package org.pentaho.platform.security.policy.rolebased;

import com.google.common.collect.HashMultimap;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.jcr.NamespaceException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import org.apache.commons.collections.map.LRUMap;
import org.pentaho.platform.api.engine.IAuthorizationAction;
import org.pentaho.platform.api.engine.security.userroledao.NotFoundException;
import org.pentaho.platform.api.mt.ITenant;
import org.pentaho.platform.api.mt.ITenantedPrincipleNameResolver;
import org.pentaho.platform.engine.core.system.TenantUtils;
import org.pentaho.platform.repository2.unified.ServerRepositoryPaths;
import org.pentaho.platform.repository2.unified.jcr.JcrStringHelper;
import org.pentaho.platform.repository2.unified.jcr.JcrTenantUtils;
import org.pentaho.platform.repository2.unified.jcr.NodeHelper;
import org.pentaho.platform.repository2.unified.jcr.PentahoJcrConstants;
import org.pentaho.platform.security.policy.rolebased.messages.Messages;
import org.springframework.util.Assert;

/* loaded from: input_file:org/pentaho/platform/security/policy/rolebased/AbstractJcrBackedRoleBindingDao.class */
public abstract class AbstractJcrBackedRoleBindingDao implements IRoleAuthorizationPolicyRoleBindingDao {
    protected ITenantedPrincipleNameResolver tenantedRoleNameUtils;
    protected Map<String, List<IAuthorizationAction>> immutableRoleBindings;
    protected Map<String, List<String>> immutableRoleBindingNames;
    protected Map<String, List<String>> bootstrapRoleBindings;
    protected String superAdminRoleName;
    public static final String FOLDER_NAME_AUTHZ = ".authz";
    public static final String FOLDER_NAME_ROLEBASED = "roleBased";
    public static final String FOLDER_NAME_RUNTIMEROLES = "runtimeRoles";
    private List<IAuthorizationAction> authorizationActions = new ArrayList();
    protected Map boundLogicalRoleNamesCache = Collections.synchronizedMap(new LRUMap());

    public AbstractJcrBackedRoleBindingDao(Map<String, List<IAuthorizationAction>> map, Map<String, List<String>> map2, String str, ITenantedPrincipleNameResolver iTenantedPrincipleNameResolver, List<IAuthorizationAction> list) {
        Assert.notNull(map);
        Assert.notNull(map2);
        Assert.notNull(str);
        Assert.notNull(list);
        this.authorizationActions.addAll(list);
        this.immutableRoleBindings = map;
        this.bootstrapRoleBindings = map2;
        this.superAdminRoleName = str;
        this.tenantedRoleNameUtils = iTenantedPrincipleNameResolver;
        this.immutableRoleBindingNames = new HashMap();
        for (Map.Entry<String, List<IAuthorizationAction>> entry : map.entrySet()) {
            ArrayList arrayList = new ArrayList();
            Iterator<IAuthorizationAction> it = entry.getValue().iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getName());
            }
            this.immutableRoleBindingNames.put(entry.getKey(), arrayList);
        }
    }

    @Override // org.pentaho.platform.security.policy.rolebased.IRoleAuthorizationPolicyRoleBindingDao
    public List<String> getBoundLogicalRoleNames(Session session, List<String> list) throws NamespaceException, RepositoryException {
        HashSet hashSet = new HashSet();
        HashMap hashMap = new HashMap();
        boolean z = false;
        for (String str : list) {
            if (this.superAdminRoleName.equals(str)) {
                z = true;
            } else {
                ITenant tenant = JcrTenantUtils.getTenant(str, false);
                List list2 = (List) hashMap.get(tenant);
                if (list2 == null) {
                    list2 = new ArrayList();
                    hashMap.put(tenant, list2);
                }
                list2.add(this.tenantedRoleNameUtils.getPrincipleName(str));
            }
        }
        for (Map.Entry entry : hashMap.entrySet()) {
            hashSet.addAll(getBoundLogicalRoleNames(session, (ITenant) entry.getKey(), (List) entry.getValue()));
        }
        if (z) {
            hashSet.addAll(this.immutableRoleBindingNames.get(this.superAdminRoleName));
        }
        return new ArrayList(hashSet);
    }

    @Override // org.pentaho.platform.security.policy.rolebased.IRoleAuthorizationPolicyRoleBindingDao
    public List<String> getBoundLogicalRoleNames(Session session, ITenant iTenant, List<String> list) throws NamespaceException, RepositoryException {
        if (iTenant == null || iTenant.getId() == null) {
            return getBoundLogicalRoleNames(session, list);
        }
        if (!TenantUtils.isAccessibleTenant(iTenant)) {
            return new ArrayList();
        }
        ArrayList<String> arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        for (String str : list) {
            String principleName = this.tenantedRoleNameUtils.getPrincipleName(str);
            String principleId = this.tenantedRoleNameUtils.getPrincipleId(iTenant, str);
            if (this.boundLogicalRoleNamesCache.containsKey(principleId)) {
                hashSet.addAll((Collection) this.boundLogicalRoleNamesCache.get(principleId));
            } else {
                arrayList.add(principleName);
            }
        }
        if (arrayList.isEmpty()) {
            return new ArrayList(hashSet);
        }
        PentahoJcrConstants pentahoJcrConstants = new PentahoJcrConstants(session);
        String str2 = session.getNamespacePrefix(PentahoJcrConstants.PHO_NS) + ":";
        String str3 = str2 + "*";
        HashMultimap create = HashMultimap.create();
        Node runtimeRolesFolderNode = getRuntimeRolesFolderNode(session, iTenant);
        if (runtimeRolesFolderNode.getNodes(str3).hasNext()) {
            for (String str4 : arrayList) {
                if (NodeHelper.hasNode(runtimeRolesFolderNode, str2, str4)) {
                    Node node = NodeHelper.getNode(runtimeRolesFolderNode, str2, str4);
                    if (node.hasProperty(pentahoJcrConstants.getPHO_BOUNDROLES())) {
                        Value[] values = node.getProperty(pentahoJcrConstants.getPHO_BOUNDROLES()).getValues();
                        String principleId2 = this.tenantedRoleNameUtils.getPrincipleId(iTenant, str4);
                        for (Value value : values) {
                            create.put(principleId2, value.getString());
                        }
                    }
                }
            }
        } else {
            for (String str5 : arrayList) {
                String principleId3 = this.tenantedRoleNameUtils.getPrincipleId(iTenant, str5);
                if (this.bootstrapRoleBindings.containsKey(str5)) {
                    create.putAll(principleId3, this.bootstrapRoleBindings.get(str5));
                }
            }
        }
        for (String str6 : arrayList) {
            if (this.immutableRoleBindings.containsKey(str6)) {
                create.putAll(this.tenantedRoleNameUtils.getPrincipleId(iTenant, str6), this.immutableRoleBindingNames.get(str6));
            }
        }
        this.boundLogicalRoleNamesCache.putAll(create.asMap());
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            String principleId4 = this.tenantedRoleNameUtils.getPrincipleId(iTenant, (String) it.next());
            if (!this.boundLogicalRoleNamesCache.containsKey(principleId4)) {
                this.boundLogicalRoleNamesCache.put(principleId4, Collections.emptyList());
            }
        }
        HashSet hashSet2 = new HashSet();
        hashSet2.addAll(hashSet);
        hashSet2.addAll(create.values());
        return new ArrayList(hashSet2);
    }

    public void setRoleBindings(Session session, ITenant iTenant, String str, List<String> list) throws NamespaceException, RepositoryException {
        if (iTenant == null) {
            iTenant = JcrTenantUtils.getTenant(str, false);
            str = getPrincipalName(str);
        }
        if (!TenantUtils.isAccessibleTenant(iTenant)) {
            throw new NotFoundException("Tenant " + iTenant.getId() + " not found");
        }
        PentahoJcrConstants pentahoJcrConstants = new PentahoJcrConstants(session);
        String str2 = session.getNamespacePrefix(PentahoJcrConstants.PHO_NS) + ":";
        String str3 = str2 + "*";
        Node runtimeRolesFolderNode = getRuntimeRolesFolderNode(session, iTenant);
        NodeIterator nodes = runtimeRolesFolderNode.getNodes(str3);
        int i = 0;
        while (nodes.hasNext()) {
            nodes.nextNode();
            i++;
        }
        if (i == 0) {
            for (Map.Entry<String, List<String>> entry : this.bootstrapRoleBindings.entrySet()) {
                JcrRoleAuthorizationPolicyUtils.internalSetBindings(pentahoJcrConstants, runtimeRolesFolderNode, entry.getKey(), entry.getValue(), str2);
            }
        }
        if (isImmutable(str)) {
            throw new RuntimeException(Messages.getInstance().getString("JcrRoleAuthorizationPolicyRoleBindingDao.ERROR_0001_ATTEMPT_MOD_IMMUTABLE", new Object[]{str}));
        }
        JcrRoleAuthorizationPolicyUtils.internalSetBindings(pentahoJcrConstants, runtimeRolesFolderNode, str, list, str2);
        session.save();
        Assert.isTrue(NodeHelper.hasNode(runtimeRolesFolderNode, str2, str));
        this.boundLogicalRoleNamesCache.put(this.tenantedRoleNameUtils.getPrincipleId(iTenant, str), list);
    }

    private String getPrincipalName(String str) {
        String str2 = null;
        if (this.tenantedRoleNameUtils != null) {
            str2 = this.tenantedRoleNameUtils.getPrincipleName(str);
        }
        return str2;
    }

    protected boolean isImmutable(String str) {
        return this.immutableRoleBindings.containsKey(str);
    }

    protected Map<String, List<String>> getRoleBindings(Session session, ITenant iTenant) throws RepositoryException {
        HashMap hashMap = new HashMap();
        if (iTenant == null) {
            iTenant = JcrTenantUtils.getTenant();
        }
        if (!TenantUtils.isAccessibleTenant(iTenant)) {
            return hashMap;
        }
        PentahoJcrConstants pentahoJcrConstants = new PentahoJcrConstants(session);
        String str = session.getNamespacePrefix(PentahoJcrConstants.PHO_NS) + ":";
        NodeIterator nodes = getRuntimeRolesFolderNode(session, iTenant).getNodes(str + "*");
        if (nodes.hasNext()) {
            while (nodes.hasNext()) {
                Node nextNode = nodes.nextNode();
                if (nextNode.hasProperty(pentahoJcrConstants.getPHO_BOUNDROLES())) {
                    String fileNameDecode = JcrStringHelper.fileNameDecode(nextNode.getName().substring(str.length()));
                    ArrayList arrayList = new ArrayList();
                    for (Value value : nextNode.getProperty(pentahoJcrConstants.getPHO_BOUNDROLES()).getValues()) {
                        arrayList.add(value.getString());
                    }
                    hashMap.put(fileNameDecode, arrayList);
                }
            }
        } else {
            hashMap.putAll(this.bootstrapRoleBindings);
        }
        hashMap.putAll(this.immutableRoleBindingNames);
        return hashMap;
    }

    public RoleBindingStruct getRoleBindingStruct(Session session, ITenant iTenant, String str) throws RepositoryException {
        return new RoleBindingStruct(getMapForLocale(str), getRoleBindings(session, iTenant), new HashSet(this.immutableRoleBindingNames.keySet()));
    }

    protected Map<String, String> getMapForLocale(String str) {
        HashMap hashMap = new HashMap();
        for (IAuthorizationAction iAuthorizationAction : this.authorizationActions) {
            hashMap.put(iAuthorizationAction.getName(), iAuthorizationAction.getLocalizedDisplayName(str));
        }
        return hashMap;
    }

    public Node getRuntimeRolesFolderNode(Session session, ITenant iTenant) throws RepositoryException {
        try {
            return session.getItem(ServerRepositoryPaths.getTenantRootFolderPath(iTenant)).getNode(".authz").getNode("roleBased").getNode("runtimeRoles");
        } catch (PathNotFoundException e) {
            throw new RepositoryException("Error retrieving RuntimeRoles for folder, folder not found", e);
        }
    }
}
