package org.jboss.portal.cms.impl.interceptors;

import java.io.ByteArrayInputStream;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.log4j.Logger;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.Transaction;
import org.jboss.portal.cms.CMSException;
import org.jboss.portal.cms.CMSInterceptor;
import org.jboss.portal.cms.impl.jcr.JCRCMS;
import org.jboss.portal.cms.impl.jcr.JCRCommand;
import org.jboss.portal.cms.impl.jcr.command.SearchCommand;
import org.jboss.portal.cms.model.File;
import org.jboss.portal.cms.model.Folder;
import org.jboss.portal.cms.security.AuthorizationManager;
import org.jboss.portal.cms.security.CMSPermission;
import org.jboss.portal.cms.security.Criteria;
import org.jboss.portal.cms.security.PermRoleAssoc;
import org.jboss.portal.cms.security.Permission;
import org.jboss.portal.cms.security.PortalCMSSecurityContext;
import org.jboss.portal.cms.util.HibernateUtil;
import org.jboss.portal.common.invocation.InvocationException;
import org.jboss.portal.identity.IdentityException;
import org.jboss.portal.identity.Role;
import org.jboss.portal.identity.RoleModule;
import org.jboss.portal.identity.User;
import org.jboss.portal.jems.as.JNDI;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/jboss/portal/cms/impl/interceptors/ACLInterceptor.class */
public class ACLInterceptor extends CMSInterceptor {
    private String defaultPolicy = null;
    private RoleModule roleModule = null;
    private String jndiName = null;
    private JNDI.Binding jndiBinding = null;
    private AuthorizationManager authorizationManager = null;
    private String cmsSessionFactory = null;
    private String identitySessionFactory = null;
    private static Logger log = Logger.getLogger(ACLInterceptor.class);
    private static ThreadLocal turnOff = new ThreadLocal();

    public AuthorizationManager getAuthorizationManager() {
        return this.authorizationManager;
    }

    public void setAuthorizationManager(AuthorizationManager authorizationManager) {
        this.authorizationManager = authorizationManager;
    }

    public String getDefaultPolicy() {
        return this.defaultPolicy;
    }

    public void setDefaultPolicy(String str) {
        this.defaultPolicy = str;
    }

    public RoleModule getRoleModule() {
        return this.roleModule;
    }

    public void setRoleModule(RoleModule roleModule) {
        this.roleModule = roleModule;
    }

    public String getJNDIName() {
        return this.jndiName;
    }

    public void setJNDIName(String str) {
        this.jndiName = str;
    }

    public String getIdentitySessionFactory() {
        return this.identitySessionFactory;
    }

    public void setIdentitySessionFactory(String str) {
        this.identitySessionFactory = str;
    }

    public String getCmsSessionFactory() {
        return this.cmsSessionFactory;
    }

    public void setCmsSessionFactory(String str) {
        this.cmsSessionFactory = str;
    }

    public static void turnOff() {
        turnOff.set(new Boolean(true));
    }

    public static void turnOn() {
        turnOff.set(null);
    }

    public void start() throws Exception {
        log.info("AuthorizationManager initialized=" + this.authorizationManager);
        if (this.jndiName != null) {
            this.jndiBinding = new JNDI.Binding(this.jndiName, this);
            this.jndiBinding.bind();
        }
        try {
            this.roleModule = (RoleModule) new InitialContext().lookup("java:portal/RoleModule");
            if (isBootRequired()) {
                initBootPolicy();
            }
        } catch (NamingException e) {
            log.error("Cannot obtain RoleModule from JNDI: ", e);
            throw e;
        }
    }

    public void stop() throws Exception {
        if (this.jndiBinding != null) {
            this.jndiBinding.unbind();
            this.jndiBinding = null;
        }
    }

    @Override // org.jboss.portal.cms.CMSInterceptor
    protected Object invoke(JCRCommand jCRCommand) throws Exception, InvocationException {
        if (turnOff.get() != null) {
            return jCRCommand.invokeNext();
        }
        User user = (User) JCRCMS.getUserInfo().get();
        PortalCMSSecurityContext portalCMSSecurityContext = new PortalCMSSecurityContext(user);
        portalCMSSecurityContext.setAttribute("command", jCRCommand);
        if (this.authorizationManager.checkPermission(new CMSPermission(portalCMSSecurityContext))) {
            return applyFilter(jCRCommand.invokeNext(), portalCMSSecurityContext);
        }
        log.debug("Unauthorized command (" + jCRCommand + ") for user: " + (user == null ? AuthorizationManager.Anonymous : user.getUserName()));
        throw new CMSException("Access to this resource is denied");
    }

    private Object applyFilter(Object obj, PortalCMSSecurityContext portalCMSSecurityContext) {
        Object obj2 = obj;
        JCRCommand jCRCommand = (JCRCommand) portalCMSSecurityContext.getAttribute("command");
        try {
            if (JCRCMS.isUISecurityFilterActive() && (obj2 instanceof Folder)) {
                Folder folder = (Folder) obj2;
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                portalCMSSecurityContext.removeAttribute("command");
                if (folder.getFolders() != null) {
                    for (Folder folder2 : folder.getFolders()) {
                        portalCMSSecurityContext.setAttribute("applyFilter", folder2.getBasePath());
                        portalCMSSecurityContext.setAttribute("isFolder", Boolean.TRUE);
                        if (this.authorizationManager.checkPermission(new CMSPermission(portalCMSSecurityContext))) {
                            arrayList.add(folder2);
                        }
                    }
                }
                if (folder.getFiles() != null) {
                    for (File file : folder.getFiles()) {
                        portalCMSSecurityContext.setAttribute("applyFilter", file.getBasePath());
                        portalCMSSecurityContext.setAttribute("isFolder", Boolean.FALSE);
                        if (this.authorizationManager.checkPermission(new CMSPermission(portalCMSSecurityContext))) {
                            arrayList2.add(file);
                        }
                    }
                }
                folder.setFolders(arrayList);
                folder.setFiles(arrayList2);
            }
            if ((obj2 instanceof List) && (jCRCommand instanceof SearchCommand)) {
                ArrayList arrayList3 = new ArrayList();
                for (File file2 : (List) obj2) {
                    portalCMSSecurityContext.setAttribute("path", file2.getBasePath());
                    if (this.authorizationManager.checkPermission(new CMSPermission(portalCMSSecurityContext))) {
                        arrayList3.add(file2);
                    }
                }
                obj2 = arrayList3;
            }
            return obj2;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void initBootPolicy() throws Exception {
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            byteArrayInputStream = new ByteArrayInputStream(this.defaultPolicy.getBytes());
            NodeList elementsByTagName = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(byteArrayInputStream).getElementsByTagName("criteria");
            if (elementsByTagName != null) {
                for (int i = 0; i < elementsByTagName.getLength(); i++) {
                    Element element = (Element) elementsByTagName.item(i);
                    String attribute = element.getAttribute("name");
                    String attribute2 = element.getAttribute("value");
                    NodeList elementsByTagName2 = element.getElementsByTagName("permission");
                    if (elementsByTagName2 != null) {
                        Session session = null;
                        Transaction transaction = null;
                        Collection<Permission> parseDefaultPermissions = parseDefaultPermissions(elementsByTagName2);
                        try {
                            try {
                                session = HibernateUtil.getSessionFactory(this.cmsSessionFactory).openSession();
                                transaction = session.beginTransaction();
                                for (Permission permission : parseDefaultPermissions) {
                                    permission.addCriteria(new Criteria(attribute, attribute2));
                                    HashSet hashSet = new HashSet();
                                    hashSet.add(permission);
                                    this.authorizationManager.getProvider().setSecurityBindings(null, hashSet);
                                }
                                transaction.commit();
                                if (session != null && session.isOpen()) {
                                    session.close();
                                }
                            } catch (Exception e) {
                                if (transaction != null) {
                                    transaction.rollback();
                                }
                                if (session != null && session.isOpen()) {
                                    session.close();
                                }
                            }
                        } catch (Throwable th) {
                            if (session != null && session.isOpen()) {
                                session.close();
                            }
                            throw th;
                        }
                    }
                }
            }
            if (byteArrayInputStream != null) {
                byteArrayInputStream.close();
            }
        } catch (Throwable th2) {
            if (byteArrayInputStream != null) {
                byteArrayInputStream.close();
            }
            throw th2;
        }
    }

    private Collection parseDefaultPermissions(NodeList nodeList) throws Exception {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < nodeList.getLength(); i++) {
            Element element = (Element) nodeList.item(i);
            Permission permission = new Permission(element.getAttribute("name"), element.getAttribute("action"));
            NodeList elementsByTagName = element.getElementsByTagName("role");
            for (int i2 = 0; i2 < elementsByTagName.getLength(); i2++) {
                String attribute = ((Element) elementsByTagName.item(i2)).getAttribute("name");
                Role role = getRole(attribute);
                PermRoleAssoc permRoleAssoc = new PermRoleAssoc();
                if (role != null) {
                    permRoleAssoc.setRoleId(attribute);
                } else {
                    permRoleAssoc.setRoleId(AuthorizationManager.Anonymous);
                }
                permission.addRoleAssoc(permRoleAssoc);
            }
            arrayList.add(permission);
        }
        return arrayList;
    }

    private Role getRole(String str) throws Exception {
        org.hibernate.classic.Session openSession = ((SessionFactory) new InitialContext().lookup(this.identitySessionFactory)).openSession();
        Transaction beginTransaction = openSession.beginTransaction();
        try {
            try {
                Role findRoleByName = this.roleModule.findRoleByName(str);
                beginTransaction.commit();
                if (openSession != null && openSession.isOpen()) {
                    openSession.close();
                }
                return findRoleByName;
            } catch (Exception e) {
                if (beginTransaction != null) {
                    beginTransaction.rollback();
                }
                log.error(this, e);
                throw e;
            } catch (IdentityException e2) {
                if (beginTransaction != null) {
                    beginTransaction.rollback();
                }
                if (openSession != null && openSession.isOpen()) {
                    openSession.close();
                }
                return null;
            }
        } catch (Throwable th) {
            if (openSession != null && openSession.isOpen()) {
                openSession.close();
            }
            throw th;
        }
    }

    private boolean isBootRequired() {
        boolean z = false;
        org.hibernate.classic.Session openSession = HibernateUtil.getSessionFactory(this.cmsSessionFactory).openSession();
        Transaction beginTransaction = openSession.beginTransaction();
        try {
            try {
                if (((Long) openSession.createQuery("select count(permission) from org.jboss.portal.cms.security.Permission as permission").list().get(0)).longValue() <= 0) {
                    z = true;
                }
                beginTransaction.commit();
                if (openSession != null && openSession.isOpen()) {
                    openSession.close();
                }
            } catch (Exception e) {
                if (beginTransaction != null) {
                    beginTransaction.rollback();
                }
                if (openSession != null && openSession.isOpen()) {
                    openSession.close();
                }
            }
            return z;
        } catch (Throwable th) {
            if (openSession != null && openSession.isOpen()) {
                openSession.close();
            }
            throw th;
        }
    }
}
