package com.hypersocket.permissions;

import com.hypersocket.attributes.role.RoleAttributeRepository;
import com.hypersocket.attributes.role.RoleAttributeService;
import com.hypersocket.auth.AuthenticatedServiceImpl;
import com.hypersocket.auth.AuthenticationPermission;
import com.hypersocket.auth.InvalidAuthenticationContext;
import com.hypersocket.cache.CacheService;
import com.hypersocket.events.EventService;
import com.hypersocket.events.SystemEvent;
import com.hypersocket.i18n.I18N;
import com.hypersocket.properties.EntityResourcePropertyStore;
import com.hypersocket.properties.PropertyCategory;
import com.hypersocket.properties.PropertyFilter;
import com.hypersocket.properties.PropertyTemplate;
import com.hypersocket.properties.ResourceUtils;
import com.hypersocket.realm.PasswordPermission;
import com.hypersocket.realm.Principal;
import com.hypersocket.realm.PrincipalType;
import com.hypersocket.realm.ProfilePermission;
import com.hypersocket.realm.Realm;
import com.hypersocket.realm.RealmAdapter;
import com.hypersocket.realm.RealmService;
import com.hypersocket.realm.RolePermission;
import com.hypersocket.realm.events.GroupEvent;
import com.hypersocket.realm.events.UserEvent;
import com.hypersocket.resource.AbstractAssignableResourceRepository;
import com.hypersocket.resource.AssignableResource;
import com.hypersocket.resource.ResourceChangeException;
import com.hypersocket.resource.ResourceCreationException;
import com.hypersocket.resource.ResourceException;
import com.hypersocket.resource.ResourceNotFoundException;
import com.hypersocket.resource.SimpleResource;
import com.hypersocket.resource.TransactionAdapter;
import com.hypersocket.role.events.RoleCreatedEvent;
import com.hypersocket.role.events.RoleDeletedEvent;
import com.hypersocket.role.events.RoleEvent;
import com.hypersocket.role.events.RoleUpdatedEvent;
import com.hypersocket.tables.ColumnSort;
import com.hypersocket.transactions.TransactionService;
import com.hypersocket.util.ProxiedIterator;
import com.hypersocket.utils.HypersocketUtils;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.cache.Cache;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.Predicate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.ApplicationListener;
import org.springframework.stereotype.Service;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.TransactionStatus;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.transaction.support.TransactionCallback;
import org.springframework.transaction.support.TransactionCallbackWithoutResult;
import org.springframework.transaction.support.TransactionTemplate;

@Service
/* loaded from: input_file:com/hypersocket/permissions/PermissionServiceImpl.class */
public class PermissionServiceImpl extends AuthenticatedServiceImpl implements PermissionService, ApplicationListener<SystemEvent> {
    private static final boolean CACHE_PERMISSIONS = "true".equals(System.getProperty("hypersocket.cachePermissions", "true"));
    static Logger log = LoggerFactory.getLogger(PermissionServiceImpl.class);

    @Autowired
    private PermissionRepository repository;

    @Autowired
    private RealmService realmService;

    @Autowired
    @Qualifier("transactionManager")
    protected PlatformTransactionManager txManager;

    @Autowired
    private EventService eventService;
    private Cache<Object, Set> permissionsCache;
    private Cache<Object, Set> roleCache;

    @Autowired
    private TransactionService transactionService;

    @Autowired
    private CacheService cacheService;

    @Autowired
    private RoleAttributeService attributeService;

    @Autowired
    private RoleAttributeRepository attributeRepository;
    private Set<Long> registerPermissionIds = new HashSet();
    private Set<Long> nonSystemPermissionIds = new HashSet();
    private Map<String, PermissionType> registeredPermissions = new HashMap();
    private Map<Class<? extends AssignableResource>, AbstractAssignableResourceRepository<?>> repositories = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/hypersocket/permissions/PermissionServiceImpl$EntityMatch.class */
    public interface EntityMatch<T> {
        boolean validate(T t);
    }

    /* loaded from: input_file:com/hypersocket/permissions/PermissionServiceImpl$RecursivePrincipalIterator.class */
    public class RecursivePrincipalIterator extends ProxiedIterator<Principal> {
        private final Iterator<Principal> principals;
        Iterator<Principal> groupIterator;

        public RecursivePrincipalIterator(Iterator<Principal> it) {
            this.principals = it;
        }

        Iterator<Principal> iterateGroups(Principal principal) {
            return new RecursivePrincipalIterator(PermissionServiceImpl.this.realmService.getAssociatedPrincipals(principal).iterator());
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.hypersocket.util.ProxiedIterator
        public Principal checkNext(Principal principal) {
            if (principal == null) {
                boolean z = false;
                while (z) {
                    z = false;
                    if (this.groupIterator != null) {
                        if (this.groupIterator.hasNext()) {
                            principal = this.groupIterator.next();
                        } else {
                            this.groupIterator = null;
                        }
                    }
                    while (true) {
                        if (principal == null && this.principals.hasNext()) {
                            Principal next = this.principals.next();
                            if (next.getType() == PrincipalType.USER) {
                                principal = next;
                                break;
                            }
                            if (next.getType() == PrincipalType.GROUP) {
                                this.groupIterator = iterateGroups(next);
                                z = true;
                                break;
                            }
                        }
                    }
                }
            }
            return principal;
        }
    }

    @PostConstruct
    private void postConstruct() {
        new TransactionTemplate(this.txManager).execute(new TransactionCallbackWithoutResult() { // from class: com.hypersocket.permissions.PermissionServiceImpl.1
            protected void doInTransactionWithoutResult(TransactionStatus transactionStatus) {
                PermissionCategory registerPermissionCategory = PermissionServiceImpl.this.registerPermissionCategory(PermissionService.RESOURCE_BUNDLE, "category.permissions");
                PermissionServiceImpl.this.registerPermission(SystemPermission.SYSTEM_ADMINISTRATION, registerPermissionCategory);
                PermissionServiceImpl.this.registerPermission(SystemPermission.SYSTEM, registerPermissionCategory);
                PermissionServiceImpl.this.registerPermission(SystemPermission.SWITCH_REALM, registerPermissionCategory);
            }
        });
        this.permissionsCache = this.cacheService.getCacheOrCreate("permissionsCache", Object.class, Set.class);
        this.roleCache = this.cacheService.getCacheOrCreate("roleCache", Object.class, Set.class);
        this.realmService.registerRealmListener(new RealmAdapter() { // from class: com.hypersocket.permissions.PermissionServiceImpl.2
            @Override // com.hypersocket.realm.RealmAdapter, com.hypersocket.realm.RealmListener
            public boolean hasCreatedDefaultResources(Realm realm) {
                return PermissionServiceImpl.this.repository.getRoleByName(PermissionService.ROLE_REALM_ADMINISTRATOR, realm) != null;
            }

            @Override // com.hypersocket.realm.RealmAdapter, com.hypersocket.realm.RealmListener
            public void onCreateRealm(Realm realm) throws ResourceException {
                if (PermissionServiceImpl.log.isInfoEnabled()) {
                    PermissionServiceImpl.log.info("Creating Administrator role for realm " + realm.getName());
                }
                PermissionServiceImpl.this.repository.createRole(PermissionService.ROLE_REALM_ADMINISTRATOR, realm, false, false, true, true, RoleType.BUILTIN);
                if (PermissionServiceImpl.log.isInfoEnabled()) {
                    PermissionServiceImpl.log.info("Creating Everyone role for realm " + realm.getName());
                }
                HashSet hashSet = new HashSet();
                hashSet.add(PermissionServiceImpl.this.getPermission(AuthenticationPermission.LOGON.getResourceKey()));
                hashSet.add(PermissionServiceImpl.this.getPermission(ProfilePermission.READ.getResourceKey()));
                hashSet.add(PermissionServiceImpl.this.getPermission(ProfilePermission.UPDATE.getResourceKey()));
                hashSet.add(PermissionServiceImpl.this.getPermission(PasswordPermission.CHANGE.getResourceKey()));
                PermissionServiceImpl.this.repository.createRole(PermissionService.ROLE_EVERYONE, realm, false, true, false, true, hashSet, new HashMap(), RoleType.BUILTIN);
            }

            @Override // com.hypersocket.realm.RealmAdapter, com.hypersocket.realm.RealmListener
            public Integer getWeight() {
                return Integer.MIN_VALUE;
            }
        });
        this.eventService.registerEvent(RoleEvent.class, PermissionService.RESOURCE_BUNDLE);
        this.eventService.registerEvent(RoleCreatedEvent.class, PermissionService.RESOURCE_BUNDLE);
        this.eventService.registerEvent(RoleUpdatedEvent.class, PermissionService.RESOURCE_BUNDLE);
        this.eventService.registerEvent(RoleDeletedEvent.class, PermissionService.RESOURCE_BUNDLE);
        EntityResourcePropertyStore.registerResourceService(Role.class, this.repository);
        this.repository.loadPropertyTemplates("roleTemplate.xml");
    }

    @Override // com.hypersocket.permissions.PermissionService
    public void registerAssignableRepository(Class<? extends AssignableResource> cls, AbstractAssignableResourceRepository<?> abstractAssignableResourceRepository) {
        this.repositories.put(cls, abstractAssignableResourceRepository);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public PermissionCategory registerPermissionCategory(String str, String str2) {
        PermissionCategory categoryByKey = this.repository.getCategoryByKey(str, str2);
        if (categoryByKey == null) {
            categoryByKey = this.repository.createCategory(str, str2);
        }
        return categoryByKey;
    }

    @Override // com.hypersocket.auth.AuthenticatedServiceImpl
    protected Set<Role> getCurrentRoles() {
        return getPrincipalRoles(getCurrentPrincipal());
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Permission registerPermission(PermissionType permissionType, PermissionCategory permissionCategory) {
        this.registeredPermissions.put(permissionType.getResourceKey(), permissionType);
        return registerPermission(permissionType.getResourceKey(), permissionType.isSystem(), permissionCategory, permissionType.isHidden());
    }

    protected Permission registerPermission(String str, boolean z, PermissionCategory permissionCategory, boolean z2) {
        Permission updatePermission;
        if (this.repository.getPermissionByResourceKey(str) == null) {
            this.repository.createPermission(str, z, permissionCategory, z2);
            updatePermission = this.repository.getPermissionByResourceKey(str);
        } else {
            updatePermission = this.repository.updatePermission(str, z, permissionCategory, z2);
        }
        this.registerPermissionIds.add(updatePermission.getId());
        if (!z) {
            this.nonSystemPermissionIds.add(updatePermission.getId());
        }
        return updatePermission;
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Role createRole(String str, Realm realm, RoleType roleType) throws AccessDeniedException, ResourceException {
        assertPermission(RolePermission.CREATE);
        try {
            getRole(str, realm);
            throw new ResourceCreationException(PermissionService.RESOURCE_BUNDLE, "error.role.alreadyExists", str);
        } catch (ResourceNotFoundException e) {
            return createRole(str, realm, Collections.emptyList(), Collections.emptyList(), null, null, false, false, roleType, false, false, false);
        }
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Role createRole(String str, Realm realm, List<Principal> list, List<Permission> list2, List<Realm> list3, Map<String, String> map, RoleType roleType, boolean z, boolean z2, boolean z3) throws AccessDeniedException, ResourceException {
        return createRole(str, realm, list, list2, list3, map, false, false, roleType, z, z2, z3);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Role createRole(String str, Realm realm, List<Principal> list, List<Permission> list2, List<Realm> list3, Map<String, String> map, boolean z, boolean z2, RoleType roleType, boolean z3, boolean z4, boolean z5) throws AccessDeniedException, ResourceException {
        assertPermission(RolePermission.CREATE);
        try {
            getRole(str, realm);
            throw new ResourceCreationException(PermissionService.RESOURCE_BUNDLE, "error.role.alreadyExists", str);
        } catch (ResourceNotFoundException e) {
            try {
                Role role = new Role();
                role.setName(str);
                role.setRealm(realm);
                role.getPermissionRealms().addAll(list3);
                role.setAllPermissions(z4);
                role.setAllUsers(z3);
                role.setAllRealms(z5);
                role.setPersonalRole(Boolean.valueOf(z));
                role.setSystem(z2);
                role.setType(roleType);
                this.repository.saveRole(role, realm, (Principal[]) list.toArray(new Principal[0]), list2, map, new TransactionAdapter<Role>() { // from class: com.hypersocket.permissions.PermissionServiceImpl.3
                    public void afterOperation(Role role2, Map<String, String> map2) {
                        PermissionServiceImpl.this.saveRoleAttributes(role2, map2);
                    }

                    @Override // com.hypersocket.resource.TransactionAdapter, com.hypersocket.resource.TransactionOperation
                    public /* bridge */ /* synthetic */ void afterOperation(Object obj, Map map2) throws ResourceException {
                        afterOperation((Role) obj, (Map<String, String>) map2);
                    }
                });
                synchronized (this.permissionsCache) {
                    this.permissionsCache.removeAll();
                    this.roleCache.removeAll();
                    this.eventService.publishEvent(new RoleCreatedEvent(this, getCurrentSession(), realm, role, list));
                    return role;
                }
            } catch (Throwable th) {
                this.eventService.publishEvent(new RoleCreatedEvent(this, str, th, getCurrentSession(), realm));
                throw new ResourceCreationException(th, PermissionService.RESOURCE_BUNDLE, "error.resourceCreateError", th.getMessage());
            }
        }
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Permission getPermission(String str) {
        return this.repository.getPermissionByResourceKey(str);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public List<Permission> getPermissions(String... strArr) {
        return this.repository.getPermissionsByResourceKeys(strArr);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public void assignRole(Role role, Principal principal) throws AccessDeniedException {
        assertAnyPermission(PermissionStrategy.INCLUDE_IMPLIED, RolePermission.CREATE, RolePermission.UPDATE);
        try {
            if (role.isPersonalRole()) {
                throw new AccessDeniedException("You cannot assign a personal role to any principal");
            }
            this.repository.assignRole(role, principal);
            synchronized (this.permissionsCache) {
                this.permissionsCache.removeAll();
                this.roleCache.removeAll();
            }
            this.eventService.publishEvent(new RoleUpdatedEvent(this, getCurrentSession(), role.getRealm(), role, Arrays.asList(principal), new ArrayList()));
        } catch (Throwable th) {
            this.eventService.publishEvent(new RoleUpdatedEvent(this, role.getName(), th, getCurrentSession(), role.getRealm()));
            throw th;
        }
    }

    @Override // com.hypersocket.permissions.PermissionService
    public void assignRole(Role role, Principal... principalArr) throws AccessDeniedException {
        assertAnyPermission(PermissionStrategy.INCLUDE_IMPLIED, RolePermission.CREATE, RolePermission.UPDATE);
        try {
            if (role.isPersonalRole()) {
                throw new AccessDeniedException("You cannot assign a personal role to any principal");
            }
            this.repository.assignRole(role, principalArr);
            synchronized (this.permissionsCache) {
                this.permissionsCache.removeAll();
                this.roleCache.removeAll();
            }
            this.eventService.publishEvent(new RoleUpdatedEvent(this, getCurrentSession(), role.getRealm(), role, Arrays.asList(principalArr), new ArrayList()));
        } catch (Throwable th) {
            this.eventService.publishEvent(new RoleUpdatedEvent(this, role.getName(), th, getCurrentSession(), role.getRealm()));
            throw th;
        }
    }

    @Override // com.hypersocket.permissions.PermissionService
    public void unassignRole(Role role, Principal principal) throws AccessDeniedException, ResourceException {
        assertAnyPermission(PermissionStrategy.INCLUDE_IMPLIED, RolePermission.UPDATE, RolePermission.UPDATE);
        try {
            checkSystemAdministratorAssignments(role);
            if (role.isPersonalRole()) {
                throw new AccessDeniedException("You cannot unassign a personal role from any principal");
            }
            this.repository.unassignRole(role, principal);
            synchronized (this.permissionsCache) {
                this.permissionsCache.removeAll();
                this.roleCache.removeAll();
            }
            this.eventService.publishEvent(new RoleUpdatedEvent(this, getCurrentSession(), role.getRealm(), role, new ArrayList(), Arrays.asList(principal)));
        } catch (Throwable th) {
            this.eventService.publishEvent(new RoleUpdatedEvent(this, role.getName(), th, getCurrentSession(), role.getRealm()));
            throw th;
        }
    }

    private void checkSystemAdministratorAssignments(Role role) throws ResourceException, AccessDeniedException {
        if (role.getName().equals(PermissionService.ROLE_SYSTEM_ADMINISTRATOR) && !iteratePrincipalsByRole(this.realmService.getSystemRealm(), role).hasNext()) {
            throw new ResourceChangeException(PermissionService.RESOURCE_BUNDLE, "error.sysAdminRequired", new Object[0]);
        }
    }

    @Override // com.hypersocket.permissions.PermissionService
    public void unassignRole(Role role, Principal... principalArr) throws AccessDeniedException, ResourceException {
        assertAnyPermission(PermissionStrategy.INCLUDE_IMPLIED, RolePermission.UPDATE, RolePermission.UPDATE);
        try {
            checkSystemAdministratorAssignments(role);
            if (role.isPersonalRole()) {
                throw new AccessDeniedException("You cannot unassign a personal role from any principal");
            }
            this.repository.unassignRole(role, principalArr);
            synchronized (this.permissionsCache) {
                this.permissionsCache.removeAll();
                this.roleCache.removeAll();
            }
            this.eventService.publishEvent(new RoleUpdatedEvent(this, getCurrentSession(), role.getRealm(), role, new ArrayList(), Arrays.asList(principalArr)));
        } catch (Throwable th) {
            this.eventService.publishEvent(new RoleUpdatedEvent(this, role.getName(), th, getCurrentSession(), role.getRealm()));
            throw th;
        }
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Set<Permission> getPrincipalPermissions(Principal principal) {
        return getPrincipalPermissions(getCurrentRealm(), principal);
    }

    /* JADX WARN: Code restructure failed: missing block: B:21:0x008e, code lost:
    
        if (r0 == null) goto L27;
     */
    /* JADX WARN: Code restructure failed: missing block: B:9:0x0049, code lost:
    
        if (r0 == null) goto L10;
     */
    @Override // com.hypersocket.permissions.PermissionService
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.util.Set<com.hypersocket.permissions.Permission> getPrincipalPermissions(com.hypersocket.realm.Realm r8, com.hypersocket.realm.Principal r9) {
        /*
            Method dump skipped, instructions count: 646
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.hypersocket.permissions.PermissionServiceImpl.getPrincipalPermissions(com.hypersocket.realm.Realm, com.hypersocket.realm.Principal):java.util.Set");
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Set<Role> getPrincipalRolesForRealm(Principal principal, Realm realm) {
        Set<Role> set;
        synchronized (this.roleCache) {
            String format = String.format("%d:::%d", principal.getId(), realm.getId());
            if (!this.roleCache.containsKey(format)) {
                this.roleCache.put(format, this.repository.getPrincipalRolesForRealm(this.realmService.getAssociatedPrincipals(principal), realm));
            }
            set = (Set) this.roleCache.get(format);
        }
        return set;
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Set<Role> getPrincipalRoles(Principal principal) {
        synchronized (this.roleCache) {
            if (!this.roleCache.containsKey(principal)) {
                this.roleCache.put(principal, this.repository.getRolesForPrincipal(this.realmService.getAssociatedPrincipals(principal)));
            }
        }
        return (Set) this.roleCache.get(principal);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Set<Role> getPrincipalNonPersonalRoles(Principal principal) {
        Set<Role> principalRoles = getPrincipalRoles(principal);
        CollectionUtils.filter(principalRoles, new Predicate() { // from class: com.hypersocket.permissions.PermissionServiceImpl.4
            public boolean evaluate(Object obj) {
                return !((Role) obj).isPersonalRole();
            }
        });
        return principalRoles;
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Set<Role> getPrincipalNonPersonalNonAllUserRoles(Principal principal) {
        Set<Role> principalRoles = getPrincipalRoles(principal);
        CollectionUtils.filter(principalRoles, new Predicate() { // from class: com.hypersocket.permissions.PermissionServiceImpl.5
            public boolean evaluate(Object obj) {
                Role role = (Role) obj;
                return (role.isPersonalRole() || role.isAllUsers()) ? false : true;
            }
        });
        return principalRoles;
    }

    private void recurseImpliedPermissions(PermissionType permissionType, Set<PermissionType> set) {
        if (permissionType == null || set.contains(permissionType)) {
            return;
        }
        set.add(permissionType);
        if (permissionType.impliesPermissions() != null) {
            for (PermissionType permissionType2 : permissionType.impliesPermissions()) {
                recurseImpliedPermissions(permissionType2, set);
            }
        }
    }

    protected void verifyPermission(Principal principal, PermissionStrategy permissionStrategy, Set<Permission> set, PermissionType... permissionTypeArr) throws AccessDeniedException {
        Locale locale;
        if (principal == null) {
            throw new AccessDeniedException();
        }
        if (hasAuthenticatedContext() && principal.equals(getCurrentPrincipal()) && hasElevatedPermissions()) {
            Iterator<PermissionType> it = getElevatedPermissions().iterator();
            while (it.hasNext()) {
                set.add(getPermission(it.next().getResourceKey()));
            }
        }
        if (hasSystemPrincipal(set)) {
            return;
        }
        HashSet hashSet = new HashSet();
        for (Permission permission : set) {
            if (this.registeredPermissions.containsKey(permission.getResourceKey())) {
                switch (permissionStrategy) {
                    case INCLUDE_IMPLIED:
                        recurseImpliedPermissions(this.registeredPermissions.get(permission.getResourceKey()), hashSet);
                        break;
                    case EXCLUDE_IMPLIED:
                        hashSet.add(this.registeredPermissions.get(permission.getResourceKey()));
                        break;
                }
            }
        }
        for (PermissionType permissionType : permissionTypeArr) {
            if (hashSet.contains(permissionType)) {
                return;
            }
        }
        try {
            locale = getCurrentLocale();
        } catch (InvalidAuthenticationContext e) {
            locale = Locale.getDefault();
        }
        throw new AccessDeniedException(I18N.getResource(locale, PermissionService.RESOURCE_BUNDLE, "error.accessDenied", debugPermissionState(principal, set, hashSet, permissionTypeArr)));
    }

    private String debugPermissionState(Principal principal, Set<Permission> set, Set<PermissionType> set2, PermissionType... permissionTypeArr) {
        StringBuilder sb = new StringBuilder();
        sb.append(String.format("This permission failure involved the principal %s (of type %s). The current principal is %s (of type %s)\n", principal.getPrincipalName(), principal.getType(), getCurrentPrincipal().getPrincipalName(), getCurrentPrincipal().getType()));
        sb.append("The permissions required were (* means have, ! means missing) :-\n");
        for (PermissionType permissionType : permissionTypeArr) {
            Object[] objArr = new Object[3];
            objArr[0] = set2.contains(permissionType) ? "*" : "!";
            objArr[1] = permissionType.getResourceKey();
            objArr[2] = permissionType.getClass().getName();
            sb.append(String.format("  %sResource Key: %s, Class: %s\n", objArr));
        }
        sb.append("The primary permissions discovered were :-\n");
        for (Permission permission : set) {
            sb.append(String.format("   Id: %d, Resource Key: %s, Category: %s", permission.getId(), permission.getResourceKey(), permission.getCategory()));
        }
        if (!set2.isEmpty()) {
            sb.append("The derived permissions discovered were :-\n");
            for (PermissionType permissionType2 : set2) {
                sb.append(String.format("  Resource Key: %s, Class: %s\n", permissionType2.getResourceKey(), permissionType2.getClass().getName()));
            }
        }
        return sb.toString();
    }

    @Override // com.hypersocket.auth.AuthenticatedServiceImpl
    @Transactional
    public void verifyPermission(Principal principal, PermissionStrategy permissionStrategy, PermissionType... permissionTypeArr) throws AccessDeniedException {
        if (principal == null) {
            if (log.isInfoEnabled()) {
                log.info("Denying permission because principal is null");
            }
            throw new AccessDeniedException();
        }
        if (hasSystemPermission(principal)) {
            return;
        }
        verifyPermission(principal, permissionStrategy, getPrincipalPermissions(principal), permissionTypeArr);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public void verifyPermission(Realm realm, Principal principal, PermissionStrategy permissionStrategy, PermissionType... permissionTypeArr) throws AccessDeniedException {
        if (principal == null) {
            if (log.isInfoEnabled()) {
                log.info("Denying permission because principal is null");
            }
            throw new AccessDeniedException();
        }
        if (hasSystemPermission(principal)) {
            return;
        }
        verifyPermission(principal, permissionStrategy, getPrincipalPermissions(realm, principal), permissionTypeArr);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public boolean hasSystemPermission(Principal principal) {
        if (principal.getType() == PrincipalType.SYSTEM) {
            return true;
        }
        Set<Permission> principalPermissions = getPrincipalPermissions(principal.getRealm(), principal);
        if (hasAuthenticatedContext() && principal.equals(getCurrentPrincipal()) && hasElevatedPermissions()) {
            Iterator<PermissionType> it = getElevatedPermissions().iterator();
            while (it.hasNext()) {
                principalPermissions.add(getPermission(it.next().getResourceKey()));
            }
        }
        return hasSystemPrincipal(principalPermissions);
    }

    @Override // com.hypersocket.auth.AuthenticatedServiceImpl
    public boolean hasAdministrativePermission(Principal principal) {
        if (hasSystemPermission(principal)) {
            return true;
        }
        for (Role role : getPrincipalRoles(principal)) {
            if (role.getPermissionRealms().contains(getCurrentRealm(principal)) && role.isAllPermissions()) {
                return true;
            }
        }
        return false;
    }

    @Override // com.hypersocket.permissions.PermissionService
    public boolean hasPermission(Principal principal, Permission permission) {
        Iterator<Permission> it = getPrincipalPermissions(principal).iterator();
        while (it.hasNext()) {
            if (it.next().getResourceKey().equals(permission.getResourceKey())) {
                return true;
            }
        }
        return false;
    }

    @Override // com.hypersocket.permissions.PermissionService
    public boolean hasAllPermissions(Principal principal, Permission... permissionArr) {
        Set<Permission> principalPermissions = getPrincipalPermissions(principal);
        for (final Permission permission : permissionArr) {
            if (CollectionUtils.find(principalPermissions, new Predicate() { // from class: com.hypersocket.permissions.PermissionServiceImpl.6
                public boolean evaluate(Object obj) {
                    return permission.getResourceKey().equals(((Permission) obj).getResourceKey());
                }
            }) == null) {
                return false;
            }
        }
        return true;
    }

    @Override // com.hypersocket.permissions.PermissionService
    public boolean hasAnyPermission(Principal principal, Permission... permissionArr) {
        Set<Permission> principalPermissions = getPrincipalPermissions(principal);
        for (final Permission permission : permissionArr) {
            if (CollectionUtils.find(principalPermissions, new Predicate() { // from class: com.hypersocket.permissions.PermissionServiceImpl.7
                public boolean evaluate(Object obj) {
                    return permission.getResourceKey().equals(((Permission) obj).getResourceKey());
                }
            }) != null) {
                return true;
            }
        }
        return false;
    }

    protected boolean hasSystemPrincipal(Set<Permission> set) {
        for (Permission permission : set) {
            if (permission.getResourceKey().equals(SystemPermission.SYSTEM.getResourceKey()) || permission.getResourceKey().equals(SystemPermission.SYSTEM_ADMINISTRATION.getResourceKey())) {
                return true;
            }
        }
        return false;
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Role getRole(String str, Realm realm) throws ResourceNotFoundException {
        Role roleByName = this.repository.getRoleByName(str, realm);
        if (roleByName == null) {
            throw new ResourceNotFoundException(PermissionService.RESOURCE_BUNDLE, "error.role.notFound", str);
        }
        return roleByName;
    }

    @Override // com.hypersocket.permissions.PermissionService
    public void deleteRole(Role role) throws AccessDeniedException, ResourceException {
        deleteRole(role, true);
    }

    protected void deleteRole(Role role, boolean z) throws AccessDeniedException, ResourceException {
        assertPermission(RolePermission.DELETE);
        try {
            for (AbstractAssignableResourceRepository<?> abstractAssignableResourceRepository : this.repositories.values()) {
                if (abstractAssignableResourceRepository.getResourceByRoleCount(role.getRealm(), role) > 0) {
                    abstractAssignableResourceRepository.removeAssignments(role);
                }
            }
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(role.getPrincipals());
            role.getPrincipals().clear();
            role.getPermissions().clear();
            this.repository.saveRole(role);
            this.repository.deleteRole(role);
            synchronized (this.permissionsCache) {
                this.permissionsCache.removeAll();
                this.roleCache.removeAll();
            }
            if (z) {
                this.eventService.publishEvent(new RoleDeletedEvent(this, getCurrentSession(), role.getRealm(), role, arrayList));
            }
        } catch (Throwable th) {
            if (z) {
                this.eventService.publishEvent(new RoleDeletedEvent(this, role.getName(), th, getCurrentSession(), role.getRealm()));
            }
            throw new ResourceChangeException(th, PermissionService.RESOURCE_BUNDLE, "error.resourceDeleteError", th.getMessage());
        }
    }

    @Override // com.hypersocket.permissions.PermissionService
    public List<Role> allRoles(Realm realm) throws AccessDeniedException {
        assertAnyPermission(RolePermission.READ);
        return this.repository.getRolesForRealm(realm);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public List<Permission> allPermissions() {
        return this.repository.getAllPermissions(this.registerPermissionIds, getCurrentRealm().isSystem());
    }

    private <T> Set<T> getEntitiesNotIn(Collection<T> collection, Collection<T> collection2, EntityMatch<T> entityMatch) {
        HashSet hashSet = new HashSet();
        for (T t : collection2) {
            if (!collection.contains(t) && (entityMatch == null || entityMatch.validate(t))) {
                hashSet.add(t);
            }
        }
        return hashSet;
    }

    @Override // com.hypersocket.permissions.PermissionService
    public void grantPermission(Role role, Permission permission) throws AccessDeniedException, ResourceException {
        assertPermission(RolePermission.UPDATE);
        try {
            this.repository.grantPermission(role, permission);
            synchronized (this.permissionsCache) {
                this.permissionsCache.removeAll();
                this.roleCache.removeAll();
            }
            this.eventService.publishEvent(new RoleUpdatedEvent(this, getCurrentSession(), role.getRealm(), role, new ArrayList(), new ArrayList()));
        } catch (Throwable th) {
            this.eventService.publishEvent(new RoleUpdatedEvent(this, role.getName(), th, getCurrentSession(), role.getRealm()));
            throw new ResourceChangeException(th, PermissionService.RESOURCE_BUNDLE, "error.resourceUpdateError", th.getMessage());
        }
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Role updateRole(Role role, String str, List<Principal> list, List<Permission> list2, List<Realm> list3, Map<String, String> map, boolean z, boolean z2, boolean z3) throws AccessDeniedException, ResourceException {
        assertPermission(RolePermission.UPDATE);
        if (list != null && !CollectionUtils.isEqualCollection(role.getPrincipals(), list) && role.isPersonalRole()) {
            throw new AccessDeniedException("You cannot change personal roles");
        }
        try {
        } catch (ResourceNotFoundException e) {
            role.setName(str);
        }
        if (!getRole(str, role.getRealm()).getId().equals(role.getId())) {
            throw new ResourceChangeException(PermissionService.RESOURCE_BUNDLE, "error.role.alreadyExists", str);
        }
        try {
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            if (list3 != null) {
                hashSet2.addAll(getEntitiesNotIn(list3, role.getPermissionRealms(), new EntityMatch<Realm>() { // from class: com.hypersocket.permissions.PermissionServiceImpl.8
                    @Override // com.hypersocket.permissions.PermissionServiceImpl.EntityMatch
                    public boolean validate(Realm realm) {
                        return true;
                    }
                }));
                hashSet.addAll(list3);
                hashSet.removeAll(role.getPermissionRealms());
            }
            role.setPermissionRealms(new HashSet(list3));
            HashSet hashSet3 = new HashSet();
            HashSet hashSet4 = new HashSet();
            if (list != null) {
                hashSet4.addAll(getEntitiesNotIn(list, role.getPrincipals(), new EntityMatch<Principal>() { // from class: com.hypersocket.permissions.PermissionServiceImpl.9
                    @Override // com.hypersocket.permissions.PermissionServiceImpl.EntityMatch
                    public boolean validate(Principal principal) {
                        return PermissionServiceImpl.this.getCurrentRealm().equals(principal.getRealm());
                    }
                }));
                hashSet3.addAll(list);
                hashSet3.removeAll(role.getPrincipals());
            }
            HashSet hashSet5 = new HashSet();
            HashSet hashSet6 = new HashSet();
            if (list2 != null) {
                hashSet5.addAll(getEntitiesNotIn(list2, role.getPermissions(), null));
                hashSet6.addAll(getEntitiesNotIn(role.getPermissions(), list2, null));
            }
            role.setAllPermissions(z2);
            role.setAllUsers(z);
            role.setAllRealms(z3);
            this.repository.updateRole(role, hashSet4, hashSet3, hashSet5, hashSet6, map, new TransactionAdapter<Role>() { // from class: com.hypersocket.permissions.PermissionServiceImpl.10
                public void afterOperation(Role role2, Map<String, String> map2) {
                    PermissionServiceImpl.this.saveRoleAttributes(role2, map2);
                }

                @Override // com.hypersocket.resource.TransactionAdapter, com.hypersocket.resource.TransactionOperation
                public /* bridge */ /* synthetic */ void afterOperation(Object obj, Map map2) throws ResourceException {
                    afterOperation((Role) obj, (Map<String, String>) map2);
                }
            });
            synchronized (this.permissionsCache) {
                this.permissionsCache.removeAll();
                this.roleCache.removeAll();
            }
            this.eventService.publishEvent(new RoleUpdatedEvent(this, getCurrentSession(), role.getRealm(), role, hashSet3, hashSet4));
            return role;
        } catch (Throwable th) {
            this.eventService.publishEvent(new RoleUpdatedEvent(this, role.getName(), th, getCurrentSession(), role.getRealm()));
            throw new ResourceChangeException(th, PermissionService.RESOURCE_BUNDLE, "error.resourceUpdateError", th.getMessage());
        }
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Role getRoleById(Long l, Realm realm) throws ResourceNotFoundException, AccessDeniedException {
        assertPermission(RolePermission.READ);
        Role roleById = this.repository.getRoleById(l);
        if (roleById.getRealm() == null || roleById.getRealm().equals(realm)) {
            return roleById;
        }
        throw new ResourceNotFoundException(PermissionService.RESOURCE_BUNDLE, "error.invalidRole", l);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Permission getPermissionById(Long l) {
        return this.repository.getPermissionById(l);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Long getRoleCount(String str, String str2, boolean z, RoleType... roleTypeArr) throws AccessDeniedException {
        assertPermission(RolePermission.READ);
        return this.repository.countRoles(getCurrentRealm(), str, str2, z, roleTypeArr);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public List<?> getRoles(String str, String str2, int i, int i2, ColumnSort[] columnSortArr, boolean z, RoleType... roleTypeArr) throws AccessDeniedException {
        assertPermission(RolePermission.READ);
        return this.repository.searchRoles(getCurrentRealm(), str, str2, i, i2, columnSortArr, z, roleTypeArr);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public List<?> getNoPersonalNoAllUsersRoles(String str, int i, int i2, ColumnSort[] columnSortArr) throws AccessDeniedException {
        assertPermission(RolePermission.READ);
        return this.repository.searchNoPersonalNoAllUserRoles(getCurrentRealm(), str, i, i2, columnSortArr);
    }

    @Override // com.hypersocket.auth.AuthenticatedServiceImpl
    public Role getPersonalRole(Principal principal) {
        Role personalRole = this.repository.getPersonalRole(principal);
        if (personalRole == null) {
            personalRole = this.repository.createPersonalRole(principal);
        }
        return personalRole;
    }

    public void onApplicationEvent(SystemEvent systemEvent) {
        if ((systemEvent instanceof GroupEvent) || (systemEvent instanceof UserEvent)) {
            synchronized (this.permissionsCache) {
                this.permissionsCache.removeAll();
                this.roleCache.removeAll();
            }
        }
    }

    @Override // com.hypersocket.permissions.PermissionService
    public void revokePermissions(final Principal principal, final TransactionAdapter<Principal>... transactionAdapterArr) throws ResourceException, AccessDeniedException {
        this.transactionService.doInTransaction(new TransactionCallback<Principal>() { // from class: com.hypersocket.permissions.PermissionServiceImpl.11
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Principal m103doInTransaction(TransactionStatus transactionStatus) {
                try {
                    long assignableResourceCount = PermissionServiceImpl.this.repository.getAssignableResourceCount(principal);
                    if (assignableResourceCount > 0) {
                        throw new ResourceException(PermissionService.RESOURCE_BUNDLE, "error.resourcesAssigned", principal.getPrincipalName(), Long.valueOf(assignableResourceCount));
                    }
                    for (TransactionAdapter transactionAdapter : transactionAdapterArr) {
                        transactionAdapter.beforeOperation(principal, new HashMap());
                    }
                    PermissionServiceImpl.this.revokePermissionsNonTransactional(principal);
                    for (TransactionAdapter transactionAdapter2 : transactionAdapterArr) {
                        transactionAdapter2.afterOperation(principal, new HashMap());
                    }
                    return principal;
                } catch (Throwable th) {
                    throw new IllegalStateException(th.getMessage(), th);
                }
            }
        });
    }

    @Override // com.hypersocket.permissions.PermissionService
    public void revokePermissionsNonTransactional(Principal principal) {
        Collection<Role> rolesByPrincipal = getRolesByPrincipal(principal);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Revoking principal permissioms %s with %d roles [%s]", principal.getPrincipalName(), Integer.valueOf(rolesByPrincipal.size()), ResourceUtils.createCommaSeparatedString(rolesByPrincipal)));
        }
        HypersocketUtils.memDbg("revokePermissions " + principal.getName());
        for (Role role : rolesByPrincipal) {
            if (!role.isPersonalRole() && !role.isAllUsers()) {
                role.getPrincipals().remove(principal);
                this.repository.saveRole(role);
            }
        }
        deletePrincipalRole(principal);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public boolean hasRole(Principal principal, Role role) {
        Iterator<Role> it = getPrincipalRoles(principal).iterator();
        while (it.hasNext()) {
            if (it.next().equals(role)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.hypersocket.permissions.PermissionService
    public boolean hasRole(Principal principal, Collection<Role> collection) {
        Iterator<Role> it = getPrincipalRoles(principal).iterator();
        while (it.hasNext()) {
            if (collection.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    @Override // com.hypersocket.permissions.PermissionService
    public boolean hasEveryoneRole(Collection<Role> collection, Realm realm) {
        Iterator<Role> it = collection.iterator();
        while (it.hasNext()) {
            if (it.next().getName().equals(PermissionService.ROLE_EVERYONE)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.hypersocket.permissions.PermissionService
    public void assertResourceAccess(AssignableResource assignableResource, Principal principal) throws AccessDeniedException {
        boolean z = false;
        Set<Role> principalRoles = getPrincipalRoles(principal);
        Iterator<Role> it = assignableResource.getRoles().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (principalRoles.contains(it.next())) {
                z = true;
                break;
            }
        }
        if (!z) {
            throw new AccessDeniedException("You do not have access to " + assignableResource.getName());
        }
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Role createRoleAndAssignPrincipals(final String str, final Realm realm, final Principal... principalArr) throws ResourceException, AccessDeniedException {
        return (Role) this.transactionService.doInTransaction(new TransactionCallback<Role>() { // from class: com.hypersocket.permissions.PermissionServiceImpl.12
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Role m104doInTransaction(TransactionStatus transactionStatus) {
                try {
                    if (PermissionServiceImpl.log.isInfoEnabled()) {
                        PermissionServiceImpl.log.info(String.format("Creating role with name %s in realm %s.", str, realm.getName()));
                    }
                    Role createRole = PermissionServiceImpl.this.createRole(str, realm, RoleType.CUSTOM);
                    PermissionServiceImpl.this.assignRole(createRole, principalArr);
                    return createRole;
                } catch (AccessDeniedException | ResourceException e) {
                    throw new IllegalStateException(e.getMessage(), e);
                }
            }
        });
    }

    @Override // com.hypersocket.permissions.PermissionService
    public String getRoleProperty(Role role, String str) {
        return this.repository.getValue(role, str);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public boolean getRoleBooleanProperty(Role role, String str) {
        return this.repository.getBooleanValue(role, str).booleanValue();
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Long getRoleLongProperty(Role role, String str) {
        return this.repository.getLongValue(role, str);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public int getRoleIntProperty(Role role, String str) {
        return this.repository.getIntValue(role, str).intValue();
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Collection<PropertyCategory> getRoleTemplate() throws AccessDeniedException {
        assertPermission(RolePermission.READ);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(this.repository.getPropertyCategories((SimpleResource) null, new PropertyFilter[0]));
        arrayList.addAll(this.attributeService.getPropertyResolver().getPropertyCategories(null));
        return arrayList;
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Collection<PropertyCategory> getRoleProperties(Role role) throws AccessDeniedException {
        assertPermission(RolePermission.READ);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(this.repository.getPropertyCategories(role, new PropertyFilter[0]));
        arrayList.addAll(this.attributeService.getPropertyResolver().getPropertyCategories(role));
        return arrayList;
    }

    protected void saveRoleAttributes(Role role, Map<String, String> map) {
        if (map != null) {
            for (PropertyTemplate propertyTemplate : this.attributeService.getPropertyResolver().getPropertyTemplates(role)) {
                if (map.containsKey(propertyTemplate.getResourceKey())) {
                    this.attributeRepository.setValue(role, propertyTemplate.getResourceKey(), map.get(propertyTemplate.getResourceKey()));
                }
            }
        }
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Set<String> getRolePropertyNames() {
        return this.attributeRepository.getPropertyNames(null);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Collection<Role> getRolesByPrincipal(Principal principal) {
        return this.repository.getRolesForPrincipal(Arrays.asList(principal));
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Iterator<Principal> iteratePrincipalsByRole(Realm realm, Role... roleArr) throws ResourceNotFoundException, AccessDeniedException {
        return iteratePrincipalsByRole(realm, Arrays.asList(roleArr));
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Iterator<Principal> iteratePrincipalsByRole(Realm realm, Collection<Role> collection) {
        return hasEveryoneRole(collection, realm) ? this.realmService.iterateUsers(realm) : this.repository.iteratePrincpalsByRole(realm, collection);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Set<Principal> getPrincipalsByRole(Realm realm, int i, Role... roleArr) throws ResourceNotFoundException, AccessDeniedException {
        return getPrincipalsByRole(realm, i, Arrays.asList(roleArr));
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Set<Principal> getPrincipalsByRole(Realm realm, int i, Collection<Role> collection) throws ResourceNotFoundException {
        return hasEveryoneRole(collection, realm) ? this.realmService.getUsers(realm, i) : this.repository.getPrincpalsByRole(realm, i, collection);
    }

    protected void deletePrincipalRole(Principal principal) {
        if (principal.isPrimaryAccount()) {
            try {
                Role personalRole = this.repository.getPersonalRole(principal);
                if (personalRole != null) {
                    deleteRole(personalRole, false);
                }
            } catch (AccessDeniedException | ResourceException e) {
                log.error("Failed to delete principal role", e);
            }
        }
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Iterator<Principal> resolveUsers(Collection<Role> collection, Realm realm) throws ResourceNotFoundException, AccessDeniedException {
        return hasEveryoneRole(collection, realm) ? this.realmService.iterateUsers(realm) : resolveUsers(iteratePrincipalsByRole(realm, collection));
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Iterator<Principal> resolveUsers(Iterator<Principal> it) {
        return new RecursivePrincipalIterator(it);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public boolean hasPermission(Principal principal, PermissionType permissionType) {
        return hasPermission(principal, getPermission(permissionType.getResourceKey()));
    }

    @Override // com.hypersocket.permissions.PermissionService
    public void deleteResources(final List<Role> list) throws ResourceException, AccessDeniedException {
        this.transactionService.doInTransaction(new TransactionCallback<Void>() { // from class: com.hypersocket.permissions.PermissionServiceImpl.13
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Void m105doInTransaction(TransactionStatus transactionStatus) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    try {
                        PermissionServiceImpl.this.deleteRole((Role) it.next());
                    } catch (AccessDeniedException | ResourceException e) {
                        throw new IllegalStateException(e.getMessage(), e);
                    }
                }
                return null;
            }
        });
    }

    @Override // com.hypersocket.permissions.PermissionService
    public List<Role> getResourcesByIds(Long... lArr) throws AccessDeniedException {
        return this.repository.getResourcesByIds(lArr);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Role getRealmAdministratorRole(Realm realm) {
        return this.repository.getRoleByName(PermissionService.ROLE_REALM_ADMINISTRATOR, realm);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Role getSystemAdministratorRole() {
        return this.repository.getRoleByName(PermissionService.ROLE_SYSTEM_ADMINISTRATOR, this.realmService.getSystemRealm());
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.hypersocket.permissions.PermissionService
    public Role getRoleById(Long l) {
        return (Role) this.repository.getResourceById(l);
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Set<Realm> getPrincipalPermissionRealms(Principal principal) {
        Set<Realm> set;
        String format = String.format("%d:::permissionRealms", principal.getId());
        synchronized (this.roleCache) {
            if (!this.roleCache.containsKey(format)) {
                HashSet hashSet = new HashSet();
                Iterator<Role> it = this.repository.getRolesForPrincipal(this.realmService.getAssociatedPrincipals(principal)).iterator();
                while (it.hasNext()) {
                    hashSet.addAll(it.next().getPermissionRealms());
                }
                this.roleCache.put(format, hashSet);
            }
            set = (Set) this.roleCache.get(format);
        }
        return set;
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Set<Role> getAllUserRoles() {
        return this.repository.getAllUserRoles(getCurrentRealm());
    }

    @Override // com.hypersocket.permissions.PermissionService
    public void assertAdministrativeAccess() throws AccessDeniedException {
        assertRole((Role[]) getAllPermissionsRoles().toArray(new Role[0]));
    }

    private Collection<Role> getAllPermissionsRoles() {
        return this.repository.getAllPermissionsRoles(getCurrentRealm());
    }

    @Override // com.hypersocket.permissions.PermissionService
    public Set<Role> getPersonalRoles(Realm realm) {
        return this.repository.getPersonalRoles(realm);
    }
}
