package severe.security.accessControl;

import edrm.licensing.BasicPermission;
import edrm.licensing.License;
import edrm.licensing.Rule;
import java.security.acl.Acl;
import java.security.acl.AclEntry;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import org.apache.jackrabbit.core.security.SecurityConstants;
import severe.data.VersionID;
import severe.security.GroupID;
import severe.security.SecurityException;
import severe.security.SecurityKernel;
import severe.security.UserID;
import severe.security.matcher.Matcher;
import severe.tools.prolog.GenericPrologConnector;
import severe.tools.util.Logger;
import sun.security.acl.AclEntryImpl;
import sun.security.acl.AclImpl;

/* loaded from: input_file:severe/security/accessControl/ACLBasedPDP.class */
public class ACLBasedPDP implements PDP {
    private X500Principal _identity;
    protected Hashtable<String, Acl> _aclList;
    protected SecurityKernel _sk;
    private Matcher _matcher;

    public ACLBasedPDP() {
        this._identity = new X500Principal("CN=Munier, OU=CSySec, O=LIUPPA, C=FR");
        this._aclList = new Hashtable<>();
        this._sk = null;
        this._matcher = new Matcher();
    }

    public ACLBasedPDP(SecurityKernel securityKernel) {
        this();
        this._sk = securityKernel;
    }

    private Acl _createACL(boolean z) {
        AclImpl aclImpl = new AclImpl(this._identity, "severe.security.accessControl.AccessControllerImpl");
        if (z) {
            AclEntryImpl aclEntryImpl = new AclEntryImpl(this._sk.GIDbyName(SecurityConstants.ADMIN_ID));
            for (Permission permission : Permission.valuesCustom()) {
                aclEntryImpl.addPermission(permission);
            }
            try {
                aclImpl.addEntry(this._identity, aclEntryImpl);
            } catch (Exception e) {
                Logger.print("acl.addEntry -> NotOwnerException !!!");
            }
        }
        return aclImpl;
    }

    private void _addPermissionsToACL(Acl acl, GroupID groupID, Collection<Rule> collection) {
        AclEntryImpl aclEntryImpl = new AclEntryImpl(groupID);
        for (Rule rule : collection) {
            if (rule instanceof BasicPermission) {
                for (String str : ((BasicPermission) rule).getActionArray()) {
                    aclEntryImpl.addPermission(Permission.valueOf(str));
                }
            } else {
                Logger.print("rule " + rule + " is not a BasicPermission !");
            }
        }
        try {
            acl.addEntry(this._identity, aclEntryImpl);
        } catch (Exception e) {
            Logger.print("acl.addEntry -> NotOwnerException !!!");
        }
    }

    private void _addOwnerToACL(Acl acl, GroupID groupID) {
        AclEntryImpl aclEntryImpl = new AclEntryImpl(groupID);
        for (Permission permission : Permission.valuesCustom()) {
            aclEntryImpl.addPermission(permission);
        }
        try {
            acl.addEntry(this._identity, aclEntryImpl);
        } catch (Exception e) {
            Logger.print("acl.addEntry -> NotOwnerException !!!");
        }
    }

    private void _copyAclFrom(Acl acl, Acl acl2) {
        Enumeration<AclEntry> entries = acl.entries();
        while (entries.hasMoreElements()) {
            AclEntry nextElement = entries.nextElement();
            AclEntryImpl aclEntryImpl = new AclEntryImpl(nextElement.getPrincipal());
            Enumeration<java.security.acl.Permission> permissions = nextElement.permissions();
            while (permissions.hasMoreElements()) {
                aclEntryImpl.addPermission(permissions.nextElement());
            }
            try {
                acl2.addEntry(this._identity, aclEntryImpl);
            } catch (Exception e) {
                Logger.print("acl.addEntry -> NotOwnerException !!!");
            }
        }
    }

    private String _pathToString(VersionID[] versionIDArr) {
        String str = "";
        for (VersionID versionID : versionIDArr) {
            str = String.valueOf(str) + "/" + versionID.objectId().objectName();
        }
        return str;
    }

    @Override // severe.security.accessControl.PDP
    public void shutdown() {
    }

    @Override // severe.security.accessControl.PDP
    public void checkPermission(VersionID versionID, UserID userID, Permission permission) throws SecurityException {
        if (!holdPermission(versionID, userID, permission)) {
            throw new SecurityException();
        }
    }

    @Override // severe.security.accessControl.PDP
    public Permission[] getPermissions(VersionID versionID, UserID userID) {
        String _pathToString = _pathToString(this._sk.getPath(versionID, "severe.data.RelationshipTree"));
        String firstMatch = this._matcher.getFirstMatch(_pathToString);
        if (firstMatch == null) {
            firstMatch = versionID.objectId().objectName();
        }
        Logger.print("path=\"" + _pathToString + "\" -> pattern=\"" + firstMatch + "\"");
        Acl acl = this._aclList.get(firstMatch);
        if (acl == null) {
            return new Permission[0];
        }
        Vector vector = new Vector();
        Enumeration<java.security.acl.Permission> permissions = acl.getPermissions(userID.groups()[0]);
        while (permissions.hasMoreElements()) {
            vector.add((Permission) permissions.nextElement());
        }
        return (Permission[]) vector.toArray(new Permission[0]);
    }

    @Override // severe.security.accessControl.PDP
    public boolean holdPermission(VersionID versionID, UserID userID, Permission permission) {
        boolean z = false;
        String _pathToString = _pathToString(this._sk.getPath(versionID, "severe.data.RelationshipTree"));
        String firstMatch = this._matcher.getFirstMatch(_pathToString);
        if (firstMatch == null) {
            firstMatch = versionID.objectId().objectName();
        }
        Logger.print("path=\"" + _pathToString + "\" -> pattern=\"" + firstMatch + "\"");
        Acl acl = this._aclList.get(firstMatch);
        if (acl != null) {
            for (int i = 0; !z && i < userID.groups().length; i++) {
                z = acl.checkPermission(userID.groups()[i], permission);
            }
        }
        return z;
    }

    @Override // severe.security.accessControl.PDP
    public void load(UserID userID, License license) {
        Hashtable hashtable = new Hashtable();
        for (Rule rule : license.getRules()) {
            if (rule instanceof BasicPermission) {
                BasicPermission basicPermission = (BasicPermission) rule;
                Collection collection = (Collection) hashtable.get(basicPermission.getName());
                if (collection == null) {
                    collection = new Vector();
                    hashtable.put(basicPermission.getName(), collection);
                }
                collection.add(basicPermission);
            }
        }
        for (String str : hashtable.keySet()) {
            Acl _createACL = _createACL(true);
            _addPermissionsToACL(_createACL, userID.groups()[0], (Collection) hashtable.get(str));
            this._aclList.put(str, _createACL);
            this._matcher.addPattern(str, str);
        }
    }

    public Vector toProlog(GenericPrologConnector genericPrologConnector) {
        return new Vector();
    }

    public void grantFullAccess(VersionID versionID, UserID userID) {
        Acl acl = this._aclList.get(versionID.objectId().objectName());
        if (acl == null) {
            acl = _createACL(true);
            this._aclList.put(versionID.objectId().objectName(), acl);
        }
        _addOwnerToACL(acl, userID.groups()[0]);
    }

    public static void main(String[] strArr) {
    }
}
