package org.tentackle.appworx;

import java.util.Collection;
import java.util.Comparator;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.tentackle.util.ApplicationException;
import org.tentackle.util.Compare;
import org.tentackle.util.StringHelper;

/* loaded from: input_file:org/tentackle/appworx/SecurityManager.class */
public class SecurityManager {
    private static final int GRANT_DEFAULT = 0;
    private static final int GRANT_ACCEPT = 1;
    private static final int GRANT_DENY = 2;
    private static AtomicLong validCount = new AtomicLong(1);
    public static ContextDb serverContextDb = null;
    private static long serverValidCount = 0;
    private static TreeSet<Security> rulesSet;
    private ContextDb contextDb;
    private long userId;
    private TreeMap<ClassKey, Security> classMap;
    private TreeMap<ObjectKey, Security> objectMap;
    private TreeMap<Object2Key, Security> clsObjMap;
    private long lastValid;
    private boolean enabled;
    private boolean acceptByDefault;
    private boolean denyByDefault;
    private ReentrantReadWriteLock lock;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/tentackle/appworx/SecurityManager$ClassKey.class */
    public class ClassKey implements Comparable<ClassKey> {
        String className;
        int priority;

        public ClassKey(Security security) {
            this.className = security.getObjectClass();
            this.priority = security.getPriority();
        }

        public ClassKey(String str, int i) {
            this.className = str;
            this.priority = i;
        }

        @Override // java.lang.Comparable
        public int compareTo(ClassKey classKey) {
            int compareTo = this.className.compareTo(classKey.className);
            if (compareTo == 0) {
                compareTo = this.priority - classKey.priority;
            }
            return compareTo;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/tentackle/appworx/SecurityManager$Object2Key.class */
    public class Object2Key extends ObjectKey {
        public Object2Key(Security security) {
            super(security);
        }

        public Object2Key(String str, long j, int i) {
            super(j, str, i);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.tentackle.appworx.SecurityManager.ObjectKey, java.lang.Comparable
        public int compareTo(ObjectKey objectKey) {
            int compareTo = this.objectClass.compareTo(objectKey.objectClass);
            if (compareTo == 0) {
                compareTo = Compare.compareLong(this.objectId, objectKey.objectId);
            }
            if (compareTo == 0) {
                compareTo = this.priority - objectKey.priority;
            }
            return compareTo;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/tentackle/appworx/SecurityManager$ObjectKey.class */
    public class ObjectKey implements Comparable<ObjectKey> {
        long objectId;
        String objectClass;
        int priority;

        public ObjectKey(Security security) {
            this.objectId = security.getObjectId();
            this.objectClass = security.getObjectClass();
            this.priority = security.getPriority();
        }

        public ObjectKey(long j, String str, int i) {
            this.objectId = j;
            this.objectClass = str;
            this.priority = i;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.Comparable
        public int compareTo(ObjectKey objectKey) {
            int compareLong = Compare.compareLong(this.objectId, objectKey.objectId);
            if (compareLong == 0) {
                compareLong = this.objectClass.compareTo(objectKey.objectClass);
            }
            if (compareLong == 0) {
                compareLong = this.priority - objectKey.priority;
            }
            return compareLong;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/tentackle/appworx/SecurityManager$SecResultImpl.class */
    public class SecResultImpl implements SecurityResult {
        private int grantType;
        private String message;
        private Security security;

        public SecResultImpl(int i, String str, Security security) {
            this.grantType = i;
            this.message = str;
            this.security = security;
        }

        public SecResultImpl() {
            this.grantType = 0;
        }

        @Override // org.tentackle.appworx.SecurityResult
        public Security getSecurity() {
            return this.security;
        }

        @Override // org.tentackle.appworx.SecurityResult
        public String explain(String str) {
            return this.message == null ? str : str + StringHelper.lineSeparatorString + this.message;
        }

        @Override // org.tentackle.appworx.SecurityResult
        public boolean isAccepted() {
            return this.grantType == 1 || (SecurityManager.this.acceptByDefault && this.grantType == 0);
        }

        @Override // org.tentackle.appworx.SecurityResult
        public boolean isDefault() {
            return this.grantType == 0;
        }

        @Override // org.tentackle.appworx.SecurityResult
        public boolean isDenied() {
            return this.grantType == 2 || (SecurityManager.this.denyByDefault && this.grantType == 0);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/tentackle/appworx/SecurityManager$SecurityGranteeComparator.class */
    public static class SecurityGranteeComparator implements Comparator<Security> {
        private SecurityGranteeComparator() {
        }

        @Override // java.util.Comparator
        public int compare(Security security, Security security2) {
            int compareLong = Compare.compareLong(security.getGrantId(), security2.getGrantId());
            if (compareLong == 0) {
                compareLong = Compare.compareLong(security.getId(), security2.getId());
            }
            return compareLong;
        }
    }

    public static void invalidateAll() {
        validCount.incrementAndGet();
    }

    public SecurityManager(ContextDb contextDb, long j) {
        this.acceptByDefault = true;
        this.lock = new ReentrantReadWriteLock();
        this.contextDb = contextDb;
        this.userId = j;
        this.enabled = contextDb != null;
    }

    public SecurityManager(AppDbObject appDbObject) {
        this(appDbObject == null ? null : appDbObject.getContextDb(), appDbObject == null ? 0L : appDbObject.getId());
    }

    public SecurityManager() {
        this(null, 0L);
    }

    public Security newSecurityInstance() {
        return new Security(this.contextDb);
    }

    public Class getSecurityClass() {
        return Security.class;
    }

    public SecurityDialog newSecurityDialogInstance(ContextDb contextDb, int i, Class cls, long j) throws ApplicationException {
        return new SecurityDialog(contextDb, i, cls, j);
    }

    public final SecurityDialog newSecurityDialogInstance(AppDbObject appDbObject) throws ApplicationException {
        return newSecurityDialogInstance(appDbObject.getContextDb(), appDbObject.permissionType(), appDbObject.getClass(), appDbObject.getId());
    }

    public final SecurityDialog newSecurityDialogInstance(ContextDb contextDb, int i, Class cls) throws ApplicationException {
        return newSecurityDialogInstance(contextDb, i, cls, 0L);
    }

    public final SecurityDialog newSecurityDialogInstance(ContextDb contextDb, Class cls) throws ApplicationException {
        return newSecurityDialogInstance(contextDb, 0, cls, 0L);
    }

    public final SecurityDialog newSecurityDialogInstance(ContextDb contextDb) throws ApplicationException {
        return newSecurityDialogInstance(contextDb, 0, getSecurityClass(), 0L);
    }

    public Class getSecurityDialogClass() {
        return SecurityDialog.class;
    }

    public ContextDb getContextDb() {
        return this.contextDb;
    }

    public long getUserId() {
        return this.userId;
    }

    public SecurityResult getSecurityDialogPrivilege() {
        return privilege(getSecurityClass(), this.contextDb, 2);
    }

    /* JADX WARN: Finally extract failed */
    public SecurityResult privilege(Class cls, ContextDb contextDb, long j, int i) {
        if (AppworxGlobal.logger.isFineLoggable()) {
            AppworxGlobal.logger.fine("Checking clazz=" + cls + ", context=" + contextDb.toGenericString() + ", objectId=" + j + ", permission=" + i);
        }
        if (!this.enabled) {
            if (AppworxGlobal.logger.isFineLoggable()) {
                AppworxGlobal.logger.fine("SecurityManager is disabled -> GRANT_DEFAULT");
            }
            return new SecResultImpl();
        }
        if (this.userId == 0) {
            if (AppworxGlobal.logger.isFineLoggable()) {
                AppworxGlobal.logger.fine("user not set -> GRANT_DENY");
            }
            return new SecResultImpl(2, Locales.bundle.getString("user_not_set"), null);
        }
        ReentrantReadWriteLock.ReadLock readLock = this.lock.readLock();
        try {
            readLock.lock();
            if (validCount.get() != this.lastValid) {
                readLock.unlock();
                ReentrantReadWriteLock.WriteLock writeLock = this.lock.writeLock();
                long j2 = validCount.get();
                boolean z = false;
                try {
                    if (j2 != this.lastValid) {
                        writeLock.lock();
                        z = true;
                        this.lastValid = j2;
                        this.enabled = false;
                        if (getContextDb().getDb().isRemote()) {
                            newSecurityInstance().assertRemoteSecurityManagerInitialized();
                        }
                        initialize();
                        this.enabled = true;
                    }
                    readLock.lock();
                    if (z) {
                        writeLock.unlock();
                    }
                } catch (Throwable th) {
                    readLock.lock();
                    if (z) {
                        writeLock.unlock();
                    }
                    throw th;
                }
            }
            String classBaseName = AppDbObject.class.isAssignableFrom(cls) ? StringHelper.getClassBaseName((Class<?>) cls) : cls.getName();
            for (Security security : (j == 0 ? this.classMap.subMap(new ClassKey(classBaseName, 0), new ClassKey(classBaseName, Integer.MAX_VALUE)) : j == -1 ? this.clsObjMap.subMap(new Object2Key(classBaseName, 0L, 0), new Object2Key(classBaseName, Long.MAX_VALUE, Integer.MAX_VALUE)) : this.objectMap.subMap(new ObjectKey(j, classBaseName, 0), new ObjectKey(j, classBaseName, Integer.MAX_VALUE))).values()) {
                if (AppworxGlobal.logger.isFineLoggable()) {
                    AppworxGlobal.logger.fine("evaluate " + security);
                }
                if (security.evaluate(contextDb, i)) {
                    if (AppworxGlobal.logger.isFineLoggable()) {
                        AppworxGlobal.logger.fine(security.getAllowed() ? "-> GRANT_ACCEPT" : "-> GRANT_DENY");
                    }
                    SecResultImpl secResultImpl = new SecResultImpl(security.getAllowed() ? 1 : 2, security.getMessage(), security);
                    readLock.unlock();
                    return secResultImpl;
                }
            }
            if (AppworxGlobal.logger.isFineLoggable()) {
                AppworxGlobal.logger.fine("no rule matched -> GRANT_DEFAULT");
            }
            return new SecResultImpl();
        } finally {
            readLock.unlock();
        }
    }

    public SecurityResult privilege(Class cls, ContextDb contextDb, int i) {
        return privilege(cls, contextDb, 0L, i);
    }

    public SecurityResult privilege(AppDbObject appDbObject, ContextDb contextDb, int i) {
        SecurityResult securityResult = null;
        if (appDbObject != null) {
            if (contextDb == null) {
                contextDb = appDbObject.getContextDb();
            }
            securityResult = privilege(appDbObject.getClass(), contextDb, appDbObject.getId(), i);
            if (securityResult.getSecurity() == null) {
                securityResult = privilege(appDbObject.getClass(), contextDb, i);
            }
        }
        return securityResult == null ? new SecResultImpl() : securityResult;
    }

    public SecurityResult privilege(AppDbObject appDbObject, int i) {
        return privilege(appDbObject, (ContextDb) null, i);
    }

    protected void initialize() {
        this.classMap = new TreeMap<>();
        this.objectMap = new TreeMap<>();
        this.clsObjMap = new TreeMap<>();
        addForGrantId(0L);
        addForGrantId(this.userId);
        if (AppworxGlobal.logger.isFineLoggable()) {
            AppworxGlobal.logger.fine("maps initialized");
        }
    }

    protected void addForGrantId(long j) {
        Collection selectByGrantId;
        if (serverContextDb != null) {
            synchronized (SecurityManager.class) {
                long j2 = validCount.get();
                if (serverValidCount != j2) {
                    rulesSet = new TreeSet<>(new SecurityGranteeComparator());
                    Security newSecurityInstance = newSecurityInstance();
                    newSecurityInstance.setContextDb(serverContextDb);
                    rulesSet.addAll(newSecurityInstance.selectAllInContext());
                    serverValidCount = j2;
                }
                Security newSecurityInstance2 = newSecurityInstance();
                newSecurityInstance2.setGrantId(j);
                Security newSecurityInstance3 = newSecurityInstance();
                newSecurityInstance3.setGrantId(j + 1);
                selectByGrantId = rulesSet.subSet(newSecurityInstance2, newSecurityInstance3);
            }
        } else {
            selectByGrantId = newSecurityInstance().selectByGrantId(j);
        }
        for (Security security : selectByGrantId) {
            if (security.getObjectId() == 0) {
                this.classMap.put(new ClassKey(security), security);
            } else {
                this.objectMap.put(new ObjectKey(security), security);
                this.clsObjMap.put(new Object2Key(security), security);
            }
        }
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    public boolean isAcceptByDefault() {
        return this.acceptByDefault;
    }

    public void setAcceptByDefault(boolean z) {
        this.acceptByDefault = z;
        if (z) {
            setDenyByDefault(false);
        }
    }

    public boolean isDenyByDefault() {
        return this.denyByDefault;
    }

    public void setDenyByDefault(boolean z) {
        this.denyByDefault = z;
        if (z) {
            setAcceptByDefault(false);
        }
    }
}
