package jeus.security.base;

import java.io.Serializable;
import java.security.Permission;
import java.security.Principal;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import jeus.security.base.PermissionMap;
import jeus.security.resource.GroupPrincipalImpl;
import jeus.security.resource.RolePermission;

/* loaded from: input_file:jeus/security/base/Policy.class */
public class Policy implements Cloneable, Serializable {
    private static final long serialVersionUID = 6903052036054617574L;
    public static final String DEFAULT_CONTEXT_ID = "default";
    protected PermissionMap principalRolePolicy = new PermissionMap();
    protected Map<String, PermissionMap> roleResourcePolicy = new HashMap();
    protected String userPrincipalClassName;
    protected String rolePrincipalClassName;

    public PermissionMap getRolePolicy() {
        return this.principalRolePolicy;
    }

    public PermissionMap getResourcePolicy(String str, boolean z) {
        PermissionMap permissionMap = this.roleResourcePolicy.get(str);
        if (permissionMap == null && z) {
            permissionMap = new PermissionMap();
            this.roleResourcePolicy.put(str, permissionMap);
        }
        return permissionMap;
    }

    public PermissionMap getResourcePolicy(String str) {
        return getResourcePolicy(str, false);
    }

    public void removeResourcePolicy(String str) {
        this.roleResourcePolicy.remove(str);
    }

    public Set<String> getResourcePolicyIds() {
        return this.roleResourcePolicy.keySet();
    }

    public Policy add(Policy policy) {
        if (policy != null && policy != this) {
            getRolePolicy().add(policy.getRolePolicy());
            for (String str : policy.getResourcePolicyIds()) {
                getResourcePolicy(str, true).add(policy.getResourcePolicy(str));
            }
        }
        return this;
    }

    public Policy remove(Policy policy) {
        if (policy == null) {
            return this;
        }
        if (policy == this) {
            getRolePolicy().clear();
            this.roleResourcePolicy.clear();
        } else {
            getRolePolicy().remove(policy.getRolePolicy());
            for (String str : policy.getResourcePolicyIds()) {
                PermissionMap resourcePolicy = getResourcePolicy(str);
                if (resourcePolicy != null) {
                    resourcePolicy.remove(policy.getResourcePolicy(str));
                }
            }
        }
        return this;
    }

    public PermissionMap.CheckResult checkPermission(String str, Permission permission) {
        return checkPermission(str, (Principal) null, permission);
    }

    public PermissionMap.CheckResult checkPermission(Permission permission) {
        return checkPermission("default", (Principal) null, permission);
    }

    public PermissionMap.CheckResult checkPermission(Principal principal, Permission permission) {
        return checkPermission("default", principal, permission);
    }

    public PermissionMap.CheckResult checkPermission(String str, Principal principal, Permission permission) {
        if (permission instanceof RolePermission) {
            PermissionMap.CheckResult checkPermission = this.principalRolePolicy.checkPermission(permission);
            if (checkPermission.equals(PermissionMap.EXCLUDED) || checkPermission.equals(PermissionMap.UNCHECKED)) {
                return checkPermission;
            }
            if (this.principalRolePolicy.checkPermission(principal, permission).isGranted()) {
                return PermissionMap.GRANTED;
            }
        } else {
            PermissionMap resourcePolicy = getResourcePolicy(str);
            if (resourcePolicy == null) {
                return PermissionMap.DENIED;
            }
            PermissionMap.CheckResult checkPermission2 = resourcePolicy.checkPermission(permission);
            if (checkPermission2.equals(PermissionMap.EXCLUDED) || checkPermission2.equals(PermissionMap.UNCHECKED)) {
                return checkPermission2;
            }
            Iterator it = resourcePolicy.getCheckedReversePermissionImplies(permission).iterator();
            while (it.hasNext()) {
                RolePermission rolePermission = new RolePermission((Role) it.next());
                PermissionMap.CheckResult checkPermission3 = this.principalRolePolicy.checkPermission(rolePermission);
                if (checkPermission3.equals(PermissionMap.EXCLUDED) || checkPermission3.equals(PermissionMap.UNCHECKED)) {
                    return checkPermission3;
                }
                if (this.principalRolePolicy.checkPermission(principal, rolePermission).isGranted()) {
                    return PermissionMap.GRANTED;
                }
            }
        }
        return PermissionMap.DENIED;
    }

    public PermissionMap.CheckResult checkPermission(String str, Principal[] principalArr, Permission permission) {
        if (permission instanceof RolePermission) {
            PermissionMap.CheckResult checkPermission = this.principalRolePolicy.checkPermission(permission);
            if (checkPermission.equals(PermissionMap.EXCLUDED) || checkPermission.equals(PermissionMap.UNCHECKED)) {
                return checkPermission;
            }
            for (Principal principal : principalArr) {
                if (this.principalRolePolicy.checkPermission(principal, permission).isGranted()) {
                    return PermissionMap.GRANTED;
                }
                if ((principal instanceof GroupPrincipalImpl) && recursiveGroupImpl(str, permission, (GroupPrincipalImpl) principal).isGranted()) {
                    return PermissionMap.GRANTED;
                }
            }
        } else {
            PermissionMap resourcePolicy = getResourcePolicy(str);
            if (resourcePolicy == null) {
                return PermissionMap.DENIED;
            }
            PermissionMap.CheckResult checkPermission2 = resourcePolicy.checkPermission(permission);
            if (checkPermission2.equals(PermissionMap.EXCLUDED) || checkPermission2.equals(PermissionMap.UNCHECKED)) {
                return checkPermission2;
            }
            Iterator it = resourcePolicy.getCheckedReversePermissionImplies(permission).iterator();
            while (it.hasNext()) {
                RolePermission rolePermission = new RolePermission((Role) it.next());
                PermissionMap.CheckResult checkPermission3 = this.principalRolePolicy.checkPermission(rolePermission);
                if (checkPermission3.equals(PermissionMap.EXCLUDED) || checkPermission3.equals(PermissionMap.UNCHECKED)) {
                    return checkPermission3;
                }
                for (Principal principal2 : principalArr) {
                    if (this.principalRolePolicy.checkPermission(principal2, rolePermission).isGranted()) {
                        return PermissionMap.GRANTED;
                    }
                    if ((principal2 instanceof GroupPrincipalImpl) && recursiveGroupImpl(str, permission, (GroupPrincipalImpl) principal2).isGranted()) {
                        return PermissionMap.GRANTED;
                    }
                }
            }
        }
        return PermissionMap.DENIED;
    }

    public boolean isUnchecked() {
        Iterator<String> it = this.roleResourcePolicy.keySet().iterator();
        while (it.hasNext()) {
            if (!this.roleResourcePolicy.get(it.next()).isUnchecked()) {
                return false;
            }
        }
        return true;
    }

    public Collection getRoleOwners(String str) {
        return this.principalRolePolicy.getCheckedReversePermissions(new RolePermission(str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PermissionMap.CheckResult recursiveGroupImpl(String str, Permission permission, GroupPrincipalImpl groupPrincipalImpl) {
        Principal[] subGroups;
        PermissionMap.CheckResult checkResult = PermissionMap.DENIED;
        if (groupPrincipalImpl != null && (subGroups = groupPrincipalImpl.getSubGroups()) != null) {
            checkResult = checkPermission(str, subGroups, permission);
        }
        return checkResult;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("\n______________POLICY_______________\n\n");
        stringBuffer.append("ROLE PERMISSIONS:\n" + this.principalRolePolicy + "\n");
        stringBuffer.append("RESOURCE PERMISSIONS:\n");
        for (String str : getResourcePolicyIds()) {
            stringBuffer.append("Context id: " + str + "\n" + getResourcePolicy(str) + "\n\n");
        }
        return stringBuffer.toString();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || !(obj instanceof Policy)) {
            return false;
        }
        Policy policy = (Policy) obj;
        return getRolePolicy().equals(policy.getRolePolicy()) && this.roleResourcePolicy.equals(policy.roleResourcePolicy);
    }

    public int hashCode() {
        return getRolePolicy().hashCode() + this.roleResourcePolicy.hashCode();
    }

    public Object clone() {
        Policy policy = new Policy();
        policy.setUserPrincipalClassName(getUserPrincipalClassName());
        policy.setRolePrincipalClassName(getRolePrincipalClassName());
        policy.add(this);
        return policy;
    }

    public Collection getAllPermissions() {
        HashSet hashSet = new HashSet();
        hashSet.addAll(getRolePolicy().getAllPermissions());
        Iterator<String> it = getResourcePolicyIds().iterator();
        while (it.hasNext()) {
            hashSet.addAll(getResourcePolicy(it.next()).getAllPermissions());
        }
        return new CopyOnWriteArraySet(hashSet);
    }

    public String getUserPrincipalClassName() {
        return this.userPrincipalClassName;
    }

    public void setUserPrincipalClassName(String str) {
        this.userPrincipalClassName = str;
    }

    public String getRolePrincipalClassName() {
        return this.rolePrincipalClassName;
    }

    public void setRolePrincipalClassName(String str) {
        this.rolePrincipalClassName = str;
    }
}
