package org.apache.jetspeed.services.security.ldap;

import java.util.Enumeration;
import java.util.Iterator;
import java.util.Vector;
import javax.naming.directory.BasicAttributes;
import javax.servlet.ServletConfig;
import org.apache.jetspeed.om.security.Permission;
import org.apache.jetspeed.om.security.ldap.LDAPPermission;
import org.apache.jetspeed.om.security.ldap.LDAPRole;
import org.apache.jetspeed.services.JetspeedLDAP;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.ldap.LDAPURL;
import org.apache.jetspeed.services.rundata.JetspeedRunData;
import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
import org.apache.jetspeed.services.security.JetspeedSecurityCache;
import org.apache.jetspeed.services.security.JetspeedSecurityException;
import org.apache.jetspeed.services.security.JetspeedSecurityService;
import org.apache.jetspeed.services.security.PermissionException;
import org.apache.jetspeed.services.security.PermissionManagement;
import org.apache.turbine.services.InitializationException;
import org.apache.turbine.services.TurbineBaseService;
import org.apache.turbine.services.TurbineServices;
import org.apache.turbine.services.resources.ResourceService;
import org.apache.turbine.services.rundata.RunDataService;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/j-portal1.6.jar:org/apache/jetspeed/services/security/ldap/LDAPPermissionManagement.class
 */
/* loaded from: input_file:WEB-INF/conf/template.war:WEB-INF/lib/j-portal1.6.jar:org/apache/jetspeed/services/security/ldap/LDAPPermissionManagement.class */
public class LDAPPermissionManagement extends TurbineBaseService implements PermissionManagement {
    private static final String CASCADE_DELETE = "programmatic.cascade.delete";
    private static final String CACHING_ENABLE = "caching.enable";
    private static final boolean DEFAULT_CASCADE_DELETE = true;
    private static final boolean DEFAULT_CACHING_ENABLE = true;
    private static final String[] ATTRS = {"ou", "uid", "permissionname"};
    private JetspeedRunDataService runDataService = null;
    private boolean cascadeDelete = false;
    private boolean cachingEnable = false;

    @Override // org.apache.jetspeed.services.security.PermissionManagement
    public Iterator getPermissions(String str) throws JetspeedSecurityException {
        Iterator permissions;
        Vector vector = new Vector();
        new BasicAttributes();
        try {
            if (this.cachingEnable && (permissions = JetspeedSecurityCache.getPermissions(str)) != null) {
                return permissions;
            }
            Vector search = JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=roles"), new StringBuffer().append("(&(uid=").append(str).append(")(objectclass=jetspeedrole))").toString(), ATTRS, true);
            if (search.size() > 0) {
                Enumeration elements = new LDAPRole((LDAPURL) ((Vector) search.elementAt(0)).firstElement()).getRolePermissions().elements();
                while (elements.hasMoreElements()) {
                    vector.add(new LDAPPermission((String) elements.nextElement(), false));
                }
            }
            return vector.iterator();
        } catch (Exception e) {
            throw new PermissionException("Failed to retrieve permissions ", e);
        }
    }

    @Override // org.apache.jetspeed.services.security.PermissionManagement
    public Iterator getPermissions() throws JetspeedSecurityException {
        new BasicAttributes();
        Vector vector = new Vector();
        try {
            Vector search = JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=permissions"), "(objectclass=jetspeedpermission)", ATTRS, true);
            if (search.size() <= 0) {
                throw new PermissionException("No permission ");
            }
            Enumeration elements = search.elements();
            while (elements.hasMoreElements()) {
                vector.add(new LDAPPermission((LDAPURL) ((Vector) elements.nextElement()).firstElement()));
            }
            return vector.iterator();
        } catch (Exception e) {
            throw new PermissionException("Failed to retrieve permissions ", e);
        }
    }

    @Override // org.apache.jetspeed.services.security.PermissionManagement
    public void addPermission(Permission permission) throws JetspeedSecurityException {
        if (permissionExists(permission.getName())) {
            throw new PermissionException(new StringBuffer().append("The permission '").append(permission.getName()).append("' already exists").toString());
        }
        try {
            new LDAPPermission(permission.getName(), true).update(true);
        } catch (Exception e) {
            throw new PermissionException(new StringBuffer().append("Failed to create permission '").append(permission.getName()).append("'").toString(), e);
        }
    }

    @Override // org.apache.jetspeed.services.security.PermissionManagement
    public void savePermission(Permission permission) throws JetspeedSecurityException {
    }

    @Override // org.apache.jetspeed.services.security.PermissionManagement
    public void removePermission(String str) throws JetspeedSecurityException {
        try {
            JetspeedLDAP.deleteEntry(new LDAPPermission(str, false).getldapurl());
            if (this.cascadeDelete) {
            }
            if (this.cachingEnable) {
                JetspeedSecurityCache.removeAllPermissions(str);
            }
        } catch (Exception e) {
            throw new PermissionException(new StringBuffer().append("Failed to remove permission '").append(str).append("'").toString(), e);
        }
    }

    @Override // org.apache.jetspeed.services.security.PermissionManagement
    public void grantPermission(String str, String str2) throws JetspeedSecurityException {
        new BasicAttributes();
        try {
            LDAPRole lDAPRole = (LDAPRole) JetspeedSecurity.getRole(str);
            LDAPPermission lDAPPermission = (LDAPPermission) JetspeedSecurity.getPermission(str2);
            lDAPRole.addRolePermissions(str2);
            lDAPRole.update(false);
            if (this.cachingEnable) {
                JetspeedSecurityCache.addPermission(str, lDAPPermission);
            }
        } catch (Exception e) {
            throw new PermissionException(new StringBuffer().append("Grant permission '").append(str2).append("' to role '").append(str).append("' failed: ").toString(), e);
        }
    }

    @Override // org.apache.jetspeed.services.security.PermissionManagement
    public void revokePermission(String str, String str2) throws JetspeedSecurityException {
        new BasicAttributes();
        try {
            Vector search = JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=roles"), new StringBuffer().append("(&(uid=").append(str).append(")(objectclass=jetspeedrole))").toString(), ATTRS, true);
            if (search.size() == 0) {
                throw new PermissionException(new StringBuffer().append("Role '").append(str).append("' does not exist!").toString());
            }
            LDAPRole lDAPRole = new LDAPRole((LDAPURL) ((Vector) search.elementAt(0)).firstElement());
            lDAPRole.getRolePermissions().remove(str2);
            lDAPRole.update(false);
            if (this.cachingEnable) {
                JetspeedSecurityCache.removePermission(str, str2);
            }
        } catch (Exception e) {
            throw new PermissionException(new StringBuffer().append("Revoke permission '").append(str2).append("' to role '").append(str).append("' failed: ").toString(), e);
        }
    }

    @Override // org.apache.jetspeed.services.security.PermissionManagement
    public boolean hasPermission(String str, String str2) throws JetspeedSecurityException {
        new BasicAttributes();
        try {
            if (this.cachingEnable) {
                return JetspeedSecurityCache.hasPermission(str, str2);
            }
            Vector search = JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=roles"), new StringBuffer().append("(&(uid=").append(str).append(")(objectclass=jetspeedrole))").toString(), ATTRS, true);
            if (search.size() > 0) {
                return new LDAPRole((LDAPURL) ((Vector) search.elementAt(0)).firstElement()).permissionExists(str2);
            }
            return false;
        } catch (Exception e) {
            throw new PermissionException(new StringBuffer().append("Grant permission '").append(str2).append("' to role '").append(str).append("' failed: ").toString(), e);
        }
    }

    @Override // org.apache.jetspeed.services.security.PermissionManagement
    public Permission getPermission(String str) throws JetspeedSecurityException {
        if (permissionExists(str)) {
            return new LDAPPermission(str, false);
        }
        throw new PermissionException(new StringBuffer().append("Unknown permission '").append(str).append("'").toString());
    }

    protected JetspeedRunData getRunData() {
        JetspeedRunData jetspeedRunData = null;
        if (this.runDataService != null) {
            jetspeedRunData = this.runDataService.getCurrentRunData();
        }
        return jetspeedRunData;
    }

    protected boolean permissionExists(String str) throws PermissionException {
        new BasicAttributes();
        try {
            return JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=permissions"), new StringBuffer().append("(&(uid=").append(str).append(")(objectclass=jetspeedpermission))").toString(), ATTRS, true).size() > 0;
        } catch (Exception e) {
            e.printStackTrace();
            throw new PermissionException("Failed to retrieve permission ", e);
        }
    }

    @Override // org.apache.turbine.services.TurbineBaseService
    public synchronized void init(ServletConfig servletConfig) throws InitializationException {
        if (getInit()) {
            return;
        }
        super.init(servletConfig);
        ResourceService resources = ((TurbineServices) TurbineServices.getInstance()).getResources(JetspeedSecurityService.SERVICE_NAME);
        this.runDataService = (JetspeedRunDataService) TurbineServices.getInstance().getService(RunDataService.SERVICE_NAME);
        this.cascadeDelete = resources.getBoolean(CASCADE_DELETE, true);
        this.cachingEnable = resources.getBoolean(CACHING_ENABLE, this.cachingEnable);
        setInit(true);
    }
}
