package org.sakaiproject.authz.impl;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Stack;
import java.util.UUID;
import java.util.Vector;
import java.util.stream.Collectors;
import org.sakaiproject.authz.api.AuthzGroup;
import org.sakaiproject.authz.api.AuthzGroupAdvisor;
import org.sakaiproject.authz.api.AuthzGroupService;
import org.sakaiproject.authz.api.AuthzPermissionException;
import org.sakaiproject.authz.api.AuthzRealmLockException;
import org.sakaiproject.authz.api.FunctionManager;
import org.sakaiproject.authz.api.GroupAlreadyDefinedException;
import org.sakaiproject.authz.api.GroupFullException;
import org.sakaiproject.authz.api.GroupIdInvalidException;
import org.sakaiproject.authz.api.GroupNotDefinedException;
import org.sakaiproject.authz.api.GroupProvider;
import org.sakaiproject.authz.api.RoleAlreadyDefinedException;
import org.sakaiproject.authz.api.RoleProvider;
import org.sakaiproject.authz.api.SecurityService;
import org.sakaiproject.authz.impl.DbAuthzGroupService;
import org.sakaiproject.component.api.ServerConfigurationService;
import org.sakaiproject.component.cover.ComponentManager;
import org.sakaiproject.content.impl.BaseContentService;
import org.sakaiproject.entity.api.Entity;
import org.sakaiproject.entity.api.EntityManager;
import org.sakaiproject.entity.api.HttpAccess;
import org.sakaiproject.entity.api.Reference;
import org.sakaiproject.entity.api.ResourceProperties;
import org.sakaiproject.event.api.EventTrackingService;
import org.sakaiproject.javax.PagingPosition;
import org.sakaiproject.site.api.SiteService;
import org.sakaiproject.time.api.Time;
import org.sakaiproject.time.api.TimeService;
import org.sakaiproject.tool.api.SessionManager;
import org.sakaiproject.user.api.UserDirectoryService;
import org.sakaiproject.user.api.UserNotDefinedException;
import org.sakaiproject.util.Resource;
import org.sakaiproject.util.ResourceLoader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/sakaiproject/authz/impl/BaseAuthzGroupService.class */
public abstract class BaseAuthzGroupService implements AuthzGroupService {
    private static final Logger log = LoggerFactory.getLogger(BaseAuthzGroupService.class);
    private static final String DEFAULT_RESOURCECLASS = "org.sakaiproject.localization.util.AuthzImplProperties";
    private static final String DEFAULT_RESOURCEBUNDLE = "org.sakaiproject.localization.bundle.authzimpl.authz-impl";
    private static final String RESOURCECLASS = "resource.class.authzimpl";
    private static final String RESOURCEBUNDLE = "resource.bundle.authzimpl";
    private String dummyUserPrefix;
    protected List<AuthzGroupAdvisor> authzGroupAdvisors;
    protected SiteService siteService;
    protected Storage m_storage = null;
    protected String m_relativeAccessPoint = null;
    protected GroupProvider m_provider = null;
    protected RoleProvider m_roleProvider = null;
    private ResourceLoader rb = null;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/sakaiproject/authz/impl/BaseAuthzGroupService$Storage.class */
    public interface Storage {
        void open();

        void close();

        boolean check(String str);

        AuthzGroup get(String str);

        AuthzGroup put(String str);

        void save(AuthzGroup authzGroup);

        void addNewUser(AuthzGroup authzGroup, String str, String str2, int i) throws GroupFullException;

        void removeUser(AuthzGroup authzGroup, String str);

        void remove(AuthzGroup authzGroup);

        Map<String, List<String>> getProviderIDsForRealms(List<String> list);

        List getAuthzGroups(String str, PagingPosition pagingPosition);

        List getAuthzUserGroupIds(ArrayList arrayList, String str);

        Collection<String> getAuthzUsersInGroups(Set<String> set);

        int countAuthzGroups(String str);

        Set<String> getProviderIds(String str);

        Set getAuthzGroupIds(String str);

        void completeGet(BaseAuthzGroup baseAuthzGroup);

        boolean isAllowed(String str, String str2, String str3);

        boolean isAllowed(String str, String str2, Collection<String> collection);

        Set<String> getUsersIsAllowed(String str, Collection<String> collection);

        Set<String[]> getUsersIsAllowedByGroup(String str, Collection<String> collection);

        Map<String, Integer> getUserCountIsAllowed(String str, Collection<String> collection);

        Set getAllowedFunctions(String str, Collection collection);

        Set getAuthzGroupsIsAllowed(String str, String str2, Collection collection);

        String getUserRole(String str, String str2);

        Map<String, String> getUserRoles(String str, Collection<String> collection);

        Map getUsersRole(Collection collection, String str);

        void refreshUser(String str, Map<String, String> map);

        void refreshAuthzGroup(BaseAuthzGroup baseAuthzGroup);

        Set<String> getMaintainRoles();

        DbAuthzGroupService.DbStorage.RealmLock newRealmLock(Integer num, String str, AuthzGroup.RealmLockMode realmLockMode);
    }

    protected abstract Storage newStorage();

    /* JADX INFO: Access modifiers changed from: protected */
    public String getAccessPoint(boolean z) {
        return (z ? "" : serverConfigurationService().getAccessUrl()) + this.m_relativeAccessPoint;
    }

    protected String authzGroupId(String str) {
        String str2 = getAccessPoint(true) + "/";
        int indexOf = str.indexOf(str2);
        return indexOf == -1 ? str : str.substring(indexOf + str2.length());
    }

    protected boolean unlockCheck(String str, String str2) {
        return securityService().unlock(str, str2);
    }

    protected void unlock(String str, String str2) throws AuthzPermissionException {
        if (!unlockCheck(str, str2)) {
            throw new AuthzPermissionException(sessionManager().getCurrentSessionUserId(), str, str2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addLiveProperties(BaseAuthzGroup baseAuthzGroup) {
        String currentSessionUserId = sessionManager().getCurrentSessionUserId();
        baseAuthzGroup.m_createdUserId = currentSessionUserId;
        baseAuthzGroup.m_lastModifiedUserId = currentSessionUserId;
        Time newTime = timeService().newTime();
        baseAuthzGroup.m_createdTime = newTime;
        baseAuthzGroup.m_lastModifiedTime = (Time) newTime.clone();
    }

    protected void addLiveUpdateProperties(BaseAuthzGroup baseAuthzGroup) {
        baseAuthzGroup.m_lastModifiedUserId = sessionManager().getCurrentSessionUserId();
        baseAuthzGroup.m_lastModifiedTime = timeService().newTime();
    }

    public void setProvider(GroupProvider groupProvider) {
        this.m_provider = groupProvider;
    }

    public void setRoleProvider(RoleProvider roleProvider) {
        this.m_roleProvider = roleProvider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract ServerConfigurationService serverConfigurationService();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract EntityManager entityManager();

    protected abstract FunctionManager functionManager();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract SecurityService securityService();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract TimeService timeService();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract SessionManager sessionManager();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract EventTrackingService eventTrackingService();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract UserDirectoryService userDirectoryService();

    public void setSiteService(SiteService siteService) {
        this.siteService = siteService;
    }

    public void init() {
        this.authzGroupAdvisors = new ArrayList();
        try {
            this.rb = Resource.getResourceLoader(serverConfigurationService().getString(RESOURCECLASS, DEFAULT_RESOURCECLASS), serverConfigurationService().getString(RESOURCEBUNDLE, DEFAULT_RESOURCEBUNDLE));
            this.m_relativeAccessPoint = "/realm";
            this.m_storage = newStorage();
            this.m_storage.open();
            entityManager().registerEntityProducer(this, "/realm");
            functionManager().registerFunction("realm.add");
            functionManager().registerFunction("realm.del");
            functionManager().registerFunction("realm.upd");
            functionManager().registerFunction("realm.upd.own");
            functionManager().registerFunction("realm.view.all");
            if (this.m_provider == null) {
                this.m_provider = (GroupProvider) ComponentManager.get(GroupProvider.class.getName());
            }
            if (this.m_roleProvider == null) {
                this.m_roleProvider = (RoleProvider) ComponentManager.get(RoleProvider.class.getName());
            }
            log.info("init(): provider: " + (this.m_provider == null ? "none" : this.m_provider.getClass().getName()));
            this.dummyUserPrefix = UUID.randomUUID().toString().substring(0, 8);
        } catch (Exception e) {
            log.warn("init(); ", e);
        }
    }

    public void destroy() {
        this.m_storage.close();
        this.m_storage = null;
        log.info("destroy()");
    }

    public Map<String, List<String>> getProviderIDsForRealms(List<String> list) {
        return this.m_storage.getProviderIDsForRealms(list);
    }

    public List getAuthzGroups(String str, PagingPosition pagingPosition) {
        return this.m_storage.getAuthzGroups(str, pagingPosition);
    }

    public List getAuthzUserGroupIds(ArrayList arrayList, String str) {
        return this.m_storage.getAuthzUserGroupIds(arrayList, str);
    }

    public Collection<String> getAuthzUsersInGroups(Set<String> set) {
        return this.m_storage.getAuthzUsersInGroups(set);
    }

    public int countAuthzGroups(String str) {
        return this.m_storage.countAuthzGroups(str);
    }

    public Set getAuthzGroupIds(String str) {
        return this.m_storage.getAuthzGroupIds(str);
    }

    public Set getProviderIds(String str) {
        return this.m_storage.getProviderIds(str);
    }

    public AuthzGroup getAuthzGroup(String str) throws GroupNotDefinedException {
        if (str == null) {
            throw new GroupNotDefinedException("<null>");
        }
        AuthzGroup authzGroup = this.m_storage.get(str);
        if (authzGroup == null) {
            throw new GroupNotDefinedException(str);
        }
        return authzGroup;
    }

    public void joinGroup(String str, String str2) throws GroupNotDefinedException, AuthzPermissionException, AuthzRealmLockException {
        joinGroup(str, str2, 0);
    }

    public void joinGroup(String str, String str2, int i) throws GroupNotDefinedException, AuthzPermissionException, GroupFullException, AuthzRealmLockException {
        String currentSessionUserId = sessionManager().getCurrentSessionUserId();
        if (currentSessionUserId == null) {
            throw new AuthzPermissionException((String) null, "realm.upd.own", str);
        }
        unlock("realm.upd.own", str);
        AuthzGroup authzGroup = this.m_storage.get(str);
        if (authzGroup == null) {
            throw new GroupNotDefinedException(str);
        }
        if (authzGroup.getRole(str2) == null) {
            throw new GroupNotDefinedException(str2);
        }
        BaseMember baseMember = (BaseMember) authzGroup.getMember(currentSessionUserId);
        if (baseMember == null) {
            addMemberToGroup(authzGroup, currentSessionUserId, str2, i);
        } else if (!baseMember.active) {
            throw new AuthzPermissionException(currentSessionUserId, "realm.upd.own", str);
        }
    }

    public void unjoinGroup(String str) throws GroupNotDefinedException, AuthzPermissionException, AuthzRealmLockException {
        String currentSessionUserId = sessionManager().getCurrentSessionUserId();
        if (currentSessionUserId == null) {
            throw new AuthzPermissionException((String) null, "realm.upd.own", str);
        }
        unlock("realm.upd.own", str);
        AuthzGroup authzGroup = this.m_storage.get(str);
        if (authzGroup == null) {
            throw new GroupNotDefinedException(str);
        }
        BaseMember baseMember = (BaseMember) authzGroup.getMember(currentSessionUserId);
        if (baseMember == null) {
            return;
        }
        if (baseMember.getRole().getId().equals(authzGroup.getMaintainRole()) && authzGroup.getUsersHasRole(authzGroup.getMaintainRole()).size() <= 1) {
            throw new AuthzPermissionException(currentSessionUserId, "realm.upd.own", str);
        }
        if (baseMember.isProvided()) {
            throw new AuthzPermissionException(currentSessionUserId, "realm.upd.own", str);
        }
        removeMemberFromGroup(authzGroup, currentSessionUserId);
    }

    public boolean allowJoinGroup(String str) {
        AuthzGroup authzGroup;
        String currentSessionUserId = sessionManager().getCurrentSessionUserId();
        if (currentSessionUserId == null || !unlockCheck("realm.upd.own", str) || (authzGroup = this.m_storage.get(str)) == null) {
            return false;
        }
        BaseMember baseMember = (BaseMember) authzGroup.getMember(currentSessionUserId);
        return baseMember == null || baseMember.active;
    }

    public boolean allowUnjoinGroup(String str) {
        AuthzGroup authzGroup;
        BaseMember baseMember;
        String currentSessionUserId = sessionManager().getCurrentSessionUserId();
        if (currentSessionUserId == null || !unlockCheck("realm.upd.own", str) || (authzGroup = this.m_storage.get(str)) == null || (baseMember = (BaseMember) authzGroup.getMember(currentSessionUserId)) == null || baseMember.isProvided()) {
            return false;
        }
        return !baseMember.getRole().getId().equals(authzGroup.getMaintainRole()) || authzGroup.getUsersHasRole(authzGroup.getMaintainRole()).size() > 1;
    }

    public boolean allowUpdate(String str) {
        return unlockCheck("realm.upd", authzGroupReference(str));
    }

    public void save(AuthzGroup authzGroup) throws GroupNotDefinedException, AuthzPermissionException {
        if (authzGroup.getId() == null) {
            throw new GroupNotDefinedException("<null>");
        }
        if (!this.siteService.allowUpdateSiteMembership(entityManager().newReference(authzGroup.getId()).getId())) {
            unlock("realm.upd", authzGroupReference(authzGroup.getId()));
        }
        if (this.m_storage.check(authzGroup.getId())) {
            completeExistingGroupSave(authzGroup, this.m_storage.get(authzGroup.getId()));
        } else {
            if (!((BaseAuthzGroup) authzGroup).m_isNew) {
                throw new GroupNotDefinedException(authzGroup.getId());
            }
            if (this.m_storage.put(authzGroup.getId()) == null) {
                log.warn("saveUsingSecurity, storage.put for a new returns null");
            }
            completeSave(authzGroup);
        }
    }

    private void completeExistingGroupSave(AuthzGroup authzGroup, AuthzGroup authzGroup2) {
        Set users = authzGroup2.getUsers();
        Set users2 = authzGroup.getUsers();
        try {
            ((SakaiSecurity) securityService()).notifyMembersRemovedFromRealm((Set) users.stream().filter(str -> {
                return !users2.contains(str);
            }).collect(Collectors.toSet()), authzGroup2.getReference());
        } catch (Exception e) {
            log.warn("Failure while trying to notify SS about realm removal for AZG(" + authzGroup2.getId() + "): " + e, e);
        }
        completeSave(authzGroup);
    }

    protected void completeSave(AuthzGroup authzGroup) {
        addLiveUpdateProperties((BaseAuthzGroup) authzGroup);
        Iterator<AuthzGroupAdvisor> it = this.authzGroupAdvisors.iterator();
        while (it.hasNext()) {
            try {
                it.next().update(authzGroup);
            } catch (Exception e) {
                log.error("Advisor error during completeSave()", e);
            }
        }
        this.m_storage.save(authzGroup);
        String event = ((BaseAuthzGroup) authzGroup).getEvent();
        if (event == null) {
            event = "realm.upd";
        }
        if ("realm.upd".equals(event)) {
            try {
                HashSet hashSet = null;
                HashSet hashSet2 = null;
                Set<DbAuthzGroupService.DbStorage.RoleAndFunction> set = ((BaseAuthzGroup) authzGroup).m_lastChangedRlFn;
                if (set != null && !set.isEmpty()) {
                    hashSet = new HashSet();
                    hashSet2 = new HashSet(set.size());
                    for (DbAuthzGroupService.DbStorage.RoleAndFunction roleAndFunction : set) {
                        hashSet2.add(roleAndFunction.function);
                        hashSet.add(roleAndFunction.role);
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Changed permissions for roles (" + hashSet + ") in " + authzGroup.getId() + ": " + hashSet2);
                    }
                }
                ((SakaiSecurity) securityService()).notifyRealmChanged(authzGroup.getId(), hashSet, hashSet2);
            } catch (Exception e2) {
                log.warn("Failure while trying to notify SS about realm changes for AZG(" + authzGroup.getId() + "): " + e2, e2);
            }
        }
        eventTrackingService().post(eventTrackingService().newEvent(event, authzGroup.getReference(), true));
        ((BaseAuthzGroup) authzGroup).closeEdit();
        ((BaseAuthzGroup) authzGroup).m_lastChangedRlFn = null;
        updateSiteSecurity((BaseAuthzGroup) this.m_storage.get(authzGroup.getId()));
        ((BaseAuthzGroup) authzGroup).setEvent(null);
    }

    protected void addMemberToGroup(AuthzGroup authzGroup, String str, String str2, int i) throws GroupFullException, AuthzRealmLockException {
        addLiveUpdateProperties((BaseAuthzGroup) authzGroup);
        AuthzGroup.RealmLockMode realmLock = authzGroup.getRealmLock();
        if (AuthzGroup.RealmLockMode.MODIFY.equals(realmLock) || AuthzGroup.RealmLockMode.ALL.equals(realmLock)) {
            throw new AuthzRealmLockException("Attempting to add member to group but lock " + realmLock + " exists");
        }
        Iterator<AuthzGroupAdvisor> it = this.authzGroupAdvisors.iterator();
        while (it.hasNext()) {
            try {
                it.next().groupUpdate(authzGroup, str, str2);
            } catch (Exception e) {
                log.error("Advisor error during addMemberToGroup()", e);
            }
        }
        this.m_storage.addNewUser(authzGroup, str, str2, i);
        eventTrackingService().post(eventTrackingService().newEvent("realm.join", authzGroup.getReference(), true));
        ((BaseAuthzGroup) authzGroup).closeEdit();
        updateSiteSecurity((BaseAuthzGroup) this.m_storage.get(authzGroup.getId()));
        ((BaseAuthzGroup) authzGroup).setEvent(null);
    }

    protected void removeMemberFromGroup(AuthzGroup authzGroup, String str) throws AuthzRealmLockException {
        addLiveUpdateProperties((BaseAuthzGroup) authzGroup);
        AuthzGroup.RealmLockMode realmLock = authzGroup.getRealmLock();
        if (AuthzGroup.RealmLockMode.ALL.equals(realmLock) || AuthzGroup.RealmLockMode.MODIFY.equals(realmLock)) {
            throw new AuthzRealmLockException("Attempting to remove member from group but lock " + realmLock + " exists");
        }
        Iterator<AuthzGroupAdvisor> it = this.authzGroupAdvisors.iterator();
        while (it.hasNext()) {
            try {
                it.next().groupUpdate(authzGroup, str, authzGroup.getMember(str).getRole().getId());
            } catch (Exception e) {
                log.error("Advisor error during removeMemberFromGroup()", e);
            }
        }
        this.m_storage.removeUser(authzGroup, str);
        eventTrackingService().post(eventTrackingService().newEvent("realm.unjoin", authzGroup.getReference(), true));
        ((BaseAuthzGroup) authzGroup).closeEdit();
        updateSiteSecurity((BaseAuthzGroup) this.m_storage.get(authzGroup.getId()));
        ((BaseAuthzGroup) authzGroup).setEvent(null);
    }

    public boolean allowAdd(String str) {
        return unlockCheck("realm.add", authzGroupReference(str));
    }

    public AuthzGroup addAuthzGroup(String str) throws GroupIdInvalidException, GroupAlreadyDefinedException, AuthzPermissionException {
        unlock("realm.add", authzGroupReference(str));
        AuthzGroup put = this.m_storage.put(str);
        if (put == null) {
            throw new GroupAlreadyDefinedException(str);
        }
        ((BaseAuthzGroup) put).setEvent("realm.add");
        addLiveProperties((BaseAuthzGroup) put);
        completeSave(put);
        return put;
    }

    public AuthzGroup addAuthzGroup(String str, AuthzGroup authzGroup, String str2) throws GroupIdInvalidException, GroupAlreadyDefinedException, AuthzPermissionException {
        AuthzGroup addAuthzGroup = addAuthzGroup(str);
        ((BaseAuthzGroup) addAuthzGroup).set(authzGroup);
        ((BaseAuthzGroup) addAuthzGroup).m_id = str;
        String maintainRole = addAuthzGroup.getMaintainRole();
        if (maintainRole != null && str2 != null) {
            if (addAuthzGroup.getRole(maintainRole) == null) {
                try {
                    addAuthzGroup.addRole(maintainRole);
                } catch (RoleAlreadyDefinedException e) {
                    log.warn("addAuthzGroup: ", e);
                }
            }
            addAuthzGroup.addMember(str2, maintainRole, true, false);
        }
        addLiveProperties((BaseAuthzGroup) addAuthzGroup);
        completeSave(addAuthzGroup);
        return addAuthzGroup;
    }

    public AuthzGroup newAuthzGroup(String str, AuthzGroup authzGroup, String str2) throws GroupAlreadyDefinedException {
        BaseAuthzGroup baseAuthzGroup = new BaseAuthzGroup(this, str);
        baseAuthzGroup.m_isNew = true;
        if (authzGroup != null) {
            baseAuthzGroup.set(authzGroup);
            baseAuthzGroup.m_id = str;
        }
        String maintainRole = baseAuthzGroup.getMaintainRole();
        if (maintainRole != null && str2 != null) {
            baseAuthzGroup.addMember(str2, maintainRole, true, false);
        }
        return baseAuthzGroup;
    }

    public boolean allowRemove(String str) {
        return unlockCheck("realm.del", authzGroupReference(str));
    }

    public void removeAuthzGroup(AuthzGroup authzGroup) throws AuthzPermissionException, AuthzRealmLockException {
        unlock("realm.del", authzGroup.getReference());
        AuthzGroup.RealmLockMode realmLock = authzGroup.getRealmLock();
        if (AuthzGroup.RealmLockMode.ALL.equals(realmLock) || AuthzGroup.RealmLockMode.DELETE.equals(realmLock)) {
            throw new AuthzRealmLockException("Attempting to remove group but lock " + realmLock + " exists");
        }
        Iterator<AuthzGroupAdvisor> it = this.authzGroupAdvisors.iterator();
        while (it.hasNext()) {
            try {
                it.next().remove(authzGroup);
            } catch (Exception e) {
                log.error("Advisor error during removeAuthzGroup()", e);
            }
        }
        try {
            ((SakaiSecurity) securityService()).notifyRealmRemoved(authzGroup.getId());
        } catch (Exception e2) {
            log.warn("Failure while trying to notify SS about realm removal for AZG(" + authzGroup.getId() + "): " + e2, e2);
        }
        this.m_storage.remove(authzGroup);
        eventTrackingService().post(eventTrackingService().newEvent("realm.del", authzGroup.getReference(), true));
        ((BaseAuthzGroup) authzGroup).closeEdit();
        removeSiteSecurity(authzGroup);
    }

    public void removeAuthzGroup(String str) throws AuthzPermissionException, AuthzRealmLockException {
        AuthzGroup authzGroup;
        if (str == null || (authzGroup = this.m_storage.get(str)) == null) {
            return;
        }
        removeAuthzGroup(authzGroup);
    }

    public String authzGroupReference(String str) {
        return getAccessPoint(true) + "/" + str;
    }

    public boolean isAllowed(String str, String str2, String str3) {
        return this.m_storage.isAllowed(str, str2, str3);
    }

    public boolean isAllowed(String str, String str2, Collection collection) {
        return this.m_storage.isAllowed(str, str2, (Collection<String>) collection);
    }

    public Set<String> getUsersIsAllowed(String str, Collection<String> collection) {
        return this.m_storage.getUsersIsAllowed(str, collection);
    }

    public Set<String[]> getUsersIsAllowedByGroup(String str, Collection<String> collection) {
        return this.m_storage.getUsersIsAllowedByGroup(str, collection);
    }

    public Map<String, Integer> getUserCountIsAllowed(String str, Collection<String> collection) {
        return this.m_storage.getUserCountIsAllowed(str, collection);
    }

    public Set getAllowedFunctions(String str, Collection collection) {
        return this.m_storage.getAllowedFunctions(str, collection);
    }

    public Set getAuthzGroupsIsAllowed(String str, String str2, Collection collection) {
        return this.m_storage.getAuthzGroupsIsAllowed(str, str2, collection);
    }

    public String getUserRole(String str, String str2) {
        return this.m_storage.getUserRole(str, str2);
    }

    public Map<String, String> getUserRoles(String str, Collection<String> collection) {
        return this.m_storage.getUserRoles(str, collection);
    }

    public Map getUsersRole(Collection collection, String str) {
        return this.m_storage.getUsersRole(collection, str);
    }

    public String encodeDummyUserForRole(String str) throws IllegalArgumentException {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("BaseAuthzGroupService#encodeDummyUserForRole: No role ID provided");
        }
        return this.dummyUserPrefix + str;
    }

    public String decodeRoleFromDummyUser(String str) throws IllegalArgumentException {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("BaseAuthzGroupService.decodeRoleFromDummyUser: No dummy user ID provided");
        }
        if (!str.startsWith(this.dummyUserPrefix) || str.equals(this.dummyUserPrefix)) {
            return null;
        }
        return str.replaceFirst(this.dummyUserPrefix, "");
    }

    public void refreshUser(String str) {
        if (this.m_provider == null || str == null) {
            return;
        }
        try {
            String userEid = userDirectoryService().getUserEid(str);
            if (!serverConfigurationService().getBoolean("suppressCMRefresh", false)) {
                this.m_storage.refreshUser(str, new ProviderMap(this.m_provider, this.m_provider.getGroupRolesForUser(userEid)));
            }
            Set authzGroupsIsAllowed = getAuthzGroupsIsAllowed(str, BaseContentService.SITE_UPDATE_ACCESS, null);
            Set authzGroupsIsAllowed2 = getAuthzGroupsIsAllowed(str, "site.visit.unp", null);
            Set authzGroupsIsAllowed3 = getAuthzGroupsIsAllowed(str, "site.visit", null);
            HashSet hashSet = new HashSet();
            Iterator it = authzGroupsIsAllowed.iterator();
            while (it.hasNext()) {
                Reference newReference = entityManager().newReference((String) it.next());
                if ("sakai:site".equals(newReference.getType()) && "site".equals(newReference.getSubType()) && !this.siteService.isSpecialSite(newReference.getId()) && (!this.siteService.isUserSite(newReference.getId()) || str.equals(this.siteService.getSiteUserId(newReference.getId())))) {
                    hashSet.add(newReference.getId());
                }
            }
            HashSet hashSet2 = new HashSet();
            Iterator it2 = authzGroupsIsAllowed2.iterator();
            while (it2.hasNext()) {
                Reference newReference2 = entityManager().newReference((String) it2.next());
                if ("sakai:site".equals(newReference2.getType()) && "site".equals(newReference2.getSubType()) && !this.siteService.isSpecialSite(newReference2.getId()) && (!this.siteService.isUserSite(newReference2.getId()) || str.equals(this.siteService.getSiteUserId(newReference2.getId())))) {
                    hashSet2.add(newReference2.getId());
                }
            }
            HashSet hashSet3 = new HashSet();
            Iterator it3 = authzGroupsIsAllowed3.iterator();
            while (it3.hasNext()) {
                Reference newReference3 = entityManager().newReference((String) it3.next());
                if ("sakai:site".equals(newReference3.getType()) && "site".equals(newReference3.getSubType()) && !this.siteService.isSpecialSite(newReference3.getId()) && (!this.siteService.isUserSite(newReference3.getId()) || str.equals(this.siteService.getSiteUserId(newReference3.getId())))) {
                    hashSet3.add(newReference3.getId());
                }
            }
            this.siteService.setUserSecurity(str, hashSet, hashSet2, hashSet3);
        } catch (UserNotDefinedException e) {
            log.warn("refreshUser: cannot find eid for user: " + str);
        }
    }

    protected void updateSiteSecurity(AuthzGroup authzGroup) {
        Reference newReference = entityManager().newReference(authzGroup.getId());
        if ("sakai:site".equals(newReference.getType()) && "site".equals(newReference.getSubType())) {
            this.siteService.setSiteSecurity(newReference.getId(), authzGroup.getUsersIsAllowed(BaseContentService.SITE_UPDATE_ACCESS), authzGroup.getUsersIsAllowed("site.visit.unp"), authzGroup.getUsersIsAllowed("site.visit"));
        }
    }

    protected void removeSiteSecurity(AuthzGroup authzGroup) {
        Reference newReference = entityManager().newReference(authzGroup.getId());
        if ("sakai:site".equals(newReference.getType()) && "site".equals(newReference.getSubType())) {
            HashSet hashSet = new HashSet();
            this.siteService.setSiteSecurity(newReference.getId(), hashSet, hashSet, hashSet);
        }
    }

    public String getLabel() {
        return "authzGroup";
    }

    public boolean willArchiveMerge() {
        return false;
    }

    public HttpAccess getHttpAccess() {
        return null;
    }

    public boolean parseEntityReference(String str, Reference reference) {
        String extractEntityId = extractEntityId(str);
        if (extractEntityId == null) {
            return false;
        }
        reference.set("sakai:authzGroup", (String) null, extractEntityId, (String) null, (String) null);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String extractEntityId(String str) {
        if (!str.startsWith("/realm") || "/realm".length() + 1 > str.length()) {
            return null;
        }
        return str.substring("/realm".length() + 1, str.length());
    }

    public String getEntityDescription(Reference reference) {
        return null;
    }

    public ResourceProperties getEntityResourceProperties(Reference reference) {
        return null;
    }

    public Entity getEntity(Reference reference) {
        return null;
    }

    public Collection getEntityAuthzGroups(Reference reference, String str) {
        if (!"sakai:authzGroup".equals(reference.getType())) {
            return null;
        }
        Vector vector = new Vector();
        if (reference.getId() != null && reference.getId().length() > 0 && !reference.getId().startsWith("!")) {
            reference.addUserAuthzGroup(vector, sessionManager().getCurrentSessionUserId());
            vector.addAll(entityManager().newReference(reference.getId()).getAuthzGroups(str));
        }
        return vector;
    }

    public String getEntityUrl(Reference reference) {
        return null;
    }

    public String archive(String str, Document document, Stack stack, String str2, List list) {
        return "";
    }

    public String merge(String str, Element element, String str2, String str3, Map map, Map map2, Set set) {
        return "";
    }

    public void addAuthzGroupAdvisor(AuthzGroupAdvisor authzGroupAdvisor) {
        if (authzGroupAdvisor != null) {
            this.authzGroupAdvisors.add(authzGroupAdvisor);
        }
    }

    public boolean removeAuthzGroupAdvisor(AuthzGroupAdvisor authzGroupAdvisor) {
        if (authzGroupAdvisor != null) {
            return this.authzGroupAdvisors.remove(authzGroupAdvisor);
        }
        return false;
    }

    public List<AuthzGroupAdvisor> getAuthzGroupAdvisors() {
        return Collections.unmodifiableList(this.authzGroupAdvisors);
    }

    public Set getMaintainRoles() {
        return this.m_storage.getMaintainRoles();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<String> getEmptyRoles(String str) {
        HashSet hashSet = new HashSet();
        hashSet.add(".anon");
        if (str != null && !userDirectoryService().getAnonymousUser().getId().equals(str)) {
            String decodeRoleFromDummyUser = decodeRoleFromDummyUser(str);
            if (decodeRoleFromDummyUser != null) {
                hashSet.remove(".anon");
                hashSet.add(decodeRoleFromDummyUser);
            } else {
                hashSet.add(".auth");
                if (this.m_roleProvider != null) {
                    hashSet.addAll(this.m_roleProvider.getAdditionalRoles(str));
                }
            }
        }
        return hashSet;
    }

    public Set<String> getAdditionalRoles() {
        HashSet hashSet = new HashSet();
        if (isAllowedAnon()) {
            hashSet.add(".anon");
        }
        if (isAllowedAuth()) {
            hashSet.add(".auth");
        }
        if (this.m_roleProvider != null) {
            hashSet.addAll(this.m_roleProvider.getAllAdditionalRoles());
        }
        return hashSet;
    }

    public boolean isRoleAssignable(String str) {
        return !str.startsWith(".");
    }

    public String getRoleName(String str) {
        String str2 = null;
        if (".anon".equals(str)) {
            str2 = this.rb.getString("role.anon");
        } else if (".auth".equals(str)) {
            str2 = this.rb.getString("role.auth");
        } else if (this.m_roleProvider != null) {
            str2 = this.m_roleProvider.getDisplayName(str);
        }
        return str2 == null ? str : str2;
    }

    public String getRoleGroupName(String str) {
        String str2 = null;
        if ("".equals(str)) {
            str2 = this.rb.getString("generic.role.group");
        } else if (this.m_roleProvider != null) {
            str2 = this.m_roleProvider.getDisplayName(str);
        }
        return str2 == null ? str : str2;
    }

    protected boolean isAllowedAnon() {
        return serverConfigurationService().getBoolean("sitemanage.grant.anon", false);
    }

    protected boolean isAllowedAuth() {
        return serverConfigurationService().getBoolean("sitemanage.grant.auth", false);
    }
}
