package lsfusion.server.physics.admin.authentication.security.controller.manager;

import com.google.common.base.Supplier;
import com.google.common.base.Throwables;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.naming.CommunicationException;
import lsfusion.base.ApiResourceBundle;
import lsfusion.base.BaseUtils;
import lsfusion.base.Pair;
import lsfusion.base.col.MapFact;
import lsfusion.base.col.interfaces.immutable.ImMap;
import lsfusion.base.col.interfaces.immutable.ImOrderMap;
import lsfusion.interop.base.exception.AuthenticationException;
import lsfusion.interop.base.exception.LockedException;
import lsfusion.interop.base.exception.LoginException;
import lsfusion.interop.connection.AuthenticationToken;
import lsfusion.interop.connection.authentication.Authentication;
import lsfusion.interop.connection.authentication.OAuth2Authentication;
import lsfusion.interop.connection.authentication.PasswordAuthentication;
import lsfusion.server.base.controller.lifecycle.LifecycleEvent;
import lsfusion.server.base.controller.manager.LogicsManager;
import lsfusion.server.data.expr.key.KeyExpr;
import lsfusion.server.data.query.build.QueryBuilder;
import lsfusion.server.data.sql.exception.SQLHandledException;
import lsfusion.server.data.value.DataObject;
import lsfusion.server.data.value.ObjectValue;
import lsfusion.server.language.property.LP;
import lsfusion.server.language.property.oraction.LAP;
import lsfusion.server.logics.BaseLogicsModule;
import lsfusion.server.logics.BusinessLogics;
import lsfusion.server.logics.action.controller.stack.ExecutionStack;
import lsfusion.server.logics.action.session.DataSession;
import lsfusion.server.logics.classes.user.ConcreteObjectClass;
import lsfusion.server.logics.navigator.NavigatorElement;
import lsfusion.server.logics.property.oraction.ActionOrProperty;
import lsfusion.server.physics.admin.Settings;
import lsfusion.server.physics.admin.SystemProperties;
import lsfusion.server.physics.admin.authentication.AuthenticationLogicsModule;
import lsfusion.server.physics.admin.authentication.LDAPAuthenticationService;
import lsfusion.server.physics.admin.authentication.LDAPParameters;
import lsfusion.server.physics.admin.authentication.UserInfo;
import lsfusion.server.physics.admin.authentication.security.SecurityLogicsModule;
import lsfusion.server.physics.admin.authentication.security.policy.RoleSecurityPolicy;
import lsfusion.server.physics.admin.authentication.security.policy.SecurityPolicy;
import lsfusion.server.physics.admin.log.ServerLoggers;
import lsfusion.server.physics.admin.reflection.ReflectionLogicsModule;
import lsfusion.server.physics.exec.db.controller.manager.DBManager;
import org.apache.log4j.Logger;
import org.jose4j.mac.MacUtil;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
import org.stringtemplate.v4.ST;

/* loaded from: input_file:lsfusion/server/physics/admin/authentication/security/controller/manager/SecurityManager.class */
public class SecurityManager extends LogicsManager implements InitializingBean {
    private static final Logger systemLogger = ServerLoggers.systemLogger;

    @Deprecated
    public static SecurityPolicy baseServerSecurityPolicy = new SecurityPolicy();
    private final HashMap<Long, Object> cachedSecuritySemaphores;
    public ConcurrentHashMap<Long, RoleSecurityPolicy> cachedSecurityPolicies;
    private BusinessLogics businessLogics;
    private DBManager dbManager;
    private String initialAdminPassword;
    private BaseLogicsModule LM;
    private AuthenticationLogicsModule authenticationLM;
    private SecurityLogicsModule securityLM;
    private ReflectionLogicsModule reflectionLM;
    private DataObject adminUserRole;
    private DataObject readOnlyUserRole;
    private DataObject adminUser;
    private DataObject anonymousUser;
    private String secret;

    private synchronized Object getCachedSecuritySemaphore(Long l) {
        return this.cachedSecuritySemaphores.computeIfAbsent(l, l2 -> {
            return new Object();
        });
    }

    @Override // lsfusion.server.base.controller.manager.LogicsManager
    protected BusinessLogics getBusinessLogics() {
        return this.businessLogics;
    }

    public SecurityManager() {
        super(400);
        this.cachedSecuritySemaphores = new HashMap<>();
        this.cachedSecurityPolicies = new ConcurrentHashMap<>();
        this.adminUserRole = null;
        this.readOnlyUserRole = null;
        this.adminUser = null;
        this.anonymousUser = null;
        this.secret = null;
    }

    public void setBusinessLogics(BusinessLogics businessLogics) {
        this.businessLogics = businessLogics;
    }

    public void setDbManager(DBManager dBManager) {
        this.dbManager = dBManager;
    }

    public void setInitialAdminPassword(String str) {
        this.initialAdminPassword = str;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        Assert.notNull(this.businessLogics, "businessLogics must be specified");
        Assert.notNull(this.dbManager, "dbManager must be specified");
    }

    @Override // lsfusion.server.base.controller.lifecycle.LifecycleAdapter
    protected void onInit(LifecycleEvent lifecycleEvent) {
        ServerLoggers.startLog("Initializing security manager");
        this.LM = this.businessLogics.LM;
        this.authenticationLM = this.businessLogics.authenticationLM;
        this.securityLM = this.businessLogics.securityLM;
        this.reflectionLM = this.businessLogics.reflectionLM;
    }

    @Override // lsfusion.server.base.controller.lifecycle.LifecycleAdapter
    protected void onStarted(LifecycleEvent lifecycleEvent) {
        ServerLoggers.startLog("Starting security manager");
        try {
            this.businessLogics.initAuthentication(this);
        } catch (SQLException | SQLHandledException e) {
            throw new RuntimeException("Error starting security manager: ", e);
        }
    }

    public void initUsers() throws SQLException, SQLHandledException {
        Throwable th;
        Throwable th2 = null;
        try {
            DataSession createSession = createSession();
            try {
                this.securityLM.createSystemUserRoles.execute(createSession, getStack(), new ObjectValue[0]);
                apply(createSession);
                if (createSession != null) {
                    createSession.close();
                }
                th2 = null;
                try {
                    createSession = createSession();
                    try {
                        this.adminUserRole = (DataObject) this.securityLM.userRoleSID.readClasses(createSession, new DataObject("admin"));
                        this.readOnlyUserRole = (DataObject) this.securityLM.userRoleSID.readClasses(createSession, new DataObject("readonly"));
                        this.adminUser = initUser("admin", createSession);
                        this.anonymousUser = initUser(ST.UNKNOWN_NAME, createSession);
                        if (createSession != null) {
                            createSession.close();
                        }
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }

    private DataObject initUser(String str, DataSession dataSession) throws SQLException, SQLHandledException {
        DataObject readUser = readUser(str, dataSession);
        if (readUser != null) {
            return readUser;
        }
        DataObject addUser = addUser(str, this.initialAdminPassword, dataSession);
        apply(dataSession);
        return new DataObject((Long) addUser.object, (ConcreteObjectClass) this.authenticationLM.customUser);
    }

    private Pair<DataObject, String> initAndUpdateUser(DataSession dataSession, ExecutionStack executionStack, String str, Supplier<String> supplier, String str2, String str3, String str4, List<String> list, boolean z, Map<String, String> map) throws SQLException, SQLHandledException {
        DataObject dataObject;
        Pair<DataObject, String> readUser = readUser(str, str4, dataSession);
        if (readUser == null || readUser.second == null) {
            if (z && this.securityLM.disableRoleSID.read(dataSession, new DataObject(list.get(0))) != null) {
                return null;
            }
            if (readUser == null) {
                dataObject = addUser(str, supplier.get(), dataSession);
            } else {
                dataObject = readUser.first;
                this.authenticationLM.loginCustomUser.change(str, dataSession, dataObject);
            }
            readUser = new Pair<>(dataObject, str);
        } else if (z) {
            list = null;
        }
        setUserParameters(readUser.first, str2, str3, str4, list, map, dataSession);
        apply(dataSession, executionStack);
        return readUser;
    }

    public DataObject getAdminUser() {
        return this.adminUser;
    }

    public DataObject getDefaultLoginUser() {
        return SystemProperties.inDevMode ? this.adminUser : this.anonymousUser;
    }

    private DataSession createSession() throws SQLException {
        return this.dbManager.createSession();
    }

    protected DataObject addUser(String str, String str2, DataSession dataSession) throws SQLException, SQLHandledException {
        DataObject addObject = dataSession.addObject(this.authenticationLM.customUser);
        this.authenticationLM.loginCustomUser.change(str, dataSession, addObject);
        this.authenticationLM.sha256PasswordCustomUser.change(BaseUtils.calculateBase64Hash("SHA-256", str2.trim(), UserInfo.salt), dataSession, addObject);
        return addObject;
    }

    public Pair<DataObject, String> readUser(String str, String str2, DataSession dataSession) throws SQLException, SQLHandledException {
        DataObject readUser = readUser(str, dataSession);
        if (readUser != null) {
            return new Pair<>(readUser, str);
        }
        if (str2 == null) {
            return null;
        }
        ObjectValue readClasses = this.authenticationLM.customUserEmail.readClasses(dataSession, new DataObject(str2));
        if (readClasses.isNull()) {
            return null;
        }
        DataObject dataObject = (DataObject) readClasses;
        return new Pair<>(dataObject, (String) this.authenticationLM.loginCustomUser.read(dataSession, dataObject));
    }

    public DataObject readUser(String str, DataSession dataSession) throws SQLException, SQLHandledException {
        ObjectValue readClasses = this.authenticationLM.customUserLogin.readClasses(dataSession, new DataObject(str));
        if (readClasses.isNull()) {
            return null;
        }
        return (DataObject) readClasses;
    }

    public DataObject getUser(String str, DataSession dataSession) throws SQLException, SQLHandledException {
        if (str == null) {
            return getDefaultLoginUser();
        }
        DataObject readUser = readUser(str, dataSession);
        if (readUser == null) {
            throw new AuthenticationException(String.format("User with login %s not found", str));
        }
        return readUser;
    }

    public void initSecret() throws SQLException, SQLHandledException {
        Throwable th = null;
        try {
            DataSession createSession = createSession();
            try {
                LP lp = this.authenticationLM.secret;
                String str = (String) lp.read(createSession, new ObjectValue[0]);
                if (str == null) {
                    str = BaseUtils.generatePassword(32, false, false);
                    lp.change(str, createSession, new DataObject[0]);
                    apply(createSession);
                }
                this.secret = str;
                if (createSession != null) {
                    createSession.close();
                }
            } catch (Throwable th2) {
                if (createSession != null) {
                    createSession.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    public String parseToken(AuthenticationToken authenticationToken) {
        if (authenticationToken.isAnonymous()) {
            return null;
        }
        try {
            return Jwts.parser().setSigningKey(this.secret).parseClaimsJws(authenticationToken.string).getBody().getSubject();
        } catch (Exception e) {
            throw new AuthenticationException(String.format("Failed to parse token %s: %s", authenticationToken.string, e.getMessage()));
        }
    }

    public AuthenticationToken generateToken(String str) {
        return generateToken(str, null);
    }

    public AuthenticationToken generateToken(String str, Integer num) {
        Claims subject = Jwts.claims().setSubject(str);
        subject.setExpiration(new Date(System.currentTimeMillis() + ((num != null ? num.intValue() : Settings.get().getAuthTokenExpiration()) * 1000 * 60)));
        return new AuthenticationToken(Jwts.builder().setClaims(subject).signWith(SignatureAlgorithm.HS512, this.secret).compact());
    }

    public String signData(String str) {
        try {
            Mac mac = Mac.getInstance(MacUtil.HMAC_SHA256);
            mac.init(new SecretKeySpec(BaseUtils.getHashBytes(this.secret), MacUtil.HMAC_SHA256));
            return Base64.getUrlEncoder().withoutPadding().encodeToString(mac.doFinal(BaseUtils.getHashBytes(str)));
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw Throwables.propagate(e);
        }
    }

    public boolean verifyData(String str, String str2) {
        return signData(str).equals(str2);
    }

    private String getWebClientSecret() {
        Throwable th = null;
        try {
            try {
                DataSession createSession = createSession();
                try {
                    String str = (String) this.authenticationLM.webClientSecret.read(createSession, new ObjectValue[0]);
                    if (createSession != null) {
                        createSession.close();
                    }
                    return str;
                } catch (Throwable th2) {
                    if (createSession != null) {
                        createSession.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    public AuthenticationToken authenticateUser(Authentication authentication, ExecutionStack executionStack) {
        Throwable th = null;
        try {
            try {
                DataSession createSession = createSession();
                try {
                    String userName = authentication.getUserName();
                    Pair<DataObject, String> pair = null;
                    if (authentication instanceof PasswordAuthentication) {
                        String password = ((PasswordAuthentication) authentication).getPassword();
                        if (this.authenticationLM.useLDAP.read(createSession, new ObjectValue[0]) != null) {
                            try {
                                LDAPParameters authenticate = new LDAPAuthenticationService((String) this.authenticationLM.serverLDAP.read(createSession, new ObjectValue[0]), (Integer) this.authenticationLM.portLDAP.read(createSession, new ObjectValue[0]), (String) this.authenticationLM.baseDNLDAP.read(createSession, new ObjectValue[0]), (String) this.authenticationLM.userDNSuffixLDAP.read(createSession, new ObjectValue[0])).authenticate(userName, password);
                                if (!authenticate.isConnected()) {
                                    throw new LoginException();
                                }
                                pair = initAndUpdateUser(createSession, executionStack, userName, () -> {
                                    return password;
                                }, authenticate.getFirstName(), authenticate.getLastName(), authenticate.getEmail(), authenticate.getGroupNames(), false, authenticate.getAttributes());
                            } catch (CommunicationException e) {
                                systemLogger.error("LDAP authentication failed", e);
                            }
                        }
                        if (pair == null) {
                            pair = readUser(userName, userName, createSession);
                            if (pair == null || pair.second == null || !this.authenticationLM.checkPassword(createSession, pair.first, password)) {
                                throw new LoginException();
                            }
                        }
                    } else {
                        OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) authentication;
                        String authSecret = oAuth2Authentication.getAuthSecret();
                        if (authSecret == null || !authSecret.equals(getWebClientSecret())) {
                            throw new AuthenticationException(ApiResourceBundle.getString("exceptions.incorrect.web.client.auth.token"));
                        }
                        pair = initAndUpdateUser(createSession, executionStack, oAuth2Authentication.getUserName(), () -> {
                            return BaseUtils.generatePassword(20, false, true);
                        }, oAuth2Authentication.getFirstName(), oAuth2Authentication.getLastName(), oAuth2Authentication.getEmail(), Collections.singletonList("selfRegister"), true, oAuth2Authentication.getAttributes());
                        if (pair == null) {
                            throw new LoginException();
                        }
                    }
                    if (this.authenticationLM.isLockedCustomUser.read(createSession, pair.first) != null) {
                        throw new LockedException();
                    }
                    AuthenticationToken generateToken = generateToken(pair.second);
                    if (createSession != null) {
                        createSession.close();
                    }
                    return generateToken;
                } catch (Throwable th2) {
                    if (createSession != null) {
                        createSession.close();
                    }
                    throw th2;
                }
            } catch (SQLException | SQLHandledException e2) {
                throw Throwables.propagate(e2);
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    public SecurityPolicy getSecurityPolicy(DataSession dataSession, DataObject dataObject) {
        ArrayList arrayList = new ArrayList();
        try {
            Set<DataObject> readUserRoleSet = readUserRoleSet(dataSession, dataObject);
            if (!SystemProperties.lightStart || !readUserRoleSet.contains(this.adminUserRole)) {
                Iterator<DataObject> it = readUserRoleSet.iterator();
                while (it.hasNext()) {
                    arrayList.add(getRoleSecurityPolicy(dataSession, it.next()));
                }
            }
            return new SecurityPolicy(arrayList);
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    public RoleSecurityPolicy getReadOnlySecurityPolicy(DataSession dataSession) throws SQLException, SQLHandledException {
        return getRoleSecurityPolicy(dataSession, this.readOnlyUserRole);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v11 */
    /* JADX WARN: Type inference failed for: r0v12, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v18 */
    private RoleSecurityPolicy getRoleSecurityPolicy(DataSession dataSession, DataObject dataObject) throws SQLException, SQLHandledException {
        Long l = (Long) dataObject.getValue();
        RoleSecurityPolicy roleSecurityPolicy = this.cachedSecurityPolicies.get(l);
        if (roleSecurityPolicy == null) {
            ?? cachedSecuritySemaphore = getCachedSecuritySemaphore(l);
            synchronized (cachedSecuritySemaphore) {
                roleSecurityPolicy = this.cachedSecurityPolicies.get(l);
                if (roleSecurityPolicy == null) {
                    roleSecurityPolicy = readSecurityPolicy(dataObject, dataSession);
                    this.cachedSecurityPolicies.put((Long) dataObject.getValue(), roleSecurityPolicy);
                }
                cachedSecuritySemaphore = cachedSecuritySemaphore;
            }
        }
        return roleSecurityPolicy;
    }

    /* JADX WARN: Finally extract failed */
    public void prereadSecurityPolicies() {
        Throwable th = null;
        try {
            try {
                DataSession createSession = createSession();
                try {
                    for (DataObject dataObject : readUserRoleSet(createSession, null)) {
                        this.cachedSecurityPolicies.put((Long) dataObject.getValue(), readSecurityPolicy(dataObject, createSession));
                    }
                    if (createSession != null) {
                        createSession.close();
                    }
                } catch (Throwable th2) {
                    if (createSession != null) {
                        createSession.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    private RoleSecurityPolicy readSecurityPolicy(DataObject dataObject, DataSession dataSession) throws SQLException, SQLHandledException {
        LAP findAction;
        dataSession.sql.pushNoQueryLimit();
        try {
            RoleSecurityPolicy roleSecurityPolicy = new RoleSecurityPolicy(dataObject.equals(this.readOnlyUserRole));
            KeyExpr keyExpr = new KeyExpr("navigatorElement");
            QueryBuilder queryBuilder = new QueryBuilder(MapFact.singletonRev("navigatorElement", keyExpr));
            queryBuilder.addProperty("canonicalName", this.reflectionLM.canonicalNameNavigatorElement.getExpr(dataSession.getModifier(), keyExpr));
            queryBuilder.addProperty("permission", this.securityLM.permissionUserRoleNavigatorElement.getExpr(dataSession.getModifier(), dataObject.getExpr(), keyExpr));
            queryBuilder.and(this.reflectionLM.canonicalNameNavigatorElement.getExpr(dataSession.getModifier(), keyExpr).getWhere());
            queryBuilder.and(this.securityLM.permissionUserRoleNavigatorElement.getExpr(dataSession.getModifier(), dataObject.getExpr(), keyExpr).getWhere());
            for (ImMap imMap : queryBuilder.execute(dataSession).values()) {
                String str = (String) imMap.get("canonicalName");
                NavigatorElement findNavigatorElement = this.businessLogics.findNavigatorElement(str);
                if (findNavigatorElement != null) {
                    roleSecurityPolicy.navigator.setPermission(findNavigatorElement, getPermissionValue(imMap.get("permission")));
                } else {
                    ServerLoggers.startLogDebug(String.format("NavigatorElement '%s' is not found when applying security policy", str));
                }
            }
            KeyExpr keyExpr2 = new KeyExpr("actionOrProperty");
            QueryBuilder queryBuilder2 = new QueryBuilder(MapFact.singletonRev("actionOrProperty", keyExpr2));
            queryBuilder2.addProperty("canonicalName", this.reflectionLM.canonicalNameActionOrProperty.getExpr(dataSession.getModifier(), keyExpr2));
            queryBuilder2.addProperty("isProperty", this.reflectionLM.isProperty.getExpr(dataSession.getModifier(), keyExpr2));
            queryBuilder2.addProperty("permissionView", this.securityLM.permissionViewUserRoleActionOrProperty.getExpr(dataSession.getModifier(), dataObject.getExpr(), keyExpr2));
            queryBuilder2.addProperty("permissionChange", this.securityLM.permissionChangeUserRoleActionOrProperty.getExpr(dataSession.getModifier(), dataObject.getExpr(), keyExpr2));
            queryBuilder2.addProperty("permissionEditObjects", this.securityLM.permissionEditObjectsUserRoleActionOrProperty.getExpr(dataSession.getModifier(), dataObject.getExpr(), keyExpr2));
            queryBuilder2.addProperty("permissionGroupChange", this.securityLM.permissionGroupChangeUserRoleActionOrProperty.getExpr(dataSession.getModifier(), dataObject.getExpr(), keyExpr2));
            queryBuilder2.and(this.reflectionLM.canonicalNameActionOrProperty.getExpr(dataSession.getModifier(), keyExpr2).getWhere());
            queryBuilder2.and(this.securityLM.permissionViewUserRoleActionOrProperty.getExpr(dataSession.getModifier(), dataObject.getExpr(), keyExpr2).getWhere().or(this.securityLM.permissionChangeUserRoleActionOrProperty.getExpr(dataSession.getModifier(), dataObject.getExpr(), keyExpr2).getWhere()).or(this.securityLM.permissionEditObjectsUserRoleActionOrProperty.getExpr(dataSession.getModifier(), dataObject.getExpr(), keyExpr2).getWhere()).or(this.securityLM.permissionGroupChangeUserRoleActionOrProperty.getExpr(dataSession.getModifier(), dataObject.getExpr(), keyExpr2).getWhere()));
            for (ImMap imMap2 : queryBuilder2.execute(dataSession).values()) {
                String trim = BaseUtils.trim((String) imMap2.get("canonicalName"));
                if (imMap2.get("isProperty") != null) {
                    try {
                        findAction = this.businessLogics.findProperty(trim);
                    } catch (Throwable unused) {
                    }
                } else {
                    findAction = this.businessLogics.findAction(trim);
                }
                LAP lap = findAction;
                if (lap != null) {
                    ActionOrProperty actionOrProperty = lap.getActionOrProperty();
                    roleSecurityPolicy.propertyView.setPermission(actionOrProperty, getPermissionValue(imMap2.get("permissionView")));
                    roleSecurityPolicy.propertyChange.setPermission(actionOrProperty, getPermissionValue(imMap2.get("permissionChange")));
                    roleSecurityPolicy.propertyEditObjects.setPermission(actionOrProperty, getPermissionValue(imMap2.get("permissionEditObjects")));
                    roleSecurityPolicy.propertyGroupChange.setPermission(actionOrProperty, getPermissionValue(imMap2.get("permissionGroupChange")));
                } else {
                    ServerLoggers.startLogDebug(String.format("Property '%s' is not found when applying security policy", trim));
                }
            }
            return roleSecurityPolicy;
        } finally {
            dataSession.sql.popNoQueryLimit();
        }
    }

    private Set<DataObject> readUserRoleSet(DataSession dataSession, DataObject dataObject) throws SQLException, SQLHandledException {
        HashSet hashSet = new HashSet();
        KeyExpr keyExpr = new KeyExpr("userRole");
        QueryBuilder queryBuilder = new QueryBuilder(MapFact.singletonRev("userRole", keyExpr));
        queryBuilder.and(this.LM.is(this.securityLM.userRole).getExpr(keyExpr).getWhere());
        if (dataObject != null) {
            queryBuilder.and(this.securityLM.hasUserRole.getExpr(dataSession.getModifier(), dataObject.getExpr(), keyExpr).getWhere());
        }
        queryBuilder.and(this.securityLM.disableRole.getExpr(dataSession.getModifier(), keyExpr).getWhere().not());
        ImOrderMap executeClasses = queryBuilder.executeClasses(dataSession);
        int size = executeClasses.size();
        for (int i = 0; i < size; i++) {
            hashSet.add((DataObject) ((ImMap) executeClasses.getKey(i)).get("userRole"));
        }
        return hashSet;
    }

    public Boolean getPermissionValue(Object obj) {
        if (obj == null) {
            return null;
        }
        String str = (String) obj;
        switch (str.hashCode()) {
            case 795624788:
                return !str.equals("Security_Permission.forbid") ? null : false;
            case 1072691675:
                return !str.equals("Security_Permission.permit") ? null : true;
            default:
                return null;
        }
    }

    public void setUserParameters(DataObject dataObject, String str, String str2, String str3, List<String> list, Map<String, String> map, DataSession dataSession) {
        if (str != null) {
            try {
                this.authenticationLM.firstNameContact.change(str, dataSession, dataObject);
            } catch (SQLException | SQLHandledException e) {
                throw Throwables.propagate(e);
            }
        }
        if (str2 != null) {
            this.authenticationLM.lastNameContact.change(str2, dataSession, dataObject);
        }
        if (str3 != null) {
            this.authenticationLM.emailContact.change(str3, dataSession, dataObject);
        }
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                ObjectValue readClasses = this.securityLM.userRoleSID.readClasses(dataSession, new DataObject(it.next()));
                if (readClasses instanceof DataObject) {
                    this.securityLM.inCustomUserUserRole.change((Boolean) true, dataSession, dataObject, (DataObject) readClasses);
                    break;
                }
            }
        }
        if (map != null) {
            for (String str4 : map.keySet()) {
                String str5 = map.get(str4);
                if (str5 != null) {
                    this.authenticationLM.attributes.change(str5, dataSession, dataObject, new DataObject(str4));
                }
            }
        }
    }
}
