package org.jasig.portal.security.provider;

import java.util.Date;
import java.util.Iterator;
import org.jasig.portal.AuthorizationException;
import org.jasig.portal.groups.GroupsException;
import org.jasig.portal.groups.IGroupMember;
import org.jasig.portal.security.IAuthorizationPrincipal;
import org.jasig.portal.security.IAuthorizationService;
import org.jasig.portal.security.IPermission;
import org.jasig.portal.security.IPermissionPolicy;

/* loaded from: input_file:org/jasig/portal/security/provider/DefaultPermissionPolicy.class */
public class DefaultPermissionPolicy implements IPermissionPolicy {
    @Override // org.jasig.portal.security.IPermissionPolicy
    public boolean doesPrincipalHavePermission(IAuthorizationService iAuthorizationService, IAuthorizationPrincipal iAuthorizationPrincipal, String str, String str2, String str3) throws AuthorizationException {
        IPermission[] permissionsForPrincipal = iAuthorizationService.getPermissionsForPrincipal(iAuthorizationPrincipal, str, str2, str3);
        if (permissionsForPrincipal.length == 1) {
            return permissionIsGranted(permissionsForPrincipal[0]);
        }
        if (permissionsForPrincipal.length > 1) {
            throw new AuthorizationException("Duplicate permissions for: " + permissionsForPrincipal[0]);
        }
        boolean z = false;
        try {
            Iterator allContainingGroups = iAuthorizationService.getGroupMember(iAuthorizationPrincipal).getAllContainingGroups();
            while (allContainingGroups.hasNext() && !z) {
                z = primDoesPrincipalHavePermission(iAuthorizationService.newPrincipal((IGroupMember) allContainingGroups.next()), str, str2, str3, iAuthorizationService);
            }
            return z;
        } catch (GroupsException e) {
            throw new AuthorizationException(e);
        }
    }

    private boolean permissionIsGranted(IPermission iPermission) {
        Date date = new Date();
        return iPermission.getType().equals(IPermission.PERMISSION_TYPE_GRANT) && (iPermission.getEffective() == null || !iPermission.getEffective().after(date)) && (iPermission.getExpires() == null || iPermission.getExpires().after(date));
    }

    private boolean primDoesPrincipalHavePermission(IAuthorizationPrincipal iAuthorizationPrincipal, String str, String str2, String str3, IAuthorizationService iAuthorizationService) throws AuthorizationException {
        IPermission[] permissionsForPrincipal = iAuthorizationService.getPermissionsForPrincipal(iAuthorizationPrincipal, str, str2, str3);
        if (permissionsForPrincipal.length == 0) {
            return false;
        }
        if (permissionsForPrincipal.length == 1) {
            return permissionIsGranted(permissionsForPrincipal[0]);
        }
        throw new AuthorizationException("Duplicate permissions for: " + permissionsForPrincipal[0]);
    }
}
