package de.cismet.cids.abf.domainserver.project.utils;

import de.cismet.cids.abf.domainserver.project.DomainserverProject;
import de.cismet.cids.abf.domainserver.project.cidsclass.ExportClassesAction;
import de.cismet.cids.jpa.backend.service.Backend;
import de.cismet.cids.jpa.entity.catalog.CatNode;
import de.cismet.cids.jpa.entity.cidsclass.Attribute;
import de.cismet.cids.jpa.entity.cidsclass.CidsClass;
import de.cismet.cids.jpa.entity.common.PermissionAwareEntity;
import de.cismet.cids.jpa.entity.permission.AbstractPermission;
import de.cismet.cids.jpa.entity.permission.Permission;
import de.cismet.cids.jpa.entity.permission.Policy;
import de.cismet.cids.jpa.entity.permission.PolicyRule;
import de.cismet.cids.jpa.entity.user.UserGroup;
import java.text.MessageFormat;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.ReentrantLock;
import org.apache.log4j.Logger;
import org.openide.util.NbBundle;

/* loaded from: input_file:de/cismet/cids/abf/domainserver/project/utils/PermissionResolver.class */
public final class PermissionResolver {
    private final transient DomainserverProject project;
    private final transient List<Policy> policies;
    private final transient Map<Integer, Map<Integer, Boolean>> ruleMap;
    private final transient Permission readPerm;
    private final transient Permission writePerm;
    private final transient Permission noPerm;
    private final transient ThreadLocal<Result> result;
    private static final transient Logger LOG = Logger.getLogger(PermissionResolver.class);
    private static final String PERM_STRING_READ = NbBundle.getMessage(PermissionResolver.class, "PermissionResolver.PERM_STRING_READ");
    private static final String PERM_STRING_WRITE = NbBundle.getMessage(PermissionResolver.class, "PermissionResolver.PERM_STRING_WRITE");
    private static final String PERM_STRING_NOT = NbBundle.getMessage(PermissionResolver.class, "PermissionResolver.PERM_STRING_NOT");
    private static final String INH_STRING_CLASS_POLICY = NbBundle.getMessage(PermissionResolver.class, "PermissionResolver.INH_STRING_CLASS_POLICY");
    private static final String INH_STRING_NODE_POLICY = NbBundle.getMessage(PermissionResolver.class, "PermissionResolver.INH_STRING_NODE_POLICY");
    private static final String INH_STRING_SERVER_ATTR_POLICY = NbBundle.getMessage(PermissionResolver.class, "PermissionResolver.INH_STRING_SERVER_ATTR_POLICY");
    private static final String INH_STRING_SERVER_CLASS_POLICY = NbBundle.getMessage(PermissionResolver.class, "PermissionResolver.INH_STRING_SERVER_CLASS_POLICY");
    private static final String INH_STRING_SERVER_NODE_POLICY = NbBundle.getMessage(PermissionResolver.class, "PermissionResolver.INH_STRING_SERVER_NODE_POLICY");
    private static final String INH_STRING_SERVER_POLICY = NbBundle.getMessage(PermissionResolver.class, "PermissionResolver.INH_STRING_SERVER_POLICY");
    private static final String USE_STRING_ATTR_POLICY = NbBundle.getMessage(PermissionResolver.class, "PermissionResolver.USE_STRING_ATTR_POLICY");
    private static final String USE_STRING_CLASS_POLICY = NbBundle.getMessage(PermissionResolver.class, "PermissionResolver.USE_STRING_CLASS_POLICY");
    private static final String USE_STRING_NODE_POLICY = NbBundle.getMessage(PermissionResolver.class, "PermissionResolver.USE_STRING_NODE_POLICY");
    private static final String PERM_STRING_DERIVED_FROM_CLASS = NbBundle.getMessage(PermissionResolver.class, "PermissionResolver.PERM_STRING_DERIVED_FROM_CLASS");
    private static final String PERM_STRING_UNSUPPORTED_PERMISSION = NbBundle.getMessage(PermissionResolver.class, "PermissionResolver.PERM_STRING_UNSUPPORTED_PERMISSION");
    private static final Map<DomainserverProject, PermissionResolver> MAP = new HashMap();
    private static final ReentrantLock INITLOCK = new ReentrantLock(false);

    /* loaded from: input_file:de/cismet/cids/abf/domainserver/project/utils/PermissionResolver$Result.class */
    public static final class Result {
        private String permissionString;
        private String inheritanceString;
        private Permission effectivePerm;

        public Result() {
            this(null, null, null);
        }

        public Result(String str) {
            this(str, null, null);
        }

        public Result(String str, String str2) {
            this(str, str2, null);
        }

        public Result(String str, String str2, Permission permission) {
            this.permissionString = str;
            this.inheritanceString = str2;
            this.effectivePerm = permission;
        }

        public String getPermissionString() {
            return this.permissionString;
        }

        public String getInheritanceString() {
            return this.inheritanceString;
        }

        public Permission getEffectivePerm() {
            return this.effectivePerm;
        }

        void setPermissionString(String str) {
            this.permissionString = str;
        }

        void setInheritanceString(String str) {
            this.inheritanceString = str;
        }

        void setEffectivePerm(Permission permission) {
            this.effectivePerm = permission;
        }
    }

    private PermissionResolver(DomainserverProject domainserverProject) {
        if (domainserverProject == null) {
            throw new IllegalArgumentException("project must not be null");
        }
        if (!domainserverProject.isConnected()) {
            throw new IllegalStateException("the project is not connected");
        }
        this.project = domainserverProject;
        Backend cidsDataObjectBackend = domainserverProject.getCidsDataObjectBackend();
        this.ruleMap = new HashMap();
        for (PolicyRule policyRule : cidsDataObjectBackend.getAllEntities(PolicyRule.class)) {
            Map<Integer, Boolean> map = this.ruleMap.get(policyRule.getPolicy().getId());
            if (map == null) {
                map = new HashMap();
                this.ruleMap.put(policyRule.getPolicy().getId(), map);
            }
            map.put(policyRule.getPermission().getId(), policyRule.getDefaultValue());
        }
        this.policies = cidsDataObjectBackend.getAllEntities(Policy.class);
        Permission permission = null;
        Permission permission2 = null;
        for (Permission permission3 : cidsDataObjectBackend.getAllEntities(Permission.class)) {
            permission = permission3.getKey().equalsIgnoreCase("read") ? permission3 : permission;
            permission2 = permission3.getKey().equalsIgnoreCase("write") ? permission3 : permission2;
            if (permission != null && permission2 != null) {
                break;
            }
        }
        if (permission == null || permission2 == null) {
            throw new IllegalStateException("could not find r/w permission");
        }
        this.readPerm = permission;
        this.writePerm = permission2;
        this.noPerm = null;
        this.result = new ThreadLocal<Result>() { // from class: de.cismet.cids.abf.domainserver.project.utils.PermissionResolver.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.lang.ThreadLocal
            public Result initialValue() {
                return new Result();
            }

            @Override // java.lang.ThreadLocal
            public void set(Result result) {
                throw new UnsupportedOperationException("shall not set result");
            }
        };
        validateFallbackPolicies();
    }

    public static PermissionResolver getInstance(DomainserverProject domainserverProject) {
        if (domainserverProject == null) {
            throw new IllegalArgumentException("project must not be null");
        }
        INITLOCK.lock();
        try {
            PermissionResolver permissionResolver = MAP.get(domainserverProject);
            if (permissionResolver == null) {
                permissionResolver = new PermissionResolver(domainserverProject);
                MAP.put(domainserverProject, permissionResolver);
            }
            PermissionResolver permissionResolver2 = permissionResolver;
            INITLOCK.unlock();
            return permissionResolver2;
        } catch (Throwable th) {
            INITLOCK.unlock();
            throw th;
        }
    }

    private void validateFallbackPolicies() throws IllegalStateException {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        Iterator<Policy> it = this.policies.iterator();
        while (it.hasNext()) {
            String name = it.next().getName();
            if (this.project.getServerPolicy().equals(name)) {
                z = true;
            }
            if (this.project.getAttrPolicy().equals(name)) {
                z2 = true;
            }
            if (this.project.getClassNodePolicy().equals(name)) {
                z3 = true;
            }
            if (this.project.getOrgNodePolicy().equals(name)) {
                z4 = true;
            }
            if (z && z2 && z3 && z4) {
                return;
            }
        }
        if (!z) {
            throw new IllegalStateException("serverPolicy is not valid: " + this.project.getServerPolicy());
        }
        if (!z2) {
            throw new IllegalStateException("attributePolicy is not valid: " + this.project.getAttrPolicy());
        }
        if (!z3) {
            throw new IllegalStateException("classNodePolicy is not valid: " + this.project.getClassNodePolicy());
        }
        if (!z4) {
            throw new IllegalStateException("pureNodePolicy is not valid: " + this.project.getOrgNodePolicy());
        }
    }

    public boolean hasPerm(UserGroup userGroup, PermissionAwareEntity permissionAwareEntity, Permission permission) {
        if (userGroup == null) {
            throw new IllegalArgumentException("usergroup may not be null");
        }
        if (permission == null) {
            throw new IllegalArgumentException("permission may not be null");
        }
        Policy effectivePolicy = getEffectivePolicy(permissionAwareEntity);
        if (effectivePolicy == null) {
            throw new UnsupportedOperationException("hasPerm has been called for catnode that has 'derivePermFromClass' flag or effective policy was not found! Both operations are not supported yet");
        }
        for (AbstractPermission abstractPermission : permissionAwareEntity.getPermissions()) {
            if (userGroup.equals(abstractPermission.getUserGroup())) {
                Result evaluatePerms = evaluatePerms(effectivePolicy, abstractPermission.getPermission());
                if (permission.equals(evaluatePerms.effectivePerm)) {
                    return true;
                }
                if (evaluatePerms.effectivePerm == null && abstractPermission.getPermission().equals(permission)) {
                    return false;
                }
            }
        }
        Boolean bool = this.ruleMap.get(effectivePolicy.getId()).get(permission.getId());
        if (bool != null) {
            return bool.booleanValue();
        }
        LOG.warn("unsupported permission in cids system present: " + permission);
        return false;
    }

    public Result getPermString(PermissionAwareEntity permissionAwareEntity, Permission permission) {
        try {
            Policy effectivePolicy = getEffectivePolicy(permissionAwareEntity);
            if (effectivePolicy == null) {
                Result result = this.result.get();
                this.result.remove();
                return result;
            }
            Result evaluatePerms = evaluatePerms(effectivePolicy, permission);
            this.result.remove();
            return evaluatePerms;
        } catch (Throwable th) {
            this.result.remove();
            throw th;
        }
    }

    private Policy getEffectivePolicy(PermissionAwareEntity permissionAwareEntity) {
        if (permissionAwareEntity instanceof CidsClass) {
            return getClassPolicy((CidsClass) permissionAwareEntity);
        }
        if (permissionAwareEntity instanceof Attribute) {
            return getAttributePolicy((Attribute) permissionAwareEntity);
        }
        if (permissionAwareEntity instanceof CatNode) {
            return getNodePolicy((CatNode) permissionAwareEntity);
        }
        LOG.warn("returning entity's policy for unknown entity: " + permissionAwareEntity);
        return permissionAwareEntity.getPolicy();
    }

    private Policy getClassPolicy(CidsClass cidsClass) {
        Result result = this.result.get();
        Policy policy = cidsClass.getPolicy();
        if (policy == null) {
            Iterator<Policy> it = this.policies.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Policy next = it.next();
                if (this.project.getServerPolicy().equals(next.getName())) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("no policy found so far, enforcing server's policy");
                    }
                    result.inheritanceString = INH_STRING_SERVER_POLICY;
                    policy = next;
                }
            }
            if (policy == null) {
                throw new IllegalStateException("could not find server's policy");
            }
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("enforcing class' policy");
            }
            result.inheritanceString = USE_STRING_CLASS_POLICY;
        }
        return policy;
    }

    private Policy getAttributePolicy(Attribute attribute) {
        Policy attributePolicy = attribute.getCidsClass().getAttributePolicy();
        Result result = this.result.get();
        if (attributePolicy == null) {
            Iterator<Policy> it = this.policies.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Policy next = it.next();
                if (this.project.getAttrPolicy().equals(next.getName())) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("no policy found so far, enforcing server's attribute policy");
                    }
                    result.inheritanceString = INH_STRING_SERVER_ATTR_POLICY;
                    attributePolicy = next;
                }
            }
            if (attributePolicy == null) {
                throw new IllegalStateException("could not find attr policy");
            }
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("enforcing class' attribute policy");
            }
            result.inheritanceString = USE_STRING_ATTR_POLICY;
        }
        return attributePolicy;
    }

    private Policy getNodePolicy(CatNode catNode) {
        Policy orgNodePolicy;
        Result result = this.result.get();
        if (catNode.getDerivePermFromClass().booleanValue()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("derive permission from class set, return null");
            }
            result.inheritanceString = USE_STRING_CLASS_POLICY;
            result.permissionString = PERM_STRING_DERIVED_FROM_CLASS;
            return null;
        }
        if (catNode.getPolicy() != null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("enforcing catnode's policy");
            }
            result.inheritanceString = USE_STRING_NODE_POLICY;
            orgNodePolicy = catNode.getPolicy();
        } else if (catNode.getNodeType().equals(CatNode.Type.CLASS.getType())) {
            orgNodePolicy = getClassNodePolicy(catNode);
        } else if (catNode.getNodeType().equals(CatNode.Type.OBJECT.getType())) {
            orgNodePolicy = getObjectNodePolicy(catNode);
        } else {
            if (!catNode.getNodeType().equals(CatNode.Type.ORG.getType())) {
                throw new IllegalArgumentException("unknown catnode type: " + catNode.getNodeType());
            }
            orgNodePolicy = getOrgNodePolicy(catNode);
        }
        if (orgNodePolicy == null) {
            Iterator<Policy> it = this.policies.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Policy next = it.next();
                if (this.project.getServerPolicy().equals(next.getName())) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("no policy found so far, enforcing serverpolicy");
                    }
                    result.inheritanceString = INH_STRING_SERVER_POLICY;
                    orgNodePolicy = next;
                }
            }
            if (orgNodePolicy == null) {
                throw new IllegalStateException("could not find server policy");
            }
        }
        return orgNodePolicy;
    }

    private Policy getClassNodePolicy(CatNode catNode) {
        if (!catNode.getNodeType().equals(CatNode.Type.CLASS.getType())) {
            throw new IllegalArgumentException("node is not of type ClassNode");
        }
        for (Policy policy : this.policies) {
            if (this.project.getClassNodePolicy().equals(policy.getName())) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("no policy found so far, returning server's class node policy");
                }
                this.result.get().inheritanceString = INH_STRING_SERVER_CLASS_POLICY;
                return policy;
            }
        }
        if (!LOG.isDebugEnabled()) {
            return null;
        }
        LOG.debug("server's class node policy unknown/not enforcable");
        return null;
    }

    private Policy getObjectNodePolicy(CatNode catNode) {
        if (!catNode.getNodeType().equals(CatNode.Type.OBJECT.getType())) {
            throw new IllegalArgumentException("node is not of type ObjectNode");
        }
        if (catNode.getCidsClass() == null) {
            if (!LOG.isDebugEnabled()) {
                return null;
            }
            LOG.debug("no cids class attached to object node");
            return null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("no policy found so far, returning cids class' policy for object node");
        }
        this.result.get().inheritanceString = INH_STRING_CLASS_POLICY;
        return catNode.getCidsClass().getPolicy();
    }

    private Policy getOrgNodePolicy(CatNode catNode) {
        if (!catNode.getNodeType().equals(CatNode.Type.ORG.getType())) {
            throw new IllegalArgumentException("node is not of type OrgNode");
        }
        List nodeParents = this.project.getCidsDataObjectBackend().getNodeParents(catNode);
        if (nodeParents.size() > 1) {
            throw new IllegalStateException("node has more than one parent: " + catNode);
        }
        if (nodeParents.isEmpty()) {
            if (catNode.getId() != null || catNode.getProspectiveParent() == null) {
                for (Policy policy : this.policies) {
                    if (this.project.getOrgNodePolicy().equals(policy.getName())) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("no policy found so far, returning server's pure node policy");
                        }
                        this.result.get().inheritanceString = INH_STRING_SERVER_NODE_POLICY;
                        return policy;
                    }
                }
                return null;
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("using prospective parent for transient node");
            }
            nodeParents.add(catNode.getProspectiveParent());
        }
        Policy policy2 = ((CatNode) nodeParents.get(0)).getPolicy();
        if (policy2 == null) {
            policy2 = getOrgNodePolicy((CatNode) nodeParents.get(0));
            if (policy2 == null) {
                for (Policy policy3 : this.policies) {
                    if (this.project.getOrgNodePolicy().equals(policy3.getName())) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("no policy found so far, returning server's pure node policy");
                        }
                        this.result.get().inheritanceString = INH_STRING_SERVER_NODE_POLICY;
                        return policy3;
                    }
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("returning parent's policy for orgnode");
        }
        this.result.get().inheritanceString = INH_STRING_NODE_POLICY;
        return policy2;
    }

    private Result evaluatePerms(Policy policy, Permission permission) {
        String str;
        String str2;
        Result result = this.result.get();
        if (permission == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("permission is null, no permission string attached");
            }
            return result;
        }
        Integer id = policy.getId();
        Integer id2 = permission.getId();
        if (id == null || id2 == null) {
            LOG.warn("unknown policy or permission: policyid = " + policy.getId() + " :: permissionid = " + permission.getId());
            return result;
        }
        Boolean bool = this.ruleMap.get(id).get(id2);
        if (bool == null) {
            result.permissionString = permission.getKey() + ExportClassesAction.SEP + PERM_STRING_UNSUPPORTED_PERMISSION;
        } else {
            if (this.readPerm.getId().equals(permission.getId())) {
                str = PERM_STRING_READ;
                result.effectivePerm = this.readPerm;
            } else {
                str = PERM_STRING_WRITE;
                result.effectivePerm = this.writePerm;
            }
            if (bool.booleanValue()) {
                str2 = PERM_STRING_NOT;
                result.effectivePerm = this.noPerm;
            } else {
                str2 = "";
            }
            result.permissionString = MessageFormat.format(str, str2);
        }
        return result;
    }
}
