package com.enginframe.acl;

import com.enginframe.common.utils.log.Log;
import com.enginframe.common.utils.log.LogFactory;
import com.enginframe.timing.Timing;
import com.enginframe.timing.Traced;
import com.hazelcast.security.permission.ActionConstants;
import com.nice.usergroupmanager.UserGroupManagerFactory;
import java.lang.annotation.Annotation;
import java.util.Iterator;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* JADX WARN: Classes with same name are omitted:
  input_file:kernel/ef_root/WEBAPP/WEB-INF/lib/ef.jar:com/enginframe/acl/AuthorizationManagerImpl.class
  input_file:kernel/ef_root/agent/agent.jar:com/enginframe/acl/AuthorizationManagerImpl.class
 */
/* loaded from: input_file:com/enginframe/acl/AuthorizationManagerImpl.class */
public final class AuthorizationManagerImpl implements AuthorizationManager {
    private final ACLDatabase itsDatabase = new ACLDatabase();
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static Annotation ajc$anno$0;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static Annotation ajc$anno$1;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;
    private static Annotation ajc$anno$2;

    /* JADX WARN: Classes with same name are omitted:
      input_file:kernel/ef_root/WEBAPP/WEB-INF/lib/ef.jar:com/enginframe/acl/AuthorizationManagerImpl$AjcClosure1.class
      input_file:kernel/ef_root/agent/agent.jar:com/enginframe/acl/AuthorizationManagerImpl$AjcClosure1.class
     */
    /* loaded from: input_file:com/enginframe/acl/AuthorizationManagerImpl$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        @Override // org.aspectj.runtime.internal.AroundClosure
        public Object run(Object[] objArr) {
            Object[] objArr2 = this.state;
            return AuthorizationManagerImpl.getAclStatus_aroundBody0((AuthorizationManagerImpl) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:kernel/ef_root/WEBAPP/WEB-INF/lib/ef.jar:com/enginframe/acl/AuthorizationManagerImpl$AjcClosure3.class
      input_file:kernel/ef_root/agent/agent.jar:com/enginframe/acl/AuthorizationManagerImpl$AjcClosure3.class
     */
    /* loaded from: input_file:com/enginframe/acl/AuthorizationManagerImpl$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        @Override // org.aspectj.runtime.internal.AroundClosure
        public Object run(Object[] objArr) {
            Object[] objArr2 = this.state;
            return Conversions.booleanObject(AuthorizationManagerImpl.check_aroundBody2((AuthorizationManagerImpl) objArr2[0], (ApplyACLInfo) objArr2[1], (String) objArr2[2], (String) objArr2[3], (JoinPoint) objArr2[4]));
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:kernel/ef_root/WEBAPP/WEB-INF/lib/ef.jar:com/enginframe/acl/AuthorizationManagerImpl$AjcClosure5.class
      input_file:kernel/ef_root/agent/agent.jar:com/enginframe/acl/AuthorizationManagerImpl$AjcClosure5.class
     */
    /* loaded from: input_file:com/enginframe/acl/AuthorizationManagerImpl$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        @Override // org.aspectj.runtime.internal.AroundClosure
        public Object run(Object[] objArr) {
            Object[] objArr2 = this.state;
            return AuthorizationManagerImpl.applyACL_aroundBody4((AuthorizationManagerImpl) objArr2[0], (Document) objArr2[1], (String) objArr2[2], (String) objArr2[3], (JoinPoint) objArr2[4]);
        }
    }

    private Log getLog() {
        return LogFactory.getLog(getClass());
    }

    @Override // com.enginframe.acl.AuthorizationManager
    @Traced
    public Element getAclStatus() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this);
        Timing aspectOf = Timing.aspectOf();
        ProceedingJoinPoint linkClosureAndJoinPoint = new AjcClosure1(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648);
        Annotation annotation = ajc$anno$0;
        if (annotation == null) {
            annotation = AuthorizationManagerImpl.class.getDeclaredMethod("getAclStatus", new Class[0]).getAnnotation(Traced.class);
            ajc$anno$0 = annotation;
        }
        return (Element) aspectOf.addTimingStatistics(linkClosureAndJoinPoint, (Traced) annotation);
    }

    @Override // com.enginframe.acl.AuthorizationManager
    @Traced
    public boolean check(ApplyACLInfo applyACLInfo, String str, String str2) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, (Object) this, (Object) this, new Object[]{applyACLInfo, str, str2});
        Timing aspectOf = Timing.aspectOf();
        ProceedingJoinPoint linkClosureAndJoinPoint = new AjcClosure3(new Object[]{this, applyACLInfo, str, str2, makeJP}).linkClosureAndJoinPoint(69648);
        Annotation annotation = ajc$anno$1;
        if (annotation == null) {
            annotation = AuthorizationManagerImpl.class.getDeclaredMethod("check", ApplyACLInfo.class, String.class, String.class).getAnnotation(Traced.class);
            ajc$anno$1 = annotation;
        }
        return Conversions.booleanValue(aspectOf.addTimingStatistics(linkClosureAndJoinPoint, (Traced) annotation));
    }

    private boolean doCheckACL(ApplyACLInfo applyACLInfo, String str, String str2) {
        boolean z = true;
        if (applyACLInfo != null) {
            z = applyACLInfo.isOtherwise() ? checkOtherwiseACL(applyACLInfo, str, str2) : checkApplyACL(applyACLInfo, str, str2);
        }
        return z;
    }

    private boolean checkOtherwiseACL(ApplyACLInfo applyACLInfo, String str, String str2) {
        boolean z = false;
        if (applyACLInfo != null && applyACLInfo.isOtherwise()) {
            if (getLog().isDebugEnabled()) {
                getLog().debug("evaluating ef:otherwise element");
            }
            if (checkOthwerwiseParents(applyACLInfo, str, str2) && !applyACLInfo.otherwiseSiblings().isEmpty()) {
                Iterator<Element> it = applyACLInfo.otherwiseSiblings().iterator();
                z = true;
                while (it.hasNext() && z) {
                    ApplyACLInfo applyACLInfo2 = new ApplyACLInfo(it.next());
                    if (doCheckACL(applyACLInfo2, str, str2)) {
                        if (getLog().isDebugEnabled()) {
                            getLog().debug("ef:otherwise sibling (" + applyACLInfo2 + ") is granted, ACL access denied");
                        }
                        z = false;
                    }
                }
            }
        }
        return z;
    }

    private boolean checkOthwerwiseParents(ApplyACLInfo applyACLInfo, String str, String str2) {
        boolean z = true;
        Iterator<Element> it = applyACLInfo.otherwiseParentGuards().iterator();
        while (it.hasNext() && z) {
            ApplyACLInfo applyACLInfo2 = new ApplyACLInfo(it.next());
            if (!doCheckACL(applyACLInfo2, str, str2)) {
                if (getLog().isDebugEnabled()) {
                    getLog().debug("ef:otherwise parent (" + applyACLInfo2 + ") is not granted, ACL access denied");
                }
                z = false;
            }
        }
        return z;
    }

    private boolean checkApplyACL(ApplyACLInfo applyACLInfo, String str, String str2) {
        boolean z = false;
        if (applyACLInfo != null && !applyACLInfo.isOtherwise() && !applyACLInfo.isChoose()) {
            ApplyACLEvaluator select = this.itsDatabase.select(applyACLInfo);
            if (getLog().isDebugEnabled()) {
                getLog().debug("info (" + applyACLInfo + "), username (" + str + ") and action (" + str2 + ") gave acl (" + select + ")");
            }
            z = select != null && select.allow(str, str2);
        }
        return z;
    }

    @Override // com.enginframe.acl.AuthorizationManager
    public boolean check(ApplyACLInfo[] applyACLInfoArr, String str, String str2) {
        getLog().debug("BEGIN (Using Array)");
        boolean z = true;
        if (applyACLInfoArr != null) {
            try {
                if (applyACLInfoArr.length > 0) {
                    for (int i = 0; i < applyACLInfoArr.length && z; i++) {
                        z = check(applyACLInfoArr[i], str, str2);
                    }
                }
            } finally {
                getLog().debug("END (Using Array)");
            }
        }
        return z;
    }

    @Override // com.enginframe.acl.AuthorizationManager
    @Traced
    public Document applyACL(Document document, String str, String str2) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, (Object) this, (Object) this, new Object[]{document, str, str2});
        Timing aspectOf = Timing.aspectOf();
        ProceedingJoinPoint linkClosureAndJoinPoint = new AjcClosure5(new Object[]{this, document, str, str2, makeJP}).linkClosureAndJoinPoint(69648);
        Annotation annotation = ajc$anno$2;
        if (annotation == null) {
            annotation = AuthorizationManagerImpl.class.getDeclaredMethod("applyACL", Document.class, String.class, String.class).getAnnotation(Traced.class);
            ajc$anno$2 = annotation;
        }
        return (Document) aspectOf.addTimingStatistics(linkClosureAndJoinPoint, (Traced) annotation);
    }

    private void removeChooseElements(Document document, String str, String str2) {
        NodeList elementsByTagName = document.getElementsByTagName(ApplyACLInfo.CHOOSE_ACL_TAG);
        if (elementsByTagName.getLength() > 0) {
            getLog().debug("Removing choose-acl elements from source (" + str2 + ")");
        }
        while (elementsByTagName.getLength() > 0) {
            Element element = (Element) elementsByTagName.item(0);
            ApplyACLInfo applyACLInfo = new ApplyACLInfo(element);
            applyACLInfo.setSource(str2);
            if (applyACLInfo.isChoose()) {
                evaluateChoose(str, applyACLInfo, element);
            } else {
                removeFromParent(element);
                if (getLog().isDebugEnabled()) {
                    getLog().debug("removed wrong 'ef:choose-acl' element");
                }
            }
        }
    }

    private void evaluateChoose(String str, ApplyACLInfo applyACLInfo, Element element) {
        boolean z = false;
        Iterator<Node> it = applyACLInfo.chooseElements().iterator();
        while (it.hasNext() && !z) {
            Element element2 = (Element) it.next();
            ApplyACLInfo applyACLInfo2 = new ApplyACLInfo(element2);
            applyACLInfo2.setSource(applyACLInfo.getSource());
            ApplyACLEvaluator select = this.itsDatabase.select(applyACLInfo2);
            if (select != null && select.allow(str, ActionConstants.ACTION_READ)) {
                moveNodes(element, element2.getChildNodes(), element, "apply-acl (" + applyACLInfo.getPattern() + ") passed");
                z = true;
            }
        }
        if (z) {
            return;
        }
        Element otherwiseElement = applyACLInfo.otherwiseElement();
        if (otherwiseElement != null) {
            moveNodes(element, otherwiseElement.getChildNodes(), element, "removed ef:otherwise after inserting its children");
            return;
        }
        removeFromParent(element);
        if (getLog().isDebugEnabled()) {
            getLog().debug("removed 'ef:choose-acl' element containing no 'ef:otherwise' element");
        }
    }

    private static void removeFromParent(Element element) {
        Node parentNode = element.getParentNode();
        if (parentNode != null) {
            parentNode.removeChild(element);
        }
    }

    private void removeApplyAclElements(Document document, String str, String str2) {
        NodeList elementsByTagName = document.getElementsByTagName("ef:apply-acl");
        if (elementsByTagName.getLength() > 0) {
            getLog().debug("Removing apply-acl elements from source (" + str2 + ")");
        }
        while (elementsByTagName.getLength() > 0) {
            Element element = (Element) elementsByTagName.item(0);
            if (getLog().isDebugEnabled()) {
                getLog().debug("checking " + element.getAttribute("select") + " for user (" + str + ")");
            }
            ApplyACLInfo applyACLInfo = new ApplyACLInfo(element);
            applyACLInfo.setSource(str2);
            ApplyACLEvaluator select = this.itsDatabase.select(applyACLInfo);
            if (select == null) {
                if (getLog().isDebugEnabled()) {
                    getLog().debug("ACL is null. Select (" + element.getAttribute("select") + ") for user (" + str + ")");
                }
                removeFromParent(element);
            } else if (select.deny(str, ActionConstants.ACTION_READ)) {
                if (getLog().isDebugEnabled()) {
                    getLog().debug("ACL is denied. Select (" + element.getAttribute("select") + ") for user (" + str + ")");
                }
                removeFromParent(element);
            } else {
                if (getLog().isDebugEnabled()) {
                    getLog().debug("ACL is allowed. Select (" + element.getAttribute("select") + ") for user (" + str + ")");
                }
                moveNodes(element, element.getChildNodes(), element, "apply-acl (" + applyACLInfo.getPattern() + ") passed");
            }
        }
    }

    private void moveNodes(Node node, NodeList nodeList, Node node2, String str) {
        Node parentNode = node.getParentNode();
        int length = nodeList.getLength();
        if (parentNode == null) {
            if (getLog().isDebugEnabled()) {
                getLog().debug("parent is null, childLen (" + length + "); couldn't do node move");
                return;
            }
            return;
        }
        if (length > 0) {
            Node node3 = node2;
            for (int i = length - 1; i >= 0; i--) {
                Node item = nodeList.item(i);
                parentNode.insertBefore(item, node3);
                node3 = item;
            }
        }
        parentNode.removeChild(node);
        if (getLog().isDebugEnabled()) {
            getLog().debug(str);
        }
    }

    @Override // com.enginframe.acl.AuthorizationManager
    public ACLDatabase getDatabase() {
        return this.itsDatabase;
    }

    @Override // com.enginframe.acl.AuthorizationManager
    public void shutdown() {
        UserGroupManagerFactory.disposeAll();
    }

    static {
        ajc$preClinit();
    }

    static final Element getAclStatus_aroundBody0(AuthorizationManagerImpl authorizationManagerImpl, JoinPoint joinPoint) {
        return authorizationManagerImpl.itsDatabase.asXML();
    }

    static final boolean check_aroundBody2(AuthorizationManagerImpl authorizationManagerImpl, ApplyACLInfo applyACLInfo, String str, String str2, JoinPoint joinPoint) {
        authorizationManagerImpl.getLog().debug("BEGIN");
        try {
            return authorizationManagerImpl.doCheckACL(applyACLInfo, str, str2);
        } finally {
            authorizationManagerImpl.getLog().debug("END");
        }
    }

    static final Document applyACL_aroundBody4(AuthorizationManagerImpl authorizationManagerImpl, Document document, String str, String str2, JoinPoint joinPoint) {
        authorizationManagerImpl.getLog().debug("BEGIN");
        authorizationManagerImpl.removeChooseElements(document, str, str2);
        authorizationManagerImpl.removeApplyAclElements(document, str, str2);
        authorizationManagerImpl.getLog().debug("END");
        return document;
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("AuthorizationManagerImpl.java", AuthorizationManagerImpl.class);
        ajc$tjp_0 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "getAclStatus", "com.enginframe.acl.AuthorizationManagerImpl", "", "", "", "org.w3c.dom.Element"), 68);
        ajc$tjp_1 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "check", "com.enginframe.acl.AuthorizationManagerImpl", "com.enginframe.acl.ApplyACLInfo:java.lang.String:java.lang.String", "info:username:action", "", "boolean"), 74);
        ajc$tjp_2 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "applyACL", "com.enginframe.acl.AuthorizationManagerImpl", "org.w3c.dom.Document:java.lang.String:java.lang.String", "document:username:pluginPath", "", "org.w3c.dom.Document"), 222);
    }
}
