package de.terrestris.shogun2.security.acl;

import de.terrestris.shogun2.model.PersistentObject;
import de.terrestris.shogun2.model.User;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.acls.domain.ObjectIdentityImpl;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.model.AccessControlEntry;
import org.springframework.security.acls.model.MutableAcl;
import org.springframework.security.acls.model.MutableAclService;
import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.Permission;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Transactional("aclTransactionManager")
@Component
/* loaded from: input_file:de/terrestris/shogun2/security/acl/AclUtil.class */
public class AclUtil {
    private static final Logger LOG = Logger.getLogger(AclUtil.class);

    @Autowired
    private MutableAclService aclService;

    public void addPermission(PersistentObject persistentObject, User user, Permission permission) {
        MutableAcl createAcl;
        ObjectIdentityImpl objectIdentityImpl = new ObjectIdentityImpl(persistentObject);
        try {
            createAcl = (MutableAcl) this.aclService.readAclById(objectIdentityImpl);
        } catch (NotFoundException e) {
            createAcl = this.aclService.createAcl(objectIdentityImpl);
        }
        PrincipalSid principalSid = new PrincipalSid(user.getAccountName());
        createAcl.insertAce(createAcl.getEntries().size(), permission, principalSid, true);
        LOG.debug("Added ACE: '" + permission + "' for '" + principalSid + "' on '" + objectIdentityImpl);
        this.aclService.updateAcl(createAcl);
    }

    public void updatePermission(PersistentObject persistentObject, User user, Permission permission, Permission permission2) {
        PrincipalSid principalSid = new PrincipalSid(user.getAccountName());
        ObjectIdentityImpl objectIdentityImpl = new ObjectIdentityImpl(persistentObject);
        if (permission.equals(permission2)) {
            LOG.debug("Not updating ACE for " + principalSid + " because the oldPermission equals the newPermission.");
            return;
        }
        MutableAcl readAclById = this.aclService.readAclById(objectIdentityImpl);
        int i = 0;
        for (AccessControlEntry accessControlEntry : readAclById.getEntries()) {
            if (accessControlEntry.getSid().equals(principalSid) && accessControlEntry.getPermission().equals(permission)) {
                LOG.debug("Updating ACE: '" + permission + "' for '" + principalSid + "' on '" + objectIdentityImpl + " will be replaced with " + permission2);
                readAclById.updateAce(i, permission2);
            }
            i++;
        }
        this.aclService.updateAcl(readAclById);
    }

    public void deletePermission(PersistentObject persistentObject, User user, Permission permission) {
        PrincipalSid principalSid = new PrincipalSid(user.getAccountName());
        ObjectIdentityImpl objectIdentityImpl = new ObjectIdentityImpl(persistentObject);
        MutableAcl readAclById = this.aclService.readAclById(objectIdentityImpl);
        int i = 0;
        for (AccessControlEntry accessControlEntry : readAclById.getEntries()) {
            if (accessControlEntry.getSid().equals(principalSid) && accessControlEntry.getPermission().equals(permission)) {
                readAclById.deleteAce(i);
                LOG.debug("Deleting ACE: '" + permission + "' for '" + principalSid + "' on '" + objectIdentityImpl);
            }
            i++;
        }
        this.aclService.updateAcl(readAclById);
    }

    public MutableAclService getAclService() {
        return this.aclService;
    }

    public void setAclService(MutableAclService mutableAclService) {
        this.aclService = mutableAclService;
    }
}
