package org.nuxeo.ecm.platform.workflow.document.ejb;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import javax.ejb.Local;
import javax.ejb.Remote;
import javax.ejb.Stateless;
import javax.naming.NamingException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.ClientException;
import org.nuxeo.ecm.core.api.CoreSession;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.DocumentRef;
import org.nuxeo.ecm.core.api.security.ACE;
import org.nuxeo.ecm.core.api.security.ACL;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.core.api.security.UserAccess;
import org.nuxeo.ecm.core.api.security.UserEntry;
import org.nuxeo.ecm.core.api.security.impl.ACLImpl;
import org.nuxeo.ecm.core.api.security.impl.ACPImpl;
import org.nuxeo.ecm.core.api.security.impl.UserEntryImpl;
import org.nuxeo.ecm.platform.workflow.document.api.ejb.delegate.CoreDocumentManagerBusinessDelegate;
import org.nuxeo.ecm.platform.workflow.document.api.ejb.delegate.WorkflowDocumentSecurityPolicyBusinessDelegate;
import org.nuxeo.ecm.platform.workflow.document.api.ejb.local.WorkflowDocumentSecurityLocal;
import org.nuxeo.ecm.platform.workflow.document.api.ejb.remote.WorkflowDocumentSecurityRemote;
import org.nuxeo.ecm.platform.workflow.document.api.security.WorkflowDocumentSecurityException;
import org.nuxeo.ecm.platform.workflow.document.api.security.WorkflowDocumentSecurityManager;
import org.nuxeo.ecm.platform.workflow.document.api.security.policy.WorkflowDocumentSecurityPolicyManager;

@Remote({WorkflowDocumentSecurityRemote.class})
@Stateless
@Local({WorkflowDocumentSecurityLocal.class})
/* loaded from: input_file:org/nuxeo/ecm/platform/workflow/document/ejb/WorkflowDocumentSecurityBean.class */
public class WorkflowDocumentSecurityBean implements WorkflowDocumentSecurityManager {
    private static final long serialVersionUID = 4800384487274281699L;
    private static final Log log = LogFactory.getLog(WorkflowDocumentSecurityBean.class);
    protected String repositoryUri;
    protected final CoreDocumentManagerBusinessDelegate documentManagerBusinessDelegate;
    protected final WorkflowDocumentSecurityPolicyBusinessDelegate wDocRightsPolicyBusinessDelegate;
    protected transient CoreSession documentManager;

    public WorkflowDocumentSecurityBean() {
        this.documentManagerBusinessDelegate = new CoreDocumentManagerBusinessDelegate();
        this.wDocRightsPolicyBusinessDelegate = new WorkflowDocumentSecurityPolicyBusinessDelegate();
    }

    public WorkflowDocumentSecurityBean(String str) {
        this();
        this.repositoryUri = str;
    }

    @PostConstruct
    public void postConstruct() {
        try {
            this.documentManager = getDocumentManager();
        } catch (ClientException e) {
            log.error(e);
        } catch (NamingException e2) {
            log.error(e2);
        }
    }

    @PreDestroy
    public void preDestroy() {
        try {
            this.documentManager.disconnect();
        } catch (ClientException e) {
            log.error(e);
        }
    }

    protected CoreSession getDocumentManager() throws NamingException, ClientException {
        if (this.documentManager == null) {
            this.documentManager = this.documentManagerBusinessDelegate.getDocumentManager(this.repositoryUri, (Map) null);
        }
        return this.documentManager;
    }

    protected WorkflowDocumentSecurityPolicyManager getWorkflowDocumentRightsPolicy() throws Exception {
        return this.wDocRightsPolicyBusinessDelegate.getWorkflowDocumentRightsPolicyManager();
    }

    public void unlockDocument(DocumentRef documentRef) throws ClientException {
        try {
            this.documentManager = getDocumentManager();
            if (documentRef != null) {
                this.documentManager.unlock(documentRef);
                this.documentManager.save();
                log.debug("Document has been unlocked.... docRef=" + documentRef);
            }
        } catch (NamingException e) {
            throw new ClientException(e.getMessage());
        }
    }

    public DocumentModel getDocumentModelFor(DocumentRef documentRef) throws ClientException {
        try {
            return getDocumentManager().getDocument(documentRef);
        } catch (NamingException e) {
            throw new ClientException(e);
        }
    }

    public String getRepositoryUri() {
        return this.repositoryUri;
    }

    public void setRepositoryUri(String str) {
        this.repositoryUri = str;
    }

    protected ACP getACP(DocumentRef documentRef) throws ClientException {
        try {
            return getDocumentManager().getACP(documentRef);
        } catch (NamingException e) {
            throw new ClientException(e);
        }
    }

    public ACL getACL(DocumentRef documentRef, String str) throws WorkflowDocumentSecurityException {
        try {
            ACP acp = getACP(documentRef);
            String aCLNameFor = getACLNameFor(str);
            ACL acl = null;
            if (acp != null) {
                acl = acp.getACL(aCLNameFor);
            }
            return acl;
        } catch (ClientException e) {
            throw new WorkflowDocumentSecurityException(e);
        }
    }

    public String getACLNameFor(String str) {
        return "workflow_" + str;
    }

    public void grantPrincipal(DocumentRef documentRef, String str, String str2, String str3) throws WorkflowDocumentSecurityException {
        if (str == null) {
            throw new WorkflowDocumentSecurityException("Principal name cannot be null");
        }
        try {
            ACPImpl acp = getACP(documentRef);
            if (acp == null) {
                acp = new ACPImpl();
            }
            UserEntryImpl userEntryImpl = new UserEntryImpl(str);
            userEntryImpl.addPrivilege(str2, true, false);
            ArrayList arrayList = new ArrayList();
            arrayList.add(userEntryImpl);
            acp.setRules(getACLNameFor(str3), (UserEntry[]) arrayList.toArray(new UserEntry[arrayList.size()]));
            try {
                CoreSession documentManager = getDocumentManager();
                documentManager.setACP(documentRef, acp, true);
                documentManager.save();
                log.debug("Modify acp, granting : " + str);
            } catch (SecurityException e) {
                throw new WorkflowDocumentSecurityException(e);
            } catch (NamingException e2) {
                throw new WorkflowDocumentSecurityException(e2);
            } catch (ClientException e3) {
                throw new WorkflowDocumentSecurityException(e3);
            }
        } catch (ClientException e4) {
            throw new WorkflowDocumentSecurityException(e4);
        }
    }

    public void denyPrincipal(DocumentRef documentRef, String str, String str2, String str3) throws WorkflowDocumentSecurityException {
        ACL acl;
        if (str == null) {
            throw new WorkflowDocumentSecurityException("Principal name cannot be null");
        }
        try {
            ACP acp = getACP(documentRef);
            if (acp == null || (acl = getACL(documentRef, str3)) == null) {
                return;
            }
            boolean z = false;
            for (ACE ace : acl.getACEs()) {
                if (ace.getUsername().equals(str) && ace.getPermission().equals("WriteLifeCycle")) {
                    log.debug("ACE removal.......");
                    acl.remove(ace);
                    z = true;
                }
            }
            if (z) {
                acp.addACL(0, acl);
                try {
                    CoreSession documentManager = getDocumentManager();
                    documentManager.setACP(documentRef, acp, true);
                    documentManager.save();
                    log.debug("participantName=" + str);
                } catch (ClientException e) {
                    throw new WorkflowDocumentSecurityException(e);
                } catch (SecurityException e2) {
                    throw new WorkflowDocumentSecurityException(e2);
                } catch (NamingException e3) {
                    throw new WorkflowDocumentSecurityException(e3);
                }
            }
        } catch (ClientException e4) {
            throw new WorkflowDocumentSecurityException(e4);
        }
    }

    public void removeACL(DocumentRef documentRef, String str) throws WorkflowDocumentSecurityException {
        ACL acl = getACL(documentRef, str);
        if (acl != null) {
            try {
                ACP acp = getACP(documentRef);
                acp.removeACL(acl.getName());
                CoreSession documentManager = getDocumentManager();
                documentManager.setACP(documentRef, acp, true);
                documentManager.save();
                log.debug("Removing wf acp.");
            } catch (ClientException e) {
                throw new WorkflowDocumentSecurityException(e);
            } catch (NamingException e2) {
                throw new WorkflowDocumentSecurityException(e2);
            }
        }
    }

    public void setRules(DocumentRef documentRef, List<UserEntry> list, String str) throws WorkflowDocumentSecurityException {
        removeACL(documentRef, str);
        try {
            ACPImpl acp = getACP(documentRef);
            if (acp == null) {
                acp = new ACPImpl();
            }
            ACL acl = acp.getACL(getACLNameFor(str));
            if (acl == null) {
                acl = new ACLImpl(getACLNameFor(str));
                acp.addACL(0, acl);
            }
            for (UserEntry userEntry : list) {
                for (String str2 : userEntry.getPermissions()) {
                    UserAccess access = userEntry.getAccess(str2);
                    if (!access.isReadOnly()) {
                        acl.add(new ACE(userEntry.getUserName(), str2, access.isGranted()));
                    }
                }
            }
            try {
                CoreSession documentManager = getDocumentManager();
                documentManager.setACP(documentRef, acp, true);
                documentManager.save();
                log.debug("Saving wf acp.");
            } catch (SecurityException e) {
                throw new WorkflowDocumentSecurityException(e);
            } catch (ClientException e2) {
                throw new WorkflowDocumentSecurityException(e2);
            } catch (NamingException e3) {
                throw new WorkflowDocumentSecurityException(e3);
            }
        } catch (ClientException e4) {
            throw new WorkflowDocumentSecurityException(e4);
        }
    }
}
