package edu.internet2.middleware.grouper.privs;

import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.Stem;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.grouper.cfg.GrouperConfig;
import edu.internet2.middleware.grouper.exception.GrouperSessionException;
import edu.internet2.middleware.grouper.hibernate.HqlQuery;
import edu.internet2.middleware.grouper.misc.GrouperCheckConfig;
import edu.internet2.middleware.grouper.misc.GrouperSessionHandler;
import edu.internet2.middleware.grouper.misc.GrouperStartup;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import java.util.Set;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.commons.logging.Log;

/* loaded from: input_file:WEB-INF/lib/grouper-2.6.18.jar:edu/internet2/middleware/grouper/privs/WheelNamingResolver.class */
public class WheelNamingResolver extends NamingResolverDecorator {
    private boolean useWheel;
    private Group wheelGroup;
    private boolean useReadonlyWheel;
    private Group wheelReadonlyGroup;
    private boolean useViewonlyWheel;
    private Group wheelViewonlyGroup;
    private GrouperSession wheelSession;
    private static boolean loggedWheelReadonlyGroupMissing = false;
    private static boolean loggedWheelViewonlyGroupMissing = false;
    private static final Log LOG = GrouperUtil.getLog(WheelNamingResolver.class);
    private static boolean loggedWheelNotThere = false;

    @Override // edu.internet2.middleware.grouper.privs.NamingResolverDecorator, edu.internet2.middleware.grouper.privs.NamingResolver
    public void flushCache() {
        WheelCache.flush();
        super.getDecoratedResolver().flushCache();
    }

    public WheelNamingResolver(NamingResolver namingResolver) {
        super(namingResolver);
        this.useWheel = false;
        this.useReadonlyWheel = false;
        this.useViewonlyWheel = false;
        this.wheelSession = null;
        this.useWheel = Boolean.valueOf(GrouperConfig.retrieveConfig().propertyValueString(GrouperConfig.PROP_USE_WHEEL_GROUP)).booleanValue();
        if (this.useWheel) {
            String str = "";
            try {
                str = GrouperConfig.retrieveConfig().propertyValueString(GrouperConfig.PROP_WHEEL_GROUP);
                this.wheelSession = GrouperSession.start(SubjectFinder.findRootSubject(), false);
                this.wheelGroup = GroupFinder.findByName(this.wheelSession, str, GrouperStartup.isFinishedStartupSuccessfully());
            } catch (Exception e) {
                String str2 = "Cant find wheel group '" + str + "': " + e.getClass().getSimpleName();
                if (!loggedWheelNotThere && !GrouperCheckConfig.inCheckConfig) {
                    LOG.error(str2);
                    loggedWheelNotThere = true;
                }
                LOG.debug(str2, e);
                this.useWheel = false;
            }
        }
        this.useViewonlyWheel = Boolean.valueOf(GrouperConfig.retrieveConfig().propertyValueString("groups.wheel.viewonly.use")).booleanValue();
        if (this.useViewonlyWheel) {
            String str3 = null;
            try {
                str3 = GrouperConfig.retrieveConfig().propertyValueString("groups.wheel.viewonly.group");
                if (this.wheelSession == null) {
                    this.wheelSession = GrouperSession.start(SubjectFinder.findRootSubject(), false);
                }
                this.wheelViewonlyGroup = GroupFinder.findByName(this.wheelSession, str3, GrouperStartup.isFinishedStartupSuccessfully());
            } catch (Exception e2) {
                String str4 = "Initialisation error with wheel viewonly group name '" + str3 + "': " + e2.getClass().getSimpleName() + "\n" + ExceptionUtils.getFullStackTrace(e2);
                if (loggedWheelViewonlyGroupMissing || GrouperCheckConfig.inCheckConfig) {
                    LOG.debug(str4);
                } else {
                    LOG.error(str4);
                    loggedWheelViewonlyGroupMissing = true;
                }
                this.useViewonlyWheel = false;
            }
        }
        this.useReadonlyWheel = Boolean.valueOf(GrouperConfig.retrieveConfig().propertyValueString("groups.wheel.readonly.use")).booleanValue();
        if (this.useReadonlyWheel) {
            String str5 = null;
            try {
                str5 = GrouperConfig.retrieveConfig().propertyValueString("groups.wheel.readonly.group");
                if (this.wheelSession == null) {
                    this.wheelSession = GrouperSession.start(SubjectFinder.findRootSubject(), false);
                }
                this.wheelReadonlyGroup = GroupFinder.findByName(this.wheelSession, str5, GrouperStartup.isFinishedStartupSuccessfully());
            } catch (Exception e3) {
                String str6 = "Initialisation error with wheel readonly group name '" + str5 + "': " + e3.getClass().getSimpleName() + "\n" + ExceptionUtils.getFullStackTrace(e3);
                if (loggedWheelReadonlyGroupMissing || GrouperCheckConfig.inCheckConfig) {
                    LOG.debug(str6);
                } else {
                    LOG.error(str6);
                    loggedWheelReadonlyGroupMissing = true;
                }
                this.useReadonlyWheel = false;
            }
        }
    }

    private void putInHasPrivilegeCache(Subject subject, Boolean bool) {
        WheelCache.putInHasPrivilegeCache(subject, bool);
    }

    private void putInHasViewonlyPrivilegeCache(Subject subject, Boolean bool) {
        WheelCache.putInViewonlyHasPrivilegeCache(subject, bool);
    }

    private void putInHasReadonlyPrivilegeCache(Subject subject, Boolean bool) {
        WheelCache.putInReadonlyHasPrivilegeCache(subject, bool);
    }

    private boolean isWheelMember(final Subject subject) {
        Boolean fromIsWheelMemberCache = getFromIsWheelMemberCache(subject);
        if (fromIsWheelMemberCache == null) {
            fromIsWheelMemberCache = (Boolean) GrouperSession.callbackGrouperSession(this.wheelSession, new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.privs.WheelNamingResolver.1
                @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
                public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                    return Boolean.valueOf(WheelNamingResolver.this.wheelGroup != null && WheelNamingResolver.this.wheelGroup.hasMember(subject));
                }
            });
            putInHasPrivilegeCache(subject, fromIsWheelMemberCache);
        }
        return fromIsWheelMemberCache.booleanValue();
    }

    private boolean isWheelViewonlyMember(final Subject subject) {
        Boolean fromIsWheelViewonlyMemberCache = getFromIsWheelViewonlyMemberCache(subject);
        if (fromIsWheelViewonlyMemberCache == null) {
            fromIsWheelViewonlyMemberCache = (Boolean) GrouperSession.callbackGrouperSession(this.wheelSession, new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.privs.WheelNamingResolver.2
                @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
                public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                    return Boolean.valueOf(WheelNamingResolver.this.wheelViewonlyGroup != null && WheelNamingResolver.this.wheelViewonlyGroup.hasMember(subject));
                }
            });
            putInHasViewonlyPrivilegeCache(subject, fromIsWheelViewonlyMemberCache);
        }
        return fromIsWheelViewonlyMemberCache.booleanValue();
    }

    private boolean isWheelReadonlyMember(final Subject subject) {
        Boolean fromIsWheelReadonlyMemberCache = getFromIsWheelReadonlyMemberCache(subject);
        if (fromIsWheelReadonlyMemberCache == null) {
            fromIsWheelReadonlyMemberCache = (Boolean) GrouperSession.callbackGrouperSession(this.wheelSession, new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.privs.WheelNamingResolver.3
                @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
                public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                    return Boolean.valueOf(WheelNamingResolver.this.wheelReadonlyGroup != null && WheelNamingResolver.this.wheelReadonlyGroup.hasMember(subject));
                }
            });
            putInHasReadonlyPrivilegeCache(subject, fromIsWheelReadonlyMemberCache);
        }
        return fromIsWheelReadonlyMemberCache.booleanValue();
    }

    private boolean isAndUseWheelViewonly(Subject subject) {
        return getGrouperSession().isConsiderIfWheelMember() && this.useViewonlyWheel && isWheelViewonlyMember(subject);
    }

    private boolean isAndUseWheelReadonly(Subject subject) {
        return getGrouperSession().isConsiderIfWheelMember() && this.useReadonlyWheel && isWheelReadonlyMember(subject);
    }

    @Override // edu.internet2.middleware.grouper.privs.NamingResolverDecorator, edu.internet2.middleware.grouper.privs.NamingResolver
    public boolean hasPrivilege(Stem stem, Subject subject, Privilege privilege) throws IllegalArgumentException {
        if (isAndUseWheel(subject)) {
            return true;
        }
        if (isAndUseWheelReadonly(subject) && NamingPrivilege.STEM_ATTR_READ.equals(privilege)) {
            return true;
        }
        return super.getDecoratedResolver().hasPrivilege(stem, subject, privilege);
    }

    private boolean isAndUseWheel(Subject subject) {
        return getGrouperSession().isConsiderIfWheelMember() && this.useWheel && isWheelMember(subject);
    }

    @Override // edu.internet2.middleware.grouper.privs.NamingResolverDecorator, edu.internet2.middleware.grouper.privs.NamingResolver
    public boolean hqlFilterStemsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder sb, String str, Set<Privilege> set) {
        if (isAndUseWheel(subject)) {
            return false;
        }
        if (isAndUseWheelReadonly(subject) && set != null && set.contains(NamingPrivilege.STEM_ATTR_READ)) {
            return false;
        }
        return super.getDecoratedResolver().hqlFilterStemsWhereClause(subject, hqlQuery, sb, str, set);
    }

    @Override // edu.internet2.middleware.grouper.privs.NamingResolverDecorator, edu.internet2.middleware.grouper.privs.NamingResolver
    public Set<Stem> postHqlFilterStems(Set<Stem> set, Subject subject, Set<Privilege> set2) {
        return isAndUseWheel(subject) ? set : (isAndUseWheelReadonly(subject) && set2 != null && set2.contains(NamingPrivilege.STEM_ATTR_READ)) ? set : super.getDecoratedResolver().postHqlFilterStems(set, subject, set2);
    }

    private Boolean getFromIsWheelMemberCache(Subject subject) {
        return WheelCache.getFromIsWheelMemberCache(subject);
    }

    private Boolean getFromIsWheelViewonlyMemberCache(Subject subject) {
        return WheelCache.getFromIsWheelViewonlyMemberCache(subject);
    }

    private Boolean getFromIsWheelReadonlyMemberCache(Subject subject) {
        return WheelCache.getFromIsWheelReadonlyMemberCache(subject);
    }
}
