package net.anotheria.anosite.access;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import net.anotheria.access.AccessService;
import net.anotheria.access.AccessServiceException;
import net.anotheria.access.SOAttribute;
import net.anotheria.access.SecurityObject;
import net.anotheria.access.impl.PermissionCollection;
import net.anotheria.access.impl.PermissionImpl;
import net.anotheria.access.impl.SecurityBox;
import net.anotheria.access.impl.StaticRole;
import net.anotheria.access.storage.persistence.SecurityBoxPersistenceService;
import net.anotheria.anodoc.data.NoSuchDocumentException;
import net.anotheria.anoplass.api.APIException;
import net.anotheria.anoplass.api.APIFinder;
import net.anotheria.anoplass.api.APIInitException;
import net.anotheria.anoplass.api.generic.login.LoginAPI;
import net.anotheria.anoprise.dualcrud.CrudServiceException;
import net.anotheria.anoprise.dualcrud.SaveableID;
import net.anotheria.anoprise.metafactory.MetaFactory;
import net.anotheria.anoprise.metafactory.MetaFactoryException;
import net.anotheria.anosite.access.constraint.ParametrizedConstraint;
import net.anotheria.anosite.access.context.SecurityContextInitializer;
import net.anotheria.anosite.gen.anoaccessapplicationdata.data.UserData;
import net.anotheria.anosite.gen.anoaccessapplicationdata.service.AnoAccessApplicationDataServiceException;
import net.anotheria.anosite.gen.anoaccessapplicationdata.service.IAnoAccessApplicationDataService;
import net.anotheria.anosite.gen.anoaccessconfiguration.data.AccessOperation;
import net.anotheria.anosite.gen.anoaccessconfiguration.data.Constraint;
import net.anotheria.anosite.gen.anoaccessconfiguration.data.ContextInitializer;
import net.anotheria.anosite.gen.anoaccessconfiguration.data.Permission;
import net.anotheria.anosite.gen.anoaccessconfiguration.data.Role;
import net.anotheria.anosite.gen.anoaccessconfiguration.service.AccessOperationNotFoundInAnoAccessConfigurationServiceException;
import net.anotheria.anosite.gen.anoaccessconfiguration.service.AnoAccessConfigurationServiceException;
import net.anotheria.anosite.gen.anoaccessconfiguration.service.IAnoAccessConfigurationService;
import net.anotheria.anosite.gen.ascustomaction.service.ASCustomActionServiceException;
import net.anotheria.anosite.gen.ascustomaction.service.IASCustomActionService;
import net.anotheria.anosite.gen.assitedata.service.ASSiteDataServiceException;
import net.anotheria.anosite.gen.assitedata.service.IASSiteDataService;
import net.anotheria.anosite.gen.asuserdata.data.UserDef;
import net.anotheria.anosite.gen.asuserdata.service.ASUserDataServiceException;
import net.anotheria.anosite.gen.asuserdata.service.IASUserDataService;
import net.anotheria.anosite.gen.aswebdata.service.ASWebDataServiceException;
import net.anotheria.anosite.gen.aswebdata.service.IASWebDataService;
import net.anotheria.anosite.gen.aswizarddata.service.ASWizardDataServiceException;
import net.anotheria.anosite.gen.aswizarddata.service.IASWizardDataService;
import net.anotheria.asg.data.DataObject;
import net.anotheria.asg.util.listener.IServiceListener;
import net.anotheria.util.StringUtils;
import net.anotheria.util.log.LogMessageUtil;
import net.anotheria.util.sorter.SortType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MarkerFactory;

/* loaded from: input_file:net/anotheria/anosite/access/AnoSiteAccessAPIImpl.class */
public class AnoSiteAccessAPIImpl implements AnoSiteAccessAPI {
    private static final Logger LOGGER = LoggerFactory.getLogger(AnoSiteAccessAPIImpl.class);
    private AccessService accessService;
    private IAnoAccessConfigurationService accessConfigurationService;
    private IAnoAccessApplicationDataService accessApplicationDataService;
    private IASWebDataService pagesConfigurationPersistence;
    private IASSiteDataService siteDataService;
    private IASCustomActionService customActionsConfigurationPersistence;
    private IASWizardDataService wizardConfigurationPersistence;
    private IASUserDataService userDataService;
    private SecurityBoxPersistenceService securityBoxPersistenceService;
    private LoginAPI loginAPI;

    /* loaded from: input_file:net/anotheria/anosite/access/AnoSiteAccessAPIImpl$AccessConfigurationChangeListener.class */
    public final class AccessConfigurationChangeListener implements IServiceListener {
        private final Logger LOGGER = LoggerFactory.getLogger(AccessUserDataChangeListener.class);

        public AccessConfigurationChangeListener() {
        }

        public void documentUpdated(DataObject dataObject, DataObject dataObject2) {
            updateConfiguration();
        }

        public void documentDeleted(DataObject dataObject) {
            updateConfiguration();
        }

        public void documentCreated(DataObject dataObject) {
            updateConfiguration();
        }

        public void documentImported(DataObject dataObject) {
            updateConfiguration();
        }

        public void persistenceChanged() {
            updateConfiguration();
        }

        private void updateConfiguration() {
            try {
                this.LOGGER.debug("Access configuration changed. Re-Configuring AccessService...");
                AnoSiteAccessAPIImpl.this.configureAccessService();
                this.LOGGER.debug("Re-Configuration of AccessService finished.");
            } catch (AnoSiteAccessAPIException e) {
                this.LOGGER.warn(LogMessageUtil.failMsg(e, new Object[0]), e);
            }
        }
    }

    /* loaded from: input_file:net/anotheria/anosite/access/AnoSiteAccessAPIImpl$AccessUserDataChangeListener.class */
    public final class AccessUserDataChangeListener implements IServiceListener {
        private final Logger LOGGER = LoggerFactory.getLogger(AccessUserDataChangeListener.class);

        public AccessUserDataChangeListener() {
        }

        public void documentUpdated(DataObject dataObject, DataObject dataObject2) {
            update(dataObject);
            update(dataObject2);
        }

        public void documentDeleted(DataObject dataObject) {
            update(dataObject);
        }

        public void documentCreated(DataObject dataObject) {
            update(dataObject);
        }

        public void documentImported(DataObject dataObject) {
        }

        public void persistenceChanged() {
        }

        private void update(DataObject dataObject) {
            if (dataObject instanceof UserData) {
                UserData userData = (UserData) UserData.class.cast(dataObject);
                this.LOGGER.debug("Access user data changed. Clearing cached user[" + userData.getUserId() + "] data in AccessService...");
                AnoSiteAccessAPIImpl.this.accessService.reset(userData.getUserId());
                this.LOGGER.debug("Clearingfinished.");
            }
        }
    }

    public void init() throws APIInitException {
        try {
            this.accessService = MetaFactory.get(AccessService.class);
            this.accessConfigurationService = MetaFactory.get(IAnoAccessConfigurationService.class);
            this.accessApplicationDataService = MetaFactory.get(IAnoAccessApplicationDataService.class);
            this.pagesConfigurationPersistence = MetaFactory.get(IASWebDataService.class);
            this.siteDataService = MetaFactory.get(IASSiteDataService.class);
            this.customActionsConfigurationPersistence = MetaFactory.get(IASCustomActionService.class);
            this.wizardConfigurationPersistence = MetaFactory.get(IASWizardDataService.class);
            this.userDataService = MetaFactory.get(IASUserDataService.class);
            this.securityBoxPersistenceService = MetaFactory.get(SecurityBoxPersistenceService.class);
            this.loginAPI = APIFinder.findAPI(LoginAPI.class);
            try {
                configureAccessService();
                this.accessConfigurationService.addServiceListener(new AccessConfigurationChangeListener());
                this.accessApplicationDataService.addServiceListener(new AccessUserDataChangeListener());
            } catch (AnoSiteAccessAPIException e) {
                String str = LogMessageUtil.failMsg(e, new Object[0]) + " Can't initialize access service with current configuration.";
                LOGGER.error(MarkerFactory.getMarker("FATAL"), str, e);
                throw new APIInitException(str, e);
            }
        } catch (MetaFactoryException e2) {
            String str2 = LogMessageUtil.failMsg(e2, new Object[0]) + " Can't initialize required services.";
            LOGGER.error(MarkerFactory.getMarker("FATAL"), str2, e2);
            throw new APIInitException(str2, e2);
        }
    }

    public void deInit() {
    }

    @Override // net.anotheria.anosite.access.AnoSiteAccessAPI
    public boolean isAllowedForPage(String str) throws AnoSiteAccessAPIException {
        if (!AnoSiteAccessAPIConfig.getInstance().isEnabled()) {
            return true;
        }
        try {
            return isAllowed(this.pagesConfigurationPersistence.getPagex(str).getAccessOperation());
        } catch (ASWebDataServiceException e) {
            String failMsg = LogMessageUtil.failMsg(e, new Object[]{str});
            LOGGER.error(failMsg, e);
            throw new AnoSiteAccessAPIException(failMsg, e);
        }
    }

    @Override // net.anotheria.anosite.access.AnoSiteAccessAPI
    public boolean isAllowedForBox(String str) throws AnoSiteAccessAPIException {
        if (!AnoSiteAccessAPIConfig.getInstance().isEnabled()) {
            return true;
        }
        try {
            return isAllowed(this.pagesConfigurationPersistence.getBox(str).getAccessOperation());
        } catch (ASWebDataServiceException e) {
            String failMsg = LogMessageUtil.failMsg(e, new Object[]{str});
            LOGGER.error(failMsg, e);
            throw new AnoSiteAccessAPIException(failMsg, e);
        }
    }

    @Override // net.anotheria.anosite.access.AnoSiteAccessAPI
    public boolean isAllowedForNaviItem(String str) throws AnoSiteAccessAPIException {
        if (!AnoSiteAccessAPIConfig.getInstance().isEnabled()) {
            return true;
        }
        try {
            return isAllowed(this.siteDataService.getNaviItem(str).getAccessOperation());
        } catch (ASSiteDataServiceException e) {
            String failMsg = LogMessageUtil.failMsg(e, new Object[]{str});
            LOGGER.error(failMsg, e);
            throw new AnoSiteAccessAPIException(failMsg, e);
        }
    }

    @Override // net.anotheria.anosite.access.AnoSiteAccessAPI
    public boolean isAllowedForAction(String str) throws AnoSiteAccessAPIException {
        if (!AnoSiteAccessAPIConfig.getInstance().isEnabled()) {
            return true;
        }
        try {
            return isAllowed(this.customActionsConfigurationPersistence.getCustomActionDef(str).getAccessOperation());
        } catch (ASCustomActionServiceException e) {
            String failMsg = LogMessageUtil.failMsg(e, new Object[]{str});
            LOGGER.error(failMsg, e);
            throw new AnoSiteAccessAPIException(failMsg, e);
        }
    }

    @Override // net.anotheria.anosite.access.AnoSiteAccessAPI
    public boolean isAllowedForWizard(String str) throws AnoSiteAccessAPIException {
        if (!AnoSiteAccessAPIConfig.getInstance().isEnabled()) {
            return true;
        }
        try {
            return isAllowed(this.wizardConfigurationPersistence.getWizardDef(str).getAccessOperation());
        } catch (ASWizardDataServiceException e) {
            String failMsg = LogMessageUtil.failMsg(e, new Object[]{str});
            LOGGER.error(failMsg, e);
            throw new AnoSiteAccessAPIException(failMsg, e);
        }
    }

    private boolean isAllowed(String str) throws AnoSiteAccessAPIException {
        if (StringUtils.isEmpty(str)) {
            return true;
        }
        try {
            AccessOperation accessOperation = getAccessOperation(str);
            if (accessOperation == null) {
                LOGGER.warn(LogMessageUtil.failMsg(new RuntimeException(), new Object[]{str}) + " AccessOperation not found. Skipping security check.");
                return true;
            }
            if (!isLoggedIn()) {
                return false;
            }
            HashSet<String> hashSet = new HashSet();
            Iterator<Permission> it = getPermissions(str).iterator();
            while (it.hasNext()) {
                Iterator<Constraint> it2 = getConstraint(it.next().getConstraints()).iterator();
                while (it2.hasNext()) {
                    for (ContextInitializer contextInitializer : getContextInitializers(it2.next().getContextInitializers())) {
                        if (contextInitializer != null && !StringUtils.isEmpty(contextInitializer.getClassName())) {
                            hashSet.add(contextInitializer.getClassName());
                        }
                    }
                }
            }
            SecurityObject securityObject = new SecurityObject(getCurrentUserId());
            for (String str2 : hashSet) {
                try {
                    Class<?> cls = Class.forName(str2);
                    if (!SecurityContextInitializer.class.isAssignableFrom(cls)) {
                        String str3 = LogMessageUtil.failMsg(new RuntimeException(), new Object[]{str}) + " Wrong security context class[" + str2 + "] type.";
                        LOGGER.warn(str3);
                        throw new AnoSiteAccessAPIException(str3);
                    }
                    Map<String, String> initialize = ((SecurityContextInitializer) cls.newInstance()).initialize();
                    for (String str4 : initialize.keySet()) {
                        securityObject.addAttribute(new SOAttribute(str4, initialize.get(str4)));
                    }
                } catch (ClassNotFoundException e) {
                    String str5 = LogMessageUtil.failMsg(e, new Object[]{str}) + " Wrong security context class[" + str2 + "].";
                    LOGGER.warn(str5, e);
                    throw new AnoSiteAccessAPIException(str5, e);
                } catch (IllegalAccessException e2) {
                    String str6 = LogMessageUtil.failMsg(e2, new Object[]{str}) + " Can't instantiate security context class[" + str2 + "].";
                    LOGGER.warn(str6, e2);
                    throw new AnoSiteAccessAPIException(str6, e2);
                } catch (InstantiationException e3) {
                    String str7 = LogMessageUtil.failMsg(e3, new Object[]{str}) + " Can't instantiate security context class[" + str2 + "].";
                    LOGGER.warn(str7, e3);
                    throw new AnoSiteAccessAPIException(str7, e3);
                }
            }
            try {
                return this.accessService.isAllowed(accessOperation.getId(), securityObject, (SecurityObject) null).isAllowed();
            } catch (AccessServiceException e4) {
                LOGGER.warn(LogMessageUtil.failMsg(e4, new Object[]{str}) + " Skipping exception and don't allow execution.", e4);
                return false;
            }
        } catch (AccessOperationNotFoundAPIException e5) {
            LOGGER.warn(LogMessageUtil.failMsg(e5, new Object[]{str}) + " AccessOperation not found. Skipping security check.");
            return true;
        }
    }

    private boolean isLoggedIn() {
        return this.loginAPI.isLogedIn();
    }

    private String getCurrentUserId() throws AnoSiteAccessAPIException {
        try {
            return this.loginAPI.getLogedUserId();
        } catch (APIException e) {
            throw new AnoSiteAccessAPIException("No logged user.");
        }
    }

    private AccessOperation getAccessOperation(String str) throws AnoSiteAccessAPIException {
        try {
            return this.accessConfigurationService.getAccessOperation(str);
        } catch (AnoAccessConfigurationServiceException e) {
            throw new AnoSiteAccessAPIException(LogMessageUtil.failMsg(e, new Object[]{str}), e);
        } catch (AccessOperationNotFoundInAnoAccessConfigurationServiceException e2) {
            throw new AccessOperationNotFoundAPIException("Access operation with given id[" + str + "] not found.", e2);
        }
    }

    private List<Role> getRoles() throws AnoSiteAccessAPIException {
        ArrayList arrayList = new ArrayList();
        try {
            List roles = this.accessConfigurationService.getRoles(new SortType(1, true));
            if (roles != null && !roles.isEmpty()) {
                arrayList.addAll(roles);
            }
            return arrayList;
        } catch (AnoAccessConfigurationServiceException e) {
            String str = LogMessageUtil.failMsg(e, new Object[0]) + " Can't load roles.";
            LOGGER.error(str, e);
            throw new AnoSiteAccessAPIException(str, e);
        }
    }

    private List<Permission> getPermissions(String str) throws AnoSiteAccessAPIException {
        ArrayList arrayList = new ArrayList();
        try {
            List permissionsByProperty = this.accessConfigurationService.getPermissionsByProperty("accessOperation", str, new SortType(3, false));
            if (permissionsByProperty != null && !permissionsByProperty.isEmpty()) {
                arrayList.addAll(permissionsByProperty);
            }
            return arrayList;
        } catch (AnoAccessConfigurationServiceException e) {
            String str2 = LogMessageUtil.failMsg(e, new Object[]{str}) + " Can't load permissions.";
            LOGGER.error(str2, e);
            throw new AnoSiteAccessAPIException(str2, e);
        }
    }

    private List<Permission> getPermissions(List<String> list) throws AnoSiteAccessAPIException {
        ArrayList arrayList = new ArrayList();
        if (list == null || list.isEmpty()) {
            return arrayList;
        }
        try {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(this.accessConfigurationService.getPermission(it.next()));
            }
            return arrayList;
        } catch (AnoAccessConfigurationServiceException e) {
            String str = LogMessageUtil.failMsg(e, new Object[]{list}) + " Can't load permissions.";
            LOGGER.error(str, e);
            throw new AnoSiteAccessAPIException(str, e);
        }
    }

    private List<Constraint> getConstraint(List<String> list) throws AnoSiteAccessAPIException {
        ArrayList arrayList = new ArrayList();
        if (list == null || list.isEmpty()) {
            return arrayList;
        }
        try {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(this.accessConfigurationService.getConstraint(it.next()));
            }
            return arrayList;
        } catch (AnoAccessConfigurationServiceException e) {
            String str = LogMessageUtil.failMsg(e, new Object[]{list}) + " Can't load constraints.";
            LOGGER.error(str, e);
            throw new AnoSiteAccessAPIException(str, e);
        }
    }

    private List<ContextInitializer> getContextInitializers(List<String> list) throws AnoSiteAccessAPIException {
        ArrayList arrayList = new ArrayList();
        if (list == null || list.isEmpty()) {
            return arrayList;
        }
        try {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(this.accessConfigurationService.getContextInitializer(it.next()));
            }
            return arrayList;
        } catch (AnoAccessConfigurationServiceException e) {
            String str = LogMessageUtil.failMsg(e, new Object[]{list}) + " Can't load context initializers.";
            LOGGER.error(str, e);
            throw new AnoSiteAccessAPIException(str, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void configureAccessService() throws AnoSiteAccessAPIException {
        this.accessService.reset();
        for (Role role : getRoles()) {
            StaticRole staticRole = new StaticRole(role.getId());
            PermissionCollection permissionCollection = new PermissionCollection(staticRole.getName());
            for (Permission permission : getPermissions(role.getPermissions())) {
                PermissionImpl permissionImpl = new PermissionImpl();
                permissionImpl.setName(permission.getId());
                permissionImpl.setAction(permission.getAccessOperation());
                permissionImpl.setAllow(!permission.getDeny());
                for (Constraint constraint : getConstraint(permission.getConstraints())) {
                    if (!StringUtils.isEmpty(constraint.getClassName())) {
                        String className = constraint.getClassName();
                        try {
                            Class<?> cls = Class.forName(className);
                            if (!net.anotheria.access.impl.Constraint.class.isAssignableFrom(cls)) {
                                String str = LogMessageUtil.failMsg(new RuntimeException(), new Object[0]) + " Wrong constraint class[" + className + "] type.";
                                LOGGER.warn(str);
                                throw new AnoSiteAccessAPIException(str);
                            }
                            net.anotheria.access.impl.Constraint constraint2 = (net.anotheria.access.impl.Constraint) cls.newInstance();
                            if (constraint2 instanceof ParametrizedConstraint) {
                                ParametrizedConstraint parametrizedConstraint = (ParametrizedConstraint) ParametrizedConstraint.class.cast(constraint2);
                                parametrizedConstraint.setParameter1(constraint.getParameter1());
                                parametrizedConstraint.setParameter2(constraint.getParameter2());
                                parametrizedConstraint.setParameter3(constraint.getParameter3());
                                parametrizedConstraint.setParameter4(constraint.getParameter4());
                                parametrizedConstraint.setParameter5(constraint.getParameter5());
                            }
                            permissionImpl.addConstraint(constraint2, new net.anotheria.access.impl.Constraint[0]);
                        } catch (ClassNotFoundException e) {
                            String str2 = LogMessageUtil.failMsg(e, new Object[0]) + " Wrong constraint class[" + className + "].";
                            LOGGER.warn(str2, e);
                            throw new AnoSiteAccessAPIException(str2, e);
                        } catch (IllegalAccessException e2) {
                            String str3 = LogMessageUtil.failMsg(e2, new Object[0]) + " Can't instantiate constraint class[" + className + "].";
                            LOGGER.warn(str3, e2);
                            throw new AnoSiteAccessAPIException(str3, e2);
                        } catch (InstantiationException e3) {
                            String str4 = LogMessageUtil.failMsg(e3, new Object[0]) + " Can't instantiate constraint class[" + className + "].";
                            LOGGER.warn(str4, e3);
                            throw new AnoSiteAccessAPIException(str4, e3);
                        }
                    }
                }
                permissionCollection.add(permissionImpl, new net.anotheria.access.Permission[0]);
            }
            this.accessService.addPermissionCollection(permissionCollection);
            staticRole.setPermissionSetId(permissionCollection.getId());
            this.accessService.addRole(staticRole);
        }
        createSecureBoxes();
    }

    private void createSecureBoxes() {
        SecurityBox securityBox = null;
        try {
            for (UserData userData : this.accessApplicationDataService.getUserDatas()) {
                try {
                    UserDef userDef = this.userDataService.getUserDef(userData.getUserId());
                    try {
                        SaveableID saveableID = new SaveableID();
                        saveableID.setSaveableId(userDef.getLogin());
                        saveableID.setOwnerId(userDef.getLogin());
                        securityBox = (SecurityBox) this.securityBoxPersistenceService.read(saveableID);
                    } catch (CrudServiceException e) {
                        LOGGER.warn("SecurityBox with id=" + userDef.getLogin() + " not found. Creating new one");
                    }
                    if (securityBox == null) {
                        securityBox = new SecurityBox(userDef.getLogin());
                    }
                    for (String str : userData.getRoles()) {
                        if (!securityBox.hasRole(str)) {
                            net.anotheria.access.Role role = this.accessService.getRole(str);
                            try {
                                this.accessService.grantRole(new SecurityObject(userDef.getLogin()), role.getName());
                            } catch (AccessServiceException e2) {
                                LOGGER.error("Error occurred while granting role " + role.getName() + " to " + userDef.getLogin(), e2);
                                throw new RuntimeException();
                            }
                        }
                    }
                } catch (ASUserDataServiceException e3) {
                    LOGGER.error("Error occurred while getting UserDef by id", e3);
                    throw new RuntimeException("Error occurred while getting UserDef by id");
                } catch (NoSuchDocumentException e4) {
                    LOGGER.warn("Couldn't get user by id " + userData.getUserId() + ", {" + userData + "}", e4);
                }
            }
        } catch (AnoAccessApplicationDataServiceException e5) {
            LOGGER.error("Error occurred while getting UserDef by id", e5);
            throw new RuntimeException("Error occurred while getting UserDef by id");
        }
    }
}
