package org.jboss.dashboard.security;

import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.MissingResourceException;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.security.auth.Subject;
import org.hibernate.validator.internal.engine.PathImpl;
import org.jboss.dashboard.LocaleManager;
import org.jboss.dashboard.SecurityServices;
import org.jboss.dashboard.annotation.Priority;
import org.jboss.dashboard.annotation.Startable;
import org.jboss.dashboard.security.principals.DefaultPrincipal;
import org.jboss.dashboard.security.principals.RolePrincipal;
import org.jboss.dashboard.ui.UIServices;
import org.jboss.dashboard.ui.panel.navigation.menu.MenuDriver;
import org.jboss.dashboard.users.Role;
import org.jboss.dashboard.users.RolesManager;
import org.jboss.dashboard.workspace.Panel;
import org.jboss.dashboard.workspace.PanelInstance;
import org.jboss.dashboard.workspace.Section;
import org.jboss.dashboard.workspace.Workspace;
import org.jboss.dashboard.workspace.WorkspaceImpl;
import org.jboss.dashboard.workspace.WorkspacesManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/dashboard-ui-core-6.4.0.CR1.jar:org/jboss/dashboard/security/UIPolicy.class */
public class UIPolicy implements Policy, Startable {
    private static final transient Logger log = LoggerFactory.getLogger(UIPolicy.class);
    private static final Principal UNSPECIFIED_PRINCIPAL = new DefaultPrincipal("UnspecifiedPrincipal");
    protected Map<Principal, Permissions> permissionMap = new HashMap();
    private final List<Object[]> defaultPermissions = new ArrayList();
    private final List<PermissionDescriptor> updateBuffer = new ArrayList();
    private final List<PermissionDescriptor> deleteBuffer = new ArrayList();

    @Inject
    protected LocaleManager localeManager;

    @Override // org.jboss.dashboard.annotation.Startable
    public Priority getPriority() {
        return Priority.HIGH;
    }

    @Override // org.jboss.dashboard.annotation.Startable
    public synchronized void start() throws Exception {
        log.debug("Init policy.");
        load();
        grantDefaultPermissions();
        save();
    }

    public String getResourceName(Object obj) {
        String str = MenuDriver.PARAMETER_ALL_ITEMS;
        if (obj != null) {
            if (obj instanceof Workspace) {
                str = ((Workspace) obj).getId();
            } else if (obj instanceof Section) {
                Section section = (Section) obj;
                str = section.getWorkspace().getId() + PathImpl.PROPERTY_PATH_SEPARATOR + section.getId();
            } else if (obj instanceof PanelInstance) {
                PanelInstance panelInstance = (PanelInstance) obj;
                str = panelInstance.getWorkspace().getId() + ".*." + panelInstance.getInstanceId();
            } else {
                if (!(obj instanceof Panel)) {
                    throw new IllegalArgumentException("Resource type not supported.");
                }
                Panel panel = (Panel) obj;
                str = panel.getWorkspace().getId() + ".*." + panel.getInstanceId();
            }
        }
        return str;
    }

    public Object getResource(Class<? extends Permission> cls, String str) throws Exception {
        if (cls.equals(WorkspacePermission.class)) {
            if (str.equals(MenuDriver.PARAMETER_ALL_ITEMS)) {
                return null;
            }
            return UIServices.lookup().getWorkspacesManager().getWorkspace(str);
        }
        if (cls.equals(SectionPermission.class)) {
            if (str.equals(MenuDriver.PARAMETER_ALL_ITEMS)) {
                return null;
            }
            int indexOf = str.indexOf(PathImpl.PROPERTY_PATH_SEPARATOR);
            if (indexOf == -1) {
                return UIServices.lookup().getWorkspacesManager().getWorkspace(str);
            }
            String substring = str.substring(0, indexOf);
            String substring2 = str.substring(indexOf + 1);
            return substring2.endsWith(MenuDriver.PARAMETER_ALL_ITEMS) ? UIServices.lookup().getWorkspacesManager().getWorkspace(substring) : UIServices.lookup().getWorkspacesManager().getWorkspace(substring).getSection(new Long(substring2));
        }
        if (!cls.equals(PanelPermission.class)) {
            throw new IllegalArgumentException("Resource class not supported.");
        }
        if (str.equals(MenuDriver.PARAMETER_ALL_ITEMS)) {
            return null;
        }
        int indexOf2 = str.indexOf(PathImpl.PROPERTY_PATH_SEPARATOR);
        if (indexOf2 == -1) {
            return UIServices.lookup().getWorkspacesManager().getWorkspace(str);
        }
        String substring3 = str.substring(0, indexOf2);
        String substring4 = str.substring(str.indexOf(PathImpl.PROPERTY_PATH_SEPARATOR, indexOf2 + 1) + 1);
        return substring4.endsWith(MenuDriver.PARAMETER_ALL_ITEMS) ? UIServices.lookup().getWorkspacesManager().getWorkspace(substring3) : ((WorkspaceImpl) UIServices.lookup().getWorkspacesManager().getWorkspace(substring3)).getPanelInstance(new Long(substring4));
    }

    public synchronized void grantDefaultPermissions() {
        log.debug("Grant default permissions.");
        RolesManager rolesManager = SecurityServices.lookup().getRolesManager();
        WorkspacesManager workspacesManager = UIServices.lookup().getWorkspacesManager();
        SectionPermission sectionPermission = new SectionPermission(MenuDriver.PARAMETER_ALL_ITEMS, "view");
        sectionPermission.setReadOnly(true);
        PanelPermission panelPermission = new PanelPermission(MenuDriver.PARAMETER_ALL_ITEMS, "view");
        panelPermission.setReadOnly(true);
        for (Role role : rolesManager.getAllRoles()) {
            RolePrincipal rolePrincipal = new RolePrincipal(role);
            this.defaultPermissions.add(new Object[]{rolePrincipal, sectionPermission});
            this.defaultPermissions.add(new Object[]{rolePrincipal, panelPermission});
            if (role.getName().equals("admin")) {
                BackOfficePermission backOfficePermission = new BackOfficePermission(BackOfficePermission.getResourceName(null), null);
                backOfficePermission.setReadOnly(true);
                backOfficePermission.grantAction(BackOfficePermission.ACTION_USE_GRAPHIC_RESOURCES);
                backOfficePermission.grantAction(BackOfficePermission.ACTION_CREATE_WORKSPACE);
                this.defaultPermissions.add(new Object[]{rolePrincipal, backOfficePermission});
                for (WorkspaceImpl workspaceImpl : workspacesManager.getWorkspaces()) {
                    Iterator<Permission> it = createDefaultPermissions(workspaceImpl).iterator();
                    while (it.hasNext()) {
                        this.defaultPermissions.add(new Object[]{rolePrincipal, it.next()});
                    }
                }
            }
        }
        for (Object[] objArr : this.defaultPermissions) {
            addPermission((Principal) objArr[0], (Permission) objArr[1]);
        }
    }

    public List<Permission> createDefaultPermissions(Workspace workspace) {
        ArrayList arrayList = new ArrayList();
        WorkspacePermission workspacePermission = new WorkspacePermission(getResourceName(workspace), null);
        workspacePermission.grantAllActions();
        workspacePermission.setReadOnly(true);
        arrayList.add(workspacePermission);
        SectionPermission sectionPermission = new SectionPermission(getResourceName(workspace) + ".*", null);
        sectionPermission.grantAllActions();
        sectionPermission.setReadOnly(true);
        arrayList.add(sectionPermission);
        PanelPermission panelPermission = new PanelPermission(getResourceName(workspace) + ".*", null);
        panelPermission.grantAllActions();
        panelPermission.setReadOnly(true);
        arrayList.add(panelPermission);
        return arrayList;
    }

    public boolean isPermissionGrantedByDefault(PermissionDescriptor permissionDescriptor) {
        for (Object[] objArr : this.defaultPermissions) {
            try {
                if (objArr[0].equals(permissionDescriptor.getPrincipal()) && objArr[1].getClass().getName().equals(permissionDescriptor.getPermissionClass()) && ((Permission) objArr[1]).getName().equals(permissionDescriptor.getPermissionResource())) {
                    return true;
                }
            } catch (InstantiationException e) {
                log.error("Error: ", e);
            }
        }
        return false;
    }

    public String describeActionName(String str, String str2, Locale locale) {
        try {
            return this.localeManager.getBundle("org.jboss.dashboard.security.messages", locale).getString("action." + str + PathImpl.PROPERTY_PATH_SEPARATOR + str2.replace(' ', '_'));
        } catch (MissingResourceException e) {
            log.warn("Can't find description for " + str2 + " in locale " + locale);
            return str2;
        }
    }

    @Override // org.jboss.dashboard.security.Policy
    public void addPermission(Permission permission) {
        addPermission(null, permission);
    }

    @Override // org.jboss.dashboard.security.Policy
    public synchronized void addPermission(Principal principal, Permission permission) {
        Principal principal2 = principal;
        if (principal2 == null) {
            try {
                principal2 = UNSPECIFIED_PRINCIPAL;
            } catch (Exception e) {
                log.error("Error: ", e);
                return;
            }
        }
        log.debug("Adding permission " + permission + " for principal " + principal);
        Permissions permissions = this.permissionMap.get(principal2);
        if (permissions == null) {
            permissions = new Permissions();
            this.permissionMap.put(principal2, permissions);
        }
        permissions.add(permission);
        PermissionDescriptor find = PermissionManager.lookup().find(principal2, permission);
        if (find == null) {
            find = PermissionManager.lookup().createNewItem();
        }
        find.setPrincipal(principal2);
        find.setPermission(permission);
        find.setReadonly(Boolean.valueOf(((UIPermission) permission).isReadOnly()));
        int indexOf = this.updateBuffer.indexOf(find);
        if (indexOf != -1) {
            this.updateBuffer.remove(indexOf);
        }
        this.updateBuffer.add(find);
    }

    @Override // org.jboss.dashboard.security.Policy
    public void removePermissions(Principal principal, String str) {
        Permissions permissions = this.permissionMap.get(principal);
        if (permissions == null || str == null) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        Enumeration<Permission> elements = permissions.elements();
        DefaultPermission defaultPermission = new DefaultPermission(str, null);
        DefaultPermission defaultPermission2 = new DefaultPermission(str, null);
        while (elements.hasMoreElements()) {
            Permission nextElement = elements.nextElement();
            defaultPermission2.setResourceName(nextElement.getName());
            if (defaultPermission.implies(defaultPermission2)) {
                arrayList.add(nextElement);
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            removePermission(principal, (Permission) it.next());
        }
    }

    @Override // org.jboss.dashboard.security.Policy
    public void removePermissions(String str) {
        Iterator<Principal> it = this.permissionMap.keySet().iterator();
        while (it.hasNext()) {
            removePermissions(it.next(), str);
        }
    }

    @Override // org.jboss.dashboard.security.Policy
    public synchronized void removePermission(Principal principal, Permission permission) {
        PermissionDescriptor find = PermissionManager.lookup().find(principal, permission);
        if (find == null || find.isReadonly().booleanValue()) {
            return;
        }
        int indexOf = this.updateBuffer.indexOf(find);
        if (indexOf != -1) {
            this.updateBuffer.remove(indexOf);
        }
        if (this.deleteBuffer.indexOf(find) == -1) {
            this.deleteBuffer.add(find);
        }
        if (log.isDebugEnabled()) {
            log.debug("Removing permission " + permission + " for principal " + principal);
        }
        Permissions permissions = this.permissionMap.get(principal);
        if (permissions != null) {
            Permissions permissions2 = new Permissions();
            Enumeration<Permission> elements = permissions.elements();
            while (elements.hasMoreElements()) {
                Permission nextElement = elements.nextElement();
                if (!permission.equals(nextElement)) {
                    permissions2.add(nextElement);
                }
            }
            this.permissionMap.put(principal, permissions2);
        }
    }

    @Override // org.jboss.dashboard.security.Policy
    public void removePermission(Permission permission) {
        Iterator<Principal> it = this.permissionMap.keySet().iterator();
        while (it.hasNext()) {
            removePermission(it.next(), permission);
        }
    }

    @Override // org.jboss.dashboard.security.Policy
    public PermissionCollection getPermissions(Subject subject) {
        Permissions permissions = new Permissions();
        Iterator<Principal> it = subject.getPrincipals().iterator();
        while (it.hasNext()) {
            Permissions permissions2 = this.permissionMap.get(it.next());
            if (permissions2 != null) {
                Enumeration<Permission> elements = permissions2.elements();
                while (elements.hasMoreElements()) {
                    permissions.add(elements.nextElement());
                }
            }
        }
        Permissions permissions3 = this.permissionMap.get(UNSPECIFIED_PRINCIPAL);
        if (permissions3 != null) {
            Enumeration<Permission> elements2 = permissions3.elements();
            while (elements2.hasMoreElements()) {
                permissions.add(elements2.nextElement());
            }
        }
        return permissions;
    }

    @Override // org.jboss.dashboard.security.Policy
    public PermissionCollection getPermissions(Principal principal) {
        Principal principal2 = principal;
        if (principal2 == null) {
            principal2 = UNSPECIFIED_PRINCIPAL;
        }
        return this.permissionMap.get(principal2);
    }

    @Override // org.jboss.dashboard.security.Policy
    public Permission getPermission(Principal principal, Class<? extends Permission> cls, String str) {
        PermissionCollection permissions = getPermissions(principal);
        if (permissions == null) {
            return null;
        }
        Enumeration<Permission> elements = permissions.elements();
        while (elements.hasMoreElements()) {
            Permission nextElement = elements.nextElement();
            if (nextElement.getName().equals(str) && nextElement.getClass().getName().equals(cls.getName())) {
                return nextElement;
            }
        }
        return null;
    }

    @Override // org.jboss.dashboard.security.Policy
    public Map<Principal, Permission> getPermissions(Object obj, Class<? extends Permission> cls) throws Exception {
        HashMap hashMap = new HashMap();
        String str = (String) cls.getMethod("getResourceName", Object.class).invoke(cls, obj);
        for (Map.Entry<Principal, Permissions> entry : this.permissionMap.entrySet()) {
            Enumeration<Permission> elements = entry.getValue().elements();
            while (elements.hasMoreElements()) {
                Permission nextElement = elements.nextElement();
                if (nextElement.getName().equals(str) && cls.equals(nextElement.getClass())) {
                    hashMap.put(entry.getKey(), nextElement);
                }
            }
        }
        return hashMap;
    }

    @Override // org.jboss.dashboard.security.Policy
    public synchronized void removePermissions(Object obj) throws Exception {
        String resourceName = getResourceName(obj);
        log.debug("Removing all permissions for resource named " + resourceName);
        for (PermissionDescriptor permissionDescriptor : PermissionManager.lookup().find(resourceName)) {
            int indexOf = this.updateBuffer.indexOf(permissionDescriptor);
            if (indexOf != -1) {
                this.updateBuffer.remove(indexOf);
            }
            if (this.deleteBuffer.indexOf(permissionDescriptor) == -1) {
                this.deleteBuffer.add(permissionDescriptor);
            }
        }
        removePermissions(resourceName);
        removePermissions(resourceName + ".*");
    }

    public synchronized void clear() {
        this.permissionMap.clear();
        this.updateBuffer.clear();
        this.deleteBuffer.clear();
    }

    @Override // org.jboss.dashboard.database.Persistent
    public boolean isPersistent() {
        return true;
    }

    @Override // org.jboss.dashboard.database.Persistent
    public synchronized void save() throws Exception {
        if (log.isDebugEnabled()) {
            log.debug("Save policy with updateBuffer=" + this.updateBuffer);
        }
        if (this.updateBuffer.isEmpty() && this.deleteBuffer.isEmpty()) {
            return;
        }
        Iterator<PermissionDescriptor> it = this.updateBuffer.iterator();
        while (it.hasNext()) {
            it.next().save();
        }
        Iterator<PermissionDescriptor> it2 = this.deleteBuffer.iterator();
        while (it2.hasNext()) {
            it2.next().delete();
        }
        this.updateBuffer.clear();
        this.deleteBuffer.clear();
    }

    @Override // org.jboss.dashboard.database.Persistent
    public void update() throws Exception {
        save();
    }

    public synchronized void load() throws Exception {
        log.debug("Load policy.");
        List<PermissionDescriptor> allInstances = PermissionManager.lookup().getAllInstances();
        clear();
        for (PermissionDescriptor permissionDescriptor : allInstances) {
            if (permissionDescriptor != null) {
                try {
                    if (log.isDebugEnabled()) {
                        log.debug("Adding permission " + permissionDescriptor.getPermission() + " for principal " + permissionDescriptor.getPrincipal());
                    }
                    Principal principal = permissionDescriptor.getPrincipal();
                    UIPermission uIPermission = (UIPermission) permissionDescriptor.getPermission();
                    uIPermission.setReadOnly(permissionDescriptor.isReadonly().booleanValue());
                    addPermission(principal, uIPermission);
                } catch (InstantiationException e) {
                    log.error("Ignoring permission descriptor " + permissionDescriptor);
                }
            }
        }
    }

    @Override // org.jboss.dashboard.database.Persistent
    public synchronized void delete() throws Exception {
        clear();
    }
}
