package org.jboss.seam.security.permission;

import java.io.Serializable;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import org.ajax4jsf.renderkit.compiler.HtmlCompiler;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Create;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
import org.jboss.seam.annotations.security.permission.PermissionAction;
import org.jboss.seam.annotations.security.permission.PermissionDiscriminator;
import org.jboss.seam.annotations.security.permission.PermissionRole;
import org.jboss.seam.annotations.security.permission.PermissionTarget;
import org.jboss.seam.annotations.security.permission.PermissionUser;
import org.jboss.seam.core.Expressions;
import org.jboss.seam.log.LogProvider;
import org.jboss.seam.log.Logging;
import org.jboss.seam.security.Role;
import org.jboss.seam.security.SimplePrincipal;
import org.jboss.seam.security.management.IdentityManager;
import org.jboss.seam.security.management.IdentityStore;
import org.jboss.seam.security.management.JpaIdentityStore;
import org.jboss.seam.security.permission.PermissionMetadata;
import org.jboss.seam.util.AnnotatedBeanProperty;

@Name(PermissionManager.PERMISSION_STORE_COMPONENT_NAME)
@Scope(ScopeType.APPLICATION)
@Install(precedence = 0, value = false)
@BypassInterceptors
/* loaded from: input_file:jboss-seam.jar:org/jboss/seam/security/permission/JpaPermissionStore.class */
public class JpaPermissionStore implements PermissionStore, Serializable {
    private static final LogProvider log = Logging.getLogProvider(JpaPermissionStore.class);
    private Expressions.ValueExpression<EntityManager> entityManager;
    private Class userPermissionClass;
    private Class rolePermissionClass;
    private AnnotatedBeanProperty<PermissionUser> userProperty;
    private AnnotatedBeanProperty<PermissionRole> roleProperty;
    private AnnotatedBeanProperty<PermissionTarget> targetProperty;
    private AnnotatedBeanProperty<PermissionAction> actionProperty;
    private AnnotatedBeanProperty<PermissionDiscriminator> discriminatorProperty;
    private AnnotatedBeanProperty<PermissionTarget> roleTargetProperty;
    private AnnotatedBeanProperty<PermissionAction> roleActionProperty;
    private Map<Integer, String> queryCache = new HashMap();
    private IdentifierPolicy identifierPolicy;
    private PermissionMetadata metadata;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jboss-seam.jar:org/jboss/seam/security/permission/JpaPermissionStore$Discrimination.class */
    public enum Discrimination {
        user,
        role,
        either
    }

    @Create
    public void init() {
        this.metadata = new PermissionMetadata();
        if (this.userPermissionClass == null) {
            log.debug("No permissionClass set, JpaDynamicPermissionStore will be unavailable.");
            return;
        }
        if (this.entityManager == null) {
            this.entityManager = Expressions.instance().createValueExpression("#{entityManager}", EntityManager.class);
        }
        initProperties();
        this.identifierPolicy = (IdentifierPolicy) Component.getInstance((Class<?>) IdentifierPolicy.class, true);
    }

    protected void initProperties() {
        this.userProperty = new AnnotatedBeanProperty<>(this.userPermissionClass, PermissionUser.class);
        this.targetProperty = new AnnotatedBeanProperty<>(this.userPermissionClass, PermissionTarget.class);
        this.actionProperty = new AnnotatedBeanProperty<>(this.userPermissionClass, PermissionAction.class);
        if (this.rolePermissionClass != null) {
            this.roleProperty = new AnnotatedBeanProperty<>(this.rolePermissionClass, PermissionRole.class);
            if (this.roleProperty.isSet()) {
                this.roleTargetProperty = new AnnotatedBeanProperty<>(this.rolePermissionClass, PermissionTarget.class);
                this.roleActionProperty = new AnnotatedBeanProperty<>(this.rolePermissionClass, PermissionAction.class);
            }
        } else {
            this.roleProperty = new AnnotatedBeanProperty<>(this.userPermissionClass, PermissionRole.class);
            if (this.roleProperty.isSet()) {
                this.discriminatorProperty = new AnnotatedBeanProperty<>(this.userPermissionClass, PermissionDiscriminator.class);
            }
        }
        if (!this.userProperty.isSet()) {
            throw new RuntimeException("Invalid userPermissionClass " + this.userPermissionClass.getName() + " - required annotation @PermissionUser not found on any Field or Method.");
        }
        if (this.rolePermissionClass == null) {
            if (!this.discriminatorProperty.isSet()) {
                throw new RuntimeException("Invalid userPermissionClass " + this.userPermissionClass.getName() + " - no rolePermissionClass set and @PermissionDiscriminator annotation not found on any Field or Method");
            }
        } else {
            if (!this.roleProperty.isSet()) {
                throw new RuntimeException("Invalid rolePermissionClass " + this.rolePermissionClass.getName() + " - required annotation @PermissionRole not found on any Field or Method.");
            }
            if (!this.roleTargetProperty.isSet()) {
                throw new RuntimeException("Invalid rolePermissionClass " + this.rolePermissionClass.getName() + " - required annotation @PermissionTarget not found on any Field or Method.");
            }
            if (!this.roleActionProperty.isSet()) {
                throw new RuntimeException("Invalid rolePermissionClass " + this.rolePermissionClass.getName() + " - required annotation @PermissionAction not found on any Field or Method.");
            }
        }
    }

    protected Query createPermissionQuery(Object obj, Set set, Principal principal, Discrimination discrimination) {
        if (obj != null && set != null) {
            throw new IllegalArgumentException("Cannot specify both target and targets");
        }
        int i = (obj != null ? 1 : 0) | (set != null ? 2 : 0) | (principal != null ? 4 : 0) | (discrimination.equals(Discrimination.user) ? 8 : 0) | (discrimination.equals(Discrimination.role) ? 16 : 0) | (discrimination.equals(Discrimination.either) ? 32 : 0);
        boolean equals = discrimination.equals(Discrimination.role);
        boolean z = equals && this.rolePermissionClass != null;
        if (!this.queryCache.containsKey(Integer.valueOf(i))) {
            boolean z2 = false;
            StringBuilder sb = new StringBuilder();
            sb.append("select p from ");
            sb.append(z ? this.rolePermissionClass.getName() : this.userPermissionClass.getName());
            sb.append(" p");
            if (obj != null) {
                sb.append(" where p.");
                sb.append(z ? this.roleTargetProperty.getName() : this.targetProperty.getName());
                sb.append(" = :target");
                z2 = true;
            }
            if (set != null) {
                sb.append(" where p.");
                sb.append(z ? this.roleTargetProperty.getName() : this.targetProperty.getName());
                sb.append(" in (:targets)");
                z2 = true;
            }
            if (principal != null) {
                sb.append(z2 ? " and p." : " where p.");
                sb.append(equals ? this.roleProperty.getName() : this.userProperty.getName());
                sb.append(" = :recipient");
                z2 = true;
            }
            if (!discrimination.equals(Discrimination.either) && this.discriminatorProperty != null) {
                sb.append(z2 ? " and p." : " where p.");
                sb.append(this.discriminatorProperty.getName());
                sb.append(" = :discriminator");
            }
            this.queryCache.put(Integer.valueOf(i), sb.toString());
        }
        Query createQuery = lookupEntityManager().createQuery(this.queryCache.get(Integer.valueOf(i)));
        if (obj != null) {
            createQuery.setParameter("target", this.identifierPolicy.getIdentifier(obj));
        }
        if (set != null) {
            HashSet hashSet = new HashSet();
            Iterator it = set.iterator();
            while (it.hasNext()) {
                hashSet.add(this.identifierPolicy.getIdentifier(it.next()));
            }
            createQuery.setParameter("targets", hashSet);
        }
        if (principal != null) {
            createQuery.setParameter("recipient", resolvePrincipalEntity(principal));
        }
        if (!discrimination.equals(Discrimination.either) && this.discriminatorProperty != null) {
            createQuery.setParameter("discriminator", getDiscriminatorValue(discrimination.equals(Discrimination.role)));
        }
        return createQuery;
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public boolean grantPermission(Permission permission) {
        return updatePermissionActions(permission.getTarget(), permission.getRecipient(), new String[]{permission.getAction()}, true);
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public boolean revokePermission(Permission permission) {
        return updatePermissionActions(permission.getTarget(), permission.getRecipient(), new String[]{permission.getAction()}, false);
    }

    protected boolean updatePermissionActions(Object obj, Principal principal, String[] strArr, boolean z) {
        boolean z2 = principal instanceof Role;
        if (z2) {
            try {
                if (this.rolePermissionClass != null) {
                    List resultList = createPermissionQuery(obj, null, principal, Discrimination.role).getResultList();
                    if (resultList.isEmpty()) {
                        if (!z) {
                            return true;
                        }
                        PermissionMetadata.ActionSet createActionSet = this.metadata.createActionSet(obj.getClass(), null);
                        for (String str : strArr) {
                            createActionSet.add(str);
                        }
                        Object newInstance = this.rolePermissionClass.newInstance();
                        this.roleTargetProperty.setValue(newInstance, this.identifierPolicy.getIdentifier(obj));
                        this.roleActionProperty.setValue(newInstance, createActionSet.toString());
                        this.roleProperty.setValue(newInstance, resolvePrincipalEntity(principal));
                        lookupEntityManager().persist(newInstance);
                        return true;
                    }
                    Object obj2 = resultList.get(0);
                    PermissionMetadata.ActionSet createActionSet2 = this.metadata.createActionSet(obj.getClass(), this.roleActionProperty.getValue(obj2).toString());
                    for (String str2 : strArr) {
                        if (z) {
                            createActionSet2.add(str2);
                        } else {
                            createActionSet2.remove(str2);
                        }
                    }
                    if (resultList.size() > 1) {
                        for (Object obj3 : resultList) {
                            createActionSet2.addMembers(this.roleActionProperty.getValue(obj3).toString());
                            if (!obj3.equals(obj2)) {
                                lookupEntityManager().remove(obj3);
                            }
                        }
                    }
                    if (createActionSet2.isEmpty()) {
                        lookupEntityManager().remove(obj2);
                        return true;
                    }
                    this.roleActionProperty.setValue(obj2, createActionSet2.toString());
                    lookupEntityManager().merge(obj2);
                    return true;
                }
                if (!this.discriminatorProperty.isSet()) {
                    throw new RuntimeException("Could not grant permission, rolePermissionClass not set");
                }
            } catch (Exception e) {
                throw new RuntimeException("Could not grant permission", e);
            }
        }
        if (this.userPermissionClass == null) {
            throw new RuntimeException("Could not grant permission, userPermissionClass not set");
        }
        List resultList2 = createPermissionQuery(obj, null, principal, z2 ? Discrimination.role : Discrimination.user).getResultList();
        if (resultList2.isEmpty()) {
            if (!z) {
                return true;
            }
            PermissionMetadata.ActionSet createActionSet3 = this.metadata.createActionSet(obj.getClass(), null);
            for (String str3 : strArr) {
                createActionSet3.add(str3);
            }
            Object newInstance2 = this.userPermissionClass.newInstance();
            this.targetProperty.setValue(newInstance2, this.identifierPolicy.getIdentifier(obj));
            this.actionProperty.setValue(newInstance2, createActionSet3.toString());
            if (z2) {
                this.roleProperty.setValue(newInstance2, resolvePrincipalEntity(principal));
            } else {
                this.userProperty.setValue(newInstance2, resolvePrincipalEntity(principal));
            }
            if (this.discriminatorProperty.isSet()) {
                PermissionDiscriminator annotation = this.discriminatorProperty.getAnnotation();
                this.discriminatorProperty.setValue(newInstance2, z2 ? annotation.roleValue() : annotation.userValue());
            }
            lookupEntityManager().persist(newInstance2);
            return true;
        }
        Object obj4 = resultList2.get(0);
        PermissionMetadata.ActionSet createActionSet4 = this.metadata.createActionSet(obj.getClass(), this.actionProperty.getValue(obj4).toString());
        for (String str4 : strArr) {
            if (z) {
                createActionSet4.add(str4);
            } else {
                createActionSet4.remove(str4);
            }
        }
        if (resultList2.size() > 1) {
            for (Object obj5 : resultList2) {
                createActionSet4.addMembers(this.actionProperty.getValue(obj5).toString());
                if (!obj5.equals(obj4)) {
                    lookupEntityManager().remove(obj5);
                }
            }
        }
        if (createActionSet4.isEmpty()) {
            lookupEntityManager().remove(obj4);
            return true;
        }
        this.actionProperty.setValue(obj4, createActionSet4.toString());
        lookupEntityManager().merge(obj4);
        return true;
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public boolean grantPermissions(List<Permission> list) {
        Map<Object, Map<Principal, List<Permission>>> groupPermissions = groupPermissions(list);
        for (Object obj : groupPermissions.keySet()) {
            Map<Principal, List<Permission>> map = groupPermissions.get(obj);
            for (Principal principal : map.keySet()) {
                List<Permission> list2 = map.get(principal);
                String[] strArr = new String[list2.size()];
                for (int i = 0; i < list2.size(); i++) {
                    strArr[i] = list2.get(i).getAction();
                }
                updatePermissionActions(obj, principal, strArr, true);
            }
        }
        return true;
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public boolean revokePermissions(List<Permission> list) {
        Map<Object, Map<Principal, List<Permission>>> groupPermissions = groupPermissions(list);
        for (Object obj : groupPermissions.keySet()) {
            Map<Principal, List<Permission>> map = groupPermissions.get(obj);
            for (Principal principal : map.keySet()) {
                List<Permission> list2 = map.get(principal);
                String[] strArr = new String[list2.size()];
                for (int i = 0; i < list2.size(); i++) {
                    strArr[i] = list2.get(i).getAction();
                }
                updatePermissionActions(obj, principal, strArr, false);
            }
        }
        return true;
    }

    private Map<Object, Map<Principal, List<Permission>>> groupPermissions(List<Permission> list) {
        HashMap hashMap = new HashMap();
        for (Permission permission : list) {
            if (!hashMap.containsKey(permission.getTarget())) {
                hashMap.put(permission.getTarget(), new HashMap());
            }
            Map map = (Map) hashMap.get(permission.getTarget());
            if (map.containsKey(permission.getRecipient())) {
                ((List) map.get(permission.getRecipient())).add(permission);
            } else {
                ArrayList arrayList = new ArrayList();
                arrayList.add(permission);
                map.put(permission.getRecipient(), arrayList);
            }
        }
        return hashMap;
    }

    private String getDiscriminatorValue(boolean z) {
        PermissionDiscriminator annotation = this.discriminatorProperty.getAnnotation();
        return z ? annotation.roleValue() : annotation.userValue();
    }

    protected Object resolvePrincipalEntity(Principal principal) {
        boolean z = principal instanceof Role;
        JpaIdentityStore jpaIdentityStore = (JpaIdentityStore) Component.getInstance((Class<?>) JpaIdentityStore.class, true);
        if (jpaIdentityStore != null) {
            if (z && this.roleProperty.isSet() && this.roleProperty.getPropertyType().equals(jpaIdentityStore.getRoleClass())) {
                return jpaIdentityStore.lookupRole(principal.getName());
            }
            if (this.userProperty.getPropertyType().equals(jpaIdentityStore.getUserClass())) {
                return jpaIdentityStore.lookupUser(principal.getName());
            }
        }
        return principal.getName();
    }

    protected Principal resolvePrincipal(Object obj, boolean z) {
        IdentityStore roleIdentityStore = IdentityManager.instance().getRoleIdentityStore();
        JpaIdentityStore jpaIdentityStore = null;
        if (roleIdentityStore instanceof JpaIdentityStore) {
            jpaIdentityStore = (JpaIdentityStore) roleIdentityStore;
        }
        if (obj instanceof String) {
            if (z) {
                return new SimplePrincipal((String) obj);
            }
            return new Role((String) obj, jpaIdentityStore == null ? false : jpaIdentityStore.isRoleConditional((String) obj));
        }
        if (jpaIdentityStore != null) {
            if (z && jpaIdentityStore.getUserClass().equals(obj.getClass())) {
                return new SimplePrincipal(jpaIdentityStore.getUserName(obj));
            }
            if (!z && jpaIdentityStore.getRoleClass().equals(obj.getClass())) {
                String roleName = jpaIdentityStore.getRoleName(obj);
                return new Role(roleName, jpaIdentityStore.isRoleConditional(roleName));
            }
        }
        throw new IllegalArgumentException("Cannot resolve principal name for principal " + obj);
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public List<Permission> listPermissions(Set<Object> set, String str) {
        return listPermissions(null, set, str);
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public List<Permission> listPermissions(Object obj, String str) {
        return listPermissions(obj, null, str);
    }

    protected List<Permission> listPermissions(Object obj, Set<Object> set, String str) {
        if (obj != null && set != null) {
            throw new IllegalArgumentException("Cannot specify both target and targets");
        }
        ArrayList arrayList = new ArrayList();
        if (set != null && set.isEmpty()) {
            return arrayList;
        }
        List resultList = (set != null ? createPermissionQuery(null, set, null, Discrimination.either) : createPermissionQuery(obj, null, null, Discrimination.either)).getResultList();
        HashMap hashMap = new HashMap();
        boolean z = this.rolePermissionClass == null && this.discriminatorProperty.isSet();
        HashMap hashMap2 = null;
        if (set != null) {
            hashMap2 = new HashMap();
            for (Object obj2 : set) {
                hashMap2.put(this.identifierPolicy.getIdentifier(obj2), obj2);
            }
        }
        for (Object obj3 : resultList) {
            PermissionMetadata.ActionSet actionSet = null;
            if (set != null) {
                obj = hashMap2.get(this.targetProperty.getValue(obj3));
                if (obj != null) {
                    actionSet = this.metadata.createActionSet(obj.getClass(), this.actionProperty.getValue(obj3).toString());
                }
            } else {
                actionSet = this.metadata.createActionSet(obj.getClass(), this.actionProperty.getValue(obj3).toString());
            }
            if (obj != null && (str == null || (actionSet != null && actionSet.contains(str)))) {
                boolean z2 = true;
                if (z && this.discriminatorProperty.getAnnotation().roleValue().equals(this.discriminatorProperty.getValue(obj3))) {
                    z2 = false;
                }
                Principal lookupPrincipal = lookupPrincipal(hashMap, obj3, z2);
                if (str != null) {
                    arrayList.add(new Permission(obj, str, lookupPrincipal));
                } else {
                    Iterator<String> it = actionSet.members().iterator();
                    while (it.hasNext()) {
                        arrayList.add(new Permission(obj, it.next(), lookupPrincipal));
                    }
                }
            }
        }
        if (this.rolePermissionClass != null) {
            for (Object obj4 : (set != null ? createPermissionQuery(null, set, null, Discrimination.role) : createPermissionQuery(obj, null, null, Discrimination.role)).getResultList()) {
                PermissionMetadata.ActionSet actionSet2 = null;
                if (set != null) {
                    obj = hashMap2.get(this.roleTargetProperty.getValue(obj4));
                    if (obj != null) {
                        actionSet2 = this.metadata.createActionSet(obj.getClass(), this.roleActionProperty.getValue(obj4).toString());
                    }
                } else {
                    actionSet2 = this.metadata.createActionSet(obj.getClass(), this.roleActionProperty.getValue(obj4).toString());
                }
                if (obj != null && (str == null || (actionSet2 != null && actionSet2.contains(str)))) {
                    Principal lookupPrincipal2 = lookupPrincipal(hashMap, obj4, false);
                    if (str != null) {
                        arrayList.add(new Permission(obj, str, lookupPrincipal2));
                    } else {
                        Iterator<String> it2 = actionSet2.members().iterator();
                        while (it2.hasNext()) {
                            arrayList.add(new Permission(obj, it2.next(), lookupPrincipal2));
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    private Principal lookupPrincipal(Map<String, Principal> map, Object obj, boolean z) {
        Principal resolvePrincipal = resolvePrincipal(z ? this.userProperty.getValue(obj) : this.roleProperty.getValue(obj), z);
        String str = (z ? HtmlCompiler.NS_UTIL_PREFIX : "r:") + resolvePrincipal.getName();
        if (map.containsKey(str)) {
            resolvePrincipal = map.get(str);
        } else {
            map.put(str, resolvePrincipal);
        }
        return resolvePrincipal;
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public List<Permission> listPermissions(Object obj) {
        return listPermissions(obj, (String) null);
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public List<String> listAvailableActions(Object obj) {
        return this.metadata.listAllowableActions(obj.getClass());
    }

    private EntityManager lookupEntityManager() {
        return this.entityManager.getValue();
    }

    public Expressions.ValueExpression getEntityManager() {
        return this.entityManager;
    }

    public void setEntityManager(Expressions.ValueExpression valueExpression) {
        this.entityManager = valueExpression;
    }

    public Class getUserPermissionClass() {
        return this.userPermissionClass;
    }

    public void setUserPermissionClass(Class cls) {
        this.userPermissionClass = cls;
    }

    public Class getRolePermissionClass() {
        return this.rolePermissionClass;
    }

    public void setRolePermissionClass(Class cls) {
        this.rolePermissionClass = cls;
    }

    @Override // org.jboss.seam.security.permission.PermissionStore
    public void clearPermissions(Object obj) {
        EntityManager lookupEntityManager = lookupEntityManager();
        String identifier = this.identifierPolicy.getIdentifier(obj);
        lookupEntityManager.createQuery("delete from " + this.userPermissionClass.getName() + " p where p." + this.targetProperty.getName() + " = :target").setParameter("target", identifier).executeUpdate();
        if (this.rolePermissionClass != null) {
            lookupEntityManager.createQuery("delete from " + this.rolePermissionClass.getName() + " p where p." + this.roleTargetProperty.getName() + " = :target").setParameter("target", identifier).executeUpdate();
        }
    }
}
