package org.wso2.carbon.user.core.authorization;

import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.SQLIntegrityConstraintViolationException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.sql.DataSource;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.core.AuthorizationManager;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.authorization.TreeNode;
import org.wso2.carbon.user.core.claim.ClaimManager;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.constants.UserCoreDBConstants;
import org.wso2.carbon.user.core.internal.UMListenerServiceComponent;
import org.wso2.carbon.user.core.ldap.LDAPConstants;
import org.wso2.carbon.user.core.listener.AuthorizationManagerListener;
import org.wso2.carbon.user.core.profile.ProfileConfigurationManager;
import org.wso2.carbon.user.core.util.DatabaseUtil;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.user.core-4.4.17.jar:org/wso2/carbon/user/core/authorization/JDBCAuthorizationManager.class */
public class JDBCAuthorizationManager implements AuthorizationManager {
    private final String GET_ALL_ROLES_OF_USER_ENABLED = "GetAllRolesOfUserEnabled";
    private DataSource dataSource;
    private PermissionTree permissionTree;
    private AuthorizationCache authorizationCache;
    private UserRealm userRealm;
    private RealmConfiguration realmConfig;
    private boolean caseInSensitiveAuthorizationRules;
    private boolean preserveCaseForResources;
    private boolean verifyByRetrievingAllUserRoles;
    private String cacheIdentifier;
    private int tenantId;
    private String isCascadeDeleteEnabled;
    private static final String DELETE_ROLE_PERMISSIONS = "DeleteRolePermissions";
    private static final String DELETE_USER_PERMISSIONS = "DeleteUserPermissions";
    private static Log log = LogFactory.getLog(JDBCAuthorizationManager.class);
    private static boolean debug = log.isDebugEnabled();
    private static final ThreadLocal<Boolean> isSecureCall = new ThreadLocal<Boolean>() { // from class: org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public Boolean initialValue() {
            return Boolean.FALSE;
        }
    };

    public JDBCAuthorizationManager(RealmConfiguration realmConfiguration, Map<String, Object> map, ClaimManager claimManager, ProfileConfigurationManager profileConfigurationManager, UserRealm userRealm, Integer num) throws UserStoreException {
        this.dataSource = null;
        this.permissionTree = null;
        this.authorizationCache = null;
        this.userRealm = null;
        this.realmConfig = null;
        this.preserveCaseForResources = true;
        this.authorizationCache = AuthorizationCache.getInstance();
        if (!"true".equals(realmConfiguration.getAuthorizationManagerProperty(UserCoreConstants.RealmConfig.PROPERTY_AUTHORIZATION_CACHE_ENABLED))) {
            this.authorizationCache.disableCache();
        }
        if (!"true".equals(realmConfiguration.getAuthorizationManagerProperty(UserCoreConstants.RealmConfig.PROPERTY_CASE_SENSITIVITY))) {
            this.caseInSensitiveAuthorizationRules = true;
        }
        if ("true".equals(realmConfiguration.getAuthorizationManagerProperty("GetAllRolesOfUserEnabled"))) {
            this.verifyByRetrievingAllUserRoles = true;
        }
        if (!realmConfiguration.getAuthzProperties().containsKey(DELETE_ROLE_PERMISSIONS)) {
            realmConfiguration.getAuthzProperties().put(DELETE_ROLE_PERMISSIONS, DBConstants.ON_DELETE_PERMISSION_UM_ROLE_PERMISSIONS_SQL);
        }
        if (!realmConfiguration.getAuthzProperties().containsKey(DELETE_USER_PERMISSIONS)) {
            realmConfiguration.getAuthzProperties().put(DELETE_USER_PERMISSIONS, DBConstants.ON_DELETE_PERMISSION_UM_USER_PERMISSIONS_SQL);
        }
        if ("false".equals(realmConfiguration.getAuthorizationManagerProperty(UserCoreConstants.RealmConfig.PROPERTY_PRESERVE_CASE_FOR_RESOURCES))) {
            this.preserveCaseForResources = false;
        }
        String userStoreProperty = realmConfiguration.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_USER_CORE_CACHE_IDENTIFIER);
        if (userStoreProperty == null || userStoreProperty.trim().length() <= 0) {
            this.cacheIdentifier = UserCoreConstants.DEFAULT_CACHE_IDENTIFIER;
        } else {
            this.cacheIdentifier = userStoreProperty;
        }
        this.dataSource = (DataSource) map.get(UserCoreConstants.DATA_SOURCE);
        if (this.dataSource == null) {
            this.dataSource = DatabaseUtil.getRealmDataSource(realmConfiguration);
            map.put(UserCoreConstants.DATA_SOURCE, this.dataSource);
        }
        this.isCascadeDeleteEnabled = realmConfiguration.getRealmProperty(UserCoreDBConstants.CASCADE_DELETE_ENABLED);
        this.permissionTree = new PermissionTree(this.cacheIdentifier, num.intValue(), this.dataSource, this.preserveCaseForResources);
        this.realmConfig = realmConfiguration;
        this.userRealm = userRealm;
        this.tenantId = num.intValue();
        if (log.isDebugEnabled()) {
            log.debug("The jdbcDataSource being used by JDBCAuthorizationManager :: " + this.dataSource.hashCode());
        }
        populatePermissionTreeFromDB();
        addInitialData();
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public boolean isRoleAuthorized(String str, String str2, String str3) throws UserStoreException {
        if (!this.preserveCaseForResources && str2 != null) {
            str2 = str2.toLowerCase();
        }
        if (!isSecureCall.get().booleanValue()) {
            return ((Boolean) callSecure("isRoleAuthorized", new Object[]{str, str2, str3}, new Class[]{String.class, String.class, String.class})).booleanValue();
        }
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().isRoleAuthorized(str, str2, str3, this)) {
                return false;
            }
        }
        this.permissionTree.updatePermissionTree();
        SearchResult rolePermission = this.permissionTree.getRolePermission(str, PermissionTreeUtil.actionToPermission(str3), null, null, PermissionTreeUtil.toComponenets(str2));
        if (log.isDebugEnabled() && !rolePermission.getLastNodeAllowedAccess().booleanValue()) {
            log.debug(str + " role is not Authorized to perform " + str3 + " on " + str2);
        }
        return rolePermission.getLastNodeAllowedAccess().booleanValue();
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public boolean isUserAuthorized(String str, String str2, String str3) throws UserStoreException {
        if (!this.preserveCaseForResources && str2 != null) {
            str2 = str2.toLowerCase();
        }
        if (!isSecureCall.get().booleanValue()) {
            return ((Boolean) callSecure("isUserAuthorized", new Object[]{str, str2, str3}, new Class[]{String.class, String.class, String.class})).booleanValue();
        }
        if (CarbonConstants.REGISTRY_SYSTEM_USERNAME.equals(str)) {
            return true;
        }
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().isUserAuthorized(str, str2, str3, this)) {
                return false;
            }
        }
        try {
            Boolean isUserAuthorized = this.authorizationCache.isUserAuthorized(this.cacheIdentifier, this.tenantId, str, str2, str3);
            if (log.isDebugEnabled() && isUserAuthorized != null && !isUserAuthorized.booleanValue()) {
                log.debug("Authorization cache hit. " + str + " user is not Authorized to perform " + str3 + " on " + str2);
            }
            if (isUserAuthorized != null) {
                return isUserAuthorized.booleanValue();
            }
        } catch (AuthorizationCacheException e) {
        }
        if (log.isDebugEnabled()) {
            log.debug("Authorization cache miss for username : " + str + " resource " + str2 + " action : " + str3);
        }
        this.permissionTree.updatePermissionTree();
        if (this.permissionTree.getUserPermission(str, PermissionTreeUtil.actionToPermission(str3), null, null, PermissionTreeUtil.toComponenets(str2)).getLastNodeAllowedAccess().booleanValue()) {
            this.authorizationCache.addToCache(this.cacheIdentifier, this.tenantId, str, str2, str3, true);
            return true;
        }
        boolean z = false;
        String[] allowedRolesForResource = getAllowedRolesForResource(str2, str3);
        if (allowedRolesForResource != null && allowedRolesForResource.length > 0) {
            if (log.isDebugEnabled()) {
                log.debug("Roles which have permission for resource : " + str2 + " action : " + str3);
                for (String str4 : allowedRolesForResource) {
                    log.debug("Role :  " + str4);
                }
            }
            if (this.verifyByRetrievingAllUserRoles) {
                String[] strArr = null;
                try {
                    strArr = this.userRealm.getUserStoreManager().getRoleListOfUser(str);
                } catch (UserStoreException e2) {
                    if (log.isDebugEnabled()) {
                        log.debug("Error getting role list of user : " + str, e2);
                    }
                }
                if (strArr == null || strArr.length == 0) {
                    strArr = ((AbstractUserStoreManager) this.userRealm.getUserStoreManager()).doGetRoleListOfUser(str, "*");
                }
                int length = allowedRolesForResource.length;
                int i = 0;
                loop2: while (true) {
                    if (i >= length) {
                        break;
                    }
                    String str5 = allowedRolesForResource[i];
                    for (String str6 : strArr) {
                        if (str5.equalsIgnoreCase(str6)) {
                            z = true;
                            break loop2;
                        }
                    }
                    i++;
                }
                if (log.isDebugEnabled()) {
                    log.debug(str + " user has permitted resource :  " + str2 + ", action :" + str3);
                }
            } else {
                AbstractUserStoreManager abstractUserStoreManager = (AbstractUserStoreManager) this.userRealm.getUserStoreManager();
                for (String str7 : allowedRolesForResource) {
                    try {
                    } catch (UserStoreException e3) {
                        if (log.isDebugEnabled()) {
                            log.debug(str + " user is not in role :  " + str7, e3);
                        }
                    }
                    if (abstractUserStoreManager.isUserInRole(str, str7)) {
                        if (log.isDebugEnabled()) {
                            log.debug(str + " user is in role :  " + str7);
                        }
                        z = true;
                        break;
                    }
                    if (log.isDebugEnabled()) {
                        log.debug(str + " user is not in role :  " + str7);
                    }
                }
            }
        } else if (log.isDebugEnabled()) {
            log.debug("No roles have permission for resource : " + str2 + " action : " + str3);
        }
        this.authorizationCache.addToCache(this.cacheIdentifier, this.tenantId, str, str2, str3, z);
        if (log.isDebugEnabled() && !z) {
            log.debug(str + " user is not Authorized to perform " + str3 + " on " + str2);
        }
        return z;
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public String[] getAllowedRolesForResource(String str, String str2) throws UserStoreException {
        if (!this.preserveCaseForResources && str != null) {
            str = str.toLowerCase();
        }
        if (!isSecureCall.get().booleanValue()) {
            return (String[]) callSecure("getAllowedRolesForResource", new Object[]{str, str2}, new Class[]{String.class, String.class});
        }
        TreeNode.Permission actionToPermission = PermissionTreeUtil.actionToPermission(str2);
        this.permissionTree.updatePermissionTree();
        SearchResult allowedRolesForResource = this.permissionTree.getAllowedRolesForResource(null, null, actionToPermission, PermissionTreeUtil.toComponenets(str));
        if (debug) {
            log.debug("Allowed roles for the ResourceID: " + str + " Action: " + str2);
            for (String str3 : (String[]) allowedRolesForResource.getAllowedEntities().toArray(new String[allowedRolesForResource.getAllowedEntities().size()])) {
                log.debug("role: " + str3);
            }
        }
        return (String[]) allowedRolesForResource.getAllowedEntities().toArray(new String[allowedRolesForResource.getAllowedEntities().size()]);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public String[] getExplicitlyAllowedUsersForResource(String str, String str2) throws UserStoreException {
        if (str != null) {
            str = str.toLowerCase();
        }
        if (!isSecureCall.get().booleanValue()) {
            return (String[]) callSecure("getExplicitlyAllowedUsersForResource", new Object[]{str, str2}, new Class[]{String.class, String.class});
        }
        TreeNode.Permission actionToPermission = PermissionTreeUtil.actionToPermission(str2);
        this.permissionTree.updatePermissionTree();
        SearchResult allowedUsersForResource = this.permissionTree.getAllowedUsersForResource(null, null, actionToPermission, PermissionTreeUtil.toComponenets(str));
        if (debug) {
            log.debug("Explicitly allowed roles for the ResourceID: " + str + " Action: " + str2);
            for (String str3 : (String[]) allowedUsersForResource.getAllowedEntities().toArray(new String[allowedUsersForResource.getAllowedEntities().size()])) {
                log.debug("role: " + str3);
            }
        }
        return (String[]) allowedUsersForResource.getAllowedEntities().toArray(new String[allowedUsersForResource.getAllowedEntities().size()]);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public String[] getDeniedRolesForResource(String str, String str2) throws UserStoreException {
        if (str != null) {
            str = str.toLowerCase();
        }
        if (!isSecureCall.get().booleanValue()) {
            return (String[]) callSecure("getDeniedRolesForResource", new Object[]{str, str2}, new Class[]{String.class, String.class});
        }
        TreeNode.Permission actionToPermission = PermissionTreeUtil.actionToPermission(str2);
        this.permissionTree.updatePermissionTree();
        SearchResult deniedRolesForResource = this.permissionTree.getDeniedRolesForResource(null, null, actionToPermission, PermissionTreeUtil.toComponenets(str));
        return (String[]) deniedRolesForResource.getDeniedEntities().toArray(new String[deniedRolesForResource.getAllowedEntities().size()]);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public String[] getExplicitlyDeniedUsersForResource(String str, String str2) throws UserStoreException {
        if (str != null) {
            str = str.toLowerCase();
        }
        if (!isSecureCall.get().booleanValue()) {
            return (String[]) callSecure("getExplicitlyDeniedUsersForResource", new Object[]{str, str2}, new Class[]{String.class, String.class});
        }
        TreeNode.Permission actionToPermission = PermissionTreeUtil.actionToPermission(str2);
        this.permissionTree.updatePermissionTree();
        SearchResult deniedUsersForResource = this.permissionTree.getDeniedUsersForResource(null, null, actionToPermission, PermissionTreeUtil.toComponenets(str));
        return (String[]) deniedUsersForResource.getDeniedEntities().toArray(new String[deniedUsersForResource.getAllowedEntities().size()]);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public String[] getAllowedUIResourcesForUser(String str, String str2) throws UserStoreException {
        if (!isSecureCall.get().booleanValue()) {
            return (String[]) callSecure("getAllowedUIResourcesForUser", new Object[]{str, str2}, new Class[]{String.class, String.class});
        }
        if (this.verifyByRetrievingAllUserRoles) {
            ArrayList arrayList = new ArrayList();
            String[] roleListOfUser = this.userRealm.getUserStoreManager().getRoleListOfUser(str);
            this.permissionTree.updatePermissionTree();
            this.permissionTree.getUIResourcesForRoles(roleListOfUser, arrayList, str2);
            return UserCoreUtil.optimizePermissions((String[]) arrayList.toArray(new String[arrayList.size()]));
        }
        ArrayList arrayList2 = new ArrayList();
        List<String> uIPermissionId = getUIPermissionId();
        if (uIPermissionId != null) {
            for (String str3 : uIPermissionId) {
                if (isUserAuthorized(str, str3, CarbonConstants.UI_PERMISSION_ACTION)) {
                    if (str2 == null) {
                        arrayList2.add(str3);
                    } else if (str3.contains(str2)) {
                        arrayList2.add(str3);
                    }
                }
            }
        }
        String[] optimizePermissions = UserCoreUtil.optimizePermissions((String[]) arrayList2.toArray(new String[arrayList2.size()]));
        if (debug) {
            log.debug("Allowed UI Resources for User: " + str + " in permissionRootPath: " + str2);
            for (String str4 : optimizePermissions) {
                log.debug("Resource: " + str4);
            }
        }
        return optimizePermissions;
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public void authorizeRole(String str, String str2, String str3) throws UserStoreException {
        if (!this.preserveCaseForResources && str2 != null) {
            str2 = str2.toLowerCase();
        }
        if (!isSecureCall.get().booleanValue()) {
            callSecure("authorizeRole", new Object[]{str, str2, str3}, new Class[]{String.class, String.class, String.class});
            return;
        }
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().authorizeRole(str, str2, str3, this)) {
                return;
            }
        }
        if (str2 == null || str3 == null) {
            log.error("Invalid data provided at authorization code");
            throw new UserStoreException("Invalid data provided");
        }
        addAuthorizationForRole(str, str2, str3, (short) 1, true);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public void denyRole(String str, String str2, String str3) throws UserStoreException {
        if (!this.preserveCaseForResources && str2 != null) {
            str2 = str2.toLowerCase();
        }
        if (!isSecureCall.get().booleanValue()) {
            callSecure("denyRole", new Object[]{str, str2, str3}, new Class[]{String.class, String.class, String.class});
            return;
        }
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().denyRole(str, str2, str3, this)) {
                return;
            }
        }
        if (str2 == null || str3 == null) {
            log.error("Invalid data provided at authorization code");
            throw new UserStoreException("Invalid data provided");
        }
        addAuthorizationForRole(str, str2, str3, (short) 0, true);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public void authorizeUser(String str, String str2, String str3) throws UserStoreException {
        if (!isSecureCall.get().booleanValue()) {
            callSecure("authorizeUser", new Object[]{str, str2, str3}, new Class[]{String.class, String.class, String.class});
            return;
        }
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().authorizeUser(str, str2, str3, this)) {
                return;
            }
        }
        if (str2 == null || str3 == null) {
            log.error("Invalid data provided at authorization code");
            throw new UserStoreException("Invalid data provided");
        }
        if (!this.preserveCaseForResources) {
            str2 = str2.toLowerCase();
        }
        addAuthorizationForUser(str, str2, str3, (short) 1, true);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public void denyUser(String str, String str2, String str3) throws UserStoreException {
        if (!isSecureCall.get().booleanValue()) {
            callSecure("denyUser", new Object[]{str, str2, str3}, new Class[]{String.class, String.class, String.class});
            return;
        }
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().denyUser(str, str2, str3, this)) {
                return;
            }
        }
        if (str2 == null || str3 == null) {
            log.error("Invalid data provided at authorization code");
            throw new UserStoreException("Invalid data provided");
        }
        if (!this.preserveCaseForResources) {
            str2 = str2.toLowerCase();
        }
        addAuthorizationForUser(str, str2, str3, (short) 0, true);
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public void clearResourceAuthorizations(String str) throws UserStoreException {
        if (!this.preserveCaseForResources && str != null) {
            str = str.toLowerCase();
        }
        if (!isSecureCall.get().booleanValue()) {
            callSecure("clearResourceAuthorizations", new Object[]{str}, new Class[]{String.class});
            return;
        }
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().clearResourceAuthorizations(str, this)) {
                return;
            }
        }
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                if (this.isCascadeDeleteEnabled == null || !Boolean.parseBoolean(this.isCascadeDeleteEnabled)) {
                    DatabaseUtil.updateDatabase(connection, this.realmConfig.getAuthzProperties().get(DELETE_ROLE_PERMISSIONS), str, Integer.valueOf(this.tenantId));
                    DatabaseUtil.updateDatabase(connection, this.realmConfig.getAuthzProperties().get(DELETE_USER_PERMISSIONS), str, Integer.valueOf(this.tenantId));
                }
                DatabaseUtil.updateDatabase(connection, DBConstants.DELETE_PERMISSION_SQL, str, Integer.valueOf(this.tenantId));
                this.permissionTree.clearResourceAuthorizations(str);
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, new PreparedStatement[0]);
            } catch (SQLException e) {
                String str2 = "Error occurred while clearing resource authorizations for resource id : " + str;
                if (log.isDebugEnabled()) {
                    log.debug(str2, e);
                }
                throw new UserStoreException(str2, e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, new PreparedStatement[0]);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public void clearRoleAuthorization(String str, String str2, String str3) throws UserStoreException {
        if (!this.preserveCaseForResources && str2 != null) {
            str2 = str2.toLowerCase();
        }
        if (!isSecureCall.get().booleanValue()) {
            callSecure("clearRoleAuthorization", new Object[]{str, str2, str3}, new Class[]{String.class, String.class, String.class});
            return;
        }
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().clearRoleAuthorization(str, str2, str3, this)) {
                return;
            }
        }
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                String extractDomainFromName = UserCoreUtil.extractDomainFromName(str);
                if (extractDomainFromName != null) {
                    extractDomainFromName = extractDomainFromName.toUpperCase();
                }
                DatabaseUtil.updateDatabase(connection, DBConstants.DELETE_ROLE_PERMISSION_SQL, UserCoreUtil.removeDomainFromName(str), str2, str3, Integer.valueOf(this.tenantId), Integer.valueOf(this.tenantId), Integer.valueOf(this.tenantId), extractDomainFromName);
                this.permissionTree.clearRoleAuthorization(str, str2, str3);
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, new PreparedStatement[0]);
            } catch (SQLException e) {
                String str4 = "Error occurred while clearing role authorizations for role : " + str + " & resource id : " + str2 + " & action : " + str3;
                if (log.isDebugEnabled()) {
                    log.debug(str4, e);
                }
                throw new UserStoreException(str4, e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, new PreparedStatement[0]);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public void clearUserAuthorization(String str, String str2, String str3) throws UserStoreException {
        if (!isSecureCall.get().booleanValue()) {
            callSecure("clearUserAuthorization", new Object[]{str, str2, str3}, new Class[]{String.class, String.class, String.class});
            return;
        }
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().clearUserAuthorization(str, str2, str3, this)) {
                return;
            }
        }
        this.authorizationCache.clearCacheEntry(this.cacheIdentifier, this.tenantId, str, str2, str3);
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                getPermissionId(connection, str2, str3);
                DatabaseUtil.updateDatabase(connection, DBConstants.DELETE_USER_PERMISSION_SQL, str, str2, str3, Integer.valueOf(this.tenantId), Integer.valueOf(this.tenantId));
                this.permissionTree.clearUserAuthorization(str, str2, str3);
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, null);
            } catch (SQLException e) {
                String str4 = "Error occurred while clearing role authorizations for user : " + str + " & resource id : " + str2 + " & action : " + str3;
                if (log.isDebugEnabled()) {
                    log.debug(str4, e);
                }
                throw new UserStoreException(str4, e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, null);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public void clearRoleActionOnAllResources(String str, String str2) throws UserStoreException {
        if (!isSecureCall.get().booleanValue()) {
            callSecure("clearRoleActionOnAllResources", new Object[]{str, str2}, new Class[]{String.class, String.class});
            return;
        }
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().clearRoleActionOnAllResources(str, str2, this)) {
                return;
            }
        }
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                this.permissionTree.clearRoleAuthorization(str, str2);
                String extractDomainFromName = UserCoreUtil.extractDomainFromName(str);
                if (extractDomainFromName != null) {
                    extractDomainFromName = extractDomainFromName.toUpperCase();
                }
                DatabaseUtil.updateDatabase(connection, DBConstants.DELETE_ROLE_PERMISSIONS_BASED_ON_ACTION, UserCoreUtil.removeDomainFromName(str), str2, Integer.valueOf(this.tenantId), Integer.valueOf(this.tenantId), Integer.valueOf(this.tenantId), extractDomainFromName);
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, null);
            } catch (SQLException e) {
                String str3 = "Error occurred while clearing role action on all resources for role : " + str + " & action : " + str2;
                if (log.isDebugEnabled()) {
                    log.debug(str3, e);
                }
                throw new UserStoreException(str3, e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, null);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public void clearRoleAuthorization(String str) throws UserStoreException {
        if (!isSecureCall.get().booleanValue()) {
            callSecure("clearRoleAuthorization", new Object[]{str}, new Class[]{String.class});
            return;
        }
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().clearRoleAuthorization(str, this)) {
                return;
            }
        }
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                this.permissionTree.clearRoleAuthorization(str);
                String extractDomainFromName = UserCoreUtil.extractDomainFromName(str);
                if (extractDomainFromName != null) {
                    extractDomainFromName = extractDomainFromName.toUpperCase();
                }
                DatabaseUtil.updateDatabase(connection, DBConstants.ON_DELETE_ROLE_DELETE_PERMISSION_SQL, UserCoreUtil.removeDomainFromName(str), Integer.valueOf(this.tenantId), Integer.valueOf(this.tenantId), extractDomainFromName);
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, null);
            } catch (SQLException e) {
                String str2 = "Error occurred while clearing role authorizations for role : " + str;
                if (log.isDebugEnabled()) {
                    log.debug(str2, e);
                }
                throw new UserStoreException(str2, e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, null);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public void clearUserAuthorization(String str) throws UserStoreException {
        if (!isSecureCall.get().booleanValue()) {
            callSecure("clearUserAuthorization", new Object[]{str}, new Class[]{String.class});
            return;
        }
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().clearUserAuthorization(str, this)) {
                return;
            }
        }
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                this.permissionTree.clearUserAuthorization(str);
                DatabaseUtil.updateDatabase(connection, DBConstants.ON_DELETE_USER_DELETE_PERMISSION_SQL, str, Integer.valueOf(this.tenantId));
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, null);
            } catch (SQLException e) {
                String str2 = "Error occurred while clearing user authorizations for user : " + str;
                if (log.isDebugEnabled()) {
                    log.debug(str2, e);
                }
                throw new UserStoreException(str2, e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, null);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public void resetPermissionOnUpdateRole(String str, String str2) throws UserStoreException {
        if (!isSecureCall.get().booleanValue()) {
            callSecure("resetPermissionOnUpdateRole", new Object[]{str, str2}, new Class[]{String.class, String.class});
            return;
        }
        Iterator<AuthorizationManagerListener> it = UMListenerServiceComponent.getAuthorizationManagerListeners().iterator();
        while (it.hasNext()) {
            if (!it.next().resetPermissionOnUpdateRole(str, str2, this)) {
                return;
            }
        }
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        if (DBConstants.UPDATE_UM_ROLE_NAME_PERMISSION_SQL == 0) {
            throw new UserStoreException("The sql statement for update role name is null");
        }
        Connection connection = null;
        try {
            try {
                connection = getDBConnection();
                this.permissionTree.updateRoleNameInCache(str, str2);
                String extractDomainFromName = UserCoreUtil.extractDomainFromName(str2);
                str2 = UserCoreUtil.removeDomainFromName(str2);
                str = UserCoreUtil.removeDomainFromName(str);
                if (extractDomainFromName != null) {
                    extractDomainFromName = extractDomainFromName.toUpperCase();
                }
                DatabaseUtil.updateDatabase(connection, DBConstants.UPDATE_UM_ROLE_NAME_PERMISSION_SQL, str2, str, Integer.valueOf(this.tenantId), Integer.valueOf(this.tenantId), extractDomainFromName);
                connection.commit();
                DatabaseUtil.closeAllConnections(connection, null);
            } catch (SQLException e) {
                String str3 = "Error occurred while resetting permission on update role : " + str + " & to new role : " + str2;
                if (log.isDebugEnabled()) {
                    log.debug(str3, e);
                }
                throw new UserStoreException(str3, e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, null);
            throw th;
        }
    }

    public void addAuthorization(String str, String str2, String str3, boolean z, boolean z2) throws UserStoreException {
        if (!this.preserveCaseForResources && str2 != null) {
            str2 = str2.toLowerCase();
        }
        if (!isSecureCall.get().booleanValue()) {
            callSecure("addAuthorization", new Object[]{str, str2, str3, Boolean.valueOf(z), Boolean.valueOf(z2)}, new Class[]{String.class, String.class, String.class, Boolean.TYPE, Boolean.TYPE});
            return;
        }
        short s = 0;
        if (z) {
            s = 1;
        }
        if (z2) {
            addAuthorizationForRole(str, str2, str3, s, false);
        } else {
            addAuthorizationForUser(str, str2, str3, s, false);
        }
    }

    private void addAuthorizationForRole(String str, String str2, String str3, short s, boolean z) throws UserStoreException {
        boolean z2;
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        short s2 = -1;
        try {
            try {
                connection = getDBConnection();
                int permissionId = getPermissionId(connection, str2, str3);
                String extractDomainFromName = UserCoreUtil.extractDomainFromName(str);
                if (extractDomainFromName != null) {
                    extractDomainFromName = extractDomainFromName.toUpperCase();
                }
                if (UserCoreUtil.isSystemRole(str, this.tenantId, this.dataSource)) {
                    extractDomainFromName = UserCoreConstants.SYSTEM_DOMAIN_NAME;
                } else if (extractDomainFromName == null) {
                    extractDomainFromName = "PRIMARY";
                }
                preparedStatement = connection.prepareStatement(UserCoreDBConstants.IS_EXISTING_ROLE_PERMISSION_MAPPING);
                preparedStatement.setString(1, UserCoreUtil.removeDomainFromName(str));
                preparedStatement.setString(2, str2);
                preparedStatement.setString(3, str3);
                preparedStatement.setInt(4, this.tenantId);
                preparedStatement.setInt(5, this.tenantId);
                preparedStatement.setInt(6, this.tenantId);
                preparedStatement.setString(7, extractDomainFromName);
                resultSet = preparedStatement.executeQuery();
                if (resultSet == null || !resultSet.next()) {
                    z2 = false;
                } else {
                    s2 = resultSet.getShort(2);
                    z2 = true;
                }
                if (z2 && s2 != s) {
                    DatabaseUtil.updateDatabase(connection, DBConstants.DELETE_ROLE_PERMISSION_SQL, UserCoreUtil.removeDomainFromName(str), str2, str3, Integer.valueOf(this.tenantId), Integer.valueOf(this.tenantId), Integer.valueOf(this.tenantId), extractDomainFromName);
                    z2 = false;
                }
                if (!z2) {
                    if (log.isDebugEnabled()) {
                        log.debug("Adding permission Id: " + permissionId + " to the role: " + UserCoreUtil.removeDomainFromName(str) + " of tenant: " + this.tenantId + " of domain: " + extractDomainFromName + " to resource: " + str2);
                    }
                    DatabaseUtil.updateDatabase(connection, DBConstants.ADD_ROLE_PERMISSION_SQL, Integer.valueOf(permissionId), UserCoreUtil.removeDomainFromName(str), Short.valueOf(s), Integer.valueOf(this.tenantId), Integer.valueOf(this.tenantId), extractDomainFromName);
                }
                if (z) {
                    if (s == 1) {
                        this.permissionTree.authorizeRoleInTree(str, str2, str3, true);
                    } else {
                        this.permissionTree.denyRoleInTree(str, str2, str3, true);
                    }
                }
                connection.commit();
                if (resultSet != null) {
                    try {
                        resultSet.close();
                    } catch (SQLException e) {
                        log.error("Closing result set failed when adding role permission", e);
                    }
                }
                DatabaseUtil.closeAllConnections(connection, preparedStatement);
            } catch (Exception e2) {
                if (connection != null) {
                    try {
                        connection.rollback();
                    } catch (SQLException e3) {
                        throw new UserStoreException("Error in connection rollback ", e3);
                    }
                }
                if (log.isDebugEnabled()) {
                    log.debug("Error! " + e2.getMessage(), e2);
                }
                throw new UserStoreException("Error! " + e2.getMessage(), e2);
            }
        } catch (Throwable th) {
            if (resultSet != null) {
                try {
                    resultSet.close();
                } catch (SQLException e4) {
                    log.error("Closing result set failed when adding role permission", e4);
                }
            }
            DatabaseUtil.closeAllConnections(connection, preparedStatement);
            throw th;
        }
    }

    private void addAuthorizationForUser(String str, String str2, String str3, short s, boolean z) throws UserStoreException {
        boolean z2;
        this.authorizationCache.clearCacheByTenant(this.tenantId);
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        short s2 = -1;
        try {
            try {
                connection = getDBConnection();
                int permissionId = getPermissionId(connection, str2, str3);
                preparedStatement = connection.prepareStatement(UserCoreDBConstants.IS_EXISTING_USER_PERMISSION_MAPPING);
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, str2);
                preparedStatement.setString(3, str3);
                preparedStatement.setInt(4, this.tenantId);
                preparedStatement.setInt(5, this.tenantId);
                resultSet = preparedStatement.executeQuery();
                if (resultSet == null || !resultSet.next()) {
                    z2 = false;
                } else {
                    s2 = resultSet.getShort(2);
                    z2 = true;
                }
                if (z2 && s2 != s) {
                    DatabaseUtil.updateDatabase(connection, DBConstants.DELETE_USER_PERMISSION_SQL, str, str2, str3, Integer.valueOf(this.tenantId), Integer.valueOf(this.tenantId));
                    z2 = false;
                }
                if (!z2) {
                    if (log.isDebugEnabled()) {
                        log.debug("Adding permission Id: " + permissionId + " to the user: " + str + " of tenant: " + this.tenantId + " to resource: " + str2);
                    }
                    DatabaseUtil.updateDatabase(connection, DBConstants.ADD_USER_PERMISSION_SQL, Integer.valueOf(permissionId), str, Short.valueOf(s), Integer.valueOf(this.tenantId));
                }
                if (z) {
                    if (s == 1) {
                        this.permissionTree.authorizeUserInTree(str, str2, str3, true);
                    } else {
                        this.permissionTree.denyUserInTree(str, str2, str3, true);
                        this.authorizationCache.clearCacheEntry(this.cacheIdentifier, this.tenantId, str, str2, str3);
                    }
                }
                connection.commit();
                if (resultSet != null) {
                    try {
                        resultSet.close();
                    } catch (SQLException e) {
                        log.error("Closing result set failed when adding user permission", e);
                    }
                }
                DatabaseUtil.closeAllConnections(connection, preparedStatement);
            } catch (Exception e2) {
                if (connection != null) {
                    try {
                        connection.rollback();
                    } catch (SQLException e3) {
                        throw new UserStoreException("Error in connection rollback ", e3);
                    }
                }
                if (log.isDebugEnabled()) {
                    log.debug("Error! " + e2.getMessage(), e2);
                }
                throw new UserStoreException("Error! " + e2.getMessage(), e2);
            }
        } catch (Throwable th) {
            if (resultSet != null) {
                try {
                    resultSet.close();
                } catch (SQLException e4) {
                    log.error("Closing result set failed when adding user permission", e4);
                }
            }
            DatabaseUtil.closeAllConnections(connection, preparedStatement);
            throw th;
        }
    }

    private List<String> getUIPermissionId() throws UserStoreException {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        ArrayList arrayList = new ArrayList();
        try {
            try {
                connection = getDBConnection();
                preparedStatement = connection.prepareStatement(DBConstants.GET_PERMISSION_SQL);
                preparedStatement.setString(1, CarbonConstants.UI_PERMISSION_ACTION);
                preparedStatement.setInt(2, this.tenantId);
                resultSet = preparedStatement.executeQuery();
                if (resultSet != null) {
                    while (resultSet.next()) {
                        arrayList.add(resultSet.getString(1));
                    }
                }
                DatabaseUtil.closeAllConnections(connection, resultSet, preparedStatement);
                return arrayList;
            } catch (SQLException e) {
                if (log.isDebugEnabled()) {
                    log.debug("Error occurred while getting UI permission ID", e);
                }
                throw new UserStoreException("Error occurred while getting UI permission ID", e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(connection, resultSet, preparedStatement);
            throw th;
        }
    }

    private int getPermissionId(Connection connection, String str, String str2) throws UserStoreException {
        int permissionIdFromStore = getPermissionIdFromStore(connection, str, str2);
        if (permissionIdFromStore == -1) {
            addPermissionId(connection, str, str2);
            permissionIdFromStore = getPermissionIdFromStore(connection, str, str2);
            if (permissionIdFromStore == -1) {
                throw new UserStoreException("Error occurred while getting UI permission ID for resource id : " + str + " & action : " + str2);
            }
        }
        return permissionIdFromStore;
    }

    /* JADX WARN: Finally extract failed */
    private int getPermissionIdFromStore(Connection connection, String str, String str2) throws UserStoreException {
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        int i = -1;
        try {
            try {
                preparedStatement = connection.prepareStatement(DBConstants.GET_PERMISSION_ID_SQL);
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, str2);
                preparedStatement.setInt(3, this.tenantId);
                resultSet = preparedStatement.executeQuery();
                if (resultSet.next()) {
                    i = resultSet.getInt(1);
                }
                int i2 = i;
                DatabaseUtil.closeAllConnections(null, resultSet, preparedStatement);
                return i2;
            } catch (SQLException e) {
                String str3 = "Error occurred while getting UI permission ID for resource id : " + str + " & action : " + str2;
                if (log.isDebugEnabled()) {
                    log.debug(str3, e);
                }
                throw new UserStoreException(str3, e);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(null, resultSet, preparedStatement);
            throw th;
        }
    }

    private void addPermissionId(Connection connection, String str, String str2) throws UserStoreException {
        PreparedStatement preparedStatement = null;
        try {
            try {
                try {
                    preparedStatement = connection.prepareStatement(DBConstants.ADD_PERMISSION_SQL);
                    preparedStatement.setString(1, str);
                    preparedStatement.setString(2, str2);
                    preparedStatement.setInt(3, this.tenantId);
                    int executeUpdate = preparedStatement.executeUpdate();
                    connection.commit();
                    if (log.isDebugEnabled()) {
                        log.debug("Executed query is INSERT INTO UM_PERMISSION (UM_RESOURCE_ID, UM_ACTION, UM_TENANT_ID) VALUES (?, ?, ?) and number of updated rows :: " + executeUpdate);
                    }
                    DatabaseUtil.closeAllConnections(null, preparedStatement);
                } catch (SQLException e) {
                    String str3 = "Error occurred while adding UI permission ID for resource id : " + str + " & action : " + str2;
                    if (log.isDebugEnabled()) {
                        log.debug(str3, e);
                    }
                    throw new UserStoreException(str3, e);
                }
            } catch (SQLIntegrityConstraintViolationException e2) {
                if (log.isDebugEnabled()) {
                    log.debug(e2.getMessage(), e2);
                }
                DatabaseUtil.closeAllConnections(null, preparedStatement);
            }
        } catch (Throwable th) {
            DatabaseUtil.closeAllConnections(null, preparedStatement);
            throw th;
        }
    }

    private Connection getDBConnection() throws SQLException {
        Connection connection = this.dataSource.getConnection();
        connection.setAutoCommit(false);
        return connection;
    }

    public void populatePermissionTreeFromDB() throws UserStoreException {
        if (isSecureCall.get().booleanValue()) {
            this.permissionTree.updatePermissionTreeFromDB();
        } else {
            callSecure("populatePermissionTreeFromDB", new Object[0], new Class[0]);
        }
    }

    public void clearPermissionTree() {
        if (isSecureCall.get().booleanValue()) {
            this.permissionTree.clear();
            this.authorizationCache.clearCache();
            return;
        }
        try {
            callSecure("clearPermissionTree", new Object[0], new Class[0]);
        } catch (UserStoreException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while clearing Permission Tree : " + e);
            }
        }
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager, org.wso2.carbon.user.api.AuthorizationManager
    public int getTenantId() throws UserStoreException {
        return this.tenantId;
    }

    private void addInitialData() throws UserStoreException {
        String authorizationManagerProperty = this.realmConfig.getAuthorizationManagerProperty(UserCoreConstants.RealmConfig.PROPERTY_EVERYONEROLE_AUTHORIZATION);
        if (authorizationManagerProperty != null) {
            String everyOneRoleName = this.realmConfig.getEveryOneRoleName();
            for (String str : authorizationManagerProperty.split(",")) {
                if (!isRoleAuthorized(everyOneRoleName, str, CarbonConstants.UI_PERMISSION_ACTION)) {
                    authorizeRole(everyOneRoleName, str, CarbonConstants.UI_PERMISSION_ACTION);
                }
            }
        }
        String authorizationManagerProperty2 = this.realmConfig.getAuthorizationManagerProperty(UserCoreConstants.RealmConfig.PROPERTY_ADMINROLE_AUTHORIZATION);
        if (authorizationManagerProperty2 != null) {
            String[] split = authorizationManagerProperty2.split(",");
            String adminRoleName = this.realmConfig.getAdminRoleName();
            for (String str2 : split) {
                if (!isRoleAuthorized(adminRoleName, str2, CarbonConstants.UI_PERMISSION_ACTION)) {
                    if (this.userRealm.getUserStoreManager().isReadOnly()) {
                        String str3 = this.realmConfig.getUserStoreProperties().get(LDAPConstants.READ_LDAP_GROUPS);
                        if (str3 == null) {
                            authorizeRole("Internal" + CarbonConstants.DOMAIN_SEPARATOR + UserCoreUtil.removeDomainFromName(adminRoleName), str2, CarbonConstants.UI_PERMISSION_ACTION);
                            return;
                        } else if (!Boolean.parseBoolean(str3)) {
                            authorizeRole("Internal" + CarbonConstants.DOMAIN_SEPARATOR + UserCoreUtil.removeDomainFromName(adminRoleName), str2, CarbonConstants.UI_PERMISSION_ACTION);
                            return;
                        }
                    }
                    adminRoleName = UserCoreUtil.addDomainToName(adminRoleName, this.realmConfig.getUserStoreProperty("DomainName"));
                    authorizeRole(adminRoleName, str2, CarbonConstants.UI_PERMISSION_ACTION);
                }
            }
        }
    }

    @Override // org.wso2.carbon.user.core.AuthorizationManager
    public String[] normalizeRoles(String[] strArr) {
        if (strArr == null || strArr.length <= 0) {
            return strArr;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            int indexOf = str.indexOf("@".toLowerCase());
            if (indexOf >= 0) {
                arrayList.add(str.substring(0, indexOf));
            } else {
                arrayList.add(str);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private Object callSecure(String str, final Object[] objArr, Class[] clsArr) throws UserStoreException {
        isSecureCall.set(Boolean.TRUE);
        try {
            final Method declaredMethod = Class.forName("org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager").getDeclaredMethod(str, clsArr);
            try {
                try {
                    Object doPrivileged = AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager.2
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            return declaredMethod.invoke(this, objArr);
                        }
                    });
                    isSecureCall.set(Boolean.FALSE);
                    return doPrivileged;
                } catch (PrivilegedActionException e) {
                    if (e.getCause() != null && e.getCause().getCause() != null && (e.getCause().getCause() instanceof UserStoreException)) {
                        throw new UserStoreException(e.getCause().getCause().getMessage(), e);
                    }
                    log.error("Error occurred while accessing Java Security Manager Privilege Block");
                    throw new UserStoreException("Error occurred while accessing Java Security Manager Privilege Block", e);
                }
            } catch (Throwable th) {
                isSecureCall.set(Boolean.FALSE);
                throw th;
            }
        } catch (ClassNotFoundException e2) {
            log.error("Error occurred when calling class " + str, e2);
            throw new UserStoreException(e2);
        } catch (NoSuchMethodException e3) {
            log.error("Error occurred when calling method " + str, e3);
            throw new UserStoreException(e3);
        }
    }
}
