package com.orientechnologies.orient.core.metadata.security;

import com.orientechnologies.common.log.OLogManager;
import com.orientechnologies.orient.core.annotation.OBeforeDeserialization;
import com.orientechnologies.orient.core.db.record.OIdentifiable;
import com.orientechnologies.orient.core.metadata.security.ORule;
import com.orientechnologies.orient.core.metadata.security.OSecurityRole;
import com.orientechnologies.orient.core.record.impl.ODocument;
import com.orientechnologies.orient.core.sql.functions.stat.OSQLFunctionMode;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:WEB-INF/lib/orientdb-core-2.2.30.jar:com/orientechnologies/orient/core/metadata/security/ORole.class */
public class ORole extends OIdentity implements OSecurityRole {
    public static final String ADMIN = "admin";
    public static final String CLASS_NAME = "ORole";
    public static final int PERMISSION_NONE = 0;
    public static final int PERMISSION_CREATE = registerPermissionBit(0, "Create");
    public static final int PERMISSION_READ = registerPermissionBit(1, "Read");
    public static final int PERMISSION_UPDATE = registerPermissionBit(2, "Update");
    public static final int PERMISSION_DELETE = registerPermissionBit(3, "Delete");
    public static final int PERMISSION_EXECUTE = registerPermissionBit(4, "Execute");
    public static final int PERMISSION_ALL = (((PERMISSION_CREATE + PERMISSION_READ) + PERMISSION_UPDATE) + PERMISSION_DELETE) + PERMISSION_EXECUTE;
    protected static final byte STREAM_DENY = 0;
    protected static final byte STREAM_ALLOW = 1;
    private static final long serialVersionUID = 1;
    private static Map<Integer, String> PERMISSION_BIT_NAMES;
    protected OSecurityRole.ALLOW_MODES mode;
    protected ORole parentRole;
    private Map<ORule.ResourceGeneric, ORule> rules;

    public ORole() {
        this.mode = OSecurityRole.ALLOW_MODES.DENY_ALL_BUT;
        this.rules = new HashMap();
    }

    public ORole(String str, ORole oRole, OSecurityRole.ALLOW_MODES allow_modes) {
        super(CLASS_NAME);
        this.mode = OSecurityRole.ALLOW_MODES.DENY_ALL_BUT;
        this.rules = new HashMap();
        this.document.field("name", (Object) str);
        this.parentRole = oRole;
        this.document.field("inheritedRole", (Object) (oRole != null ? oRole.getDocument() : null));
        setMode(allow_modes);
        updateRolesDocumentContent();
    }

    public ORole(ODocument oDocument) {
        this.mode = OSecurityRole.ALLOW_MODES.DENY_ALL_BUT;
        this.rules = new HashMap();
        fromStream(oDocument);
    }

    public static String permissionToString(int i) {
        int i2 = i;
        StringBuilder sb = new StringBuilder(128);
        for (Map.Entry<Integer, String> entry : PERMISSION_BIT_NAMES.entrySet()) {
            if ((i2 & entry.getKey().intValue()) == entry.getKey().intValue()) {
                if (sb.length() > 0) {
                    sb.append(", ");
                }
                sb.append(entry.getValue());
                i2 &= entry.getKey().intValue() ^ (-1);
            }
        }
        if (i2 != 0) {
            if (sb.length() > 0) {
                sb.append(", ");
            }
            sb.append("Unknown 0x");
            sb.append(Integer.toHexString(i2));
        }
        return sb.toString();
    }

    public static int registerPermissionBit(int i, String str) {
        if (i < 0 || i > 31) {
            throw new IndexOutOfBoundsException("Permission bit number must be positive and less than 32");
        }
        int i2 = 1 << i;
        if (PERMISSION_BIT_NAMES == null) {
            PERMISSION_BIT_NAMES = new HashMap();
        }
        if (PERMISSION_BIT_NAMES.containsKey(Integer.valueOf(i2))) {
            throw new IndexOutOfBoundsException("Permission bit number " + String.valueOf(i) + " already in use");
        }
        PERMISSION_BIT_NAMES.put(Integer.valueOf(i2), str);
        return i2;
    }

    @Override // com.orientechnologies.orient.core.type.ODocumentWrapper
    @OBeforeDeserialization
    public void fromStream(ODocument oDocument) {
        if (this.document != null) {
            return;
        }
        this.document = oDocument;
        try {
            Number number = (Number) this.document.field(OSQLFunctionMode.NAME);
            this.mode = number == null ? OSecurityRole.ALLOW_MODES.DENY_ALL_BUT : number.byteValue() == 1 ? OSecurityRole.ALLOW_MODES.ALLOW_ALL_BUT : OSecurityRole.ALLOW_MODES.DENY_ALL_BUT;
        } catch (Exception e) {
            OLogManager.instance().error(this, "illegal mode ", e, new Object[0]);
            this.mode = OSecurityRole.ALLOW_MODES.DENY_ALL_BUT;
        }
        OIdentifiable oIdentifiable = (OIdentifiable) this.document.field("inheritedRole");
        this.parentRole = oIdentifiable != null ? this.document.getDatabase().getMetadata().getSecurity().getRole(oIdentifiable) : null;
        boolean z = false;
        Object field = this.document.field("rules");
        if (field instanceof Map) {
            loadOldVersionOfRules((Map) field);
        } else {
            Set<ODocument> set = (Set) field;
            if (set != null) {
                for (ODocument oDocument2 : set) {
                    ORule.ResourceGeneric valueOf = ORule.ResourceGeneric.valueOf((String) oDocument2.field("resourceGeneric"));
                    if (valueOf != null) {
                        this.rules.put(valueOf, new ORule(valueOf, (Map) oDocument2.field("specificResources"), (Byte) oDocument2.field("access")));
                    }
                }
            }
            z = true;
        }
        if (getName().equals("admin") && !hasRule(ORule.ResourceGeneric.BYPASS_RESTRICTED, null)) {
            addRule(ORule.ResourceGeneric.BYPASS_RESTRICTED, (String) null, PERMISSION_ALL).save();
        }
        if (z) {
            updateRolesDocumentContent();
            save();
        }
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    public boolean allow(ORule.ResourceGeneric resourceGeneric, String str, int i) {
        Boolean isAllowed;
        ORule oRule = this.rules.get(resourceGeneric);
        return (oRule == null || (isAllowed = oRule.isAllowed(str, i)) == null) ? this.parentRole != null ? this.parentRole.allow(resourceGeneric, str, i) : this.mode == OSecurityRole.ALLOW_MODES.ALLOW_ALL_BUT : isAllowed.booleanValue();
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    public boolean hasRule(ORule.ResourceGeneric resourceGeneric, String str) {
        ORule oRule = this.rules.get(resourceGeneric);
        if (oRule == null) {
            return false;
        }
        return str == null || oRule.containsSpecificResource(str);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    public ORole addRule(ORule.ResourceGeneric resourceGeneric, String str, int i) {
        ORule oRule = this.rules.get(resourceGeneric);
        if (oRule == null) {
            oRule = new ORule(resourceGeneric, null, null);
            this.rules.put(resourceGeneric, oRule);
        }
        oRule.grantAccess(str, i);
        this.rules.put(resourceGeneric, oRule);
        updateRolesDocumentContent();
        return this;
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    @Deprecated
    public boolean allow(String str, int i) {
        String mapLegacyResourceToSpecificResource = ORule.mapLegacyResourceToSpecificResource(str);
        ORule.ResourceGeneric mapLegacyResourceToGenericResource = ORule.mapLegacyResourceToGenericResource(str);
        return (mapLegacyResourceToSpecificResource == null || mapLegacyResourceToSpecificResource.equals("*")) ? allow(mapLegacyResourceToGenericResource, null, i) : allow(mapLegacyResourceToGenericResource, mapLegacyResourceToSpecificResource, i);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    @Deprecated
    public boolean hasRule(String str) {
        String mapLegacyResourceToSpecificResource = ORule.mapLegacyResourceToSpecificResource(str);
        ORule.ResourceGeneric mapLegacyResourceToGenericResource = ORule.mapLegacyResourceToGenericResource(str);
        return (mapLegacyResourceToSpecificResource == null || mapLegacyResourceToSpecificResource.equals("*")) ? hasRule(mapLegacyResourceToGenericResource, null) : hasRule(mapLegacyResourceToGenericResource, mapLegacyResourceToSpecificResource);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    @Deprecated
    public OSecurityRole addRule(String str, int i) {
        String mapLegacyResourceToSpecificResource = ORule.mapLegacyResourceToSpecificResource(str);
        ORule.ResourceGeneric mapLegacyResourceToGenericResource = ORule.mapLegacyResourceToGenericResource(str);
        return (mapLegacyResourceToSpecificResource == null || mapLegacyResourceToSpecificResource.equals("*")) ? addRule(mapLegacyResourceToGenericResource, (String) null, i) : addRule(mapLegacyResourceToGenericResource, mapLegacyResourceToSpecificResource, i);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    @Deprecated
    public OSecurityRole grant(String str, int i) {
        String mapLegacyResourceToSpecificResource = ORule.mapLegacyResourceToSpecificResource(str);
        ORule.ResourceGeneric mapLegacyResourceToGenericResource = ORule.mapLegacyResourceToGenericResource(str);
        return (mapLegacyResourceToSpecificResource == null || mapLegacyResourceToSpecificResource.equals("*")) ? grant(mapLegacyResourceToGenericResource, (String) null, i) : grant(mapLegacyResourceToGenericResource, mapLegacyResourceToSpecificResource, i);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    @Deprecated
    public OSecurityRole revoke(String str, int i) {
        String mapLegacyResourceToSpecificResource = ORule.mapLegacyResourceToSpecificResource(str);
        ORule.ResourceGeneric mapLegacyResourceToGenericResource = ORule.mapLegacyResourceToGenericResource(str);
        return (mapLegacyResourceToSpecificResource == null || mapLegacyResourceToSpecificResource.equals("*")) ? revoke(mapLegacyResourceToGenericResource, (String) null, i) : revoke(mapLegacyResourceToGenericResource, mapLegacyResourceToSpecificResource, i);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    public ORole grant(ORule.ResourceGeneric resourceGeneric, String str, int i) {
        ORule oRule = this.rules.get(resourceGeneric);
        if (oRule == null) {
            oRule = new ORule(resourceGeneric, null, null);
            this.rules.put(resourceGeneric, oRule);
        }
        oRule.grantAccess(str, i);
        this.rules.put(resourceGeneric, oRule);
        updateRolesDocumentContent();
        return this;
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    public ORole revoke(ORule.ResourceGeneric resourceGeneric, String str, int i) {
        if (i == 0) {
            return this;
        }
        ORule oRule = this.rules.get(resourceGeneric);
        if (oRule == null) {
            oRule = new ORule(resourceGeneric, null, null);
            this.rules.put(resourceGeneric, oRule);
        }
        oRule.revokeAccess(str, i);
        this.rules.put(resourceGeneric, oRule);
        updateRolesDocumentContent();
        return this;
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    public String getName() {
        return (String) this.document.field("name");
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    public OSecurityRole.ALLOW_MODES getMode() {
        return this.mode;
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    public ORole setMode(OSecurityRole.ALLOW_MODES allow_modes) {
        this.mode = allow_modes;
        this.document.field(OSQLFunctionMode.NAME, (Object) Byte.valueOf(this.mode == OSecurityRole.ALLOW_MODES.ALLOW_ALL_BUT ? (byte) 1 : (byte) 0));
        return this;
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    public ORole getParentRole() {
        return this.parentRole;
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    public ORole setParentRole(OSecurityRole oSecurityRole) {
        this.parentRole = (ORole) oSecurityRole;
        this.document.field("inheritedRole", (Object) (this.parentRole != null ? this.parentRole.getDocument() : null));
        return this;
    }

    @Override // com.orientechnologies.orient.core.type.ODocumentWrapper, com.orientechnologies.orient.core.index.OIndexManager
    public ORole save() {
        this.document.save(ORole.class.getSimpleName());
        return this;
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    public Set<ORule> getRuleSet() {
        return new HashSet(this.rules.values());
    }

    @Deprecated
    public Map<String, Byte> getRules() {
        HashMap hashMap = new HashMap();
        for (ORule oRule : this.rules.values()) {
            String mapResourceGenericToLegacyResource = ORule.mapResourceGenericToLegacyResource(oRule.getResourceGeneric());
            if (oRule.getAccess() != null) {
                hashMap.put(mapResourceGenericToLegacyResource, oRule.getAccess());
            }
            for (Map.Entry<String, Byte> entry : oRule.getSpecificResources().entrySet()) {
                hashMap.put(mapResourceGenericToLegacyResource + "." + entry.getKey(), entry.getValue());
            }
        }
        return hashMap;
    }

    @Override // com.orientechnologies.orient.core.type.ODocumentWrapper, com.orientechnologies.orient.core.index.OIndexDefinition
    public String toString() {
        return getName();
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurityRole
    public OIdentifiable getIdentity() {
        return this.document;
    }

    private void loadOldVersionOfRules(Map<String, Number> map) {
        if (map != null) {
            for (Map.Entry<String, Number> entry : map.entrySet()) {
                ORule.ResourceGeneric mapLegacyResourceToGenericResource = ORule.mapLegacyResourceToGenericResource(entry.getKey());
                ORule oRule = this.rules.get(mapLegacyResourceToGenericResource);
                if (oRule == null) {
                    oRule = new ORule(mapLegacyResourceToGenericResource, null, null);
                    this.rules.put(mapLegacyResourceToGenericResource, oRule);
                }
                String mapLegacyResourceToSpecificResource = ORule.mapLegacyResourceToSpecificResource(entry.getKey());
                if (mapLegacyResourceToSpecificResource == null || mapLegacyResourceToSpecificResource.equals("*")) {
                    oRule.grantAccess(null, entry.getValue().intValue());
                } else {
                    oRule.grantAccess(mapLegacyResourceToSpecificResource, entry.getValue().intValue());
                }
            }
        }
    }

    private ODocument updateRolesDocumentContent() {
        return this.document.field("rules", (Object) getRules());
    }
}
