package org.wso2.carbon.governance.registry.extensions.executors;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.governance.registry.extensions.discoveryagents.DiscoveryAgentExecutorSupport;
import org.wso2.carbon.governance.registry.extensions.interfaces.Execution;
import org.wso2.carbon.governance.registry.extensions.internal.GovernanceRegistryExtensionsDataHolder;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.jdbc.handlers.RequestContext;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;

/* loaded from: input_file:org/wso2/carbon/governance/registry/extensions/executors/PermissionGrantExecutor.class */
public class PermissionGrantExecutor implements Execution {
    private static final Log log = LogFactory.getLog(PermissionGrantExecutor.class);
    private UserRealm userRealm;
    private int tenantId;
    private List<RolePermission> list = new ArrayList();
    private static final String READ = "read";
    private static final String WRITE = "write";
    private static final String DELETE = "delete";
    private static final String ADD = "add";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wso2/carbon/governance/registry/extensions/executors/PermissionGrantExecutor$RolePermission.class */
    public class RolePermission {
        private String role;
        private int action;
        private String[] permission;

        private RolePermission() {
        }

        public String getRole() {
            return this.role;
        }

        public void setRole(String str) {
            this.role = str;
        }

        public int getAction() {
            return this.action;
        }

        public void setAction(int i) {
            this.action = i;
        }

        public String[] getPermission() {
            return this.permission;
        }

        public void setPermission(String[] strArr) {
            this.permission = strArr;
        }
    }

    @Override // org.wso2.carbon.governance.registry.extensions.interfaces.Execution
    public void init(Map map) {
        obtainTenantId();
        obtainUserRealm();
        populateValues(map);
    }

    @Override // org.wso2.carbon.governance.registry.extensions.interfaces.Execution
    public boolean execute(RequestContext requestContext, String str, String str2) {
        String str3;
        String path = requestContext.getResourcePath().getPath();
        boolean z = false;
        for (RolePermission rolePermission : this.list) {
            for (String str4 : rolePermission.getPermission()) {
                if (str4.equalsIgnoreCase(READ)) {
                    str3 = "http://www.wso2.org/projects/registry/actions/get";
                } else if (str4.equalsIgnoreCase(WRITE)) {
                    str3 = "http://www.wso2.org/projects/registry/actions/add";
                } else if (str4.equalsIgnoreCase(DELETE)) {
                    str3 = "http://www.wso2.org/projects/registry/actions/delete";
                }
                try {
                    executePermission(rolePermission.getAction(), this.userRealm, rolePermission.getRole(), path, str3);
                } catch (UserStoreException e) {
                    z = true;
                }
            }
        }
        return !z;
    }

    private void obtainTenantId() {
        PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        try {
            this.tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
        } catch (Exception e) {
            log.error("Failed to obtain Tenant id", e);
        }
    }

    private void obtainUserRealm() {
        try {
            this.userRealm = GovernanceRegistryExtensionsDataHolder.getInstance().getRegistryService().getUserRealm(this.tenantId);
        } catch (RegistryException e) {
            log.error("Failed to load User Realm Manager.", e);
        }
    }

    private void executePermission(int i, UserRealm userRealm, String str, String str2, String str3) throws UserStoreException {
        switch (i) {
            case 1:
                addPermission(userRealm, str, str2, str3);
                return;
            case 2:
                removePermission(userRealm, str, str2, str3);
                return;
            default:
                if (log.isDebugEnabled()) {
                    log.debug("Ignoring " + i);
                    return;
                }
                return;
        }
    }

    private void addPermission(UserRealm userRealm, String str, String str2, String str3) throws UserStoreException {
        if (str == null || str2 == null || str3 == null) {
            return;
        }
        userRealm.getAuthorizationManager().authorizeRole(str, str2, str3);
        if (log.isDebugEnabled()) {
            log.debug("Permission " + str3 + " ADDED to role: " + str + " for " + str2);
        }
    }

    private void removePermission(UserRealm userRealm, String str, String str2, String str3) throws UserStoreException {
        if (str == null || str2 == null || str3 == null) {
            return;
        }
        userRealm.getAuthorizationManager().denyRole(str, str2, str3);
        if (log.isDebugEnabled()) {
            log.debug("Permission: " + str3 + " REMOVED from role: " + str + " for " + str2);
        }
    }

    private void populateValues(Map map) {
        for (String str : map.keySet()) {
            String str2 = (String) map.get(str);
            String[] split = str.split(":");
            String[] split2 = str2.split(DiscoveryAgentExecutorSupport.SERVER_ID_SEPARATOR);
            RolePermission rolePermission = new RolePermission();
            if (split[1].equalsIgnoreCase(ADD)) {
                rolePermission.setAction(1);
            } else {
                rolePermission.setAction(2);
            }
            rolePermission.setPermission(split2);
            rolePermission.setRole(split[0]);
            this.list.add(rolePermission);
        }
    }
}
