package edu.internet2.middleware.grouper.privs;

import edu.internet2.middleware.grouper.Field;
import edu.internet2.middleware.grouper.FieldType;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.Member;
import edu.internet2.middleware.grouper.MemberFinder;
import edu.internet2.middleware.grouper.Membership;
import edu.internet2.middleware.grouper.MembershipFinder;
import edu.internet2.middleware.grouper.Stem;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.grouper.exception.GrantPrivilegeAlreadyExistsException;
import edu.internet2.middleware.grouper.exception.GrantPrivilegeException;
import edu.internet2.middleware.grouper.exception.GrouperException;
import edu.internet2.middleware.grouper.exception.GrouperSessionException;
import edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException;
import edu.internet2.middleware.grouper.exception.MemberAddAlreadyExistsException;
import edu.internet2.middleware.grouper.exception.MemberAddException;
import edu.internet2.middleware.grouper.exception.MemberDeleteAlreadyDeletedException;
import edu.internet2.middleware.grouper.exception.MemberDeleteException;
import edu.internet2.middleware.grouper.exception.MembershipAlreadyExistsException;
import edu.internet2.middleware.grouper.exception.RevokePrivilegeAlreadyRevokedException;
import edu.internet2.middleware.grouper.exception.RevokePrivilegeException;
import edu.internet2.middleware.grouper.exception.SchemaException;
import edu.internet2.middleware.grouper.exception.StemNotFoundException;
import edu.internet2.middleware.grouper.internal.dao.MembershipDAO;
import edu.internet2.middleware.grouper.internal.util.GrouperUuid;
import edu.internet2.middleware.grouper.membership.MembershipType;
import edu.internet2.middleware.grouper.misc.GrouperDAOFactory;
import edu.internet2.middleware.grouper.misc.GrouperSessionHandler;
import edu.internet2.middleware.grouper.subj.SubjectHelper;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;

/* loaded from: input_file:WEB-INF/lib/grouper-4.3.0.jar:edu/internet2/middleware/grouper/privs/GrouperNonDbNamingAdapter.class */
public class GrouperNonDbNamingAdapter extends BaseNamingAdapter {
    protected static Map<Privilege, String> priv2list = new HashMap();
    private static final Log LOG;

    @Override // edu.internet2.middleware.grouper.privs.NamingAdapter
    public Set<Stem> getStemsWhereSubjectDoesntHavePrivilege(GrouperSession grouperSession, String str, Stem.Scope scope, Subject subject, Privilege privilege, boolean z, String str2) {
        GrouperSession.validate(grouperSession);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.addAll(GrouperPrivilegeAdapter.internal_getStemsWhereSubjectDoesntHavePriv(grouperSession, str, scope, subject, privilege, z, str2));
        return linkedHashSet;
    }

    @Override // edu.internet2.middleware.grouper.privs.NamingAdapter
    public Set getSubjectsWithPriv(GrouperSession grouperSession, Stem stem, Privilege privilege) throws SchemaException {
        GrouperSession.validate(grouperSession);
        return MembershipFinder.internal_findSubjectsStemPriv(grouperSession, stem, privilege.getField());
    }

    @Override // edu.internet2.middleware.grouper.privs.NamingAdapter
    public Set getStemsWhereSubjectHasPriv(GrouperSession grouperSession, Subject subject, Privilege privilege) throws SchemaException {
        GrouperSession.validate(grouperSession);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        try {
            linkedHashSet.addAll(GrouperPrivilegeAdapter.internal_getStemsWhereSubjectHasPriv(grouperSession, MemberFinder.findBySubject(grouperSession, subject, true), privilege.getField()));
        } catch (StemNotFoundException e) {
            LOG.error("membership stem not found: " + e.getMessage());
        }
        return linkedHashSet;
    }

    @Override // edu.internet2.middleware.grouper.privs.NamingAdapter
    public Set<NamingPrivilege> getPrivs(GrouperSession grouperSession, Stem stem, Subject subject) {
        GrouperSession.validate(grouperSession);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        try {
            Member findBySubject = MemberFinder.findBySubject(grouperSession, subject, true);
            Member internal_findAllMember = MemberFinder.internal_findAllMember();
            MembershipDAO membership = GrouperDAOFactory.getFactory().getMembership();
            for (Privilege privilege : Privilege.getNamingPrivs()) {
                Field field = privilege.getField();
                linkedHashSet.addAll(GrouperPrivilegeAdapter.internal_getPrivs(grouperSession, stem, subject, findBySubject, privilege, membership.findAllByStemOwnerAndMemberAndField(stem.getUuid(), findBySubject.getUuid(), field, true).iterator()));
                if (!findBySubject.equals(internal_findAllMember)) {
                    linkedHashSet.addAll(GrouperPrivilegeAdapter.internal_getPrivs(grouperSession, stem, subject, internal_findAllMember, privilege, membership.findAllByStemOwnerAndMemberAndField(stem.getUuid(), internal_findAllMember.getUuid(), field, true).iterator()));
                }
            }
        } catch (SchemaException e) {
            LOG.error(e.getMessage());
        }
        return linkedHashSet;
    }

    @Override // edu.internet2.middleware.grouper.privs.NamingAdapter
    public void grantPriv(GrouperSession grouperSession, final Stem stem, final Subject subject, final Privilege privilege, final String str) throws GrantPrivilegeException, InsufficientPrivilegeException, SchemaException {
        GrouperSession.validate(grouperSession);
        try {
            GrouperSession.callbackGrouperSession(grouperSession, new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.privs.GrouperNonDbNamingAdapter.1
                @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
                public Object callback(GrouperSession grouperSession2) throws GrouperSessionException {
                    try {
                        Field field = privilege.getField();
                        PrivilegeHelper.dispatch(GrouperSession.staticGrouperSession(), stem, grouperSession2.getSubject(), field.getWritePriv());
                        if (!field.getType().equals(FieldType.NAMING)) {
                            throw new SchemaException("invalid field type: " + field.getType());
                        }
                        Membership.internal_addImmediateMembership(grouperSession2, stem, subject, field, str);
                        return null;
                    } catch (InsufficientPrivilegeException e) {
                        throw new GrouperSessionException(e);
                    } catch (MemberAddAlreadyExistsException e2) {
                        throw new GrouperSessionException(new GrantPrivilegeAlreadyExistsException(e2.getMessage(), e2));
                    } catch (MemberAddException e3) {
                        throw new GrouperSessionException(new GrantPrivilegeException(e3.getMessage(), e3));
                    } catch (SchemaException e4) {
                        throw new GrouperSessionException(e4);
                    }
                }
            });
        } catch (GrouperSessionException e) {
            if (e.getCause() instanceof GrantPrivilegeException) {
                throw ((GrantPrivilegeException) e.getCause());
            }
            if (e.getCause() instanceof SchemaException) {
                throw ((SchemaException) e.getCause());
            }
            if (!(e.getCause() instanceof InsufficientPrivilegeException)) {
                throw e;
            }
            throw ((InsufficientPrivilegeException) e.getCause());
        }
    }

    @Override // edu.internet2.middleware.grouper.privs.NamingAdapter
    public boolean hasPriv(GrouperSession grouperSession, Stem stem, Subject subject, Privilege privilege) throws SchemaException {
        GrouperSession.validate(grouperSession);
        return MemberFinder.findBySubject(grouperSession, subject, true).isMember(stem.getUuid(), privilege.getField());
    }

    @Override // edu.internet2.middleware.grouper.privs.NamingAdapter
    public void privilegeCopy(GrouperSession grouperSession, Stem stem, Stem stem2, Privilege privilege) throws InsufficientPrivilegeException, GrantPrivilegeException, SchemaException {
        GrouperSession.validate(grouperSession);
        Field field = privilege.getField();
        PrivilegeHelper.dispatch(grouperSession, stem, grouperSession.getSubject(), field.getReadPriv());
        Iterator<Membership> it = GrouperDAOFactory.getFactory().getMembership().findAllByStemOwnerAndFieldAndType(stem.getUuid(), field, MembershipType.IMMEDIATE.getTypeString(), false).iterator();
        while (it.hasNext()) {
            Membership clone = it.next().clone();
            clone.setOwnerStemId(stem2.getUuid());
            clone.setCreatorUuid(grouperSession.getMemberUuid());
            clone.setCreateTimeLong(new Date().getTime());
            clone.setImmediateMembershipId(GrouperUuid.getUuid());
            clone.setHibernateVersionNumber(-1L);
            try {
                GrouperDAOFactory.getFactory().getMembership().save(clone);
            } catch (MembershipAlreadyExistsException e) {
            }
        }
    }

    @Override // edu.internet2.middleware.grouper.privs.NamingAdapter
    public void privilegeCopy(GrouperSession grouperSession, Subject subject, Subject subject2, Privilege privilege) throws InsufficientPrivilegeException, GrantPrivilegeException, SchemaException {
        GrouperSession.validate(grouperSession);
        Field field = privilege.getField();
        Set<Membership> findAllImmediateByMemberAndField = GrouperDAOFactory.getFactory().getMembership().findAllImmediateByMemberAndField(MemberFinder.findBySubject(grouperSession, subject, true).getUuid(), field, false);
        if (findAllImmediateByMemberAndField.size() == 0) {
            return;
        }
        Member findBySubject = MemberFinder.findBySubject(grouperSession, subject2, true);
        for (Membership membership : findAllImmediateByMemberAndField) {
            try {
                PrivilegeHelper.dispatch(grouperSession, membership.getStem(), grouperSession.getSubject(), field.getWritePriv());
                Membership clone = membership.clone();
                clone.setMemberUuid(findBySubject.getUuid());
                clone.setMember(findBySubject);
                clone.setCreatorUuid(grouperSession.getMemberUuid());
                clone.setCreateTimeLong(new Date().getTime());
                clone.setImmediateMembershipId(GrouperUuid.getUuid());
                clone.setHibernateVersionNumber(-1L);
                try {
                    GrouperDAOFactory.getFactory().getMembership().save(clone);
                } catch (MembershipAlreadyExistsException e) {
                }
            } catch (StemNotFoundException e2) {
                throw new GrouperException(e2.getMessage(), e2);
            }
        }
    }

    @Override // edu.internet2.middleware.grouper.privs.NamingAdapter
    public void revokePriv(GrouperSession grouperSession, Stem stem, Privilege privilege) throws InsufficientPrivilegeException, RevokePrivilegeException, SchemaException {
        GrouperSession.validate(grouperSession);
        Field field = privilege.getField();
        PrivilegeHelper.dispatch(GrouperSession.staticGrouperSession(), stem, grouperSession.getSubject(), field.getWritePriv());
        if (!field.getType().equals(FieldType.NAMING)) {
            throw new SchemaException("invalid field type: " + field.getType());
        }
        try {
            Membership.internal_deleteAllField(grouperSession, stem, field);
        } catch (MemberDeleteException e) {
            throw new RevokePrivilegeException(e.getMessage(), e);
        }
    }

    @Override // edu.internet2.middleware.grouper.privs.NamingAdapter
    public void revokePriv(GrouperSession grouperSession, Stem stem, Subject subject, Privilege privilege) throws InsufficientPrivilegeException, RevokePrivilegeException, SchemaException {
        GrouperSession.validate(grouperSession);
        Field field = privilege.getField();
        PrivilegeHelper.dispatch(GrouperSession.staticGrouperSession(), stem, grouperSession.getSubject(), field.getWritePriv());
        if (!field.getType().equals(FieldType.NAMING)) {
            throw new SchemaException("invalid field type: " + field.getType());
        }
        try {
            Membership.internal_delImmediateMembership(grouperSession, stem, subject, field);
        } catch (MemberDeleteAlreadyDeletedException e) {
            throw new RevokePrivilegeAlreadyRevokedException(e.getMessage(), e);
        } catch (MemberDeleteException e2) {
            throw new RevokePrivilegeException(e2.getMessage(), e2);
        }
    }

    @Override // edu.internet2.middleware.grouper.privs.NamingAdapter
    public void revokeAllPrivilegesForSubject(GrouperSession grouperSession, Subject subject) {
        GrouperSession.validate(grouperSession);
        if (!SubjectHelper.eq(SubjectFinder.findRootSubject(), grouperSession.getSubject())) {
            throw new InsufficientPrivilegeException();
        }
        Iterator<Membership> it = GrouperDAOFactory.getFactory().getMembership().findAllImmediateByMemberAndFieldType(MemberFinder.findBySubject(grouperSession, subject, true).getUuid(), FieldType.NAMING.getType(), false).iterator();
        while (it.hasNext()) {
            it.next().delete();
        }
    }

    @Override // edu.internet2.middleware.grouper.privs.NamingAdapter
    public Set<Stem> getStemsWhereSubjectDoesHavePrivilege(GrouperSession grouperSession, String str, Stem.Scope scope, Subject subject, Privilege privilege, boolean z, String str2) {
        GrouperSession.validate(grouperSession);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.addAll(GrouperPrivilegeAdapter.internal_getStemsWhereSubjectDoesHavePriv(grouperSession, str, scope, subject, privilege, z, str2));
        return linkedHashSet;
    }

    static {
        priv2list.put(NamingPrivilege.STEM_VIEW, Field.FIELD_NAME_STEM_VIEWERS);
        priv2list.put(NamingPrivilege.CREATE, Field.FIELD_NAME_CREATORS);
        priv2list.put(NamingPrivilege.STEM_ADMIN, Field.FIELD_NAME_STEM_ADMINS);
        priv2list.put(NamingPrivilege.STEM_ATTR_READ, Field.FIELD_NAME_STEM_ATTR_READERS);
        priv2list.put(NamingPrivilege.STEM_ATTR_UPDATE, Field.FIELD_NAME_STEM_ATTR_UPDATERS);
        LOG = GrouperUtil.getLog(GrouperNonDbNamingAdapter.class);
    }
}
