package sernet.verinice.service;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import org.apache.commons.io.FileUtils;
import org.apache.log4j.Logger;
import org.apache.velocity.runtime.resource.loader.StringResourceLoader;
import org.hibernate.Criteria;
import org.hibernate.FetchMode;
import org.hibernate.criterion.DetachedCriteria;
import org.hibernate.criterion.Restrictions;
import org.springframework.core.io.Resource;
import sernet.gs.service.SecurityException;
import sernet.hui.common.connect.Property;
import sernet.verinice.interfaces.IAuthService;
import sernet.verinice.interfaces.IBaseDao;
import sernet.verinice.interfaces.IRightsChangeListener;
import sernet.verinice.interfaces.IRightsService;
import sernet.verinice.model.auth.Action;
import sernet.verinice.model.auth.Auth;
import sernet.verinice.model.auth.ConfigurationType;
import sernet.verinice.model.auth.OriginType;
import sernet.verinice.model.auth.Profile;
import sernet.verinice.model.auth.ProfileRef;
import sernet.verinice.model.auth.Profiles;
import sernet.verinice.model.auth.Userprofile;
import sernet.verinice.model.auth.Userprofiles;
import sernet.verinice.model.common.CnATreeElement;
import sernet.verinice.model.common.configuration.Configuration;

/* loaded from: input_file:sernet/verinice/service/XmlRightsService.class */
public class XmlRightsService implements IRightsService {
    private volatile Auth auth;
    private RightsServerHandler rightsServerHandler;
    private Resource authConfigurationDefault;
    private Resource authConfiguration;
    private Resource authConfigurationSchema;
    private JAXBContext context;
    private Schema schema;
    private IConfigurationService configurationService;
    private IBaseDao<Configuration, Integer> configurationDao;
    private IBaseDao<Property, Integer> propertyDao;
    private IRemoteMessageSource messages;
    private IAuthService authService;
    private Map<String, Profile> profileMap;
    private static List<IRightsChangeListener> changeListener = new LinkedList();
    private final Logger log = Logger.getLogger(XmlRightsService.class);
    private final ReentrantReadWriteLock readWriteLock = new ReentrantReadWriteLock();
    private final Lock readLock = this.readWriteLock.readLock();
    private final Lock writeLock = this.readWriteLock.writeLock();
    private volatile Map<String, List<String>> usernameMap = new Hashtable();
    private volatile Map<String, List<String>> groupnameMap = new Hashtable();

    public Auth getConfiguration() {
        Auth auth = this.auth;
        if (auth == null) {
            this.readLock.lock();
            try {
                auth = loadConfiguration();
                this.auth = auth;
                this.readLock.unlock();
                if (this.log.isDebugEnabled()) {
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("Merged auth configuration: ");
                    }
                    logAuth(auth);
                }
            } catch (Throwable th) {
                this.readLock.unlock();
                throw th;
            }
        }
        return auth;
    }

    private void logAuth(Auth auth) {
        try {
            if (this.log.isDebugEnabled()) {
                Marshaller createMarshaller = getContext().createMarshaller();
                createMarshaller.setProperty("jaxb.formatted.output", true);
                createMarshaller.setProperty("jaxb.encoding", StringResourceLoader.REPOSITORY_ENCODING_DEFAULT);
                StringWriter stringWriter = new StringWriter();
                createMarshaller.marshal(auth, stringWriter);
                this.log.debug(stringWriter.toString());
            }
        } catch (Exception e) {
            this.log.error("Error while logging auth", e);
        }
    }

    private Auth loadConfiguration() {
        try {
            Unmarshaller createUnmarshaller = getContext().createUnmarshaller();
            createUnmarshaller.setSchema(getSchema());
            Auth auth = (Auth) createUnmarshaller.unmarshal(getAuthConfigurationDefault().getInputStream());
            if (getAuthConfiguration().exists()) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Reading authorization configuration from file: " + getAuthConfiguration().getFile().getPath());
                }
                Auth auth2 = (Auth) createUnmarshaller.unmarshal(getAuthConfiguration().getInputStream());
                if (!auth.getType().equals(auth2.getType())) {
                    throw new IllegalAuthConfTypeException("You must use the same configurationType in 'verinice-auth-default.xml' and 'verinice-auth.xml'");
                }
                auth = AuthHelper.merge(auth2, auth);
            }
            return auth;
        } catch (RuntimeException e) {
            this.log.error("Error while reading verinice authorization definition from file: " + getAuthConfiguration().getFilename(), e);
            throw e;
        } catch (Exception e2) {
            this.log.error("Error while reading verinice authorization definition from file: " + getAuthConfiguration().getFilename(), e2);
            throw new RuntimeException(e2);
        }
    }

    public void updateConfiguration(Auth auth) {
        try {
            if (!isReferenced("editprofile", auth)) {
                this.log.warn("Right id: editprofile is not referenced in the auth configuration. No user is able to change the configuration anymore.");
            }
            Profiles profiles = new Profiles();
            for (Profile profile : auth.getProfiles().getProfile()) {
                if (!OriginType.DEFAULT.equals(profile.getOrigin())) {
                    profiles.getProfile().add(profile);
                }
            }
            auth.setProfiles(profiles);
            Userprofiles userprofiles = new Userprofiles();
            for (Userprofile userprofile : auth.getUserprofiles().getUserprofile()) {
                if (!OriginType.DEFAULT.equals(userprofile.getOrigin())) {
                    userprofiles.getUserprofile().add(userprofile);
                }
            }
            auth.setUserprofiles(userprofiles);
            this.writeLock.lock();
            try {
                checkWritePermission();
                backupConfigurationFile();
                Marshaller createMarshaller = getContext().createMarshaller();
                createMarshaller.setProperty("jaxb.formatted.output", true);
                createMarshaller.setProperty("jaxb.encoding", StringResourceLoader.REPOSITORY_ENCODING_DEFAULT);
                createMarshaller.setSchema(getSchema());
                createMarshaller.marshal(auth, new FileOutputStream(getAuthConfiguration().getFile().getPath()));
                this.auth = null;
                this.writeLock.unlock();
                fireChangeEvent();
            } finally {
            }
        } catch (Exception e) {
            this.log.error("Error while updating authorization configuration.", e);
            this.writeLock.lock();
            try {
                this.log.error("Trying to restore the authorization configuration from backup file now...");
                restoreConfigurationFile();
                this.log.error("Authorization configuration restored from backup file.");
                this.writeLock.unlock();
                throw new RuntimeException("Error while updating authorization configuration.");
            } finally {
            }
        } catch (SecurityException e2) {
            this.log.error(e2.getMessage(), e2);
            throw e2;
        }
    }

    private void fireChangeEvent() {
        Iterator<IRightsChangeListener> it = getChangeListener().iterator();
        while (it.hasNext()) {
            it.next().configurationChanged(getConfiguration());
        }
    }

    private void checkWritePermission() throws SecurityException {
        if (!getRightsServerHandler().isEnabled(getAuthService().getUsername(), "editprofile")) {
            throw new SecurityException("User " + getAuthService().getUsername() + " has no permission to write authorization configuration.");
        }
    }

    private void backupConfigurationFile() {
        try {
            FileUtils.copyFile(getAuthConfiguration().getFile(), new File(getBackupFileName()));
        } catch (Exception e) {
            this.log.error("Error while creating backup of authorization configuration.", e);
        }
    }

    private void restoreConfigurationFile() {
        try {
            FileUtils.copyFile(new File(getBackupFileName()), getAuthConfiguration().getFile());
        } catch (Exception e) {
            this.log.error("Error while restoring authorization configuration.", e);
        }
    }

    private String getBackupFileName() throws IOException {
        return String.valueOf(getAuthConfiguration().getFile().getAbsolutePath()) + ".bak";
    }

    public List<Userprofile> getUserprofile(String str) {
        List<String> roleList = getRoleList(str);
        roleList.add(str);
        ArrayList arrayList = new ArrayList(1);
        for (Userprofile userprofile : getConfiguration().getUserprofiles().getUserprofile()) {
            if (roleList.contains(userprofile.getLogin())) {
                arrayList.add(userprofile);
            }
        }
        return arrayList;
    }

    private List<String> getRoleList(String str) {
        return getConfigurationDao().findByQuery("select roleprops.propertyValue from Configuration as conf inner join conf.entity as entity inner join entity.typedPropertyLists as propertyList inner join propertyList.properties as props inner join conf.entity as entity2 inner join entity2.typedPropertyLists as propertyList2 inner join propertyList2.properties as roleprops where props.propertyType = ? and props.propertyValue like ? and roleprops.propertyType = ?", new Object[]{"configuration_benutzername", str.replace("\\", "\\\\"), "configuration_rolle"});
    }

    public List<String> getUsernames() {
        List<String> findByQuery = getPropertyDao().findByQuery("select props.propertyValue from Property as props where props.propertyType = ?", new Object[]{"configuration_benutzername"});
        findByQuery.add(getAuthService().getAdminUsername());
        return findByQuery;
    }

    public List<String> getGroupnames() {
        return getPropertyDao().findByQuery("select props.propertyValue from Property as props where props.propertyType = ?", new Object[]{"configuration_rolle"});
    }

    public List<String> getGroupnames(String str) {
        List<String> list = this.groupnameMap.get(str);
        if (list == null) {
            loadUserAndGroupNames(str);
            list = this.groupnameMap.get(str);
        }
        return list;
    }

    public List<String> getUsernames(String str) {
        List<String> list = this.usernameMap.get(str);
        if (list == null) {
            loadUserAndGroupNames(str);
            list = this.usernameMap.get(str);
        }
        return list;
    }

    private void loadUserAndGroupNames(String str) {
        List findByQuery = getPropertyDao().findByQuery("from CnATreeElement c where c.scopeId = ? and (c.objectType = ? or c.objectType = ?)", new Object[]{getConfigurationService().getScopeId(str), "person-iso", "person"});
        Object[] objArr = new Object[findByQuery.size()];
        int i = 0;
        Iterator it = findByQuery.iterator();
        while (it.hasNext()) {
            objArr[i] = ((CnATreeElement) it.next()).getDbId();
            i++;
        }
        DetachedCriteria forClass = DetachedCriteria.forClass(Configuration.class);
        forClass.setFetchMode("entity", FetchMode.JOIN);
        forClass.setFetchMode("entity.typedPropertyLists", FetchMode.JOIN);
        forClass.setFetchMode("entity.typedPropertyLists.properties", FetchMode.JOIN);
        forClass.setFetchMode("person", FetchMode.JOIN);
        forClass.add(Restrictions.in("person.id", objArr));
        forClass.setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY);
        List<Configuration> findByCriteria = getPropertyDao().findByCriteria(forClass);
        HashSet hashSet = new HashSet(findByCriteria.size());
        HashSet hashSet2 = new HashSet(findByCriteria.size());
        for (Configuration configuration : findByCriteria) {
            if (configuration.getUser() != null && !configuration.getUser().trim().isEmpty()) {
                hashSet.add(configuration.getUser());
            }
            hashSet2.addAll(configuration.getRoles());
        }
        this.usernameMap.put(str, new ArrayList(hashSet));
        this.groupnameMap.put(str, new ArrayList(hashSet2));
    }

    public Profiles getProfiles() {
        return getConfiguration().getProfiles();
    }

    public RightsServerHandler getRightsServerHandler() {
        if (this.rightsServerHandler == null) {
            this.rightsServerHandler = new RightsServerHandler(this);
        }
        return this.rightsServerHandler;
    }

    public String getMessage(String str) {
        String str2;
        try {
            str2 = getMessages().getMessage(str, null, Locale.getDefault());
        } catch (Exception e) {
            this.log.warn("Message not found: " + str);
            if (this.log.isDebugEnabled()) {
                this.log.debug("Stacktrace: ", e);
            }
            str2 = String.valueOf(str) + " (!)";
        }
        return str2;
    }

    public Properties getAllMessages() {
        return getMessages().getAllMessages();
    }

    public Resource getAuthConfigurationDefault() {
        return this.authConfigurationDefault;
    }

    public void setAuthConfigurationDefault(Resource resource) {
        this.authConfigurationDefault = resource;
    }

    public Resource getAuthConfiguration() {
        return this.authConfiguration;
    }

    public void setAuthConfiguration(Resource resource) {
        this.authConfiguration = resource;
    }

    public Resource getAuthConfigurationSchema() {
        return this.authConfigurationSchema;
    }

    public void setAuthConfigurationSchema(Resource resource) {
        this.authConfigurationSchema = resource;
    }

    public IConfigurationService getConfigurationService() {
        return this.configurationService;
    }

    public void setConfigurationService(IConfigurationService iConfigurationService) {
        this.configurationService = iConfigurationService;
    }

    public IBaseDao<Configuration, Integer> getConfigurationDao() {
        return this.configurationDao;
    }

    public void setConfigurationDao(IBaseDao<Configuration, Integer> iBaseDao) {
        this.configurationDao = iBaseDao;
    }

    public IBaseDao<Property, Integer> getPropertyDao() {
        return this.propertyDao;
    }

    public void setPropertyDao(IBaseDao<Property, Integer> iBaseDao) {
        this.propertyDao = iBaseDao;
    }

    public IRemoteMessageSource getMessages() {
        return this.messages;
    }

    public void setMessages(IRemoteMessageSource iRemoteMessageSource) {
        this.messages = iRemoteMessageSource;
    }

    private JAXBContext getContext() {
        if (this.context == null) {
            try {
                this.context = JAXBContext.newInstance(new Class[]{Auth.class});
            } catch (JAXBException e) {
                this.log.error("Error while creating JAXB context.", e);
            }
        }
        return this.context;
    }

    private Schema getSchema() {
        if (this.schema == null) {
            try {
                this.schema = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema").newSchema(getAuthConfigurationSchema().getURL());
            } catch (Exception e) {
                this.log.error("Error while creating schema.", e);
            }
        }
        return this.schema;
    }

    public IAuthService getAuthService() {
        return this.authService;
    }

    public void setAuthService(IAuthService iAuthService) {
        this.authService = iAuthService;
    }

    private Map<String, Profile> getProfileMap() {
        if (this.profileMap == null) {
            Profiles profiles = getProfiles();
            this.profileMap = new HashMap();
            for (Profile profile : profiles.getProfile()) {
                this.profileMap.put(profile.getName(), profile);
            }
        }
        return this.profileMap;
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x002f, code lost:
    
        if (isBlacklist() == false) goto L13;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean isReferenced(java.lang.String r5, sernet.verinice.model.auth.Auth r6) {
        /*
            r4 = this;
            r0 = 0
            r7 = r0
            r0 = r4
            r1 = r6
            java.util.Map r0 = r0.loadAllReferencedActions(r1)     // Catch: java.lang.Exception -> L3a
            r8 = r0
            r0 = r8
            if (r0 == 0) goto L38
            r0 = r8
            r1 = r5
            java.lang.Object r0 = r0.get(r1)     // Catch: java.lang.Exception -> L3a
            if (r0 == 0) goto L20
            r0 = r4
            boolean r0 = r0.isWhitelist()     // Catch: java.lang.Exception -> L3a
            if (r0 != 0) goto L36
        L20:
            r0 = r8
            r1 = r5
            java.lang.Object r0 = r0.get(r1)     // Catch: java.lang.Exception -> L3a
            if (r0 != 0) goto L32
            r0 = r4
            boolean r0 = r0.isBlacklist()     // Catch: java.lang.Exception -> L3a
            if (r0 != 0) goto L36
        L32:
            r0 = 0
            goto L37
        L36:
            r0 = 1
        L37:
            r7 = r0
        L38:
            r0 = r7
            return r0
        L3a:
            r8 = move-exception
            r0 = r4
            org.apache.log4j.Logger r0 = r0.log
            java.lang.String r1 = "Error while checking action. Returning false"
            r2 = r8
            r0.error(r1, r2)
            r0 = r7
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: sernet.verinice.service.XmlRightsService.isReferenced(java.lang.String, sernet.verinice.model.auth.Auth):boolean");
    }

    private Map<String, Action> loadAllReferencedActions(Auth auth) {
        HashMap hashMap = new HashMap();
        Iterator it = auth.getUserprofiles().getUserprofile().iterator();
        while (it.hasNext()) {
            List<ProfileRef> profileRef = ((Userprofile) it.next()).getProfileRef();
            if (profileRef != null) {
                for (ProfileRef profileRef2 : profileRef) {
                    Profile profile = getProfileMap().get(profileRef2.getName());
                    if (profile != null) {
                        for (Action action : profile.getAction()) {
                            hashMap.put(action.getId(), action);
                        }
                    } else {
                        this.log.error("Could not find profile " + profileRef2.getName() + " of user " + getAuthService().getUsername());
                    }
                }
            }
        }
        return hashMap;
    }

    private static List<IRightsChangeListener> getChangeListener() {
        return changeListener;
    }

    public static void addChangeListener(IRightsChangeListener iRightsChangeListener) {
        getChangeListener().add(iRightsChangeListener);
    }

    public static void removeChangeListener(IRightsChangeListener iRightsChangeListener) {
        getChangeListener().remove(iRightsChangeListener);
    }

    public boolean isWhitelist() {
        return ConfigurationType.WHITELIST.equals(getConfiguration().getType());
    }

    public boolean isBlacklist() {
        return ConfigurationType.BLACKLIST.equals(getConfiguration().getType());
    }
}
