package org.alfresco.repo.admin.patch.impl;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.zip.CRC32;
import org.alfresco.config.JNDIConstants;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.i18n.I18NUtil;
import org.alfresco.model.WCMAppModel;
import org.alfresco.repo.domain.DbAccessControlEntry;
import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.repo.domain.DbAccessControlListChangeSet;
import org.alfresco.repo.domain.DbAuthority;
import org.alfresco.repo.domain.DbPermission;
import org.alfresco.repo.domain.PropertyValue;
import org.alfresco.repo.domain.QNameDAO;
import org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl;
import org.alfresco.repo.domain.hibernate.DbAccessControlListChangeSetImpl;
import org.alfresco.repo.domain.hibernate.DbAccessControlListImpl;
import org.alfresco.repo.domain.hibernate.DbAccessControlListMemberImpl;
import org.alfresco.repo.domain.hibernate.DbAuthorityImpl;
import org.alfresco.repo.domain.hibernate.DbPermissionImpl;
import org.alfresco.repo.search.AVMSnapShotTriggeredIndexingMethodInterceptor;
import org.alfresco.repo.security.permissions.ACEType;
import org.alfresco.repo.security.permissions.ACLType;
import org.alfresco.service.cmr.admin.PatchException;
import org.alfresco.service.cmr.avm.AVMStoreDescriptor;
import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.util.GUID;
import org.alfresco.util.Pair;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hibernate.Query;
import org.hibernate.SQLQuery;
import org.hibernate.ScrollMode;
import org.hibernate.ScrollableResults;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.type.LongType;
import org.hibernate.type.StringType;
import org.springframework.orm.hibernate3.HibernateCallback;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
import org.springframework.transaction.interceptor.RuleBasedTransactionAttribute;

/* loaded from: input_file:WEB-INF/lib/alfresco-repository-3.2.jar:org/alfresco/repo/admin/patch/impl/ResetWCMToGroupBasedPermissionsPatch.class */
public class ResetWCMToGroupBasedPermissionsPatch extends MoveWCMToGroupBasedPermissionsPatch {
    private static final String MSG_SUCCESS = "patch.resetWCMToGroupBasedPermissionsPatch.result";
    private PersonService personService;
    private static Log logger = LogFactory.getLog(ResetWCMToGroupBasedPermissionsPatch.class);
    private static int batchSize = 500;
    private Map<String, Pair<DbAccessControlListChangeSet, Long>> stagingData = new HashMap(10);
    private HibernateHelper helper = new HibernateHelper();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/alfresco-repository-3.2.jar:org/alfresco/repo/admin/patch/impl/ResetWCMToGroupBasedPermissionsPatch$HibernateHelper.class */
    public static class HibernateHelper extends HibernateDaoSupport {
        private static Log logger = LogFactory.getLog(ResetWCMToGroupBasedPermissionsPatch.class);
        private static final String QUERY_GET_PERMISSION = "permission.GetPermission";
        private static final String QUERY_GET_AUTHORITY = "permission.GetAuthority";
        private static final String QUERY_GET_ACE_WITH_NO_CONTEXT = "permission.GetAceWithNoContext";
        protected QNameDAO qnameDAO;

        private HibernateHelper() {
        }

        public void setQnameDAO(QNameDAO qNameDAO) {
            this.qnameDAO = qNameDAO;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int nullifyAvmNodeAcls(String str) {
            try {
                long aVMStoreCurrentRootNodeId = getAVMStoreCurrentRootNodeId(str);
                int nullifyAvmNodeAcls = nullifyAvmNodeAcls(aVMStoreCurrentRootNodeId);
                ArrayList arrayList = new ArrayList(1);
                arrayList.add(Long.valueOf(aVMStoreCurrentRootNodeId));
                return nullifyAvmNodeAcls + nullifyAvmNodeAclsForChildren(arrayList);
            } catch (Throwable th) {
                String str2 = "Failed to nullify avm node acl ids for: " + str;
                logger.error(str2, th);
                throw new PatchException(str2, th);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int nullifyAvmNodeAclsExcluding(String str, String str2) {
            try {
                List<Pair<Long, String>> aVMChildrenWithName = getAVMChildrenWithName(getAVMStoreCurrentRootNodeId(str));
                int i = 0;
                ArrayList arrayList = new ArrayList(0);
                for (Pair<Long, String> pair : aVMChildrenWithName) {
                    Long first = pair.getFirst();
                    if (!pair.getSecond().equals(str2)) {
                        i += nullifyAvmNodeAcls(first.longValue());
                        arrayList.add(first);
                    }
                }
                if (arrayList.size() > 0) {
                    i += nullifyAvmNodeAclsForChildren(arrayList);
                }
                return i;
            } catch (Throwable th) {
                String str3 = "Failed to nullify avm node acl ids for: " + str + " (excluding " + str2 + ")";
                logger.error(str3, th);
                throw new PatchException(str3, th);
            }
        }

        private int nullifyAvmNodeAcls(long j) throws Exception {
            List<Long> aVMChildren = getAVMChildren(j);
            int i = 0;
            if (aVMChildren.size() > 0) {
                i = nullifyAvmNodeAclsForChildren(aVMChildren);
                Iterator<Long> it = aVMChildren.iterator();
                while (it.hasNext()) {
                    i += nullifyAvmNodeAcls(it.next().longValue());
                }
            }
            return i;
        }

        private int nullifyAvmNodeAclsForChildren(List<Long> list) {
            int i = 0;
            Iterator<Long> it = list.iterator();
            ArrayList arrayList = new ArrayList(ResetWCMToGroupBasedPermissionsPatch.batchSize);
            while (it.hasNext()) {
                arrayList.add(it.next());
                if (arrayList.size() == ResetWCMToGroupBasedPermissionsPatch.batchSize || !it.hasNext()) {
                    SQLQuery createSQLQuery = getSession().createSQLQuery(" update avm_nodes set acl_id = null  where acl_id is not null  and id in (:childIds) ");
                    createSQLQuery.setParameterList("childIds", arrayList);
                    i += Integer.valueOf(createSQLQuery.executeUpdate()).intValue();
                    arrayList.clear();
                }
            }
            return i;
        }

        private int updateChildNodeAclIds(long j, List<Long> list) {
            int i = 0;
            Iterator<Long> it = list.iterator();
            ArrayList arrayList = new ArrayList(ResetWCMToGroupBasedPermissionsPatch.batchSize);
            while (it.hasNext()) {
                arrayList.add(it.next());
                if (arrayList.size() == ResetWCMToGroupBasedPermissionsPatch.batchSize || !it.hasNext()) {
                    SQLQuery createSQLQuery = getSession().createSQLQuery(" update avm_nodes set acl_id = :aclId  where id in (:childIds) ");
                    createSQLQuery.setParameterList("childIds", arrayList);
                    createSQLQuery.setLong("aclId", j);
                    i += Integer.valueOf(createSQLQuery.executeUpdate()).intValue();
                    arrayList.clear();
                }
            }
            return i;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void setRootAcl(String str, long j) throws Exception {
            try {
                int i = 0;
                for (Pair<Long, String> pair : getAVMChildrenWithName(getAVMStoreCurrentRootNodeId(str))) {
                    Long first = pair.getFirst();
                    if (pair.getSecond().equals(JNDIConstants.DIR_DEFAULT_WWW)) {
                        ArrayList arrayList = new ArrayList(1);
                        arrayList.add(first);
                        i += updateChildNodeAclIds(j, arrayList);
                    }
                }
                if (i != 1) {
                    throw new AlfrescoRuntimeException("Failed to set top acl for store: " + str + " (unexpected updateCount = " + i);
                }
            } catch (Throwable th) {
                String str2 = "Failed to set top acl for store: " + str;
                logger.error(str2, th);
                throw new PatchException(str2, th);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int setSharedAcls(String str, long j) throws Exception {
            try {
                List<Pair<Long, String>> aVMChildrenWithName = getAVMChildrenWithName(getAVMStoreCurrentRootNodeId(str));
                ArrayList arrayList = new ArrayList(1);
                for (Pair<Long, String> pair : aVMChildrenWithName) {
                    Long first = pair.getFirst();
                    if (pair.getSecond().equals(JNDIConstants.DIR_DEFAULT_WWW)) {
                        arrayList.add(first);
                    }
                }
                if (arrayList.size() != 1) {
                    throw new AlfrescoRuntimeException("Did not find one 'www' (" + arrayList.size() + ") for: " + str);
                }
                return setSharedAcls(((Long) arrayList.get(0)).longValue(), j);
            } catch (Throwable th) {
                String str2 = "Failed to set shared acls for store: " + str;
                logger.error(str2, th);
                throw new PatchException(str2, th);
            }
        }

        private int setSharedAcls(long j, long j2) throws Exception {
            List<Long> aVMChildren = getAVMChildren(j);
            int i = 0;
            if (aVMChildren.size() > 0) {
                i = updateChildNodeAclIds(j2, aVMChildren);
                Iterator<Long> it = aVMChildren.iterator();
                while (it.hasNext()) {
                    i += setSharedAcls(it.next().longValue(), j2);
                }
            }
            return i;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int deleteDanglingAces() {
            return Integer.valueOf(getSession().createSQLQuery(" delete from alf_access_control_entry  where id not in  (select distinct(m.ace_id)  from alf_acl_member m) ").executeUpdate()).intValue();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int deleteDanglingAcls() throws Exception {
            Set<Long> nonDanglingAcls = getNonDanglingAcls();
            Set<Long> allAcls = getAllAcls();
            allAcls.removeAll(nonDanglingAcls);
            int i = 0;
            Iterator<Long> it = allAcls.iterator();
            ArrayList arrayList = new ArrayList(ResetWCMToGroupBasedPermissionsPatch.batchSize);
            while (it.hasNext()) {
                arrayList.add(it.next());
                if (arrayList.size() == ResetWCMToGroupBasedPermissionsPatch.batchSize || !it.hasNext()) {
                    SQLQuery createSQLQuery = getSession().createSQLQuery(" delete from alf_acl_member  where acl_id in (:aclIds) ");
                    createSQLQuery.setParameterList("aclIds", arrayList);
                    i += Integer.valueOf(createSQLQuery.executeUpdate()).intValue();
                    arrayList.clear();
                }
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Deleted " + i + " dangling acl members");
            }
            int i2 = 0;
            Iterator<Long> it2 = allAcls.iterator();
            ArrayList arrayList2 = new ArrayList(ResetWCMToGroupBasedPermissionsPatch.batchSize);
            while (it2.hasNext()) {
                arrayList2.add(it2.next());
                if (arrayList2.size() == ResetWCMToGroupBasedPermissionsPatch.batchSize || !it2.hasNext()) {
                    SQLQuery createSQLQuery2 = getSession().createSQLQuery(" delete from alf_access_control_list  where id in (:aclIds) ");
                    createSQLQuery2.setParameterList("aclIds", arrayList2);
                    i2 += Integer.valueOf(createSQLQuery2.executeUpdate()).intValue();
                    arrayList2.clear();
                }
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Deleted " + i2 + " dangling acls");
            }
            return i2;
        }

        private Set<Long> getNonDanglingAcls() {
            HashSet hashSet = new HashSet(10000);
            ScrollableResults scrollableResults = null;
            try {
                try {
                    scrollableResults = (ScrollableResults) getHibernateTemplate().execute(new HibernateCallback() { // from class: org.alfresco.repo.admin.patch.impl.ResetWCMToGroupBasedPermissionsPatch.HibernateHelper.1
                        @Override // org.springframework.orm.hibernate3.HibernateCallback
                        public Object doInHibernate(Session session) {
                            SQLQuery createSQLQuery = HibernateHelper.this.getSession().createSQLQuery(" select acl_id from avm_nodes where acl_id is not null  union  select acl_id from avm_stores where acl_id is not null  union  select acl_id from alf_node where acl_id is not null  union  select acl_id from alf_attributes where acl_id is not null");
                            createSQLQuery.addScalar("acl_id", new LongType());
                            return createSQLQuery.scroll(ScrollMode.FORWARD_ONLY);
                        }
                    });
                    while (scrollableResults.next()) {
                        hashSet.add((Long) scrollableResults.get(0));
                    }
                    if (scrollableResults != null) {
                        try {
                            scrollableResults.close();
                        } catch (Throwable th) {
                            logger.error(th);
                        }
                    }
                    return hashSet;
                } catch (Throwable th2) {
                    logger.error("Failed to query for non-dangling acls", th2);
                    throw new PatchException("Failed to query for non-dangling acls", th2);
                }
            } catch (Throwable th3) {
                if (scrollableResults != null) {
                    try {
                        scrollableResults.close();
                    } catch (Throwable th4) {
                        logger.error(th4);
                    }
                }
                throw th3;
            }
        }

        private Set<Long> getAllAcls() {
            HashSet hashSet = new HashSet(10000);
            ScrollableResults scrollableResults = null;
            try {
                try {
                    scrollableResults = (ScrollableResults) getHibernateTemplate().execute(new HibernateCallback() { // from class: org.alfresco.repo.admin.patch.impl.ResetWCMToGroupBasedPermissionsPatch.HibernateHelper.2
                        @Override // org.springframework.orm.hibernate3.HibernateCallback
                        public Object doInHibernate(Session session) {
                            SQLQuery createSQLQuery = HibernateHelper.this.getSession().createSQLQuery("select id from alf_access_control_list ");
                            createSQLQuery.addScalar("id", new LongType());
                            return createSQLQuery.scroll(ScrollMode.FORWARD_ONLY);
                        }
                    });
                    while (scrollableResults.next()) {
                        hashSet.add((Long) scrollableResults.get(0));
                    }
                    if (scrollableResults != null) {
                        try {
                            scrollableResults.close();
                        } catch (Throwable th) {
                            logger.error(th);
                        }
                    }
                    return hashSet;
                } catch (Throwable th2) {
                    logger.error("Failed to query for all acls", th2);
                    throw new PatchException("Failed to query for all acls", th2);
                }
            } catch (Throwable th3) {
                if (scrollableResults != null) {
                    try {
                        scrollableResults.close();
                    } catch (Throwable th4) {
                        logger.error(th4);
                    }
                }
                throw th3;
            }
        }

        private long getAVMStoreCurrentRootNodeId(String str) {
            SQLQuery createSQLQuery = getSession().createSQLQuery("select current_root_id as root_id from avm_stores where name = :name");
            createSQLQuery.setString("name", str);
            createSQLQuery.addScalar("root_id", new LongType());
            return ((Long) createSQLQuery.uniqueResult()).longValue();
        }

        private List<Long> getAVMChildren(final long j) {
            ArrayList arrayList = new ArrayList(100);
            ScrollableResults scrollableResults = null;
            try {
                try {
                    scrollableResults = (ScrollableResults) getHibernateTemplate().execute(new HibernateCallback() { // from class: org.alfresco.repo.admin.patch.impl.ResetWCMToGroupBasedPermissionsPatch.HibernateHelper.3
                        @Override // org.springframework.orm.hibernate3.HibernateCallback
                        public Object doInHibernate(Session session) {
                            SQLQuery createSQLQuery = HibernateHelper.this.getSession().createSQLQuery("select child_id as child_id from avm_child_entries where parent_id = :parentId");
                            createSQLQuery.setLong("parentId", j);
                            createSQLQuery.addScalar("child_id", new LongType());
                            return createSQLQuery.scroll(ScrollMode.FORWARD_ONLY);
                        }
                    });
                    while (scrollableResults.next()) {
                        arrayList.add((Long) scrollableResults.get(0));
                    }
                    if (scrollableResults != null) {
                        try {
                            scrollableResults.close();
                        } catch (Throwable th) {
                            logger.error(th);
                        }
                    }
                    return arrayList;
                } catch (Throwable th2) {
                    if (scrollableResults != null) {
                        try {
                            scrollableResults.close();
                        } catch (Throwable th3) {
                            logger.error(th3);
                        }
                    }
                    throw th2;
                }
            } catch (Throwable th4) {
                String str = "Failed to query for child entries (parent_id = " + j + ")";
                logger.error(str, th4);
                throw new PatchException(str, th4);
            }
        }

        private List<Pair<Long, String>> getAVMChildrenWithName(final long j) {
            PatchException patchException;
            ArrayList arrayList = new ArrayList(100);
            ScrollableResults scrollableResults = null;
            try {
                try {
                    scrollableResults = (ScrollableResults) getHibernateTemplate().execute(new HibernateCallback() { // from class: org.alfresco.repo.admin.patch.impl.ResetWCMToGroupBasedPermissionsPatch.HibernateHelper.4
                        @Override // org.springframework.orm.hibernate3.HibernateCallback
                        public Object doInHibernate(Session session) {
                            SQLQuery createSQLQuery = HibernateHelper.this.getSession().createSQLQuery("select child_id, name as name from avm_child_entries where parent_id = :parentId");
                            createSQLQuery.setLong("parentId", j);
                            createSQLQuery.addScalar("child_id", new LongType());
                            createSQLQuery.addScalar("name", new StringType());
                            return createSQLQuery.scroll(ScrollMode.FORWARD_ONLY);
                        }
                    });
                    while (scrollableResults.next()) {
                        arrayList.add(new Pair((Long) scrollableResults.get(0), (String) scrollableResults.get(1)));
                    }
                    if (scrollableResults != null) {
                        try {
                            scrollableResults.close();
                        } catch (Throwable th) {
                            logger.error(th);
                        }
                    }
                    return arrayList;
                } finally {
                }
            } catch (Throwable th2) {
                if (scrollableResults != null) {
                    try {
                        scrollableResults.close();
                    } catch (Throwable th3) {
                        logger.error(th3);
                    }
                }
                throw th2;
            }
        }

        private long findOrCreateAce(String str, String str2) throws Exception {
            final DbPermission findOrCreatePermission = findOrCreatePermission(str2);
            final DbAuthority findOrCreateAuthority = findOrCreateAuthority(str);
            DbAccessControlEntry dbAccessControlEntry = (DbAccessControlEntry) getHibernateTemplate().execute(new HibernateCallback() { // from class: org.alfresco.repo.admin.patch.impl.ResetWCMToGroupBasedPermissionsPatch.HibernateHelper.5
                @Override // org.springframework.orm.hibernate3.HibernateCallback
                public Object doInHibernate(Session session) {
                    Query namedQuery = session.getNamedQuery(HibernateHelper.QUERY_GET_ACE_WITH_NO_CONTEXT);
                    namedQuery.setParameter("permissionId", findOrCreatePermission.getId());
                    namedQuery.setParameter("authorityId", findOrCreateAuthority.getId());
                    namedQuery.setParameter("allowed", (Object) true);
                    namedQuery.setParameter("applies", Integer.valueOf(ACEType.ALL.getId()));
                    return namedQuery.uniqueResult();
                }
            });
            if (dbAccessControlEntry == null) {
                DbAccessControlEntryImpl dbAccessControlEntryImpl = new DbAccessControlEntryImpl();
                dbAccessControlEntryImpl.setAceType(ACEType.ALL);
                dbAccessControlEntryImpl.setAllowed(true);
                dbAccessControlEntryImpl.setAuthority(findOrCreateAuthority);
                dbAccessControlEntryImpl.setPermission(findOrCreatePermission);
                dbAccessControlEntry = dbAccessControlEntryImpl;
                getHibernateTemplate().save(dbAccessControlEntryImpl);
            }
            return dbAccessControlEntry.getId().longValue();
        }

        private DbAuthority findOrCreateAuthority(final String str) throws Exception {
            DbAuthority dbAuthority = (DbAuthority) getHibernateTemplate().execute(new HibernateCallback() { // from class: org.alfresco.repo.admin.patch.impl.ResetWCMToGroupBasedPermissionsPatch.HibernateHelper.6
                @Override // org.springframework.orm.hibernate3.HibernateCallback
                public Object doInHibernate(Session session) {
                    Query namedQuery = session.getNamedQuery(HibernateHelper.QUERY_GET_AUTHORITY);
                    namedQuery.setParameter("authority", str);
                    return namedQuery.uniqueResult();
                }
            });
            if (dbAuthority == null) {
                DbAuthorityImpl dbAuthorityImpl = new DbAuthorityImpl();
                dbAuthorityImpl.setAuthority(str);
                dbAuthorityImpl.setCrc(Long.valueOf(getCrc(str)));
                dbAuthority = dbAuthorityImpl;
                getHibernateTemplate().save(dbAuthorityImpl);
            }
            return dbAuthority;
        }

        private long getCrc(String str) {
            CRC32 crc32 = new CRC32();
            crc32.update(str.getBytes());
            return crc32.getValue();
        }

        private DbPermission findOrCreatePermission(final String str) throws Exception {
            final Long first = this.qnameDAO.getOrCreateQName(QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, "cmobject")).getFirst();
            DbPermission dbPermission = (DbPermission) getHibernateTemplate().execute(new HibernateCallback() { // from class: org.alfresco.repo.admin.patch.impl.ResetWCMToGroupBasedPermissionsPatch.HibernateHelper.7
                @Override // org.springframework.orm.hibernate3.HibernateCallback
                public Object doInHibernate(Session session) {
                    Query namedQuery = session.getNamedQuery(HibernateHelper.QUERY_GET_PERMISSION);
                    namedQuery.setParameter("permissionTypeQNameId", first);
                    namedQuery.setParameter("permissionName", str);
                    return namedQuery.uniqueResult();
                }
            });
            if (dbPermission == null) {
                DbPermissionImpl dbPermissionImpl = new DbPermissionImpl();
                dbPermissionImpl.setTypeQNameId(first);
                dbPermissionImpl.setName(str);
                dbPermission = dbPermissionImpl;
                getHibernateTemplate().save(dbPermissionImpl);
            }
            return dbPermission;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public DbAccessControlListChangeSet createAclChangeSet() throws Exception {
            DbAccessControlListChangeSetImpl dbAccessControlListChangeSetImpl = new DbAccessControlListChangeSetImpl();
            getHibernateTemplate().save(dbAccessControlListChangeSetImpl);
            return dbAccessControlListChangeSetImpl;
        }

        private long createAcl(DbAccessControlListChangeSet dbAccessControlListChangeSet, ACLType aCLType, boolean z) throws Exception {
            DbAccessControlListImpl dbAccessControlListImpl = new DbAccessControlListImpl();
            dbAccessControlListImpl.setAclId(GUID.generate());
            dbAccessControlListImpl.setAclType(aCLType);
            Long l = 1L;
            dbAccessControlListImpl.setAclVersion(l.longValue());
            switch (aCLType) {
                case FIXED:
                case GLOBAL:
                    dbAccessControlListImpl.setInherits(Boolean.FALSE.booleanValue());
                    break;
            }
            dbAccessControlListImpl.setInherits(Boolean.TRUE.booleanValue());
            dbAccessControlListImpl.setLatest(Boolean.TRUE.booleanValue());
            switch (aCLType) {
                case FIXED:
                case GLOBAL:
                case SHARED:
                case DEFINING:
                case LAYERED:
                default:
                    dbAccessControlListImpl.setVersioned(Boolean.TRUE.booleanValue());
                    break;
                case OLD:
                    dbAccessControlListImpl.setVersioned(Boolean.FALSE.booleanValue());
                    break;
            }
            dbAccessControlListImpl.setAclChangeSet(dbAccessControlListChangeSet);
            dbAccessControlListImpl.setRequiresVersion(z);
            return ((Long) getHibernateTemplate().save(dbAccessControlListImpl)).longValue();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void updateAclInheritsFrom(final long j, final long j2) throws Exception {
            if (((Integer) getHibernateTemplate().execute(new HibernateCallback() { // from class: org.alfresco.repo.admin.patch.impl.ResetWCMToGroupBasedPermissionsPatch.HibernateHelper.8
                @Override // org.springframework.orm.hibernate3.HibernateCallback
                public Integer doInHibernate(Session session) {
                    SQLQuery createSQLQuery = session.createSQLQuery(" update alf_access_control_list set inherits_from = :inheritsFromId where id = :aclId ");
                    createSQLQuery.setLong("aclId", j);
                    createSQLQuery.setLong("inheritsFromId", j2);
                    return Integer.valueOf(createSQLQuery.executeUpdate());
                }
            })).intValue() != 1) {
                throw new AlfrescoRuntimeException("Failed to update acl inheritsFrom");
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void updateAclInherited(final long j, final long j2) throws Exception {
            if (((Integer) getHibernateTemplate().execute(new HibernateCallback() { // from class: org.alfresco.repo.admin.patch.impl.ResetWCMToGroupBasedPermissionsPatch.HibernateHelper.9
                @Override // org.springframework.orm.hibernate3.HibernateCallback
                public Integer doInHibernate(Session session) {
                    SQLQuery createSQLQuery = session.createSQLQuery(" update alf_access_control_list set inherited_acl = :inheritedAclId where id = :aclId ");
                    createSQLQuery.setLong("aclId", j);
                    createSQLQuery.setLong("inheritedAclId", j2);
                    return Integer.valueOf(createSQLQuery.executeUpdate());
                }
            })).intValue() != 1) {
                throw new AlfrescoRuntimeException("Failed to update acl inherited");
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Long createWCMGroupBasedAcl(String str, DbAccessControlListChangeSet dbAccessControlListChangeSet, ACLType aCLType, boolean z) throws Exception {
            if (str.contains("--")) {
                throw new AlfrescoRuntimeException("Unexpected staging store name: " + str);
            }
            ArrayList arrayList = new ArrayList(5);
            long findOrCreateAce = findOrCreateAce(PermissionService.GROUP_PREFIX + str + RuleBasedTransactionAttribute.PREFIX_ROLLBACK_RULE + "ContentManager", "ContentManager");
            long findOrCreateAce2 = findOrCreateAce(PermissionService.GROUP_PREFIX + str + RuleBasedTransactionAttribute.PREFIX_ROLLBACK_RULE + "ContentPublisher", "ContentPublisher");
            long findOrCreateAce3 = findOrCreateAce(PermissionService.GROUP_PREFIX + str + RuleBasedTransactionAttribute.PREFIX_ROLLBACK_RULE + "ContentContributor", "ContentContributor");
            long findOrCreateAce4 = findOrCreateAce(PermissionService.GROUP_PREFIX + str + RuleBasedTransactionAttribute.PREFIX_ROLLBACK_RULE + "ContentReviewer", "ContentReviewer");
            long findOrCreateAce5 = findOrCreateAce(PermissionService.ALL_AUTHORITIES, PermissionService.READ);
            long createAcl = createAcl(dbAccessControlListChangeSet, aCLType, z);
            arrayList.add(Long.valueOf(findOrCreateAce));
            arrayList.add(Long.valueOf(findOrCreateAce2));
            arrayList.add(Long.valueOf(findOrCreateAce3));
            arrayList.add(Long.valueOf(findOrCreateAce4));
            arrayList.add(Long.valueOf(findOrCreateAce5));
            addAcesToAcl(createAcl, arrayList, 0);
            return Long.valueOf(createAcl);
        }

        private void addAcesToAcl(long j, List<Long> list, int i) {
            DbAccessControlList dbAccessControlList = (DbAccessControlList) getHibernateTemplate().get(DbAccessControlListImpl.class, Long.valueOf(j));
            Iterator<Long> it = list.iterator();
            while (it.hasNext()) {
                DbAccessControlEntry dbAccessControlEntry = (DbAccessControlEntry) getHibernateTemplate().get(DbAccessControlEntryImpl.class, it.next());
                DbAccessControlListMemberImpl dbAccessControlListMemberImpl = new DbAccessControlListMemberImpl();
                dbAccessControlListMemberImpl.setAccessControlList(dbAccessControlList);
                dbAccessControlListMemberImpl.setAccessControlEntry(dbAccessControlEntry);
                dbAccessControlListMemberImpl.setPosition(i);
                getHibernateTemplate().save(dbAccessControlListMemberImpl);
            }
        }
    }

    public void setSessionFactory(SessionFactory sessionFactory) {
        this.helper.setSessionFactory(sessionFactory);
    }

    public void setQnameDAO(QNameDAO qNameDAO) {
        this.helper.setQnameDAO(qNameDAO);
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    public void setBatchSize(int i) {
        batchSize = i;
    }

    @Override // org.alfresco.repo.admin.patch.impl.MoveWCMToGroupBasedPermissionsPatch, org.alfresco.repo.admin.patch.AbstractPatch
    protected String applyInternal() throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        List<AVMStoreDescriptor> stores = this.avmService.getStores();
        logger.info("Retrieved list of " + stores.size() + " AVM store descriptors in " + ((System.currentTimeMillis() - currentTimeMillis) / 1000) + " secs");
        long currentTimeMillis2 = System.currentTimeMillis();
        ArrayList<Pair> arrayList = new ArrayList(stores.size());
        int i = 0;
        for (AVMStoreDescriptor aVMStoreDescriptor : stores) {
            AVMSnapShotTriggeredIndexingMethodInterceptor.StoreType storeType = AVMSnapShotTriggeredIndexingMethodInterceptor.StoreType.getStoreType(aVMStoreDescriptor.getName(), aVMStoreDescriptor, this.avmService.getStoreProperties(aVMStoreDescriptor.getName()));
            if (!storeType.equals(AVMSnapShotTriggeredIndexingMethodInterceptor.StoreType.UNKNOWN)) {
                arrayList.add(new Pair(aVMStoreDescriptor, storeType));
                i++;
            }
        }
        logger.info("Retrieved store types for " + i + " WCM stores in " + ((System.currentTimeMillis() - currentTimeMillis2) / 1000) + " secs");
        long currentTimeMillis3 = System.currentTimeMillis();
        int i2 = 0;
        for (Pair pair : arrayList) {
            AVMStoreDescriptor aVMStoreDescriptor2 = (AVMStoreDescriptor) pair.getFirst();
            AVMSnapShotTriggeredIndexingMethodInterceptor.StoreType storeType2 = (AVMSnapShotTriggeredIndexingMethodInterceptor.StoreType) pair.getSecond();
            switch (storeType2) {
                case STAGING:
                    if (logger.isDebugEnabled()) {
                        logger.debug("Process store " + aVMStoreDescriptor2.getName() + " (" + storeType2 + ")");
                    }
                    i2++;
                    makeGroupsIfRequired(aVMStoreDescriptor2);
                    addUsersToGroupIfRequired(aVMStoreDescriptor2);
                    nullifyAvmNodeAclsExcluding(aVMStoreDescriptor2.getName(), JNDIConstants.DIR_DEFAULT_WWW);
                    setStagingAreaPermissions(aVMStoreDescriptor2);
                    this.helper.getSessionFactory().getCurrentSession().flush();
                    setStagingAreaMasks(aVMStoreDescriptor2);
                    break;
            }
        }
        if (i2 > 0) {
            logger.info("Processed " + i2 + " WCM staging stores: " + ((System.currentTimeMillis() - currentTimeMillis3) / 1000) + " secs");
        }
        long currentTimeMillis4 = System.currentTimeMillis();
        int i3 = 0;
        for (Pair pair2 : arrayList) {
            AVMStoreDescriptor aVMStoreDescriptor3 = (AVMStoreDescriptor) pair2.getFirst();
            AVMSnapShotTriggeredIndexingMethodInterceptor.StoreType storeType3 = (AVMSnapShotTriggeredIndexingMethodInterceptor.StoreType) pair2.getSecond();
            switch (storeType3) {
                case AUTHOR:
                case AUTHOR_PREVIEW:
                case AUTHOR_WORKFLOW:
                case AUTHOR_WORKFLOW_PREVIEW:
                case WORKFLOW:
                case WORKFLOW_PREVIEW:
                case STAGING_PREVIEW:
                    if (logger.isDebugEnabled()) {
                        logger.debug("Nullify acls for store " + aVMStoreDescriptor3.getName() + " (" + storeType3 + ")");
                    }
                    i3++;
                    nullifyAvmNodeAcls(aVMStoreDescriptor3.getName());
                    break;
            }
        }
        if (i3 > 0) {
            logger.info("Nullified acls for " + i3 + " WCM sandbox stores: " + ((System.currentTimeMillis() - currentTimeMillis4) / 1000) + " secs");
        }
        if (arrayList.size() > 0) {
            long currentTimeMillis5 = System.currentTimeMillis();
            deleteDangling();
            logger.info("Deleted dangling acls/aces across all stores in " + ((System.currentTimeMillis() - currentTimeMillis5) / 1000) + " secs");
        }
        long currentTimeMillis6 = System.currentTimeMillis();
        int i4 = 0;
        for (Pair pair3 : arrayList) {
            AVMStoreDescriptor aVMStoreDescriptor4 = (AVMStoreDescriptor) pair3.getFirst();
            AVMSnapShotTriggeredIndexingMethodInterceptor.StoreType storeType4 = (AVMSnapShotTriggeredIndexingMethodInterceptor.StoreType) pair3.getSecond();
            switch (storeType4) {
                case AUTHOR:
                case WORKFLOW:
                    if (this.stagingData.get(extractBaseStore(aVMStoreDescriptor4.getName())) == null) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Skip store " + aVMStoreDescriptor4.getName() + " (" + storeType4 + ") since no corresponding base store");
                            break;
                        } else {
                            break;
                        }
                    } else {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Process store " + aVMStoreDescriptor4.getName() + " (" + storeType4 + ")");
                        }
                        i4++;
                        setSandboxPermissions(aVMStoreDescriptor4);
                        this.helper.getSessionFactory().getCurrentSession().flush();
                        setSandBoxMasks(aVMStoreDescriptor4);
                        break;
                    }
                case STAGING_PREVIEW:
                    if (this.stagingData.get(extractBaseStore(aVMStoreDescriptor4.getName())) == null) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Skip store " + aVMStoreDescriptor4.getName() + " (" + storeType4 + ") since no corresponding base store");
                            break;
                        } else {
                            break;
                        }
                    } else {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Process store " + aVMStoreDescriptor4.getName() + " (" + storeType4 + ")");
                        }
                        i4++;
                        setSandboxPermissions(aVMStoreDescriptor4);
                        this.helper.getSessionFactory().getCurrentSession().flush();
                        setStagingAreaMasks(aVMStoreDescriptor4);
                        break;
                    }
            }
        }
        for (Pair pair4 : arrayList) {
            AVMStoreDescriptor aVMStoreDescriptor5 = (AVMStoreDescriptor) pair4.getFirst();
            AVMSnapShotTriggeredIndexingMethodInterceptor.StoreType storeType5 = (AVMSnapShotTriggeredIndexingMethodInterceptor.StoreType) pair4.getSecond();
            switch (storeType5) {
                case AUTHOR_PREVIEW:
                case AUTHOR_WORKFLOW:
                case WORKFLOW_PREVIEW:
                    if (this.stagingData.get(extractBaseStore(aVMStoreDescriptor5.getName())) == null) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Skip store " + aVMStoreDescriptor5.getName() + " (" + storeType5 + ") since no corresponding base store");
                            break;
                        } else {
                            break;
                        }
                    } else {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Process store " + aVMStoreDescriptor5.getName() + " (" + storeType5 + ")");
                        }
                        i4++;
                        setSandboxPermissions(aVMStoreDescriptor5);
                        this.helper.getSessionFactory().getCurrentSession().flush();
                        setSandBoxMasks(aVMStoreDescriptor5);
                        break;
                    }
            }
        }
        for (Pair pair5 : arrayList) {
            AVMStoreDescriptor aVMStoreDescriptor6 = (AVMStoreDescriptor) pair5.getFirst();
            AVMSnapShotTriggeredIndexingMethodInterceptor.StoreType storeType6 = (AVMSnapShotTriggeredIndexingMethodInterceptor.StoreType) pair5.getSecond();
            switch (storeType6) {
                case AUTHOR_WORKFLOW_PREVIEW:
                    if (this.stagingData.get(extractBaseStore(aVMStoreDescriptor6.getName())) == null) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Skip store " + aVMStoreDescriptor6.getName() + " (" + storeType6 + ") since no corresponding base store");
                            break;
                        } else {
                            break;
                        }
                    } else {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Process store " + aVMStoreDescriptor6.getName() + " (" + storeType6 + ")");
                        }
                        i4++;
                        setSandboxPermissions(aVMStoreDescriptor6);
                        this.helper.getSessionFactory().getCurrentSession().flush();
                        setSandBoxMasks(aVMStoreDescriptor6);
                        break;
                    }
            }
        }
        if (i4 > 0) {
            logger.info("Processed " + i4 + " WCM sandbox stores: " + ((System.currentTimeMillis() - currentTimeMillis6) / 1000) + " secs");
        }
        return I18NUtil.getMessage(MSG_SUCCESS);
    }

    private void makeGroupsIfRequired(AVMStoreDescriptor aVMStoreDescriptor) {
        long currentTimeMillis = System.currentTimeMillis();
        String name = aVMStoreDescriptor.getName();
        int i = 0;
        for (String str : MoveWCMToGroupBasedPermissionsPatch.PERMISSIONS) {
            String str2 = name + RuleBasedTransactionAttribute.PREFIX_ROLLBACK_RULE + str;
            String name2 = this.authorityService.getName(AuthorityType.GROUP, str2);
            if (!this.authorityService.authorityExists(name2)) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Create: " + name2);
                }
                this.authorityService.createAuthority(AuthorityType.GROUP, str2);
                i++;
            } else if (logger.isDebugEnabled()) {
                logger.debug("Already exists: " + name2);
            }
        }
        if (!logger.isDebugEnabled() || i <= 0) {
            return;
        }
        logger.debug("Created " + i + " missing groups in " + ((System.currentTimeMillis() - currentTimeMillis) / 1000) + " secs");
    }

    private void nullifyAvmNodeAcls(String str) throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        int nullifyAvmNodeAcls = this.helper.nullifyAvmNodeAcls(str);
        if (!logger.isDebugEnabled() || nullifyAvmNodeAcls <= 0) {
            return;
        }
        logger.debug("nullifyAvmNodeAcls (" + nullifyAvmNodeAcls + ") for store: " + str + " in " + ((System.currentTimeMillis() - currentTimeMillis) / 1000) + " secs");
    }

    private void nullifyAvmNodeAclsExcluding(String str, String str2) throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        int nullifyAvmNodeAclsExcluding = this.helper.nullifyAvmNodeAclsExcluding(str, str2);
        if (!logger.isDebugEnabled() || nullifyAvmNodeAclsExcluding <= 0) {
            return;
        }
        logger.debug("nullifyAvmNodeAcls (" + nullifyAvmNodeAclsExcluding + ") for store: " + str + " excluding '" + str2 + "' in " + ((System.currentTimeMillis() - currentTimeMillis) / 1000) + " secs");
    }

    private void deleteDangling() {
        try {
            long currentTimeMillis = System.currentTimeMillis();
            if (logger.isDebugEnabled()) {
                logger.debug("Start deleting dangling acls/aces (across all stores)");
            }
            this.helper.deleteDanglingAcls();
            this.helper.deleteDanglingAces();
            if (logger.isDebugEnabled()) {
                logger.debug("Finish deleting dangling acls/aces (across all stores) in " + ((System.currentTimeMillis() - currentTimeMillis) / 1000) + " secs");
            }
        } catch (Throwable th) {
            logger.error("Failed to delete dangling acls/aces", th);
            throw new PatchException("Failed to delete dangling acls/aces", th);
        }
    }

    @Override // org.alfresco.repo.admin.patch.impl.MoveWCMToGroupBasedPermissionsPatch
    protected void setStagingAreaPermissions(AVMStoreDescriptor aVMStoreDescriptor) throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        String name = aVMStoreDescriptor.getName();
        if (logger.isDebugEnabled()) {
            logger.debug("Start set staging area permissions: " + name);
        }
        DbAccessControlListChangeSet createAclChangeSet = this.helper.createAclChangeSet();
        long longValue = this.helper.createWCMGroupBasedAcl(name, createAclChangeSet, ACLType.DEFINING, false).longValue();
        long longValue2 = this.helper.createWCMGroupBasedAcl(name, createAclChangeSet, ACLType.SHARED, false).longValue();
        this.stagingData.put(name, new Pair<>(createAclChangeSet, Long.valueOf(longValue2)));
        this.helper.getSessionFactory().getCurrentSession().flush();
        this.helper.updateAclInherited(longValue, longValue2);
        this.helper.updateAclInheritsFrom(longValue2, longValue);
        this.helper.updateAclInherited(longValue2, longValue2);
        this.helper.setRootAcl(name, longValue);
        int sharedAcls = this.helper.setSharedAcls(name, longValue2);
        if (logger.isDebugEnabled()) {
            logger.debug("Finish set staging area permissions: " + aVMStoreDescriptor.getName() + " in " + ((System.currentTimeMillis() - currentTimeMillis) / 1000) + " secs (updated " + (sharedAcls + 1) + ")");
        }
    }

    protected void setSandboxPermissions(AVMStoreDescriptor aVMStoreDescriptor) throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        String name = aVMStoreDescriptor.getName();
        if (logger.isDebugEnabled()) {
            logger.debug("Start set sandbox permissions: " + name);
        }
        Pair<DbAccessControlListChangeSet, Long> pair = this.stagingData.get(extractBaseStore(name));
        DbAccessControlListChangeSet first = pair.getFirst();
        long longValue = pair.getSecond().longValue();
        String extractStagingAreaName = extractStagingAreaName(name);
        long longValue2 = this.helper.createWCMGroupBasedAcl(extractStagingAreaName, first, ACLType.LAYERED, true).longValue();
        long longValue3 = this.helper.createWCMGroupBasedAcl(extractStagingAreaName, first, ACLType.SHARED, false).longValue();
        this.stagingData.put(name, new Pair<>(first, Long.valueOf(longValue3)));
        this.helper.getSessionFactory().getCurrentSession().flush();
        this.helper.updateAclInheritsFrom(longValue2, longValue);
        this.helper.updateAclInheritsFrom(longValue3, longValue2);
        this.helper.setRootAcl(name, longValue2);
        int sharedAcls = this.helper.setSharedAcls(name, longValue3);
        if (logger.isDebugEnabled()) {
            logger.debug("Finish set sandbox permissions: " + name + " in " + ((System.currentTimeMillis() - currentTimeMillis) / 1000) + " secs (updated " + (sharedAcls + 1) + ")");
        }
    }

    private void addUsersToGroupIfRequired(AVMStoreDescriptor aVMStoreDescriptor) {
        long currentTimeMillis = System.currentTimeMillis();
        PropertyValue storeProperty = this.avmService.getStoreProperty(aVMStoreDescriptor.getName(), QName.createQName((String) null, ".web_project.noderef"));
        if (storeProperty != null) {
            Iterator<ChildAssociationRef> it = this.nodeService.getChildAssocs((NodeRef) storeProperty.getValue(DataTypeDefinition.NODE_REF), WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL).iterator();
            while (it.hasNext()) {
                NodeRef childRef = it.next().getChildRef();
                String str = (String) this.nodeService.getProperty(childRef, WCMAppModel.PROP_WEBUSERNAME);
                String str2 = (String) this.nodeService.getProperty(childRef, WCMAppModel.PROP_WEBUSERROLE);
                if (str2.equals("All")) {
                    str2 = this.replaceAllWith;
                    this.nodeService.setProperty(childRef, WCMAppModel.PROP_WEBUSERROLE, str2);
                    if (logger.isDebugEnabled()) {
                        logger.debug("Set role " + str2 + " for user " + str + " in web project " + aVMStoreDescriptor.getName());
                    }
                }
                addToGroupIfRequired(aVMStoreDescriptor.getName(), str, str2);
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Check and add missing users (if any) to group(s) in " + ((System.currentTimeMillis() - currentTimeMillis) / 1000) + " secs");
        }
    }

    @Override // org.alfresco.repo.admin.patch.impl.MoveWCMToGroupBasedPermissionsPatch
    protected void addToGroupIfRequired(String str, String str2, String str3) {
        String name = this.authorityService.getName(AuthorityType.GROUP, str + RuleBasedTransactionAttribute.PREFIX_ROLLBACK_RULE + str3);
        if (this.authorityService.getContainedAuthorities(AuthorityType.USER, name, true).contains(str2)) {
            return;
        }
        if (!this.personService.personExists(str2)) {
            logger.warn("Person does not exist: " + str2 + " (not added to: " + name);
            return;
        }
        this.authorityService.addAuthority(name, str2);
        if (logger.isDebugEnabled()) {
            logger.debug("Added user " + str2 + " to: " + name);
        }
    }

    protected String extractBaseStore(String str) {
        int lastIndexOf = str.lastIndexOf("--");
        return lastIndexOf != -1 ? str.substring(0, lastIndexOf) : str;
    }
}
