package org.jboss.security.acl;

import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.identity.Identity;

/* JADX WARN: Classes with same name are omitted:
  input_file:eap6/api-jars/picketbox-4.0.7.Final.jar:org/jboss/security/acl/ACLProviderImpl.class
 */
/* loaded from: input_file:eap7/api-jars/picketbox-4.9.4.Final.jar:org/jboss/security/acl/ACLProviderImpl.class */
public class ACLProviderImpl implements ACLProvider {
    private static final String PERSISTENCE_STRATEGY_OPTION = "persistenceStrategy";
    private static final String CHECK_PARENT_ACL_OPTION = "checkParentACL";
    protected ACLPersistenceStrategy strategy;
    private boolean checkParentACL;

    @Override // org.jboss.security.acl.ACLProvider
    public void initialize(Map<String, Object> map, Map<String, Object> map2) {
        String str = (String) map2.get(PERSISTENCE_STRATEGY_OPTION);
        if (str == null) {
            str = "org.jboss.security.acl.JPAPersistenceStrategy";
        }
        this.checkParentACL = Boolean.valueOf((String) map2.get(CHECK_PARENT_ACL_OPTION)).booleanValue();
        try {
            this.strategy = (ACLPersistenceStrategy) loadClass(str).newInstance();
        } catch (Exception e) {
            throw PicketBoxMessages.MESSAGES.unableToCreateACLPersistenceStrategy(e);
        }
    }

    @Override // org.jboss.security.acl.ACLProvider
    public <T> Set<T> getEntitlements(Class<T> cls, Resource resource, Identity identity) throws AuthorizationException {
        if (!EntitlementEntry.class.equals(cls)) {
            return null;
        }
        HashSet hashSet = new HashSet();
        ACLPermission initialPermissions = getInitialPermissions(resource, identity.getName());
        if (initialPermissions != null) {
            fillEntitlements(hashSet, resource, identity.getName(), initialPermissions);
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void fillEntitlements(Set<EntitlementEntry> set, Resource resource, String str, ACLPermission aCLPermission) {
        ACLPermission aCLPermission2 = aCLPermission;
        ACL acl = this.strategy.getACL(resource);
        if (acl != null) {
            ACLEntry entry = acl.getEntry(str);
            if (entry == null) {
                return;
            }
            aCLPermission2 = entry.getPermission();
            set.add(new EntitlementEntry(resource, aCLPermission2, str));
        } else {
            set.add(new EntitlementEntry(resource, aCLPermission2, str));
        }
        Collection collection = (Collection) resource.getMap().get(ResourceKeys.CHILD_RESOURCES);
        if (collection != null) {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                fillEntitlements(set, (Resource) it.next(), str, aCLPermission2);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ACLPermission getInitialPermissions(Resource resource, String str) {
        ACL acl = this.strategy.getACL(resource);
        if (acl == null) {
            Resource resource2 = (Resource) resource.getMap().get(ResourceKeys.PARENT_RESOURCE);
            return resource2 != null ? getInitialPermissions(resource2, str) : new CompositeACLPermission(BasicACLPermission.values());
        }
        ACLEntry entry = acl.getEntry(str);
        if (entry != null) {
            return entry.getPermission();
        }
        return null;
    }

    @Override // org.jboss.security.acl.ACLProvider
    public ACLPersistenceStrategy getPersistenceStrategy() {
        return this.strategy;
    }

    @Override // org.jboss.security.acl.ACLProvider
    public void setPersistenceStrategy(ACLPersistenceStrategy aCLPersistenceStrategy) {
        if (aCLPersistenceStrategy == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument(PERSISTENCE_STRATEGY_OPTION);
        }
        this.strategy = aCLPersistenceStrategy;
    }

    @Override // org.jboss.security.acl.ACLProvider
    public boolean isAccessGranted(Resource resource, Identity identity, ACLPermission aCLPermission) throws AuthorizationException {
        ACL retrieveACL = retrieveACL(resource);
        if (retrieveACL == null) {
            throw new AuthorizationException(PicketBoxMessages.MESSAGES.unableToLocateACLForResourceMessage(resource != null ? resource.toString() : null));
        }
        ACLEntry entry = retrieveACL.getEntry(identity);
        if (entry != null) {
            return entry.checkPermission(aCLPermission);
        }
        return false;
    }

    private ACL retrieveACL(Resource resource) {
        Resource resource2;
        ACL acl = this.strategy.getACL(resource);
        if (acl == null && this.checkParentACL && (resource2 = (Resource) resource.getMap().get(ResourceKeys.PARENT_RESOURCE)) != null) {
            acl = retrieveACL(resource2);
        }
        return acl;
    }

    @Override // org.jboss.security.acl.ACLProvider
    public boolean tearDown() {
        return true;
    }

    protected Class<?> loadClass(final String str) throws PrivilegedActionException {
        return (Class) AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() { // from class: org.jboss.security.acl.ACLProviderImpl.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Class<?> run() throws PrivilegedActionException {
                try {
                    return Thread.currentThread().getContextClassLoader().loadClass(str);
                } catch (Exception e) {
                    throw new PrivilegedActionException(e);
                }
            }
        });
    }
}
