package com.filenet.apiimpl.util;

import com.filenet.api.collection.AccessPermissionList;
import com.filenet.api.constants.AccessRight;
import com.filenet.api.constants.ClassNames;
import com.filenet.api.constants.PermissionSource;
import com.filenet.api.constants.RefreshMode;
import com.filenet.api.core.Domain;
import com.filenet.api.core.Factory;
import com.filenet.api.core.IndependentlyPersistableObject;
import com.filenet.api.core.ObjectStore;
import com.filenet.api.core.UpdatingBatch;
import com.filenet.api.exception.EngineRuntimeException;
import com.filenet.api.exception.ExceptionCode;
import com.filenet.api.meta.ClassDescription;
import com.filenet.api.property.Properties;
import com.filenet.api.property.Property;
import com.filenet.api.query.SearchSQL;
import com.filenet.api.query.SearchScope;
import com.filenet.api.security.AccessPermission;
import com.filenet.api.security.CmAbstractPermission;
import com.filenet.api.security.CmDelegatedAccessPermission;
import com.filenet.api.security.CmExtendedPermission;
import com.filenet.api.security.CmRole;
import com.filenet.api.security.CmRolePermission;
import com.filenet.api.util.Id;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;

/* loaded from: input_file:com/filenet/apiimpl/util/SecurityBlitzer.class */
public class SecurityBlitzer {
    public static final String ROLE_GRANTEE_PREFIX = "#ROLE:";
    private static int DEFAULT_BATCH_SIZE = 50;
    private static int NO_UPDATE = 0;
    private static int UPDATE = 1;
    private static int UPDATE_BREAK_BATCH = 2;
    private Domain domain;
    private ObjectStore singleTargetOS;
    private ProgressReporter reporter;
    private ArrayList<OperationDetail> operations = new ArrayList<>();
    private HashSet<String> excludedClasses = new HashSet<>();
    private boolean hasOwnerOp = false;
    private boolean hasDefaultOwnerOp = false;
    private int batchSize = DEFAULT_BATCH_SIZE;

    /* loaded from: input_file:com/filenet/apiimpl/util/SecurityBlitzer$Operation.class */
    public enum Operation {
        CLONE,
        REPLACE,
        REMOVE,
        REPLACE_OWNER,
        REPLACE_DEFAULT_OWNER,
        REMOVE_STALE,
        REPLACE_STALE_OWNER
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/filenet/apiimpl/util/SecurityBlitzer$OperationDetail.class */
    public static class OperationDetail {
        Operation operation;
        String matchGrantee;
        String newGrantee;

        private OperationDetail() {
        }
    }

    /* loaded from: input_file:com/filenet/apiimpl/util/SecurityBlitzer$ProgressReporter.class */
    public interface ProgressReporter {
        void reportProgress(String str);

        void reportProblem(String str);
    }

    public SecurityBlitzer(Domain domain, ProgressReporter progressReporter) {
        this.domain = domain;
        this.reporter = progressReporter;
    }

    public SecurityBlitzer(ObjectStore objectStore, ProgressReporter progressReporter) {
        this.singleTargetOS = objectStore;
        this.domain = Factory.Domain.fetchInstance(objectStore.getConnection(), null, null);
        this.reporter = progressReporter;
    }

    public void addOperation(Operation operation, String str, String str2) {
        OperationDetail operationDetail = new OperationDetail();
        operationDetail.operation = operation;
        operationDetail.matchGrantee = str;
        operationDetail.newGrantee = str2;
        this.operations.add(operationDetail);
        if (operation == Operation.REPLACE_OWNER || operation == Operation.REPLACE_STALE_OWNER) {
            this.hasOwnerOp = true;
        }
        if (operation == Operation.REPLACE_DEFAULT_OWNER) {
            this.hasDefaultOwnerOp = true;
        }
    }

    public void excludeClass(String str) {
        this.excludedClasses.add(str);
    }

    public void setBatchSize(int i) {
        this.batchSize = i;
    }

    public void blitz() {
        Iterator<OperationDetail> it = this.operations.iterator();
        while (it.hasNext()) {
            OperationDetail next = it.next();
            switch (next.operation) {
                case CLONE:
                    reportProgress("*** Blitzing copy " + next.matchGrantee + " to " + next.newGrantee);
                    break;
                case REPLACE:
                    reportProgress("*** Blitzing replace " + next.matchGrantee + " by " + next.newGrantee);
                    break;
                case REMOVE:
                    reportProgress("*** Blitzing remove " + next.matchGrantee);
                    break;
                case REMOVE_STALE:
                    reportProgress("*** Blitzing remove stale");
                    break;
                case REPLACE_OWNER:
                    reportProgress("*** Blitzing replace owner" + next.matchGrantee + " by " + next.newGrantee);
                    break;
                case REPLACE_STALE_OWNER:
                    reportProgress("*** Blitzing replace stale owner by " + next.newGrantee);
                    break;
            }
        }
        if (this.singleTargetOS == null) {
            processDomain();
        } else {
            processInObjectStore(this.singleTargetOS);
        }
        this.operations.clear();
        this.excludedClasses.clear();
    }

    private void processDomain() {
        this.domain.refresh();
        if (processObject(null, this.domain) != NO_UPDATE) {
            this.domain.save(RefreshMode.REFRESH);
        }
        Iterator it = this.domain.get_ObjectStores().iterator();
        while (it.hasNext()) {
            processObjectStore((ObjectStore) it.next());
        }
    }

    private void processObjectStore(ObjectStore objectStore) {
        objectStore.refresh();
        reportProgress("Processing object store " + objectStore.get_Name());
        if (processObject(null, objectStore) != NO_UPDATE) {
            objectStore.save(RefreshMode.REFRESH);
        }
        processInObjectStore(objectStore);
    }

    private void processInObjectStore(ObjectStore objectStore) {
        SearchScope searchScope = new SearchScope(objectStore);
        Iterator<String> rootSearchableClasses = getRootSearchableClasses(searchScope);
        while (rootSearchableClasses.hasNext()) {
            String next = rootSearchableClasses.next();
            if (this.excludedClasses.contains(next)) {
                reportProgress("    Skipping class " + next);
            } else {
                processClass(objectStore, searchScope, next);
            }
        }
    }

    private void processClass(ObjectStore objectStore, SearchScope searchScope, String str) {
        reportProgress("    Processing objects of class " + str);
        UpdatingBatch updatingBatch = null;
        int i = 0;
        for (IndependentlyPersistableObject independentlyPersistableObject : searchScope.fetchObjects(new SearchSQL("SELECT * FROM " + str), null, null, true)) {
            int processObject = processObject(objectStore, independentlyPersistableObject);
            if (processObject != NO_UPDATE) {
                if (updatingBatch == null) {
                    updatingBatch = UpdatingBatch.createUpdatingBatchInstance(this.domain, RefreshMode.NO_REFRESH);
                }
                updatingBatch.add(independentlyPersistableObject, null);
                i++;
                if (i >= this.batchSize || processObject == UPDATE_BREAK_BATCH) {
                    reportProgress("      Committing batch of " + i);
                    updatingBatch.updateBatch();
                    updatingBatch = null;
                    i = 0;
                }
            }
        }
        if (updatingBatch != null) {
            reportProgress("      Committing batch of " + i);
            updatingBatch.updateBatch();
        }
    }

    private int processObject(ObjectStore objectStore, IndependentlyPersistableObject independentlyPersistableObject) {
        int i = NO_UPDATE;
        boolean z = true;
        if ((independentlyPersistableObject.getAccessAllowed().intValue() & 262144) == 0) {
            z = false;
        }
        Properties properties = independentlyPersistableObject.getProperties();
        Property find = properties.find("Permissions");
        if (find != null) {
            i = applyOperations(objectStore, (AccessPermissionList) find.getDependentObjectListValue(), !z);
        }
        Property find2 = properties.find("DefaultInstancePermissions");
        if (find2 != null) {
            if (applyOperations(objectStore, (AccessPermissionList) find2.getDependentObjectListValue(), !z) != NO_UPDATE && i == NO_UPDATE) {
                i = UPDATE;
            }
        }
        Property find3 = properties.find("Owner");
        if (find3 != null && this.hasOwnerOp) {
            boolean isSettable = ((independentlyPersistableObject.getAccessAllowed().intValue() & AccessRight.WRITE_OWNER_AS_INT) != 0) & find3.isSettable();
            if (applyOwnerOperations(properties, find3.getStringValue(), !isSettable)) {
                if (i == NO_UPDATE) {
                    i = UPDATE;
                }
                if (!isSettable) {
                    z = false;
                }
            }
        }
        Property find4 = properties.find("DefaultInstanceOwner");
        if (find4 != null && this.hasDefaultOwnerOp) {
            boolean z2 = (independentlyPersistableObject.getAccessAllowed().intValue() & 2) != 0;
            if (applyDefaultOwnerOperations(properties, find4.getStringValue(), !z2)) {
                if (i == NO_UPDATE) {
                    i = UPDATE;
                }
                if (!z2) {
                    z = false;
                }
            }
        }
        if (i != NO_UPDATE) {
            if (z) {
                reportProgress("      Updating object " + independentlyPersistableObject.getObjectReference());
            } else {
                reportProblem("      Required update cannot be performed due to insufficient permission or full proxy: " + independentlyPersistableObject.getObjectReference());
                i = NO_UPDATE;
            }
        }
        return i;
    }

    private int applyOperations(ObjectStore objectStore, AccessPermissionList accessPermissionList, boolean z) {
        int i = NO_UPDATE;
        Iterator<OperationDetail> it = this.operations.iterator();
        while (it.hasNext()) {
            OperationDetail next = it.next();
            if (next.operation != Operation.REPLACE_OWNER && next.operation != Operation.REPLACE_STALE_OWNER) {
                for (int size = accessPermissionList.size() - 1; size >= 0; size--) {
                    AccessPermission accessPermission = (AccessPermission) accessPermissionList.get(size);
                    PermissionSource permissionSource = PermissionSource.SOURCE_DIRECT;
                    if (accessPermission.getProperties().isPropertyPresent("PermissionSource")) {
                        permissionSource = accessPermission.get_PermissionSource();
                    }
                    if (permissionSource.equals(PermissionSource.SOURCE_DIRECT) || permissionSource.equals(PermissionSource.SOURCE_DEFAULT)) {
                        if (next.operation == Operation.REMOVE_STALE) {
                            if (accessPermission instanceof CmRolePermission) {
                                if (((CmRolePermission) accessPermission).get_Role() == null) {
                                    i = getChangeStatus(i, accessPermission);
                                    if (!z) {
                                        accessPermissionList.remove(size);
                                    }
                                }
                            } else if (accessPermission instanceof CmDelegatedAccessPermission) {
                                CmDelegatedAccessPermission cmDelegatedAccessPermission = (CmDelegatedAccessPermission) accessPermission;
                                if (isStalePrincipal(cmDelegatedAccessPermission.get_DelegateName()) || isStalePrincipal(cmDelegatedAccessPermission.get_DelegatingUserName())) {
                                    i = getChangeStatus(i, accessPermission);
                                    if (!z) {
                                        accessPermissionList.remove(size);
                                    }
                                }
                            } else if (isStalePrincipal(accessPermission.get_GranteeName())) {
                                i = getChangeStatus(i, accessPermission);
                                if (!z) {
                                    accessPermissionList.remove(size);
                                }
                            }
                        } else if (accessPermission instanceof CmDelegatedAccessPermission) {
                            CmDelegatedAccessPermission cmDelegatedAccessPermission2 = (CmDelegatedAccessPermission) accessPermission;
                            boolean equalsIgnoreCase = next.matchGrantee.equalsIgnoreCase(cmDelegatedAccessPermission2.get_DelegatingUserName());
                            boolean equalsIgnoreCase2 = next.matchGrantee.equalsIgnoreCase(cmDelegatedAccessPermission2.get_DelegateName());
                            if (equalsIgnoreCase || equalsIgnoreCase2) {
                                i = getChangeStatus(i, accessPermission);
                                if (!z) {
                                    switch (next.operation) {
                                        case REPLACE:
                                            accessPermissionList.remove(size);
                                            break;
                                        case REMOVE:
                                            accessPermissionList.remove(size);
                                            break;
                                    }
                                    accessPermissionList.add(createDelegatedPermission(objectStore, cmDelegatedAccessPermission2, next.newGrantee, equalsIgnoreCase2, equalsIgnoreCase));
                                }
                            }
                        } else if (!(accessPermission instanceof CmExtendedPermission) && accessPermission.get_GranteeName().equalsIgnoreCase(next.matchGrantee)) {
                            i = getChangeStatus(i, accessPermission);
                            if (!z) {
                                switch (next.operation) {
                                    case REPLACE:
                                        accessPermissionList.remove(size);
                                        break;
                                    case REMOVE:
                                        accessPermissionList.remove(size);
                                        break;
                                }
                                accessPermissionList.add(createPermission(objectStore, accessPermission, next.newGrantee));
                            }
                        }
                    }
                }
            }
        }
        return i;
    }

    private static int getChangeStatus(int i, AccessPermission accessPermission) {
        return accessPermission.get_InheritableDepth().intValue() == 0 ? i == NO_UPDATE ? UPDATE : i : UPDATE_BREAK_BATCH;
    }

    private boolean applyOwnerOperations(Properties properties, String str, boolean z) {
        boolean z2 = false;
        if (str != null) {
            Iterator<OperationDetail> it = this.operations.iterator();
            while (it.hasNext()) {
                OperationDetail next = it.next();
                if (next.operation == Operation.REPLACE_OWNER) {
                    if (str.equalsIgnoreCase(next.matchGrantee)) {
                        z2 = true;
                        if (!z) {
                            properties.putValue("Owner", next.newGrantee);
                        }
                    }
                } else if (next.operation == Operation.REPLACE_STALE_OWNER && isStalePrincipal(str)) {
                    z2 = true;
                    if (!z) {
                        properties.putValue("Owner", next.newGrantee);
                    }
                }
            }
        }
        return z2;
    }

    private boolean applyDefaultOwnerOperations(Properties properties, String str, boolean z) {
        boolean z2 = false;
        if (str != null) {
            Iterator<OperationDetail> it = this.operations.iterator();
            while (it.hasNext()) {
                OperationDetail next = it.next();
                if (next.operation == Operation.REPLACE_DEFAULT_OWNER && str.equalsIgnoreCase(next.matchGrantee)) {
                    z2 = true;
                    if (!z) {
                        properties.putValue("DefaultInstanceOwner", next.newGrantee);
                    }
                }
            }
        }
        return z2;
    }

    private Iterator<String> getRootSearchableClasses(SearchScope searchScope) {
        HashMap hashMap = new HashMap();
        for (ClassDescription classDescription : searchScope.fetchSearchableClassDescriptions(null, null)) {
            String str = classDescription.get_SymbolicName();
            if (!str.equals("ContentSearch") && !str.equals(ClassNames.VERSIONABLE)) {
                hashMap.put(str, classDescription);
            }
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = hashMap.entrySet().iterator();
        while (it.hasNext()) {
            ClassDescription classDescription2 = (ClassDescription) ((Map.Entry) it.next()).getValue();
            ClassDescription classDescription3 = classDescription2.get_SuperclassDescription();
            if (classDescription3 == null || !hashMap.containsKey(classDescription3.get_SymbolicName())) {
                arrayList.add(classDescription2.get_SymbolicName());
            }
        }
        return arrayList.iterator();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private CmAbstractPermission createPermission(ObjectStore objectStore, CmAbstractPermission cmAbstractPermission, String str) {
        AccessPermission accessPermission;
        Id id;
        if (str == null || !str.startsWith(ROLE_GRANTEE_PREFIX)) {
            AccessPermission accessPermission2 = (AccessPermission) cmAbstractPermission;
            AccessPermission createInstance = Factory.AccessPermission.createInstance();
            createInstance.set_AccessType(accessPermission2.get_AccessType());
            createInstance.set_GranteeName(str);
            createInstance.set_AccessMask(accessPermission2.get_AccessMask());
            accessPermission = createInstance;
        } else {
            String[] split = str.substring(ROLE_GRANTEE_PREFIX.length()).split(":");
            ObjectStore objectStore2 = objectStore;
            if (split.length == 1) {
                id = new Id(split[0]);
            } else {
                id = new Id(split[1]);
                objectStore2 = Factory.ObjectStore.getInstance(this.domain, new Id(split[0]));
            }
            CmRole cmRole = Factory.CmRole.getInstance(objectStore2, id);
            CmRolePermission createInstance2 = Factory.CmRolePermission.createInstance();
            createInstance2.set_Role(cmRole);
            accessPermission = createInstance2;
        }
        accessPermission.set_InheritableDepth(cmAbstractPermission.get_InheritableDepth());
        return accessPermission;
    }

    private CmDelegatedAccessPermission createDelegatedPermission(ObjectStore objectStore, CmDelegatedAccessPermission cmDelegatedAccessPermission, String str, boolean z, boolean z2) {
        CmDelegatedAccessPermission createInstance = Factory.CmDelegatedAccessPermission.createInstance();
        if (z) {
            createInstance.set_DelegateName(str);
        } else {
            createInstance.set_DelegateName(cmDelegatedAccessPermission.get_DelegateName());
        }
        if (z2) {
            createInstance.set_DelegatingUserName(str);
        } else {
            createInstance.set_DelegatingUserName(cmDelegatedAccessPermission.get_DelegatingUserName());
        }
        createInstance.set_AccessMask(cmDelegatedAccessPermission.get_AccessMask());
        createInstance.set_InheritableDepth(cmDelegatedAccessPermission.get_InheritableDepth());
        return cmDelegatedAccessPermission;
    }

    private boolean isStalePrincipal(String str) {
        if (!str.startsWith("S-1-")) {
            return false;
        }
        try {
            Factory.SecurityPrincipal.fetchInstance(this.domain.getConnection(), str, null);
            return false;
        } catch (EngineRuntimeException e) {
            if (e.getExceptionCode().equals(ExceptionCode.E_OBJECT_NOT_FOUND)) {
                return true;
            }
            throw e;
        }
    }

    private void reportProgress(String str) {
        if (this.reporter != null) {
            this.reporter.reportProgress(str);
        }
    }

    private void reportProblem(String str) {
        if (this.reporter != null) {
            this.reporter.reportProblem(str);
        }
    }
}
