package org.wso2.carbon.user.core.authorization;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.sql.DataSource;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.caching.core.authorization.AuthorizationCacheException;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.core.AuthorizationManager;
import org.wso2.carbon.user.core.Permission;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.authorization.TreeNode;
import org.wso2.carbon.user.core.claim.ClaimManager;
import org.wso2.carbon.user.core.internal.UMListenerServiceComponent;
import org.wso2.carbon.user.core.listener.AuthorizationManagerListener;
import org.wso2.carbon.user.core.profile.ProfileConfigurationManager;
import org.wso2.carbon.user.core.util.DatabaseUtil;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/user/core/authorization/JDBCAuthorizationManager.class */
public class JDBCAuthorizationManager implements AuthorizationManager {
    private DataSource dataSource;
    private PermissionTree permissionTree;
    private AuthorizationCache authorizationCache;
    private UserRealm userRealm;
    private RealmConfiguration realmConfig;
    private String cacheIdentifier;
    private int tenantId;
    private static Log log = LogFactory.getLog(JDBCAuthorizationManager.class);

    public JDBCAuthorizationManager(RealmConfiguration realmConfiguration, Map<String, Object> map, ClaimManager claimManager, ProfileConfigurationManager profileConfigurationManager, UserRealm userRealm, Integer num) throws UserStoreException {
        this.dataSource = null;
        this.permissionTree = null;
        this.authorizationCache = null;
        this.userRealm = null;
        this.realmConfig = null;
        this.authorizationCache = AuthorizationCache.getInstance();
        if (!"true".equals(realmConfiguration.getAuthorizationManagerProperty(UserCoreConstants.RealmConfig.PROPERTY_AUTHORIZATION_CACHE_ENABLED))) {
            this.authorizationCache.disableCache();
        }
        String userStoreProperty = realmConfiguration.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_USER_CORE_CACHE_IDENTIFIER);
        if (userStoreProperty != null && userStoreProperty.trim().length() > 0) {
            this.cacheIdentifier = userStoreProperty;
        }
        this.dataSource = (DataSource) map.get(UserCoreConstants.DATA_SOURCE);
        if (this.dataSource == null) {
            this.dataSource = DatabaseUtil.getRealmDataSource(realmConfiguration);
            map.put(UserCoreConstants.DATA_SOURCE, this.dataSource);
        }
        this.permissionTree = new PermissionTree(this.cacheIdentifier, num.intValue(), this.dataSource);
        this.realmConfig = realmConfiguration;
        this.userRealm = userRealm;
        this.tenantId = num.intValue();
        if (log.isDebugEnabled()) {
            log.debug("The jdbcDataSource being used by JDBCAuthorizationManager :: " + this.dataSource.hashCode());
        }
        populatePermissionTreeFromDB();
        addInitialData();
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public boolean isRoleAuthorized(String str, String str2, String str3) throws UserStoreException {
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().isRoleAuthorized(str, str2, str3, this)) {
                return false;
            }
        }
        this.permissionTree.updatePermissionTree();
        SearchResult rolePermission = this.permissionTree.getRolePermission(str, PermissionTreeUtil.actionToPermission(str3), null, null, PermissionTreeUtil.toComponenets(str2));
        if (log.isDebugEnabled() && !rolePermission.getLastNodeAllowedAccess().booleanValue()) {
            log.debug(str + " role is not Authorized to perform " + str3 + " on " + str2);
        }
        return rolePermission.getLastNodeAllowedAccess().booleanValue();
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public boolean isUserAuthorized(String str, String str2, String str3) throws UserStoreException {
        if ("wso2.system.user".equals(str)) {
            return true;
        }
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().isUserAuthorized(str, str2, str3, this)) {
                return false;
            }
        }
        try {
            Boolean isUserAuthorized = this.authorizationCache.isUserAuthorized(this.cacheIdentifier, this.tenantId, str, str2, str3);
            if (log.isDebugEnabled() && !isUserAuthorized.booleanValue()) {
                log.debug(str + " user is not Authorized to perform " + str3 + " on " + str2);
            }
            if (isUserAuthorized != null) {
                return isUserAuthorized.booleanValue();
            }
        } catch (AuthorizationCacheException e) {
        }
        if (log.isDebugEnabled()) {
            log.debug("Authorization cache entry is not found for username : " + str);
        }
        this.permissionTree.updatePermissionTree();
        if (this.permissionTree.getUserPermission(str, PermissionTreeUtil.actionToPermission(str3), null, null, PermissionTreeUtil.toComponenets(str2)).getLastNodeAllowedAccess().booleanValue()) {
            this.authorizationCache.addToCache(this.cacheIdentifier, this.tenantId, str, str2, str3, true);
            return true;
        }
        String[] roleListOfUser = this.userRealm.m19getUserStoreManager().getRoleListOfUser(str);
        if (roleListOfUser == null || roleListOfUser.length == 0) {
            UserStoreManager m19getUserStoreManager = this.userRealm.m19getUserStoreManager();
            while (true) {
                UserStoreManager userStoreManager = m19getUserStoreManager;
                if (userStoreManager.getSecondaryUserStoreManager() == null) {
                    break;
                }
                roleListOfUser = this.userRealm.m19getUserStoreManager().getRoleListOfUser(str);
                if (roleListOfUser != null && roleListOfUser.length > 0) {
                    break;
                }
                m19getUserStoreManager = userStoreManager.getSecondaryUserStoreManager();
            }
        }
        if (log.isDebugEnabled() && (roleListOfUser == null || roleListOfUser.length < 1)) {
            log.debug("No roles are assigned to user : " + str);
        }
        boolean z = false;
        List asList = Arrays.asList(getAllowedRolesForResource(str2, str3));
        if (roleListOfUser != null) {
            String[] strArr = roleListOfUser;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (asList.contains(strArr[i])) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        this.authorizationCache.addToCache(this.cacheIdentifier, this.tenantId, str, str2, str3, z);
        if (log.isDebugEnabled() && !z) {
            log.debug(str + " user is not Authorized to perform " + str3 + " on " + str2);
        }
        return z;
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public String[] getAllowedRolesForResource(String str, String str2) throws UserStoreException {
        TreeNode.Permission actionToPermission = PermissionTreeUtil.actionToPermission(str2);
        this.permissionTree.updatePermissionTree();
        SearchResult allowedRolesForResource = this.permissionTree.getAllowedRolesForResource(null, null, actionToPermission, PermissionTreeUtil.toComponenets(str));
        return (String[]) allowedRolesForResource.getAllowedEntities().toArray(new String[allowedRolesForResource.getAllowedEntities().size()]);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public String[] getExplicitlyAllowedUsersForResource(String str, String str2) throws UserStoreException {
        TreeNode.Permission actionToPermission = PermissionTreeUtil.actionToPermission(str2);
        this.permissionTree.updatePermissionTree();
        SearchResult allowedUsersForResource = this.permissionTree.getAllowedUsersForResource(null, null, actionToPermission, PermissionTreeUtil.toComponenets(str));
        return (String[]) allowedUsersForResource.getAllowedEntities().toArray(new String[allowedUsersForResource.getAllowedEntities().size()]);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public String[] getDeniedRolesForResource(String str, String str2) throws UserStoreException {
        TreeNode.Permission actionToPermission = PermissionTreeUtil.actionToPermission(str2);
        this.permissionTree.updatePermissionTree();
        SearchResult deniedRolesForResource = this.permissionTree.getDeniedRolesForResource(null, null, actionToPermission, PermissionTreeUtil.toComponenets(str));
        return (String[]) deniedRolesForResource.getDeniedEntities().toArray(new String[deniedRolesForResource.getAllowedEntities().size()]);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public String[] getExplicitlyDeniedUsersForResource(String str, String str2) throws UserStoreException {
        TreeNode.Permission actionToPermission = PermissionTreeUtil.actionToPermission(str2);
        this.permissionTree.updatePermissionTree();
        SearchResult deniedUsersForResource = this.permissionTree.getDeniedUsersForResource(null, null, actionToPermission, PermissionTreeUtil.toComponenets(str));
        return (String[]) deniedUsersForResource.getDeniedEntities().toArray(new String[deniedUsersForResource.getAllowedEntities().size()]);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public String[] getAllowedUIResourcesForUser(String str, String str2) throws UserStoreException {
        ArrayList arrayList = new ArrayList();
        String[] roleListOfUser = this.userRealm.m19getUserStoreManager().getRoleListOfUser(str);
        this.permissionTree.updatePermissionTree();
        this.permissionTree.getUIResourcesForRoles(roleListOfUser, arrayList, str2);
        return UserCoreUtil.optimizePermissions((String[]) arrayList.toArray(new String[arrayList.size()]));
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public void authorizeRole(String str, String str2, String str3) throws UserStoreException {
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().authorizeRole(str, str2, str3, this)) {
                return;
            }
        }
        if (str2 == null || str3 == null) {
            log.error("Invalid data provided at authorization code");
            throw new UserStoreException("Invalid data provided");
        }
        addAuthorizationForRole(str, str2, str3, (short) 1, true);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public void authorizeRole(String str, Permission[] permissionArr) throws UserStoreException {
        if (permissionArr == null || permissionArr.length == 0) {
            log.error("Invalid data provided at authorization code");
            throw new UserStoreException("Invalid data provided");
        }
        authorizationRole(str, permissionArr, (short) 1, true);
    }

    private void authorizationRole(String str, Permission[] permissionArr, short s, boolean z) throws UserStoreException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        try {
            try {
                Connection dBConnection = getDBConnection();
                for (Permission permission : permissionArr) {
                    int permissionId = getPermissionId(dBConnection, permission.getResourceId(), permission.getAction());
                    if (permissionId == -1) {
                        addPermissionId(dBConnection, permission.getResourceId(), permission.getAction());
                        permissionId = getPermissionId(dBConnection, permission.getResourceId(), permission.getAction());
                    }
                    arrayList.add(Integer.valueOf(permissionId));
                }
                arrayList2.addAll(arrayList);
                arrayList.removeAll(getPermissionIds(dBConnection, str, this.tenantId));
                arrayList2.removeAll(arrayList);
                DatabaseUtil.udpateRolePermissionsInBatchMode(dBConnection, DBConstants.ADD_ROLE_PERMISSION_SQL, (Integer[]) arrayList.toArray(new Integer[arrayList.size()]), str, s, Integer.valueOf(this.tenantId));
                Iterator it = arrayList2.iterator();
                while (it.hasNext()) {
                    DatabaseUtil.updateDatabase(dBConnection, DBConstants.UPDATE_ROLE_PERMISSION_SQL, Short.valueOf(s), Integer.valueOf(((Integer) it.next()).intValue()), str, Integer.valueOf(this.tenantId));
                }
                dBConnection.commit();
                if (z) {
                    if (s == 1) {
                        for (Permission permission2 : permissionArr) {
                            this.permissionTree.authorizeRoleInTree(str, permission2.getResourceId(), permission2.getAction(), true);
                        }
                    } else {
                        for (Permission permission3 : permissionArr) {
                            this.permissionTree.denyRoleInTree(str, permission3.getResourceId(), permission3.getAction(), true);
                        }
                    }
                }
                DatabaseUtil.closeAllConnections(dBConnection, null);
            } catch (SQLException e) {
                log.error("Error! " + e.getMessage(), e);
                throw new UserStoreException("Error! " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(null, null);
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    private ArrayList<Integer> getPermissionIds(Connection connection, String str, int i) throws UserStoreException {
        ArrayList<Integer> arrayList = new ArrayList<>();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                preparedStatement = connection.prepareStatement(DBConstants.GET_ROLE_PERMISSIONS_SQL);
                preparedStatement.setString(1, str);
                preparedStatement.setInt(2, i);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    arrayList.add(Integer.valueOf(resultSet.getInt(1)));
                }
                DatabaseUtil.closeAllConnections(null, resultSet, preparedStatement);
                return arrayList;
            } catch (SQLException e) {
                log.error("Error! " + e.getMessage(), e);
                throw new UserStoreException("Error! " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(null, resultSet, preparedStatement);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public void denyRole(String str, String str2, String str3) throws UserStoreException {
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().denyRole(str, str2, str3, this)) {
                return;
            }
        }
        if (str2 == null || str3 == null) {
            log.error("Invalid data provided at authorization code");
            throw new UserStoreException("Invalid data provided");
        }
        addAuthorizationForRole(str, str2, str3, (short) 0, true);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public void authorizeUser(String str, String str2, String str3) throws UserStoreException {
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().authorizeUser(str, str2, str3, this)) {
                return;
            }
        }
        if (str2 == null || str3 == null) {
            log.error("Invalid data provided at authorization code");
            throw new UserStoreException("Invalid data provided");
        }
        addAuthorizationForUser(str, str2, str3, (short) 1, true);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public void denyUser(String str, String str2, String str3) throws UserStoreException {
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().denyUser(str, str2, str3, this)) {
                return;
            }
        }
        if (str2 == null || str3 == null) {
            log.error("Invalid data provided at authorization code");
            throw new UserStoreException("Invalid data provided");
        }
        addAuthorizationForUser(str, str2, str3, (short) 0, true);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public void clearResourceAuthorizations(String str) throws UserStoreException {
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().clearResourceAuthorizations(str, this)) {
                return;
            }
        }
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                DatabaseUtil.updateDatabase(connection, DBConstants.ON_DELETE_PERMISSION_UM_ROLE_PERMISSIONS_SQL, str, Integer.valueOf(this.tenantId));
                DatabaseUtil.updateDatabase(connection, DBConstants.ON_DELETE_PERMISSION_UM_USER_PERMISSIONS_SQL, str, Integer.valueOf(this.tenantId));
                DatabaseUtil.updateDatabase(connection, DBConstants.DELETE_PERMISSION_SQL, str, Integer.valueOf(this.tenantId));
                this.permissionTree.clearResourceAuthorizations(str);
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, new PreparedStatement[0]);
            } catch (SQLException e) {
                log.error("Error! " + e.getMessage(), e);
                throw new UserStoreException("Error! " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, new PreparedStatement[0]);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public void clearRoleAuthorization(String str, String str2, String str3) throws UserStoreException {
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().clearRoleAuthorization(str, str2, str3, this)) {
                return;
            }
        }
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                DatabaseUtil.updateDatabase(connection, DBConstants.DELETE_ROLE_PERMISSION_SQL, str, str2, str3, Integer.valueOf(this.tenantId), Integer.valueOf(this.tenantId));
                this.permissionTree.clearRoleAuthorization(str, str2, str3);
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, new PreparedStatement[0]);
            } catch (SQLException e) {
                log.error("Error! " + e.getMessage(), e);
                throw new UserStoreException("Error! " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, new PreparedStatement[0]);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public void clearUserAuthorization(String str, String str2, String str3) throws UserStoreException {
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().clearUserAuthorization(str, str2, str3, this)) {
                return;
            }
        }
        this.authorizationCache.clearCacheEntry(this.cacheIdentifier, this.tenantId, str, str2, str3);
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                if (getPermissionId(connection, str2, str3) == -1) {
                    addPermissionId(connection, str2, str3);
                }
                DatabaseUtil.updateDatabase(connection, DBConstants.DELETE_USER_PERMISSION_SQL, str, str2, str3, Integer.valueOf(this.tenantId), Integer.valueOf(this.tenantId));
                this.permissionTree.clearUserAuthorization(str, str2, str3);
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, null);
            } catch (SQLException e) {
                log.error("Error! " + e.getMessage(), e);
                throw new UserStoreException("Error! " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, null);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public void clearRoleActionOnAllResources(String str, String str2) throws UserStoreException {
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().clearRoleActionOnAllResources(str, str2, this)) {
                return;
            }
        }
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                this.permissionTree.clearRoleAuthorization(str, str2);
                DatabaseUtil.updateDatabase(connection, DBConstants.DELETE_ROLE_PERMISSIONS_BASED_ON_ACTION, str, str2, Integer.valueOf(this.tenantId), Integer.valueOf(this.tenantId));
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, null);
            } catch (SQLException e) {
                log.error("Error! " + e.getMessage(), e);
                throw new UserStoreException("Error! " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, null);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public void clearRoleAuthorization(String str) throws UserStoreException {
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().clearRoleAuthorization(str, this)) {
                return;
            }
        }
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                this.permissionTree.clearRoleAuthorization(str);
                DatabaseUtil.updateDatabase(connection, DBConstants.ON_DELETE_ROLE_DELETE_PERMISSION_SQL, str, Integer.valueOf(this.tenantId));
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, null);
            } catch (SQLException e) {
                log.error("Error! " + e.getMessage(), e);
                throw new UserStoreException("Error! " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, null);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public void clearUserAuthorization(String str) throws UserStoreException {
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().clearUserAuthorization(str, this)) {
                return;
            }
        }
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                this.permissionTree.clearUserAuthorization(str);
                DatabaseUtil.updateDatabase(connection, DBConstants.ON_DELETE_USER_DELETE_PERMISSION_SQL, str, Integer.valueOf(this.tenantId));
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, null);
            } catch (SQLException e) {
                log.error("Error! " + e.getMessage(), e);
                throw new UserStoreException("Error! " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, null);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public void resetPermissionOnUpdateRole(String str, String str2) throws UserStoreException {
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().resetPermissionOnUpdateRole(str, str2, this)) {
                return;
            }
        }
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        if (DBConstants.UPDATE_UM_ROLE_NAME_PERMISSION_SQL == 0) {
            throw new UserStoreException("The sql statement for update role name is null");
        }
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                this.permissionTree.updateRoleNameInCache(str, str2);
                DatabaseUtil.updateDatabase(connection, DBConstants.UPDATE_UM_ROLE_NAME_PERMISSION_SQL, str2, str, Integer.valueOf(this.tenantId));
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, null);
            } catch (SQLException e) {
                log.error("Error! " + e.getMessage(), e);
                throw new UserStoreException("Error! " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, null);
            throw th;
        }
    }

    public void addAuthorization(String str, String str2, String str3, boolean z, boolean z2) throws UserStoreException {
        short s = 0;
        if (z) {
            s = 1;
        }
        if (z2) {
            addAuthorizationForRole(str, str2, str3, s, false);
        } else {
            addAuthorizationForUser(str, str2, str3, s, false);
        }
    }

    private void addAuthorizationForRole(String str, String str2, String str3, short s, boolean z) throws UserStoreException {
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                int permissionId = getPermissionId(connection, str2, str3);
                if (permissionId == -1) {
                    addPermissionId(connection, str2, str3);
                    permissionId = getPermissionId(connection, str2, str3);
                }
                if (getRolePermissionID(connection, str, permissionId, this.tenantId) == -1) {
                    DatabaseUtil.updateDatabase(connection, DBConstants.ADD_ROLE_PERMISSION_SQL, Integer.valueOf(permissionId), str, Short.valueOf(s), Integer.valueOf(this.tenantId));
                } else {
                    DatabaseUtil.updateDatabase(connection, DBConstants.UPDATE_ROLE_PERMISSION_SQL, Short.valueOf(s), Integer.valueOf(permissionId), str, Integer.valueOf(this.tenantId));
                }
                if (z) {
                    if (s == 1) {
                        this.permissionTree.authorizeRoleInTree(str, str2, str3, true);
                    } else {
                        this.permissionTree.denyRoleInTree(str, str2, str3, true);
                    }
                }
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, null);
            } catch (SQLException e) {
                log.error("Error! " + e.getMessage(), e);
                throw new UserStoreException("Error! " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, null);
            throw th;
        }
    }

    private void addAuthorizationForUser(String str, String str2, String str3, short s, boolean z) throws UserStoreException {
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                int permissionId = getPermissionId(connection, str2, str3);
                if (permissionId == -1) {
                    addPermissionId(connection, str2, str3);
                    permissionId = getPermissionId(connection, str2, str3);
                }
                if (getUserPermissionID(connection, str, permissionId, this.tenantId) == -1) {
                    DatabaseUtil.updateDatabase(connection, DBConstants.ADD_USER_PERMISSION_SQL, Integer.valueOf(permissionId), str, Short.valueOf(s), Integer.valueOf(this.tenantId));
                } else {
                    DatabaseUtil.updateDatabase(connection, DBConstants.UPDATE_USER_PERMISSION_SQL, Short.valueOf(s), Integer.valueOf(permissionId), str, Integer.valueOf(this.tenantId));
                }
                if (z) {
                    if (s == 1) {
                        this.permissionTree.authorizeUserInTree(str, str2, str3, true);
                    } else {
                        this.permissionTree.denyUserInTree(str, str2, str3, true);
                        this.authorizationCache.clearCacheEntry(this.cacheIdentifier, this.tenantId, str, str2, str3);
                    }
                }
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, null);
            } catch (SQLException e) {
                log.error("Error! " + e.getMessage(), e);
                throw new UserStoreException("Error! " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, null);
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    private int getUserPermissionID(Connection connection, String str, int i, int i2) throws UserStoreException {
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        int i3 = -1;
        try {
            try {
                preparedStatement = connection.prepareStatement(DBConstants.GET_USER_PERMISSION_SQL);
                preparedStatement.setString(1, str);
                preparedStatement.setInt(2, i);
                preparedStatement.setInt(3, i2);
                resultSet = preparedStatement.executeQuery();
                if (resultSet.next()) {
                    i3 = resultSet.getInt(1);
                }
                int i4 = i3;
                DatabaseUtil.closeAllConnections(null, resultSet, preparedStatement);
                return i4;
            } catch (SQLException e) {
                log.error("Error! " + e.getMessage(), e);
                throw new UserStoreException("Error! " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(null, resultSet, preparedStatement);
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    private int getRolePermissionID(Connection connection, String str, int i, int i2) throws UserStoreException {
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        int i3 = -1;
        try {
            try {
                preparedStatement = connection.prepareStatement(DBConstants.GET_ROLE_PERMISSION_SQL);
                preparedStatement.setString(1, str);
                preparedStatement.setInt(2, i);
                preparedStatement.setInt(3, i2);
                resultSet = preparedStatement.executeQuery();
                if (resultSet.next()) {
                    i3 = resultSet.getInt(1);
                }
                int i4 = i3;
                DatabaseUtil.closeAllConnections(null, resultSet, preparedStatement);
                return i4;
            } catch (SQLException e) {
                log.error("Error! " + e.getMessage(), e);
                throw new UserStoreException("Error! " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(null, resultSet, preparedStatement);
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    private int getPermissionId(Connection connection, String str, String str2) throws UserStoreException {
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        int i = -1;
        try {
            try {
                preparedStatement = connection.prepareStatement(DBConstants.GET_PERMISSION_ID_SQL);
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, str2);
                preparedStatement.setInt(3, this.tenantId);
                resultSet = preparedStatement.executeQuery();
                if (resultSet.next()) {
                    i = resultSet.getInt(1);
                }
                int i2 = i;
                DatabaseUtil.closeAllConnections(null, resultSet, preparedStatement);
                return i2;
            } catch (SQLException e) {
                log.error("Error! " + e.getMessage(), e);
                throw new UserStoreException("Error! " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(null, resultSet, preparedStatement);
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    private void addPermissionId(Connection connection, String str, String str2) throws UserStoreException {
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = connection.prepareStatement(DBConstants.ADD_PERMISSION_SQL);
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, str2);
                preparedStatement.setInt(3, this.tenantId);
                int executeUpdate = preparedStatement.executeUpdate();
                if (log.isDebugEnabled()) {
                    log.debug("Executed querry is INSERT INTO UM_PERMISSION (UM_RESOURCE_ID, UM_ACTION, UM_TENANT_ID) VALUES (?, ?, ?) and number of updated rows :: " + executeUpdate);
                }
                DatabaseUtil.closeAllConnections(null, preparedStatement);
            } catch (SQLException e) {
                log.error("Error! " + e.getMessage(), e);
                throw new UserStoreException("Error! " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(null, preparedStatement);
            throw th;
        }
    }

    private Connection getDBConnection() throws SQLException {
        Connection connection = this.dataSource.getConnection();
        connection.setAutoCommit(false);
        return connection;
    }

    public void populatePermissionTreeFromDB() throws UserStoreException {
        this.permissionTree.updatePermissionTreeFromDB();
    }

    public void clearPermissionTree() {
        this.permissionTree.clear();
        this.authorizationCache.clearCache();
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public int getTenantId() throws UserStoreException {
        return this.tenantId;
    }

    private void addInitialData() throws UserStoreException {
        String authorizationManagerProperty = this.realmConfig.getAuthorizationManagerProperty(UserCoreConstants.RealmConfig.PROPERTY_EVERYONEROLE_AUTHORIZATION);
        if (authorizationManagerProperty != null) {
            String everyOneRoleName = this.realmConfig.getEveryOneRoleName();
            for (String str : authorizationManagerProperty.split(",")) {
                if (!isRoleAuthorized(everyOneRoleName, str, "ui.execute")) {
                    authorizeRole(everyOneRoleName, str, "ui.execute");
                }
            }
        }
        String authorizationManagerProperty2 = this.realmConfig.getAuthorizationManagerProperty(UserCoreConstants.RealmConfig.PROPERTY_ADMINROLE_AUTHORIZATION);
        if (authorizationManagerProperty2 != null) {
            String[] split = authorizationManagerProperty2.split(",");
            String adminRoleName = this.realmConfig.getAdminRoleName();
            for (String str2 : split) {
                if (!isRoleAuthorized(adminRoleName, str2, "ui.execute")) {
                    authorizeRole(adminRoleName, str2, "ui.execute");
                }
            }
        }
    }
}
