package org.eclipse.stardust.engine.core.runtime.utils;

import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;
import org.eclipse.stardust.common.CollectionUtils;
import org.eclipse.stardust.common.Pair;
import org.eclipse.stardust.common.StringUtils;
import org.eclipse.stardust.common.config.Parameters;
import org.eclipse.stardust.common.error.InternalException;
import org.eclipse.stardust.common.error.ObjectNotFoundException;
import org.eclipse.stardust.engine.api.model.IActivity;
import org.eclipse.stardust.engine.api.model.IData;
import org.eclipse.stardust.engine.api.model.IModel;
import org.eclipse.stardust.engine.api.model.IModelParticipant;
import org.eclipse.stardust.engine.api.model.IOrganization;
import org.eclipse.stardust.engine.api.model.IProcessDefinition;
import org.eclipse.stardust.engine.api.model.PredefinedConstants;
import org.eclipse.stardust.engine.api.runtime.ActivityInstanceContextAware;
import org.eclipse.stardust.engine.api.runtime.ActivityScope;
import org.eclipse.stardust.engine.api.runtime.BpmRuntimeError;
import org.eclipse.stardust.engine.api.runtime.ModelScope;
import org.eclipse.stardust.engine.api.runtime.Permission;
import org.eclipse.stardust.engine.api.runtime.ProcessScope;
import org.eclipse.stardust.engine.api.runtime.Scope;
import org.eclipse.stardust.engine.api.runtime.Service;
import org.eclipse.stardust.engine.core.compatibility.el.SymbolTable;
import org.eclipse.stardust.engine.core.model.utils.ModelElement;
import org.eclipse.stardust.engine.core.model.utils.ModelElementList;
import org.eclipse.stardust.engine.core.preferences.IPreferenceStorageManager;
import org.eclipse.stardust.engine.core.preferences.PreferenceStorageFactory;
import org.eclipse.stardust.engine.core.preferences.permissions.PermissionUtils;
import org.eclipse.stardust.engine.core.runtime.beans.DataValueBean;
import org.eclipse.stardust.engine.core.runtime.beans.DepartmentBean;
import org.eclipse.stardust.engine.core.runtime.beans.IDataValue;
import org.eclipse.stardust.engine.core.runtime.beans.IDepartment;
import org.eclipse.stardust.engine.core.runtime.beans.ModelManager;
import org.eclipse.stardust.engine.core.runtime.beans.ModelManagerFactory;
import org.eclipse.stardust.engine.core.runtime.beans.UserParticipantLink;
import org.eclipse.stardust.engine.core.runtime.beans.UserUtils;
import org.eclipse.stardust.engine.core.runtime.utils.ExecutionPermission;
import org.eclipse.stardust.engine.core.spi.extensions.model.AccessPoint;
import org.eclipse.stardust.engine.core.spi.extensions.runtime.AccessPathEvaluationContext;
import org.eclipse.stardust.engine.core.spi.extensions.runtime.SpiUtils;

/* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/core/runtime/utils/Authorization2.class */
public class Authorization2 {
    public static final String PREFIX = "authorization:";
    public static final String DENY_PREFIX = "authorization:deny:";
    public static final String ALL = "__carnot_internal_all_permissions__";
    public static final String OWNER = "__carnot_internal_owner_permission__";
    private static final String[] OWNER_SET = {"__carnot_internal_owner_permission__"};

    /* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/core/runtime/utils/Authorization2$GlobalPermissionSpecificService.class */
    interface GlobalPermissionSpecificService extends Service {
        @ExecutionPermission(id = ExecutionPermission.Id.manageAuthorization)
        Permission getManageAuthorizationPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.manageDeputies)
        Permission getManageDeputiesPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.controlProcessEngine)
        Permission getControlProcessEnginePermission();

        @ExecutionPermission(id = ExecutionPermission.Id.deployProcessModel)
        Permission getDeployProcessModelPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.forceSuspend)
        Permission getForceSuspendPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.manageDaemons)
        Permission getManageDaemonsPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.modifyAuditTrail)
        Permission getModifyAuditTrailPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.modifyAuditTrailStatistics)
        Permission getModifyAuditTrailStatisticsPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.modifyDepartments)
        Permission getModifyDepartmentsPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.modifyUserData)
        Permission getModifyUserDataPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.modifyDmsData)
        Permission getModifyDmsDataPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.readAuditTrailStatistics)
        Permission getReadAuditTrailStatisticsPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.createCase)
        Permission getCreateCasePermission();

        @ExecutionPermission(id = ExecutionPermission.Id.readDepartments)
        Permission getReadDepartmentsPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.readModelData)
        Permission getReadModelDataPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.readUserData)
        Permission getReadUserDataPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.resetUserPassword)
        Permission getResetUserPasswordPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.runRecovery)
        Permission getRunRecoveryPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.saveOwnUserScopePreferences)
        Permission getSaveOwnUserScopePreferencesPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.saveOwnRealmScopePreferences)
        Permission getSaveOwnRealmScopePreferencesPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.saveOwnPartitionScopePreferences)
        Permission getSaveOwnPartitionScopePreferencesPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.joinProcessInstance)
        Permission getJoinProcessInstancePermission();

        @ExecutionPermission(id = ExecutionPermission.Id.spawnPeerProcessInstance)
        Permission getSpawnPeerProcessInstancePermission();

        @ExecutionPermission(id = ExecutionPermission.Id.spawnSubProcessInstance)
        Permission getSpawnSubProcessInstancePermission();

        @ExecutionPermission(id = ExecutionPermission.Id.deployRuntimeArtifact)
        Permission getDeployRuntimeArtifactPermission();

        @ExecutionPermission(id = ExecutionPermission.Id.readRuntimeArtifact, defaults = {ExecutionPermission.Default.ALL})
        Permission getReadRuntimeArtifactPermission();
    }

    /* JADX WARN: Code restructure failed: missing block: B:64:0x023f, code lost:
    
        if (org.eclipse.stardust.engine.core.runtime.beans.UserUtils.isUserDataModified(r0) != false) goto L67;
     */
    /* JADX WARN: Code restructure failed: missing block: B:66:0x0256, code lost:
    
        if (org.eclipse.stardust.engine.core.runtime.beans.removethis.SecurityProperties.isTeamLeader(org.eclipse.stardust.engine.core.runtime.beans.UserBean.findByOid(r0.getOID())) != false) goto L143;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void checkPermission(java.lang.reflect.Method r9, java.lang.Object[] r10) {
        /*
            Method dump skipped, instructions count: 1308
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.stardust.engine.core.runtime.utils.Authorization2.checkPermission(java.lang.reflect.Method, java.lang.Object[]):void");
    }

    protected static long getActivityInstanceOid(Object obj) {
        if (obj instanceof Long) {
            return ((Long) obj).longValue();
        }
        if (obj instanceof ActivityInstanceContextAware) {
            return ((ActivityInstanceContextAware) obj).getActivityInstanceOid();
        }
        throw new ObjectNotFoundException(BpmRuntimeError.ATDB_UNKNOWN_ACTIVITY_INSTANCE_OID.raise(obj));
    }

    public static boolean hasPermission(AuthorizationContext authorizationContext) {
        return authorizationContext.isAdminOverride() || checkPermission(authorizationContext) == null;
    }

    private static String checkPermission(AuthorizationContext authorizationContext) {
        String checkPermission;
        if (authorizationContext.getPermission().changeable()) {
            if (hasAnyOf(authorizationContext.getPermission().getDeniedIds(), authorizationContext)) {
                return PredefinedConstants.ADMINISTRATOR_ROLE;
            }
            if (hasAnyOf(authorizationContext.getPermission().getAllowedIds(), authorizationContext)) {
                return null;
            }
        }
        String[] grants = authorizationContext.getGrants();
        boolean z = false;
        boolean z2 = false;
        for (int i = 0; i < grants.length; i++) {
            if ("__carnot_internal_all_permissions__".equals(grants[i])) {
                z2 = true;
            }
            if ("__carnot_internal_owner_permission__".equals(grants[i])) {
                z = true;
            }
        }
        AuthorizationContext dependency = authorizationContext.getDependency();
        if (dependency != null && (checkPermission = checkPermission(dependency)) != null) {
            if (!z) {
                return checkPermission;
            }
            grants = OWNER_SET;
        }
        if (z2) {
            return null;
        }
        for (String str : grants) {
            if (hasGrant(str, authorizationContext)) {
                return null;
            }
        }
        return grants.length == 0 ? PredefinedConstants.ADMINISTRATOR_ROLE : grants[0];
    }

    private static boolean hasAnyOf(List<String> list, AuthorizationContext authorizationContext) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (hasPermission(it.next(), authorizationContext)) {
                return true;
            }
        }
        return false;
    }

    private static boolean hasPermission(String str, AuthorizationContext authorizationContext) {
        IPreferenceStorageManager current = PreferenceStorageFactory.getCurrent();
        if (current == null) {
            return false;
        }
        List<String> scopedGlobalPermissionValues = PermissionUtils.getScopedGlobalPermissionValues(current, str, false);
        if (scopedGlobalPermissionValues.isEmpty()) {
            return false;
        }
        Iterator<String> it = scopedGlobalPermissionValues.iterator();
        while (it.hasNext()) {
            if (hasGrant(it.next(), authorizationContext)) {
                return true;
            }
        }
        return false;
    }

    private static boolean hasGrant(String str, AuthorizationContext authorizationContext) {
        if (PredefinedConstants.ADMINISTRATOR_ROLE.equals(str) && authorizationContext.getPermission().administratorOverride()) {
            return false;
        }
        if ("__carnot_internal_owner_permission__".equals(str) && authorizationContext.isUserPerformer()) {
            return authorizationContext.userCanPerform();
        }
        IModelParticipant participant = authorizationContext.getParticipant(str);
        if (!authorizationContext.checkRole(participant)) {
            return false;
        }
        if (!authorizationContext.supportsDepartments()) {
            return true;
        }
        if (!authorizationContext.isPrefetchDataAvailable() && authorizationContext.getScopeProcessOid() == 0) {
            return true;
        }
        List<IOrganization> findRestricted = findRestricted(participant);
        if (findRestricted.isEmpty()) {
            return true;
        }
        long targetDepartmentOid = getTargetDepartmentOid(authorizationContext, findRestricted, authorizationContext.requiresNew());
        Iterator<UserParticipantLink> allParticipantLinks = authorizationContext.getUser().getAllParticipantLinks();
        List<Pair> newList = CollectionUtils.newList();
        while (allParticipantLinks.hasNext()) {
            UserParticipantLink next = allParticipantLinks.next();
            IModelParticipant participant2 = next.getParticipant();
            if (participant2 == participant || participant.isAuthorized(participant2)) {
                IDepartment department = next.getDepartment();
                if (department == null) {
                    if (targetDepartmentOid == 0) {
                        UserUtils.setOnBehalfOf(next.getOnBehalfOf());
                        return true;
                    }
                } else {
                    if (targetDepartmentOid == department.getOID()) {
                        UserUtils.setOnBehalfOf(next.getOnBehalfOf());
                        return true;
                    }
                    newList.add(new Pair(department, Long.valueOf(next.getOnBehalfOf())));
                }
            }
        }
        if (targetDepartmentOid == 0 || authorizationContext.findOrganization(DepartmentBean.findByOID(targetDepartmentOid), participant) != findRestricted.get(findRestricted.size() - 1)) {
            return false;
        }
        for (Pair pair : newList) {
            IDepartment iDepartment = (IDepartment) pair.getFirst();
            while (iDepartment != null) {
                iDepartment = iDepartment.getParentDepartment();
                if (iDepartment != null && targetDepartmentOid == iDepartment.getOID()) {
                    UserUtils.setOnBehalfOf(((Long) pair.getSecond()).longValue());
                    return true;
                }
            }
        }
        return false;
    }

    public static long getTargetDepartmentOid(AuthorizationContext authorizationContext, List<IOrganization> list, boolean z) {
        IOrganization iOrganization = list.get(list.size() - 1);
        long departmentOid = authorizationContext.getDepartmentOid();
        if (z || departmentOid > 0) {
            DepartmentBean findByOID = departmentOid == 0 ? null : DepartmentBean.findByOID(departmentOid);
            IOrganization findOrganization = authorizationContext.findOrganization(findByOID, iOrganization);
            IDepartment iDepartment = null;
            if (findOrganization == iOrganization) {
                iDepartment = findByOID;
            } else if (DepartmentUtils.isChild(findOrganization, iOrganization)) {
                iDepartment = findParentDepartment(authorizationContext, findByOID, iOrganization);
            }
            if (iDepartment == null) {
                long evaluateData = evaluateData(authorizationContext, list);
                departmentOid = (evaluateData <= 0 || !DepartmentUtils.isChild(iOrganization, findOrganization)) ? evaluateData : DepartmentUtils.isChild(DepartmentBean.findByOID(evaluateData), findByOID) ? evaluateData : findByOID.getOID();
            } else {
                departmentOid = iDepartment.getOID();
            }
        }
        return departmentOid;
    }

    private static IDepartment findParentDepartment(AuthorizationContext authorizationContext, IDepartment iDepartment, IOrganization iOrganization) {
        return authorizationContext.findOrganization(iDepartment, iOrganization) == iOrganization ? iDepartment : findParentDepartment(authorizationContext, iDepartment.getParentDepartment(), iOrganization);
    }

    public static long evaluateData(AuthorizationContext authorizationContext, List<IOrganization> list) {
        IModel iModel = authorizationContext.getModels().get(0);
        List newList = CollectionUtils.newList(list.size());
        if (authorizationContext.isPrefetchDataAvailable()) {
            for (IOrganization iOrganization : list) {
                String stringAttribute = iOrganization.getStringAttribute("carnot:engine:dataId");
                IData findData = iModel.findData(stringAttribute);
                if (findData == null) {
                    throw new InternalException("No data '" + stringAttribute + "' available for department retrieval.");
                }
                String qName = new QName(findData.getModel().getId(), stringAttribute).toString();
                String stringAttribute2 = iOrganization.getStringAttribute("carnot:engine:dataPath");
                if (authorizationContext.hasValue(qName, stringAttribute2)) {
                    newList.add(authorizationContext.getValue(qName, stringAttribute2));
                } else {
                    newList.add(authorizationContext.getDefaultValue(findData));
                }
            }
        } else {
            List newList2 = CollectionUtils.newList(list.size());
            List newList3 = CollectionUtils.newList(list.size());
            Set newSet = CollectionUtils.newSet();
            for (IOrganization iOrganization2 : list) {
                String stringAttribute3 = iOrganization2.getStringAttribute("carnot:engine:dataId");
                IData findData2 = iModel.findData(stringAttribute3);
                if (findData2 == null) {
                    throw new InternalException("No data '" + stringAttribute3 + "' available for department retrieval.");
                }
                newList2.add(findData2);
                newSet.add(findData2);
                newList3.add(iOrganization2.getStringAttribute("carnot:engine:dataPath"));
                newList.add(null);
            }
            List<IDataValue> findAllForProcessInstance = DataValueBean.findAllForProcessInstance(authorizationContext.getScopeProcessOid(), iModel, newSet);
            if (newSet.size() != findAllForProcessInstance.size()) {
                throw new InternalException("Could not fetch all data values required for department retrieval.");
            }
            Map newMap = CollectionUtils.newMap();
            for (IDataValue iDataValue : findAllForProcessInstance) {
                newMap.put(iDataValue.getData(), iDataValue.getValue());
            }
            for (int i = 0; i < newList2.size(); i++) {
                IData iData = (IData) newList2.get(i);
                Object evaluateDataPath = evaluateDataPath(authorizationContext, iData, (String) newList3.get(i), newMap.get(iData));
                newList.set(i, evaluateDataPath == null ? null : evaluateDataPath.toString());
            }
        }
        if (StringUtils.isEmpty((String) newList.get(0))) {
            return 0L;
        }
        IDepartment iDepartment = null;
        list.get(0);
        for (int i2 = 0; i2 < newList.size() && !StringUtils.isEmpty((String) newList.get(i2)); i2++) {
            try {
                iDepartment = authorizationContext.findById(list.get(i2), newList.subList(0, i2 + 1), iDepartment);
            } catch (ObjectNotFoundException e) {
            }
        }
        if (iDepartment == null) {
            return 0L;
        }
        return iDepartment.getOID();
    }

    public static List<IOrganization> findRestricted(IModelParticipant iModelParticipant) {
        List<IOrganization> newList = CollectionUtils.newList();
        findRestricted(newList, iModelParticipant);
        Collections.reverse(newList);
        return newList;
    }

    private static Object evaluateDataPath(AuthorizationContext authorizationContext, final IData iData, String str, final Object obj) {
        return SpiUtils.createExtendedAccessPathEvaluator(iData, str).evaluate(iData, obj, str, new AccessPathEvaluationContext(new SymbolTable() { // from class: org.eclipse.stardust.engine.core.runtime.utils.Authorization2.1
            @Override // org.eclipse.stardust.engine.core.compatibility.el.SymbolTable
            public Object lookupSymbol(String str2) {
                if (str2.equals(IData.this.getId())) {
                    return obj;
                }
                return null;
            }

            @Override // org.eclipse.stardust.engine.core.compatibility.el.SymbolTable
            public AccessPoint lookupSymbolType(String str2) {
                if (str2.equals(IData.this.getId())) {
                    return IData.this;
                }
                return null;
            }
        }, authorizationContext.getScopeProcessOid()));
    }

    private static void findRestricted(List<IOrganization> list, IModelParticipant iModelParticipant) {
        if ((iModelParticipant instanceof IOrganization) && iModelParticipant.getBooleanAttribute(PredefinedConstants.BINDING_ATT)) {
            list.add((IOrganization) iModelParticipant);
        }
        Iterator allOrganizations = iModelParticipant.getAllOrganizations();
        if (allOrganizations.hasNext()) {
            findRestricted(list, (IModelParticipant) allOrganizations.next());
        }
    }

    public static List<Permission> getPermissions(Class<? extends Service> cls) {
        ArrayList arrayList = new ArrayList();
        boolean isGuarded = isGuarded(cls);
        ModelManager current = ModelManagerFactory.getCurrent();
        IModel findActiveModel = current.findActiveModel();
        Map newMap = CollectionUtils.newMap();
        Map newMap2 = CollectionUtils.newMap();
        for (Method method : cls.getMethods()) {
            AuthorizationContext create = AuthorizationContext.create(method);
            ClientPermission permission = create.getPermission();
            if (permission != null && !isPermissionProcessed(newMap, permission)) {
                ArrayList arrayList2 = new ArrayList();
                Iterator<IModel> allModels = current.getAllModels();
                while (allModels.hasNext()) {
                    IModel next = allModels.next();
                    Scope scope = getScope(next, null, newMap2);
                    if (permission.scope() != ExecutionPermission.Scope.model || findActiveModel == null) {
                        ModelElementList<IProcessDefinition> processDefinitions = next.getProcessDefinitions();
                        for (int i = 0; i < processDefinitions.size(); i++) {
                            IProcessDefinition iProcessDefinition = processDefinitions.get(i);
                            Scope scope2 = getScope(iProcessDefinition, scope, newMap2);
                            if (permission.scope() == ExecutionPermission.Scope.processDefinition) {
                                addScope(isGuarded, create, arrayList2, next, iProcessDefinition, scope2);
                            } else if (permission.scope() == ExecutionPermission.Scope.activity) {
                                ModelElementList<IActivity> activities = iProcessDefinition.getActivities();
                                for (int i2 = 0; i2 < activities.size(); i2++) {
                                    IActivity iActivity = activities.get(i2);
                                    addScope(isGuarded, create, arrayList2, next, iActivity, getScope(iActivity, scope2, newMap2));
                                }
                            }
                        }
                    } else {
                        addScope(isGuarded, create, arrayList2, findActiveModel, findActiveModel, scope);
                    }
                }
                if (!arrayList2.isEmpty()) {
                    arrayList.add(new Permission(create.getPermissionId().substring("authorization:".length()), arrayList2));
                }
            }
        }
        return arrayList;
    }

    private static void addScope(boolean z, AuthorizationContext authorizationContext, List<Scope> list, IModel iModel, ModelElement modelElement, Scope scope) {
        if (z) {
            authorizationContext.setModelElementData(modelElement);
            if (!hasPermission(authorizationContext)) {
                return;
            }
        }
        list.add(scope);
    }

    private static Scope getScope(ModelElement modelElement, Scope scope, Map<ModelElement, Scope> map) {
        Scope scope2 = map.get(modelElement);
        if (scope2 == null) {
            if ((modelElement instanceof IActivity) && (scope instanceof ProcessScope)) {
                scope2 = new ActivityScope((ProcessScope) scope, ((IActivity) modelElement).getId());
            } else if ((modelElement instanceof IProcessDefinition) && (scope instanceof ModelScope)) {
                scope2 = new ProcessScope((ModelScope) scope, ((IProcessDefinition) modelElement).getId());
            } else if ((modelElement instanceof IModel) && scope == null) {
                scope2 = new ModelScope(((IModel) modelElement).getModelOID());
            }
            if (scope2 != null) {
                map.put(modelElement, scope2);
            }
        }
        return scope2;
    }

    private static boolean isGuarded(Class<? extends Service> cls) {
        String name = cls.getName();
        int lastIndexOf = name.lastIndexOf(46);
        if (lastIndexOf > 0) {
            name = name.substring(lastIndexOf + 1);
        }
        return Parameters.instance().getBoolean(name + ".Guarded", true);
    }

    private static boolean isPermissionProcessed(Map<ExecutionPermission.Scope, Set<ExecutionPermission.Id>> map, ClientPermission clientPermission) {
        Set<ExecutionPermission.Id> set = map.get(clientPermission.scope());
        if (set == null) {
            Set<ExecutionPermission.Id> newSet = CollectionUtils.newSet();
            newSet.add(clientPermission.id());
            map.put(clientPermission.scope(), newSet);
            return false;
        }
        if (set.contains(clientPermission.id())) {
            return true;
        }
        set.add(clientPermission.id());
        return false;
    }

    public static List<Permission> getGlobalPermissions() {
        return getPermissions(GlobalPermissionSpecificService.class);
    }
}
