package org.codehaus.plexus.redback.role.template;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Resource;
import org.codehaus.plexus.redback.rbac.Operation;
import org.codehaus.plexus.redback.rbac.Permission;
import org.codehaus.plexus.redback.rbac.RBACManager;
import org.codehaus.plexus.redback.rbac.RbacManagerException;
import org.codehaus.plexus.redback.rbac.Role;
import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.role.model.ModelApplication;
import org.codehaus.plexus.redback.role.model.ModelPermission;
import org.codehaus.plexus.redback.role.model.ModelResource;
import org.codehaus.plexus.redback.role.model.ModelTemplate;
import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
import org.codehaus.plexus.redback.role.util.RoleModelUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader;
import org.springframework.stereotype.Service;

@Service("roleTemplateProcessor")
/* loaded from: input_file:WEB-INF/lib/redback-rbac-role-manager-1.2.5.jar:org/codehaus/plexus/redback/role/template/DefaultRoleTemplateProcessor.class */
public class DefaultRoleTemplateProcessor implements RoleTemplateProcessor {
    private Logger log = LoggerFactory.getLogger(DefaultRoleTemplateProcessor.class);

    @Resource(name = "rBACManager#cached")
    private RBACManager rbacManager;

    @Override // org.codehaus.plexus.redback.role.template.RoleTemplateProcessor
    public void create(RedbackRoleModel redbackRoleModel, String str, String str2) throws RoleManagerException {
        Iterator it = redbackRoleModel.getApplications().iterator();
        while (it.hasNext()) {
            for (ModelTemplate modelTemplate : ((ModelApplication) it.next()).getTemplates()) {
                if (str.equals(modelTemplate.getId())) {
                    processResource(modelTemplate, str2);
                    processTemplate(redbackRoleModel, modelTemplate, str2);
                    return;
                }
            }
        }
        throw new RoleManagerException("unknown template '" + str + "'");
    }

    @Override // org.codehaus.plexus.redback.role.template.RoleTemplateProcessor
    public void remove(RedbackRoleModel redbackRoleModel, String str, String str2) throws RoleManagerException {
        Iterator it = redbackRoleModel.getApplications().iterator();
        while (it.hasNext()) {
            for (ModelTemplate modelTemplate : ((ModelApplication) it.next()).getTemplates()) {
                if (str.equals(modelTemplate.getId())) {
                    removeTemplatedRole(redbackRoleModel, modelTemplate, str2);
                    return;
                }
            }
        }
        throw new RoleManagerException("unknown template '" + str + "'");
    }

    private void removeTemplatedRole(RedbackRoleModel redbackRoleModel, ModelTemplate modelTemplate, String str) throws RoleManagerException {
        String str2 = modelTemplate.getNamePrefix() + modelTemplate.getDelimiter() + str;
        try {
            Role role = this.rbacManager.getRole(str2);
            if (role.isPermanent()) {
                throw new RoleManagerException("unable to remove role, it is flagged permanent");
            }
            this.rbacManager.removeRole(role);
            if (!this.rbacManager.getResource(str).isPermanent()) {
            }
        } catch (RbacManagerException e) {
            throw new RoleManagerException("unable to remove templated role: " + str2, e);
        }
    }

    private void processResource(ModelTemplate modelTemplate, String str) throws RoleManagerException {
        if (this.rbacManager.resourceExists(str)) {
            return;
        }
        try {
            org.codehaus.plexus.redback.rbac.Resource createResource = this.rbacManager.createResource(str);
            createResource.setPermanent(modelTemplate.isPermanentResource());
            this.rbacManager.saveResource(createResource);
        } catch (RbacManagerException e) {
            throw new RoleManagerException("error creating resource '" + str + "'", e);
        }
    }

    private void processTemplate(RedbackRoleModel redbackRoleModel, ModelTemplate modelTemplate, String str) throws RoleManagerException {
        String str2 = modelTemplate.getNamePrefix() + modelTemplate.getDelimiter() + str;
        List<Permission> processPermissions = processPermissions(redbackRoleModel, modelTemplate, str);
        if (this.rbacManager.roleExists(str2)) {
            try {
                Role role = this.rbacManager.getRole(str2);
                boolean z = false;
                for (Permission permission : processPermissions) {
                    if (!role.getPermissions().contains(permission)) {
                        this.log.info("Adding new permission '" + permission.getName() + "' to role '" + role.getName() + "'");
                        role.addPermission(permission);
                        z = true;
                    }
                }
                for (Permission permission2 : new ArrayList(role.getPermissions())) {
                    if (!processPermissions.contains(permission2)) {
                        this.log.info("Removing old permission '" + permission2.getName() + "' from role '" + role.getName() + "'");
                        role.removePermission(permission2);
                        z = true;
                    }
                }
                if (z) {
                    this.rbacManager.saveRole(role);
                }
                return;
            } catch (RbacManagerException e) {
                throw new RoleManagerException("error updating role '" + str2 + "'", e);
            }
        }
        try {
            Role createRole = this.rbacManager.createRole(str2);
            createRole.setDescription(modelTemplate.getDescription());
            createRole.setPermanent(modelTemplate.isPermanent());
            createRole.setAssignable(modelTemplate.isAssignable());
            Iterator<Permission> it = processPermissions.iterator();
            while (it.hasNext()) {
                createRole.addPermission(it.next());
            }
            if (modelTemplate.getChildRoles() != null) {
                Iterator it2 = modelTemplate.getChildRoles().iterator();
                while (it2.hasNext()) {
                    createRole.addChildRoleName(RoleModelUtils.getModelRole(redbackRoleModel, (String) it2.next()).getName());
                }
            }
            if (modelTemplate.getChildTemplates() != null) {
                for (String str3 : modelTemplate.getChildTemplates()) {
                    ModelTemplate modelTemplate2 = RoleModelUtils.getModelTemplate(redbackRoleModel, str3);
                    if (modelTemplate2 == null) {
                        throw new RoleManagerException("error obtaining child template from model: template " + str2 + " # child template: " + str3);
                    }
                    String str4 = modelTemplate2.getNamePrefix() + modelTemplate2.getDelimiter() + str;
                    if (this.rbacManager.roleExists(str4)) {
                        createRole.addChildRoleName(str4);
                    } else {
                        processTemplate(redbackRoleModel, modelTemplate2, str);
                        createRole.addChildRoleName(str4);
                    }
                }
            }
            if (!this.rbacManager.roleExists(createRole.getName())) {
                createRole = this.rbacManager.saveRole(createRole);
            }
            if (modelTemplate.getParentRoles() != null) {
                Iterator it3 = modelTemplate.getParentRoles().iterator();
                while (it3.hasNext()) {
                    Role role2 = this.rbacManager.getRole(RoleModelUtils.getModelRole(redbackRoleModel, (String) it3.next()).getName());
                    role2.addChildRoleName(createRole.getName());
                    this.rbacManager.saveRole(role2);
                }
            }
            if (modelTemplate.getParentTemplates() != null) {
                for (String str5 : modelTemplate.getParentTemplates()) {
                    ModelTemplate modelTemplate3 = RoleModelUtils.getModelTemplate(redbackRoleModel, str5);
                    if (modelTemplate3 == null) {
                        throw new RoleManagerException("error obtaining parent template from model: template " + str2 + " # child template: " + str5);
                    }
                    String str6 = modelTemplate3.getNamePrefix() + modelTemplate3.getDelimiter() + str;
                    if (this.rbacManager.roleExists(str6)) {
                        Role role3 = this.rbacManager.getRole(str6);
                        role3.addChildRoleName(createRole.getName());
                        this.rbacManager.saveRole(role3);
                    } else {
                        processTemplate(redbackRoleModel, modelTemplate3, str);
                        Role role4 = this.rbacManager.getRole(str6);
                        role4.addChildRoleName(createRole.getName());
                        this.rbacManager.saveRole(role4);
                    }
                }
            }
        } catch (RbacManagerException e2) {
            throw new RoleManagerException("error creating role '" + str2 + "'", e2);
        }
    }

    private List<Permission> processPermissions(RedbackRoleModel redbackRoleModel, ModelTemplate modelTemplate, String str) throws RoleManagerException {
        ArrayList arrayList = new ArrayList();
        if (modelTemplate.getPermissions() != null) {
            for (ModelPermission modelPermission : new ArrayList(modelTemplate.getPermissions())) {
                try {
                    String str2 = modelPermission.getName() + modelTemplate.getDelimiter() + resolvePermissionResource(redbackRoleModel, modelPermission, str);
                    if (this.rbacManager.permissionExists(str2)) {
                        arrayList.add(this.rbacManager.getPermission(str2));
                    } else {
                        Permission createPermission = this.rbacManager.createPermission(str2);
                        Operation operation = this.rbacManager.getOperation(RoleModelUtils.getModelOperation(redbackRoleModel, modelPermission.getOperation()).getName());
                        org.codehaus.plexus.redback.rbac.Resource resource = this.rbacManager.getResource(resolvePermissionResource(redbackRoleModel, modelPermission, str));
                        createPermission.setOperation(operation);
                        createPermission.setResource(resource);
                        createPermission.setPermanent(modelPermission.isPermanent());
                        createPermission.setDescription(modelPermission.getDescription());
                        arrayList.add(this.rbacManager.savePermission(createPermission));
                    }
                } catch (RbacManagerException e) {
                    e.printStackTrace();
                    throw new RoleManagerException("unable to generate templated role: " + e.getMessage(), e);
                } catch (RoleTemplateProcessorException e2) {
                    e2.printStackTrace();
                    throw new RoleManagerException("unable to resolve resource: " + str, e2);
                }
            }
        }
        return arrayList;
    }

    private String resolvePermissionResource(RedbackRoleModel redbackRoleModel, ModelPermission modelPermission, String str) throws RoleTemplateProcessorException {
        String resolveResource;
        String resource = modelPermission.getResource();
        if ((!resource.startsWith("${") || !DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE.equals(resource.substring(2, resource.indexOf(125)))) && (resolveResource = resolveResource(redbackRoleModel, modelPermission.getResource())) != null) {
            return resolveResource;
        }
        return str;
    }

    private String resolveResource(RedbackRoleModel redbackRoleModel, String str) throws RoleTemplateProcessorException {
        ModelResource modelResource = RoleModelUtils.getModelResource(redbackRoleModel, str);
        if (modelResource != null) {
            return modelResource.getName();
        }
        return null;
    }
}
