package org.apache.directory.fortress.core.impl;

import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.fortress.core.FinderException;
import org.apache.directory.fortress.core.GlobalErrIds;
import org.apache.directory.fortress.core.RemoveException;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.model.AdminRole;
import org.apache.directory.fortress.core.model.Graphable;
import org.apache.directory.fortress.core.model.OrgUnit;
import org.apache.directory.fortress.core.model.UserAdminRole;
import org.apache.directory.fortress.core.util.ConstraintValidator;
import org.apache.directory.fortress.core.util.VUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/fortress-core-2.0.5.jar:org/apache/directory/fortress/core/impl/AdminRoleP.class */
public final class AdminRoleP {
    private AdminRoleDAO rDao = new AdminRoleDAO();
    private OrgUnitP op = new OrgUnitP();
    private static final String CLS_NM = AdminRoleP.class.getName();
    private static final Logger LOG = LoggerFactory.getLogger(CLS_NM);
    private static final ConstraintValidator constraintValidator = VUtil.getConstraintValidator();

    /* JADX INFO: Access modifiers changed from: package-private */
    public AdminRole read(AdminRole adminRole) throws SecurityException {
        return this.rDao.getRole(adminRole);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<AdminRole> search(AdminRole adminRole) throws SecurityException {
        return this.rDao.findRoles(adminRole);
    }

    List<String> search(AdminRole adminRole, int i) throws SecurityException {
        return this.rDao.findRoles(adminRole, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<Graphable> getAllDescendants(String str) throws SecurityException {
        return this.rDao.getAllDescendants(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AdminRole add(AdminRole adminRole) throws SecurityException {
        validate(adminRole);
        return this.rDao.create(adminRole);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AdminRole update(AdminRole adminRole) throws SecurityException {
        validate(adminRole);
        return read(this.rDao.update(adminRole));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteParent(AdminRole adminRole) throws SecurityException {
        validate(adminRole);
        this.rDao.deleteParent(adminRole);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AdminRole assign(AdminRole adminRole, String str) throws SecurityException {
        return this.rDao.assign(adminRole, str);
    }

    void addOccupant(List<UserAdminRole> list, String str, String str2) throws SecurityException {
        if (CollectionUtils.isNotEmpty(list)) {
            Iterator<UserAdminRole> it = list.iterator();
            while (it.hasNext()) {
                AdminRole adminRole = new AdminRole(it.next().getName());
                adminRole.setContextId(str2);
                assign(adminRole, str);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeOccupant(String str, String str2) throws SecurityException {
        try {
            Iterator<String> it = this.rDao.findAssignedRoles(str, str2).iterator();
            while (it.hasNext()) {
                AdminRole adminRole = new AdminRole(it.next());
                adminRole.setContextId(str2);
                deassign(adminRole, str);
            }
        } catch (FinderException e) {
            throw new SecurityException(GlobalErrIds.ARLE_REMOVE_OCCUPANT_FAILED, "removeOccupant userDn [" + str + "] caught FinderException=" + e, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AdminRole deassign(AdminRole adminRole, String str) throws SecurityException {
        return this.rDao.deassign(adminRole, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void delete(AdminRole adminRole) throws SecurityException {
        try {
            this.rDao.remove(adminRole);
        } catch (RemoveException e) {
            String str = "delete name [" + adminRole.getName() + "] caught RemoveException=" + e;
            LOG.error(str);
            throw new SecurityException(GlobalErrIds.ARLE_DELETE_FAILED, str, e);
        }
    }

    private void validate(AdminRole adminRole) throws SecurityException {
        VUtil.safeText(adminRole.getName(), 40);
        if (StringUtils.isNotEmpty(adminRole.getBeginRange()) && StringUtils.isNotEmpty(adminRole.getEndRange())) {
            VUtil.safeText(adminRole.getBeginRange(), 40);
            VUtil.safeText(adminRole.getEndRange(), 40);
            if (adminRole.getBeginRange().equalsIgnoreCase(adminRole.getEndRange()) && (!adminRole.isBeginInclusive() || !adminRole.isEndInclusive())) {
                String str = "validate invalid range detected for role name [" + adminRole.getName() + "] non inclusive endpoint for identical range [" + adminRole.getBeginRange() + "] begin inclusive [" + adminRole.isBeginInclusive() + "] end inclusive [" + adminRole.isEndInclusive() + "]";
                LOG.warn(str);
                throw new SecurityException(GlobalErrIds.ARLE_INVLD_RANGE_INCLUSIVE, str);
            }
            if (!RoleUtil.getInstance().isParent(adminRole.getBeginRange(), adminRole.getEndRange(), adminRole.getContextId()) && !adminRole.getBeginRange().equalsIgnoreCase(adminRole.getEndRange())) {
                String str2 = "validate invalid range detected for role name [" + adminRole.getName() + "] begin range [" + adminRole.getBeginRange() + "] end range [" + adminRole.getEndRange() + "]";
                LOG.warn(str2);
                throw new SecurityException(GlobalErrIds.ARLE_INVLD_RANGE, str2);
            }
        } else {
            if (StringUtils.isEmpty(adminRole.getBeginRange()) && StringUtils.isNotEmpty(adminRole.getEndRange())) {
                String str3 = "validate role name [" + adminRole.getName() + "] begin range value null or empty.";
                LOG.warn(str3);
                throw new SecurityException(9011, str3);
            }
            if (StringUtils.isNotEmpty(adminRole.getBeginRange()) && StringUtils.isEmpty(adminRole.getEndRange())) {
                String str4 = "validate role name [" + adminRole.getName() + "] end range value null or empty.";
                LOG.warn(str4);
                throw new SecurityException(9011, str4);
            }
        }
        if (StringUtils.isNotEmpty(adminRole.getDescription())) {
            VUtil.description(adminRole.getDescription());
        }
        if (adminRole.getTimeout().intValue() >= 0) {
            constraintValidator.timeout(adminRole.getTimeout());
        }
        if (StringUtils.isNotEmpty(adminRole.getBeginTime())) {
            constraintValidator.beginTime(adminRole.getBeginTime());
        }
        if (StringUtils.isNotEmpty(adminRole.getEndTime())) {
            constraintValidator.endTime(adminRole.getEndTime());
        }
        if (StringUtils.isNotEmpty(adminRole.getBeginDate())) {
            constraintValidator.beginDate(adminRole.getBeginDate());
        }
        if (StringUtils.isNotEmpty(adminRole.getEndDate())) {
            constraintValidator.endDate(adminRole.getEndDate());
        }
        if (StringUtils.isNotEmpty(adminRole.getDayMask())) {
            constraintValidator.dayMask(adminRole.getDayMask());
        }
        if (StringUtils.isNotEmpty(adminRole.getBeginLockDate())) {
            constraintValidator.beginDate(adminRole.getBeginDate());
        }
        if (StringUtils.isNotEmpty(adminRole.getEndLockDate())) {
            constraintValidator.endDate(adminRole.getEndLockDate());
        }
        if (CollectionUtils.isNotEmpty(adminRole.getOsUSet())) {
            validateOrgs(adminRole.getOsUSet(), OrgUnit.Type.USER, adminRole.getContextId());
        }
        if (CollectionUtils.isNotEmpty(adminRole.getOsPSet())) {
            validateOrgs(adminRole.getOsPSet(), OrgUnit.Type.PERM, adminRole.getContextId());
        }
    }

    private void validateOrgs(Set<String> set, OrgUnit.Type type, String str) throws SecurityException {
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            OrgUnit orgUnit = new OrgUnit(it.next());
            orgUnit.setType(type);
            orgUnit.setContextId(str);
            this.op.read(orgUnit);
        }
    }
}
