            this.queryCache.put(Integer.valueOf(i), sb.toString());
        }
        Query createQuery = lookupEntityManager().createQuery(this.queryCache.get(Integer.valueOf(i)));
        if (obj != null) {
            createQuery.setParameter("target", this.identifierPolicy.getIdentifier(obj));
        }
        if (set != null) {
            HashSet hashSet = new HashSet();
            Iterator<?> it = set.iterator();
            while (it.hasNext()) {
                hashSet.add(this.identifierPolicy.getIdentifier(it.next()));
            }
            createQuery.setParameter("targets", hashSet);
        }
        if (identityObject != null) {
            createQuery.setParameter("identity", resolveIdentityEntity(identityObject));
        }
        return createQuery;
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public boolean grantPermission(Permission permission) {
        return updatePermissionActions(permission.getResource(), permission.getIdentity(), new String[]{permission.getPermission()}, true);
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public boolean revokePermission(Permission permission) {
        return updatePermissionActions(permission.getResource(), permission.getIdentity(), new String[]{permission.getPermission()}, false);
    }

    protected boolean updatePermissionActions(Object obj, IdentityObject identityObject, String[] strArr, boolean z) {
        try {
            List resultList = createPermissionQuery(obj, null, identityObject).getResultList();
            if (resultList.isEmpty()) {
                if (!z) {
                    return true;
                }
                PermissionMetadata.ActionSet createActionSet = this.metadata.createActionSet(obj.getClass(), null);
                for (String str : strArr) {
                    createActionSet.add(str);
                }
                Object newInstance = this.identityPermissionClass.newInstance();
                this.resourceProperty.setValue(newInstance, this.identifierPolicy.getIdentifier(obj));
                this.permissionProperty.setValue(newInstance, createActionSet.toString());
                this.identityProperty.setValue(newInstance, resolveIdentityEntity(identityObject));
                lookupEntityManager().persist(newInstance);
                return true;
            }
            Object obj2 = resultList.get(0);
            PermissionMetadata.ActionSet createActionSet2 = this.metadata.createActionSet(obj.getClass(), this.permissionProperty.getValue(obj2).toString());
            for (String str2 : strArr) {
                if (z) {
                    createActionSet2.add(str2);
                } else {
                    createActionSet2.remove(str2);
                }
            }
            if (resultList.size() > 1) {
                for (Object obj3 : resultList) {
                    createActionSet2.addMembers(this.permissionProperty.getValue(obj3).toString());
                    if (!obj3.equals(obj2)) {
                        lookupEntityManager().remove(obj3);
                    }
                }
            }
            if (createActionSet2.isEmpty()) {
                lookupEntityManager().remove(obj2);
                return true;
            }
            this.permissionProperty.setValue(obj2, createActionSet2.toString());
            lookupEntityManager().merge(obj2);
            return true;
        } catch (Exception e) {
            throw new RuntimeException("Could not grant permission", e);
        }
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public boolean grantPermissions(List<Permission> list) {
        Map<Object, Map<IdentityObject, List<Permission>>> groupPermissions = groupPermissions(list);
        for (Object obj : groupPermissions.keySet()) {
            Map<IdentityObject, List<Permission>> map = groupPermissions.get(obj);
            for (IdentityObject identityObject : map.keySet()) {
                List<Permission> list2 = map.get(identityObject);
                String[] strArr = new String[list2.size()];
                for (int i = 0; i < list2.size(); i++) {
                    strArr[i] = list2.get(i).getPermission();
                }
                updatePermissionActions(obj, identityObject, strArr, true);
            }
        }
        return true;
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public boolean revokePermissions(List<Permission> list) {
        Map<Object, Map<IdentityObject, List<Permission>>> groupPermissions = groupPermissions(list);
        for (Object obj : groupPermissions.keySet()) {
            Map<IdentityObject, List<Permission>> map = groupPermissions.get(obj);
            for (IdentityObject identityObject : map.keySet()) {
                List<Permission> list2 = map.get(identityObject);
                String[] strArr = new String[list2.size()];
                for (int i = 0; i < list2.size(); i++) {
                    strArr[i] = list2.get(i).getPermission();
                }
                updatePermissionActions(obj, identityObject, strArr, false);
            }
        }
        return true;
    }

    private Map<Object, Map<IdentityObject, List<Permission>>> groupPermissions(List<Permission> list) {
        HashMap hashMap = new HashMap();
        for (Permission permission : list) {
            if (!hashMap.containsKey(permission.getResource())) {
                hashMap.put(permission.getResource(), new HashMap());
            }
            Map map = (Map) hashMap.get(permission.getResource());
            if (map.containsKey(permission.getIdentity())) {
                ((List) map.get(permission.getIdentity())).add(permission);
            } else {
                ArrayList arrayList = new ArrayList();
                arrayList.add(permission);
                map.put(permission.getIdentity(), arrayList);
            }
        }
        return hashMap;
    }

    protected Object resolveIdentityEntity(IdentityObject identityObject) {
        return identityObject.getName();
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public List<Permission> listPermissions(Set<Object> set, String str) {
        return listPermissions(null, set, str);
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public List<Permission> listPermissions(Object obj, String str) {
        return listPermissions(obj, null, str);
    }

    protected List<Permission> listPermissions(Object obj, Set<Object> set, String str) {
        if (this.identityPermissionClass == null) {
            return null;
        }
        if (obj != null && set != null) {
            throw new IllegalArgumentException("Cannot specify both target and targets");
        }
        ArrayList arrayList = new ArrayList();
        if (set != null && set.isEmpty()) {
            return arrayList;
        }
        List resultList = (set != null ? createPermissionQuery(null, set, null) : createPermissionQuery(obj, null, null)).getResultList();
        if (set != null) {
            HashMap hashMap = new HashMap();
            for (Object obj2 : set) {
                hashMap.put(this.identifierPolicy.getIdentifier(obj2), obj2);
            }
        }
        for (Object obj3 : resultList) {
            PermissionMetadata.ActionSet actionSet = null;
            if (set == null || obj != null) {
            }
            if (obj != null && (str == null || (0 != 0 && actionSet.contains(str)))) {
                if (str != null) {
                    arrayList.add(new Permission(obj, str, null));
                } else {
                    Iterator<String> it = actionSet.members().iterator();
                    while (it.hasNext()) {
                        arrayList.add(new Permission(obj, it.next(), null));
                    }
                }
            }
        }
        return arrayList;
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public List<Permission> listPermissions(Object obj) {
        return listPermissions(obj, (String) null);
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public List<String> listAvailableActions(Object obj) {
        return this.metadata.listAllowableActions(obj.getClass());
    }

    private EntityManager lookupEntityManager() {
        return (EntityManager) this.entityManagerInstance.get();
    }

    public Class<?> getIdentityPermissionClass() {
        return this.identityPermissionClass;
    }

    public void setIdentityPermissionClass(Class<?> cls) {
        this.identityPermissionClass = cls;
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public void clearPermissions(Object obj) {
        lookupEntityManager().createQuery("delete from " + this.identityPermissionClass.getName() + " p where p." + this.resourceProperty.getName() + " = :resource").setParameter("resource", this.identifierPolicy.getIdentifier(obj)).executeUpdate();
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public boolean isEnabled() {
        return this.enabled;
    }
}
