package edu.internet2.middleware.grouper.privs;

import edu.internet2.middleware.grouper.Field;
import edu.internet2.middleware.grouper.FieldFinder;
import edu.internet2.middleware.grouper.FieldType;
import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.Member;
import edu.internet2.middleware.grouper.MemberFinder;
import edu.internet2.middleware.grouper.Membership;
import edu.internet2.middleware.grouper.MembershipFinder;
import edu.internet2.middleware.grouper.Stem;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.grouper.exception.GrantPrivilegeAlreadyExistsException;
import edu.internet2.middleware.grouper.exception.GrantPrivilegeException;
import edu.internet2.middleware.grouper.exception.GroupNotFoundException;
import edu.internet2.middleware.grouper.exception.GrouperException;
import edu.internet2.middleware.grouper.exception.GrouperSessionException;
import edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException;
import edu.internet2.middleware.grouper.exception.MemberAddAlreadyExistsException;
import edu.internet2.middleware.grouper.exception.MemberAddException;
import edu.internet2.middleware.grouper.exception.MemberDeleteAlreadyDeletedException;
import edu.internet2.middleware.grouper.exception.MemberDeleteException;
import edu.internet2.middleware.grouper.exception.MembershipAlreadyExistsException;
import edu.internet2.middleware.grouper.exception.RevokePrivilegeAlreadyRevokedException;
import edu.internet2.middleware.grouper.exception.RevokePrivilegeException;
import edu.internet2.middleware.grouper.exception.SchemaException;
import edu.internet2.middleware.grouper.internal.dao.QueryOptions;
import edu.internet2.middleware.grouper.internal.dao.QueryPaging;
import edu.internet2.middleware.grouper.internal.dao.QuerySort;
import edu.internet2.middleware.grouper.internal.util.GrouperUuid;
import edu.internet2.middleware.grouper.membership.MembershipType;
import edu.internet2.middleware.grouper.misc.GrouperDAOFactory;
import edu.internet2.middleware.grouper.misc.GrouperSessionHandler;
import edu.internet2.middleware.grouper.subj.LazySubject;
import edu.internet2.middleware.grouper.subj.SubjectHelper;
import edu.internet2.middleware.grouper.ui.customUi.CustomUiUserQueryConfigBean;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.grouperClient.collections.MultiKey;
import edu.internet2.middleware.subject.Subject;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import org.apache.commons.logging.Log;

/* loaded from: input_file:WEB-INF/lib/grouper-4.10.2.jar:edu/internet2/middleware/grouper/privs/GrouperNonDbAccessAdapter.class */
public class GrouperNonDbAccessAdapter extends BaseAccessAdapter implements AccessAdapter {
    protected static final Map<Privilege, String> priv2list;
    private static final Log LOG;

    @Override // edu.internet2.middleware.grouper.privs.AccessAdapter
    public Set getSubjectsWithPriv(GrouperSession grouperSession, Group group, Privilege privilege) throws SchemaException {
        GrouperSession.validate(grouperSession);
        return MembershipFinder.internal_findGroupSubjects(grouperSession, group, FieldFinder.find(privilege.getListName(), true));
    }

    @Override // edu.internet2.middleware.grouper.privs.AccessAdapter
    public Set<Group> getGroupsWhereSubjectHasPriv(GrouperSession grouperSession, Subject subject, Privilege privilege) throws SchemaException {
        GrouperSession.validate(grouperSession);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        try {
            linkedHashSet.addAll(GrouperPrivilegeAdapter.internal_getGroupsWhereSubjectHasPriv(grouperSession, MemberFinder.findBySubject(grouperSession, subject, true), privilege.getField()));
        } catch (GroupNotFoundException e) {
            LOG.error("membership group not found: " + e.getMessage());
        }
        return linkedHashSet;
    }

    @Override // edu.internet2.middleware.grouper.privs.AccessAdapter
    public Set<Group> getGroupsWhereSubjectDoesntHavePrivilege(GrouperSession grouperSession, String str, Stem.Scope scope, Subject subject, Privilege privilege, boolean z, String str2) {
        GrouperSession.validate(grouperSession);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.addAll(GrouperPrivilegeAdapter.internal_getGroupsWhereSubjectDoesntHavePriv(grouperSession, str, scope, subject, privilege, z, str2));
        return linkedHashSet;
    }

    @Override // edu.internet2.middleware.grouper.privs.AccessAdapter
    public Set<Stem> getStemsWhereGroupThatSubjectHasPrivilege(GrouperSession grouperSession, Subject subject, Privilege privilege) {
        GrouperSession.validate(grouperSession);
        return GrouperPrivilegeAdapter.internal_getStemsWithGroupsWhereSubjectHasPriv(grouperSession, MemberFinder.findBySubject(grouperSession, subject, true), privilege.getField());
    }

    @Override // edu.internet2.middleware.grouper.privs.AccessAdapter
    public Set getPrivs(GrouperSession grouperSession, Group group, Subject subject) {
        GrouperSession.validate(grouperSession);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        try {
            Member findBySubject = MemberFinder.findBySubject(grouperSession, subject, true);
            linkedHashSet.addAll(GrouperPrivilegeAdapter.internal_getPrivs(grouperSession, group, subject, findBySubject, null, GrouperDAOFactory.getFactory().getMembership().findAllByGroupOwnerAndMember(group.getUuid(), findBySubject.getUuid(), true).iterator()));
        } catch (SchemaException e) {
            LOG.error(e.getMessage());
        }
        return linkedHashSet;
    }

    @Override // edu.internet2.middleware.grouper.privs.AccessAdapter
    public void grantPriv(GrouperSession grouperSession, final Group group, final Subject subject, final Privilege privilege, final String str) throws GrantPrivilegeException, InsufficientPrivilegeException, SchemaException {
        try {
            GrouperSession.callbackGrouperSession(grouperSession, new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.privs.GrouperNonDbAccessAdapter.1
                @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
                public Object callback(GrouperSession grouperSession2) throws GrouperSessionException {
                    try {
                        GrouperSession.validate(grouperSession2);
                        Field field = privilege.getField();
                        if (!FieldType.ACCESS.equals(field.getType())) {
                            throw new SchemaException("invalid field type: " + field.getType());
                        }
                        if (!group.internal_canWriteField(grouperSession2.getSubject(), field)) {
                            throw new GrouperSessionException(new InsufficientPrivilegeException());
                        }
                        Membership.internal_addImmediateMembership(grouperSession2, group, subject, field, str, null, null);
                        return null;
                    } catch (MemberAddException e) {
                        if (e instanceof MemberAddAlreadyExistsException) {
                            throw new GrouperSessionException(new GrantPrivilegeAlreadyExistsException(e.getMessage(), e));
                        }
                        throw new GrouperSessionException(new GrantPrivilegeException(e.getMessage(), e));
                    } catch (SchemaException e2) {
                        throw new GrouperSessionException(e2);
                    }
                }
            });
        } catch (GrouperSessionException e) {
            if (e.getCause() instanceof GrantPrivilegeException) {
                throw ((GrantPrivilegeException) e.getCause());
            }
            if (e.getCause() instanceof InsufficientPrivilegeException) {
                throw ((InsufficientPrivilegeException) e.getCause());
            }
            if (!(e.getCause() instanceof SchemaException)) {
                throw e;
            }
            throw ((SchemaException) e.getCause());
        }
    }

    @Override // edu.internet2.middleware.grouper.privs.AccessAdapter
    public boolean hasPriv(GrouperSession grouperSession, Group group, Subject subject, Privilege privilege) throws SchemaException {
        GrouperSession.validate(grouperSession);
        return MemberFinder.findBySubject(grouperSession, subject, true).isMember(group, privilege.getField());
    }

    @Override // edu.internet2.middleware.grouper.privs.AccessAdapter
    public void privilegeCopy(GrouperSession grouperSession, Group group, Group group2, Privilege privilege) throws InsufficientPrivilegeException, GrantPrivilegeException, SchemaException {
        GrouperSession.validate(grouperSession);
        Field field = privilege.getField();
        PrivilegeHelper.dispatch(grouperSession, group, grouperSession.getSubject(), field.getReadPriv());
        Iterator<Membership> it = GrouperDAOFactory.getFactory().getMembership().findAllByGroupOwnerAndFieldAndType(group.getUuid(), field, MembershipType.IMMEDIATE.getTypeString(), false).iterator();
        while (it.hasNext()) {
            Membership clone = it.next().clone();
            clone.setOwnerGroupId(group2.getUuid());
            clone.setCreatorUuid(grouperSession.getMemberUuid());
            clone.setCreateTimeLong(new Date().getTime());
            clone.setImmediateMembershipId(GrouperUuid.getUuid());
            clone.setHibernateVersionNumber(-1L);
            try {
                GrouperDAOFactory.getFactory().getMembership().save(clone);
            } catch (MembershipAlreadyExistsException e) {
            }
        }
    }

    @Override // edu.internet2.middleware.grouper.privs.AccessAdapter
    public void privilegeCopy(GrouperSession grouperSession, Subject subject, Subject subject2, Privilege privilege) throws InsufficientPrivilegeException, GrantPrivilegeException, SchemaException {
        GrouperSession.validate(grouperSession);
        Field field = privilege.getField();
        Set<Membership> findAllImmediateByMemberAndField = GrouperDAOFactory.getFactory().getMembership().findAllImmediateByMemberAndField(MemberFinder.findBySubject(grouperSession, subject, true).getUuid(), field, false);
        if (findAllImmediateByMemberAndField.size() == 0) {
            return;
        }
        Member findBySubject = MemberFinder.findBySubject(grouperSession, subject2, true);
        for (Membership membership : findAllImmediateByMemberAndField) {
            try {
                PrivilegeHelper.dispatch(grouperSession, membership.getOwnerGroup(), grouperSession.getSubject(), field.getWritePriv());
                Membership clone = membership.clone();
                clone.setMemberUuid(findBySubject.getUuid());
                clone.setMember(findBySubject);
                clone.setCreatorUuid(grouperSession.getMemberUuid());
                clone.setCreateTimeLong(new Date().getTime());
                clone.setImmediateMembershipId(GrouperUuid.getUuid());
                clone.setHibernateVersionNumber(-1L);
                try {
                    GrouperDAOFactory.getFactory().getMembership().save(clone);
                } catch (MembershipAlreadyExistsException e) {
                }
            } catch (GroupNotFoundException e2) {
                throw new GrouperException(e2.getMessage(), e2);
            }
        }
    }

    @Override // edu.internet2.middleware.grouper.privs.AccessAdapter
    public void revokePriv(GrouperSession grouperSession, Group group, Privilege privilege) throws InsufficientPrivilegeException, RevokePrivilegeException, SchemaException {
        GrouperSession.validate(grouperSession);
        Field field = privilege.getField();
        if (!FieldType.ACCESS.equals(field.getType())) {
            throw new SchemaException("invalid field type: " + field.getType());
        }
        if (!group.internal_canWriteField(grouperSession.getSubject(), field)) {
            throw new InsufficientPrivilegeException();
        }
        try {
            Membership.internal_deleteAllField(grouperSession, group, field);
        } catch (MemberDeleteException e) {
            throw new RevokePrivilegeException(e.getMessage(), e);
        }
    }

    @Override // edu.internet2.middleware.grouper.privs.AccessAdapter
    public void revokePriv(GrouperSession grouperSession, Group group, Subject subject, Privilege privilege) throws InsufficientPrivilegeException, RevokePrivilegeException, SchemaException {
        GrouperSession.validate(grouperSession);
        Field field = privilege.getField();
        if (!FieldType.ACCESS.equals(field.getType())) {
            throw new SchemaException("invalid field type: " + field.getType());
        }
        if (!group.internal_canWriteField(grouperSession.getSubject(), field)) {
            throw new InsufficientPrivilegeException();
        }
        try {
            Membership.internal_delImmediateMembership(grouperSession, group, subject, field);
        } catch (MemberDeleteAlreadyDeletedException e) {
            throw new RevokePrivilegeAlreadyRevokedException(e.getMessage(), e);
        } catch (MemberDeleteException e2) {
            throw new RevokePrivilegeException(e2.getMessage(), e2);
        }
    }

    @Override // edu.internet2.middleware.grouper.privs.AccessAdapter
    public void revokeAllPrivilegesForSubject(GrouperSession grouperSession, Subject subject) {
        GrouperSession.validate(grouperSession);
        if (!SubjectHelper.eq(SubjectFinder.findRootSubject(), grouperSession.getSubject())) {
            throw new InsufficientPrivilegeException();
        }
        Iterator<Membership> it = GrouperDAOFactory.getFactory().getMembership().findAllImmediateByMemberAndFieldType(MemberFinder.findBySubject(grouperSession, subject, true).getUuid(), FieldType.ACCESS.getType(), false).iterator();
        while (it.hasNext()) {
            it.next().delete();
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // edu.internet2.middleware.grouper.privs.AccessAdapter
    public Set<PrivilegeSubjectContainer> retrievePrivileges(GrouperSession grouperSession, Group group, Set<Privilege> set, MembershipType membershipType, QueryPaging queryPaging, Set<Member> set2) {
        LinkedHashMap linkedHashMap = null;
        if (LOG.isDebugEnabled()) {
            linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("groupId", group.getId());
            linkedHashMap.put(CustomUiUserQueryConfigBean.FIELD_GROUP_NAME, group.getName());
            if (GrouperUtil.length(set) > 0) {
                linkedHashMap.put("privileges", GrouperUtil.collectionToString(set));
            }
            if (membershipType != null) {
                linkedHashMap.put("membershipType", membershipType.name());
            }
            linkedHashMap.put("additionalMembersSize", Integer.valueOf(GrouperUtil.length(set2)));
            if (queryPaging != null) {
                linkedHashMap.put("queryPaging", queryPaging);
            }
        }
        try {
            try {
                GrouperSession.validate(grouperSession);
                if (!grouperSession.getMember().hasAdmin(group)) {
                    throw new InsufficientPrivilegeException("Subject: " + GrouperUtil.subjectToString(grouperSession.getSubject()) + " does not have admin on group: " + group.getName());
                }
                LinkedHashSet linkedHashSet = null;
                if (GrouperUtil.length(set) > 0) {
                    linkedHashSet = new LinkedHashSet();
                    Iterator<Privilege> it = set.iterator();
                    while (it.hasNext()) {
                        linkedHashSet.add(it.next().getField());
                    }
                }
                Set<Object[]> set3 = null;
                QuerySort querySort = new QuerySort("m.subjectIdDb", true);
                querySort.insertSortToBeginning("m.subjectSourceIdDb", true);
                QueryOptions queryOptions = new QueryOptions();
                queryOptions.sort(querySort);
                if (queryPaging != null) {
                    queryOptions.paging(queryPaging);
                    queryPaging.setCacheTotalCount(false);
                    List<Member> findAllMembersByGroupOwnerOptions = GrouperDAOFactory.getFactory().getMembership().findAllMembersByGroupOwnerOptions(group.getId(), membershipType, linkedHashSet, null, true, queryOptions);
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put("membersSize", Integer.valueOf(GrouperUtil.length(findAllMembersByGroupOwnerOptions)));
                    }
                    if (GrouperUtil.length(findAllMembersByGroupOwnerOptions) > 0) {
                        ArrayList arrayList = new ArrayList();
                        Iterator<Member> it2 = findAllMembersByGroupOwnerOptions.iterator();
                        while (it2.hasNext()) {
                            arrayList.add(it2.next().getUuid());
                        }
                        QueryOptions queryOptions2 = new QueryOptions();
                        queryOptions2.sort(querySort);
                        set3 = GrouperDAOFactory.getFactory().getMembership().findAllByGroupOwnerOptions(group.getId(), arrayList, membershipType, linkedHashSet, null, true, queryOptions2);
                        if (LOG.isDebugEnabled()) {
                            linkedHashMap.put("membershipsSize", Integer.valueOf(GrouperUtil.length(set3)));
                        }
                    }
                } else {
                    set3 = GrouperDAOFactory.getFactory().getMembership().findAllByGroupOwnerOptions(group.getId(), membershipType, linkedHashSet, null, true, queryOptions);
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put("membershipsSize", Integer.valueOf(GrouperUtil.length(set3)));
                    }
                }
                Set<Object[]> nonNull = GrouperUtil.nonNull((Set) set3);
                LinkedHashSet linkedHashSet2 = new LinkedHashSet();
                HashMap hashMap = new HashMap();
                if (GrouperUtil.length(set2) > 0 && GrouperUtil.length(set2) > 0) {
                    ArrayList arrayList2 = new ArrayList();
                    for (Member member : set2) {
                        arrayList2.add(member.getUuid());
                        PrivilegeSubjectContainerImpl privilegeSubjectContainerImpl = new PrivilegeSubjectContainerImpl();
                        privilegeSubjectContainerImpl.setSubject(new LazySubject(member));
                        linkedHashSet2.add(privilegeSubjectContainerImpl);
                        hashMap.put(new MultiKey(member.getSubjectSourceId(), member.getSubjectId()), privilegeSubjectContainerImpl);
                    }
                    Set<Object[]> findAllByGroupOwnerOptions = GrouperDAOFactory.getFactory().getMembership().findAllByGroupOwnerOptions(group.getId(), arrayList2, membershipType, linkedHashSet, null, true, null);
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put("additionalMembershipsSize", Integer.valueOf(GrouperUtil.length(findAllByGroupOwnerOptions)));
                    }
                    if (GrouperUtil.length(findAllByGroupOwnerOptions) > 0) {
                        LinkedHashSet linkedHashSet3 = new LinkedHashSet(findAllByGroupOwnerOptions);
                        linkedHashSet3.addAll(nonNull);
                        nonNull = linkedHashSet3;
                    }
                }
                if (GrouperUtil.length(nonNull) > 0) {
                    HashMap hashMap2 = new HashMap();
                    HashMap hashMap3 = new HashMap();
                    for (Object[] objArr : nonNull) {
                        Member member2 = (Member) objArr[1];
                        MultiKey multiKey = new MultiKey(member2.getSubjectSourceId(), member2.getSubjectId());
                        if (((PrivilegeSubjectContainerImpl) hashMap.get(multiKey)) == null) {
                            PrivilegeSubjectContainerImpl privilegeSubjectContainerImpl2 = new PrivilegeSubjectContainerImpl();
                            privilegeSubjectContainerImpl2.setSubject(new LazySubject(member2));
                            hashMap.put(multiKey, privilegeSubjectContainerImpl2);
                            linkedHashSet2.add(privilegeSubjectContainerImpl2);
                        }
                        Membership membership = (Membership) objArr[0];
                        List list = (List) hashMap2.get(multiKey);
                        if (list == null) {
                            list = new ArrayList();
                            hashMap2.put(multiKey, list);
                        }
                        list.add(objArr);
                        MultiKey multiKey2 = new MultiKey(member2.getSubjectSourceId(), member2.getSubjectId(), group.getId(), membership.getFieldId());
                        hashMap3.put(multiKey2, PrivilegeAssignType.convertMembership((PrivilegeAssignType) hashMap3.get(multiKey2), membership));
                    }
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put("resultsSize", Integer.valueOf(GrouperUtil.length(linkedHashSet2)));
                    }
                    Iterator it3 = linkedHashSet2.iterator();
                    while (it3.hasNext()) {
                        PrivilegeSubjectContainerImpl privilegeSubjectContainerImpl3 = (PrivilegeSubjectContainerImpl) ((PrivilegeSubjectContainer) it3.next());
                        privilegeSubjectContainerImpl3.setPrivilegeContainers(new TreeMap());
                        Subject subject = privilegeSubjectContainerImpl3.getSubject();
                        List<Object[]> list2 = (List) hashMap2.get(new MultiKey(subject.getSourceId(), subject.getId()));
                        if (list2 != null) {
                            for (Object[] objArr2 : list2) {
                                Membership membership2 = (Membership) objArr2[0];
                                Member member3 = (Member) objArr2[1];
                                Field findById = FieldFinder.findById(membership2.getFieldId(), true);
                                Privilege listToPriv = AccessPrivilege.listToPriv(findById.getName());
                                if (listToPriv == null) {
                                    throw new RuntimeException("Privilege not found by list name! " + findById.getName());
                                }
                                String name = listToPriv.getName();
                                if (privilegeSubjectContainerImpl3.getPrivilegeContainers().get(name) == null) {
                                    PrivilegeContainerImpl privilegeContainerImpl = new PrivilegeContainerImpl();
                                    privilegeContainerImpl.setPrivilegeName(name);
                                    PrivilegeAssignType privilegeAssignType = (PrivilegeAssignType) hashMap3.get(new MultiKey(member3.getSubjectSourceId(), member3.getSubjectId(), group.getId(), membership2.getFieldId()));
                                    if (privilegeAssignType == null) {
                                        throw new RuntimeException("Why is result not there???");
                                    }
                                    privilegeContainerImpl.setPrivilegeAssignType(privilegeAssignType);
                                    privilegeSubjectContainerImpl3.getPrivilegeContainers().put(name, privilegeContainerImpl);
                                }
                            }
                        }
                    }
                }
                if (LOG.isDebugEnabled() && 0 == 0) {
                    LOG.debug(GrouperUtil.mapToString(linkedHashMap));
                }
                return linkedHashSet2;
            } catch (RuntimeException e) {
                LOG.error(GrouperUtil.mapToString(linkedHashMap), e);
                throw e;
            }
        } catch (Throwable th) {
            if (LOG.isDebugEnabled() && 0 == 0) {
                LOG.debug(GrouperUtil.mapToString(linkedHashMap));
            }
            throw th;
        }
    }

    @Override // edu.internet2.middleware.grouper.privs.AccessAdapter
    public Set<Group> getGroupsWhereSubjectDoesHavePrivilege(GrouperSession grouperSession, String str, Stem.Scope scope, Subject subject, Privilege privilege, boolean z, String str2) {
        GrouperSession.validate(grouperSession);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.addAll(GrouperPrivilegeAdapter.internal_getGroupsWhereSubjectDoesHavePriv(grouperSession, str, scope, subject, privilege, z, str2));
        return linkedHashSet;
    }

    static {
        HashMap hashMap = new HashMap();
        hashMap.put(AccessPrivilege.ADMIN, Field.FIELD_NAME_ADMINS);
        hashMap.put(AccessPrivilege.OPTIN, Field.FIELD_NAME_OPTINS);
        hashMap.put(AccessPrivilege.OPTOUT, Field.FIELD_NAME_OPTOUTS);
        hashMap.put(AccessPrivilege.READ, Field.FIELD_NAME_READERS);
        hashMap.put(AccessPrivilege.UPDATE, Field.FIELD_NAME_UPDATERS);
        hashMap.put(AccessPrivilege.VIEW, Field.FIELD_NAME_VIEWERS);
        hashMap.put(AccessPrivilege.GROUP_ATTR_READ, Field.FIELD_NAME_GROUP_ATTR_READERS);
        hashMap.put(AccessPrivilege.GROUP_ATTR_UPDATE, Field.FIELD_NAME_GROUP_ATTR_UPDATERS);
        priv2list = Collections.unmodifiableMap(new HashMap(hashMap));
        LOG = GrouperUtil.getLog(GrouperNonDbAccessAdapter.class);
    }
}
