package sk.seges.acris.security.server.spring.acl.service;

import java.util.Iterator;
import java.util.List;
import org.springframework.security.acls.domain.AccessControlEntryImpl;
import org.springframework.security.acls.domain.GrantedAuthoritySid;
import org.springframework.security.acls.domain.ObjectIdentityImpl;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.model.AclCache;
import org.springframework.security.acls.model.AlreadyExistsException;
import org.springframework.security.acls.model.ChildrenExistException;
import org.springframework.security.acls.model.MutableAcl;
import org.springframework.security.acls.model.MutableAclService;
import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.transaction.annotation.Transactional;
import sk.seges.acris.security.acl.server.model.data.AclEntryData;
import sk.seges.acris.security.acl.server.model.data.AclSecuredClassDescriptionData;
import sk.seges.acris.security.acl.server.model.data.AclSecuredObjectIdentityData;
import sk.seges.acris.security.acl.server.model.data.AclSidData;
import sk.seges.acris.security.server.spring.user_management.domain.SpringUserAdapter;
import sk.seges.corpis.server.domain.user.server.model.data.UserData;
import sk.seges.sesam.security.shared.domain.ISecuredObject;

/* loaded from: input_file:sk/seges/acris/security/server/spring/acl/service/SpringMutableAclService.class */
public class SpringMutableAclService extends SpringAclService implements MutableAclService {
    public SpringMutableAclService(AclCache aclCache) {
        super(aclCache);
    }

    @Transactional
    public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
        AclSecuredObjectIdentityData aclSecuredObjectIdentity = getAclSecuredObjectIdentity(objectIdentity);
        if (aclSecuredObjectIdentity != null) {
            throw new AlreadyExistsException("Object identity '" + aclSecuredObjectIdentity + "' already exists");
        }
        AclSecuredClassDescriptionData loadOrCreate = this.aclSecuredClassDao.loadOrCreate(objectIdentity.getType());
        PrincipalSid principalSid = new PrincipalSid(SecurityContextHolder.getContext().getAuthentication());
        AclSidData loadOrCreate2 = this.aclSecurityIDDao.loadOrCreate(getSidName(principalSid), isPrincipal(principalSid));
        AclSecuredObjectIdentityData createDefaultEntity = this.aclObjectIdentityDao.createDefaultEntity();
        createDefaultEntity.setObjectIdClass(loadOrCreate);
        createDefaultEntity.setSid(loadOrCreate2);
        createDefaultEntity.setObjectIdIdentity(Long.valueOf(Long.parseLong(objectIdentity.getIdentifier().toString())));
        createDefaultEntity.setEntriesInheriting(true);
        this.aclObjectIdentityDao.persist(createDefaultEntity);
        return readAclById(objectIdentity);
    }

    private String getSidName(Sid sid) {
        if (sid instanceof PrincipalSid) {
            return ((PrincipalSid) sid).getPrincipal();
        }
        if (sid instanceof GrantedAuthoritySid) {
            return ((GrantedAuthoritySid) sid).getGrantedAuthority();
        }
        throw new IllegalArgumentException("Unsupported implementation of Sid");
    }

    private boolean isPrincipal(Sid sid) {
        if (sid instanceof PrincipalSid) {
            return true;
        }
        if (sid instanceof GrantedAuthoritySid) {
            return false;
        }
        throw new IllegalArgumentException("Unsupported implementation of Sid");
    }

    protected void createRecords(MutableAcl mutableAcl) {
        int i = 1;
        for (AccessControlEntryImpl accessControlEntryImpl : mutableAcl.getEntries()) {
            AclEntryData createDefaultEntity = this.aclEntryDao.createDefaultEntity();
            createDefaultEntity.setObjectIdentity(this.aclObjectIdentityDao.findById(((Long) mutableAcl.getId()).longValue()));
            createDefaultEntity.setAceOrder(i);
            Sid sid = accessControlEntryImpl.getSid();
            createDefaultEntity.setSid(this.aclSecurityIDDao.loadOrCreate(getSidName(sid), isPrincipal(sid)));
            createDefaultEntity.setAuditFailure(accessControlEntryImpl.isAuditFailure());
            createDefaultEntity.setAuditSuccess(accessControlEntryImpl.isAuditSuccess());
            createDefaultEntity.setGranting(accessControlEntryImpl.isGranting());
            createDefaultEntity.setMask(accessControlEntryImpl.getPermission().getMask());
            this.aclEntryDao.persist(createDefaultEntity);
            i++;
        }
    }

    @Transactional
    public void deleteAcl(ObjectIdentity objectIdentity, boolean z) throws ChildrenExistException {
        AclSecuredClassDescriptionData load = this.aclSecuredClassDao.load(objectIdentity.getType());
        if (load == null) {
            return;
        }
        AclSecuredObjectIdentityData findByObjectId = this.aclObjectIdentityDao.findByObjectId(((Long) load.getId()).longValue(), Long.valueOf(objectIdentity.getIdentifier().toString()).longValue());
        if (findByObjectId != null) {
            removeAcl(findByObjectId);
            this.aclCache.evictFromCache(objectIdentity);
        }
    }

    private void removeAcl(AclSecuredObjectIdentityData aclSecuredObjectIdentityData) {
        List findByParent = this.aclObjectIdentityDao.findByParent(aclSecuredObjectIdentityData);
        if (findByParent != null && !findByParent.isEmpty()) {
            Iterator it = findByParent.iterator();
            while (it.hasNext()) {
                removeAcl((AclSecuredObjectIdentityData) it.next());
            }
        }
        this.aclEntryDao.deleteByIdentityId(((Long) aclSecuredObjectIdentityData.getId()).longValue());
        this.aclObjectIdentityDao.remove(aclSecuredObjectIdentityData);
    }

    @Transactional
    public MutableAcl updateAcl(MutableAcl mutableAcl) throws NotFoundException {
        this.aclEntryDao.deleteByIdentityId(((Long) updateAclObjectIdentity(mutableAcl).getId()).longValue());
        this.aclCache.evictFromCache(mutableAcl.getObjectIdentity());
        createRecords(mutableAcl);
        return readAclById(mutableAcl.getObjectIdentity());
    }

    private AclSecuredObjectIdentityData updateAclObjectIdentity(MutableAcl mutableAcl) {
        AclSecuredObjectIdentityData aclSecuredObjectIdentity = getAclSecuredObjectIdentity(mutableAcl.getObjectIdentity());
        if (mutableAcl.getParentAcl() != null) {
            aclSecuredObjectIdentity.setParentObject(getAclSecuredObjectIdentity(mutableAcl.getParentAcl().getObjectIdentity()));
        } else if (aclSecuredObjectIdentity.getParentObject() != null) {
            aclSecuredObjectIdentity.setParentObject((AclSecuredObjectIdentityData) null);
        }
        this.aclObjectIdentityDao.merge(aclSecuredObjectIdentity);
        return aclSecuredObjectIdentity;
    }

    @Transactional
    public AclSecuredObjectIdentityData getAclSecuredObjectIdentity(ObjectIdentity objectIdentity) {
        AclSecuredClassDescriptionData loadOrCreate = this.aclSecuredClassDao.loadOrCreate(objectIdentity.getType());
        return this.aclObjectIdentityDao.findByObjectId(((Long) loadOrCreate.getId()).longValue(), Long.valueOf(objectIdentity.getIdentifier().toString()).longValue());
    }

    public void addPermission(ISecuredObject<?> iSecuredObject, Permission permission, Class<?> cls) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        addPermission(iSecuredObject, authentication.getPrincipal() instanceof UserDetails ? new PrincipalSid(((UserDetails) authentication.getPrincipal()).getUsername()) : authentication.getPrincipal() instanceof UserData ? new PrincipalSid(new SpringUserAdapter((UserData) authentication.getPrincipal()).getUsername()) : new PrincipalSid(authentication.getPrincipal().toString()), permission, cls);
    }

    public void addPermission(ISecuredObject<?> iSecuredObject, Sid sid, Permission permission, Class<?> cls) {
        MutableAcl createAcl;
        ObjectIdentityImpl objectIdentityImpl = new ObjectIdentityImpl(cls.getCanonicalName(), iSecuredObject.getIdForACL());
        try {
            createAcl = (MutableAcl) readAclById(objectIdentityImpl);
        } catch (NotFoundException e) {
            createAcl = createAcl(objectIdentityImpl);
        }
        createAcl.insertAce(createAcl.getEntries().size(), permission, sid, true);
        updateAcl(createAcl);
    }
}
