package com.hypersocket.realm;

import com.hypersocket.cache.CacheService;
import com.hypersocket.delegation.UserDelegationResource;
import com.hypersocket.delegation.UserDelegationResourceService;
import com.hypersocket.delegation.events.UserDelegationResourceEvent;
import com.hypersocket.permissions.PermissionService;
import com.hypersocket.permissions.Role;
import com.hypersocket.realm.events.GroupEvent;
import com.hypersocket.repository.CriteriaConfiguration;
import com.hypersocket.repository.HibernateUtils;
import com.hypersocket.role.events.RoleEvent;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.cache.Cache;
import org.hibernate.Criteria;
import org.hibernate.criterion.Restrictions;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.event.EventListener;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/hypersocket/realm/DelegationCriteria.class */
public class DelegationCriteria implements CriteriaConfiguration {

    @Autowired
    private UserDelegationResourceService delegationService;

    @Autowired
    private RealmService realmService;

    @Autowired
    private PermissionService permissionService;

    @Autowired
    private CacheService cacheService;

    @Override // com.hypersocket.repository.CriteriaConfiguration
    public void configure(Criteria criteria) {
        if (this.realmService.hasAuthenticatedContext()) {
            Principal currentPrincipal = this.realmService.getCurrentPrincipal();
            if (currentPrincipal.isSystem() || this.permissionService.hasAdministrativePermission(currentPrincipal)) {
                return;
            }
            Cache cacheOrCreate = this.cacheService.getCacheOrCreate("delegationQueryUserIds", String.class, Collection.class);
            String format = String.format("%s/%s", this.realmService.getCurrentRealm().getUuid(), currentPrincipal.getUUID());
            if (!cacheOrCreate.containsKey(format)) {
                int parseInt = Integer.parseInt(System.getProperty("hypersocket.maximumUserDelegates", "1000"));
                Collection<UserDelegationResource> personalResources = this.delegationService.getPersonalResources();
                HashSet hashSet = new HashSet();
                Set<Role> allUserRoles = this.permissionService.getAllUserRoles();
                boolean z = false;
                Iterator<UserDelegationResource> it = personalResources.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    UserDelegationResource next = it.next();
                    if (!Collections.disjoint(next.getRoleDelegates(), allUserRoles)) {
                        z = true;
                        break;
                    }
                    HashSet hashSet2 = new HashSet();
                    Iterator<Role> it2 = next.getRoleDelegates().iterator();
                    while (it2.hasNext()) {
                        for (Principal principal : it2.next().getPrincipals()) {
                            if (principal.getType() == PrincipalType.GROUP) {
                                iterateGroupMembership(principal, hashSet, hashSet2);
                            } else {
                                hashSet.add(principal);
                            }
                            if (hashSet.size() > parseInt) {
                                throw new IllegalStateException("Too many user delegates for principal query");
                            }
                        }
                    }
                    hashSet.addAll(next.getUserDelegates());
                    if (hashSet.size() > parseInt) {
                        throw new IllegalStateException("Too many user delegates for principal query");
                    }
                    hashSet2.clear();
                    Iterator<Principal> it3 = next.getGroupDelegates().iterator();
                    while (it3.hasNext()) {
                        iterateGroupMembership(it3.next(), hashSet, hashSet2);
                        if (hashSet.size() > parseInt) {
                            throw new IllegalStateException("Too many user delegates for principal query");
                        }
                    }
                }
                if (z) {
                    return;
                } else {
                    cacheOrCreate.put(format, HibernateUtils.getResourceIds(hashSet));
                }
            }
            Collection collection = (Collection) cacheOrCreate.get(format);
            if (collection == null || collection.isEmpty()) {
                return;
            }
            criteria.add(Restrictions.in("id", collection));
        }
    }

    private void iterateGroupMembership(Principal principal, Set<Principal> set, Set<Principal> set2) {
        if (set2.contains(principal)) {
            return;
        }
        set2.add(principal);
        set.addAll(this.realmService.getGroupUsers(principal));
        Iterator<Principal> it = this.realmService.getGroupGroups(principal).iterator();
        while (it.hasNext()) {
            iterateGroupMembership(it.next(), set, set2);
        }
    }

    @EventListener
    public void onRoleChange(RoleEvent roleEvent) {
        if (roleEvent.isSuccess()) {
            this.cacheService.getCacheOrCreate("delegationQueryRoleIds", String.class, Collection.class).removeAll();
            this.cacheService.getCacheOrCreate("delegationQueryUserIds", String.class, Collection.class).removeAll();
        }
    }

    @EventListener
    public void onGroupChange(GroupEvent groupEvent) {
        if (groupEvent.isSuccess()) {
            this.cacheService.getCacheOrCreate("delegationQueryUserIds", String.class, Collection.class).removeAll();
        }
    }

    @EventListener
    public void onDelegationChange(UserDelegationResourceEvent userDelegationResourceEvent) {
        if (userDelegationResourceEvent.isSuccess()) {
            this.cacheService.getCacheOrCreate("delegationQueryUserIds", String.class, Collection.class).removeAll();
        }
    }
}
