package org.alfresco.repo.security.permissions.impl.model;

import java.io.IOException;
import java.io.InputStream;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.alfresco.repo.security.permissions.PermissionEntry;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.repo.security.permissions.impl.ModelDAO;
import org.alfresco.repo.security.permissions.impl.RequiredPermission;
import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
import org.alfresco.service.cmr.dictionary.AspectDefinition;
import org.alfresco.service.cmr.dictionary.ClassDefinition;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.dictionary.TypeDefinition;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.DynamicNamespacePrefixResolver;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.dom4j.Attribute;
import org.dom4j.Document;
import org.dom4j.DocumentException;
import org.dom4j.Element;
import org.dom4j.io.SAXReader;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:WEB-INF/lib/alfresco-repository.jar:org/alfresco/repo/security/permissions/impl/model/PermissionModel.class */
public class PermissionModel implements ModelDAO, InitializingBean {
    private NodeService nodeService;
    private DictionaryService dictionaryService;
    private static final String NAMESPACES = "namespaces";
    private static final String NAMESPACE = "namespace";
    private static final String NAMESPACE_URI = "uri";
    private static final String NAMESPACE_PREFIX = "prefix";
    private static final String PERMISSION_SET = "permissionSet";
    private static final String GLOBAL_PERMISSION = "globalPermission";
    private static final String DENY = "deny";
    private static final String ALLOW = "allow";
    private static final String DEFAULT_PERMISSION = "defaultPermission";
    private String model;
    private AccessStatus defaultPermission;
    private HashMap<String, PermissionReference> uniqueMap;
    private HashMap<PermissionReference, Permission> permissionMap;
    private HashMap<PermissionReference, PermissionGroup> permissionGroupMap;
    private HashMap<String, PermissionReference> permissionReferenceMap;
    private Collection<QName> allAspects;
    private Map<QName, PermissionSet> permissionSets = new HashMap(128, 1.0f);
    private Set<GlobalPermissionEntry> globalPermissions = new HashSet();
    private HashMap<PermissionReference, Set<PermissionReference>> grantingPermissions = new HashMap<>(256, 1.0f);
    private HashMap<PermissionReference, Set<PermissionReference>> granteePermissions = new HashMap<>(256, 1.0f);
    private HashMap<PermissionGroup, PermissionGroup> groupsToBaseGroup = new HashMap<>(256, 1.0f);
    private Map<QName, Set<PermissionReference>> cachedTypePermissionsExposed = new HashMap(256, 1.0f);
    private Map<QName, Set<PermissionReference>> cachedTypePermissionsUnexposed = new HashMap(256, 1.0f);
    private HashMap<RequiredKey, Set<PermissionReference>> requiredPermissionsCache = new HashMap<>(1024);

    /* loaded from: input_file:WEB-INF/lib/alfresco-repository.jar:org/alfresco/repo/security/permissions/impl/model/PermissionModel$RequiredKey.class */
    public static class RequiredKey {
        PermissionReference required;
        QName qName;
        Set<QName> aspectQNames;
        RequiredPermission.On on;
        int hashCode = 0;
        private static ReadWriteLock lock = new ReentrantReadWriteLock();
        private static HashMap<PermissionReference, HashMap<QName, HashMap<Set<QName>, EnumMap<RequiredPermission.On, RequiredKey>>>> instances = new HashMap<>();

        public static RequiredKey getRequiredKey(PermissionReference permissionReference, QName qName, Set<QName> set, RequiredPermission.On on) {
            HashMap<Set<QName>, EnumMap<RequiredPermission.On, RequiredKey>> hashMap;
            EnumMap<RequiredPermission.On, RequiredKey> enumMap;
            lock.readLock().lock();
            try {
                HashMap<QName, HashMap<Set<QName>, EnumMap<RequiredPermission.On, RequiredKey>>> hashMap2 = instances.get(permissionReference);
                if (hashMap2 != null && (hashMap = hashMap2.get(qName)) != null && (enumMap = hashMap.get(set)) != null) {
                    RequiredKey requiredKey = enumMap.get(on);
                    if (requiredKey != null) {
                        return requiredKey;
                    }
                }
                lock.writeLock().lock();
                try {
                    HashMap<QName, HashMap<Set<QName>, EnumMap<RequiredPermission.On, RequiredKey>>> hashMap3 = instances.get(permissionReference);
                    if (hashMap3 == null) {
                        hashMap3 = new HashMap<>();
                        instances.put(permissionReference, hashMap3);
                    }
                    HashMap<Set<QName>, EnumMap<RequiredPermission.On, RequiredKey>> hashMap4 = hashMap3.get(qName);
                    if (hashMap4 == null) {
                        hashMap4 = new HashMap<>();
                        hashMap3.put(qName, hashMap4);
                    }
                    EnumMap<RequiredPermission.On, RequiredKey> enumMap2 = hashMap4.get(set);
                    if (enumMap2 == null) {
                        enumMap2 = new EnumMap<>((Class<RequiredPermission.On>) RequiredPermission.On.class);
                        hashMap4.put(set, enumMap2);
                    }
                    RequiredKey requiredKey2 = enumMap2.get(on);
                    if (requiredKey2 == null) {
                        requiredKey2 = new RequiredKey(permissionReference, qName, set, on);
                        enumMap2.put((EnumMap<RequiredPermission.On, RequiredKey>) on, (RequiredPermission.On) requiredKey2);
                    }
                    return requiredKey2;
                } finally {
                    lock.writeLock().unlock();
                }
            } finally {
                lock.readLock().unlock();
            }
        }

        RequiredKey(PermissionReference permissionReference, QName qName, Set<QName> set, RequiredPermission.On on) {
            this.required = permissionReference;
            this.qName = qName;
            this.aspectQNames = set;
            this.on = on;
        }

        public int hashCode() {
            if (this.hashCode == 0) {
                this.hashCode = (1000003 * ((1000003 * ((1000003 * ((1000003 * 1) + (this.aspectQNames == null ? 0 : this.aspectQNames.hashCode()))) + (this.on == null ? 0 : this.on.ordinal()))) + (this.qName == null ? 0 : this.qName.hashCode()))) + (this.required == null ? 0 : this.required.hashCode());
            }
            return this.hashCode;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            RequiredKey requiredKey = (RequiredKey) obj;
            if (this.required == null) {
                if (requiredKey.required != null) {
                    return false;
                }
            } else if (!this.required.equals(requiredKey.required)) {
                return false;
            }
            if (this.qName == null) {
                if (requiredKey.qName != null) {
                    return false;
                }
            } else if (!this.qName.equals(requiredKey.qName)) {
                return false;
            }
            if (this.on == null) {
                if (requiredKey.on != null) {
                    return false;
                }
            } else if (!this.on.equals(requiredKey.on)) {
                return false;
            }
            return this.aspectQNames == null ? requiredKey.aspectQNames == null : this.aspectQNames.equals(requiredKey.aspectQNames);
        }
    }

    public void setModel(String str) {
        this.model = str;
    }

    public void setDictionaryService(DictionaryService dictionaryService) {
        this.dictionaryService = dictionaryService;
    }

    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        addPermissionModel(this.model);
    }

    public void addPermissionModel(String str) {
        Element rootElement = createDocument(str).getRootElement();
        Attribute attribute = rootElement.attribute(DEFAULT_PERMISSION);
        if (attribute == null) {
            this.defaultPermission = AccessStatus.DENIED;
        } else if (attribute.getStringValue().equalsIgnoreCase("allow")) {
            this.defaultPermission = AccessStatus.ALLOWED;
        } else {
            if (!attribute.getStringValue().equalsIgnoreCase(DENY)) {
                throw new PermissionModelException("The default permission must be deny or allow");
            }
            this.defaultPermission = AccessStatus.DENIED;
        }
        DynamicNamespacePrefixResolver dynamicNamespacePrefixResolver = new DynamicNamespacePrefixResolver();
        Iterator elementIterator = rootElement.elementIterator("namespaces");
        while (elementIterator.hasNext()) {
            Iterator elementIterator2 = ((Element) elementIterator.next()).elementIterator("namespace");
            while (elementIterator2.hasNext()) {
                Element element = (Element) elementIterator2.next();
                dynamicNamespacePrefixResolver.registerNamespace(element.attributeValue(NAMESPACE_PREFIX), element.attributeValue("uri"));
            }
        }
        Iterator elementIterator3 = rootElement.elementIterator(PERMISSION_SET);
        while (elementIterator3.hasNext()) {
            Element element2 = (Element) elementIterator3.next();
            PermissionSet permissionSet = new PermissionSet();
            permissionSet.initialise(element2, dynamicNamespacePrefixResolver, this);
            this.permissionSets.put(permissionSet.getQName(), permissionSet);
        }
        buildUniquePermissionMap();
        Iterator elementIterator4 = rootElement.elementIterator(GLOBAL_PERMISSION);
        while (elementIterator4.hasNext()) {
            Element element3 = (Element) elementIterator4.next();
            GlobalPermissionEntry globalPermissionEntry = new GlobalPermissionEntry();
            globalPermissionEntry.initialise(element3, dynamicNamespacePrefixResolver, this);
            this.globalPermissions.add(globalPermissionEntry);
        }
        this.allAspects = this.dictionaryService.getAllAspects();
    }

    private Document createDocument(String str) {
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(str);
        if (resourceAsStream == null) {
            throw new PermissionModelException("File not found: " + str);
        }
        try {
            Document read = new SAXReader().read(resourceAsStream);
            resourceAsStream.close();
            return read;
        } catch (IOException e) {
            throw new PermissionModelException("Failed to close permission model document ", e);
        } catch (DocumentException e2) {
            throw new PermissionModelException("Failed to create permission model document ", e2);
        }
    }

    public AccessStatus getDefaultPermission() {
        return this.defaultPermission;
    }

    public AccessStatus getDefaultPermission(PermissionReference permissionReference) {
        Permission permission = this.permissionMap.get(permissionReference);
        return permission == null ? this.defaultPermission : permission.getDefaultPermission();
    }

    @Override // org.alfresco.repo.security.permissions.impl.ModelDAO
    public Set<? extends PermissionEntry> getGlobalPermissionEntries() {
        return Collections.unmodifiableSet(this.globalPermissions);
    }

    public Map<QName, PermissionSet> getPermissionSets() {
        return Collections.unmodifiableMap(this.permissionSets);
    }

    @Override // org.alfresco.repo.security.permissions.impl.ModelDAO
    public Set<PermissionReference> getAllPermissions(QName qName) {
        return getAllPermissionsImpl(qName, null, false);
    }

    @Override // org.alfresco.repo.security.permissions.impl.ModelDAO
    public Set<PermissionReference> getExposedPermissions(QName qName) {
        return getAllPermissionsImpl(qName, null, true);
    }

    private Set<PermissionReference> getAllPermissionsImpl(QName qName, boolean z) {
        Map<QName, Set<PermissionReference>> map = z ? this.cachedTypePermissionsExposed : this.cachedTypePermissionsUnexposed;
        Set<PermissionReference> set = map.get(qName);
        if (set == null) {
            LinkedHashSet linkedHashSet = new LinkedHashSet(256, 1.0f);
            ClassDefinition classDefinition = this.dictionaryService.getClass(qName);
            if (classDefinition != null) {
                if (classDefinition.isAspect()) {
                    addAspectPermissions(qName, linkedHashSet, z);
                } else {
                    mergeGeneralAspectPermissions(linkedHashSet, z);
                    addTypePermissions(qName, linkedHashSet, z);
                }
            }
            set = Collections.unmodifiableSet(linkedHashSet);
            map.put(qName, set);
        }
        return set;
    }

    private void addTypePermissions(QName qName, Set<PermissionReference> set, boolean z) {
        TypeDefinition type = this.dictionaryService.getType(qName);
        if (type == null) {
            return;
        }
        if (type.getParentName() != null) {
            PermissionSet permissionSet = this.permissionSets.get(qName);
            if (!z || permissionSet == null || permissionSet.exposeAll()) {
                addTypePermissions(type.getParentName(), set, z);
            }
        }
        Iterator<AspectDefinition> it = type.getDefaultAspects().iterator();
        while (it.hasNext()) {
            addAspectPermissions(it.next().getName(), set, z);
        }
        mergePermissions(set, qName, z, true);
    }

    private void addAspectPermissions(QName qName, Set<PermissionReference> set, boolean z) {
        AspectDefinition aspect = this.dictionaryService.getAspect(qName);
        if (aspect == null) {
            return;
        }
        if (aspect.getParentName() != null) {
            PermissionSet permissionSet = this.permissionSets.get(qName);
            if (!z || permissionSet == null || permissionSet.exposeAll()) {
                addAspectPermissions(aspect.getParentName(), set, z);
            }
        }
        mergePermissions(set, qName, z, true);
    }

    private void mergePermissions(Set<PermissionReference> set, QName qName, boolean z, boolean z2) {
        PermissionSet permissionSet = this.permissionSets.get(qName);
        if (permissionSet != null) {
            for (PermissionGroup permissionGroup : permissionSet.getPermissionGroups()) {
                if (!z || permissionSet.exposeAll() || permissionGroup.isExposed()) {
                    if (permissionGroup.isExtends()) {
                        if (z && permissionGroup.isTypeRequired() == z2) {
                            PermissionGroup basePermissionGroup = getBasePermissionGroup(permissionGroup);
                            set.add(SimplePermissionReference.getPermissionReference(basePermissionGroup.getQName(), basePermissionGroup.getName()));
                        }
                    } else if (permissionGroup.isTypeRequired() == z2) {
                        set.add(SimplePermissionReference.getPermissionReference(permissionGroup.getQName(), permissionGroup.getName()));
                    }
                }
            }
            for (Permission permission : permissionSet.getPermissions()) {
                if (!z || permissionSet.exposeAll() || permission.isExposed()) {
                    if (permission.isTypeRequired() == z2) {
                        set.add(SimplePermissionReference.getPermissionReference(permission.getQName(), permission.getName()));
                    }
                }
            }
        }
    }

    private void mergeGeneralAspectPermissions(Set<PermissionReference> set, boolean z) {
        Iterator<QName> it = this.allAspects.iterator();
        while (it.hasNext()) {
            mergePermissions(set, it.next(), z, false);
        }
    }

    @Override // org.alfresco.repo.security.permissions.impl.ModelDAO
    public Set<PermissionReference> getAllPermissions(NodeRef nodeRef) {
        return getAllPermissionsImpl(this.nodeService.getType(nodeRef), this.nodeService.getAspects(nodeRef), false);
    }

    @Override // org.alfresco.repo.security.permissions.impl.ModelDAO
    public Set<PermissionReference> getExposedPermissions(NodeRef nodeRef) {
        return getAllPermissionsImpl(this.nodeService.getType(nodeRef), this.nodeService.getAspects(nodeRef), true);
    }

    @Override // org.alfresco.repo.security.permissions.impl.ModelDAO
    public Set<PermissionReference> getAllPermissions(QName qName, Set<QName> set) {
        return getAllPermissionsImpl(qName, set, false);
    }

    private Set<PermissionReference> getAllPermissionsImpl(QName qName, Set<QName> set, boolean z) {
        LinkedHashSet linkedHashSet = new LinkedHashSet(256, 1.0f);
        ClassDefinition classDefinition = this.dictionaryService.getClass(qName);
        linkedHashSet.addAll(getAllPermissionsImpl(qName, z));
        if (classDefinition != null) {
            HashSet hashSet = new HashSet();
            Iterator<AspectDefinition> it = classDefinition.getDefaultAspects().iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().getName());
            }
            if (set != null) {
                for (QName qName2 : set) {
                    if (!hashSet.contains(qName2)) {
                        addAspectPermissions(qName2, linkedHashSet, z);
                    }
                }
            }
        }
        return linkedHashSet;
    }

    @Override // org.alfresco.repo.security.permissions.impl.ModelDAO
    public synchronized Set<PermissionReference> getGrantingPermissions(PermissionReference permissionReference) {
        Set<PermissionReference> set = this.grantingPermissions.get(permissionReference);
        if (set == null) {
            Set<PermissionReference> grantingPermissionsImpl = getGrantingPermissionsImpl(permissionReference);
            HashSet hashSet = new HashSet();
            for (PermissionReference permissionReference2 : grantingPermissionsImpl) {
                hashSet.add(SimplePermissionReference.getPermissionReference(permissionReference2.getQName(), permissionReference2.getName()));
            }
            set = Collections.unmodifiableSet(hashSet);
            this.grantingPermissions.put(permissionReference, set);
        }
        return set;
    }

    private Set<PermissionReference> getGrantingPermissionsImpl(PermissionReference permissionReference) {
        HashSet hashSet = new HashSet(256, 1.0f);
        hashSet.add(permissionReference);
        for (PermissionSet permissionSet : this.permissionSets.values()) {
            for (PermissionGroup permissionGroup : permissionSet.getPermissionGroups()) {
                if (grants(permissionGroup, permissionReference)) {
                    hashSet.add(getBasePermissionGroup(permissionGroup));
                }
                if (permissionGroup.isAllowFullControl()) {
                    hashSet.add(permissionGroup);
                }
            }
            for (Permission permission : permissionSet.getPermissions()) {
                if (permission.equals(permissionReference)) {
                    Iterator<PermissionReference> it = permission.getGrantedToGroups().iterator();
                    while (it.hasNext()) {
                        hashSet.add(getBasePermissionGroup(getPermissionGroup(it.next())));
                    }
                }
                Iterator<RequiredPermission> it2 = permission.getRequiredPermissions().iterator();
                while (true) {
                    if (it2.hasNext()) {
                        RequiredPermission next = it2.next();
                        if (next.equals(permissionReference) && next.isImplies()) {
                            hashSet.add(permission);
                            break;
                        }
                    }
                }
            }
        }
        return hashSet;
    }

    private boolean grants(PermissionGroup permissionGroup, PermissionReference permissionReference) {
        if (permissionGroup.getIncludedPermissionGroups().contains(permissionReference) || getGranteePermissions(permissionGroup).contains(permissionReference)) {
            return true;
        }
        Iterator<PermissionReference> it = permissionGroup.getIncludedPermissionGroups().iterator();
        while (it.hasNext()) {
            if (grants(getPermissionGroup(it.next()), permissionReference)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.alfresco.repo.security.permissions.impl.ModelDAO
    public synchronized Set<PermissionReference> getGranteePermissions(PermissionReference permissionReference) {
        Set<PermissionReference> set = this.granteePermissions.get(permissionReference);
        if (set == null) {
            Set<PermissionReference> granteePermissionsImpl = getGranteePermissionsImpl(permissionReference);
            HashSet hashSet = new HashSet();
            for (PermissionReference permissionReference2 : granteePermissionsImpl) {
                hashSet.add(SimplePermissionReference.getPermissionReference(permissionReference2.getQName(), permissionReference2.getName()));
            }
            set = Collections.unmodifiableSet(hashSet);
            this.granteePermissions.put(permissionReference, set);
        }
        return set;
    }

    private Set<PermissionReference> getGranteePermissionsImpl(PermissionReference permissionReference) {
        HashSet hashSet = new HashSet(256, 1.0f);
        hashSet.add(permissionReference);
        for (PermissionSet permissionSet : this.permissionSets.values()) {
            for (PermissionGroup permissionGroup : permissionSet.getPermissionGroups()) {
                if (permissionGroup.equals(permissionReference)) {
                    Iterator<PermissionReference> it = permissionGroup.getIncludedPermissionGroups().iterator();
                    while (it.hasNext()) {
                        hashSet.addAll(getGranteePermissions(it.next()));
                    }
                    if (permissionGroup.isExtends()) {
                        if (permissionGroup.getTypeQName() != null) {
                            hashSet.addAll(getGranteePermissions(SimplePermissionReference.getPermissionReference(permissionGroup.getTypeQName(), permissionGroup.getName())));
                        } else {
                            QName parentName = this.dictionaryService.getClass(permissionGroup.getQName()).getParentName();
                            if (parentName != null) {
                                this.dictionaryService.getClass(parentName);
                                PermissionGroup permissionGroupOrNull = getPermissionGroupOrNull(SimplePermissionReference.getPermissionReference(parentName, permissionGroup.getName()));
                                if (permissionGroupOrNull != null) {
                                    hashSet.addAll(getGranteePermissions(permissionGroupOrNull));
                                }
                            }
                        }
                    }
                    if (permissionGroup.isAllowFullControl()) {
                        hashSet.addAll(getAllPermissions());
                    }
                }
            }
            PermissionGroup basePermissionGroupOrNull = getBasePermissionGroupOrNull(getPermissionGroupOrNull(permissionReference));
            if (basePermissionGroupOrNull != null) {
                for (Permission permission : permissionSet.getPermissions()) {
                    Iterator<PermissionReference> it2 = permission.getGrantedToGroups().iterator();
                    while (it2.hasNext()) {
                        if (basePermissionGroupOrNull.equals(getBasePermissionGroupOrNull(getPermissionGroupOrNull(it2.next())))) {
                            hashSet.add(permission);
                        }
                    }
                }
            }
        }
        return hashSet;
    }

    private Set<PermissionReference> getAllPermissions() {
        HashSet hashSet = new HashSet(256, 1.0f);
        for (PermissionSet permissionSet : this.permissionSets.values()) {
            for (PermissionGroup permissionGroup : permissionSet.getPermissionGroups()) {
                hashSet.add(SimplePermissionReference.getPermissionReference(permissionGroup.getQName(), permissionGroup.getName()));
            }
            for (Permission permission : permissionSet.getPermissions()) {
                hashSet.add(SimplePermissionReference.getPermissionReference(permission.getQName(), permission.getName()));
            }
        }
        return hashSet;
    }

    private PermissionGroup getPermissionGroupOrNull(PermissionReference permissionReference) {
        PermissionGroup permissionGroup = this.permissionGroupMap.get(permissionReference);
        if (permissionGroup == null) {
            return null;
        }
        return permissionGroup;
    }

    private PermissionGroup getPermissionGroup(PermissionReference permissionReference) {
        PermissionGroup permissionGroupOrNull = getPermissionGroupOrNull(permissionReference);
        if (permissionGroupOrNull == null) {
            throw new PermissionModelException("There is no permission group :" + permissionReference.getQName() + " " + permissionReference.getName());
        }
        return permissionGroupOrNull;
    }

    private synchronized PermissionGroup getBasePermissionGroupOrNull(PermissionGroup permissionGroup) {
        PermissionGroup permissionGroup2 = this.groupsToBaseGroup.get(permissionGroup);
        if (permissionGroup2 == null) {
            permissionGroup2 = getBasePermissionGroupOrNullImpl(permissionGroup);
            this.groupsToBaseGroup.put(permissionGroup, permissionGroup2);
        }
        return permissionGroup2;
    }

    private PermissionGroup getBasePermissionGroupOrNullImpl(PermissionGroup permissionGroup) {
        if (permissionGroup == null) {
            return null;
        }
        if (!permissionGroup.isExtends()) {
            return permissionGroup;
        }
        if (permissionGroup.getTypeQName() != null) {
            return getPermissionGroup(SimplePermissionReference.getPermissionReference(permissionGroup.getTypeQName(), permissionGroup.getName()));
        }
        ClassDefinition classDefinition = this.dictionaryService.getClass(permissionGroup.getQName());
        while (true) {
            QName parentName = classDefinition.getParentName();
            if (parentName == null) {
                return null;
            }
            classDefinition = this.dictionaryService.getClass(parentName);
            PermissionGroup permissionGroupOrNull = getPermissionGroupOrNull(SimplePermissionReference.getPermissionReference(parentName, permissionGroup.getName()));
            if (permissionGroupOrNull != null && !permissionGroupOrNull.isExtends()) {
                return permissionGroupOrNull;
            }
        }
    }

    private PermissionGroup getBasePermissionGroup(PermissionGroup permissionGroup) {
        PermissionGroup basePermissionGroupOrNull = getBasePermissionGroupOrNull(permissionGroup);
        if (basePermissionGroupOrNull == null) {
            throw new PermissionModelException("There is no parent for permission group :" + permissionGroup.getQName() + " " + permissionGroup.getName());
        }
        return basePermissionGroupOrNull;
    }

    static RequiredKey generateKey(PermissionReference permissionReference, QName qName, Set<QName> set, RequiredPermission.On on) {
        return RequiredKey.getRequiredKey(permissionReference, qName, set, on);
    }

    @Override // org.alfresco.repo.security.permissions.impl.ModelDAO
    public Set<PermissionReference> getRequiredPermissions(PermissionReference permissionReference, QName qName, Set<QName> set, RequiredPermission.On on) {
        RequiredKey generateKey = generateKey(permissionReference, qName, set, on);
        Set<PermissionReference> set2 = this.requiredPermissionsCache.get(generateKey);
        if (set2 == null) {
            PermissionGroup basePermissionGroupOrNull = getBasePermissionGroupOrNull(getPermissionGroupOrNull(permissionReference));
            set2 = Collections.unmodifiableSet(basePermissionGroupOrNull == null ? getRequirementsForPermission(permissionReference, on) : getRequirementsForPermissionGroup(basePermissionGroupOrNull, on, qName, set));
            this.requiredPermissionsCache.put(generateKey, set2);
        }
        return set2;
    }

    private Set<PermissionReference> getRequirementsForPermission(PermissionReference permissionReference, RequiredPermission.On on) {
        HashSet hashSet = new HashSet();
        Permission permissionOrNull = getPermissionOrNull(permissionReference);
        if (permissionOrNull != null) {
            for (RequiredPermission requiredPermission : permissionOrNull.getRequiredPermissions()) {
                if (!requiredPermission.isImplies() && requiredPermission.getOn().equals(on)) {
                    hashSet.add(requiredPermission);
                }
            }
        }
        return hashSet;
    }

    private Set<PermissionReference> getRequirementsForPermissionGroup(PermissionGroup permissionGroup, RequiredPermission.On on, QName qName, Set<QName> set) {
        HashSet hashSet = new HashSet(16, 1.0f);
        if (permissionGroup == null) {
            return hashSet;
        }
        for (PermissionSet permissionSet : this.permissionSets.values()) {
            for (PermissionGroup permissionGroup2 : permissionSet.getPermissionGroups()) {
                PermissionGroup basePermissionGroupOrNull = getBasePermissionGroupOrNull(permissionGroup2);
                if (permissionGroup.equals(basePermissionGroupOrNull) || permissionGroup.isAllowFullControl()) {
                    if (!basePermissionGroupOrNull.isTypeRequired() || isPartOfDynamicPermissionGroup(permissionGroup2, qName, set)) {
                        Iterator<PermissionReference> it = permissionGroup2.getIncludedPermissionGroups().iterator();
                        while (it.hasNext()) {
                            hashSet.addAll(getRequirementsForPermissionGroup(getBasePermissionGroupOrNull(getPermissionGroupOrNull(it.next())), on, qName, set));
                        }
                    }
                }
            }
            for (Permission permission : permissionSet.getPermissions()) {
                for (PermissionReference permissionReference : permission.getGrantedToGroups()) {
                    PermissionGroup basePermissionGroupOrNull2 = getBasePermissionGroupOrNull(getPermissionGroupOrNull(permissionReference));
                    if (permissionGroup.equals(basePermissionGroupOrNull2) || permissionGroup.isAllowFullControl()) {
                        if (!basePermissionGroupOrNull2.isTypeRequired() || isPartOfDynamicPermissionGroup(permissionReference, qName, set)) {
                            if (on == RequiredPermission.On.NODE) {
                                hashSet.add(permission);
                            }
                        }
                    }
                }
            }
        }
        return hashSet;
    }

    private boolean isPartOfDynamicPermissionGroup(PermissionReference permissionReference, QName qName, Set<QName> set) {
        if (this.dictionaryService.isSubClass(qName, permissionReference.getQName())) {
            return true;
        }
        Iterator<QName> it = set.iterator();
        while (it.hasNext()) {
            if (this.dictionaryService.isSubClass(it.next(), permissionReference.getQName())) {
                return true;
            }
        }
        return false;
    }

    private Permission getPermissionOrNull(PermissionReference permissionReference) {
        Permission permission = this.permissionMap.get(permissionReference);
        if (permission == null) {
            return null;
        }
        return permission;
    }

    @Override // org.alfresco.repo.security.permissions.impl.ModelDAO
    public boolean checkPermission(PermissionReference permissionReference) {
        if (getPermissionOrNull(permissionReference) != null) {
            return true;
        }
        PermissionGroup permissionGroupOrNull = getPermissionGroupOrNull(permissionReference);
        if (permissionGroupOrNull == null) {
            return false;
        }
        if (!permissionGroupOrNull.isExtends()) {
            return permissionGroupOrNull.isAllowFullControl();
        }
        if (permissionGroupOrNull.getTypeQName() != null) {
            return checkPermission(SimplePermissionReference.getPermissionReference(permissionGroupOrNull.getTypeQName(), permissionGroupOrNull.getName()));
        }
        ClassDefinition classDefinition = this.dictionaryService.getClass(permissionGroupOrNull.getQName());
        while (true) {
            QName parentName = classDefinition.getParentName();
            if (parentName == null) {
                return false;
            }
            classDefinition = this.dictionaryService.getClass(parentName);
            PermissionGroup permissionGroupOrNull2 = getPermissionGroupOrNull(SimplePermissionReference.getPermissionReference(parentName, permissionGroupOrNull.getName()));
            if (permissionGroupOrNull2 != null && permissionGroupOrNull2.isAllowFullControl()) {
                return true;
            }
        }
    }

    @Override // org.alfresco.repo.security.permissions.impl.ModelDAO
    public PermissionReference getPermissionReference(QName qName, String str) {
        if (str == null) {
            return null;
        }
        PermissionReference permissionReference = this.uniqueMap.get(str);
        if (permissionReference == null) {
            permissionReference = this.permissionReferenceMap.get(str);
            if (permissionReference == null) {
                throw new UnsupportedOperationException("Can not find " + str);
            }
        }
        return permissionReference;
    }

    @Override // org.alfresco.repo.security.permissions.impl.ModelDAO
    public boolean isUnique(PermissionReference permissionReference) {
        return this.uniqueMap.containsKey(permissionReference.getName());
    }

    private void buildUniquePermissionMap() {
        HashSet hashSet = new HashSet(128, 1.0f);
        this.uniqueMap = new HashMap<>(256, 1.0f);
        this.permissionReferenceMap = new HashMap<>(256, 1.0f);
        this.permissionGroupMap = new HashMap<>(128, 1.0f);
        this.permissionMap = new HashMap<>(64, 1.0f);
        for (PermissionSet permissionSet : this.permissionSets.values()) {
            for (PermissionGroup permissionGroup : permissionSet.getPermissionGroups()) {
                this.permissionGroupMap.put(SimplePermissionReference.getPermissionReference(permissionGroup.getQName(), permissionGroup.getName()), permissionGroup);
                this.permissionReferenceMap.put(permissionGroup.toString(), SimplePermissionReference.getPermissionReference(permissionGroup.getQName(), permissionGroup.getName()));
            }
            for (Permission permission : permissionSet.getPermissions()) {
                this.permissionReferenceMap.put(permission.toString(), SimplePermissionReference.getPermissionReference(permission.getQName(), permission.getName()));
                this.permissionMap.put(SimplePermissionReference.getPermissionReference(permission.getQName(), permission.getName()), permission);
            }
        }
        for (PermissionSet permissionSet2 : this.permissionSets.values()) {
            for (PermissionGroup permissionGroup2 : permissionSet2.getPermissionGroups()) {
                if (!this.uniqueMap.containsKey(permissionGroup2.getName()) || hashSet.contains(permissionGroup2.getName())) {
                    PermissionGroup basePermissionGroup = getBasePermissionGroup(permissionGroup2);
                    this.uniqueMap.put(permissionGroup2.getName(), SimplePermissionReference.getPermissionReference(basePermissionGroup.getQName(), basePermissionGroup.getName()));
                } else if (!this.uniqueMap.get(permissionGroup2.getName()).equals(getBasePermissionGroup(permissionGroup2))) {
                    this.uniqueMap.remove(permissionGroup2.getName());
                    hashSet.add(permissionGroup2.getName());
                }
            }
            for (Permission permission2 : permissionSet2.getPermissions()) {
                if (!this.uniqueMap.containsKey(permission2.getName()) || hashSet.contains(permission2.getName())) {
                    this.uniqueMap.put(permission2.getName(), SimplePermissionReference.getPermissionReference(permission2.getQName(), permission2.getName()));
                } else if (!this.uniqueMap.get(permission2.getName()).equals(permission2)) {
                    this.uniqueMap.remove(permission2.getName());
                    hashSet.add(permission2.getName());
                }
            }
        }
        if (this.uniqueMap.containsKey("All")) {
            throw new IllegalStateException("There must not be a permission with the same name as the ALL_PERMISSION constant: All");
        }
        this.uniqueMap.put("All", SimplePermissionReference.getPermissionReference(QName.createQName(NamespaceService.SECURITY_MODEL_1_0_URI, "All"), "All"));
    }
}
