package org.wso2.carbon.registry.core.secure;

import java.util.Arrays;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.registry.core.ActionConstants;
import org.wso2.carbon.registry.core.config.RegistryContext;
import org.wso2.carbon.registry.core.utils.RegistryUtils;
import org.wso2.carbon.user.core.AuthorizationManager;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.common.AbstractAuthorizationManagerListener;
import org.wso2.carbon.user.core.listener.AuthorizationManagerListener;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.registry.core-4.6.1-m5.jar:org/wso2/carbon/registry/core/secure/AuthorizeRoleListener.class */
public class AuthorizeRoleListener extends AbstractAuthorizationManagerListener implements AuthorizationManagerListener {
    private int executionId;
    private String path;
    private String permission;
    private String executeAction;
    private List<String> actions;
    private ThreadLocal<Boolean> clearRoleActionOnAllResourcesStarted = new ThreadLocal<Boolean>() { // from class: org.wso2.carbon.registry.core.secure.AuthorizeRoleListener.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public Boolean initialValue() {
            return false;
        }
    };
    private ThreadLocal<Boolean> authorizeRoleStarted = new ThreadLocal<Boolean>() { // from class: org.wso2.carbon.registry.core.secure.AuthorizeRoleListener.2
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public Boolean initialValue() {
            return false;
        }
    };
    private static final Log log = LogFactory.getLog(AuthorizeRoleListener.class);

    public AuthorizeRoleListener(int i, String str, String str2, String str3, String[] strArr) {
        this.executionId = 20;
        this.path = null;
        this.permission = null;
        this.executeAction = null;
        this.actions = Arrays.asList(ActionConstants.GET, ActionConstants.PUT, ActionConstants.DELETE);
        this.executionId = i;
        this.path = str;
        this.permission = str2;
        this.executeAction = str3;
        if (strArr != null) {
            this.actions = Arrays.asList(strArr);
        }
    }

    @Override // org.wso2.carbon.user.core.listener.AuthorizationManagerListener
    public int getExecutionOrderId() {
        return this.executionId;
    }

    @Override // org.wso2.carbon.user.core.common.AbstractAuthorizationManagerListener, org.wso2.carbon.user.core.listener.AuthorizationManagerListener
    public boolean clearRoleActionOnAllResources(String str, String str2, AuthorizationManager authorizationManager) throws UserStoreException {
        if (this.clearRoleActionOnAllResourcesStarted.get() != null && this.clearRoleActionOnAllResourcesStarted.get().booleanValue()) {
            return true;
        }
        this.clearRoleActionOnAllResourcesStarted.set(true);
        authorizationManager.clearRoleActionOnAllResources(str, str2);
        this.clearRoleActionOnAllResourcesStarted.set(false);
        try {
            if (this.executeAction.equals(str2)) {
                for (String str3 : this.actions) {
                    boolean z = false;
                    for (String str4 : authorizationManager.getDeniedRolesForResource(this.path, str3)) {
                        if (str4.equals(str)) {
                            z = true;
                        }
                    }
                    if (!z) {
                        authorizationManager.clearRoleAuthorization(str, this.path, str3);
                    }
                }
            }
            return false;
        } catch (Exception e) {
            log.warn("Unable to clear role authorization", e);
            log.debug("Caused by: ", e);
            return true;
        }
    }

    @Override // org.wso2.carbon.user.core.common.AbstractAuthorizationManagerListener, org.wso2.carbon.user.core.listener.AuthorizationManagerListener
    public boolean authorizeRole(String str, String str2, String str3, AuthorizationManager authorizationManager) throws UserStoreException {
        if (this.authorizeRoleStarted.get() != null && this.authorizeRoleStarted.get().booleanValue()) {
            return true;
        }
        this.authorizeRoleStarted.set(true);
        authorizationManager.authorizeRole(str, str2, str3);
        try {
            try {
                if (this.permission.startsWith(RegistryUtils.getRelativePath(RegistryContext.getBaseInstance(), str2)) && this.executeAction.equals(str3)) {
                    for (String str4 : this.actions) {
                        boolean z = false;
                        for (String str5 : authorizationManager.getDeniedRolesForResource(this.path, str4)) {
                            if (str5.equals(str)) {
                                z = true;
                            }
                        }
                        if (!z) {
                            authorizationManager.authorizeRole(str, this.path, str4);
                        }
                    }
                }
                return false;
            } catch (Exception e) {
                log.warn("Unable to set role authorization", e);
                log.debug("Caused by: ", e);
                this.authorizeRoleStarted.set(false);
                return true;
            }
        } finally {
            this.authorizeRoleStarted.set(Boolean.valueOf(false));
        }
    }
}
