package com.documentum.services.config.role;

import com.documentum.fc.client.IDfCollection;
import com.documentum.fc.client.IDfGroup;
import com.documentum.fc.client.IDfQuery;
import com.documentum.fc.client.IDfSession;
import com.documentum.fc.client.IDfSessionManager;
import com.documentum.fc.client.search.impl.ecis.ECISConstants;
import com.documentum.fc.common.DfException;
import com.documentum.services.config.IConfigElement;
import com.documentum.services.config.IConfigLookup;
import com.documentum.services.config.IConfigService;
import com.documentum.services.config.IConfigServiceConsumer;
import com.documentum.services.config.IContext;
import com.documentum.services.config.IRoleModelAdaptor;
import com.documentum.services.config.common.Context;
import com.documentum.services.config.util.DocbaseUtils;
import com.documentum.services.config.util.ServerUtil;
import com.documentum.services.config.util.Trace;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:WEB-INF/lib/configservice-impl.jar:com/documentum/services/config/role/DocbaseRoleModel.class */
public class DocbaseRoleModel implements IRoleModelAdaptor, IConfigServiceConsumer {
    private static ClientCapabilityRoleModel s_clientCapabilityRoleModel;
    private static final String ROLE_QUALIFIER_CLASS_STRING = "group_class";
    private static final String ROLE_QUALIFIER_CLASSES = "application.rolemodel.groupclasses";
    private static final String ROLE = "role";
    private static final String ROLES_PRECEDENCE = "application.rolemodel.rolesprecedence";
    private static Hashtable s_rolesOfUserCache = new Hashtable(4001);
    private static Map s_aliasRolesCache = null;
    private static Boolean s_bClientCapabilityRollbackEnabled = null;
    private static List g_additionalRoleQualifierClasses = null;
    private static IConfigService m_configService = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/configservice-impl.jar:com/documentum/services/config/role/DocbaseRoleModel$RolesOfUser.class */
    public static class RolesOfUser {
        private String m_strUserName;
        private String m_strDocbaseName;
        private String m_strPrimaryRole = null;
        private String[] m_roles = null;
        private Map m_rolesPrecedence = new HashMap(7);
        private boolean m_initialized = false;
        private static HashMap s_activeDomainCache = new HashMap();
        private static Map s_superRolesOfRoleCache = new HashMap(101);

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:WEB-INF/lib/configservice-impl.jar:com/documentum/services/config/role/DocbaseRoleModel$RolesOfUser$RoleComparator.class */
        public static class RoleComparator implements Comparator {
            private Map m_precidenceOfRoles;

            RoleComparator(Map map) {
                this.m_precidenceOfRoles = map;
            }

            @Override // java.util.Comparator
            public int compare(Object obj, Object obj2) {
                String str = (String) obj;
                String str2 = (String) obj2;
                int intValue = ((Integer) this.m_precidenceOfRoles.get(str)).intValue();
                int intValue2 = ((Integer) this.m_precidenceOfRoles.get(str2)).intValue();
                return intValue == intValue2 ? str.compareTo(str2) : intValue < intValue2 ? 1 : -1;
            }

            @Override // java.util.Comparator
            public boolean equals(Object obj) {
                return false;
            }

            public int hashCode() {
                return 0;
            }
        }

        public RolesOfUser(String str, String str2, String str3) {
            this.m_strUserName = null;
            this.m_strDocbaseName = null;
            DocbaseRoleModel.s_rolesOfUserCache.put(str3, this);
            this.m_strUserName = str;
            this.m_strDocbaseName = str2;
            ArrayList arrayList = new ArrayList();
            boolean z = false;
            if (ServerUtil.compareDocbaseVersion(5, 0, DocbaseRoleModel.m_configService.getDocbaseContext().getCurrentDfSession())) {
                addGroupBasedRoles(arrayList);
                addClientCapabilityRoleAliases(arrayList);
                z = containsClientCapabilityRoles(arrayList);
            }
            if (arrayList.isEmpty() || (DocbaseRoleModel.access$500() && !z)) {
                addClientCapabilityRoles(arrayList);
            }
            applyCustomRolesPrecedence(arrayList);
            setProperties(arrayList);
        }

        public String getPrimaryRole() {
            return this.m_strPrimaryRole;
        }

        public String getSuperRole(String str) {
            return (String) this.m_rolesPrecedence.get(str);
        }

        public boolean hasRole(String str) {
            return this.m_rolesPrecedence.containsKey(str);
        }

        public String[] getAllRoles() {
            return this.m_roles;
        }

        private void applyCustomRolesPrecedence(List<String> list) {
            List<String> customRolesPrecedence = getCustomRolesPrecedence();
            if (customRolesPrecedence == null || customRolesPrecedence.isEmpty() || list.isEmpty()) {
                return;
            }
            if (Trace.ROLESERVICE) {
                StringBuilder sb = new StringBuilder(100);
                sb.append("DocbaseRoleModel - original user roles: ");
                Iterator<String> it = list.iterator();
                while (it.hasNext()) {
                    sb.append(it.next()).append(ECISConstants.CUSTOM_ATTRS_SEPARATORS);
                }
                Trace.println(this, sb.toString());
                StringBuilder sb2 = new StringBuilder(100);
                sb2.append("apply the custom roles precedence setting: ");
                Iterator<String> it2 = customRolesPrecedence.iterator();
                while (it2.hasNext()) {
                    sb2.append(it2.next()).append(ECISConstants.CUSTOM_ATTRS_SEPARATORS);
                }
                Trace.println(this, sb2.toString());
            }
            HashMap hashMap = new HashMap(13);
            int size = list.size() - 1;
            Iterator<String> it3 = list.iterator();
            while (it3.hasNext()) {
                hashMap.put(it3.next(), new Integer(size));
                size--;
            }
            int size2 = (list.size() + customRolesPrecedence.size()) - 1;
            Iterator<String> it4 = customRolesPrecedence.iterator();
            while (it4.hasNext()) {
                hashMap.put(it4.next(), new Integer(size2));
                size2--;
            }
            Collections.sort(list, new RoleComparator(hashMap));
        }

        private void setProperties(List list) {
            if (list.size() > 0) {
                this.m_strPrimaryRole = (String) list.get(0);
            }
            for (int i = 0; i < list.size(); i++) {
                String str = (String) list.get(i);
                String str2 = null;
                if (i + 1 < list.size()) {
                    str2 = (String) list.get(i + 1);
                }
                this.m_rolesPrecedence.put(str, str2);
            }
            this.m_roles = (String[]) list.toArray(new String[list.size()]);
            if (Trace.ROLESERVICE) {
                StringBuffer stringBuffer = new StringBuffer(100);
                String activeDomain = getActiveDomain();
                if (activeDomain == null || activeDomain.length() == 0) {
                    activeDomain = "all";
                }
                stringBuffer.append("DocbaseRoleModel - caching roles for User: '");
                stringBuffer.append(this.m_strUserName);
                stringBuffer.append("', Docbase: '");
                stringBuffer.append(this.m_strDocbaseName);
                stringBuffer.append("', Domain: '");
                stringBuffer.append(activeDomain);
                stringBuffer.append("', ClientCapabilityFallbackEnabled: '");
                stringBuffer.append(Boolean.toString(DocbaseRoleModel.access$500()));
                stringBuffer.append("', Roles (in order of precedence): ");
                if (list == null || list.size() <= 0) {
                    stringBuffer.append("none");
                } else {
                    for (int i2 = 0; i2 < list.size(); i2++) {
                        if (i2 > 0) {
                            stringBuffer.append(ECISConstants.CUSTOM_ATTRS_SEPARATORS);
                        }
                        String str3 = (String) list.get(i2);
                        stringBuffer.append("'");
                        stringBuffer.append(str3);
                        stringBuffer.append("'");
                    }
                }
                Trace.println(this, stringBuffer.toString());
            }
        }

        private void addGroupBasedRoles(List list) {
            List<String> executeQuery = executeQuery(getUserRolesQuery(this.m_strUserName), "group_name");
            if (executeQuery == null || executeQuery.size() <= 0) {
                return;
            }
            if (executeQuery.size() > 1) {
                sortRolesByStructure(executeQuery);
            }
            list.addAll(executeQuery);
        }

        private String getUserRolesQuery(String str) {
            List additionalClassesForRoleQualifier = getAdditionalClassesForRoleQualifier();
            StringBuilder sb = new StringBuilder(256);
            sb.append("select group_name, i_all_users_names from dm_group where ( group_class='role'");
            Iterator it = additionalClassesForRoleQualifier.iterator();
            while (it.hasNext()) {
                sb.append(" or group_class='");
                sb.append(it.next());
                sb.append("'");
            }
            sb.append(" )");
            sb.append(" and any i_all_users_names='");
            sb.append(quote(str));
            sb.append('\'');
            String activeDomain = getActiveDomain();
            if (activeDomain != null && activeDomain.length() > 0) {
                sb.append(" and any i_supergroups_names ='");
                sb.append(activeDomain);
                sb.append('\'');
            }
            return sb.toString();
        }

        public static String quote(String str) {
            char[] charArray = str.toCharArray();
            StringBuffer stringBuffer = new StringBuffer(charArray.length + 16);
            for (int i = 0; i < charArray.length; i++) {
                if (charArray[i] == '\'') {
                    stringBuffer.append('\'');
                }
                stringBuffer.append(charArray[i]);
            }
            return stringBuffer.toString();
        }

        private static synchronized List getAdditionalClassesForRoleQualifier() {
            if (DocbaseRoleModel.g_additionalRoleQualifierClasses == null) {
                IConfigElement lookupElement = DocbaseRoleModel.m_configService.getConfigLookup().lookupElement(DocbaseRoleModel.ROLE_QUALIFIER_CLASSES, new Context());
                List unused = DocbaseRoleModel.g_additionalRoleQualifierClasses = new ArrayList();
                if (lookupElement != null) {
                    Iterator<IConfigElement> childElements = lookupElement.getChildElements(DocbaseRoleModel.ROLE_QUALIFIER_CLASS_STRING);
                    while (childElements.hasNext()) {
                        DocbaseRoleModel.g_additionalRoleQualifierClasses.add(childElements.next().getValue());
                    }
                }
            }
            return DocbaseRoleModel.g_additionalRoleQualifierClasses;
        }

        private List<String> getDefaultCustomRolesPrecedence() {
            IConfigElement lookupElement = DocbaseRoleModel.m_configService.getConfigLookup().lookupElement(DocbaseRoleModel.ROLES_PRECEDENCE, Context.getApplicationContext());
            ArrayList arrayList = null;
            if (lookupElement != null) {
                Iterator<IConfigElement> childElements = lookupElement.getChildElements(DocbaseRoleModel.ROLE);
                while (childElements.hasNext()) {
                    String value = childElements.next().getValue();
                    if (value != null && value.length() > 0) {
                        if (arrayList == null) {
                            arrayList = new ArrayList();
                        }
                        arrayList.add(value);
                    }
                }
            }
            return arrayList;
        }

        private List<String> getCustomRolesPrecedence() {
            return getDefaultCustomRolesPrecedence();
        }

        private void sortRolesByStructure(List list) {
            HashMap hashMap = new HashMap(13);
            for (int i = 0; i < list.size(); i++) {
                String str = (String) list.get(i);
                hashMap.put(str, new Integer(getSuperRoles(str).size()));
            }
            Collections.sort(list, new RoleComparator(hashMap));
        }

        private Set getSuperRoles(String str) {
            Set set;
            StringBuilder sb = new StringBuilder(200);
            sb.append(this.m_strDocbaseName);
            sb.append(':');
            sb.append(str);
            String sb2 = sb.toString();
            synchronized (DocbaseRoleModel.class) {
                set = (Set) s_superRolesOfRoleCache.get(sb2);
                if (set == null) {
                    List additionalClassesForRoleQualifier = getAdditionalClassesForRoleQualifier();
                    StringBuilder sb3 = new StringBuilder(200);
                    sb3.append("select i_supergroups_names from dm_group where ( group_class='role'");
                    Iterator it = additionalClassesForRoleQualifier.iterator();
                    while (it.hasNext()) {
                        sb3.append(" or group_class='");
                        sb3.append(it.next());
                        sb3.append("'");
                    }
                    sb3.append(" ) ");
                    sb3.append("and group_name='");
                    sb3.append(str);
                    sb3.append("'");
                    List<String> executeQuery = executeQuery(sb3.toString(), "i_supergroups_names");
                    set = new HashSet(7);
                    for (int i = 0; i < executeQuery.size(); i++) {
                        String str2 = executeQuery.get(i);
                        if (str2 != null && !str2.equals(str)) {
                            set.add(str2);
                        }
                    }
                    s_superRolesOfRoleCache.put(sb2, set);
                }
            }
            return set;
        }

        /* JADX WARN: Finally extract failed */
        private List<String> executeQuery(String str, String str2) {
            ArrayList arrayList = new ArrayList(10);
            IDfSessionManager iDfSessionManager = null;
            IDfSession iDfSession = null;
            IDfCollection iDfCollection = null;
            try {
                try {
                    IDfQuery query = DocbaseUtils.getClientX().getQuery();
                    query.setDQL(str);
                    iDfSession = DocbaseRoleModel.m_configService.getDocbaseContext().getDfSession(this.m_strDocbaseName);
                    iDfSessionManager = iDfSession.getSessionManager();
                    iDfCollection = query.execute(iDfSession, 0);
                    while (iDfCollection.next()) {
                        arrayList.add(iDfCollection.getString(str2));
                    }
                    if (iDfCollection != null) {
                        try {
                            try {
                                iDfCollection.close();
                            } catch (DfException e) {
                                throw new RuntimeException("Failed to close collection", e);
                            }
                        } finally {
                            if (iDfSession != null) {
                                iDfSessionManager.release(iDfSession);
                            }
                        }
                    }
                    return arrayList;
                } catch (DfException e2) {
                    throw new RuntimeException("Failed to execute the query", e2);
                }
            } catch (Throwable th) {
                if (iDfCollection != null) {
                    try {
                        try {
                            iDfCollection.close();
                        } catch (DfException e3) {
                            throw new RuntimeException("Failed to close collection", e3);
                        }
                    } catch (Throwable th2) {
                        if (iDfSession != null) {
                            iDfSessionManager.release(iDfSession);
                        }
                        throw th2;
                    }
                }
                if (iDfSession != null) {
                    iDfSessionManager.release(iDfSession);
                }
                throw th;
            }
        }

        protected String getActiveDomain() {
            String str = null;
            String domain = RoleService.getDomain();
            if (domain != null && domain.length() > 0) {
                String currentDocbaseName = DocbaseRoleModel.m_configService.getDocbaseContext().getCurrentDocbaseName();
                synchronized (DocbaseRoleModel.class) {
                    if (s_activeDomainCache.containsKey(currentDocbaseName)) {
                        str = (String) s_activeDomainCache.get(currentDocbaseName);
                    } else {
                        try {
                            IDfGroup group = DocbaseRoleModel.m_configService.getDocbaseContext().getCurrentDfSession().getGroup(domain);
                            if (group != null) {
                                group.fetch(null);
                                String string = group.getString(DocbaseRoleModel.ROLE_QUALIFIER_CLASS_STRING);
                                if (string != null) {
                                    if (string.equals("domain")) {
                                        str = domain;
                                    }
                                }
                            }
                        } catch (DfException e) {
                        }
                        s_activeDomainCache.put(currentDocbaseName, str);
                    }
                }
            }
            return str;
        }

        private void addClientCapabilityRoles(List list) {
            Trace.suspendTracing();
            String userRole = DocbaseRoleModel.s_clientCapabilityRoleModel.getUserRole(this.m_strUserName);
            while (true) {
                String str = userRole;
                if (str == null) {
                    Trace.resumeTracing();
                    return;
                } else {
                    list.add(str);
                    userRole = DocbaseRoleModel.s_clientCapabilityRoleModel.getParentRole(this.m_strUserName, str);
                }
            }
        }

        private void addClientCapabilityRoleAliases(List list) {
            boolean access$500 = DocbaseRoleModel.access$500();
            if (!access$500) {
                int i = 0;
                while (true) {
                    if (i >= list.size()) {
                        break;
                    }
                    if (DocbaseRoleModel.getClientCapabilityAlias((String) list.get(i)) != null) {
                        access$500 = true;
                        break;
                    }
                    i++;
                }
            }
            for (int size = list.size() - 1; size >= 0; size--) {
                String str = (String) list.get(size);
                String[] strArr = null;
                if (!isClientCapabilityRole(str)) {
                    String clientCapabilityAlias = DocbaseRoleModel.getClientCapabilityAlias(str);
                    if (clientCapabilityAlias != null) {
                        strArr = getClientCapabilityRoleHierarchy(clientCapabilityAlias);
                    }
                } else if (access$500) {
                    strArr = getClientCapabilityRoleHierarchy(str);
                }
                if (strArr != null) {
                    for (int length = strArr.length - 1; length >= 0; length--) {
                        String str2 = strArr[length];
                        if (!list.contains(str2)) {
                            list.add(size + 1, str2);
                        }
                    }
                }
            }
        }

        private boolean containsClientCapabilityRoles(List list) {
            return list.contains("consumer") || list.contains("contributor") || list.contains("coordinator") || list.contains("administrator");
        }

        private boolean isClientCapabilityRole(String str) {
            return str.equals("consumer") || str.equals("contributor") || str.equals("coordinator") || str.equals("administrator");
        }

        private String[] getClientCapabilityRoleHierarchy(String str) {
            if (str.equals("administrator")) {
                return new String[]{"administrator", "coordinator", "contributor", "consumer"};
            }
            if (str.equals("coordinator")) {
                return new String[]{"coordinator", "contributor", "consumer"};
            }
            if (str.equals("contributor")) {
                return new String[]{"contributor", "consumer"};
            }
            if (str.equals("consumer")) {
                return new String[]{"consumer"};
            }
            return null;
        }
    }

    public DocbaseRoleModel() {
        s_clientCapabilityRoleModel = new ClientCapabilityRoleModel();
        Thread thread = new Thread(new Runnable() { // from class: com.documentum.services.config.role.DocbaseRoleModel.1
            @Override // java.lang.Runnable
            public void run() {
                while (true) {
                    try {
                        Thread.sleep(600000L);
                    } catch (InterruptedException e) {
                    }
                    DocbaseRoleModel.this.refresh();
                }
            }
        });
        thread.setDaemon(true);
        thread.start();
    }

    @Override // com.documentum.services.config.IRoleModelAdaptor
    public void refresh() {
        if (Trace.ROLESERVICE) {
            Trace.println(this, "DocbaseRoleModel - clearing role caches");
        }
        synchronized (DocbaseRoleModel.class) {
            s_aliasRolesCache = null;
            s_bClientCapabilityRollbackEnabled = null;
            s_clientCapabilityRoleModel.refresh();
            if (s_rolesOfUserCache != null) {
                s_rolesOfUserCache.clear();
            }
            if (RolesOfUser.s_superRolesOfRoleCache != null) {
                RolesOfUser.s_superRolesOfRoleCache.clear();
            }
            if (RolesOfUser.s_activeDomainCache != null) {
                RolesOfUser.s_activeDomainCache.clear();
            }
        }
    }

    @Override // com.documentum.services.config.IRoleModelAdaptor
    public String getUserRole(String str) {
        String str2 = null;
        RolesOfUser rolesOfUser = getRolesOfUser(str);
        if (rolesOfUser != null) {
            str2 = rolesOfUser.getPrimaryRole();
        }
        return str2;
    }

    @Override // com.documentum.services.config.IRoleModelAdaptor
    public boolean isUserAssignedRole(String str, String str2, IContext iContext) {
        boolean z = false;
        RolesOfUser rolesOfUser = getRolesOfUser(str);
        if (rolesOfUser != null) {
            z = rolesOfUser.hasRole(str2);
        }
        return z;
    }

    @Override // com.documentum.services.config.IRoleModelAdaptor
    public String[] getUserRoles(String str) {
        String[] strArr = null;
        RolesOfUser rolesOfUser = getRolesOfUser(str);
        if (rolesOfUser != null) {
            strArr = rolesOfUser.getAllRoles();
        }
        return strArr;
    }

    @Override // com.documentum.services.config.IRoleModelAdaptor
    public String getParentRole(String str, String str2) {
        String str3 = null;
        RolesOfUser rolesOfUser = getRolesOfUser(str);
        if (rolesOfUser != null) {
            str3 = rolesOfUser.getSuperRole(str2);
        }
        return str3;
    }

    @Override // com.documentum.services.config.IConfigServiceConsumer
    public void setConfigService(IConfigService iConfigService) {
        m_configService = iConfigService;
        s_clientCapabilityRoleModel.setConfigService(iConfigService);
    }

    private static RolesOfUser getRolesOfUser(String str) {
        RolesOfUser rolesOfUser;
        String currentDocbaseName = m_configService.getDocbaseContext().getCurrentDocbaseName();
        StringBuilder sb = new StringBuilder(80);
        sb.append(currentDocbaseName);
        sb.append(':');
        sb.append(str);
        String intern = sb.toString().intern();
        synchronized (intern) {
            rolesOfUser = (RolesOfUser) s_rolesOfUserCache.get(intern);
            if (rolesOfUser == null) {
                try {
                    rolesOfUser = new RolesOfUser(str, currentDocbaseName, intern);
                    rolesOfUser.m_initialized = true;
                } catch (Exception e) {
                    throw new RuntimeException("An error occurred while retrieving roles for user: " + intern, e);
                }
            }
        }
        if (rolesOfUser.m_initialized) {
            return rolesOfUser;
        }
        return null;
    }

    private static synchronized boolean isClientCapabilityFallbackEnabled() {
        if (s_bClientCapabilityRollbackEnabled == null) {
            String lookupString = m_configService.getConfigLookup().lookupString("application.rolemodel.client_capability_fallback_enabled", Context.getApplicationContext());
            s_bClientCapabilityRollbackEnabled = Boolean.valueOf(lookupString == null || !lookupString.equalsIgnoreCase("false"));
        }
        return s_bClientCapabilityRollbackEnabled.booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static synchronized String getClientCapabilityAlias(String str) {
        if (s_aliasRolesCache == null) {
            s_aliasRolesCache = new HashMap(27);
            IConfigLookup configLookup = m_configService.getConfigLookup();
            for (String str2 : new String[]{"consumer", "contributor", "coordinator", "administrator"}) {
                IConfigElement lookupElement = configLookup.lookupElement("application.rolemodel.client_capability_aliases." + str2 + "_roles", Context.getApplicationContext());
                if (lookupElement != null) {
                    Iterator<IConfigElement> childElements = lookupElement.getChildElements(ROLE);
                    while (childElements != null && childElements.hasNext()) {
                        String value = childElements.next().getValue();
                        if (value != null && value.length() > 0) {
                            s_aliasRolesCache.put(value, str2);
                        }
                    }
                }
            }
        }
        return (String) s_aliasRolesCache.get(str);
    }

    static /* synthetic */ boolean access$500() {
        return isClientCapabilityFallbackEnabled();
    }
}
