package oracle.security.xs.internal;

import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.locks.Lock;
import java.util.logging.Level;
import java.util.logging.Logger;
import oracle.security.xs.Role;
import oracle.security.xs.Session;
import oracle.security.xs.XSException;
import oracle.security.xs.XSPrincipalException;
import oracle.security.xs.XSSessionManagerException;
import oracle.security.xs.cache.XSLock;
import oracle.security.xs.entity.Ace;
import oracle.security.xs.entity.Acl;
import oracle.security.xs.entity.Principal;
import oracle.security.xs.entity.Privilege;
import oracle.security.xs.entity.SecurityClass;

/* loaded from: input_file:oracle/security/xs/internal/AclEvaluator.class */
public class AclEvaluator {
    private static final Lock r = XSLock.getReadLock();
    static Logger logger = Logger.getLogger("oracle.security.xs.AclEvaluator");

    public static AclResults evaluateACL(SessionImpl sessionImpl, long j) throws XSException, XSSessionManagerException, SQLException {
        if (j == 0) {
            return null;
        }
        int i = 0;
        while (0 == 0) {
            AclResults fetchCachedResult = sessionImpl.getSessionInfo().fetchCachedResult(j);
            long currentTimeMillis = System.currentTimeMillis();
            if (fetchCachedResult == null || !fetchCachedResult.checkValidity(currentTimeMillis)) {
                fetchCachedResult = doAclEvaluation(sessionImpl, j, currentTimeMillis, true);
            }
            sessionImpl.getSessionManager().getCacheManager().checkUpdate();
            if (fetchCachedResult.getAcl().isValid() || fetchCachedResult.getAcl().isMissing()) {
                sessionImpl.getSessionInfo().cacheACLEvalRes(j, fetchCachedResult);
                return fetchCachedResult;
            }
            if (logger.isLoggable(Level.FINEST)) {
                int i2 = i;
                i++;
                logger.log(Level.FINEST, " Thread-" + Thread.currentThread().getId() + " looping at evaluatAcl, i=" + i2 + " acl status=" + fetchCachedResult.getAcl().getStatus() + " acl id=" + fetchCachedResult.getAcl().getId());
            }
        }
        return null;
    }

    public static AclResults doAclEvaluation(SessionImpl sessionImpl, long j, long j2, boolean z) throws XSException, XSSessionManagerException, SQLException {
        if (j == 0) {
            return null;
        }
        Timestamp timestamp = new Timestamp(j2);
        Acl fetchACL = sessionImpl.getSessionManager().getCacheManager().fetchACL(j, !z);
        if (fetchACL == null) {
            throw new XSException("INVALID_ACL", new Object[]{Long.valueOf(j)});
        }
        AclResults aclResults = new AclResults(fetchACL);
        aclResults.setExpiretime(timestamp.getTime() + (((XSSessionManagerImpl) SessionManagerCache.get(sessionImpl.getDispatcherSid())).getCacheMaxIdleTime() * 60 * 1000));
        for (Ace ace : fetchACL.getAces()) {
            if (isPrincipalExistingInCache(sessionImpl, ace)) {
                boolean isPrincipalInSession = sessionImpl.isPrincipalInSession(ace.getPrincipal());
                if (ace.isEffective(timestamp)) {
                    if (ace.getEndDate() != null && aclResults.getExpireTime() < ace.getEndDate().getTime()) {
                        aclResults.setExpiretime(ace.getEndDate().getTime());
                    }
                } else if (ace.getStartDate().getTime() >= j2) {
                    if (aclResults.getExpireTime() > ace.getStartDate().getTime()) {
                        aclResults.setExpiretime(ace.getStartDate().getTime());
                    }
                }
                if ((!ace.isInvert() && isPrincipalInSession) || (ace.isInvert() && !isPrincipalInSession)) {
                    Iterator<Privilege> it = ace.getPrivileges().iterator();
                    while (it.hasNext()) {
                        List<Long> privileges = getPrivileges(fetchACL, it.next().getId());
                        if (privileges != null) {
                            for (Long l : privileges) {
                                if (ace.isGrant()) {
                                    aclResults.addToGrantList(l.longValue());
                                } else {
                                    aclResults.addToDenyList(l.longValue());
                                }
                            }
                        }
                    }
                }
            }
        }
        if (fetchACL.getParentId() != 0) {
            AclResults doAclEvaluation = doAclEvaluation(sessionImpl, fetchACL.getParentId(), j2, false);
            if (fetchACL.isParentConstraint()) {
                aclResults.getGrantTS().retainAll(doAclEvaluation.getGrantTS());
                aclResults.getDenyTS().addAll(doAclEvaluation.getDenyTS());
            } else if (fetchACL.isParentExtended()) {
                doAclEvaluation.getGrantTS().removeAll(aclResults.getDenyTS());
                doAclEvaluation.getDenyTS().removeAll(aclResults.getGrantTS());
                aclResults.getGrantTS().addAll(doAclEvaluation.getGrantTS());
                aclResults.getDenyTS().addAll(doAclEvaluation.getDenyTS());
            }
        }
        return aclResults;
    }

    private static List<Long> getPrivileges(Acl acl, long j) {
        List<Long> list = null;
        SecurityClass securityClass = acl.getSecurityClass();
        if (securityClass != null) {
            list = securityClass.getPrivileges(j);
        }
        return list;
    }

    public static int checkAclResult(SessionImpl sessionImpl, long j, long j2, AuthResult authResult) throws XSException, XSSessionManagerException, SQLException, XSPrincipalException {
        int i = 3;
        if (j == 0) {
            return 3;
        }
        boolean z = false;
        while (!z) {
            Acl fetchACL = sessionImpl.getSessionManager().getCacheManager().fetchACL(j, false);
            if (fetchACL == null) {
                throw new XSException("INVALID_ACL", new Object[]{Long.valueOf(j)});
            }
            i = doAclResultCheck(sessionImpl, fetchACL, j2, authResult);
            sessionImpl.getSessionManager().getCacheManager().checkUpdate();
            if (fetchACL.isValid() || fetchACL.isMissing()) {
                z = true;
            }
        }
        return i;
    }

    public static int doAclResultCheck(SessionImpl sessionImpl, Acl acl, long j, AuthResult authResult) throws XSException, XSSessionManagerException, SQLException, XSPrincipalException {
        int i = 3;
        AuthResult authResult2 = new AuthResult();
        for (Ace ace : acl.getAces()) {
            if (i != 3) {
                break;
            }
            if (isPrincipalExistingInCache(sessionImpl, ace)) {
                long principal = ace.getPrincipal();
                boolean isPrincipalInSession = sessionImpl.isPrincipalInSession(principal);
                if (ace.isEffective(new Timestamp(System.currentTimeMillis()))) {
                    Iterator<Privilege> it = ace.getPrivileges().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        List<Long> privileges = getPrivileges(acl, it.next().getId());
                        if (privileges != null && privileges.contains(Long.valueOf(j))) {
                            if ((ace.isInvert() || !isPrincipalInSession) && (!ace.isInvert() || isPrincipalInSession)) {
                                if (authResult2.isInitial()) {
                                    authResult2.setAuthResult(ace.isInvert(), ace.isGrant(), isPrincipalInSession, sessionImpl.getSessionManager().getCacheManager().isRoleDynamic(principal), isPrincipalInSession, new Role(sessionImpl.getSessionManager().getCacheManager().getDynamicRole(principal), principal));
                                }
                            } else if (ace.isGrant()) {
                                i = 1;
                                authResult2.setAuthResult(ace.isInvert(), true, isPrincipalInSession, sessionImpl.getSessionManager().getCacheManager().isRoleDynamic(principal), isPrincipalInSession, new Role(sessionImpl.getSessionManager().getCacheManager().getDynamicRole(principal), principal));
                            } else {
                                i = 2;
                                authResult2.setAuthResult(ace.isInvert(), false, isPrincipalInSession, sessionImpl.getSessionManager().getCacheManager().isRoleDynamic(principal), isPrincipalInSession, new Role(sessionImpl.getSessionManager().getCacheManager().getDynamicRole(principal), principal));
                            }
                        }
                    }
                }
            }
        }
        int i2 = i;
        if (acl.getParentId() == 0) {
            authResult.copy(authResult2);
        } else {
            AuthResult authResult3 = new AuthResult();
            int checkAclResult = checkAclResult(sessionImpl, acl.getParentId(), j, authResult3);
            if (acl.isParentConstraint()) {
                if (i == 2) {
                    authResult.copy(authResult2);
                    i2 = i;
                } else if (checkAclResult == 2) {
                    authResult.copy(authResult3);
                    i2 = checkAclResult;
                } else if (i == 3 && !authResult2.isInitial()) {
                    authResult.copy(authResult2);
                    i2 = i;
                } else if (checkAclResult != 3 || authResult3.isInitial()) {
                    i2 = 1;
                    authResult.setStatus(0);
                } else {
                    authResult.copy(authResult3);
                    i2 = checkAclResult;
                }
            } else if (acl.isParentExtended()) {
                if (i == 2) {
                    authResult.copy(authResult2);
                    i2 = i;
                } else if (i == 3 && checkAclResult == 2) {
                    authResult.copy(authResult3);
                    i2 = checkAclResult;
                } else if (i == 3 && checkAclResult == 3) {
                    if (!authResult2.isInitial()) {
                        authResult.copy(authResult2);
                    } else if (!authResult3.isInitial()) {
                        authResult.copy(authResult3);
                    }
                    i2 = checkAclResult;
                } else {
                    i2 = 1;
                    authResult.setStatus(0);
                }
            }
        }
        return i2;
    }

    private static boolean isPrincipalExistingInCache(SessionImpl sessionImpl, Ace ace) throws XSException {
        Principal principal = sessionImpl.getSessionManager().getCacheManager().getPrincipalCache().get(Long.valueOf(ace.getPrincipal()));
        return principal != null && principal.isExisting();
    }

    public static long getPrivilegeId(Session session, long j, String str) throws XSException, SQLException {
        return getPrivilegeId(((SessionImpl) session).getSessionManager().getCacheManager().fetchACL(j, false), str);
    }

    private static long getPrivilegeId(Acl acl, String str) throws XSException {
        long j = 0;
        if (acl == null) {
            return 0L;
        }
        SecurityClass securityClass = acl.getSecurityClass();
        if (securityClass != null) {
            j = securityClass.getPrivilegeID(str);
        }
        return j != 0 ? j : getPrivilegeId(acl.getParent(), str);
    }
}
