package org.wso2.carbon.user.core.authorization;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.BitSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.sql.DataSource;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.caching.core.BaseCache;
import org.wso2.carbon.caching.core.permissiontree.PermissionTreeCache;
import org.wso2.carbon.caching.core.permissiontree.PermissionTreeCacheEntry;
import org.wso2.carbon.caching.core.permissiontree.PermissionTreeCacheKey;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.authorization.TreeNode;
import org.wso2.carbon.user.core.util.DatabaseUtil;

/* loaded from: input_file:org/wso2/carbon/user/core/authorization/PermissionTree.class */
public class PermissionTree {
    protected int tenantId;
    protected int hashValueOfRootNode;
    protected DataSource dataSource;
    private static Log log = LogFactory.getLog(PermissionTree.class);
    private static BaseCache permissionCache = PermissionTreeCache.getInstance();
    private boolean updateTreeFromDB = false;
    protected TreeNode root = new TreeNode("/");

    public PermissionTree(int i, DataSource dataSource) {
        this.tenantId = i;
        this.dataSource = dataSource;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authorizeUserInTree(String str, String str2, String str3) {
        SearchResult node = getNode(this.root, PermissionTreeUtil.toComponenets(str2));
        if (node.getUnprocessedPaths() != null) {
            node.getLastNode().create(node.getUnprocessedPaths()).authorizeUser(str, PermissionTreeUtil.actionToPermission(str3));
        } else {
            node.getLastNode().authorizeUser(str, PermissionTreeUtil.actionToPermission(str3));
        }
        updatePermissionTreeCache();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void denyUserInTree(String str, String str2, String str3) {
        SearchResult node = getNode(this.root, PermissionTreeUtil.toComponenets(str2));
        if (node.getUnprocessedPaths() != null) {
            node.getLastNode().create(node.getUnprocessedPaths()).denyUser(str, PermissionTreeUtil.actionToPermission(str3));
        } else {
            node.getLastNode().denyUser(str, PermissionTreeUtil.actionToPermission(str3));
        }
        updatePermissionTreeCache();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authorizeRoleInTree(String str, String str2, String str3) {
        SearchResult node = getNode(this.root, PermissionTreeUtil.toComponenets(str2));
        if (node.getUnprocessedPaths() != null) {
            node.getLastNode().create(node.getUnprocessedPaths()).authorizeRole(str, PermissionTreeUtil.actionToPermission(str3));
        } else {
            node.getLastNode().authorizeRole(str, PermissionTreeUtil.actionToPermission(str3));
        }
        updatePermissionTreeCache();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void denyRoleInTree(String str, String str2, String str3) {
        SearchResult node = getNode(this.root, PermissionTreeUtil.toComponenets(str2));
        if (node.getUnprocessedPaths() != null) {
            node.getLastNode().create(node.getUnprocessedPaths()).denyRole(str, PermissionTreeUtil.actionToPermission(str3));
        } else {
            node.getLastNode().denyRole(str, PermissionTreeUtil.actionToPermission(str3));
        }
        updatePermissionTreeCache();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchResult getRolePermission(String str, TreeNode.Permission permission, SearchResult searchResult, TreeNode treeNode, List<String> list) {
        TreeNode child;
        if (treeNode == null) {
            treeNode = this.root;
        }
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        Boolean isRoleAuthorized = treeNode.isRoleAuthorized(str, permission);
        if (isRoleAuthorized == Boolean.TRUE) {
            searchResult.setLastNodeAllowedAccess(Boolean.TRUE);
        } else if (isRoleAuthorized == Boolean.FALSE) {
            searchResult.setLastNodeAllowedAccess(Boolean.FALSE);
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            return searchResult;
        }
        String str2 = list.get(0);
        if (str2 == null || str2.length() <= 0 || (child = treeNode.getChild(str2)) == null) {
            searchResult.setLastNode(treeNode);
            return searchResult;
        }
        list.remove(0);
        return getRolePermission(str, permission, searchResult, child, list);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchResult getUserPermission(String str, TreeNode.Permission permission, SearchResult searchResult, TreeNode treeNode, List<String> list) {
        TreeNode child;
        if (treeNode == null) {
            treeNode = this.root;
        }
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        Boolean isUserAuthorized = treeNode.isUserAuthorized(str, permission);
        if (isUserAuthorized == Boolean.TRUE) {
            searchResult.setLastNodeAllowedAccess(Boolean.TRUE);
        } else if (isUserAuthorized == Boolean.FALSE) {
            searchResult.setLastNodeAllowedAccess(Boolean.FALSE);
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            return searchResult;
        }
        String str2 = list.get(0);
        if (str2 == null || str2.length() <= 0 || (child = treeNode.getChild(str2)) == null) {
            searchResult.setLastNode(treeNode);
            return searchResult;
        }
        list.remove(0);
        return getUserPermission(str, permission, searchResult, child, list);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchResult getAllowedUsersForResource(SearchResult searchResult, TreeNode treeNode, TreeNode.Permission permission, List<String> list) {
        TreeNode child;
        if (treeNode == null) {
            treeNode = this.root;
        }
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        for (Map.Entry<String, BitSet> entry : treeNode.getUserAllowPermissions().entrySet()) {
            if (entry.getValue().get(permission.ordinal()) && !searchResult.getAllowedEntities().contains(entry.getKey())) {
                searchResult.getAllowedEntities().add(entry.getKey());
            }
        }
        for (Map.Entry<String, BitSet> entry2 : treeNode.getUserDenyPermissions().entrySet()) {
            if (entry2.getValue().get(permission.ordinal()) && searchResult.getAllowedEntities().contains(entry2.getKey())) {
                searchResult.getAllowedEntities().remove(entry2.getKey());
            }
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            return searchResult;
        }
        String str = list.get(0);
        if (str == null || str.length() <= 0 || (child = treeNode.getChild(str)) == null) {
            searchResult.setLastNode(treeNode);
            return searchResult;
        }
        list.remove(0);
        return getAllowedUsersForResource(searchResult, child, permission, list);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchResult getAllowedRolesForResource(SearchResult searchResult, TreeNode treeNode, TreeNode.Permission permission, List<String> list) {
        TreeNode child;
        if (treeNode == null) {
            treeNode = this.root;
        }
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        for (Map.Entry<String, BitSet> entry : treeNode.getRoleAllowPermissions().entrySet()) {
            if (entry.getValue().get(permission.ordinal()) && !searchResult.getAllowedEntities().contains(entry.getKey())) {
                searchResult.getAllowedEntities().add(entry.getKey());
            }
        }
        for (Map.Entry<String, BitSet> entry2 : treeNode.getRoleDenyPermissions().entrySet()) {
            if (entry2.getValue().get(permission.ordinal()) && searchResult.getAllowedEntities().contains(entry2.getKey())) {
                searchResult.getAllowedEntities().remove(entry2.getKey());
            }
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            return searchResult;
        }
        String str = list.get(0);
        if (str == null || str.length() <= 0 || (child = treeNode.getChild(str)) == null) {
            searchResult.setLastNode(treeNode);
            return searchResult;
        }
        list.remove(0);
        return getAllowedRolesForResource(searchResult, child, permission, list);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchResult getDeniedRolesForResource(SearchResult searchResult, TreeNode treeNode, TreeNode.Permission permission, List<String> list) {
        TreeNode child;
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        if (treeNode == null) {
            treeNode = this.root;
        }
        for (Map.Entry<String, BitSet> entry : treeNode.getRoleDenyPermissions().entrySet()) {
            if (entry.getValue().get(permission.ordinal()) && !searchResult.getDeniedEntities().contains(entry.getKey())) {
                searchResult.getDeniedEntities().add(entry.getKey());
            }
        }
        for (Map.Entry<String, BitSet> entry2 : treeNode.getRoleAllowPermissions().entrySet()) {
            if (entry2.getValue().get(permission.ordinal()) && searchResult.getDeniedEntities().contains(entry2.getKey())) {
                searchResult.getDeniedEntities().remove(entry2.getKey());
            }
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            return searchResult;
        }
        String str = list.get(0);
        if (str == null || str.length() <= 0 || (child = treeNode.getChild(str)) == null) {
            searchResult.setLastNode(treeNode);
            return searchResult;
        }
        list.remove(0);
        return getDeniedRolesForResource(searchResult, child, permission, list);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchResult getDeniedUsersForResource(SearchResult searchResult, TreeNode treeNode, TreeNode.Permission permission, List<String> list) {
        TreeNode child;
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        if (treeNode == null) {
            treeNode = this.root;
        }
        for (Map.Entry<String, BitSet> entry : treeNode.getUserDenyPermissions().entrySet()) {
            if (entry.getValue().get(permission.ordinal()) && !searchResult.getDeniedEntities().contains(entry.getKey())) {
                searchResult.getDeniedEntities().add(entry.getKey());
            }
        }
        for (Map.Entry<String, BitSet> entry2 : treeNode.getUserAllowPermissions().entrySet()) {
            if (entry2.getValue().get(permission.ordinal()) && searchResult.getDeniedEntities().contains(entry2.getKey())) {
                searchResult.getDeniedEntities().remove(entry2.getKey());
            }
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            return searchResult;
        }
        String str = list.get(0);
        if (str == null || str.length() <= 0 || (child = treeNode.getChild(str)) == null) {
            searchResult.setLastNode(treeNode);
            return searchResult;
        }
        list.remove(0);
        return getDeniedUsersForResource(searchResult, child, permission, list);
    }

    protected SearchResult getNode(TreeNode treeNode, List<String> list) {
        TreeNode child;
        if (list == null || list.isEmpty()) {
            return new SearchResult(treeNode, null);
        }
        String str = list.get(0);
        if (str == null || str.length() <= 0 || (child = treeNode.getChild(str)) == null) {
            return new SearchResult(treeNode, list);
        }
        list.remove(0);
        return !list.isEmpty() ? getNode(child, list) : new SearchResult(child, null);
    }

    void clearRoleAuthorization(String str, TreeNode treeNode, TreeNode.Permission permission) {
        Map<String, BitSet> roleAllowPermissions = treeNode.getRoleAllowPermissions();
        Map<String, BitSet> roleDenyPermissions = treeNode.getRoleDenyPermissions();
        BitSet bitSet = roleAllowPermissions.get(str);
        if (bitSet != null) {
            bitSet.clear(permission.ordinal());
        }
        BitSet bitSet2 = roleDenyPermissions.get(str);
        if (bitSet2 != null) {
            bitSet2.clear(permission.ordinal());
        }
        Map<String, TreeNode> children = treeNode.getChildren();
        if (children != null && children.size() > 0) {
            Iterator<TreeNode> it = children.values().iterator();
            while (it.hasNext()) {
                clearRoleAuthorization(str, it.next(), permission);
            }
        }
        updatePermissionTreeCache();
    }

    void clearRoleAuthorization(String str, TreeNode treeNode) {
        Map<String, BitSet> roleAllowPermissions = treeNode.getRoleAllowPermissions();
        Map<String, BitSet> roleDenyPermissions = treeNode.getRoleDenyPermissions();
        if (roleAllowPermissions.get(str) != null) {
            roleAllowPermissions.remove(str);
        }
        if (roleDenyPermissions.get(str) != null) {
            roleDenyPermissions.remove(str);
        }
        Map<String, TreeNode> children = treeNode.getChildren();
        if (children != null && children.size() > 0) {
            Iterator<TreeNode> it = children.values().iterator();
            while (it.hasNext()) {
                clearRoleAuthorization(str, it.next());
            }
        }
        updatePermissionTreeCache();
    }

    void updateRoleNameInCache(String str, String str2, TreeNode treeNode) {
        Map<String, BitSet> roleAllowPermissions = treeNode.getRoleAllowPermissions();
        Map<String, BitSet> roleDenyPermissions = treeNode.getRoleDenyPermissions();
        BitSet bitSet = roleAllowPermissions.get(str);
        if (bitSet != null) {
            roleAllowPermissions.remove(str);
            roleAllowPermissions.put(str2, bitSet);
        }
        BitSet bitSet2 = roleDenyPermissions.get(str);
        if (bitSet2 != null) {
            roleDenyPermissions.remove(str);
            roleDenyPermissions.put(str2, bitSet2);
        }
        Map<String, TreeNode> children = treeNode.getChildren();
        if (children != null && children.size() > 0) {
            Iterator<TreeNode> it = children.values().iterator();
            while (it.hasNext()) {
                updateRoleNameInCache(str, str2, it.next());
            }
        }
        updatePermissionTreeCache();
    }

    public void clearRoleAuthorization(String str, String str2, String str3) {
        SearchResult node = getNode(this.root, PermissionTreeUtil.toComponenets(str2));
        if (node.getUnprocessedPaths() == null) {
            TreeNode.Permission actionToPermission = PermissionTreeUtil.actionToPermission(str3);
            BitSet bitSet = node.getLastNode().getRoleAllowPermissions().get(str);
            if (bitSet != null) {
                bitSet.clear(actionToPermission.ordinal());
            }
            BitSet bitSet2 = node.getLastNode().getRoleDenyPermissions().get(str);
            if (bitSet2 != null) {
                bitSet2.clear(actionToPermission.ordinal());
            }
        }
        updatePermissionTreeCache();
    }

    public void clearRoleAuthorization(String str, String str2) {
        clearRoleAuthorization(str, this.root, PermissionTreeUtil.actionToPermission(str2));
    }

    public void updateRoleNameInCache(String str, String str2) {
        updateRoleNameInCache(str, str2, this.root);
    }

    public void clearRoleAuthorization(String str) {
        clearRoleAuthorization(str, this.root);
    }

    void clearUserAuthorization(String str, TreeNode treeNode) {
        Map<String, BitSet> userAllowPermissions = treeNode.getUserAllowPermissions();
        Map<String, BitSet> userDenyPermissions = treeNode.getUserDenyPermissions();
        if (userAllowPermissions.get(str) != null) {
            userAllowPermissions.remove(str);
        }
        if (userDenyPermissions.get(str) != null) {
            userDenyPermissions.remove(str);
        }
        Map<String, TreeNode> children = treeNode.getChildren();
        if (children != null && children.size() > 0) {
            Iterator<TreeNode> it = children.values().iterator();
            while (it.hasNext()) {
                clearUserAuthorization(str, it.next());
            }
        }
        updatePermissionTreeCache();
    }

    public void clearUserAuthorization(String str) {
        clearUserAuthorization(str, this.root);
    }

    public void clearUserAuthorization(String str, String str2, String str3) {
        SearchResult node = getNode(this.root, PermissionTreeUtil.toComponenets(str2));
        if (node.getUnprocessedPaths() == null || node.getUnprocessedPaths().isEmpty()) {
            TreeNode.Permission actionToPermission = PermissionTreeUtil.actionToPermission(str3);
            BitSet bitSet = node.getLastNode().getUserAllowPermissions().get(str);
            if (bitSet != null) {
                bitSet.clear(actionToPermission.ordinal());
            }
            BitSet bitSet2 = node.getLastNode().getUserDenyPermissions().get(str);
            if (bitSet2 != null) {
                bitSet2.clear(actionToPermission.ordinal());
            }
        }
        updatePermissionTreeCache();
    }

    public void clearResourceAuthorizations(String str) {
        SearchResult node = getNode(this.root, PermissionTreeUtil.toComponenets(str));
        if (node.getUnprocessedPaths() == null) {
            node.getLastNode().getUserAllowPermissions().clear();
            node.getLastNode().getUserDenyPermissions().clear();
            node.getLastNode().getRoleAllowPermissions().clear();
            node.getLastNode().getRoleDenyPermissions().clear();
        }
        updatePermissionTreeCache();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void getUIResourcesForRoles(String[] strArr, List<String> list, String str, TreeNode.Permission permission, TreeNode treeNode) {
        String str2 = str + "/" + treeNode.getName();
        if (permission == null) {
            permission = PermissionTreeUtil.actionToPermission(CarbonConstants.UI_PERMISSION_ACTION);
        }
        Map<String, BitSet> roleAllowPermissions = treeNode.getRoleAllowPermissions();
        for (String str3 : strArr) {
            BitSet bitSet = roleAllowPermissions.get(str3);
            if (bitSet != null && bitSet.get(permission.ordinal())) {
                list.add(str2);
                return;
            }
        }
        for (TreeNode treeNode2 : treeNode.getChildren().values()) {
            if (treeNode2 != null) {
                getUIResourcesForRoles(strArr, list, str2, permission, treeNode2);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TreeNode getNodeForPath(String str) {
        List<String> componenets = PermissionTreeUtil.toComponenets(str);
        TreeNode treeNode = this.root;
        Iterator<String> it = componenets.iterator();
        while (it.hasNext()) {
            treeNode = treeNode.getChild(it.next());
            if (treeNode == null) {
                return null;
            }
        }
        return treeNode;
    }

    public void clear() {
        this.root.clearNodes();
        this.hashValueOfRootNode = -1;
    }

    public void updatePermissionTree() throws UserStoreException {
        PermissionTreeCacheEntry valueFromCache = permissionCache.getValueFromCache(new PermissionTreeCacheKey(this.tenantId));
        if (valueFromCache == null || valueFromCache.getPermissionTreeCacheEntry() == this.hashValueOfRootNode) {
            return;
        }
        updatePermissionTreeFromDB();
        updatePermissionTreeCache();
        log.info("updated permission tree from database for tenant " + this.tenantId);
    }

    public void updatePermissionTreeCache() {
        if (this.updateTreeFromDB) {
            return;
        }
        this.hashValueOfRootNode = this.root.hashCode();
        PermissionTreeCacheEntry permissionTreeCacheEntry = new PermissionTreeCacheEntry(this.hashValueOfRootNode);
        permissionCache.addToCache(new PermissionTreeCacheKey(this.tenantId), permissionTreeCacheEntry);
    }

    public synchronized void updatePermissionTreeFromDB() throws UserStoreException {
        this.updateTreeFromDB = true;
        this.root.clearNodes();
        ResultSet resultSet = null;
        PreparedStatement preparedStatement = null;
        PreparedStatement preparedStatement2 = null;
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                preparedStatement = connection.prepareStatement(DBConstants.GET_EXISTING_ROLE_PERMISSIONS);
                preparedStatement.setInt(1, this.tenantId);
                preparedStatement.setInt(2, this.tenantId);
                ResultSet executeQuery = preparedStatement.executeQuery();
                while (executeQuery.next()) {
                    if (executeQuery.getShort(3) == 1) {
                        authorizeRoleInTree(executeQuery.getString(1), executeQuery.getString(2), executeQuery.getString(4));
                    } else {
                        denyRoleInTree(executeQuery.getString(1), executeQuery.getString(2), executeQuery.getString(4));
                    }
                }
                preparedStatement2 = connection.prepareStatement(DBConstants.GET_EXISTING_USER_PERMISSIONS);
                preparedStatement2.setInt(1, this.tenantId);
                preparedStatement2.setInt(2, this.tenantId);
                resultSet = preparedStatement2.executeQuery();
                while (resultSet.next()) {
                    if (resultSet.getShort(3) == 1) {
                        authorizeUserInTree(resultSet.getString(1), resultSet.getString(2), resultSet.getString(4));
                    } else {
                        denyUserInTree(resultSet.getString(1), resultSet.getString(2), resultSet.getString(4));
                    }
                }
                DatabaseUtil.closeAllConnections(connection, resultSet, preparedStatement, preparedStatement2);
                this.updateTreeFromDB = false;
            } catch (SQLException e) {
                throw new UserStoreException("Error loading authorizations. Please check the database. Error message is " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, resultSet, preparedStatement, preparedStatement2);
            throw th;
        }
    }

    private Connection getDBConnection() throws SQLException {
        Connection connection = this.dataSource.getConnection();
        connection.setAutoCommit(false);
        return connection;
    }
}
