package org.eclipse.stardust.engine.core.runtime.audittrail.management;

import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;
import org.eclipse.stardust.common.CollectionUtils;
import org.eclipse.stardust.common.StringUtils;
import org.eclipse.stardust.common.error.AccessForbiddenException;
import org.eclipse.stardust.engine.api.model.IData;
import org.eclipse.stardust.engine.api.query.BusinessObjectQuery;
import org.eclipse.stardust.engine.api.query.BusinessObjects;
import org.eclipse.stardust.engine.api.runtime.BpmRuntimeError;
import org.eclipse.stardust.engine.api.runtime.BusinessObject;
import org.eclipse.stardust.engine.core.runtime.audittrail.management.BusinessObjectRelationship;
import org.eclipse.stardust.engine.core.runtime.audittrail.management.PropagateAccessEvaluator;
import org.eclipse.stardust.engine.core.runtime.beans.IUser;
import org.eclipse.stardust.engine.core.runtime.beans.interceptors.PropertyLayerProviderInterceptor;
import org.eclipse.stardust.engine.core.runtime.beans.removethis.SecurityProperties;
import org.eclipse.stardust.engine.core.runtime.utils.Authorization2Predicate;
import org.eclipse.stardust.engine.core.runtime.utils.ClientPermission;
import org.eclipse.stardust.engine.core.runtime.utils.DataAuthorization2Predicate;

/* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/core/runtime/audittrail/management/BusinessObjectSecurityUtils.class */
public class BusinessObjectSecurityUtils {
    public static boolean isDepartmentReadAllowed(IData iData, Object obj) {
        Authorization2Predicate authorizationPredicate = PropertyLayerProviderInterceptor.getCurrent().getAuthorizationPredicate();
        if (authorizationPredicate == null) {
            return true;
        }
        return isDepartmentAllowed(iData, obj, authorizationPredicate);
    }

    public static void checkDepartmentModifyAllowed(IData iData, Object obj) {
        Authorization2Predicate authorizationPredicate = PropertyLayerProviderInterceptor.getCurrent().getAuthorizationPredicate();
        if (authorizationPredicate != null) {
            isUnscopedPropagatedAccessAllowed(iData, authorizationPredicate);
            if (isDepartmentAllowed(iData, obj, authorizationPredicate)) {
                return;
            }
            IUser user = SecurityProperties.getUser();
            throw new AccessForbiddenException(BpmRuntimeError.AUTHx_AUTH_MISSING_GRANTS.raise(Long.valueOf(user.getOID()), String.valueOf(ClientPermission.MODIFY_DATA_VALUE), user.getAccount()));
        }
    }

    private static boolean isDepartmentAllowed(IData iData, Object obj, Authorization2Predicate authorization2Predicate) {
        boolean z = false;
        if (authorization2Predicate != null && (authorization2Predicate instanceof DataAuthorization2Predicate)) {
            DataAuthorization2Predicate dataAuthorization2Predicate = (DataAuthorization2Predicate) authorization2Predicate;
            if (authorization2Predicate.accept(iData)) {
                if (obj != null) {
                    z = false | (!dataAuthorization2Predicate.acceptBOValue(iData, obj));
                }
            } else if (dataAuthorization2Predicate.getVisitedDataUnscoped() == null || !dataAuthorization2Predicate.getVisitedDataUnscoped().containsKey(iData)) {
                z = true;
            } else if (obj != null) {
                z = !isPropagatedDepartmentAllowed(iData, obj);
            }
        }
        return !z;
    }

    public static boolean isUnscopedPropagatedAccessAllowed(IData iData, final Authorization2Predicate authorization2Predicate) {
        Boolean cachedUnscopedResult = getCachedUnscopedResult(iData, authorization2Predicate);
        if (cachedUnscopedResult != null) {
            return cachedUnscopedResult.booleanValue();
        }
        Boolean valueOf = Boolean.valueOf(evaluatePropagateAccessFunction(iData, new PropagateAccessEvaluator.IPropagatedAccessEvalFunction<Boolean>() { // from class: org.eclipse.stardust.engine.core.runtime.audittrail.management.BusinessObjectSecurityUtils.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.eclipse.stardust.engine.core.runtime.audittrail.management.PropagateAccessEvaluator.IPropagatedAccessEvalFunction
            public Boolean execute(IData iData2, BusinessObjectRelationship businessObjectRelationship) {
                return Boolean.valueOf(Authorization2Predicate.this.accept(iData2));
            }
        }));
        ((DataAuthorization2Predicate) authorization2Predicate).getVisitedDataUnscoped().put(iData, valueOf);
        return valueOf.booleanValue();
    }

    private static Boolean getCachedUnscopedResult(IData iData, Authorization2Predicate authorization2Predicate) {
        DataAuthorization2Predicate dataAuthorization2Predicate = (DataAuthorization2Predicate) authorization2Predicate;
        Map<IData, Boolean> visitedDataUnscoped = dataAuthorization2Predicate.getVisitedDataUnscoped();
        if (visitedDataUnscoped == null) {
            visitedDataUnscoped = CollectionUtils.newHashMap();
            dataAuthorization2Predicate.setVisitedDataUnscoped(visitedDataUnscoped);
        }
        if (visitedDataUnscoped.containsKey(iData)) {
            return visitedDataUnscoped.get(iData);
        }
        visitedDataUnscoped.put(iData, null);
        return null;
    }

    private static boolean isPropagatedDepartmentAllowed(IData iData, final Object obj) {
        if (isDataAlreadyVisited(iData, obj)) {
            return false;
        }
        return evaluatePropagateAccessFunction(iData, new PropagateAccessEvaluator.IPropagatedAccessEvalFunction<Boolean>() { // from class: org.eclipse.stardust.engine.core.runtime.audittrail.management.BusinessObjectSecurityUtils.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.eclipse.stardust.engine.core.runtime.audittrail.management.PropagateAccessEvaluator.IPropagatedAccessEvalFunction
            public Boolean execute(IData iData2, BusinessObjectRelationship businessObjectRelationship) {
                Map map = null;
                if (obj instanceof Map) {
                    map = (Map) obj;
                }
                Object obj2 = map.get(businessObjectRelationship.otherForeignKeyField);
                BusinessObjectRelationship.BusinessObjectReference businessObjectReference = businessObjectRelationship.otherBusinessObject;
                return BusinessObjectSecurityUtils.isRelatedBusinessObjectAccessible(obj2, new QName(businessObjectReference.modelId, businessObjectReference.id).toString());
            }
        });
    }

    private static boolean isDataAlreadyVisited(IData iData, Object obj) {
        DataAuthorization2Predicate dataAuthorization2Predicate = (DataAuthorization2Predicate) PropertyLayerProviderInterceptor.getCurrent().getAuthorizationPredicate();
        Set<String> visitedData = dataAuthorization2Predicate.getVisitedData();
        if (visitedData == null) {
            visitedData = CollectionUtils.newHashSet();
            dataAuthorization2Predicate.setVisitedData(visitedData);
        }
        String str = iData.getModel().getId() + ":" + iData.getId() + ":" + (obj == null ? "" : obj.toString());
        if (visitedData.contains(str)) {
            return true;
        }
        visitedData.add(str);
        return false;
    }

    private static boolean evaluatePropagateAccessFunction(IData iData, PropagateAccessEvaluator.IPropagatedAccessEvalFunction<Boolean> iPropagatedAccessEvalFunction) {
        return new PropagateAccessEvaluator(iData, iPropagatedAccessEvalFunction).evaluate();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isRelatedBusinessObjectAccessible(Object obj, String str) {
        List<String> singletonList = obj instanceof List ? (List) obj : Collections.singletonList((String) obj);
        if (singletonList == null || singletonList.isEmpty()) {
            return false;
        }
        for (String str2 : singletonList) {
            if (StringUtils.isEmpty(str2)) {
                return false;
            }
            BusinessObjectQuery findWithPrimaryKey = BusinessObjectQuery.findWithPrimaryKey(str, str2);
            findWithPrimaryKey.setPolicy(new BusinessObjectQuery.Policy(BusinessObjectQuery.Option.WITH_VALUES));
            BusinessObjects businessObjects = BusinessObjectUtils.getBusinessObjects(findWithPrimaryKey);
            if (businessObjects != null) {
                Iterator it = businessObjects.iterator();
                while (it.hasNext()) {
                    List<BusinessObject.Value> values = ((BusinessObject) it.next()).getValues();
                    if (values != null && !values.isEmpty()) {
                        return true;
                    }
                }
            }
        }
        return false;
    }
}
