package org.wso2.carbon.user.core.def;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.BitSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.sql.DataSource;
import net.sf.ehcache.Cache;
import net.sf.ehcache.CacheManager;
import net.sf.ehcache.Element;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.user.core.Authorizer;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.def.TreeNode;
import org.wso2.carbon.user.core.def.util.DefaultSQLHelperImpl;
import org.wso2.carbon.user.core.i18n.Messages;
import org.wso2.carbon.user.core.util.DatabaseUtil;

/* loaded from: input_file:org/wso2/carbon/user/core/def/DefaultAuthorizer.class */
public class DefaultAuthorizer implements Authorizer {
    protected DataSource dataSource;
    protected String algorithm;
    protected SQLHelper sqlHelper;
    protected CacheManager cacheManager;
    protected String systemUserName;
    private static Log log = LogFactory.getLog(DefaultAuthorizer.class);
    protected static final TreeNode root = new TreeNode("/");

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/wso2/carbon/user/core/def/DefaultAuthorizer$SearchResult.class */
    public class SearchResult {
        private TreeNode lastNode;
        private List<String> unprocessedPaths;
        private Boolean lastNodeAllowedAccess = Boolean.FALSE;
        private List<String> allowedEntities = new ArrayList();
        private List<String> deniedEntities = new ArrayList();

        SearchResult() {
        }

        SearchResult(TreeNode treeNode, List<String> list) {
            this.lastNode = treeNode;
            this.unprocessedPaths = list;
        }

        public TreeNode getLastNode() {
            return this.lastNode;
        }

        public void setLastNode(TreeNode treeNode) {
            this.lastNode = treeNode;
        }

        public List<String> getUnprocessedPaths() {
            return this.unprocessedPaths;
        }

        public void setUnprocessedPaths(List<String> list) {
            this.unprocessedPaths = list;
        }

        public Boolean getLastNodeAllowedAccess() {
            return this.lastNodeAllowedAccess;
        }

        public void setLastNodeAllowedAccess(Boolean bool) {
            this.lastNodeAllowedAccess = bool;
        }

        public List<String> getAllowedEntities() {
            return this.allowedEntities;
        }

        public void setAllowedEntities(List<String> list) {
            this.allowedEntities = list;
        }

        public List<String> getDeniedEntities() {
            return this.deniedEntities;
        }

        public void setDeniedEntities(List<String> list) {
            this.deniedEntities = list;
        }
    }

    public DefaultAuthorizer(String str) {
        this.dataSource = null;
        this.algorithm = null;
        this.sqlHelper = new DefaultSQLHelperImpl();
        this.cacheManager = null;
        this.cacheManager = new CacheManager();
        this.cacheManager.addCache(new Cache(UserCoreConstants.AUTHZ_CACHE, UserCoreConstants.MAX_OBJECTS_IN_CACHE, false, false, 30L, 0L));
        this.systemUserName = str;
    }

    public DefaultAuthorizer(DataSource dataSource, String str, String str2) {
        this(str2);
        this.dataSource = dataSource;
        this.algorithm = str;
    }

    public DefaultAuthorizer(DataSource dataSource, String str, SQLHelper sQLHelper, String str2) {
        this(str2);
        this.dataSource = dataSource;
        this.algorithm = str;
        this.sqlHelper = sQLHelper;
    }

    @Override // org.wso2.carbon.user.core.Authorizer
    public boolean isUserAuthorized(String str, String str2, String str3) throws UserStoreException {
        if (this.systemUserName.equals(str)) {
            return true;
        }
        Element element = this.cacheManager.getCache(UserCoreConstants.AUTHZ_CACHE).get(str + str2 + str3);
        if (element != null) {
            return ((Boolean) element.getObjectValue()).booleanValue();
        }
        if (getUserPermission(str, Util.actionToPermission(str3), null, root, Util.toComponenets(str2)).getLastNodeAllowedAccess() == Boolean.TRUE) {
            return true;
        }
        return isUserAuthorizedFromRoles(getUserRoles(str), str, str2, str3);
    }

    @Override // org.wso2.carbon.user.core.Authorizer
    public boolean isRoleAuthorized(String str, String str2, String str3) throws UserStoreException {
        return getRolePermission(str, Util.actionToPermission(str3), null, root, Util.toComponenets(str2)).getLastNodeAllowedAccess() == Boolean.TRUE;
    }

    @Override // org.wso2.carbon.user.core.Authorizer
    public String[] getAllowedUsersForResource(String str, String str2) throws UserStoreException {
        SearchResult allowedUsersForResource = getAllowedUsersForResource(null, root, Util.actionToPermission(str2), Util.toComponenets(str));
        return (String[]) allowedUsersForResource.getAllowedEntities().toArray(new String[allowedUsersForResource.getAllowedEntities().size()]);
    }

    @Override // org.wso2.carbon.user.core.Authorizer
    public String[] getDeniedUsersForResource(String str, String str2) throws UserStoreException {
        SearchResult deniedUsersForResource = getDeniedUsersForResource(null, root, Util.actionToPermission(str2), Util.toComponenets(str));
        return (String[]) deniedUsersForResource.getDeniedEntities().toArray(new String[deniedUsersForResource.getDeniedEntities().size()]);
    }

    @Override // org.wso2.carbon.user.core.Authorizer
    public String[] getAllowedRolesForResource(String str, String str2) throws UserStoreException {
        SearchResult allowedRolesForResource = getAllowedRolesForResource(null, root, Util.actionToPermission(str2), Util.toComponenets(str));
        return (String[]) allowedRolesForResource.getAllowedEntities().toArray(new String[allowedRolesForResource.getAllowedEntities().size()]);
    }

    @Override // org.wso2.carbon.user.core.Authorizer
    public String[] getDeniedRolesForResource(String str, String str2) throws UserStoreException {
        SearchResult deniedRolesForResource = getDeniedRolesForResource(null, root, Util.actionToPermission(str2), Util.toComponenets(str));
        return (String[]) deniedRolesForResource.getDeniedEntities().toArray(new String[deniedRolesForResource.getDeniedEntities().size()]);
    }

    public boolean isUserAuthorizedFromGivenRoles(String str, String[] strArr, String str2, String str3) throws UserStoreException {
        if (getUserPermission(str, Util.actionToPermission(str3), null, root, Util.toComponenets(str2)).getLastNodeAllowedAccess() == Boolean.TRUE) {
            return true;
        }
        return isUserAuthorizedFromRoles(strArr, str, str2, str3);
    }

    protected boolean isUserAuthorizedFromRoles(String[] strArr, String str, String str2, String str3) throws UserStoreException {
        boolean z = false;
        List asList = Arrays.asList(getAllowedRolesForResource(str2, str3));
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (asList.contains(strArr[i])) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    public void printTree() {
        printNode(root);
    }

    private void printNode(TreeNode treeNode) {
        System.out.println(treeNode.getName());
        Iterator<TreeNode> it = treeNode.getChildren().values().iterator();
        while (it.hasNext()) {
            printNode(it.next());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SearchResult getNode(TreeNode treeNode, List<String> list) {
        TreeNode child;
        if (list == null || list.isEmpty()) {
            return new SearchResult(treeNode, null);
        }
        String str = list.get(0);
        if (str == null || str.length() <= 0 || (child = treeNode.getChild(str)) == null) {
            return new SearchResult(treeNode, list);
        }
        list.remove(0);
        return !list.isEmpty() ? getNode(child, list) : new SearchResult(child, null);
    }

    private SearchResult getRolePermission(String str, TreeNode.Permission permission, SearchResult searchResult, TreeNode treeNode, List<String> list) {
        TreeNode child;
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        Boolean isRoleAuthorized = treeNode.isRoleAuthorized(str, permission);
        if (isRoleAuthorized == Boolean.TRUE) {
            searchResult.setLastNodeAllowedAccess(Boolean.TRUE);
        } else if (isRoleAuthorized == Boolean.FALSE) {
            searchResult.setLastNodeAllowedAccess(Boolean.FALSE);
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            return searchResult;
        }
        String str2 = list.get(0);
        if (str2 == null || str2.length() <= 0 || (child = treeNode.getChild(str2)) == null) {
            searchResult.setLastNode(treeNode);
            return searchResult;
        }
        list.remove(0);
        return getRolePermission(str, permission, searchResult, child, list);
    }

    private SearchResult getUserPermission(String str, TreeNode.Permission permission, SearchResult searchResult, TreeNode treeNode, List<String> list) {
        TreeNode child;
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        Boolean isUserAuthorized = treeNode.isUserAuthorized(str, permission);
        if (isUserAuthorized == Boolean.TRUE) {
            searchResult.setLastNodeAllowedAccess(Boolean.TRUE);
        } else if (isUserAuthorized == Boolean.FALSE) {
            searchResult.setLastNodeAllowedAccess(Boolean.FALSE);
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            return searchResult;
        }
        String str2 = list.get(0);
        if (str2 == null || str2.length() <= 0 || (child = treeNode.getChild(str2)) == null) {
            searchResult.setLastNode(treeNode);
            return searchResult;
        }
        list.remove(0);
        return getUserPermission(str, permission, searchResult, child, list);
    }

    private SearchResult getAllowedRolesForResource(SearchResult searchResult, TreeNode treeNode, TreeNode.Permission permission, List<String> list) {
        TreeNode child;
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        Map<String, BitSet> roleAllowPermissions = treeNode.getRoleAllowPermissions();
        for (String str : roleAllowPermissions.keySet()) {
            if (roleAllowPermissions.get(str).get(permission.ordinal())) {
                searchResult.getAllowedEntities().add(str);
            }
        }
        Map<String, BitSet> roleDenyPermissions = treeNode.getRoleDenyPermissions();
        for (String str2 : roleDenyPermissions.keySet()) {
            if (roleDenyPermissions.get(str2).get(permission.ordinal()) && searchResult.getAllowedEntities().contains(str2)) {
                searchResult.getAllowedEntities().remove(str2);
            }
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            return searchResult;
        }
        String str3 = list.get(0);
        if (str3 == null || str3.length() <= 0 || (child = treeNode.getChild(str3)) == null) {
            searchResult.setLastNode(treeNode);
            return searchResult;
        }
        list.remove(0);
        return getAllowedRolesForResource(searchResult, child, permission, list);
    }

    private SearchResult getDeniedRolesForResource(SearchResult searchResult, TreeNode treeNode, TreeNode.Permission permission, List<String> list) {
        TreeNode child;
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        Map<String, BitSet> roleDenyPermissions = treeNode.getRoleDenyPermissions();
        for (String str : roleDenyPermissions.keySet()) {
            if (roleDenyPermissions.get(str).get(permission.ordinal())) {
                searchResult.getDeniedEntities().add(str);
            }
        }
        Map<String, BitSet> roleAllowPermissions = treeNode.getRoleAllowPermissions();
        for (String str2 : roleAllowPermissions.keySet()) {
            if (roleAllowPermissions.get(str2).get(permission.ordinal()) && searchResult.getDeniedEntities().contains(str2)) {
                searchResult.getDeniedEntities().remove(str2);
            }
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            return searchResult;
        }
        String str3 = list.get(0);
        if (str3 == null || str3.length() <= 0 || (child = treeNode.getChild(str3)) == null) {
            searchResult.setLastNode(treeNode);
            return searchResult;
        }
        list.remove(0);
        return getDeniedRolesForResource(searchResult, child, permission, list);
    }

    private SearchResult getAllowedUsersForResource(SearchResult searchResult, TreeNode treeNode, TreeNode.Permission permission, List<String> list) {
        TreeNode child;
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        Map<String, BitSet> userAllowPermissions = treeNode.getUserAllowPermissions();
        for (String str : userAllowPermissions.keySet()) {
            if (userAllowPermissions.get(str).get(permission.ordinal())) {
                searchResult.getAllowedEntities().add(str);
            }
        }
        Map<String, BitSet> userDenyPermissions = treeNode.getUserDenyPermissions();
        for (String str2 : userDenyPermissions.keySet()) {
            if (userDenyPermissions.get(str2).get(permission.ordinal()) && searchResult.getAllowedEntities().contains(str2)) {
                searchResult.getAllowedEntities().remove(str2);
            }
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            return searchResult;
        }
        String str3 = list.get(0);
        if (str3 == null || str3.length() <= 0 || (child = treeNode.getChild(str3)) == null) {
            searchResult.setLastNode(treeNode);
            return searchResult;
        }
        list.remove(0);
        return getAllowedUsersForResource(searchResult, child, permission, list);
    }

    private SearchResult getDeniedUsersForResource(SearchResult searchResult, TreeNode treeNode, TreeNode.Permission permission, List<String> list) {
        TreeNode child;
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        Map<String, BitSet> userDenyPermissions = treeNode.getUserDenyPermissions();
        for (String str : userDenyPermissions.keySet()) {
            if (userDenyPermissions.get(str).get(permission.ordinal())) {
                searchResult.getDeniedEntities().add(str);
            }
        }
        Map<String, BitSet> userAllowPermissions = treeNode.getUserAllowPermissions();
        for (String str2 : userAllowPermissions.keySet()) {
            if (userAllowPermissions.get(str2).get(permission.ordinal()) && searchResult.getDeniedEntities().contains(str2)) {
                searchResult.getDeniedEntities().remove(str2);
            }
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            return searchResult;
        }
        String str3 = list.get(0);
        if (str3 == null || str3.length() <= 0 || (child = treeNode.getChild(str3)) == null) {
            searchResult.setLastNode(treeNode);
            return searchResult;
        }
        list.remove(0);
        return getDeniedUsersForResource(searchResult, child, permission, list);
    }

    public Boolean getUserAuthorized(String str, String str2, String str3, Connection connection) throws UserStoreException {
        return true;
    }

    public String[] getUserRoles(String str) throws UserStoreException {
        String[] strArr = new String[0];
        try {
            try {
                Connection connection = this.dataSource.getConnection();
                if (connection == null) {
                    throw new UserStoreException(Messages.getMessage("null_connection"));
                }
                connection.setAutoCommit(false);
                PreparedStatement prepareStatement = connection.prepareStatement(this.sqlHelper.getSQL(41));
                prepareStatement.setString(1, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                LinkedList linkedList = new LinkedList();
                String columnName = this.sqlHelper.getColumnName(5);
                while (executeQuery.next()) {
                    linkedList.add(executeQuery.getString(columnName));
                }
                if (linkedList.size() > 0) {
                    strArr = (String[]) linkedList.toArray(new String[linkedList.size()]);
                }
                DatabaseUtil.closeAllConnections(connection, executeQuery, prepareStatement);
                return strArr;
            } catch (SQLException e) {
                log.error(e.getMessage(), e);
                throw new UserStoreException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(null, null, null);
            throw th;
        }
    }

    public void populatePermissionTreeFromDB() throws UserStoreException {
        Connection connection = null;
        ResultSet resultSet = null;
        PreparedStatement preparedStatement = null;
        PreparedStatement preparedStatement2 = null;
        try {
            try {
                connection = getConnection(null);
                preparedStatement = connection.prepareStatement(this.sqlHelper.getSQL(70));
                ResultSet executeQuery = preparedStatement.executeQuery();
                String columnName = this.sqlHelper.getColumnName(5);
                String columnName2 = this.sqlHelper.getColumnName(11);
                String columnName3 = this.sqlHelper.getColumnName(10);
                String columnName4 = this.sqlHelper.getColumnName(8);
                while (executeQuery.next()) {
                    short s = executeQuery.getShort(columnName4);
                    if (s == UserCoreConstants.ALLOW) {
                        authorizeRoleInTree(executeQuery.getString(columnName), executeQuery.getString(columnName2), executeQuery.getString(columnName3));
                    } else if (s == UserCoreConstants.DENY) {
                        denyRoleInTree(executeQuery.getString(columnName), executeQuery.getString(columnName2), executeQuery.getString(columnName3));
                    }
                }
                preparedStatement2 = connection.prepareStatement(this.sqlHelper.getSQL(71));
                resultSet = preparedStatement2.executeQuery();
                String columnName5 = this.sqlHelper.getColumnName(4);
                String columnName6 = this.sqlHelper.getColumnName(11);
                String columnName7 = this.sqlHelper.getColumnName(10);
                String columnName8 = this.sqlHelper.getColumnName(8);
                while (resultSet.next()) {
                    short s2 = resultSet.getShort(columnName8);
                    if (s2 == UserCoreConstants.ALLOW) {
                        authorizeUserInTree(resultSet.getString(columnName5), resultSet.getString(columnName6), resultSet.getString(columnName7));
                    } else if (s2 == UserCoreConstants.DENY) {
                        denyUserInTree(resultSet.getString(columnName5), resultSet.getString(columnName6), resultSet.getString(columnName7));
                    }
                }
                DatabaseUtil.closeAllConnections(connection, resultSet, preparedStatement, preparedStatement2);
            } catch (SQLException e) {
                log.error(e.getMessage(), e);
                throw new UserStoreException(Messages.getMessage("errorReadingFromUserStore"), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, resultSet, preparedStatement, preparedStatement2);
            throw th;
        }
    }

    public void authorizeUserInTree(String str, String str2, String str3) {
        SearchResult node = getNode(root, Util.toComponenets(str2));
        if (node.getUnprocessedPaths() == null) {
            node.getLastNode().authorizeUser(str, Util.actionToPermission(str3));
        } else {
            node.getLastNode().create(node.getUnprocessedPaths()).authorizeUser(str, Util.actionToPermission(str3));
        }
    }

    public void denyUserInTree(String str, String str2, String str3) throws UserStoreException {
        SearchResult node = getNode(root, Util.toComponenets(str2));
        if (node.getUnprocessedPaths() == null) {
            node.getLastNode().denyUser(str, Util.actionToPermission(str3));
        } else {
            node.getLastNode().create(node.getUnprocessedPaths()).denyUser(str, Util.actionToPermission(str3));
        }
    }

    public void authorizeRoleInTree(String str, String str2, String str3) throws UserStoreException {
        SearchResult node = getNode(root, Util.toComponenets(str2));
        if (node.getUnprocessedPaths() == null) {
            node.getLastNode().authorizeRole(str, Util.actionToPermission(str3));
        } else {
            node.getLastNode().create(node.getUnprocessedPaths()).authorizeRole(str, Util.actionToPermission(str3));
        }
    }

    public void denyRoleInTree(String str, String str2, String str3) throws UserStoreException {
        SearchResult node = getNode(root, Util.toComponenets(str2));
        if (node.getUnprocessedPaths() == null) {
            node.getLastNode().denyRole(str, Util.actionToPermission(str3));
        } else {
            node.getLastNode().create(node.getUnprocessedPaths()).denyRole(str, Util.actionToPermission(str3));
        }
    }

    private Connection getConnection(Connection connection) throws SQLException, UserStoreException {
        Connection connection2 = this.dataSource.getConnection();
        if (connection2 == null) {
            throw new UserStoreException(Messages.getMessage("null_connection"));
        }
        connection2.setAutoCommit(false);
        return connection2;
    }
}
