package sernet.verinice.service;

import java.io.Serializable;
import java.sql.SQLException;
import java.util.Properties;
import org.apache.log4j.Logger;
import org.hibernate.HibernateException;
import org.hibernate.Session;
import org.springframework.orm.hibernate3.HibernateCallback;
import sernet.hui.common.VeriniceContext;
import sernet.verinice.interfaces.CommandException;
import sernet.verinice.interfaces.ElementChange;
import sernet.verinice.interfaces.IAuthAwareCommand;
import sernet.verinice.interfaces.IAuthService;
import sernet.verinice.interfaces.IBaseDao;
import sernet.verinice.interfaces.IChangeLoggingCommand;
import sernet.verinice.interfaces.ICommand;
import sernet.verinice.interfaces.ICommandService;
import sernet.verinice.interfaces.IGraphCommand;
import sernet.verinice.interfaces.IHibernateCommandService;
import sernet.verinice.interfaces.INoAccessControl;
import sernet.verinice.interfaces.IRightsServerHandler;
import sernet.verinice.interfaces.graph.IGraphService;
import sernet.verinice.interfaces.ldap.ILdapCommand;
import sernet.verinice.interfaces.ldap.ILdapService;
import sernet.verinice.model.bsi.BSIModel;
import sernet.verinice.model.common.ChangeLogEntry;
import sernet.verinice.model.common.CnATreeElement;
import sernet.verinice.service.commands.UsernameExistsRuntimeException;

/* loaded from: input_file:sernet/verinice/service/HibernateCommandService.class */
public class HibernateCommandService implements ICommandService, IHibernateCommandService {
    private DAOFactory daoFactory;
    private ICommandExceptionHandler exceptionHandler;
    private IAuthService authService;
    private IGraphService graphService;
    private ILdapService ldapService;
    private VeriniceContext.State workObjects;
    private IConfigurationService configurationService;
    private IRightsServerHandler rightsServerHandler;
    IBaseDao<BSIModel, Serializable> dao;
    private Properties properties;
    private Logger log = Logger.getLogger(HibernateCommandService.class);
    private boolean dbOpen = false;

    public <T extends ICommand> T executeCommand(T t) throws CommandException {
        VeriniceContext.setState(this.workObjects);
        if (!this.dbOpen) {
            throw new CommandException("DB connection closed.");
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("Service executing command: " + t.getClass().getSimpleName() + " / user: " + getAuthService().getUsername());
        }
        try {
            t.setDaoFactory(this.daoFactory);
            t.setCommandService(this);
            if (t instanceof IAuthAwareCommand) {
                ((IAuthAwareCommand) t).setAuthService(this.authService);
            }
            if (t instanceof IGraphCommand) {
                ((IGraphCommand) t).setGraphService(this.graphService);
            }
            if (t instanceof ILdapCommand) {
                ILdapCommand iLdapCommand = (ILdapCommand) t;
                if (getLdapService() == null) {
                    this.log.warn("LDAP service is not configured.");
                }
                iLdapCommand.setLdapService(getLdapService());
            }
            if (!this.authService.isPermissionHandlingNeeded() || (t instanceof INoAccessControl)) {
                disableScopeFilter(getBsiModelDao());
            } else {
                configureFilter(getBsiModelDao());
            }
            t.execute();
            disableFilter(getBsiModelDao());
            if (t instanceof IChangeLoggingCommand) {
                log((IChangeLoggingCommand) t);
            }
            t.clear();
        } catch (Exception e) {
            this.log.error("Error while executing command", e);
            if (this.exceptionHandler != null) {
                this.exceptionHandler.handle(e);
            }
        } catch (UsernameExistsRuntimeException e2) {
            this.log.info("Username is not available: " + e2.getUsername());
            if (this.log.isDebugEnabled()) {
                this.log.debug("stacktrace: ", e2);
            }
            if (this.exceptionHandler != null) {
                this.exceptionHandler.handle(e2);
            }
        }
        return t;
    }

    public void configureFilter(IBaseDao iBaseDao) {
        if (this.authService.isPermissionHandlingNeeded()) {
            if (!hasAdminRole(this.authService.getRoles())) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Enabling security access filter for user: " + this.authService.getUsername());
                }
                setAccessFilterEnabled(true, iBaseDao);
            }
            configureScopeFilter(iBaseDao);
        }
    }

    public void disableFilter(IBaseDao iBaseDao) {
        setAccessFilterEnabled(false, iBaseDao);
        disableScopeFilter(iBaseDao);
    }

    private void log(IChangeLoggingCommand iChangeLoggingCommand) {
        for (ElementChange elementChange : iChangeLoggingCommand.getChanges()) {
            CnATreeElement cnATreeElement = null;
            if (elementChange.getChangeType() != 2) {
                cnATreeElement = elementChange.getElement();
            }
            log(new ChangeLogEntry(elementChange.getElement(), elementChange.getChangeType(), getAuthService().getUsername(), iChangeLoggingCommand.getStationId(), elementChange.getTime()), cnATreeElement);
        }
    }

    private void log(ChangeLogEntry changeLogEntry, CnATreeElement cnATreeElement) {
        this.log.debug("Logging change type '" + changeLogEntry.getChangeDescription() + "' for element of type " + changeLogEntry.getElementClass() + " with ID " + changeLogEntry.getElementId());
        this.daoFactory.getDAO(ChangeLogEntry.class).saveOrUpdate(changeLogEntry);
    }

    public void setDaoFactory(DAOFactory dAOFactory) {
        this.dbOpen = true;
        this.daoFactory = dAOFactory;
    }

    public ICommandExceptionHandler getExceptionHandler() {
        return this.exceptionHandler;
    }

    public void setExceptionHandler(ICommandExceptionHandler iCommandExceptionHandler) {
        this.exceptionHandler = iCommandExceptionHandler;
    }

    public IAuthService getAuthService() {
        return this.authService;
    }

    public void setAuthService(IAuthService iAuthService) {
        this.authService = iAuthService;
    }

    public IGraphService getGraphService() {
        return this.graphService;
    }

    public void setGraphService(IGraphService iGraphService) {
        this.graphService = iGraphService;
    }

    public ILdapService getLdapService() {
        return this.ldapService;
    }

    public void setLdapService(ILdapService iLdapService) {
        this.ldapService = iLdapService;
    }

    public void setWorkObjects(VeriniceContext.State state) {
        this.workObjects = state;
    }

    public VeriniceContext.State getWorkObjects() {
        return this.workObjects;
    }

    public IConfigurationService getConfigurationService() {
        return this.configurationService;
    }

    public void setConfigurationService(IConfigurationService iConfigurationService) {
        this.configurationService = iConfigurationService;
    }

    public IRightsServerHandler getRightsServerHandler() {
        return this.rightsServerHandler;
    }

    public void setRightsServerHandler(IRightsServerHandler iRightsServerHandler) {
        this.rightsServerHandler = iRightsServerHandler;
    }

    public Properties getProperties() {
        return this.properties;
    }

    public void setProperties(Properties properties) {
        this.properties = properties;
    }

    private void configureScopeFilter(IBaseDao iBaseDao) {
        if (!getConfigurationService().isScopeOnly(this.authService.getUsername())) {
            disableScopeFilter(iBaseDao);
        } else {
            final Integer scopeId = getConfigurationService().getScopeId(this.authService.getUsername());
            iBaseDao.executeCallback(new HibernateCallback() { // from class: sernet.verinice.service.HibernateCommandService.1
                public Object doInHibernate(Session session) throws HibernateException, SQLException {
                    session.enableFilter("scopeFilter").setParameter("scopeId", scopeId);
                    return null;
                }
            });
        }
    }

    private void setAccessFilterEnabled(boolean z, IBaseDao iBaseDao) {
        if (!z) {
            disableScopeFilter(iBaseDao);
        } else {
            final String[] roles = getConfigurationService().getRoles(this.authService.getUsername());
            iBaseDao.executeCallback(new HibernateCallback() { // from class: sernet.verinice.service.HibernateCommandService.2
                public Object doInHibernate(Session session) throws HibernateException, SQLException {
                    session.enableFilter("userAccessReadFilter").setParameterList("currentRoles", roles).setParameter("readAllowed", Boolean.TRUE);
                    return null;
                }
            });
        }
    }

    private void disableScopeFilter(IBaseDao iBaseDao) {
        iBaseDao.executeCallback(new HibernateCallback() { // from class: sernet.verinice.service.HibernateCommandService.3
            public Object doInHibernate(Session session) throws HibernateException, SQLException {
                session.disableFilter("scopeFilter");
                return null;
            }
        });
    }

    private boolean hasAdminRole(String[] strArr) {
        if (strArr == null) {
            return false;
        }
        for (String str : strArr) {
            if ("ROLE_ADMIN".equals(str)) {
                return true;
            }
        }
        return false;
    }

    public void discardUserData() {
        getConfigurationService().discardUserData();
        getRightsServerHandler().discardData();
    }

    private IBaseDao<BSIModel, Serializable> getBsiModelDao() {
        if (this.dao == null) {
            this.dao = this.daoFactory.getDAO(BSIModel.class);
        }
        return this.dao;
    }
}
