package com.atlassian.jira.issue.security;

import com.atlassian.cache.Cache;
import com.atlassian.cache.CacheLoader;
import com.atlassian.cache.CacheManager;
import com.atlassian.cache.CacheSettingsBuilder;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.event.api.EventListener;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.association.NodeAssocationType;
import com.atlassian.jira.association.NodeAssociationStore;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.config.properties.ApplicationProperties;
import com.atlassian.jira.config.properties.PropertiesUtil;
import com.atlassian.jira.entity.Entity;
import com.atlassian.jira.entity.EntityUtils;
import com.atlassian.jira.entity.Select;
import com.atlassian.jira.event.ClearCacheEvent;
import com.atlassian.jira.event.issue.security.IssueSecurityLevelAddedEvent;
import com.atlassian.jira.event.issue.security.IssueSecurityLevelDeletedEvent;
import com.atlassian.jira.event.issue.security.IssueSecuritySchemeAddedToProjectEvent;
import com.atlassian.jira.event.issue.security.IssueSecuritySchemeCopiedEvent;
import com.atlassian.jira.event.issue.security.IssueSecuritySchemeCreatedEvent;
import com.atlassian.jira.event.issue.security.IssueSecuritySchemeDeletedEvent;
import com.atlassian.jira.event.issue.security.IssueSecuritySchemeRemovedFromProjectEvent;
import com.atlassian.jira.event.issue.security.IssueSecuritySchemeUpdatedEvent;
import com.atlassian.jira.event.scheme.AbstractSchemeAddedToProjectEvent;
import com.atlassian.jira.event.scheme.AbstractSchemeCopiedEvent;
import com.atlassian.jira.event.scheme.AbstractSchemeEvent;
import com.atlassian.jira.event.scheme.AbstractSchemeRemovedFromProjectEvent;
import com.atlassian.jira.event.scheme.AbstractSchemeUpdatedEvent;
import com.atlassian.jira.exception.DataAccessException;
import com.atlassian.jira.exception.RemoveException;
import com.atlassian.jira.extension.Startable;
import com.atlassian.jira.imports.project.handler.ProjectIssueSecurityLevelMapperHandler;
import com.atlassian.jira.ofbiz.FieldMap;
import com.atlassian.jira.ofbiz.OfBizDelegator;
import com.atlassian.jira.permission.PermissionContextFactory;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.project.ProjectManager;
import com.atlassian.jira.scheme.AbstractSchemeManager;
import com.atlassian.jira.scheme.Scheme;
import com.atlassian.jira.scheme.SchemeEntity;
import com.atlassian.jira.scheme.SchemeFactory;
import com.atlassian.jira.security.SecurityTypeManager;
import com.atlassian.jira.security.groups.GroupManager;
import com.atlassian.jira.security.type.SecurityType;
import com.atlassian.jira.util.NameComparator;
import com.atlassian.jira.util.dbc.Assertions;
import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.log4j.Logger;
import org.ofbiz.core.entity.EntityExpr;
import org.ofbiz.core.entity.EntityOperator;
import org.ofbiz.core.entity.GenericEntityException;
import org.ofbiz.core.entity.GenericValue;

/* loaded from: input_file:com/atlassian/jira/issue/security/IssueSecuritySchemeManagerImpl.class */
public class IssueSecuritySchemeManagerImpl extends AbstractSchemeManager implements IssueSecuritySchemeManager, Startable {
    private static final String SCHEME_ENTITY_NAME = "IssueSecurityScheme";
    private static final String ISSUE_SECURITY_ENTITY_NAME = "SchemeIssueSecurities";
    private static final String SCHEME_DESC = "Issue Security";
    private static final String DEFAULT_NAME_KEY = "admin.schemes.security.default";
    private static final String DEFAULT_DESC_KEY = "admin.schemes.security.default.desc";
    private static final int DEFAULT_JIRA_SECURITY_LEVEL_PERMISSIONS_CACHE_MAX_SIZE = 256;
    private final Cache<CacheKey, List<GenericValue>> schemeIdToSecuritiesCache;
    private final Cache<Long, List<IssueSecurityLevelPermission>> securityLevelToPermissionsCache;
    private final ProjectManager projectManager;
    final OfBizDelegator ofBizDelegator;
    private final NodeAssociationStore nodeAssociationStore;
    private static final Logger log = Logger.getLogger(IssueSecuritySchemeManagerImpl.class);
    private static final NodeAssocationType ISSUE_SECURITY_SCHEME_ASSOCIATION = new NodeAssocationType("ProjectScheme", "Project", "IssueSecurityScheme");

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/jira/issue/security/IssueSecuritySchemeManagerImpl$CacheKey.class */
    public static class CacheKey implements Serializable {
        final Long id;

        CacheKey(Long l) {
            this.id = l;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            CacheKey cacheKey = (CacheKey) obj;
            return this.id == null ? cacheKey.id == null : this.id.equals(cacheKey.id);
        }

        public int hashCode() {
            if (this.id != null) {
                return this.id.hashCode();
            }
            return 0;
        }
    }

    /* loaded from: input_file:com/atlassian/jira/issue/security/IssueSecuritySchemeManagerImpl$PermissionBySecurityLevelCacheLoader.class */
    private final class PermissionBySecurityLevelCacheLoader implements CacheLoader<Long, List<IssueSecurityLevelPermission>> {
        private PermissionBySecurityLevelCacheLoader() {
        }

        public List<IssueSecurityLevelPermission> load(@Nullable Long l) {
            return Select.from(Entity.ISSUE_SECURITY_LEVEL_PERMISSION).whereEqual("security", l).runWith(IssueSecuritySchemeManagerImpl.this.ofBizDelegator).asList();
        }
    }

    /* loaded from: input_file:com/atlassian/jira/issue/security/IssueSecuritySchemeManagerImpl$SecuritiesByFieldCacheLoader.class */
    class SecuritiesByFieldCacheLoader implements CacheLoader<CacheKey, List<GenericValue>> {
        private final String key;

        SecuritiesByFieldCacheLoader(String str) {
            this.key = (String) Assertions.notNull("key", str);
        }

        public List<GenericValue> load(CacheKey cacheKey) {
            List<GenericValue> findByAnd = IssueSecuritySchemeManagerImpl.this.ofBizDelegator.findByAnd(IssueSecuritySchemeManagerImpl.this.getEntityName(), FieldMap.build(this.key, cacheKey.id));
            return findByAnd != null ? findByAnd : Collections.emptyList();
        }
    }

    public IssueSecuritySchemeManagerImpl(ProjectManager projectManager, SecurityTypeManager securityTypeManager, PermissionContextFactory permissionContextFactory, SchemeFactory schemeFactory, EventPublisher eventPublisher, OfBizDelegator ofBizDelegator, GroupManager groupManager, NodeAssociationStore nodeAssociationStore, CacheManager cacheManager, ApplicationProperties applicationProperties) {
        super(projectManager, securityTypeManager, permissionContextFactory, schemeFactory, nodeAssociationStore, ofBizDelegator, groupManager, eventPublisher, cacheManager);
        this.projectManager = projectManager;
        this.nodeAssociationStore = nodeAssociationStore;
        this.ofBizDelegator = ofBizDelegator;
        this.schemeIdToSecuritiesCache = cacheManager.getCache(IssueSecuritySchemeManagerImpl.class.getName() + ".schemeIdToSecuritiesCache", new SecuritiesByFieldCacheLoader("scheme"), new CacheSettingsBuilder().maxEntries(64).build());
        this.securityLevelToPermissionsCache = cacheManager.getCache(IssueSecuritySchemeManagerImpl.class.getName() + "securityLevelToPermissionsCache", new PermissionBySecurityLevelCacheLoader(), new CacheSettingsBuilder().expireAfterAccess(30L, TimeUnit.MINUTES).maxEntries(PropertiesUtil.getIntProperty(applicationProperties, "jira.security.level.permission.cache.max.size", DEFAULT_JIRA_SECURITY_LEVEL_PERMISSIONS_CACHE_MAX_SIZE)).build());
    }

    public void start() throws Exception {
        this.eventPublisher.register(this);
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    @EventListener
    public void onClearCache(ClearCacheEvent clearCacheEvent) {
        super.onClearCache(clearCacheEvent);
        clearCache();
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    public String getSchemeEntityName() {
        return "IssueSecurityScheme";
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    public String getEntityName() {
        return "SchemeIssueSecurities";
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    public String getSchemeDesc() {
        return SCHEME_DESC;
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    public String getDefaultNameKey() {
        return DEFAULT_NAME_KEY;
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    public String getDefaultDescriptionKey() {
        return DEFAULT_DESC_KEY;
    }

    private void clearCache() {
        if (log.isDebugEnabled()) {
            log.debug("Clearing issue security scheme cache, had " + this.schemeIdToSecuritiesCache.getKeys().size() + " scheme(s) and " + this.securityLevelToPermissionsCache.getKeys().size() + " security level(s)");
        }
        this.schemeIdToSecuritiesCache.removeAll();
        this.securityLevelToPermissionsCache.removeAll();
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    public List<GenericValue> getEntities(GenericValue genericValue) {
        return (List) this.schemeIdToSecuritiesCache.get(new CacheKey(genericValue.getLong("id")));
    }

    public List<GenericValue> getEntities(GenericValue genericValue, Long l) throws GenericEntityException {
        List<GenericValue> entitiesBySecurityLevel = getEntitiesBySecurityLevel(l);
        return (entitiesBySecurityLevel.isEmpty() || genericValue.getLong("id").equals(entitiesBySecurityLevel.get(0).getLong("scheme"))) ? entitiesBySecurityLevel : Collections.emptyList();
    }

    public IssueSecurityLevelScheme getIssueSecurityLevelScheme(Long l) {
        return (IssueSecurityLevelScheme) Select.from(Entity.ISSUE_SECURITY_LEVEL_SCHEME).whereEqual("id", l).runWith(this.ofBizDelegator).singleValue();
    }

    public List<GenericValue> getEntitiesBySecurityLevel(Long l) {
        return EntityUtils.convertToGenericValues(Entity.ISSUE_SECURITY_LEVEL_PERMISSION, getPermissionsBySecurityLevel(l));
    }

    public List<IssueSecurityLevelPermission> getPermissionsBySecurityLevel(Long l) {
        return (List) this.securityLevelToPermissionsCache.get(l);
    }

    public Collection<GenericValue> getSchemesContainingEntity(String str, String str2) {
        List findByAnd = this.ofBizDelegator.findByAnd("SchemeIssueSecurities", FieldMap.build("type", str, "parameter", str2));
        if (findByAnd.isEmpty()) {
            return Collections.emptyList();
        }
        HashSet hashSet = new HashSet();
        Iterator it = findByAnd.iterator();
        while (it.hasNext()) {
            hashSet.add(((GenericValue) it.next()).getLong("scheme"));
        }
        return getSchemesByIds(hashSet);
    }

    public void setSchemeForProject(Project project, Long l) {
        this.nodeAssociationStore.removeAssociationsFromSource(ISSUE_SECURITY_SCHEME_ASSOCIATION, project.getId());
        if (l != null) {
            this.nodeAssociationStore.createAssociation(ISSUE_SECURITY_SCHEME_ASSOCIATION, project.getId(), l);
        }
        flushProjectSchemes();
    }

    public List<Project> getProjectsUsingScheme(long j) {
        List<Long> sourceIdsFromSink = this.nodeAssociationStore.getSourceIdsFromSink(ISSUE_SECURITY_SCHEME_ASSOCIATION, Long.valueOf(j));
        ArrayList arrayList = new ArrayList();
        Iterator<Long> it = sourceIdsFromSink.iterator();
        while (it.hasNext()) {
            arrayList.add(this.projectManager.getProjectObj(it.next()));
        }
        Collections.sort(arrayList, NameComparator.COMPARATOR);
        return arrayList;
    }

    private Collection<GenericValue> getSchemesByIds(Set<Long> set) {
        ArrayList arrayList = new ArrayList(set.size());
        Iterator<Long> it = set.iterator();
        while (it.hasNext()) {
            arrayList.add(new EntityExpr("id", EntityOperator.EQUALS, it.next()));
        }
        return arrayList.isEmpty() ? Collections.emptyList() : this.ofBizDelegator.findByOr("IssueSecurityScheme", arrayList, Collections.emptyList());
    }

    public List<GenericValue> getEntities(GenericValue genericValue, Long l, String str) throws GenericEntityException {
        List<GenericValue> entities = getEntities(genericValue, l);
        return entities.isEmpty() ? entities : filter(entities, withField("parameter", str));
    }

    public List<GenericValue> getEntities(GenericValue genericValue, String str) throws GenericEntityException {
        throw new IllegalArgumentException("Issue Security scheme IDs must be Long values.");
    }

    public List<GenericValue> getEntities(GenericValue genericValue, String str, Long l) throws GenericEntityException {
        List<GenericValue> entities = getEntities(genericValue, l);
        return entities.isEmpty() ? entities : filter(entities, withField("type", str));
    }

    public GenericValue createSchemeEntity(GenericValue genericValue, SchemeEntity schemeEntity) throws GenericEntityException {
        GenericValue createSchemeEntityNoEvent = createSchemeEntityNoEvent(genericValue, schemeEntity);
        this.eventPublisher.publish(new IssueSecurityLevelAddedEvent(genericValue == null ? null : genericValue.getLong("id"), schemeEntity));
        return createSchemeEntityNoEvent;
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    protected GenericValue createSchemeEntityNoEvent(GenericValue genericValue, SchemeEntity schemeEntity) throws GenericEntityException {
        Long l;
        if (!(schemeEntity.getEntityTypeId() instanceof Long)) {
            throw new IllegalArgumentException("Issue Security Level IDs must be a long value.");
        }
        if (genericValue == null) {
            l = null;
        } else {
            try {
                l = genericValue.getLong("id");
            } catch (Throwable th) {
                clearCache();
                throw th;
            }
        }
        GenericValue createValue = EntityUtils.createValue("SchemeIssueSecurities", FieldMap.build("scheme", l, "security", schemeEntity.getEntityTypeId(), "type", schemeEntity.getType(), "parameter", schemeEntity.getParameter()));
        clearCache();
        return createValue;
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    public GenericValue copyScheme(GenericValue genericValue) throws GenericEntityException {
        if (genericValue == null) {
            return null;
        }
        try {
            GenericValue createSchemeNoEvent = createSchemeNoEvent(getNameForCopy(genericValue.getString("name"), null), genericValue.getString("description"));
            copySecurityLevels(createSchemeNoEvent, genericValue);
            this.eventPublisher.publish(createSchemeCopiedEvent(this.schemeFactory.getScheme(genericValue), this.schemeFactory.getScheme(createSchemeNoEvent)));
            clearCache();
            return createSchemeNoEvent;
        } catch (Throwable th) {
            clearCache();
            throw th;
        }
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    @Nonnull
    protected AbstractSchemeCopiedEvent createSchemeCopiedEvent(@Nonnull Scheme scheme, @Nonnull Scheme scheme2) {
        return new IssueSecuritySchemeCopiedEvent(scheme, scheme2);
    }

    private void copySecurityLevels(GenericValue genericValue, GenericValue genericValue2) throws GenericEntityException {
        for (GenericValue genericValue3 : this.ofBizDelegator.findByAnd(ProjectIssueSecurityLevelMapperHandler.SCHEME_ISSUE_SECURITY_LEVELS_ENTITY_NAME, FieldMap.build("scheme", genericValue2.getLong("id")))) {
            IssueSecurityLevel createIssueSecurityLevel = ComponentAccessor.getIssueSecurityLevelManager().createIssueSecurityLevel(genericValue.getLong("id").longValue(), genericValue3.getString("name"), genericValue3.getString("description"));
            if (genericValue3.getLong("id").equals(genericValue2.getLong("defaultlevel"))) {
                genericValue.set("defaultlevel", createIssueSecurityLevel.getId());
                genericValue.store();
            }
            for (GenericValue genericValue4 : this.ofBizDelegator.findByAnd(getEntityName(), FieldMap.build("scheme", genericValue2.getLong("id"), "security", genericValue3.getLong("id")))) {
                createSchemeEntity(genericValue, new SchemeEntity(genericValue4.getString("type"), genericValue4.getString("parameter"), createIssueSecurityLevel.getId()));
            }
        }
    }

    public boolean hasSchemeAuthority(Long l, GenericValue genericValue) {
        return hasPermission(l, genericValue, (User) null);
    }

    public boolean hasSchemeAuthority(Long l, GenericValue genericValue, User user, boolean z) {
        if (user == null) {
            throw new IllegalArgumentException("User passed must NOT be null");
        }
        return hasPermission(l, genericValue, user);
    }

    private boolean hasPermission(Long l, GenericValue genericValue, User user) {
        if (l == null) {
            return true;
        }
        if (genericValue == null) {
            throw new IllegalArgumentException("GenericValue passed must NOT be null");
        }
        if (!"Issue".equals(genericValue.getEntityName())) {
            throw new IllegalArgumentException("GenericValue passed must be an Issue and not " + genericValue.getEntityName());
        }
        try {
            for (GenericValue genericValue2 : getSchemes(this.projectManager.getProject(genericValue))) {
                if (genericValue2 != null) {
                    return hasPermission(genericValue, user, getEntities(genericValue2, l));
                }
            }
            return false;
        } catch (GenericEntityException e) {
            log.error("Could not retrieve entites from the database", e);
            return false;
        }
    }

    private boolean hasPermission(GenericValue genericValue, User user, List<GenericValue> list) {
        if (list.isEmpty()) {
            return false;
        }
        for (SecurityType securityType : this.securityTypeManager.getTypes().values()) {
            for (GenericValue genericValue2 : filter(list, withField("type", securityType.getType()))) {
                if (genericValue2 != null && hasPermission(genericValue, user, securityType, genericValue2)) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean hasPermission(GenericValue genericValue, User user, SecurityType securityType, GenericValue genericValue2) {
        return user == null ? securityType.hasPermission(genericValue, genericValue2.getString("parameter")) : securityType.hasPermission(genericValue, genericValue2.getString("parameter"), user, false);
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    protected AbstractSchemeUpdatedEvent createSchemeUpdatedEvent(Scheme scheme, Scheme scheme2) {
        return new IssueSecuritySchemeUpdatedEvent(scheme, scheme2);
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    public void deleteScheme(Long l) throws GenericEntityException {
        try {
            GenericValue scheme = getScheme(l);
            this.nodeAssociationStore.removeAssociationsFromSink(scheme);
            scheme.removeRelated("Child" + getEntityName());
            scheme.removeRelated("ChildSchemeIssueSecurityLevels");
            scheme.remove();
            this.eventPublisher.publish(new IssueSecuritySchemeDeletedEvent(l));
            clearCache();
        } catch (Throwable th) {
            clearCache();
            throw th;
        }
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    public void deleteEntity(Long l) throws DataAccessException {
        try {
            super.deleteEntity(l);
            this.eventPublisher.publish(new IssueSecurityLevelDeletedEvent(l));
            clearCache();
        } catch (Throwable th) {
            clearCache();
            throw th;
        }
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    protected SchemeEntity makeSchemeEntity(GenericValue genericValue) {
        return new SchemeEntity(genericValue.getString("type"), genericValue.getString("parameter"), genericValue.getLong("security"));
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    protected Object createSchemeEntityDeletedEvent(GenericValue genericValue) {
        return null;
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    public boolean removeEntities(GenericValue genericValue, Long l) throws RemoveException {
        try {
            boolean removeEntities = super.removeEntities(genericValue, l);
            clearCache();
            return removeEntities;
        } catch (Throwable th) {
            clearCache();
            throw th;
        }
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    public GenericValue createScheme(String str, String str2) throws GenericEntityException {
        try {
            GenericValue createScheme = super.createScheme(str, str2);
            clearCache();
            return createScheme;
        } catch (Throwable th) {
            clearCache();
            throw th;
        }
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    protected AbstractSchemeEvent createSchemeCreatedEvent(Scheme scheme) {
        return new IssueSecuritySchemeCreatedEvent(scheme);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    public void flushProjectSchemes() {
        try {
            super.flushProjectSchemes();
            clearCache();
        } catch (Throwable th) {
            clearCache();
            throw th;
        }
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    public boolean removeEntities(String str, String str2) throws RemoveException {
        try {
            boolean removeEntities = super.removeEntities(str, str2);
            clearCache();
            return removeEntities;
        } catch (Throwable th) {
            clearCache();
            throw th;
        }
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    protected AbstractSchemeAddedToProjectEvent createSchemeAddedToProjectEvent(Scheme scheme, Project project) {
        return new IssueSecuritySchemeAddedToProjectEvent(scheme, project);
    }

    @Override // com.atlassian.jira.scheme.AbstractSchemeManager
    protected AbstractSchemeRemovedFromProjectEvent createSchemeRemovedFromProjectEvent(Scheme scheme, Project project) {
        return new IssueSecuritySchemeRemovedFromProjectEvent(scheme, project);
    }

    private static List<GenericValue> filter(List<GenericValue> list, Predicate<GenericValue> predicate) {
        return ImmutableList.copyOf(Iterables.filter(list, predicate));
    }

    private static Predicate<GenericValue> withField(final String str, final String str2) {
        return str2 == null ? new Predicate<GenericValue>() { // from class: com.atlassian.jira.issue.security.IssueSecuritySchemeManagerImpl.1
            public boolean apply(GenericValue genericValue) {
                return genericValue.getString(str) == null;
            }
        } : new Predicate<GenericValue>() { // from class: com.atlassian.jira.issue.security.IssueSecuritySchemeManagerImpl.2
            public boolean apply(GenericValue genericValue) {
                return str2.equals(genericValue.getString(str));
            }
        };
    }
}
