package sk.seges.acris.security.server.spring.acl.service;

import org.springframework.security.Authentication;
import org.springframework.security.acls.AlreadyExistsException;
import org.springframework.security.acls.ChildrenExistException;
import org.springframework.security.acls.MutableAcl;
import org.springframework.security.acls.MutableAclService;
import org.springframework.security.acls.NotFoundException;
import org.springframework.security.acls.Permission;
import org.springframework.security.acls.domain.AccessControlEntryImpl;
import org.springframework.security.acls.objectidentity.ObjectIdentity;
import org.springframework.security.acls.objectidentity.ObjectIdentityImpl;
import org.springframework.security.acls.sid.GrantedAuthoritySid;
import org.springframework.security.acls.sid.PrincipalSid;
import org.springframework.security.acls.sid.Sid;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.transaction.annotation.Transactional;
import sk.seges.acris.security.server.core.acl.domain.api.AclEntry;
import sk.seges.acris.security.server.core.acl.domain.api.AclSecuredClassDescription;
import sk.seges.acris.security.server.core.acl.domain.api.AclSecuredObjectIdentity;
import sk.seges.acris.security.server.core.acl.domain.api.AclSid;
import sk.seges.acris.security.shared.domain.ISecuredObject;
import sk.seges.acris.security.shared.spring.user_management.domain.SpringUserAdapter;
import sk.seges.acris.security.shared.user_management.domain.api.UserData;

/* loaded from: input_file:sk/seges/acris/security/server/spring/acl/service/SpringMutableAclService.class */
public class SpringMutableAclService extends SpringAclService implements MutableAclService {
    @Transactional
    public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
        AclSecuredObjectIdentity aclSecuredObjectIdentity = getAclSecuredObjectIdentity(objectIdentity);
        if (aclSecuredObjectIdentity != null) {
            throw new AlreadyExistsException("Object identity '" + aclSecuredObjectIdentity + "' already exists");
        }
        AclSecuredClassDescription loadOrCreate = this.aclSecuredClassDao.loadOrCreate(objectIdentity.getJavaType());
        PrincipalSid principalSid = new PrincipalSid(SecurityContextHolder.getContext().getAuthentication());
        AclSid loadOrCreate2 = this.aclSecurityIDDao.loadOrCreate(getSidName(principalSid), isPrincipal(principalSid));
        AclSecuredObjectIdentity createDefaultEntity = this.aclObjectIdentityDao.createDefaultEntity();
        createDefaultEntity.setObjectIdClass(loadOrCreate);
        createDefaultEntity.setSid(loadOrCreate2);
        createDefaultEntity.setObjectIdIdentity(Long.valueOf(Long.parseLong(objectIdentity.getIdentifier().toString())));
        createDefaultEntity.setEntriesInheriting(true);
        this.aclObjectIdentityDao.persist(createDefaultEntity);
        return readAclById(objectIdentity);
    }

    private String getSidName(Sid sid) {
        if (sid instanceof PrincipalSid) {
            return ((PrincipalSid) sid).getPrincipal();
        }
        if (sid instanceof GrantedAuthoritySid) {
            return ((GrantedAuthoritySid) sid).getGrantedAuthority();
        }
        throw new IllegalArgumentException("Unsupported implementation of Sid");
    }

    private boolean isPrincipal(Sid sid) {
        if (sid instanceof PrincipalSid) {
            return true;
        }
        if (sid instanceof GrantedAuthoritySid) {
            return false;
        }
        throw new IllegalArgumentException("Unsupported implementation of Sid");
    }

    protected void createRecords(MutableAcl mutableAcl) {
        int i = 1;
        for (AccessControlEntryImpl accessControlEntryImpl : mutableAcl.getEntries()) {
            AclEntry createDefaultEntity = this.aclEntryDao.createDefaultEntity();
            createDefaultEntity.setObjectIdentity(this.aclObjectIdentityDao.findById(((Long) mutableAcl.getId()).longValue()));
            createDefaultEntity.setAceOrder(i);
            Sid sid = accessControlEntryImpl.getSid();
            createDefaultEntity.setSid(this.aclSecurityIDDao.loadOrCreate(getSidName(sid), isPrincipal(sid)));
            createDefaultEntity.setAuditFailure(accessControlEntryImpl.isAuditFailure());
            createDefaultEntity.setAuditSuccess(accessControlEntryImpl.isAuditSuccess());
            createDefaultEntity.setGranting(accessControlEntryImpl.isGranting());
            createDefaultEntity.setMask(accessControlEntryImpl.getPermission().getMask());
            this.aclEntryDao.persist(createDefaultEntity);
            i++;
        }
    }

    @Transactional
    public void deleteAcl(ObjectIdentity objectIdentity, boolean z) throws ChildrenExistException {
        AclSecuredClassDescription load = this.aclSecuredClassDao.load(objectIdentity.getJavaType());
        AclSecuredObjectIdentity findByObjectId = this.aclObjectIdentityDao.findByObjectId(((Long) load.getId()).longValue(), Long.valueOf(objectIdentity.getIdentifier().toString()).longValue());
        this.aclEntryDao.deleteByIdentityId(((Long) findByObjectId.getId()).longValue());
        this.aclObjectIdentityDao.remove(findByObjectId);
        this.aclCache.evictFromCache(objectIdentity);
    }

    @Transactional
    public MutableAcl updateAcl(MutableAcl mutableAcl) throws NotFoundException {
        this.aclEntryDao.deleteByIdentityId(((Long) getAclSecuredObjectIdentity(mutableAcl.getObjectIdentity()).getId()).longValue());
        this.aclCache.evictFromCache(mutableAcl.getObjectIdentity());
        createRecords(mutableAcl);
        return readAclById(mutableAcl.getObjectIdentity());
    }

    @Transactional
    public AclSecuredObjectIdentity getAclSecuredObjectIdentity(ObjectIdentity objectIdentity) {
        AclSecuredClassDescription loadOrCreate = this.aclSecuredClassDao.loadOrCreate(objectIdentity.getJavaType());
        return this.aclObjectIdentityDao.findByObjectId(((Long) loadOrCreate.getId()).longValue(), Long.valueOf(objectIdentity.getIdentifier().toString()).longValue());
    }

    public void addPermission(ISecuredObject iSecuredObject, Permission permission, Class<?> cls) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        addPermission(iSecuredObject, authentication.getPrincipal() instanceof UserDetails ? new PrincipalSid(((UserDetails) authentication.getPrincipal()).getUsername()) : authentication.getPrincipal() instanceof UserData ? new PrincipalSid(new SpringUserAdapter((UserData) authentication.getPrincipal()).getUsername()) : new PrincipalSid(authentication.getPrincipal().toString()), permission, cls);
    }

    public void addPermission(ISecuredObject iSecuredObject, Sid sid, Permission permission, Class<?> cls) {
        MutableAcl createAcl;
        ObjectIdentityImpl objectIdentityImpl = new ObjectIdentityImpl(cls.getCanonicalName(), iSecuredObject.getId());
        try {
            createAcl = (MutableAcl) readAclById(objectIdentityImpl);
        } catch (NotFoundException e) {
            createAcl = createAcl(objectIdentityImpl);
        }
        createAcl.insertAce(createAcl.getEntries().length, permission, sid, true);
        updateAcl(createAcl);
    }
}
