package com.jts.fortress.rbac;

import com.jts.fortress.CreateException;
import com.jts.fortress.FinderException;
import com.jts.fortress.GlobalErrIds;
import com.jts.fortress.GlobalIds;
import com.jts.fortress.ObjectFactory;
import com.jts.fortress.RemoveException;
import com.jts.fortress.UpdateException;
import com.jts.fortress.ldap.DataProvider;
import com.jts.fortress.ldap.PoolMgr;
import com.jts.fortress.util.attr.AttrHelper;
import com.jts.fortress.util.attr.VUtil;
import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPAttribute;
import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPAttributeSet;
import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPConnection;
import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry;
import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPException;
import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPModificationSet;
import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPSearchResults;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/jts/fortress/rbac/PermDAO.class */
final class PermDAO extends DataProvider {
    private static final String CLS_NM = PermDAO.class.getName();
    private static final Logger log = Logger.getLogger(CLS_NM);
    private static final String PERM_OBJ_OBJECT_CLASS_NAME = "ftObject";
    private static final String[] PERM_OBJ_OBJ_CLASS = {GlobalIds.TOP, "organizationalunit", PERM_OBJ_OBJECT_CLASS_NAME, GlobalIds.PROPS_AUX_OBJECT_CLASS_NAME, GlobalIds.FT_MODIFIER_AUX_OBJECT_CLASS_NAME};
    private static final String PERM_OP_OBJECT_CLASS_NAME = "ftOperation";
    private static final String[] PERM_OP_OBJ_CLASS = {GlobalIds.TOP, "organizationalrole", PERM_OP_OBJECT_CLASS_NAME, GlobalIds.PROPS_AUX_OBJECT_CLASS_NAME, GlobalIds.FT_MODIFIER_AUX_OBJECT_CLASS_NAME};
    private static final String PERM_NAME = "ftPermName";
    private static final String POBJ_ID = "ftObjId";
    private static final String TYPE = "ftType";
    private static final String ROLES = "ftRoles";
    private static final String USERS = "ftUsers";
    private static final String[] PERMISSION_OP_ATRS = {GlobalIds.FT_IID, PERM_NAME, GlobalIds.POBJ_NAME, GlobalIds.POP_NAME, GlobalIds.DESC, GlobalIds.OU, POBJ_ID, TYPE, ROLES, USERS, GlobalIds.PROPS};
    private static final String[] PERMISION_OBJ_ATRS = {GlobalIds.FT_IID, GlobalIds.POBJ_NAME, GlobalIds.DESC, GlobalIds.OU, TYPE, GlobalIds.PROPS};

    /* JADX INFO: Access modifiers changed from: package-private */
    public final PermObj createObject(PermObj permObj) throws CreateException {
        LDAPConnection lDAPConnection = null;
        String dn = getDn(permObj, permObj.getContextId());
        try {
            try {
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
                lDAPAttributeSet.add(createAttributes(GlobalIds.OBJECT_CLASS, PERM_OBJ_OBJ_CLASS));
                lDAPAttributeSet.add(createAttribute(GlobalIds.POBJ_NAME, permObj.getObjectName()));
                permObj.setInternalId();
                lDAPAttributeSet.add(createAttribute(GlobalIds.FT_IID, permObj.getInternalId()));
                lDAPAttributeSet.add(createAttribute(GlobalIds.OU, permObj.getOu()));
                if (VUtil.isNotNullOrEmpty(permObj.getDescription())) {
                    lDAPAttributeSet.add(createAttribute(GlobalIds.DESC, permObj.getDescription()));
                }
                if (VUtil.isNotNullOrEmpty(permObj.getType())) {
                    lDAPAttributeSet.add(createAttribute(TYPE, permObj.getType()));
                }
                if (VUtil.isNotNullOrEmpty(permObj.getProperties())) {
                    loadProperties(permObj.getProperties(), lDAPAttributeSet, GlobalIds.PROPS);
                }
                add(lDAPConnection, new LDAPEntry(dn, lDAPAttributeSet), permObj);
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
                return permObj;
            } catch (LDAPException e) {
                throw new CreateException(GlobalErrIds.PERM_ADD_FAILED, CLS_NM + ".createObject perm obj [" + permObj.getObjectName() + "] caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final PermObj updateObj(PermObj permObj) throws UpdateException {
        LDAPConnection lDAPConnection = null;
        String dn = getDn(permObj, permObj.getContextId());
        try {
            try {
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                LDAPModificationSet lDAPModificationSet = new LDAPModificationSet();
                if (VUtil.isNotNullOrEmpty(permObj.getOu())) {
                    lDAPModificationSet.add(2, new LDAPAttribute(GlobalIds.OU, permObj.getOu()));
                }
                if (VUtil.isNotNullOrEmpty(permObj.getDescription())) {
                    lDAPModificationSet.add(2, new LDAPAttribute(GlobalIds.DESC, permObj.getDescription()));
                }
                if (VUtil.isNotNullOrEmpty(permObj.getType())) {
                    lDAPModificationSet.add(2, new LDAPAttribute(TYPE, permObj.getType()));
                }
                if (VUtil.isNotNullOrEmpty(permObj.getProperties())) {
                    loadProperties(permObj.getProperties(), lDAPModificationSet, GlobalIds.PROPS, true);
                }
                if (lDAPModificationSet.size() > 0) {
                    modify(lDAPConnection, dn, lDAPModificationSet, permObj);
                }
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
                return permObj;
            } catch (LDAPException e) {
                throw new UpdateException(GlobalErrIds.PERM_UPDATE_FAILED, CLS_NM + ".updateObj objectName [" + permObj.getObjectName() + "] caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void deleteObj(PermObj permObj) throws RemoveException {
        LDAPConnection lDAPConnection = null;
        String dn = getDn(permObj, permObj.getContextId());
        try {
            try {
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                deleteRecursive(lDAPConnection, dn, permObj);
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            } catch (LDAPException e) {
                throw new RemoveException(GlobalErrIds.PERM_DELETE_FAILED, CLS_NM + ".deleteObj objectName [" + permObj.getObjectName() + "] caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Permission createOperation(Permission permission) throws CreateException {
        LDAPConnection lDAPConnection = null;
        String dn = getDn(permission, permission.getContextId());
        try {
            try {
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
                lDAPAttributeSet.add(createAttributes(GlobalIds.OBJECT_CLASS, PERM_OP_OBJ_CLASS));
                lDAPAttributeSet.add(createAttribute(GlobalIds.POP_NAME, permission.getOpName()));
                lDAPAttributeSet.add(createAttribute(GlobalIds.POBJ_NAME, permission.getObjectName()));
                permission.setAbstractName(permission.getObjectName() + "." + permission.getOpName());
                permission.setInternalId();
                lDAPAttributeSet.add(createAttribute(GlobalIds.FT_IID, permission.getInternalId()));
                lDAPAttributeSet.add(createAttribute(PERM_NAME, permission.getAbstractName()));
                lDAPAttributeSet.add(createAttribute("cn", permission.getAbstractName()));
                if (VUtil.isNotNullOrEmpty(permission.getObjectId())) {
                    lDAPAttributeSet.add(createAttribute(POBJ_ID, permission.getObjectId()));
                }
                if (VUtil.isNotNullOrEmpty(permission.getType())) {
                    lDAPAttributeSet.add(createAttribute(TYPE, permission.getType()));
                }
                loadAttrs(permission.getRoles(), lDAPAttributeSet, ROLES);
                loadAttrs(permission.getUsers(), lDAPAttributeSet, USERS);
                if (VUtil.isNotNullOrEmpty(permission.getProperties())) {
                    loadProperties(permission.getProperties(), lDAPAttributeSet, GlobalIds.PROPS);
                }
                add(lDAPConnection, new LDAPEntry(dn, lDAPAttributeSet), permission);
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
                return permission;
            } catch (LDAPException e) {
                throw new CreateException(GlobalErrIds.PERM_ADD_FAILED, CLS_NM + ".createOperation objectName [" + permission.getObjectName() + "] opName [" + permission.getOpName() + "] caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Permission updateOperation(Permission permission) throws UpdateException {
        LDAPConnection lDAPConnection = null;
        String dn = getDn(permission, permission.getContextId());
        try {
            try {
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                LDAPModificationSet lDAPModificationSet = new LDAPModificationSet();
                if (VUtil.isNotNullOrEmpty(permission.getAbstractName())) {
                    lDAPModificationSet.add(2, new LDAPAttribute(PERM_NAME, permission.getAbstractName()));
                }
                if (VUtil.isNotNullOrEmpty(permission.getType())) {
                    lDAPModificationSet.add(2, new LDAPAttribute(TYPE, permission.getType()));
                }
                loadAttrs(permission.getRoles(), lDAPModificationSet, ROLES);
                loadAttrs(permission.getUsers(), lDAPModificationSet, USERS);
                loadProperties(permission.getProperties(), lDAPModificationSet, GlobalIds.PROPS, true);
                if (lDAPModificationSet.size() > 0) {
                    modify(lDAPConnection, dn, lDAPModificationSet, permission);
                }
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
                return permission;
            } catch (LDAPException e) {
                throw new UpdateException(GlobalErrIds.PERM_UPDATE_FAILED, CLS_NM + ".updateOperation objectName [" + permission.getObjectName() + "] opName [" + permission.getOpName() + "] caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void deleteOperation(Permission permission) throws RemoveException {
        LDAPConnection lDAPConnection = null;
        String str = getOpRdn(permission.getOpName(), permission.getObjectId()) + GlobalIds.COMMA + GlobalIds.POBJ_NAME + "=" + permission.getObjectName() + GlobalIds.COMMA + getRootDn(permission.isAdmin(), permission.getContextId());
        try {
            try {
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                deleteRecursive(lDAPConnection, str, permission);
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            } catch (LDAPException e) {
                throw new RemoveException(GlobalErrIds.PERM_DELETE_FAILED, CLS_NM + ".deleteOperation objectName [" + permission.getObjectName() + "] opName [" + permission.getOpName() + "] caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void grant(Permission permission, Role role) throws UpdateException {
        LDAPConnection lDAPConnection = null;
        String dn = getDn(permission, permission.getContextId());
        try {
            try {
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                LDAPModificationSet lDAPModificationSet = new LDAPModificationSet();
                lDAPModificationSet.add(0, new LDAPAttribute(ROLES, role.getName()));
                modify(lDAPConnection, dn, lDAPModificationSet, permission);
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            } catch (LDAPException e) {
                if (e.getLDAPResultCode() == 20) {
                    throw new UpdateException(GlobalErrIds.PERM_ROLE_EXIST, CLS_NM + ".grant perm object [" + permission.getObjectName() + "] operation [" + permission.getOpName() + "] role [" + role.getName() + "] assignment already exists, Fortress errCode=" + GlobalErrIds.PERM_ROLE_EXIST);
                }
                if (e.getLDAPResultCode() != 32) {
                    throw new UpdateException(GlobalErrIds.PERM_GRANT_FAILED, CLS_NM + ".grant perm object [" + permission.getObjectName() + "] operation [" + permission.getOpName() + "] name [" + role.getName() + "]  caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
                }
                throw new UpdateException(GlobalErrIds.PERM_OP_NOT_FOUND, CLS_NM + ".grant perm object [" + permission.getObjectName() + "] operation [" + permission.getOpName() + "] role [" + role.getName() + "] perm not found, Fortress errCode=" + GlobalErrIds.PERM_OP_NOT_FOUND);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void revoke(Permission permission, Role role) throws UpdateException, FinderException {
        LDAPConnection lDAPConnection = null;
        String dn = getDn(permission, permission.getContextId());
        try {
            try {
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                LDAPModificationSet lDAPModificationSet = new LDAPModificationSet();
                lDAPModificationSet.add(1, new LDAPAttribute(ROLES, role.getName()));
                modify(lDAPConnection, dn, lDAPModificationSet, permission);
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            } catch (LDAPException e) {
                if (e.getLDAPResultCode() != 16) {
                    throw new UpdateException(3024, CLS_NM + ".revoke perm object [" + permission.getObjectName() + "] operation [" + permission.getOpName() + "] name [" + role.getName() + "] caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
                }
                throw new FinderException(GlobalErrIds.PERM_ROLE_NOT_EXIST, CLS_NM + ".revoke perm object [" + permission.getObjectName() + "] operation [" + permission.getOpName() + "] name [" + role.getName() + "] assignment does not exist.");
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void grant(Permission permission, User user) throws UpdateException {
        LDAPConnection lDAPConnection = null;
        String dn = getDn(permission, permission.getContextId());
        try {
            try {
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                LDAPModificationSet lDAPModificationSet = new LDAPModificationSet();
                lDAPModificationSet.add(0, new LDAPAttribute(USERS, user.getUserId()));
                modify(lDAPConnection, dn, lDAPModificationSet, permission);
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            } catch (LDAPException e) {
                if (e.getLDAPResultCode() == 20) {
                    throw new UpdateException(GlobalErrIds.PERM_USER_EXIST, CLS_NM + ".grant perm object [" + permission.getObjectName() + "] operation [" + permission.getOpName() + "] userId [" + user.getUserId() + "] assignment already exists, Fortress errCode=" + GlobalErrIds.PERM_USER_EXIST);
                }
                if (e.getLDAPResultCode() != 32) {
                    throw new UpdateException(GlobalErrIds.PERM_GRANT_USER_FAILED, CLS_NM + ".grant perm object [" + permission.getObjectName() + "] operation [" + permission.getOpName() + "] userId [" + user.getUserId() + "] caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
                }
                throw new UpdateException(GlobalErrIds.PERM_OP_NOT_FOUND, CLS_NM + ".grant perm object [" + permission.getObjectName() + "] operation [" + permission.getOpName() + "] userId [" + user.getUserId() + "] perm not found, Fortress errCode=" + GlobalErrIds.PERM_OP_NOT_FOUND);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void revoke(Permission permission, User user) throws UpdateException, FinderException {
        LDAPConnection lDAPConnection = null;
        String dn = getDn(permission, permission.getContextId());
        try {
            try {
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                LDAPModificationSet lDAPModificationSet = new LDAPModificationSet();
                lDAPModificationSet.add(1, new LDAPAttribute(USERS, user.getUserId()));
                modify(lDAPConnection, dn, lDAPModificationSet, permission);
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            } catch (LDAPException e) {
                if (e.getLDAPResultCode() != 16) {
                    throw new UpdateException(3024, CLS_NM + ".revoke perm object [" + permission.getObjectName() + "] operation [" + permission.getOpName() + "] userId [" + user.getUserId() + "] caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
                }
                throw new FinderException(GlobalErrIds.PERM_USER_NOT_EXIST, CLS_NM + ".revoke perm object [" + permission.getObjectName() + "] operation [" + permission.getOpName() + "] userId [" + user.getUserId() + "] assignment does not exist.");
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Permission getPerm(Permission permission) throws FinderException {
        LDAPConnection lDAPConnection = null;
        String str = getOpRdn(permission.getOpName(), permission.getObjectId()) + GlobalIds.COMMA + GlobalIds.POBJ_NAME + "=" + permission.getObjectName() + GlobalIds.COMMA + getRootDn(permission.isAdmin(), permission.getContextId());
        try {
            try {
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                Permission unloadPopLdapEntry = unloadPopLdapEntry(read(lDAPConnection, str, PERMISSION_OP_ATRS), 0L);
                if (unloadPopLdapEntry == null) {
                    throw new FinderException(GlobalErrIds.PERM_OP_NOT_FOUND, CLS_NM + ".getPerm no entry found dn [" + str + "]");
                }
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
                return unloadPopLdapEntry;
            } catch (LDAPException e) {
                if (e.getLDAPResultCode() == 32) {
                    throw new FinderException(GlobalErrIds.PERM_OP_NOT_FOUND, CLS_NM + ".getPerm Op COULD NOT FIND ENTRY for dn [" + str + "]");
                }
                throw new FinderException(GlobalErrIds.PERM_READ_OP_FAILED, CLS_NM + ".getUser [" + str + "] caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final PermObj getPerm(PermObj permObj) throws FinderException {
        LDAPConnection lDAPConnection = null;
        String str = "ftObjNm=" + permObj.getObjectName() + GlobalIds.COMMA + getRootDn(permObj.isAdmin(), permObj.getContextId());
        try {
            try {
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                PermObj unloadPobjLdapEntry = unloadPobjLdapEntry(read(lDAPConnection, str, PERMISION_OBJ_ATRS), 0L);
                if (unloadPobjLdapEntry == null) {
                    throw new FinderException(GlobalErrIds.PERM_OBJ_NOT_FOUND, CLS_NM + ".getPerm Obj no entry found dn [" + str + "]");
                }
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
                return unloadPobjLdapEntry;
            } catch (LDAPException e) {
                if (e.getLDAPResultCode() == 32) {
                    throw new FinderException(GlobalErrIds.PERM_OBJ_NOT_FOUND, CLS_NM + ".getPerm Obj COULD NOT FIND ENTRY for dn [" + str + "]");
                }
                throw new FinderException(GlobalErrIds.PERM_READ_OBJ_FAILED, CLS_NM + ".getPerm Obj dn [" + str + "] caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean checkPermission(Session session, Permission permission) throws FinderException {
        boolean z = false;
        LDAPConnection lDAPConnection = null;
        String str = getOpRdn(permission.getOpName(), permission.getObjectId()) + GlobalIds.COMMA + GlobalIds.POBJ_NAME + "=" + permission.getObjectName() + GlobalIds.COMMA + getRootDn(permission.isAdmin(), permission.getContextId());
        try {
            try {
                try {
                    lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.USER);
                    Permission unloadPopLdapEntry = unloadPopLdapEntry(read(lDAPConnection, str, PERMISSION_OP_ATRS, session.getUser().getDn()), 0L);
                    unloadPopLdapEntry.setAdmin(permission.isAdmin());
                    unloadPopLdapEntry.setContextId(permission.getContextId());
                    z = isAuthorized(session, unloadPopLdapEntry);
                    addAuthZAudit(lDAPConnection, str, session.getUser().getDn(), z ? unloadPopLdapEntry.getOpName() : "AuthZ Failed");
                    PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.USER);
                } catch (LDAPException e) {
                    if (e.getLDAPResultCode() != 94 && e.getLDAPResultCode() != 32) {
                        throw new FinderException(GlobalErrIds.PERM_READ_OP_FAILED, CLS_NM + ".checkPermission caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
                    }
                    addAuthZAudit(lDAPConnection, str, session.getUser().getDn(), "AuthZ Invalid");
                    PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.USER);
                }
                return z;
            } catch (UnsupportedEncodingException e2) {
                throw new FinderException(GlobalErrIds.PERM_READ_OP_FAILED, CLS_NM + ".checkPermission caught UnsupportedEncodingException=" + e2.getMessage(), e2);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.USER);
            throw th;
        }
    }

    private void addAuthZAudit(LDAPConnection lDAPConnection, String str, String str2, String str3) throws FinderException {
        if (GlobalIds.IS_AUDIT) {
            try {
                compareNode(lDAPConnection, str, str2, createAttribute(GlobalIds.POP_NAME, str3));
            } catch (LDAPException e) {
                if (e.getLDAPResultCode() != 94 && e.getLDAPResultCode() != 32) {
                    throw new FinderException(GlobalErrIds.PERM_COMPARE_OP_FAILED, CLS_NM + ".addAuthZAudit caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
                }
            } catch (UnsupportedEncodingException e2) {
                throw new FinderException(GlobalErrIds.PERM_COMPARE_OP_FAILED, CLS_NM + ".addAuthZAudit caught UnsupportedEncodingException=" + e2.getMessage(), e2);
            }
        }
    }

    private boolean isAuthorized(Session session, Permission permission) {
        boolean z = false;
        Set<String> users = permission.getUsers();
        if (VUtil.isNotNullOrEmpty(users) && users.contains(session.getUserId())) {
            return true;
        }
        Set<String> roles = permission.getRoles();
        if (VUtil.isNotNullOrEmpty(roles)) {
            if (permission.isAdmin()) {
                Set<String> inheritedRoles = AdminRoleUtil.getInheritedRoles(session.getAdminRoles(), permission.getContextId());
                Iterator<String> it = roles.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (inheritedRoles.contains(it.next())) {
                        z = true;
                        break;
                    }
                }
            } else {
                Set<String> inheritedRoles2 = RoleUtil.getInheritedRoles(session.getRoles(), permission.getContextId());
                Iterator<String> it2 = roles.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    if (inheritedRoles2.contains(it2.next())) {
                        z = true;
                        break;
                    }
                }
            }
        }
        return z;
    }

    private Permission unloadPopLdapEntry(LDAPEntry lDAPEntry, long j) throws LDAPException {
        Permission createPermission = new ObjectFactory().createPermission();
        createPermission.setSequenceId(j);
        createPermission.setAbstractName(getAttribute(lDAPEntry, PERM_NAME));
        createPermission.setObjectName(getAttribute(lDAPEntry, GlobalIds.POBJ_NAME));
        createPermission.setObjectId(getAttribute(lDAPEntry, POBJ_ID));
        createPermission.setOpName(getAttribute(lDAPEntry, GlobalIds.POP_NAME));
        createPermission.setInternalId(getAttribute(lDAPEntry, GlobalIds.FT_IID));
        createPermission.setRoles(getAttributeSet(lDAPEntry, ROLES));
        createPermission.setUsers(getAttributeSet(lDAPEntry, USERS));
        createPermission.setType(getAttribute(lDAPEntry, TYPE));
        createPermission.addProperties(AttrHelper.getProperties(getAttributes(lDAPEntry, GlobalIds.PROPS)));
        return createPermission;
    }

    private PermObj unloadPobjLdapEntry(LDAPEntry lDAPEntry, long j) throws LDAPException {
        PermObj createPermObj = new ObjectFactory().createPermObj();
        createPermObj.setSequenceId(j);
        createPermObj.setObjectName(getAttribute(lDAPEntry, GlobalIds.POBJ_NAME));
        createPermObj.setOu(getAttribute(lDAPEntry, GlobalIds.OU));
        createPermObj.setDn(lDAPEntry.getDN());
        createPermObj.setInternalId(getAttribute(lDAPEntry, GlobalIds.FT_IID));
        createPermObj.setType(getAttribute(lDAPEntry, TYPE));
        createPermObj.setDescription(getAttribute(lDAPEntry, GlobalIds.DESC));
        createPermObj.addProperties(AttrHelper.getProperties(getAttributes(lDAPEntry, GlobalIds.PROPS)));
        return createPermObj;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v2, types: [com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry, long] */
    public final List<Permission> findPermissions(Permission permission) throws FinderException {
        ArrayList arrayList = new ArrayList();
        LDAPConnection lDAPConnection = null;
        String rootDn = getRootDn(permission.isAdmin(), permission.getContextId());
        try {
            try {
                String encodeSafeText = encodeSafeText(permission.getObjectName(), 100);
                String encodeSafeText2 = encodeSafeText(permission.getOpName(), 100);
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                LDAPSearchResults search = search(lDAPConnection, rootDn, 2, "(&(objectclass=ftOperation)(ftObjNm=" + encodeSafeText + "*)(" + GlobalIds.POP_NAME + "=" + encodeSafeText2 + "*))", PERMISSION_OP_ATRS, false, 100);
                long j = 0;
                while (search.hasMoreElements()) {
                    search.next();
                    ?? r3 = j;
                    j = r3 + 1;
                    arrayList.add(unloadPopLdapEntry(r3, r3));
                }
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
                return arrayList;
            } catch (LDAPException e) {
                throw new FinderException(GlobalErrIds.PERM_SEARCH_FAILED, CLS_NM + ".findPermissions caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v2, types: [com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry, long] */
    public final List<PermObj> findPermissions(PermObj permObj) throws FinderException {
        ArrayList arrayList = new ArrayList();
        LDAPConnection lDAPConnection = null;
        String rootDn = getRootDn(permObj.isAdmin(), permObj.getContextId());
        try {
            try {
                String encodeSafeText = encodeSafeText(permObj.getObjectName(), 100);
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                LDAPSearchResults search = search(lDAPConnection, rootDn, 2, "(&(objectclass=ftObject)(ftObjNm=" + encodeSafeText + "*))", PERMISION_OBJ_ATRS, false, 100);
                long j = 0;
                while (search.hasMoreElements()) {
                    search.next();
                    ?? r3 = j;
                    j = r3 + 1;
                    arrayList.add(unloadPobjLdapEntry(r3, r3));
                }
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
                return arrayList;
            } catch (LDAPException e) {
                throw new FinderException(GlobalErrIds.PERM_SEARCH_FAILED, CLS_NM + ".findPermissions caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v2, types: [com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry, long] */
    public final List<PermObj> findPermissions(OrgUnit orgUnit, boolean z) throws FinderException {
        ArrayList arrayList = new ArrayList();
        LDAPConnection lDAPConnection = null;
        String rootDn = getRootDn(orgUnit.getContextId(), GlobalIds.PERM_ROOT);
        try {
            try {
                String encodeSafeText = encodeSafeText(orgUnit.getName(), 40);
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                LDAPSearchResults search = search(lDAPConnection, rootDn, 2, "(&(objectclass=ftObject)(ou=" + encodeSafeText + "*))", PERMISION_OBJ_ATRS, false, 100, z ? 10 : 0);
                long j = 0;
                while (search.hasMoreElements()) {
                    search.next();
                    ?? r3 = j;
                    j = r3 + 1;
                    arrayList.add(unloadPobjLdapEntry(r3, r3));
                }
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
                return arrayList;
            } catch (LDAPException e) {
                throw new FinderException(GlobalErrIds.PERM_SEARCH_FAILED, CLS_NM + ".findPermissions caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v2, types: [com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry, long] */
    public final List<Permission> findPermissions(Role role) throws FinderException {
        String str;
        ArrayList arrayList = new ArrayList();
        LDAPConnection lDAPConnection = null;
        String rootDn = role.getClass().equals(AdminRole.class) ? getRootDn(role.getContextId(), GlobalIds.ADMIN_PERM_ROOT) : getRootDn(role.getContextId(), GlobalIds.PERM_ROOT);
        try {
            try {
                String encodeSafeText = encodeSafeText(role.getName(), 40);
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                Set<String> ascendants = role.getClass().equals(AdminRole.class) ? AdminRoleUtil.getAscendants(role.getName(), role.getContextId()) : RoleUtil.getAscendants(role.getName(), role.getContextId());
                if (VUtil.isNotNullOrEmpty(ascendants)) {
                    String str2 = "(&(objectclass=ftOperation)(|(ftRoles=" + encodeSafeText + ")";
                    Iterator<String> it = ascendants.iterator();
                    while (it.hasNext()) {
                        str2 = str2 + "(ftRoles=" + it.next() + ")";
                    }
                    str = str2 + ")";
                } else {
                    str = "(&(objectclass=ftOperation)(ftRoles=" + encodeSafeText + ")";
                }
                LDAPSearchResults search = search(lDAPConnection, rootDn, 2, str + ")", PERMISSION_OP_ATRS, false, 100);
                long j = 0;
                while (search.hasMoreElements()) {
                    search.next();
                    ?? r3 = j;
                    j = r3 + 1;
                    arrayList.add(unloadPopLdapEntry(r3, r3));
                }
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
                return arrayList;
            } catch (LDAPException e) {
                throw new FinderException(GlobalErrIds.PERM_ROLE_SEARCH_FAILED, CLS_NM + ".findPermissions caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v2, types: [com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry, long] */
    public final List<Permission> findPermissions(User user) throws FinderException {
        ArrayList arrayList = new ArrayList();
        LDAPConnection lDAPConnection = null;
        String rootDn = getRootDn(user.getContextId(), GlobalIds.PERM_ROOT);
        try {
            try {
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                String str = "(&(objectclass=ftOperation)(|";
                Set<String> inheritedRoles = RoleUtil.getInheritedRoles(user.getRoles(), user.getContextId());
                if (VUtil.isNotNullOrEmpty(inheritedRoles)) {
                    Iterator<String> it = inheritedRoles.iterator();
                    while (it.hasNext()) {
                        str = str + "(ftRoles=" + it.next() + ")";
                    }
                }
                LDAPSearchResults search = search(lDAPConnection, rootDn, 2, str + "(ftUsers=" + user.getUserId() + ")))", PERMISSION_OP_ATRS, false, 100);
                long j = 0;
                while (search.hasMoreElements()) {
                    search.next();
                    ?? r3 = j;
                    j = r3 + 1;
                    arrayList.add(unloadPopLdapEntry(r3, r3));
                }
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
                return arrayList;
            } catch (LDAPException e) {
                throw new FinderException(GlobalErrIds.PERM_USER_SEARCH_FAILED, CLS_NM + ".findPermissions user [" + user.getUserId() + "] caught LDAPException in PermDAO.findPermissions=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v2, types: [com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry, long] */
    public final List<Permission> findUserPermissions(User user) throws FinderException {
        ArrayList arrayList = new ArrayList();
        LDAPConnection lDAPConnection = null;
        String rootDn = getRootDn(user.getContextId(), GlobalIds.PERM_ROOT);
        try {
            try {
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                LDAPSearchResults search = search(lDAPConnection, rootDn, 2, "(&(objectclass=ftOperation)(ftUsers=" + user.getUserId() + "))", PERMISSION_OP_ATRS, false, 100);
                long j = 0;
                while (search.hasMoreElements()) {
                    search.next();
                    ?? r3 = j;
                    j = r3 + 1;
                    arrayList.add(unloadPopLdapEntry(r3, r3));
                }
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
                return arrayList;
            } catch (LDAPException e) {
                throw new FinderException(GlobalErrIds.PERM_USER_SEARCH_FAILED, CLS_NM + ".findUserPermissions user [" + user.getUserId() + "] caught LDAPException in PermDAO.findPermissions=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v2, types: [com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry, long] */
    public final List<Permission> findPermissions(Session session) throws FinderException {
        ArrayList arrayList = new ArrayList();
        LDAPConnection lDAPConnection = null;
        String rootDn = getRootDn(session.getContextId(), GlobalIds.PERM_ROOT);
        try {
            try {
                lDAPConnection = PoolMgr.getConnection(PoolMgr.ConnType.ADMIN);
                String str = "(&(objectclass=ftOperation)(|(ftUsers=" + session.getUserId() + ")";
                Set<String> inheritedRoles = RoleUtil.getInheritedRoles(session.getRoles(), session.getContextId());
                if (VUtil.isNotNullOrEmpty(inheritedRoles)) {
                    Iterator<String> it = inheritedRoles.iterator();
                    while (it.hasNext()) {
                        str = str + "(ftRoles=" + it.next() + ")";
                    }
                }
                LDAPSearchResults search = search(lDAPConnection, rootDn, 2, str + "))", PERMISSION_OP_ATRS, false, 100);
                long j = 0;
                while (search.hasMoreElements()) {
                    search.next();
                    ?? r3 = j;
                    j = r3 + 1;
                    arrayList.add(unloadPopLdapEntry(r3, r3));
                }
                PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
                return arrayList;
            } catch (LDAPException e) {
                throw new FinderException(GlobalErrIds.PERM_SESS_SEARCH_FAILED, CLS_NM + ".findPermissions user [" + session.getUserId() + "] caught LDAPException in PermDAO.findPermissions=" + e.getLDAPResultCode() + " msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            PoolMgr.closeConnection(lDAPConnection, PoolMgr.ConnType.ADMIN);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final String getOpRdn(String str, String str2) {
        return (str2 == null || str2.length() <= 0) ? "ftOpNm=" + str : "ftOpNm=" + str + "+" + POBJ_ID + "=" + str2;
    }

    private String getDn(Permission permission, String str) {
        return getOpRdn(permission.getOpName(), permission.getObjectId()) + GlobalIds.COMMA + GlobalIds.POBJ_NAME + "=" + permission.getObjectName() + GlobalIds.COMMA + getRootDn(permission.isAdmin(), str);
    }

    private String getDn(PermObj permObj, String str) {
        return "ftObjNm=" + permObj.getObjectName() + GlobalIds.COMMA + getRootDn(permObj.isAdmin(), str);
    }

    private String getRootDn(boolean z, String str) {
        return z ? getRootDn(str, GlobalIds.ADMIN_PERM_ROOT) : getRootDn(str, GlobalIds.PERM_ROOT);
    }
}
