package org.tentackle.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.TreeMap;
import org.tentackle.log.Logger;
import org.tentackle.log.LoggerFactory;
import org.tentackle.pdo.DomainContext;
import org.tentackle.pdo.ModificationEvent;
import org.tentackle.pdo.ModificationListener;
import org.tentackle.pdo.Pdo;
import org.tentackle.pdo.PdoListener;
import org.tentackle.pdo.PdoTracker;
import org.tentackle.pdo.PdoUtilities;
import org.tentackle.pdo.Session;
import org.tentackle.security.pdo.Security;

/* loaded from: input_file:org/tentackle/security/DefaultSecurityManager.class */
public class DefaultSecurityManager implements SecurityManager {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultSecurityManager.class);
    private boolean enabled;
    private ModificationListener securityListener;
    private volatile boolean invalid = true;
    private boolean acceptByDefault = true;
    private final TreeMap<ClassKey, Security> classMap = new TreeMap<>();
    private final TreeMap<PdoKey, Security> pdoMap = new TreeMap<>();
    private final TreeMap<PdoClassKey, Security> pdoClassMap = new TreeMap<>();
    private final Map<GranteeDescriptor, Collection<GranteeDescriptor>> granteeMap = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/tentackle/security/DefaultSecurityManager$ClassKey.class */
    public static class ClassKey implements Comparable<ClassKey> {
        private final int granteeClassId;
        private final long granteeId;
        private final String className;
        private final int priority;

        public ClassKey(Security security) {
            this.granteeClassId = security.getGranteeClassId();
            this.granteeId = security.getGranteeId();
            this.className = security.getObjectClassName();
            this.priority = security.getPriority();
        }

        public ClassKey(GranteeDescriptor granteeDescriptor, String str, int i) {
            this.granteeClassId = granteeDescriptor.getGranteeClassId();
            this.granteeId = granteeDescriptor.getGranteeId();
            this.className = str;
            this.priority = i;
        }

        @Override // java.lang.Comparable
        public int compareTo(ClassKey classKey) {
            int i = this.granteeClassId - classKey.granteeClassId;
            if (i == 0) {
                i = Long.compare(this.granteeId, classKey.granteeId);
                if (i == 0) {
                    i = this.className.compareTo(classKey.className);
                    if (i == 0) {
                        i = this.priority - classKey.priority;
                    }
                }
            }
            return i;
        }

        public int hashCode() {
            return (67 * ((67 * ((67 * ((67 * 3) + this.granteeClassId)) + ((int) (this.granteeId ^ (this.granteeId >>> 32))))) + Objects.hashCode(this.className))) + this.priority;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            ClassKey classKey = (ClassKey) obj;
            if (this.granteeClassId == classKey.granteeClassId && this.granteeId == classKey.granteeId && this.priority == classKey.priority) {
                return Objects.equals(this.className, classKey.className);
            }
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/tentackle/security/DefaultSecurityManager$PdoClassKey.class */
    public static class PdoClassKey implements Comparable<PdoClassKey> {
        private final int granteeClassId;
        private final long granteeId;
        private final int objectClassId;
        private final int priority;

        public PdoClassKey(Security security) {
            this.granteeClassId = security.getGranteeClassId();
            this.granteeId = security.getGranteeId();
            this.objectClassId = security.getObjectClassId();
            this.priority = security.getPriority();
        }

        public PdoClassKey(GranteeDescriptor granteeDescriptor, int i, int i2) {
            this.granteeClassId = granteeDescriptor.getGranteeClassId();
            this.granteeId = granteeDescriptor.getGranteeId();
            this.objectClassId = i;
            this.priority = i2;
        }

        @Override // java.lang.Comparable
        public int compareTo(PdoClassKey pdoClassKey) {
            int i = this.granteeClassId - pdoClassKey.granteeClassId;
            if (i == 0) {
                i = Long.compare(this.granteeId, pdoClassKey.granteeId);
                if (i == 0) {
                    i = this.objectClassId - pdoClassKey.objectClassId;
                    if (i == 0) {
                        i = this.priority - pdoClassKey.priority;
                    }
                }
            }
            return i;
        }

        public int hashCode() {
            return (37 * ((37 * ((37 * ((37 * 5) + this.granteeClassId)) + ((int) (this.granteeId ^ (this.granteeId >>> 32))))) + this.objectClassId)) + this.priority;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            PdoClassKey pdoClassKey = (PdoClassKey) obj;
            return this.granteeClassId == pdoClassKey.granteeClassId && this.granteeId == pdoClassKey.granteeId && this.objectClassId == pdoClassKey.objectClassId && this.priority == pdoClassKey.priority;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/tentackle/security/DefaultSecurityManager$PdoKey.class */
    public static class PdoKey implements Comparable<PdoKey> {
        private final int granteeClassId;
        private final long granteeId;
        private final int objectClassId;
        private final long objectId;
        private final int priority;

        public PdoKey(Security security) {
            this.granteeClassId = security.getGranteeClassId();
            this.granteeId = security.getGranteeId();
            this.objectClassId = security.getObjectClassId();
            this.objectId = security.getObjectId();
            this.priority = security.getPriority();
        }

        public PdoKey(GranteeDescriptor granteeDescriptor, int i, long j, int i2) {
            this.granteeClassId = granteeDescriptor.getGranteeClassId();
            this.granteeId = granteeDescriptor.getGranteeId();
            this.objectClassId = i;
            this.objectId = j;
            this.priority = i2;
        }

        @Override // java.lang.Comparable
        public int compareTo(PdoKey pdoKey) {
            int i = this.granteeClassId - pdoKey.granteeClassId;
            if (i == 0) {
                i = Long.compare(this.granteeId, pdoKey.granteeId);
                if (i == 0) {
                    i = this.objectClassId - pdoKey.objectClassId;
                    if (i == 0) {
                        i = Long.compare(this.objectId, pdoKey.objectId);
                        if (i == 0) {
                            i = this.priority - pdoKey.priority;
                        }
                    }
                }
            }
            return i;
        }

        public int hashCode() {
            return (73 * ((73 * ((73 * ((73 * ((73 * 7) + this.granteeClassId)) + ((int) (this.granteeId ^ (this.granteeId >>> 32))))) + this.objectClassId)) + ((int) (this.objectId ^ (this.objectId >>> 32))))) + this.priority;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            PdoKey pdoKey = (PdoKey) obj;
            return this.granteeClassId == pdoKey.granteeClassId && this.granteeId == pdoKey.granteeId && this.objectClassId == pdoKey.objectClassId && this.objectId == pdoKey.objectId && this.priority == pdoKey.priority;
        }
    }

    @Override // org.tentackle.security.SecurityManager
    public void invalidate() {
        this.invalid = true;
    }

    @Override // org.tentackle.security.SecurityManager
    public boolean isEnabled() {
        return this.enabled;
    }

    @Override // org.tentackle.security.SecurityManager
    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    @Override // org.tentackle.security.SecurityManager
    public boolean isAcceptByDefault() {
        return this.acceptByDefault;
    }

    @Override // org.tentackle.security.SecurityManager
    public void setAcceptByDefault(boolean z) {
        this.acceptByDefault = z;
    }

    @Override // org.tentackle.security.SecurityManager
    public SecurityResult evaluate(DomainContext domainContext, Permission permission, int i, long j) {
        SecurityResult evaluateImpl = evaluateImpl(domainContext, permission, i, j, null);
        if (evaluateImpl == null && j != 0) {
            evaluateImpl = evaluateImpl(domainContext, permission, i, 0L, null);
        }
        return evaluateImpl == null ? createDefaultSecurityResult("no identifiable-rules match") : evaluateImpl;
    }

    @Override // org.tentackle.security.SecurityManager
    public SecurityResult evaluate(DomainContext domainContext, Permission permission, Class<?> cls) {
        SecurityResult evaluateImpl = evaluateImpl(domainContext, permission, 0, 0L, cls);
        return evaluateImpl == null ? createDefaultSecurityResult("no class-rules match") : evaluateImpl;
    }

    @Override // org.tentackle.security.SecurityManager
    public void removeObsoleteRules(Session session) {
        long begin = session.begin("removeObsoleteRules");
        try {
            for (Security security : createSecurityInstance(Pdo.createDomainContext(session)).selectAll()) {
                if ((security.getObjectId() != 0 && Pdo.create(PdoUtilities.getInstance().getPdoClassName(security.getObjectClassId()), session).selectSerial(security.getObjectId()) == -1) || (security.getGranteeId() != 0 && Pdo.create(PdoUtilities.getInstance().getPdoClassName(security.getGranteeClassId()), session).selectSerial(security.getGranteeId()) == -1)) {
                    security.delete();
                }
            }
            session.commit(begin);
        } catch (Exception e) {
            session.rollback(begin);
            LOGGER.severe("removing rules failed", e);
        }
    }

    protected SecurityResult createDefaultSecurityResult(String str) {
        return isAcceptByDefault() ? createdAcceptedSecurityResult(str) : createDeniedSecurityResult(str);
    }

    protected SecurityResult createdAcceptedSecurityResult(String str) {
        return new DefaultSecurityResult(str, true);
    }

    protected SecurityResult createDeniedSecurityResult(String str) {
        return new DefaultSecurityResult(str, false);
    }

    public GranteeDescriptor determineGrantee(DomainContext domainContext) {
        long userId = domainContext.getSessionInfo().getUserId();
        if (userId <= 0) {
            return null;
        }
        int userClassId = domainContext.getSessionInfo().getUserClassId();
        if (userClassId == 0) {
            throw new SecurityException("missing grantee's class id");
        }
        return new GranteeDescriptor(userClassId, userId);
    }

    public Collection<GranteeDescriptor> determineGranteesToCheck(DomainContext domainContext, GranteeDescriptor granteeDescriptor) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(granteeDescriptor);
        arrayList.add(new GranteeDescriptor(0, 0L));
        return arrayList;
    }

    protected SecurityResult evaluateImpl(DomainContext domainContext, Permission permission, int i, long j, Class<?> cls) {
        if (domainContext == null) {
            throw new SecurityException("invalid domain context: null");
        }
        if (permission == null) {
            throw new SecurityException("invalid permission: null");
        }
        if (j < 0) {
            throw new SecurityException("invalid object ID: " + j);
        }
        if (i == 0 && cls == null) {
            throw new SecurityException("no class or classId given");
        }
        if (!isEnabled()) {
            LOGGER.fine("SecurityManager is disabled -> GRANT_DEFAULT", new Object[0]);
            return createDefaultSecurityResult("security manager is disabled");
        }
        if (this.invalid) {
            if (domainContext.getSession().isRemote()) {
                createSecurityInstance(domainContext).assertRemoteSecurityManagerInitialized();
            }
            initialize(domainContext.getSession());
        }
        GranteeDescriptor determineGrantee = determineGrantee(domainContext);
        if (determineGrantee == null) {
            return createdAcceptedSecurityResult(null);
        }
        synchronized (this) {
            Collection<GranteeDescriptor> collection = this.granteeMap.get(determineGrantee);
            if (collection == null) {
                collection = determineGranteesToCheck(domainContext, determineGrantee);
                this.granteeMap.put(determineGrantee, collection);
            }
            for (GranteeDescriptor granteeDescriptor : collection) {
                LOGGER.fine("Checking grantee={0}[{1}], context={2}, permission={3}, object={4}[{5}], class={6}", Integer.valueOf(determineGrantee.getGranteeClassId()), Long.valueOf(determineGrantee.getGranteeId()), domainContext, permission, Integer.valueOf(i), Long.valueOf(j), cls);
                for (Security security : (cls != null ? this.classMap.subMap(new ClassKey(granteeDescriptor, cls.getName(), 0), new ClassKey(granteeDescriptor, cls.getName(), Integer.MAX_VALUE)) : j == 0 ? this.pdoClassMap.subMap(new PdoClassKey(granteeDescriptor, i, 0), new PdoClassKey(granteeDescriptor, i, Integer.MAX_VALUE)) : this.pdoMap.subMap(new PdoKey(granteeDescriptor, i, j, 0), new PdoKey(granteeDescriptor, i, j, Integer.MAX_VALUE))).values()) {
                    LOGGER.fine("evaluate {0}", security);
                    if (security.evaluate(domainContext, permission)) {
                        LOGGER.fine(security.isAllowed() ? "-> ACCEPT" : "-> DENY", new Object[0]);
                        if (security.isAllowed()) {
                            return createdAcceptedSecurityResult(security.getMessage());
                        }
                        return createDeniedSecurityResult(security.getMessage());
                    }
                }
            }
            LOGGER.fine("no rule matched", new Object[0]);
            return null;
        }
    }

    protected DomainContext createInitializationContext(DomainContext domainContext) {
        return Pdo.createDomainContext(domainContext.getSession());
    }

    public void addRule(Security security) {
        if (security.getObjectClassId() == 0) {
            this.classMap.put(new ClassKey(security), security);
        } else if (security.getObjectId() == 0) {
            this.pdoClassMap.put(new PdoClassKey(security), security);
        } else {
            this.pdoMap.put(new PdoKey(security), security);
        }
    }

    protected synchronized void initialize(Session session) {
        this.classMap.clear();
        this.pdoMap.clear();
        this.pdoClassMap.clear();
        Iterator<Security> it = createSecurityInstance(Pdo.createDomainContext(session)).selectAllCached().iterator();
        while (it.hasNext()) {
            addRule(it.next());
        }
        this.invalid = false;
        if (this.securityListener == null) {
            this.securityListener = createModificationListener();
            PdoTracker.getInstance().addModificationListener(this.securityListener);
        }
        LOGGER.fine("security manager initialized", new Object[0]);
    }

    protected ModificationListener createModificationListener() {
        return new PdoListener(Security.class) { // from class: org.tentackle.security.DefaultSecurityManager.1
            @Override // org.tentackle.pdo.ModificationListener
            public void dataChanged(ModificationEvent modificationEvent) {
                DefaultSecurityManager.this.invalidate();
            }
        };
    }

    protected Security createSecurityInstance(DomainContext domainContext) {
        return (Security) Pdo.create(Security.class, domainContext);
    }
}
