package org.alfresco.repo.security.authority;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.search.impl.lucene.QueryParser;
import org.alfresco.repo.tenant.MultiTAdminServiceImpl;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.ResultSetRow;
import org.alfresco.service.cmr.search.SearchParameters;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.util.ISO9075;

/* loaded from: input_file:org/alfresco/repo/security/authority/AuthorityDAOImpl.class */
public class AuthorityDAOImpl implements AuthorityDAO {
    public static final StoreRef STOREREF_USERS = new StoreRef(MultiTAdminServiceImpl.PROTOCOL_STORE_USER, MultiTAdminServiceImpl.STORE_BASE_ID_USER);
    private NodeService nodeService;
    private NamespacePrefixResolver namespacePrefixResolver;
    private QName qnameAssocSystem;
    private QName qnameAssocAuthorities;
    private SearchService searchService;
    private DictionaryService dictionaryService;
    private SimpleCache<String, HashSet<String>> userToAuthorityCache;

    public void setDictionaryService(DictionaryService dictionaryService) {
        this.dictionaryService = dictionaryService;
    }

    public void setNamespacePrefixResolver(NamespacePrefixResolver namespacePrefixResolver) {
        this.namespacePrefixResolver = namespacePrefixResolver;
        this.qnameAssocSystem = QName.createQName(NamespaceService.SYSTEM_MODEL_PREFIX, "system", namespacePrefixResolver);
        this.qnameAssocAuthorities = QName.createQName(NamespaceService.SYSTEM_MODEL_PREFIX, "authorities", namespacePrefixResolver);
    }

    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    public void setSearchService(SearchService searchService) {
        this.searchService = searchService;
    }

    public void setUserToAuthorityCache(SimpleCache<String, HashSet<String>> simpleCache) {
        this.userToAuthorityCache = simpleCache;
    }

    @Override // org.alfresco.repo.security.authority.AuthorityDAO
    public boolean authorityExists(String str) {
        return getAuthorityOrNull(str) != null;
    }

    @Override // org.alfresco.repo.security.authority.AuthorityDAO
    public void addAuthority(String str, String str2) {
        NodeRef authorityOrNull = getAuthorityOrNull(str);
        if (authorityOrNull == null) {
            throw new UnknownAuthorityException("An authority was not found for " + str);
        }
        if (AuthorityType.getAuthorityType(str2).equals(AuthorityType.USER)) {
            Collection collection = DefaultTypeConverter.INSTANCE.getCollection(String.class, this.nodeService.getProperty(authorityOrNull, ContentModel.PROP_MEMBERS));
            HashSet hashSet = new HashSet();
            hashSet.addAll(collection);
            hashSet.add(str2);
            this.nodeService.setProperty(authorityOrNull, ContentModel.PROP_MEMBERS, hashSet);
            this.userToAuthorityCache.remove(str2);
            return;
        }
        if (!AuthorityType.getAuthorityType(str2).equals(AuthorityType.GROUP)) {
            throw new AlfrescoRuntimeException("Authorities of the type " + AuthorityType.getAuthorityType(str2) + " may not be added to other authorities");
        }
        NodeRef authorityOrNull2 = getAuthorityOrNull(str2);
        if (authorityOrNull2 == null) {
            throw new UnknownAuthorityException("An authority was not found for " + str2);
        }
        this.nodeService.addChild(authorityOrNull, authorityOrNull2, ContentModel.ASSOC_MEMBER, QName.createQName(ContentModel.USER_MODEL_PREFIX, str2, this.namespacePrefixResolver));
        this.userToAuthorityCache.clear();
    }

    @Override // org.alfresco.repo.security.authority.AuthorityDAO
    public void createAuthority(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put(ContentModel.PROP_AUTHORITY_NAME, str2);
        if (str == null) {
            this.nodeService.createNode(getAuthorityContainer(), ContentModel.ASSOC_CHILDREN, QName.createQName(ContentModel.USER_MODEL_PREFIX, str2, this.namespacePrefixResolver), ContentModel.TYPE_AUTHORITY_CONTAINER, hashMap);
        } else {
            NodeRef authorityOrNull = getAuthorityOrNull(str);
            if (authorityOrNull == null) {
                throw new UnknownAuthorityException("An authority was not found for " + str);
            }
            this.nodeService.createNode(authorityOrNull, ContentModel.ASSOC_MEMBER, QName.createQName(ContentModel.USER_MODEL_PREFIX, str2, this.namespacePrefixResolver), ContentModel.TYPE_AUTHORITY_CONTAINER, hashMap);
        }
    }

    @Override // org.alfresco.repo.security.authority.AuthorityDAO
    public void deleteAuthority(String str) {
        NodeRef authorityOrNull = getAuthorityOrNull(str);
        if (authorityOrNull == null) {
            throw new UnknownAuthorityException("An authority was not found for " + str);
        }
        this.nodeService.deleteNode(authorityOrNull);
        this.userToAuthorityCache.clear();
    }

    @Override // org.alfresco.repo.security.authority.AuthorityDAO
    public Set<String> getAllRootAuthorities(AuthorityType authorityType) {
        HashSet hashSet = new HashSet();
        NodeRef authorityContainer = getAuthorityContainer();
        if (authorityContainer != null) {
            findAuthorities(authorityType, authorityContainer, hashSet, false, false, false);
        }
        return hashSet;
    }

    @Override // org.alfresco.repo.security.authority.AuthorityDAO
    public Set<String> getAllAuthorities(AuthorityType authorityType) {
        HashSet hashSet = new HashSet();
        NodeRef authorityContainer = getAuthorityContainer();
        if (authorityContainer != null) {
            findAuthorities(authorityType, authorityContainer, hashSet, false, true, false);
        }
        return hashSet;
    }

    @Override // org.alfresco.repo.security.authority.AuthorityDAO
    public Set<String> getContainedAuthorities(AuthorityType authorityType, String str, boolean z) {
        if (AuthorityType.getAuthorityType(str).equals(AuthorityType.USER)) {
            return Collections.emptySet();
        }
        NodeRef authorityOrNull = getAuthorityOrNull(str);
        if (authorityOrNull == null) {
            throw new UnknownAuthorityException("An authority was not found for " + str);
        }
        HashSet hashSet = new HashSet();
        findAuthorities(authorityType, authorityOrNull, hashSet, false, !z, false);
        return hashSet;
    }

    @Override // org.alfresco.repo.security.authority.AuthorityDAO
    public void removeAuthority(String str, String str2) {
        NodeRef authorityOrNull = getAuthorityOrNull(str);
        if (authorityOrNull == null) {
            throw new UnknownAuthorityException("An authority was not found for " + str);
        }
        if (!AuthorityType.getAuthorityType(str2).equals(AuthorityType.USER)) {
            NodeRef authorityOrNull2 = getAuthorityOrNull(str2);
            if (authorityOrNull2 == null) {
                throw new UnknownAuthorityException("An authority was not found for " + str2);
            }
            this.nodeService.removeChild(authorityOrNull, authorityOrNull2);
            this.userToAuthorityCache.clear();
            return;
        }
        Collection collection = DefaultTypeConverter.INSTANCE.getCollection(String.class, this.nodeService.getProperty(authorityOrNull, ContentModel.PROP_MEMBERS));
        HashSet hashSet = new HashSet();
        hashSet.addAll(collection);
        hashSet.remove(str2);
        this.nodeService.setProperty(authorityOrNull, ContentModel.PROP_MEMBERS, hashSet);
        this.userToAuthorityCache.remove(str2);
    }

    @Override // org.alfresco.repo.security.authority.AuthorityDAO
    public Set<String> getContainingAuthorities(AuthorityType authorityType, String str, boolean z) {
        if (!AuthorityType.getAuthorityType(str).equals(AuthorityType.USER) || z || authorityType != null) {
            HashSet hashSet = new HashSet();
            findAuthorities(authorityType, str, hashSet, true, !z);
            return hashSet;
        }
        HashSet<String> hashSet2 = this.userToAuthorityCache.get(str);
        if (hashSet2 == null) {
            hashSet2 = new HashSet<>();
            findAuthorities(authorityType, str, hashSet2, true, !z);
            this.userToAuthorityCache.put(str, hashSet2);
        }
        return hashSet2;
    }

    private void findAuthorities(AuthorityType authorityType, String str, Set<String> set, boolean z, boolean z2) {
        if (AuthorityType.getAuthorityType(str).equals(AuthorityType.GUEST)) {
            return;
        }
        if (!AuthorityType.getAuthorityType(str).equals(AuthorityType.USER)) {
            NodeRef authorityOrNull = getAuthorityOrNull(str);
            if (authorityOrNull == null) {
                throw new UnknownAuthorityException("An authority was not found for " + str);
            }
            findAuthorities(authorityType, authorityOrNull, set, z, z2, false);
            return;
        }
        if (z) {
            Iterator<NodeRef> it = getUserContainers(str).iterator();
            while (it.hasNext()) {
                NodeRef next = it.next();
                if (z2) {
                    findAuthorities(authorityType, next, set, z, z2, true);
                } else {
                    String str2 = (String) DefaultTypeConverter.INSTANCE.convert(String.class, this.nodeService.getProperty(next, ContentModel.PROP_AUTHORITY_NAME));
                    if (authorityType == null) {
                        set.add(str2);
                    } else if (AuthorityType.getAuthorityType(str2).equals(authorityType)) {
                        set.add(str2);
                    }
                }
            }
        }
    }

    private ArrayList<NodeRef> getUserContainers(String str) {
        return findUserContainers(str);
    }

    private ArrayList<NodeRef> findUserContainers(String str) {
        SearchParameters searchParameters = new SearchParameters();
        searchParameters.addStore(STOREREF_USERS);
        searchParameters.setLanguage(SearchService.LANGUAGE_LUCENE);
        searchParameters.setQuery("+TYPE:\"" + ContentModel.TYPE_AUTHORITY_CONTAINER + "\" +@" + QueryParser.escape("{" + ContentModel.PROP_MEMBERS.getNamespaceURI() + "}" + ISO9075.encode(ContentModel.PROP_MEMBERS.getLocalName())) + ":\"" + str + "\"");
        ResultSet resultSet = null;
        try {
            resultSet = this.searchService.query(searchParameters);
            ArrayList<NodeRef> arrayList = new ArrayList<>(resultSet.length());
            Iterator<ResultSetRow> it = resultSet.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getNodeRef());
            }
            if (resultSet != null) {
                resultSet.close();
            }
            return arrayList;
        } catch (Throwable th) {
            if (resultSet != null) {
                resultSet.close();
            }
            throw th;
        }
    }

    private void findAuthorities(AuthorityType authorityType, NodeRef nodeRef, Set<String> set, boolean z, boolean z2, boolean z3) {
        Collection<String> collection;
        List<ChildAssociationRef> parentAssocs = z ? this.nodeService.getParentAssocs(nodeRef) : this.nodeService.getChildAssocs(nodeRef);
        if (z3) {
            String str = (String) DefaultTypeConverter.INSTANCE.convert(String.class, this.nodeService.getProperty(nodeRef, ContentModel.PROP_AUTHORITY_NAME));
            if (authorityType == null) {
                set.add(str);
            } else if (AuthorityType.getAuthorityType(str).equals(authorityType)) {
                set.add(str);
            }
        }
        for (ChildAssociationRef childAssociationRef : parentAssocs) {
            NodeRef parentRef = z ? childAssociationRef.getParentRef() : childAssociationRef.getChildRef();
            if (this.dictionaryService.isSubClass(this.nodeService.getType(parentRef), ContentModel.TYPE_AUTHORITY)) {
                String str2 = (String) DefaultTypeConverter.INSTANCE.convert(String.class, this.nodeService.getProperty(parentRef, ContentModel.PROP_AUTHORITY_NAME));
                if (authorityType == null) {
                    set.add(str2);
                    if (z2) {
                        findAuthorities(authorityType, parentRef, set, z, z2, false);
                    }
                } else {
                    if (AuthorityType.getAuthorityType(str2).equals(authorityType)) {
                        set.add(str2);
                    }
                    if (z2) {
                        findAuthorities(authorityType, parentRef, set, z, z2, false);
                    }
                }
            }
        }
        if (z || (collection = DefaultTypeConverter.INSTANCE.getCollection(String.class, this.nodeService.getProperty(nodeRef, ContentModel.PROP_MEMBERS))) == null) {
            return;
        }
        for (String str3 : collection) {
            if (str3 != null) {
                if (authorityType == null) {
                    set.add(str3);
                } else if (AuthorityType.getAuthorityType(str3).equals(authorityType)) {
                    set.add(str3);
                }
            }
        }
    }

    private NodeRef getAuthorityOrNull(String str) {
        SearchParameters searchParameters = new SearchParameters();
        searchParameters.addStore(STOREREF_USERS);
        searchParameters.setLanguage(SearchService.LANGUAGE_LUCENE);
        searchParameters.setQuery("+TYPE:\"" + ContentModel.TYPE_AUTHORITY_CONTAINER + "\" +@" + QueryParser.escape("{" + ContentModel.PROP_AUTHORITY_NAME.getNamespaceURI() + "}" + ISO9075.encode(ContentModel.PROP_AUTHORITY_NAME.getLocalName())) + ":\"" + str + "\"");
        ResultSet resultSet = null;
        try {
            resultSet = this.searchService.query(searchParameters);
            if (resultSet.length() == 0) {
                if (resultSet != null) {
                    resultSet.close();
                }
                return null;
            }
            for (ResultSetRow resultSetRow : resultSet) {
                if (((String) DefaultTypeConverter.INSTANCE.convert(String.class, this.nodeService.getProperty(resultSetRow.getNodeRef(), ContentModel.PROP_AUTHORITY_NAME))).equals(str)) {
                    NodeRef nodeRef = resultSetRow.getNodeRef();
                    if (resultSet != null) {
                        resultSet.close();
                    }
                    return nodeRef;
                }
            }
            if (resultSet != null) {
                resultSet.close();
            }
            return null;
        } catch (Throwable th) {
            if (resultSet != null) {
                resultSet.close();
            }
            throw th;
        }
    }

    private NodeRef getAuthorityContainer() {
        List<ChildAssociationRef> childAssocs = this.nodeService.getChildAssocs(this.nodeService.getRootNode(STOREREF_USERS), RegexQNamePattern.MATCH_ALL, this.qnameAssocSystem);
        if (childAssocs.size() == 0) {
            throw new AlfrescoRuntimeException("Required authority system path not found: " + this.qnameAssocSystem);
        }
        List<ChildAssociationRef> childAssocs2 = this.nodeService.getChildAssocs(childAssocs.get(0).getChildRef(), RegexQNamePattern.MATCH_ALL, this.qnameAssocAuthorities);
        if (childAssocs2.size() == 0) {
            throw new AlfrescoRuntimeException("Required authority path not found: " + this.qnameAssocAuthorities);
        }
        return childAssocs2.get(0).getChildRef();
    }

    @Override // org.alfresco.repo.security.authority.AuthorityDAO
    public NodeRef getAuthorityNodeRefOrNull(String str) {
        return getAuthorityOrNull(str);
    }

    @Override // org.alfresco.repo.security.authority.AuthorityDAO
    public String getAuthorityName(NodeRef nodeRef) {
        String str = null;
        if (this.nodeService.exists(nodeRef)) {
            QName type = this.nodeService.getType(nodeRef);
            if (type.equals(ContentModel.TYPE_AUTHORITY_CONTAINER)) {
                str = (String) this.nodeService.getProperty(nodeRef, ContentModel.PROP_AUTHORITY_NAME);
            } else if (type.equals(ContentModel.TYPE_AUTHORITY)) {
                str = (String) this.nodeService.getProperty(nodeRef, ContentModel.PROP_USER_USERNAME);
            }
        }
        return str;
    }
}
