package org.alfresco.repo.security.authority;

import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
import org.alfresco.repo.security.person.UserNameMatcher;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PersonService;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:WEB-INF/lib/alfresco-repository-3.2r2.jar:org/alfresco/repo/security/authority/AuthorityServiceImpl.class */
public class AuthorityServiceImpl implements AuthorityService, InitializingBean {
    private static Set<String> DEFAULT_ZONES = new HashSet();
    private PersonService personService;
    private NodeService nodeService;
    private TenantService tenantService;
    private AuthorityDAO authorityDAO;
    private UserNameMatcher userNameMatcher;
    private AuthenticationService authenticationService;
    private PermissionServiceSPI permissionServiceSPI;
    private Set<String> adminSet = Collections.singleton(PermissionService.ADMINISTRATOR_AUTHORITY);
    private Set<String> guestSet = Collections.singleton(PermissionService.GUEST_AUTHORITY);
    private Set<String> allSet = Collections.singleton(PermissionService.ALL_AUTHORITIES);
    private Set<String> adminGroups = Collections.emptySet();
    private Set<String> guestGroups = Collections.emptySet();

    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    public void setTenantService(TenantService tenantService) {
        this.tenantService = tenantService;
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    public void setAuthorityDAO(AuthorityDAO authorityDAO) {
        this.authorityDAO = authorityDAO;
    }

    public void setUserNameMatcher(UserNameMatcher userNameMatcher) {
        this.userNameMatcher = userNameMatcher;
    }

    public void setAuthenticationService(AuthenticationService authenticationService) {
        this.authenticationService = authenticationService;
    }

    public void setPermissionServiceSPI(PermissionServiceSPI permissionServiceSPI) {
        this.permissionServiceSPI = permissionServiceSPI;
    }

    public void setAdminGroups(Set<String> set) {
        this.adminGroups = set;
    }

    public void setGuestGroups(Set<String> set) {
        this.guestGroups = set;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        if (!this.adminGroups.isEmpty()) {
            HashSet hashSet = new HashSet(this.adminGroups.size());
            Iterator<String> it = this.adminGroups.iterator();
            while (it.hasNext()) {
                hashSet.add(getName(AuthorityType.GROUP, it.next()));
            }
            this.adminGroups = hashSet;
        }
        if (this.guestGroups.isEmpty()) {
            return;
        }
        HashSet hashSet2 = new HashSet(this.guestGroups.size());
        Iterator<String> it2 = this.guestGroups.iterator();
        while (it2.hasNext()) {
            hashSet2.add(getName(AuthorityType.GROUP, it2.next()));
        }
        this.guestGroups = hashSet2;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public boolean hasAdminAuthority() {
        String runAsUser = AuthenticationUtil.getRunAsUser();
        return runAsUser != null && getAuthoritiesForUser(runAsUser).contains(PermissionService.ADMINISTRATOR_AUTHORITY);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public boolean isAdminAuthority(String str) {
        String userIdentifier = this.personService.getUserIdentifier(str);
        if (userIdentifier == null) {
            userIdentifier = str;
        }
        return getAuthoritiesForUser(userIdentifier).contains(PermissionService.ADMINISTRATOR_AUTHORITY);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public boolean hasGuestAuthority() {
        String runAsUser = AuthenticationUtil.getRunAsUser();
        return runAsUser != null && getAuthoritiesForUser(runAsUser).contains(PermissionService.GUEST_AUTHORITY);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public boolean isGuestAuthority(String str) {
        String userIdentifier = this.personService.getUserIdentifier(str);
        if (userIdentifier == null) {
            userIdentifier = str;
        }
        return getAuthoritiesForUser(userIdentifier).contains(PermissionService.GUEST_AUTHORITY);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAuthorities() {
        return getAuthoritiesForUser(AuthenticationUtil.getRunAsUser());
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAuthoritiesForUser(String str) {
        HashSet<String> hashSet = new HashSet(64);
        hashSet.addAll(getContainingAuthorities(null, str, false));
        Set<String> defaultAdministratorUserNames = this.authenticationService.getDefaultAdministratorUserNames();
        Set<String> defaultGuestUserNames = this.authenticationService.getDefaultGuestUserNames();
        boolean containsMatch = containsMatch(defaultAdministratorUserNames, str);
        boolean containsMatch2 = containsMatch(defaultGuestUserNames, str);
        if (!containsMatch && !this.adminGroups.isEmpty()) {
            for (String str2 : hashSet) {
                if (this.adminGroups.contains(str2) || this.adminGroups.contains(this.tenantService.getBaseNameUser(str2))) {
                    containsMatch = true;
                    break;
                }
            }
        }
        if (!containsMatch && !containsMatch2 && !this.guestGroups.isEmpty()) {
            for (String str3 : hashSet) {
                if (this.guestGroups.contains(str3) || this.guestGroups.contains(this.tenantService.getBaseNameUser(str3))) {
                    containsMatch = true;
                    break;
                }
            }
        }
        if (containsMatch) {
            hashSet.addAll(this.adminSet);
        }
        if (containsMatch2) {
            hashSet.addAll(this.guestSet);
        } else {
            hashSet.addAll(this.allSet);
        }
        return hashSet;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAllAuthorities(AuthorityType authorityType) {
        HashSet hashSet = new HashSet();
        switch (authorityType) {
            case ADMIN:
                hashSet.addAll(this.adminSet);
                break;
            case EVERYONE:
                hashSet.addAll(this.allSet);
                break;
            case GUEST:
                hashSet.addAll(this.guestSet);
                break;
            case GROUP:
                hashSet.addAll(this.authorityDAO.getAllAuthorities(authorityType));
                break;
            case ROLE:
                hashSet.addAll(this.authorityDAO.getAllAuthorities(authorityType));
                break;
            case USER:
                Iterator<NodeRef> it = this.personService.getAllPeople().iterator();
                while (it.hasNext()) {
                    hashSet.add(DefaultTypeConverter.INSTANCE.convert(String.class, this.nodeService.getProperty(it.next(), ContentModel.PROP_USERNAME)));
                }
                break;
        }
        return hashSet;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> findAuthorities(AuthorityType authorityType, String str) {
        return findAuthoritiesInZone(authorityType, str, null);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> findAuthoritiesByShortName(AuthorityType authorityType, String str) {
        return findAuthorities(authorityType, getName(authorityType, str));
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void addAuthority(String str, String str2) {
        addAuthority(Collections.singleton(str), str2);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void addAuthority(Collection<String> collection, String str) {
        this.authorityDAO.addAuthority(collection, str);
    }

    private boolean containsMatch(Set<String> set, String str) {
        String baseNameUser = this.tenantService.getBaseNameUser(str);
        if (this.tenantService.isEnabled()) {
            for (String str2 : set) {
                if (this.userNameMatcher.matches(str2, str) || this.userNameMatcher.matches(this.tenantService.getBaseNameUser(str2), baseNameUser)) {
                    return true;
                }
            }
            return false;
        }
        for (String str3 : set) {
            if (this.userNameMatcher.matches(str3, str) || this.userNameMatcher.matches(str3, baseNameUser)) {
                return true;
            }
        }
        return false;
    }

    private void checkTypeIsMutable(AuthorityType authorityType) {
        if (authorityType != AuthorityType.GROUP && authorityType != AuthorityType.ROLE) {
            throw new AuthorityException("Trying to modify a fixed authority");
        }
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public String createAuthority(AuthorityType authorityType, String str) {
        return createAuthority(authorityType, str, str, getDefaultZones());
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void deleteAuthority(String str) {
        deleteAuthority(str, false);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void deleteAuthority(String str, boolean z) {
        AuthorityType authorityType = AuthorityType.getAuthorityType(str);
        checkTypeIsMutable(authorityType);
        if (z) {
            Iterator<String> it = getContainedAuthorities(authorityType, str, true).iterator();
            while (it.hasNext()) {
                deleteAuthority(it.next(), true);
            }
        }
        this.authorityDAO.deleteAuthority(str);
        this.permissionServiceSPI.deletePermissions(str);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAllRootAuthorities(AuthorityType authorityType) {
        return this.authorityDAO.getAllRootAuthorities(authorityType);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getContainedAuthorities(AuthorityType authorityType, String str, boolean z) {
        return this.authorityDAO.getContainedAuthorities(authorityType, str, z);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getContainingAuthorities(AuthorityType authorityType, String str, boolean z) {
        return this.authorityDAO.getContainingAuthorities(authorityType, str, z);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public String getName(AuthorityType authorityType, String str) {
        return authorityType.isFixedString() ? authorityType.getFixedString() : authorityType.isPrefixed() ? authorityType.getPrefixString() + str : str;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public String getShortName(String str) {
        AuthorityType authorityType = AuthorityType.getAuthorityType(str);
        return authorityType.isFixedString() ? "" : authorityType.isPrefixed() ? str.substring(authorityType.getPrefixString().length()) : str;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void removeAuthority(String str, String str2) {
        this.authorityDAO.removeAuthority(str, str2);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public boolean authorityExists(String str) {
        return this.authorityDAO.authorityExists(str);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public String createAuthority(AuthorityType authorityType, String str, String str2, Set<String> set) {
        checkTypeIsMutable(authorityType);
        String name = getName(authorityType, str);
        this.authorityDAO.createAuthority(name, str2, set);
        return name;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public String getAuthorityDisplayName(String str) {
        String authorityDisplayName = this.authorityDAO.getAuthorityDisplayName(str);
        if (authorityDisplayName == null) {
            authorityDisplayName = getShortName(str);
        }
        return authorityDisplayName;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void setAuthorityDisplayName(String str, String str2) {
        checkTypeIsMutable(AuthorityType.getAuthorityType(str));
        this.authorityDAO.setAuthorityDisplayName(str, str2);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAuthorityZones(String str) {
        return this.authorityDAO.getAuthorityZones(str);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public NodeRef getOrCreateZone(String str) {
        return this.authorityDAO.getOrCreateZone(str);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public NodeRef getZone(String str) {
        return this.authorityDAO.getZone(str);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAllAuthoritiesInZone(String str, AuthorityType authorityType) {
        return this.authorityDAO.getAllAuthoritiesInZone(str, authorityType);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void addAuthorityToZones(String str, Set<String> set) {
        this.authorityDAO.addAuthorityToZones(str, set);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void removeAuthorityFromZones(String str, Set<String> set) {
        this.authorityDAO.removeAuthorityFromZones(str, set);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getDefaultZones() {
        return DEFAULT_ZONES;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAllRootAuthoritiesInZone(String str, AuthorityType authorityType) {
        return this.authorityDAO.getAllRootAuthoritiesInZone(str, authorityType);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> findAuthoritiesByShortNameInZone(AuthorityType authorityType, String str, String str2) {
        return findAuthoritiesInZone(authorityType, getName(authorityType, str), str2);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> findAuthoritiesInZone(AuthorityType authorityType, String str, String str2) {
        HashSet hashSet = new HashSet();
        switch (authorityType) {
            case ADMIN:
            case EVERYONE:
            case GUEST:
                throw new UnsupportedOperationException();
            case GROUP:
                Set<String> set = null;
                if (str2 != null) {
                    set = Collections.singleton(str2);
                }
                hashSet.addAll(this.authorityDAO.findAuthorities(authorityType, str, set));
                break;
            case OWNER:
            case ROLE:
                throw new UnsupportedOperationException();
            case USER:
                throw new UnsupportedOperationException();
        }
        return hashSet;
    }

    static {
        DEFAULT_ZONES.add(AuthorityService.ZONE_APP_DEFAULT);
        DEFAULT_ZONES.add(AuthorityService.ZONE_AUTH_ALFRESCO);
    }
}
