package blackboard.platform.security.impl;

import blackboard.base.BbList;
import blackboard.base.InitializationException;
import blackboard.data.Identifiable;
import blackboard.data.course.Course;
import blackboard.data.course.CourseMembership;
import blackboard.data.gradebook.impl.Outcome;
import blackboard.data.user.User;
import blackboard.persist.Id;
import blackboard.persist.KeyNotFoundException;
import blackboard.persist.PersistenceException;
import blackboard.persist.course.CourseMembershipDbLoader;
import blackboard.persist.user.UserDbLoader;
import blackboard.platform.BbServiceException;
import blackboard.platform.BbServiceManager;
import blackboard.platform.config.ConfigurationService;
import blackboard.platform.context.Context;
import blackboard.platform.context.ContextManager;
import blackboard.platform.security.DomainAdmin;
import blackboard.platform.security.DomainManagerFactory;
import blackboard.platform.security.Entitlement;
import blackboard.platform.security.EntitlementList;
import blackboard.platform.security.SecurityContext;
import blackboard.platform.security.SystemRole;
import blackboard.platform.security.authentication.HttpAuthConfig;
import blackboard.platform.security.authentication.HttpAuthManager;
import java.io.File;
import java.io.IOException;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.security.cert.Certificate;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:blackboard/platform/security/impl/AccessManagerServiceImpl.class */
public class AccessManagerServiceImpl extends BaseAccessManagerServiceImpl {
    private static final String USER_ROLES = "userRoles";

    @Override // blackboard.platform.security.impl.BaseAccessManagerServiceImpl, blackboard.platform.CorePlatformService
    public void serviceInit(ConfigurationService configurationService) throws InitializationException, BbServiceException {
        super.serviceInit(configurationService);
        doAuthenticationInit(configurationService);
    }

    void doAuthenticationInit(ConfigurationService configurationService) throws InitializationException {
        this._log.logDebug(getClass().getName() + " executing doAuthenticationInit");
        HttpAuthConfig.init(configurationService);
        HttpAuthManager.init(configurationService);
    }

    @Override // blackboard.platform.security.AccessManagerService
    public boolean isUserInSystemRole(Id id, User.SystemRole systemRole) throws PersistenceException {
        return id != null && id.isSet() && systemRole == ((UserDbLoader) BbServiceManager.getPersistenceService().getDbPersistenceManager().getLoader(UserDbLoader.TYPE)).loadById(id).getSystemRole();
    }

    public boolean isUserInSystemRole(User user, User.SystemRole systemRole) {
        return user != null && systemRole == user.getSystemRole();
    }

    @Override // blackboard.platform.security.AccessManagerService
    public boolean isUserInSystemRole(HttpServletRequest httpServletRequest, User.SystemRole systemRole) throws PersistenceException {
        return isUserInSystemRole(httpServletRequest, new User.SystemRole[]{systemRole});
    }

    @Override // blackboard.platform.security.AccessManagerService
    public boolean isUserInSystemRole(HttpServletRequest httpServletRequest, User.SystemRole[] systemRoleArr) throws PersistenceException {
        ContextManager contextManager = null;
        try {
            try {
                contextManager = (ContextManager) BbServiceManager.lookupService(ContextManager.class);
                contextManager.setContext(httpServletRequest);
                Context context = contextManager.getContext();
                if (!context.hasUserContext()) {
                    if (contextManager != null) {
                        contextManager.releaseContext();
                    }
                    return false;
                }
                User user = context.getUser();
                boolean z = false;
                if (user != null) {
                    for (User.SystemRole systemRole : systemRoleArr) {
                        z = z || systemRole == user.getSystemRole();
                    }
                }
                boolean z2 = z;
                if (contextManager != null) {
                    contextManager.releaseContext();
                }
                return z2;
            } catch (Exception e) {
                this._log.logError("Could not determine system role.", e);
                if (contextManager == null) {
                    return false;
                }
                contextManager.releaseContext();
                return false;
            }
        } catch (Throwable th) {
            if (contextManager != null) {
                contextManager.releaseContext();
            }
            throw th;
        }
    }

    @Override // blackboard.platform.security.AccessManagerService
    public boolean isUserInCourseRole(Id id, Id id2, CourseMembership.Role role) throws PersistenceException {
        if (id == null || id2 == null || !id.isSet() || !id2.isSet()) {
            return false;
        }
        try {
            return role == ((CourseMembershipDbLoader) BbServiceManager.getPersistenceService().getDbPersistenceManager().getLoader(CourseMembershipDbLoader.TYPE)).loadByCourseAndUserId(id2, id).getRole();
        } catch (KeyNotFoundException e) {
            return false;
        }
    }

    @Override // blackboard.platform.security.AccessManagerService
    public boolean isUserInCourseRole(HttpServletRequest httpServletRequest, CourseMembership.Role[] roleArr) throws PersistenceException {
        ContextManager contextManager = null;
        try {
            try {
                contextManager = (ContextManager) BbServiceManager.lookupService(ContextManager.class);
                contextManager.setContext(httpServletRequest);
                Context context = contextManager.getContext();
                if (!context.hasUserContext()) {
                    if (contextManager != null) {
                        contextManager.releaseContext();
                    }
                    return false;
                }
                CourseMembership courseMembership = context.getCourseMembership();
                if (courseMembership == null) {
                    if (contextManager != null) {
                        contextManager.releaseContext();
                    }
                    return false;
                }
                boolean z = false;
                for (CourseMembership.Role role : roleArr) {
                    z = z || role == courseMembership.getRole();
                }
                boolean z2 = z;
                if (contextManager != null) {
                    contextManager.releaseContext();
                }
                return z2;
            } catch (Exception e) {
                e.printStackTrace();
                if (contextManager == null) {
                    return false;
                }
                contextManager.releaseContext();
                return false;
            }
        } catch (Throwable th) {
            if (contextManager != null) {
                contextManager.releaseContext();
            }
            throw th;
        }
    }

    @Override // blackboard.platform.security.AccessManagerService
    public boolean isUserInCourseRole(HttpServletRequest httpServletRequest, CourseMembership.Role role) throws PersistenceException {
        return isUserInCourseRole(httpServletRequest, new CourseMembership.Role[]{role});
    }

    @Override // blackboard.platform.security.AccessManagerService
    public void sendLoginRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            HttpAuthManager.sendLoginRedirect(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    @Override // blackboard.platform.security.AccessManagerService
    public void sendAccessDeniedRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            HttpAuthManager.sendAccessDeniedRedirect(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    @Override // blackboard.platform.security.AccessManagerService
    public boolean userHasEntitlement(Entitlement entitlement) {
        return BbServiceManager.getContextManager().getContext().getEntitlements().has(entitlement);
    }

    @Override // blackboard.platform.security.AccessManagerService
    public boolean userHasEntitlement(String str) {
        return userHasEntitlement(new Entitlement(str));
    }

    @Override // blackboard.platform.security.AccessManagerService
    public boolean userHasEntitlement(Entitlement entitlement, Identifiable identifiable) {
        boolean z = false;
        try {
            Context context = BbServiceManager.getContextManager().getContext();
            Iterator<SystemRole> it = DomainManagerFactory.getInstance().getEffectiveRoles(getDomainAdmins(context), identifiable).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (it.next().getEntitlements().has(entitlement)) {
                    z = true;
                    break;
                }
            }
            if (!z && (identifiable instanceof Course)) {
                if (getCourseRole(((Course) identifiable).getId(), context.getUserId()).getEntitlements().has(entitlement)) {
                    z = true;
                }
            }
            return z;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // blackboard.platform.security.AccessManagerService
    public boolean userHasAnyEntitlements(String[] strArr) {
        try {
            return BbServiceManager.getContextManager().getContext().getEntitlements().hasAny(new EntitlementList(strArr));
        } catch (Exception e) {
            return false;
        }
    }

    @Override // blackboard.platform.security.AccessManagerService
    public boolean userHasAllEntitlements(String[] strArr) {
        try {
            return BbServiceManager.getContextManager().getContext().getEntitlements().hasAll(new EntitlementList(strArr));
        } catch (Exception e) {
            return false;
        }
    }

    @Override // blackboard.platform.security.AccessManagerService
    public boolean userHasEntitlementInContext(String str, Id id) {
        boolean z = false;
        Context context = BbServiceManager.getContextManager().getContext();
        Entitlement entitlement = new Entitlement(str);
        for (SecurityContext securityContext : context.getSecurityContexts()) {
            if (securityContext.getContextId().equals(id)) {
                z = securityContext.getEntitlements().has(entitlement);
                if (z) {
                    break;
                }
            }
        }
        if (!z) {
            z = domainRolesHaveEntitlement(context.getUser(), entitlement);
        }
        return z;
    }

    @Override // blackboard.platform.security.AccessManagerService
    public boolean userHasEntitlementInContext(Entitlement entitlement, Id id) {
        return userHasEntitlementInContext(entitlement.getEntitlementUid(), id);
    }

    @Override // blackboard.platform.security.AccessManagerService
    public void registerCodeSource(File file, PermissionCollection permissionCollection) {
        if (this._policy != null) {
            try {
                this._policy.addCodeSource(new CodeSource(new File(file, Outcome.UNSET_GRADE).toURL(), (Certificate[]) null), permissionCollection);
            } catch (IOException e) {
                this._log.logError(this._bundle.getString("code.source.register.failure"));
            }
        }
    }

    private boolean userHasEntitlement(Id id, Id id2, Entitlement entitlement) {
        CourseMembership.Role courseRole;
        boolean z;
        boolean z2 = false;
        if (id == null || !id.isSet() || entitlement == null) {
            return false;
        }
        if (null != id2) {
            try {
                if (id2.isSet() && null != (courseRole = getCourseRole(id2, id))) {
                    z2 = courseRole.getEntitlements().has(entitlement);
                }
            } catch (Exception e) {
                z2 = false;
            }
        }
        if (!z2) {
            try {
                User user = getUser(id);
                if (user == null) {
                    return false;
                }
                z2 = domainRolesHaveEntitlement(user, entitlement);
                if (user.getSystemRole() == User.SystemRole.OBSERVER) {
                    if (z2) {
                        if (observedUserHasEntitlement(user.getId(), entitlement)) {
                            z = true;
                            z2 = z;
                        }
                    }
                    z = false;
                    z2 = z;
                }
            } catch (Exception e2) {
                z2 = false;
            }
        }
        return z2;
    }

    @Override // blackboard.platform.security.AccessManagerService
    public boolean userHasEntitlement(User user, CourseMembership courseMembership, Entitlement entitlement) {
        boolean z = false;
        if (user == null || !user.getId().isSet() || null == entitlement) {
            return false;
        }
        if (courseMembership != null) {
            z = courseMembership.getRole().getEntitlements().has(entitlement);
        }
        if (!z) {
            z = domainRolesHaveEntitlement(user, entitlement);
        }
        if (user.getSystemRole() == User.SystemRole.OBSERVER) {
            z = z && observedUserHasEntitlement(user.getId(), entitlement);
        }
        return z;
    }

    private boolean domainRolesHaveEntitlement(User user, Entitlement entitlement) {
        boolean z = false;
        try {
            Iterator<SystemRole> it = DomainManagerFactory.getInstance().getDefaultDomainRolesForUser(user.getUserName()).iterator();
            while (it.hasNext()) {
                z = it.next().getEntitlements().has(entitlement);
            }
        } catch (PersistenceException e) {
        }
        return z;
    }

    private boolean observedUserHasEntitlement(Id id, Entitlement entitlement) {
        try {
            boolean z = false;
            Iterator it = UserDbLoader.Default.getInstance().loadObservedByObserverId(id).iterator();
            User user = null;
            boolean z2 = false;
            BbList bbList = null;
            while (!z2 && it.hasNext()) {
                user = (User) it.next();
                bbList = CourseMembershipDbLoader.Default.getInstance().loadByUserId(user.getId());
                z2 = (null == bbList || bbList.isEmpty()) ? false : true;
            }
            if (z2) {
                Iterator it2 = bbList.iterator();
                while (!z) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    z = userHasEntitlement(user.getId(), ((CourseMembership) it2.next()).getCourseId(), entitlement);
                }
            }
            return z;
        } catch (KeyNotFoundException e) {
            return false;
        } catch (PersistenceException e2) {
            return false;
        }
    }

    private List<DomainAdmin> getDomainAdmins(Context context) throws PersistenceException {
        List<DomainAdmin> list = (List) context.getAttribute(USER_ROLES);
        if (null == list) {
            list = getDomainAdmins(context.getUser());
            context.setAttribute(USER_ROLES, list);
        }
        return list;
    }

    private List<DomainAdmin> getDomainAdmins(User user) throws PersistenceException {
        return DomainManagerFactory.getInstance().getUserDomainAdmins(user.getId());
    }

    private CourseMembership.Role getCourseRole(Id id, Id id2) {
        CourseMembership.Role role = null;
        try {
            CourseMembership courseMembership = BbServiceManager.getContextManager().getContext().getCourseMembership();
            if (null == courseMembership || (!id.equals(courseMembership.getCourseId()) && !id2.equals(courseMembership.getUserId()))) {
                courseMembership = CourseMembershipDbLoader.Default.getInstance().loadByCourseAndUserId(id, id2);
            }
            role = courseMembership.getRole();
        } catch (Exception e) {
        }
        return role;
    }

    private User getUser(Id id) {
        User user = null;
        try {
            user = BbServiceManager.getContextManager().getContext().getUser();
            if (null == user || !user.getId().equals(id)) {
                user = UserDbLoader.Default.getInstance().loadById(id);
            }
        } catch (Exception e) {
        }
        return user;
    }
}
