package org.wso2.carbon.identity.authorization.core;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.authorization.core.dao.ModuleDAO;
import org.wso2.carbon.identity.authorization.core.dao.PermissionAssignmentDAO;
import org.wso2.carbon.identity.authorization.core.dao.PermissionDAO;
import org.wso2.carbon.identity.authorization.core.dto.Permission;
import org.wso2.carbon.identity.authorization.core.dto.PermissionAssignment;
import org.wso2.carbon.identity.authorization.core.dto.PermissionGroup;
import org.wso2.carbon.identity.authorization.core.dto.PermissionModule;
import org.wso2.carbon.identity.authorization.core.dto.PermissionRequest;
import org.wso2.carbon.identity.authorization.core.dto.RolePermission;
import org.wso2.carbon.identity.authorization.core.dto.UserPermission;
import org.wso2.carbon.identity.authorization.core.permission.PermissionMapper;
import org.wso2.carbon.identity.authorization.core.permission.PermissionProcessor;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.utils.xml.StringUtils;

/* loaded from: input_file:org/wso2/carbon/identity/authorization/core/AuthorizationManagerService.class */
public class AuthorizationManagerService implements AuthorizationManager {
    private static Log log = LogFactory.getLog(AuthorizationManagerService.class);
    private PermissionMapper permissionMapper = PermissionMapper.getInstance();
    private PermissionProcessor permissionProcessor = PermissionProcessor.getInstance();

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public void clearPermissions(PermissionRequest permissionRequest) throws IdentityAuthorizationException {
        if (StringUtils.isEmpty(permissionRequest.getSubject()) && StringUtils.isEmpty(permissionRequest.getModule())) {
            log.error("Cannot clear all the permissions for the current teant id. Module or subject parameters should be provided");
            throw new IdentityAuthorizationException("Cannot clear all the permissions for the current teant id. Module or subject parameters should be provided");
        }
        try {
            this.permissionProcessor.clearPermissions(permissionRequest);
        } catch (UserStoreException e) {
            log.error(e.getMessage());
            throw new IdentityAuthorizationException(e.getMessage(), e);
        }
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public void createPermissions(List<PermissionGroup> list) throws IdentityAuthorizationException {
        if (list == null || list.isEmpty()) {
            log.error("Permissions are not provided");
            throw new IdentityAuthorizationException("Permissions are not provided");
        }
        for (PermissionGroup permissionGroup : list) {
            try {
                ModuleDAO loadPermissionDependency = this.permissionProcessor.loadPermissionDependency(permissionGroup.getModuleName());
                if (loadPermissionDependency != null) {
                    if (!this.permissionProcessor.validatePermission(loadPermissionDependency.getModuleName(), permissionGroup)) {
                        log.error("Required actions are not supported by the module");
                        throw new IdentityAuthorizationException("Required actions are not supported by the module");
                    }
                    permissionGroup.setModuleId(loadPermissionDependency.getModuleId());
                }
                PermissionDAO mapPermission = this.permissionMapper.mapPermission(permissionGroup);
                if (log.isDebugEnabled()) {
                    log.debug("Adding new permission to the database  " + permissionGroup.toString());
                }
                mapPermission.setTenantId(CarbonContext.getCurrentContext().getTenantId());
                int isExistingPermission = this.permissionProcessor.isExistingPermission(mapPermission);
                if (isExistingPermission > 0) {
                    mapPermission.setPermissionId(isExistingPermission);
                    mapPermission.setStatus((byte) 2);
                } else {
                    mapPermission.setStatus((byte) 1);
                }
                this.permissionProcessor.save(mapPermission);
            } catch (UserStoreException e) {
                throw new IdentityAuthorizationException(e.getMessage(), e);
            }
        }
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public void deletePermission(List<PermissionGroup> list) throws IdentityAuthorizationException {
        if (list == null || list.isEmpty()) {
            log.error("Permissions are not provided for delete operation");
            throw new IdentityAuthorizationException("Permissions are not provided for delete operation");
        }
        for (PermissionGroup permissionGroup : list) {
            try {
                permissionGroup.setModuleId(this.permissionProcessor.loadModule(permissionGroup.getModuleName()).getModuleId());
                PermissionDAO mapPermission = this.permissionMapper.mapPermission(permissionGroup);
                mapPermission.setTenantId(CarbonContext.getCurrentContext().getTenantId());
                mapPermission.setStatus((byte) 3);
                try {
                    this.permissionProcessor.save(mapPermission);
                } catch (UserStoreException e) {
                    throw new IdentityAuthorizationException(e.getMessage(), e);
                }
            } catch (UserStoreException e2) {
                log.error(e2.getMessage());
                throw new IdentityAuthorizationException(e2.getMessage());
            }
        }
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public void addUserPermissions(List<UserPermission> list) throws IdentityAuthorizationException {
        if (list == null || list.isEmpty()) {
            log.error("Permissions are not provided for insert operation");
            throw new IdentityAuthorizationException("Permissions are not provided for insert operation");
        }
        updatePermissions(list, (byte) 1);
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public void addRolePermissions(List<RolePermission> list) throws IdentityAuthorizationException {
        if (list == null || list.isEmpty()) {
            log.error("Role Permissions are not provided for insert operation");
            throw new IdentityAuthorizationException("Role Permissions are not provided for insert operation");
        }
        updatePermissions(list, (byte) 1);
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public void deleteUserPermissions(List<UserPermission> list) throws IdentityAuthorizationException {
        if (list == null || list.isEmpty()) {
            log.error("Permissions are not provided for delete operation");
            throw new IdentityAuthorizationException("Permissions are not provided for delete operation");
        }
        updatePermissions(list, (byte) 3);
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public void deleteRolePermissions(List<RolePermission> list) throws IdentityAuthorizationException {
        if (list == null || list.isEmpty()) {
            log.error("Role Permissions are not provided for delete operation");
            throw new IdentityAuthorizationException("Role Permissions are not provided for delete operation");
        }
        updatePermissions(list, (byte) 3);
    }

    private void updatePermissions(List<? extends PermissionAssignment> list, byte b) throws IdentityAuthorizationException {
        Iterator<? extends PermissionAssignment> it = list.iterator();
        while (it.hasNext()) {
            PermissionAssignmentDAO mapPermission = this.permissionMapper.mapPermission(it.next());
            mapPermission.setStatus(b);
            try {
                this.permissionProcessor.save(mapPermission);
            } catch (UserStoreException e) {
                throw new IdentityAuthorizationException(e.getMessage(), e);
            }
        }
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public PermissionModule getPermissionList(PermissionRequest permissionRequest) throws IdentityAuthorizationException {
        if (permissionRequest.getModule() == null || permissionRequest.getModule().trim().length() == 0) {
            log.error("Module not specified in order to check permissions");
            throw new IdentityAuthorizationException("Module was not specified in order to check permissions");
        }
        try {
            return this.permissionProcessor.loadModulePermissions(permissionRequest.getSubject(), permissionRequest.isUserPermissions(), permissionRequest.getModule());
        } catch (UserStoreException e) {
            log.error(e.getMessage());
            throw new IdentityAuthorizationException(e.getMessage(), e);
        }
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public List<Permission> getPermission(PermissionRequest permissionRequest) throws IdentityAuthorizationException {
        try {
            return this.permissionProcessor.loadPermission(permissionRequest.getSubject(), permissionRequest.isUserPermissions(), permissionRequest.getModule(), permissionRequest.getAction(), permissionRequest.getResource());
        } catch (UserStoreException e) {
            log.error(e.getMessage());
            throw new IdentityAuthorizationException(e.getMessage(), e);
        }
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public void updateUserPermissions(List<UserPermission> list) throws IdentityAuthorizationException {
        if (list == null || list.isEmpty()) {
            log.error("Permissions are not provided for update operation");
            throw new IdentityAuthorizationException("Permissions are not provided for update operation");
        }
        updatePermissions(list, (byte) 2);
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public void updateRolePermissions(List<RolePermission> list) throws IdentityAuthorizationException {
        if (list == null || list.isEmpty()) {
            log.error("Role Permissions are not provided for update operation");
            throw new IdentityAuthorizationException("Role Permissions are not provided for update operation");
        }
        updatePermissions(list, (byte) 2);
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public int createModule(PermissionModule permissionModule) throws IdentityAuthorizationException {
        if (permissionModule == null || StringUtils.isEmpty(permissionModule.getModuleName())) {
            log.error("Module/ Application registration cannot be done if module name is not provided");
            throw new IdentityAuthorizationException("Module/ Application registration cannot be done if module name is not provided");
        }
        ModuleDAO mapModule = this.permissionMapper.mapModule(permissionModule);
        mapModule.setStatus((byte) 1);
        try {
            return this.permissionProcessor.save(mapModule);
        } catch (UserStoreException e) {
            log.error(e.getMessage());
            throw new IdentityAuthorizationException(e.getMessage(), e);
        }
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public void updateAuthorizedActions(PermissionModule permissionModule) throws IdentityAuthorizationException {
        if (permissionModule == null || (permissionModule.getModuleId() <= 0 && StringUtils.isEmpty(permissionModule.getModuleName()))) {
            log.error("Adding actions to the module cannot be done since module cannot be identified ");
            throw new IdentityAuthorizationException("Adding actions to the module cannot be done since module cannot be identified ");
        }
        ModuleDAO mapModule = this.permissionMapper.mapModule(permissionModule);
        mapModule.setStatus((byte) 2);
        try {
            if (mapModule.getModuleId() <= 0) {
                ModuleDAO loadModule = this.permissionProcessor.loadModule(mapModule.getModuleName());
                if (loadModule == null) {
                    log.error("Adding actions to the module cannot be done since module cannot be identified ");
                    throw new IdentityAuthorizationException("Adding actions to the module cannot be done since module cannot be identified ");
                }
                mapModule.setModuleId(loadModule.getModuleId());
            }
            this.permissionProcessor.save(mapModule);
        } catch (UserStoreException e) {
            log.error(e.getMessage());
            throw new IdentityAuthorizationException(e.getMessage(), e);
        }
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public PermissionModule getModule(String str) throws IdentityAuthorizationException {
        try {
            ModuleDAO loadModule = this.permissionProcessor.loadModule(str);
            if (loadModule != null) {
                return this.permissionMapper.mapModule(loadModule);
            }
            log.error("Module cannot be identified ");
            throw new IdentityAuthorizationException("Module cannot be identified ");
        } catch (UserStoreException e) {
            log.error(e.getMessage());
            throw new IdentityAuthorizationException(e.getMessage(), e);
        }
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public boolean isAuthorized(PermissionRequest permissionRequest) throws IdentityAuthorizationException {
        List<Permission> permission = getPermission(permissionRequest);
        if (permission == null || permission.isEmpty()) {
            return false;
        }
        return permission.get(0).isAuthorized();
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public List<PermissionModule> loadModules() throws IdentityAuthorizationException {
        ArrayList arrayList = new ArrayList();
        try {
            List<ModuleDAO> loadModules = this.permissionProcessor.loadModules();
            if (loadModules != null) {
                Iterator<ModuleDAO> it = loadModules.iterator();
                while (it.hasNext()) {
                    arrayList.add(this.permissionMapper.mapModule(it.next()));
                }
            }
            return arrayList;
        } catch (UserStoreException e) {
            log.error(e.getMessage());
            throw new IdentityAuthorizationException(e.getMessage(), e);
        }
    }

    @Override // org.wso2.carbon.identity.authorization.core.AuthorizationManager
    public void removeModule(PermissionRequest permissionRequest) throws IdentityAuthorizationException {
        if (StringUtils.isEmpty(permissionRequest.getModule()) && permissionRequest.getModuleId() <= 0) {
            log.error("Cannot clear all the permissions for the current teant id. Module parameter should be provided");
            throw new IdentityAuthorizationException("Cannot clear all the permissions for the current teant id. Module or subject parameters should be provided");
        }
        permissionRequest.setSubject(null);
        try {
            this.permissionProcessor.removeModule(permissionRequest);
        } catch (UserStoreException e) {
            log.error(e.getMessage());
            throw new IdentityAuthorizationException(e.getMessage(), e);
        }
    }
}
