package org.alfresco.repo.security.authority;

import java.util.AbstractSet;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.TreeSet;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.filesys.alfresco.DesktopAction;
import org.alfresco.query.PagingRequest;
import org.alfresco.query.PagingResults;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
import org.alfresco.repo.security.person.UserNameMatcher;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.util.Pair;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.extensions.surf.util.ParameterCheck;

/* loaded from: input_file:org/alfresco/repo/security/authority/AuthorityServiceImpl.class */
public class AuthorityServiceImpl implements AuthorityService, InitializingBean {
    private static Set<String> DEFAULT_ZONES = new HashSet();
    private PersonService personService;
    private TenantService tenantService;
    private AuthorityDAO authorityDAO;
    private UserNameMatcher userNameMatcher;
    private AuthenticationService authenticationService;
    private PermissionServiceSPI permissionServiceSPI;
    private Set<String> adminSet = Collections.singleton("ROLE_ADMINISTRATOR");
    private Set<String> guestSet = Collections.singleton("ROLE_GUEST");
    private Set<String> allSet = Collections.singleton("GROUP_EVERYONE");
    private Set<String> adminGroups = Collections.emptySet();
    private Set<String> guestGroups = Collections.emptySet();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.alfresco.repo.security.authority.AuthorityServiceImpl$2, reason: invalid class name */
    /* loaded from: input_file:org/alfresco/repo/security/authority/AuthorityServiceImpl$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$alfresco$service$cmr$security$AuthorityType = new int[AuthorityType.values().length];

        static {
            try {
                $SwitchMap$org$alfresco$service$cmr$security$AuthorityType[AuthorityType.USER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$alfresco$service$cmr$security$AuthorityType[AuthorityType.GROUP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$alfresco$service$cmr$security$AuthorityType[AuthorityType.ROLE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$alfresco$service$cmr$security$AuthorityType[AuthorityType.ADMIN.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$alfresco$service$cmr$security$AuthorityType[AuthorityType.EVERYONE.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$alfresco$service$cmr$security$AuthorityType[AuthorityType.GUEST.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$alfresco$service$cmr$security$AuthorityType[AuthorityType.OWNER.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    /* loaded from: input_file:org/alfresco/repo/security/authority/AuthorityServiceImpl$UserAuthoritySet.class */
    public final class UserAuthoritySet extends AbstractSet<String> {
        private final String username;
        private Set<String> positiveHits = new TreeSet();
        private Set<String> negativeHits = new TreeSet();
        private boolean allAuthoritiesLoaded;

        public UserAuthoritySet(String str) {
            this.username = str;
            AuthorityServiceImpl.this.getRoleAuthorities(str, this.positiveHits, this.negativeHits);
        }

        private Set<String> getAllAuthorities() {
            if (!this.allAuthoritiesLoaded) {
                this.allAuthoritiesLoaded = true;
                this.positiveHits.addAll(AuthorityServiceImpl.this.getContainingAuthorities(null, this.username, false));
                this.negativeHits = null;
            }
            return this.positiveHits;
        }

        @Override // java.util.AbstractSet, java.util.AbstractCollection, java.util.Collection, java.util.Set
        public boolean removeAll(Collection<?> collection) {
            throw new UnsupportedOperationException();
        }

        @Override // java.util.AbstractCollection, java.util.Collection, java.util.Set
        public boolean add(String str) {
            return this.positiveHits.add(str);
        }

        @Override // java.util.AbstractCollection, java.util.Collection, java.util.Set
        public void clear() {
            throw new UnsupportedOperationException();
        }

        @Override // java.util.AbstractCollection, java.util.Collection, java.util.Set
        public boolean contains(Object obj) {
            if (!(obj instanceof String)) {
                return false;
            }
            if (this.positiveHits.contains(obj)) {
                return true;
            }
            if (this.allAuthoritiesLoaded || this.negativeHits.contains(obj)) {
                return false;
            }
            return AuthorityServiceImpl.this.hasAuthority(this.username, (String) obj, this.positiveHits, this.negativeHits);
        }

        @Override // java.util.AbstractCollection, java.util.Collection, java.util.Set
        public boolean remove(Object obj) {
            throw new UnsupportedOperationException();
        }

        @Override // java.util.AbstractCollection, java.util.Collection, java.util.Set
        public boolean retainAll(Collection<?> collection) {
            throw new UnsupportedOperationException();
        }

        @Override // java.util.AbstractCollection, java.util.Collection, java.lang.Iterable, java.util.Set
        public Iterator<String> iterator() {
            return getAllAuthorities().iterator();
        }

        @Override // java.util.AbstractCollection, java.util.Collection, java.util.Set
        public int size() {
            return getAllAuthorities().size();
        }

        public Object getUsername() {
            return this.username;
        }
    }

    public void setTenantService(TenantService tenantService) {
        this.tenantService = tenantService;
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    public void setAuthorityDAO(AuthorityDAO authorityDAO) {
        this.authorityDAO = authorityDAO;
    }

    public void setUserNameMatcher(UserNameMatcher userNameMatcher) {
        this.userNameMatcher = userNameMatcher;
    }

    public void setAuthenticationService(AuthenticationService authenticationService) {
        this.authenticationService = authenticationService;
    }

    public void setPermissionServiceSPI(PermissionServiceSPI permissionServiceSPI) {
        this.permissionServiceSPI = permissionServiceSPI;
    }

    public void setAdminGroups(Set<String> set) {
        this.adminGroups = set;
    }

    public void setGuestGroups(Set<String> set) {
        this.guestGroups = set;
    }

    public void afterPropertiesSet() throws Exception {
        if (!this.adminGroups.isEmpty()) {
            HashSet hashSet = new HashSet(this.adminGroups.size());
            Iterator<String> it = this.adminGroups.iterator();
            while (it.hasNext()) {
                hashSet.add(getName(AuthorityType.GROUP, it.next()));
            }
            this.adminGroups = hashSet;
        }
        if (this.guestGroups.isEmpty()) {
            return;
        }
        HashSet hashSet2 = new HashSet(this.guestGroups.size());
        Iterator<String> it2 = this.guestGroups.iterator();
        while (it2.hasNext()) {
            hashSet2.add(getName(AuthorityType.GROUP, it2.next()));
        }
        this.guestGroups = hashSet2;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public boolean hasAdminAuthority() {
        String runAsUser = AuthenticationUtil.getRunAsUser();
        return runAsUser != null && getAuthoritiesForUser(runAsUser).contains("ROLE_ADMINISTRATOR");
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public boolean isAdminAuthority(String str) {
        String userIdentifier = this.personService.getUserIdentifier(str);
        if (userIdentifier == null) {
            userIdentifier = str;
        }
        return getAuthoritiesForUser(userIdentifier).contains("ROLE_ADMINISTRATOR");
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public boolean hasGuestAuthority() {
        String runAsUser = AuthenticationUtil.getRunAsUser();
        return runAsUser != null && getAuthoritiesForUser(runAsUser).contains("ROLE_GUEST");
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public boolean isGuestAuthority(String str) {
        String userIdentifier = this.personService.getUserIdentifier(str);
        if (userIdentifier == null) {
            userIdentifier = str;
        }
        return getAuthoritiesForUser(userIdentifier).contains("ROLE_GUEST");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean hasAuthority(String str, String str2, Set<String> set, Set<String> set2) {
        if (AuthorityType.getAuthorityType(str2) == AuthorityType.USER) {
            return false;
        }
        if (str2.equals(str)) {
            return true;
        }
        return this.authorityDAO.isAuthorityContained(str2, str, set, set2);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public long countUsers() {
        long personCount = this.authorityDAO.getPersonCount();
        if (personCount > 0) {
            return personCount;
        }
        return 0L;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public long countGroups() {
        return this.authorityDAO.getGroupCount();
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAuthorities() {
        return getAuthoritiesForUser(AuthenticationUtil.getRunAsUser());
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAuthoritiesForUser(String str) {
        return new UserAuthoritySet(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Set<String> getRoleAuthorities(String str, Set<String> set, Set<String> set2) {
        TreeSet treeSet = new TreeSet();
        Set<String> defaultAdministratorUserNames = this.authenticationService.getDefaultAdministratorUserNames();
        Set<String> defaultGuestUserNames = this.authenticationService.getDefaultGuestUserNames();
        String guestUserName = AuthenticationUtil.getGuestUserName();
        if (guestUserName != null && guestUserName.length() > 0) {
            defaultGuestUserNames.add(guestUserName);
        }
        boolean containsMatch = containsMatch(defaultAdministratorUserNames, str);
        boolean containsMatch2 = containsMatch(defaultGuestUserNames, str);
        if (!containsMatch) {
            for (String str2 : this.adminGroups) {
                if (hasAuthority(str, str2, set, set2) || hasAuthority(str, this.tenantService.getBaseNameUser(str2), set, set2)) {
                    containsMatch = true;
                    break;
                }
            }
        }
        if (!containsMatch && !containsMatch2 && this.tenantService.getBaseNameUser(str).equalsIgnoreCase(AuthenticationUtil.getGuestUserName())) {
            containsMatch2 = true;
        }
        if (!containsMatch && !containsMatch2 && this.guestGroups.size() != 0) {
            for (String str3 : this.guestGroups) {
                if (hasAuthority(str, str3, set, set2) || hasAuthority(str, this.tenantService.getBaseNameUser(str3), set, set2)) {
                    containsMatch2 = true;
                    break;
                }
            }
        }
        if (containsMatch) {
            treeSet.addAll(this.adminSet);
            set.addAll(this.adminSet);
        }
        if (containsMatch2) {
            treeSet.addAll(this.guestSet);
            set.addAll(this.guestSet);
        } else {
            treeSet.addAll(this.allSet);
            set.addAll(this.allSet);
        }
        return treeSet;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAllAuthorities(AuthorityType authorityType) {
        List page = getAuthorities(authorityType, null, null, false, false, new PagingRequest(0, Integer.MAX_VALUE, (String) null)).getPage();
        HashSet hashSet = new HashSet(page.size());
        hashSet.addAll(page);
        return hashSet;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public PagingResults<AuthorityInfo> getAuthoritiesInfo(AuthorityType authorityType, String str, String str2, String str3, boolean z, PagingRequest pagingRequest) {
        ParameterCheck.mandatory("pagingRequest", pagingRequest);
        ParameterCheck.mandatory("type", authorityType);
        if (authorityType == AuthorityType.USER || authorityType == AuthorityType.GROUP || authorityType == AuthorityType.ROLE) {
            return this.authorityDAO.getAuthoritiesInfo(authorityType, str, str2, str3, z, pagingRequest);
        }
        throw new UnsupportedOperationException("Unexpected authority type: " + authorityType);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public PagingResults<String> getAuthorities(AuthorityType authorityType, String str, String str2, boolean z, boolean z2, PagingRequest pagingRequest) {
        ParameterCheck.mandatory("pagingRequest", pagingRequest);
        if (authorityType == null && str == null) {
            throw new IllegalArgumentException("Type and/or zoneName required - both cannot be null");
        }
        if (authorityType == null) {
            return this.authorityDAO.getAuthorities(authorityType, str, str2, z, z2, pagingRequest);
        }
        switch (AnonymousClass2.$SwitchMap$org$alfresco$service$cmr$security$AuthorityType[authorityType.ordinal()]) {
            case 1:
            case 2:
            case 3:
                return this.authorityDAO.getAuthorities(authorityType, str, str2, z, z2, pagingRequest);
            case 4:
            case 5:
            case DesktopAction.StsNoSuchAction /* 6 */:
            case DesktopAction.StsLaunchURL /* 7 */:
            default:
                return getOtherAuthorities(authorityType);
        }
    }

    private PagingResults<String> getOtherAuthorities(AuthorityType authorityType) {
        final ArrayList arrayList = new ArrayList();
        switch (AnonymousClass2.$SwitchMap$org$alfresco$service$cmr$security$AuthorityType[authorityType.ordinal()]) {
            case 1:
            case 2:
            case 3:
                throw new UnsupportedOperationException("Unexpected authority type: " + authorityType);
            case 4:
                arrayList.addAll(this.adminSet);
                break;
            case 5:
                arrayList.addAll(this.allSet);
                break;
            case DesktopAction.StsNoSuchAction /* 6 */:
                arrayList.addAll(this.guestSet);
                break;
        }
        return new PagingResults<String>() { // from class: org.alfresco.repo.security.authority.AuthorityServiceImpl.1
            public String getQueryExecutionId() {
                return null;
            }

            public List<String> getPage() {
                return arrayList;
            }

            public boolean hasMoreItems() {
                return false;
            }

            public Pair<Integer, Integer> getTotalResultCount() {
                return new Pair<>(Integer.valueOf(arrayList.size()), Integer.valueOf(arrayList.size()));
            }
        };
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void addAuthority(String str, String str2) {
        addAuthority(Collections.singleton(str), str2);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void addAuthority(Collection<String> collection, String str) {
        this.authorityDAO.addAuthority(collection, str);
    }

    private boolean containsMatch(Set<String> set, String str) {
        String baseNameUser = this.tenantService.getBaseNameUser(str);
        if (this.tenantService.isEnabled()) {
            for (String str2 : set) {
                if (this.userNameMatcher.matches(str2, str) || this.userNameMatcher.matches(this.tenantService.getBaseNameUser(str2), baseNameUser)) {
                    return true;
                }
            }
            return false;
        }
        for (String str3 : set) {
            if (this.userNameMatcher.matches(str3, str) || this.userNameMatcher.matches(str3, baseNameUser)) {
                return true;
            }
        }
        return false;
    }

    private void checkTypeIsMutable(AuthorityType authorityType) {
        if (authorityType != AuthorityType.GROUP && authorityType != AuthorityType.ROLE) {
            throw new AuthorityException("Trying to modify a fixed authority");
        }
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public String createAuthority(AuthorityType authorityType, String str) {
        return createAuthority(authorityType, str, str, getDefaultZones());
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void deleteAuthority(String str) {
        deleteAuthority(str, false);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void deleteAuthority(String str, boolean z) {
        AuthorityType authorityType = AuthorityType.getAuthorityType(str);
        checkTypeIsMutable(authorityType);
        if (z) {
            Iterator<String> it = getContainedAuthorities(authorityType, str, true).iterator();
            while (it.hasNext()) {
                deleteAuthority(it.next(), true);
            }
        }
        this.authorityDAO.deleteAuthority(str);
        this.permissionServiceSPI.deletePermissions(str);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAllRootAuthorities(AuthorityType authorityType) {
        return getAllRootAuthoritiesInZone(null, authorityType);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getContainedAuthorities(AuthorityType authorityType, String str, boolean z) {
        return this.authorityDAO.getContainedAuthorities(authorityType, str, z);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getContainingAuthorities(AuthorityType authorityType, String str, boolean z) {
        return this.authorityDAO.getContainingAuthorities(authorityType, str, z);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public NodeRef getAuthorityNodeRef(String str) {
        return this.authorityDAO.getAuthorityNodeRefOrNull(str);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getContainingAuthoritiesInZone(AuthorityType authorityType, String str, String str2, AuthorityService.AuthorityFilter authorityFilter, int i) {
        return this.authorityDAO.getContainingAuthoritiesInZone(authorityType, str, str2, authorityFilter, i);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void removeAuthority(String str, String str2) {
        this.authorityDAO.removeAuthority(str, str2);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public boolean authorityExists(String str) {
        return this.authorityDAO.authorityExists(str);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public String createAuthority(AuthorityType authorityType, String str, String str2, Set<String> set) {
        checkTypeIsMutable(authorityType);
        String name = getName(authorityType, str);
        if (authorityExists(name)) {
            throw new AlfrescoRuntimeException("Authority '" + name + "' already exists.");
        }
        this.authorityDAO.createAuthority(name, str2, set);
        return name;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public String getAuthorityDisplayName(String str) {
        String authorityDisplayName = this.authorityDAO.getAuthorityDisplayName(str);
        if (authorityDisplayName == null) {
            authorityDisplayName = getShortName(str);
        }
        return authorityDisplayName;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void setAuthorityDisplayName(String str, String str2) {
        checkTypeIsMutable(AuthorityType.getAuthorityType(str));
        this.authorityDAO.setAuthorityDisplayName(str, str2);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAuthorityZones(String str) {
        return this.authorityDAO.getAuthorityZones(str);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public NodeRef getOrCreateZone(String str) {
        return this.authorityDAO.getOrCreateZone(str);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public NodeRef getZone(String str) {
        return this.authorityDAO.getZone(str);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAllAuthoritiesInZone(String str, AuthorityType authorityType) {
        return this.authorityDAO.getAllAuthoritiesInZone(str, authorityType);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void addAuthorityToZones(String str, Set<String> set) {
        this.authorityDAO.addAuthorityToZones(str, set);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void removeAuthorityFromZones(String str, Set<String> set) {
        this.authorityDAO.removeAuthorityFromZones(str, set);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getDefaultZones() {
        return DEFAULT_ZONES;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAllRootAuthoritiesInZone(String str, AuthorityType authorityType) {
        return this.authorityDAO.getRootAuthorities(authorityType, str);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> findAuthorities(AuthorityType authorityType, String str, boolean z, String str2, String str3) {
        if (authorityType == null || authorityType == AuthorityType.GROUP || authorityType == AuthorityType.USER) {
            return this.authorityDAO.findAuthorities(authorityType, str, z, str2, str3);
        }
        throw new UnsupportedOperationException();
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public String getName(AuthorityType authorityType, String str) {
        return this.authorityDAO.getName(authorityType, str);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public String getShortName(String str) {
        return this.authorityDAO.getShortName(str);
    }

    static {
        DEFAULT_ZONES.add(AuthorityService.ZONE_APP_DEFAULT);
        DEFAULT_ZONES.add(AuthorityService.ZONE_AUTH_ALFRESCO);
    }
}
