package org.wso2.carbon.user.core.authorization;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.BitSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.cache.Cache;
import javax.cache.Caching;
import javax.sql.DataSource;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.registry.api.GhostResource;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.authorization.TreeNode;
import org.wso2.carbon.user.core.internal.UserStoreMgtDSComponent;
import org.wso2.carbon.user.core.util.DatabaseUtil;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.xml.StringUtils;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.user.core-4.6.0-alpha4.jar:org/wso2/carbon/user/core/authorization/PermissionTree.class */
public class PermissionTree {
    private static final String PERMISSION_CACHE_MANAGER = "PERMISSION_CACHE_MANAGER";
    private static final String PERMISSION_CACHE = "PERMISSION_CACHE";
    private static final String CASE_INSENSITIVE_USERNAME = "CaseInsensitiveUsername";
    private static Log log = LogFactory.getLog(PermissionTree.class);
    private final ReadWriteLock readWriteLock;
    private final Lock read;
    private final Lock write;
    protected TreeNode root;
    protected int tenantId;
    protected String cacheIdentifier;
    protected volatile int hashValueOfRootNode;
    protected DataSource dataSource;
    protected boolean preserveCaseForResources;

    public PermissionTree(String str, int i, DataSource dataSource) {
        this.readWriteLock = new ReentrantReadWriteLock();
        this.read = this.readWriteLock.readLock();
        this.write = this.readWriteLock.writeLock();
        this.preserveCaseForResources = true;
        this.root = new TreeNode("/");
        this.cacheIdentifier = str;
        this.tenantId = i;
        this.dataSource = dataSource;
    }

    public PermissionTree(String str, int i, DataSource dataSource, boolean z) {
        this.readWriteLock = new ReentrantReadWriteLock();
        this.read = this.readWriteLock.readLock();
        this.write = this.readWriteLock.writeLock();
        this.preserveCaseForResources = true;
        this.root = new TreeNode("/");
        this.cacheIdentifier = str;
        this.tenantId = i;
        this.dataSource = dataSource;
        this.preserveCaseForResources = z;
    }

    private PermissionTree() {
        this.readWriteLock = new ReentrantReadWriteLock();
        this.read = this.readWriteLock.readLock();
        this.write = this.readWriteLock.writeLock();
        this.preserveCaseForResources = true;
        this.root = new TreeNode("/");
    }

    private Cache<PermissionTreeCacheKey, GhostResource<TreeNode>> getPermissionTreeCache() {
        return Caching.getCacheManagerFactory().getCacheManager(PERMISSION_CACHE_MANAGER).getCache(PERMISSION_CACHE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authorizeUserInTree(String str, String str2, String str3, boolean z) throws UserStoreException {
        if (!isCaseSensitiveUsername(str, this.tenantId)) {
            str = str.toLowerCase();
        }
        this.write.lock();
        try {
            try {
                SearchResult node = getNode(this.root, PermissionTreeUtil.toComponenets(str2));
                if (node.getUnprocessedPaths() != null) {
                    node.getLastNode().create(node.getUnprocessedPaths()).authorizeUser(str, PermissionTreeUtil.actionToPermission(str3));
                } else {
                    node.getLastNode().authorizeUser(str, PermissionTreeUtil.actionToPermission(str3));
                }
                if (z) {
                    invalidateCache(this.root);
                }
            } catch (IllegalArgumentException e) {
                throw new UserStoreException("Error while authorizing user: " + str + "in permission tree for resource id: " + str2 + "for action: " + str3, e);
            }
        } finally {
            this.write.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void denyUserInTree(String str, String str2, String str3, boolean z) throws UserStoreException {
        if (!isCaseSensitiveUsername(str, this.tenantId)) {
            str = str.toLowerCase();
        }
        this.write.lock();
        try {
            try {
                SearchResult node = getNode(this.root, PermissionTreeUtil.toComponenets(str2));
                if (node.getUnprocessedPaths() != null) {
                    node.getLastNode().create(node.getUnprocessedPaths()).denyUser(str, PermissionTreeUtil.actionToPermission(str3));
                } else {
                    node.getLastNode().denyUser(str, PermissionTreeUtil.actionToPermission(str3));
                }
                if (z) {
                    invalidateCache(this.root);
                }
            } catch (IllegalArgumentException e) {
                throw new UserStoreException("Error while denying user: " + str + "in permission tree for resource id: " + str2 + "for action: " + str3, e);
            }
        } finally {
            this.write.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authorizeRoleInTree(String str, String str2, String str3, boolean z) throws UserStoreException {
        this.write.lock();
        try {
            try {
                SearchResult node = getNode(this.root, PermissionTreeUtil.toComponenets(str2));
                if (node.getUnprocessedPaths() != null) {
                    node.getLastNode().create(node.getUnprocessedPaths()).authorizeRole(str, PermissionTreeUtil.actionToPermission(str3));
                } else {
                    node.getLastNode().authorizeRole(str, PermissionTreeUtil.actionToPermission(str3));
                }
                if (z) {
                    invalidateCache(this.root);
                }
            } catch (IllegalArgumentException e) {
                throw new UserStoreException("Error while authorizing role: " + str + "in permission tree for resource id: " + str2 + "for action: " + str3, e);
            }
        } finally {
            this.write.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void denyRoleInTree(String str, String str2, String str3, boolean z) throws UserStoreException {
        this.write.lock();
        try {
            try {
                SearchResult node = getNode(this.root, PermissionTreeUtil.toComponenets(str2));
                if (node.getUnprocessedPaths() != null) {
                    node.getLastNode().create(node.getUnprocessedPaths()).denyRole(str, PermissionTreeUtil.actionToPermission(str3));
                } else {
                    node.getLastNode().denyRole(str, PermissionTreeUtil.actionToPermission(str3));
                }
                if (z) {
                    invalidateCache(this.root);
                }
            } catch (IllegalArgumentException e) {
                throw new UserStoreException("Error while denying role: " + str + "in permission tree for resource id: " + str2 + "for action: " + str3, e);
            }
        } finally {
            this.write.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchResult getRolePermission(String str, TreeNode.Permission permission, SearchResult searchResult, TreeNode treeNode, List<String> list) {
        TreeNode child;
        this.read.lock();
        if (treeNode == null) {
            try {
                treeNode = this.root;
            } catch (Throwable th) {
                this.read.unlock();
                throw th;
            }
        }
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        Boolean isRoleAuthorized = treeNode.isRoleAuthorized(str, permission);
        if (isRoleAuthorized == Boolean.TRUE) {
            searchResult.setLastNodeAllowedAccess(Boolean.TRUE);
        } else if (isRoleAuthorized == Boolean.FALSE) {
            searchResult.setLastNodeAllowedAccess(Boolean.FALSE);
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            SearchResult searchResult2 = searchResult;
            this.read.unlock();
            return searchResult2;
        }
        String str2 = list.get(0);
        if (str2 == null || str2.length() <= 0 || (child = treeNode.getChild(str2)) == null) {
            searchResult.setLastNode(treeNode);
            SearchResult searchResult3 = searchResult;
            this.read.unlock();
            return searchResult3;
        }
        list.remove(0);
        SearchResult rolePermission = getRolePermission(str, permission, searchResult, child, list);
        this.read.unlock();
        return rolePermission;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchResult getUserPermission(String str, TreeNode.Permission permission, SearchResult searchResult, TreeNode treeNode, List<String> list) {
        TreeNode child;
        if (!isCaseSensitiveUsername(str, this.tenantId)) {
            str = str.toLowerCase();
        }
        this.read.lock();
        if (treeNode == null) {
            try {
                treeNode = this.root;
            } catch (Throwable th) {
                this.read.unlock();
                throw th;
            }
        }
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        Boolean isUserAuthorized = treeNode.isUserAuthorized(str, permission);
        if (isUserAuthorized == Boolean.TRUE) {
            searchResult.setLastNodeAllowedAccess(Boolean.TRUE);
        } else if (isUserAuthorized == Boolean.FALSE) {
            searchResult.setLastNodeAllowedAccess(Boolean.FALSE);
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            SearchResult searchResult2 = searchResult;
            this.read.unlock();
            return searchResult2;
        }
        String str2 = list.get(0);
        if (str2 == null || str2.length() <= 0 || (child = treeNode.getChild(str2)) == null) {
            searchResult.setLastNode(treeNode);
            SearchResult searchResult3 = searchResult;
            this.read.unlock();
            return searchResult3;
        }
        list.remove(0);
        SearchResult userPermission = getUserPermission(str, permission, searchResult, child, list);
        this.read.unlock();
        return userPermission;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchResult getAllowedUsersForResource(SearchResult searchResult, TreeNode treeNode, TreeNode.Permission permission, List<String> list) {
        TreeNode child;
        this.read.lock();
        if (treeNode == null) {
            try {
                treeNode = this.root;
            } catch (Throwable th) {
                this.read.unlock();
                throw th;
            }
        }
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        for (Map.Entry<String, BitSet> entry : treeNode.getUserAllowPermissions().entrySet()) {
            if (entry.getValue().get(permission.ordinal()) && !searchResult.getAllowedEntities().contains(entry.getKey())) {
                searchResult.getAllowedEntities().add(entry.getKey());
            }
        }
        for (Map.Entry<String, BitSet> entry2 : treeNode.getUserDenyPermissions().entrySet()) {
            if (entry2.getValue().get(permission.ordinal()) && searchResult.getAllowedEntities().contains(entry2.getKey())) {
                searchResult.getAllowedEntities().remove(entry2.getKey());
            }
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            SearchResult searchResult2 = searchResult;
            this.read.unlock();
            return searchResult2;
        }
        String str = list.get(0);
        if (str == null || str.length() <= 0 || (child = treeNode.getChild(str)) == null) {
            searchResult.setLastNode(treeNode);
            SearchResult searchResult3 = searchResult;
            this.read.unlock();
            return searchResult3;
        }
        list.remove(0);
        SearchResult allowedUsersForResource = getAllowedUsersForResource(searchResult, child, permission, list);
        this.read.unlock();
        return allowedUsersForResource;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchResult getAllowedRolesForResource(SearchResult searchResult, TreeNode treeNode, TreeNode.Permission permission, List<String> list) {
        TreeNode child;
        this.read.lock();
        if (treeNode == null) {
            try {
                treeNode = this.root;
            } catch (Throwable th) {
                this.read.unlock();
                throw th;
            }
        }
        if (searchResult == null) {
            searchResult = new SearchResult();
        }
        for (Map.Entry<String, BitSet> entry : treeNode.getRoleAllowPermissions().entrySet()) {
            if (entry.getValue().get(permission.ordinal()) && !searchResult.getAllowedEntities().contains(entry.getKey())) {
                searchResult.getAllowedEntities().add(entry.getKey());
            }
        }
        for (Map.Entry<String, BitSet> entry2 : treeNode.getRoleDenyPermissions().entrySet()) {
            if (entry2.getValue().get(permission.ordinal()) && searchResult.getAllowedEntities().contains(entry2.getKey())) {
                searchResult.getAllowedEntities().remove(entry2.getKey());
            }
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            SearchResult searchResult2 = searchResult;
            this.read.unlock();
            return searchResult2;
        }
        String str = list.get(0);
        if (str == null || str.length() <= 0 || (child = treeNode.getChild(str)) == null) {
            searchResult.setLastNode(treeNode);
            SearchResult searchResult3 = searchResult;
            this.read.unlock();
            return searchResult3;
        }
        list.remove(0);
        SearchResult allowedRolesForResource = getAllowedRolesForResource(searchResult, child, permission, list);
        this.read.unlock();
        return allowedRolesForResource;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchResult getDeniedRolesForResource(SearchResult searchResult, TreeNode treeNode, TreeNode.Permission permission, List<String> list) {
        TreeNode child;
        this.read.lock();
        if (searchResult == null) {
            try {
                searchResult = new SearchResult();
            } catch (Throwable th) {
                this.read.unlock();
                throw th;
            }
        }
        if (treeNode == null) {
            treeNode = this.root;
        }
        for (Map.Entry<String, BitSet> entry : treeNode.getRoleDenyPermissions().entrySet()) {
            if (entry.getValue().get(permission.ordinal()) && !searchResult.getDeniedEntities().contains(entry.getKey())) {
                searchResult.getDeniedEntities().add(entry.getKey());
            }
        }
        for (Map.Entry<String, BitSet> entry2 : treeNode.getRoleAllowPermissions().entrySet()) {
            if (entry2.getValue().get(permission.ordinal()) && searchResult.getDeniedEntities().contains(entry2.getKey())) {
                searchResult.getDeniedEntities().remove(entry2.getKey());
            }
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            SearchResult searchResult2 = searchResult;
            this.read.unlock();
            return searchResult2;
        }
        String str = list.get(0);
        if (str == null || str.length() <= 0 || (child = treeNode.getChild(str)) == null) {
            searchResult.setLastNode(treeNode);
            SearchResult searchResult3 = searchResult;
            this.read.unlock();
            return searchResult3;
        }
        list.remove(0);
        SearchResult deniedRolesForResource = getDeniedRolesForResource(searchResult, child, permission, list);
        this.read.unlock();
        return deniedRolesForResource;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SearchResult getDeniedUsersForResource(SearchResult searchResult, TreeNode treeNode, TreeNode.Permission permission, List<String> list) {
        TreeNode child;
        this.read.lock();
        if (searchResult == null) {
            try {
                searchResult = new SearchResult();
            } catch (Throwable th) {
                this.read.unlock();
                throw th;
            }
        }
        if (treeNode == null) {
            treeNode = this.root;
        }
        for (Map.Entry<String, BitSet> entry : treeNode.getUserDenyPermissions().entrySet()) {
            if (entry.getValue().get(permission.ordinal()) && !searchResult.getDeniedEntities().contains(entry.getKey())) {
                searchResult.getDeniedEntities().add(entry.getKey());
            }
        }
        for (Map.Entry<String, BitSet> entry2 : treeNode.getUserAllowPermissions().entrySet()) {
            if (entry2.getValue().get(permission.ordinal()) && searchResult.getDeniedEntities().contains(entry2.getKey())) {
                searchResult.getDeniedEntities().remove(entry2.getKey());
            }
        }
        if (list == null || list.isEmpty()) {
            searchResult.setLastNode(treeNode);
            searchResult.setUnprocessedPaths(null);
            SearchResult searchResult2 = searchResult;
            this.read.unlock();
            return searchResult2;
        }
        String str = list.get(0);
        if (str == null || str.length() <= 0 || (child = treeNode.getChild(str)) == null) {
            searchResult.setLastNode(treeNode);
            SearchResult searchResult3 = searchResult;
            this.read.unlock();
            return searchResult3;
        }
        list.remove(0);
        SearchResult deniedUsersForResource = getDeniedUsersForResource(searchResult, child, permission, list);
        this.read.unlock();
        return deniedUsersForResource;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void clearRoleAuthorization(String str, String str2) throws UserStoreException {
        clearRoleAuthorization(str, this.root, PermissionTreeUtil.actionToPermission(str2));
        invalidateCache(this.root);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateRoleNameInCache(String str, String str2) throws UserStoreException {
        updateRoleNameInCache(str, str2, this.root);
        invalidateCache(this.root);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void clearRoleAuthorization(String str) throws UserStoreException {
        clearRoleAuthorization(str, this.root);
        invalidateCache(this.root);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void clearRoleAuthorization(String str, String str2, String str3) throws UserStoreException {
        SearchResult node = getNode(this.root, PermissionTreeUtil.toComponenets(str2));
        this.write.lock();
        try {
            if (node.getUnprocessedPaths() == null) {
                TreeNode.Permission actionToPermission = PermissionTreeUtil.actionToPermission(str3);
                Map<String, BitSet> roleAllowPermissions = node.getLastNode().getRoleAllowPermissions();
                BitSet bitSet = roleAllowPermissions.get(str);
                if (bitSet == null) {
                    bitSet = roleAllowPermissions.get(modify(str));
                }
                if (bitSet != null) {
                    bitSet.clear(actionToPermission.ordinal());
                }
                BitSet bitSet2 = node.getLastNode().getRoleDenyPermissions().get(str);
                if (bitSet2 != null) {
                    bitSet2.clear(actionToPermission.ordinal());
                }
            }
            invalidateCache(this.root);
            this.write.unlock();
        } catch (Throwable th) {
            this.write.unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void clearUserAuthorization(String str) throws UserStoreException {
        clearUserAuthorization(str, this.root);
        invalidateCache(this.root);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void clearUserAuthorization(String str, String str2, String str3) throws UserStoreException {
        if (!isCaseSensitiveUsername(str, this.tenantId)) {
            str = str.toLowerCase();
        }
        this.write.lock();
        try {
            SearchResult node = getNode(this.root, PermissionTreeUtil.toComponenets(str2));
            if (node.getUnprocessedPaths() == null || node.getUnprocessedPaths().isEmpty()) {
                TreeNode.Permission actionToPermission = PermissionTreeUtil.actionToPermission(str3);
                BitSet bitSet = node.getLastNode().getUserAllowPermissions().get(str);
                if (bitSet != null) {
                    bitSet.clear(actionToPermission.ordinal());
                }
                BitSet bitSet2 = node.getLastNode().getUserDenyPermissions().get(str);
                if (bitSet2 != null) {
                    bitSet2.clear(actionToPermission.ordinal());
                }
            }
            invalidateCache(this.root);
            this.write.unlock();
        } catch (Throwable th) {
            this.write.unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void getUIResourcesForRoles(String[] strArr, List<String> list, String str) throws UserStoreException {
        List<String> componenets = PermissionTreeUtil.toComponenets(str);
        this.read.lock();
        try {
            TreeNode treeNode = this.root;
            Iterator<String> it = componenets.iterator();
            while (it.hasNext()) {
                treeNode = treeNode.getChild(it.next());
                if (treeNode == null) {
                    break;
                }
            }
            if (treeNode == null) {
                throw new UserStoreException("Invalid Permission root path provided");
            }
            TreeNode child = this.root.getChild(CarbonConstants.UI_PERMISSION_NAME);
            if (child == null) {
                throw new UserStoreException("Invalid Permission root path provided");
            }
            if (str.endsWith("/")) {
                str.substring(0, str.length() - 1);
            }
            getUIResourcesForRoles(strArr, list, "", PermissionTreeUtil.actionToPermission(CarbonConstants.UI_PERMISSION_ACTION), child);
        } finally {
            this.read.unlock();
        }
    }

    void getUIResourcesForRoles(String[] strArr, List<String> list, String str, TreeNode.Permission permission, TreeNode treeNode) {
        this.read.lock();
        try {
            String str2 = str + "/" + treeNode.getName();
            Map<String, BitSet> roleAllowPermissions = treeNode.getRoleAllowPermissions();
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str3 = strArr[i];
                BitSet bitSet = roleAllowPermissions.get(str3);
                if (bitSet == null) {
                    bitSet = roleAllowPermissions.get(modify(str3));
                }
                if (bitSet != null && bitSet.get(permission.ordinal())) {
                    list.add(str2);
                    break;
                }
                i++;
            }
            for (TreeNode treeNode2 : treeNode.getChildren().values()) {
                if (treeNode2 != null) {
                    getUIResourcesForRoles(strArr, list, str2, permission, treeNode2);
                }
            }
        } finally {
            this.read.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void clearResourceAuthorizations(String str) throws UserStoreException {
        this.write.lock();
        try {
            SearchResult node = getNode(this.root, PermissionTreeUtil.toComponenets(str));
            if (node.getUnprocessedPaths() == null) {
                node.getLastNode().getUserAllowPermissions().clear();
                node.getLastNode().getUserDenyPermissions().clear();
                node.getLastNode().getRoleAllowPermissions().clear();
                node.getLastNode().getRoleDenyPermissions().clear();
            }
            invalidateCache(this.root);
        } finally {
            this.write.unlock();
        }
    }

    private void clearRoleAuthorization(String str, TreeNode treeNode, TreeNode.Permission permission) {
        this.write.lock();
        try {
            Map<String, BitSet> roleAllowPermissions = treeNode.getRoleAllowPermissions();
            Map<String, BitSet> roleDenyPermissions = treeNode.getRoleDenyPermissions();
            BitSet bitSet = roleAllowPermissions.get(str);
            if (bitSet == null) {
                bitSet = roleAllowPermissions.get(modify(str));
            }
            if (bitSet != null) {
                bitSet.clear(permission.ordinal());
            }
            BitSet bitSet2 = roleDenyPermissions.get(str);
            if (bitSet2 != null) {
                bitSet2.clear(permission.ordinal());
            }
            Map<String, TreeNode> children = treeNode.getChildren();
            if (children != null && children.size() > 0) {
                Iterator<TreeNode> it = children.values().iterator();
                while (it.hasNext()) {
                    clearRoleAuthorization(str, it.next(), permission);
                }
            }
        } finally {
            this.write.unlock();
        }
    }

    private void clearRoleAuthorization(String str, TreeNode treeNode) {
        this.write.lock();
        try {
            Map<String, BitSet> roleAllowPermissions = treeNode.getRoleAllowPermissions();
            Map<String, BitSet> roleDenyPermissions = treeNode.getRoleDenyPermissions();
            BitSet bitSet = roleAllowPermissions.get(str);
            boolean z = false;
            if (bitSet == null) {
                bitSet = roleAllowPermissions.get(modify(str));
                z = true;
            }
            if (bitSet != null) {
                if (z) {
                    roleAllowPermissions.remove(modify(str));
                } else {
                    roleAllowPermissions.remove(str);
                }
            }
            boolean z2 = false;
            BitSet bitSet2 = roleDenyPermissions.get(str);
            if (bitSet2 == null) {
                bitSet2 = roleDenyPermissions.get(modify(str));
                z2 = true;
            }
            if (bitSet2 != null) {
                if (z2) {
                    roleDenyPermissions.remove(modify(str));
                } else {
                    roleDenyPermissions.remove(str);
                }
            }
            Map<String, TreeNode> children = treeNode.getChildren();
            if (children != null && children.size() > 0) {
                Iterator<TreeNode> it = children.values().iterator();
                while (it.hasNext()) {
                    clearRoleAuthorization(str, it.next());
                }
            }
        } finally {
            this.write.unlock();
        }
    }

    private void updateRoleNameInCache(String str, String str2, TreeNode treeNode) {
        Map<String, BitSet> roleAllowPermissions = treeNode.getRoleAllowPermissions();
        Map<String, BitSet> roleDenyPermissions = treeNode.getRoleDenyPermissions();
        this.write.lock();
        try {
            boolean z = false;
            BitSet bitSet = roleAllowPermissions.get(str);
            if (bitSet == null) {
                bitSet = roleAllowPermissions.get(modify(str));
                z = true;
            }
            if (bitSet != null) {
                if (z) {
                    roleAllowPermissions.remove(modify(str));
                } else {
                    roleAllowPermissions.remove(str);
                }
                roleAllowPermissions.put(modify(str2), bitSet);
            }
            boolean z2 = false;
            BitSet bitSet2 = roleDenyPermissions.get(str);
            if (bitSet2 == null) {
                bitSet2 = roleDenyPermissions.get(modify(str));
                z2 = true;
            }
            if (bitSet2 != null) {
                if (z2) {
                    roleDenyPermissions.remove(modify(str));
                } else {
                    roleDenyPermissions.remove(str);
                }
                roleDenyPermissions.put(modify(str2), bitSet2);
            }
            Map<String, TreeNode> children = treeNode.getChildren();
            if (children != null && children.size() > 0) {
                Iterator<TreeNode> it = children.values().iterator();
                while (it.hasNext()) {
                    updateRoleNameInCache(str, str2, it.next());
                }
            }
        } finally {
            this.write.unlock();
        }
    }

    private void clearUserAuthorization(String str, TreeNode treeNode) {
        if (!isCaseSensitiveUsername(str, this.tenantId)) {
            str = str.toLowerCase();
        }
        this.write.lock();
        try {
            Map<String, BitSet> userAllowPermissions = treeNode.getUserAllowPermissions();
            Map<String, BitSet> userDenyPermissions = treeNode.getUserDenyPermissions();
            if (userAllowPermissions.get(str) != null) {
                userAllowPermissions.remove(str);
            }
            if (userDenyPermissions.get(str) != null) {
                userDenyPermissions.remove(str);
            }
            Map<String, TreeNode> children = treeNode.getChildren();
            if (children != null && children.size() > 0) {
                Iterator<TreeNode> it = children.values().iterator();
                while (it.hasNext()) {
                    clearUserAuthorization(str, it.next());
                }
            }
        } finally {
            this.write.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void clear() {
        Cache<PermissionTreeCacheKey, GhostResource<TreeNode>> permissionTreeCache = getPermissionTreeCache();
        if (permissionTreeCache != null) {
            this.write.lock();
            try {
                this.root.clearNodes();
                this.hashValueOfRootNode = -1;
                permissionTreeCache.remove(new PermissionTreeCacheKey(this.cacheIdentifier, this.tenantId));
            } finally {
                this.write.unlock();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updatePermissionTree() throws UserStoreException {
        updatePermissionTree("");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updatePermissionTree(String str) throws UserStoreException {
        Cache<PermissionTreeCacheKey, GhostResource<TreeNode>> permissionTreeCache = getPermissionTreeCache();
        if (permissionTreeCache != null) {
            PermissionTreeCacheKey permissionTreeCacheKey = new PermissionTreeCacheKey(this.cacheIdentifier, this.tenantId);
            GhostResource<TreeNode> ghostResource = permissionTreeCache.get(permissionTreeCacheKey);
            if (!permissionTreeCache.containsKey(permissionTreeCacheKey) || ghostResource == null) {
                synchronized (this) {
                    GhostResource<TreeNode> ghostResource2 = permissionTreeCache.get(permissionTreeCacheKey);
                    if (ghostResource2 == null || ghostResource2.getResource() == null) {
                        updatePermissionTreeFromDB();
                        try {
                            permissionTreeCache.put(new PermissionTreeCacheKey(this.cacheIdentifier, this.tenantId), new GhostResource<>(this.root));
                        } catch (IllegalStateException e) {
                            String str2 = "Error occurred while adding the permission tree to cache while trying to update resource: " + str + " in tenant: " + this.tenantId;
                            log.warn(str2);
                            if (log.isDebugEnabled()) {
                                log.debug(str2, e);
                            }
                        }
                        if (log.isDebugEnabled()) {
                            log.debug("Permission tree is loaded from database for the resource " + str + " in tenant " + this.tenantId);
                        }
                    }
                }
                return;
            }
            if (ghostResource.getResource() != null) {
                if (StringUtils.isEmpty(str)) {
                    return;
                }
                synchronized (this) {
                    updateResourcePermissionsById(str);
                    ghostResource.setResource(this.root);
                }
                return;
            }
            synchronized (this) {
                GhostResource<TreeNode> ghostResource3 = permissionTreeCache.get(permissionTreeCacheKey);
                if (ghostResource3 == null || ghostResource3.getResource() == null) {
                    updatePermissionTreeFromDB();
                    if (ghostResource3 == null) {
                        permissionTreeCache.put(permissionTreeCacheKey, new GhostResource<>(this.root));
                    } else {
                        ghostResource3.setResource(this.root);
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Set resource to true");
                    }
                }
            }
        }
    }

    /* JADX WARN: Finally extract failed */
    void updateResourcePermissionsById(String str) throws UserStoreException {
        try {
            try {
                PermissionTree permissionTree = new PermissionTree();
                permissionTree.root = this.root;
                Connection dBConnection = getDBConnection();
                PreparedStatement prepareStatement = this.preserveCaseForResources ? dBConnection.prepareStatement(DBConstants.GET_EXISTING_ROLE_PERMISSIONS_BY_RESOURCE_ID_CASE_SENSITIVE) : dBConnection.prepareStatement(DBConstants.GET_EXISTING_ROLE_PERMISSIONS_BY_RESOURCE_ID);
                prepareStatement.setInt(1, this.tenantId);
                prepareStatement.setInt(2, this.tenantId);
                prepareStatement.setString(3, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                this.write.lock();
                getNode(this.root, PermissionTreeUtil.toComponenets(str)).getLastNode().getRoleAllowPermissions().clear();
                while (executeQuery.next()) {
                    try {
                        short s = executeQuery.getShort(3);
                        String addDomainToName = UserCoreUtil.addDomainToName(executeQuery.getString(1), executeQuery.getString(5));
                        if (s == 1) {
                            permissionTree.authorizeRoleInTree(addDomainToName, executeQuery.getString(2), executeQuery.getString(4), false);
                        } else {
                            permissionTree.denyRoleInTree(addDomainToName, executeQuery.getString(2), executeQuery.getString(4), false);
                        }
                    } catch (Throwable th) {
                        this.root = permissionTree.root;
                        this.write.unlock();
                        throw th;
                    }
                }
                this.root = permissionTree.root;
                this.write.unlock();
                DatabaseUtil.closeAllConnections(dBConnection, executeQuery, prepareStatement);
            } catch (SQLException e) {
                throw new UserStoreException("Error loading authorizations. Please check the database. Error message is " + e.getMessage(), e);
            }
        } catch (Throwable th2) {
            DatabaseUtil.closeAllConnections(null, null, null);
            throw th2;
        }
    }

    private void invalidateCache(TreeNode treeNode) throws UserStoreException {
        Cache<PermissionTreeCacheKey, GhostResource<TreeNode>> permissionTreeCache = getPermissionTreeCache();
        if (permissionTreeCache != null) {
            permissionTreeCache.remove(new PermissionTreeCacheKey(this.cacheIdentifier, this.tenantId));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updatePermissionTreeFromDB() throws UserStoreException {
        PermissionTree permissionTree = new PermissionTree();
        try {
            try {
                Connection dBConnection = getDBConnection();
                PreparedStatement prepareStatement = this.preserveCaseForResources ? dBConnection.prepareStatement(DBConstants.GET_EXISTING_ROLE_PERMISSIONS_CASE_SENSITIVE) : dBConnection.prepareStatement(DBConstants.GET_EXISTING_ROLE_PERMISSIONS);
                prepareStatement.setInt(1, this.tenantId);
                prepareStatement.setInt(2, this.tenantId);
                ResultSet executeQuery = prepareStatement.executeQuery();
                while (executeQuery.next()) {
                    short s = executeQuery.getShort(3);
                    String addDomainToName = UserCoreUtil.addDomainToName(executeQuery.getString(1), executeQuery.getString(5));
                    if (s == 1) {
                        permissionTree.authorizeRoleInTree(addDomainToName, executeQuery.getString(2), executeQuery.getString(4), false);
                    } else {
                        permissionTree.denyRoleInTree(addDomainToName, executeQuery.getString(2), executeQuery.getString(4), false);
                    }
                }
                PreparedStatement prepareStatement2 = dBConnection.prepareStatement(DBConstants.GET_EXISTING_USER_PERMISSIONS);
                prepareStatement2.setInt(1, this.tenantId);
                prepareStatement2.setInt(2, this.tenantId);
                ResultSet executeQuery2 = prepareStatement2.executeQuery();
                while (executeQuery2.next()) {
                    if (executeQuery2.getShort(3) == 1) {
                        permissionTree.authorizeUserInTree(executeQuery2.getString(1), executeQuery2.getString(2), executeQuery2.getString(4), false);
                    } else {
                        permissionTree.denyUserInTree(executeQuery2.getString(1), executeQuery2.getString(2), executeQuery2.getString(4), false);
                    }
                }
                this.write.lock();
                try {
                    this.root = permissionTree.root;
                    this.write.unlock();
                    DatabaseUtil.closeAllConnections(dBConnection, executeQuery2, prepareStatement, prepareStatement2);
                } catch (Throwable th) {
                    this.write.unlock();
                    throw th;
                }
            } catch (SQLException e) {
                throw new UserStoreException("Error loading authorizations. Please check the database. Error message is " + e.getMessage(), e);
            }
        } catch (Throwable th2) {
            DatabaseUtil.closeAllConnections(null, null, null, null);
            throw th2;
        }
    }

    private SearchResult getNode(TreeNode treeNode, List<String> list) {
        TreeNode child;
        if (list == null || list.isEmpty()) {
            return new SearchResult(treeNode, null);
        }
        String str = list.get(0);
        if (str == null || str.length() <= 0 || (child = treeNode.getChild(str)) == null) {
            return new SearchResult(treeNode, list);
        }
        list.remove(0);
        return !list.isEmpty() ? getNode(child, list) : new SearchResult(child, null);
    }

    private Connection getDBConnection() throws SQLException {
        Connection connection = this.dataSource.getConnection();
        connection.setAutoCommit(false);
        return connection;
    }

    private boolean isCaseSensitiveUsername(String str, int i) {
        if (UserStoreMgtDSComponent.getRealmService() == null) {
            return true;
        }
        try {
            if (UserStoreMgtDSComponent.getRealmService().getTenantUserRealm(i) != null) {
                return !Boolean.parseBoolean(((UserStoreManager) UserStoreMgtDSComponent.getRealmService().getTenantUserRealm(i).getUserStoreManager()).getSecondaryUserStoreManager(UserCoreUtil.extractDomainFromName(str)).getRealmConfiguration().getUserStoreProperty("CaseInsensitiveUsername"));
            }
            return true;
        } catch (org.wso2.carbon.user.api.UserStoreException e) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Error while reading user store property CaseInsensitiveUsername. Considering as false.");
            return true;
        }
    }

    private String modify(String str) {
        if (!str.contains(UserCoreConstants.DOMAIN_SEPARATOR)) {
            return str;
        }
        return UserCoreUtil.addDomainToName(UserCoreUtil.removeDomainFromName(str), UserCoreUtil.extractDomainFromName(str));
    }
}
