package org.alfresco.module.org_alfresco_module_rm.security;

import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.alfresco.model.RenditionModel;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl;
import org.alfresco.query.PagingRequest;
import org.alfresco.query.PagingResults;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authority.RMAuthority;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.DuplicateChildNodeNameException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.Pair;
import org.alfresco.util.ParameterCheck;
import org.springframework.context.ApplicationListener;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.extensions.webscripts.ui.common.StringUtils;

/* loaded from: input_file:org/alfresco/module/org_alfresco_module_rm/security/ExtendedSecurityServiceImpl.class */
public class ExtendedSecurityServiceImpl extends ServiceBaseImpl implements ExtendedSecurityService, RecordsManagementModel, ApplicationListener<ContextRefreshedEvent> {
    static final String ROOT_IPR_GROUP = "INPLACE_RECORD_MANAGEMENT";
    static final String READER_GROUP_PREFIX = "IPRR";
    static final String WRITER_GROUP_PREFIX = "IPRW";
    private static final int MAX_ITEMS = 50;
    private FilePlanService filePlanService;
    private FilePlanRoleService filePlanRoleService;
    private AuthorityService authorityService;
    private PermissionService permissionService;
    private TransactionService transactionService;

    public void setFilePlanService(FilePlanService filePlanService) {
        this.filePlanService = filePlanService;
    }

    public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService) {
        this.filePlanRoleService = filePlanRoleService;
    }

    public void setAuthorityService(AuthorityService authorityService) {
        this.authorityService = authorityService;
    }

    public void setPermissionService(PermissionService permissionService) {
        this.permissionService = permissionService;
    }

    public void setTransactionService(TransactionService transactionService) {
        this.transactionService = transactionService;
    }

    public void onApplicationEvent(ContextRefreshedEvent contextRefreshedEvent) {
        AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() { // from class: org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityServiceImpl.1
            public Object doWork() {
                ExtendedSecurityServiceImpl.this.transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>() { // from class: org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityServiceImpl.1.1
                    /* renamed from: execute, reason: merged with bridge method [inline-methods] */
                    public Void m240execute() {
                        if (ExtendedSecurityServiceImpl.this.authorityService.authorityExists(ExtendedSecurityServiceImpl.this.getRootIRPGroup())) {
                            return null;
                        }
                        ExtendedSecurityServiceImpl.this.authorityService.createAuthority(AuthorityType.GROUP, ExtendedSecurityServiceImpl.ROOT_IPR_GROUP, ExtendedSecurityServiceImpl.ROOT_IPR_GROUP, Collections.singleton(RMAuthority.ZONE_APP_RM));
                        return null;
                    }
                });
                return null;
            }
        }, AuthenticationUtil.getSystemUserName());
    }

    private String getRootIRPGroup() {
        return "GROUP_INPLACE_RECORD_MANAGEMENT";
    }

    @Override // org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService
    public boolean hasExtendedSecurity(NodeRef nodeRef) {
        return getIPRGroups(nodeRef) != null;
    }

    @Override // org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService
    public Set<String> getReaders(NodeRef nodeRef) {
        ParameterCheck.mandatory("nodeRef", nodeRef);
        Set<String> set = Collections.EMPTY_SET;
        Pair<String, String> iPRGroups = getIPRGroups(nodeRef);
        if (iPRGroups != null) {
            set = getAuthorities((String) iPRGroups.getFirst());
        }
        return set;
    }

    @Override // org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService
    public Set<String> getWriters(NodeRef nodeRef) {
        ParameterCheck.mandatory("nodeRef", nodeRef);
        Set<String> set = Collections.EMPTY_SET;
        Pair<String, String> iPRGroups = getIPRGroups(nodeRef);
        if (iPRGroups != null) {
            set = getAuthorities((String) iPRGroups.getSecond());
        }
        return set;
    }

    private Set<String> getAuthorities(String str) {
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.authorityService.getContainedAuthorities((AuthorityType) null, str, true));
        return hashSet;
    }

    @Override // org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService
    public void set(NodeRef nodeRef, Pair<Set<String>, Set<String>> pair) {
        ParameterCheck.mandatory("nodeRef", nodeRef);
        set(nodeRef, (Set) pair.getFirst(), (Set) pair.getSecond());
    }

    @Override // org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService
    public void set(NodeRef nodeRef, Set<String> set, Set<String> set2) {
        ParameterCheck.mandatory("nodeRef", nodeRef);
        remove(nodeRef);
        Pair<String, String> createOrFindIPRGroups = createOrFindIPRGroups(set, set2);
        NodeRef filePlan = this.filePlanService.getFilePlan(nodeRef);
        this.filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_EXTENDED_READERS, (String) createOrFindIPRGroups.getFirst());
        this.filePlanRoleService.assignRoleToAuthority(filePlan, FilePlanRoleService.ROLE_EXTENDED_WRITERS, (String) createOrFindIPRGroups.getSecond());
        assignIPRGroupsToNode(createOrFindIPRGroups, nodeRef);
        if (isRecord(nodeRef)) {
            Iterator it = this.nodeService.getChildAssocs(nodeRef, RenditionModel.ASSOC_RENDITION, RegexQNamePattern.MATCH_ALL).iterator();
            while (it.hasNext()) {
                assignIPRGroupsToNode(createOrFindIPRGroups, ((ChildAssociationRef) it.next()).getChildRef());
            }
        }
    }

    private Pair<String, String> getIPRGroups(NodeRef nodeRef) {
        Pair<String, String> pair = null;
        String str = null;
        String str2 = null;
        for (AccessPermission accessPermission : this.permissionService.getAllSetPermissions(nodeRef)) {
            if (accessPermission.getAuthority().startsWith("GROUP_IPRR")) {
                str = accessPermission.getAuthority();
            } else if (accessPermission.getAuthority().startsWith("GROUP_IPRW")) {
                str2 = accessPermission.getAuthority();
            }
        }
        if (str != null && str2 != null) {
            pair = new Pair<>(str, str2);
        }
        return pair;
    }

    private Pair<String, String> createOrFindIPRGroups(Set<String> set, Set<String> set2) {
        return new Pair<>(createOrFindIPRGroup(READER_GROUP_PREFIX, set), createOrFindIPRGroup(WRITER_GROUP_PREFIX, set2));
    }

    private String createOrFindIPRGroup(String str, Set<String> set) {
        Pair<String, Integer> findIPRGroup = findIPRGroup(str, set);
        return findIPRGroup.getFirst() == null ? createIPRGroup(str, set, ((Integer) findIPRGroup.getSecond()).intValue()) : (String) findIPRGroup.getFirst();
    }

    private Pair<String, Integer> findIPRGroup(String str, Set<String> set) {
        int i = 0;
        boolean z = true;
        int i2 = 0;
        String iPRGroupPrefixShortName = getIPRGroupPrefixShortName(str, set);
        while (z) {
            PagingResults authorities = this.authorityService.getAuthorities(AuthorityType.GROUP, RMAuthority.ZONE_APP_RM, iPRGroupPrefixShortName, false, false, new PagingRequest(MAX_ITEMS * i2, MAX_ITEMS));
            i += authorities.getPage().size();
            for (String str2 : authorities.getPage()) {
                if (isIPRGroupTrueMatch(str2, set)) {
                    return new Pair<>(str2, Integer.valueOf(i));
                }
            }
            z = authorities.hasMoreItems();
            i2++;
        }
        return new Pair<>((Object) null, Integer.valueOf(i));
    }

    private boolean isIPRGroupTrueMatch(String str, Set<String> set) {
        HashSet hashSet = new HashSet();
        if (set != null) {
            hashSet.addAll(set);
            hashSet.remove("GROUP_EVERYONE");
        }
        return this.authorityService.getContainedAuthorities((AuthorityType) null, str, true).equals(hashSet);
    }

    String getIPRGroupPrefixShortName(String str, Set<String> set) {
        return new StringBuilder(128).append(str).append(getAuthoritySetHashCode(set)).toString();
    }

    String getIPRGroupShortName(String str, Set<String> set, int i) {
        return getIPRGroupShortName(str, set, Integer.toString(i));
    }

    private String getIPRGroupShortName(String str, Set<String> set, String str2) {
        return new StringBuilder(128).append(getIPRGroupPrefixShortName(str, set)).append(str2).toString();
    }

    private int getAuthoritySetHashCode(Set<String> set) {
        int i = 0;
        if (set != null && !set.isEmpty()) {
            i = StringUtils.join(set.toArray(), "").hashCode();
        }
        return i;
    }

    private String createIPRGroup(String str, Set<String> set, int i) {
        String name;
        ParameterCheck.mandatory("groupNamePrefix", str);
        String iPRGroupShortName = getIPRGroupShortName(str, set, i);
        try {
            name = this.authorityService.createAuthority(AuthorityType.GROUP, iPRGroupShortName, iPRGroupShortName, Collections.singleton(RMAuthority.ZONE_APP_RM));
            this.authorityService.addAuthority(getRootIRPGroup(), name);
            if (set != null) {
                for (String str2 : set) {
                    if (this.authorityService.authorityExists(str2) && !"GROUP_EVERYONE".equals(str2)) {
                        this.authorityService.addAuthority(name, str2);
                    }
                }
            }
        } catch (DuplicateChildNodeNameException e) {
            name = this.authorityService.getName(AuthorityType.GROUP, iPRGroupShortName);
        }
        return name;
    }

    private void assignIPRGroupsToNode(Pair<String, String> pair, NodeRef nodeRef) {
        this.permissionService.setPermission(nodeRef, (String) pair.getFirst(), RMPermissionModel.READ_RECORDS, true);
        this.permissionService.setPermission(nodeRef, (String) pair.getSecond(), RMPermissionModel.FILING, true);
    }

    @Override // org.alfresco.module.org_alfresco_module_rm.security.ExtendedSecurityService
    public void remove(NodeRef nodeRef) {
        ParameterCheck.mandatory("nodeRef", nodeRef);
        Pair<String, String> iPRGroups = getIPRGroups(nodeRef);
        if (iPRGroups != null) {
            clearPermissions(nodeRef, iPRGroups);
            if (isRecord(nodeRef)) {
                Iterator it = this.nodeService.getChildAssocs(nodeRef, RenditionModel.ASSOC_RENDITION, RegexQNamePattern.MATCH_ALL).iterator();
                while (it.hasNext()) {
                    clearPermissions(((ChildAssociationRef) it.next()).getChildRef(), iPRGroups);
                }
            }
        }
    }

    private void clearPermissions(NodeRef nodeRef, Pair<String, String> pair) {
        this.permissionService.clearPermission(nodeRef, (String) pair.getFirst());
        this.permissionService.clearPermission(nodeRef, (String) pair.getSecond());
    }

    @Override // org.alfresco.module.org_alfresco_module_rm.security.DeprecatedExtendedSecurityService
    @Deprecated
    public Set<String> getExtendedReaders(NodeRef nodeRef) {
        return getReaders(nodeRef);
    }

    @Override // org.alfresco.module.org_alfresco_module_rm.security.DeprecatedExtendedSecurityService
    @Deprecated
    public Set<String> getExtendedWriters(NodeRef nodeRef) {
        return getWriters(nodeRef);
    }

    @Override // org.alfresco.module.org_alfresco_module_rm.security.DeprecatedExtendedSecurityService
    @Deprecated
    public void addExtendedSecurity(NodeRef nodeRef, Set<String> set, Set<String> set2) {
        set(nodeRef, set, set2);
    }

    @Override // org.alfresco.module.org_alfresco_module_rm.security.DeprecatedExtendedSecurityService
    @Deprecated
    public void addExtendedSecurity(NodeRef nodeRef, Set<String> set, Set<String> set2, boolean z) {
        set(nodeRef, set, set2);
    }

    @Override // org.alfresco.module.org_alfresco_module_rm.security.DeprecatedExtendedSecurityService
    @Deprecated
    public void removeAllExtendedSecurity(NodeRef nodeRef) {
        remove(nodeRef);
    }

    @Override // org.alfresco.module.org_alfresco_module_rm.security.DeprecatedExtendedSecurityService
    @Deprecated
    public void removeExtendedSecurity(NodeRef nodeRef, Set<String> set, Set<String> set2) {
        remove(nodeRef);
    }

    @Override // org.alfresco.module.org_alfresco_module_rm.security.DeprecatedExtendedSecurityService
    @Deprecated
    public void removeExtendedSecurity(NodeRef nodeRef, Set<String> set, Set<String> set2, boolean z) {
        remove(nodeRef);
    }

    @Override // org.alfresco.module.org_alfresco_module_rm.security.DeprecatedExtendedSecurityService
    @Deprecated
    public void removeAllExtendedSecurity(NodeRef nodeRef, boolean z) {
        remove(nodeRef);
    }
}
