package net.lukemurphey.nsia.trustBoundary;

import java.sql.SQLException;
import java.util.regex.Pattern;
import net.lukemurphey.nsia.AccessControl;
import net.lukemurphey.nsia.AccessControlDescriptor;
import net.lukemurphey.nsia.Application;
import net.lukemurphey.nsia.GeneralizedException;
import net.lukemurphey.nsia.GroupManagement;
import net.lukemurphey.nsia.InputValidationException;
import net.lukemurphey.nsia.InsufficientPermissionException;
import net.lukemurphey.nsia.NoDatabaseConnectionException;
import net.lukemurphey.nsia.NoSessionException;
import net.lukemurphey.nsia.NotFoundException;
import net.lukemurphey.nsia.ObjectPermissionDescriptor;
import net.lukemurphey.nsia.RightDescriptor;
import net.lukemurphey.nsia.SessionManagement;
import net.lukemurphey.nsia.SessionStatus;
import net.lukemurphey.nsia.SiteGroupManagement;
import net.lukemurphey.nsia.UserManagement;
import net.lukemurphey.nsia.eventlog.EventLogField;
import net.lukemurphey.nsia.eventlog.EventLogMessage;
import net.lukemurphey.nsia.scan.ScanData;

/* loaded from: input_file:net/lukemurphey/nsia/trustBoundary/ApiHandler.class */
public abstract class ApiHandler {
    protected Application appRes;
    protected SessionManagement sessionManagement;
    protected UserManagement userManagement;
    protected GroupManagement groupManagement;
    protected AccessControl accessControl;
    protected SiteGroupManagement siteGroupManagement;
    protected ScanData scanData;
    protected static final boolean DEFAULT_DENY = true;

    public ApiHandler(Application application) {
        if (application == null) {
            throw new IllegalArgumentException("The application resources cannot be null");
        }
        this.appRes = application;
        this.sessionManagement = new SessionManagement(application);
        this.userManagement = new UserManagement(application);
        this.groupManagement = new GroupManagement(application);
        this.accessControl = new AccessControl(application);
        this.siteGroupManagement = new SiteGroupManagement(application);
        this.scanData = new ScanData(application);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkSession(String str) throws NoSessionException, GeneralizedException {
        try {
            SessionManagement.SessionInfo sessionInfo = this.sessionManagement.getSessionInfo(str);
            if (sessionInfo == null) {
                throw new NoSessionException(SessionStatus.SESSION_NULL);
            }
            SessionStatus sessionStatus = sessionInfo.getSessionStatus();
            if (sessionStatus != SessionStatus.SESSION_ACTIVE) {
                throw new NoSessionException(sessionStatus);
            }
        } catch (SQLException e) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.SQL_EXCEPTION, e);
            throw new GeneralizedException();
        } catch (InputValidationException e2) {
            this.appRes.logEvent(EventLogMessage.EventType.SESSION_ID_ILLEGAL, new EventLogField(EventLogField.FieldName.SESSION_ID, str));
            throw new GeneralizedException();
        } catch (NoDatabaseConnectionException e3) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.INTERNAL_ERROR, e3);
            throw new GeneralizedException();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkRight(String str, String str2) throws InsufficientPermissionException, GeneralizedException, NoSessionException {
        return checkRight(str, str2, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkRight(String str, String str2, String str3) throws InsufficientPermissionException, GeneralizedException, NoSessionException {
        RightDescriptor rightDescriptor;
        try {
            SessionManagement.SessionInfo sessionInfo = this.sessionManagement.getSessionInfo(str);
            if (sessionInfo.getSessionStatus() != SessionStatus.SESSION_ACTIVE) {
                throw new NoSessionException(sessionInfo.getSessionStatus());
            }
            try {
                rightDescriptor = this.accessControl.getUserRight(sessionInfo.getUserId(), str2, true);
            } catch (NotFoundException e) {
                rightDescriptor = null;
            }
            UserManagement.UserDescriptor userDescriptor = this.userManagement.getUserDescriptor(sessionInfo.getUserId());
            String str4 = null;
            if (userDescriptor != null) {
                str4 = userDescriptor.getUserName();
            }
            EventLogField[] eventLogFieldArr = str3 != null ? new EventLogField[]{new EventLogField(EventLogField.FieldName.MESSAGE, str3), new EventLogField(EventLogField.FieldName.RIGHT, str2), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str4), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId())} : new EventLogField[]{new EventLogField(EventLogField.FieldName.RIGHT, str2), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str4), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId())};
            if (userDescriptor.isUnrestricted()) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_PERMIT, eventLogFieldArr);
                return true;
            }
            if (rightDescriptor == null) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY_DEFAULT, eventLogFieldArr);
                throw new InsufficientPermissionException();
            }
            if (rightDescriptor.getRight() == AccessControlDescriptor.Action.PERMIT) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_PERMIT, eventLogFieldArr);
                return true;
            }
            if (rightDescriptor.getRight() == AccessControlDescriptor.Action.DENY) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY, eventLogFieldArr);
                throw new InsufficientPermissionException();
            }
            this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY_DEFAULT, eventLogFieldArr);
            throw new InsufficientPermissionException();
        } catch (SQLException e2) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.SQL_EXCEPTION, e2);
            throw new GeneralizedException();
        } catch (InputValidationException e3) {
            this.appRes.logEvent(EventLogMessage.EventType.SESSION_ID_ILLEGAL, new EventLogField(EventLogField.FieldName.SESSION_ID, str));
            throw new GeneralizedException();
        } catch (NoDatabaseConnectionException e4) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.INTERNAL_ERROR, e4);
            throw new GeneralizedException();
        } catch (NotFoundException e5) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.INTERNAL_ERROR, e5);
            throw new GeneralizedException();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserManagement.UserDescriptor getUserInfo(String str) throws GeneralizedException, NoSessionException {
        try {
            try {
                return this.userManagement.getUserDescriptor(this.sessionManagement.getSessionInfo(str).getUserId());
            } catch (SQLException e) {
                this.appRes.logExceptionEvent(EventLogMessage.EventType.SQL_EXCEPTION, e);
                throw new GeneralizedException();
            } catch (NoDatabaseConnectionException e2) {
                this.appRes.logExceptionEvent(EventLogMessage.EventType.INTERNAL_ERROR, e2);
                throw new GeneralizedException();
            } catch (NotFoundException e3) {
                throw new NoSessionException(SessionStatus.SESSION_NULL);
            }
        } catch (SQLException e4) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.SQL_EXCEPTION, e4);
            throw new GeneralizedException();
        } catch (InputValidationException e5) {
            this.appRes.logEvent(EventLogMessage.EventType.SESSION_ID_ILLEGAL, new EventLogField(EventLogField.FieldName.SESSION_ID, str));
            throw new GeneralizedException();
        } catch (NoDatabaseConnectionException e6) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.INTERNAL_ERROR, e6);
            throw new GeneralizedException();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkUserName(String str, long j, String str2) throws InputValidationException {
        if (str2 == null) {
            this.appRes.logEvent(EventLogMessage.EventType.USER_NAME_NULL, new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, j));
            throw new InputValidationException("Username cannot be null", "username", "null");
        }
        if (str2.length() == 0) {
            this.appRes.logEvent(EventLogMessage.EventType.USER_NAME_EMPTY, new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, j));
            throw new InputValidationException("Username cannot contain 0 characters", "username", str2);
        }
        if (Pattern.compile(UserManagement.USERNAME_REGEX).matcher(str2).matches()) {
            return;
        }
        this.appRes.logEvent(EventLogMessage.EventType.USER_NAME_ILLEGAL, new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, j), new EventLogField(EventLogField.FieldName.TARGET_USER_NAME, j));
        throw new InputValidationException("Username contains invalid characters", "username", str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkGroupName(String str, long j, String str2) throws InputValidationException {
        if (str2 == null) {
            this.appRes.logEvent(EventLogMessage.EventType.GROUP_NAME_NULL, new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, j));
            throw new InputValidationException("Group name cannot be null", "groupname", "null");
        }
        if (str2.length() == 0) {
            this.appRes.logEvent(EventLogMessage.EventType.GROUP_NAME_EMPTY, new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, j));
            throw new InputValidationException("Group name cannot contain 0 characters", "groupname", str2);
        }
        if (Pattern.compile(GroupManagement.GROUP_NAME_REGEX).matcher(str2).matches()) {
            return;
        }
        this.appRes.logEvent(EventLogMessage.EventType.GROUP_NAME_ILLEGAL, new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, j), new EventLogField(EventLogField.FieldName.GROUP_NAME, str2));
        throw new InputValidationException("Group name contains invalid characters", "groupname", str2);
    }

    protected boolean checkCreate(String str, long j) throws InsufficientPermissionException, GeneralizedException, NoSessionException {
        return checkCreate(str, j, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkCreate(String str, long j, String str2) throws InsufficientPermissionException, GeneralizedException, NoSessionException {
        try {
            SessionManagement.SessionInfo sessionInfo = this.sessionManagement.getSessionInfo(str);
            if (sessionInfo.getSessionStatus() != SessionStatus.SESSION_ACTIVE) {
                throw new NoSessionException(sessionInfo.getSessionStatus());
            }
            ObjectPermissionDescriptor userPermissions = this.accessControl.getUserPermissions(sessionInfo.getUserId(), j, true);
            long userId = sessionInfo.getUserId();
            UserManagement.UserDescriptor userDescriptor = this.userManagement.getUserDescriptor(sessionInfo.getUserId());
            String str3 = null;
            if (userDescriptor != null) {
                str3 = userDescriptor.getUserName();
            }
            if (userDescriptor.isUnrestricted()) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_PERMIT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Create"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userId));
                return true;
            }
            if (userPermissions == null) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY_DEFAULT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Create"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userId));
                throw new InsufficientPermissionException();
            }
            if (userPermissions.getCreatePermission() == AccessControlDescriptor.Action.PERMIT) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_PERMIT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Create"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userId));
                return true;
            }
            if (userPermissions.getCreatePermission() == AccessControlDescriptor.Action.DENY) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Create"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userId));
                throw new InsufficientPermissionException();
            }
            this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY_DEFAULT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Create"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userId));
            throw new InsufficientPermissionException();
        } catch (SQLException e) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.SQL_EXCEPTION, e);
            throw new GeneralizedException();
        } catch (InputValidationException e2) {
            this.appRes.logEvent(EventLogMessage.EventType.SESSION_ID_ILLEGAL, new EventLogField(EventLogField.FieldName.SESSION_ID, str));
            throw new GeneralizedException();
        } catch (NoDatabaseConnectionException e3) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.INTERNAL_ERROR, e3);
            throw new GeneralizedException();
        } catch (NotFoundException e4) {
            return false;
        }
    }

    protected boolean checkExecute(String str, long j) throws InsufficientPermissionException, GeneralizedException, NoSessionException {
        return checkExecute(str, j, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkExecute(String str, long j, String str2) throws InsufficientPermissionException, GeneralizedException, NoSessionException {
        try {
            SessionManagement.SessionInfo sessionInfo = this.sessionManagement.getSessionInfo(str);
            if (sessionInfo.getSessionStatus() != SessionStatus.SESSION_ACTIVE) {
                throw new NoSessionException(sessionInfo.getSessionStatus());
            }
            ObjectPermissionDescriptor userPermissions = this.accessControl.getUserPermissions(sessionInfo.getUserId(), j, true);
            long userId = sessionInfo.getUserId();
            UserManagement.UserDescriptor userDescriptor = this.userManagement.getUserDescriptor(sessionInfo.getUserId());
            String str3 = null;
            if (userDescriptor != null) {
                str3 = userDescriptor.getUserName();
            }
            if (userDescriptor.isUnrestricted()) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_PERMIT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Execute"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userId));
                return true;
            }
            if (userPermissions == null) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY_DEFAULT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Execute"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userId));
                throw new InsufficientPermissionException();
            }
            if (userPermissions.getExecutePermission() == AccessControlDescriptor.Action.PERMIT) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_PERMIT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Execute"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userId));
                return true;
            }
            if (userPermissions.getExecutePermission() == AccessControlDescriptor.Action.DENY) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Execute"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userId));
                throw new InsufficientPermissionException();
            }
            this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY_DEFAULT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Execute"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userId));
            throw new InsufficientPermissionException();
        } catch (SQLException e) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.SQL_EXCEPTION, e);
            throw new GeneralizedException();
        } catch (InputValidationException e2) {
            this.appRes.logEvent(EventLogMessage.EventType.SESSION_ID_ILLEGAL, new EventLogField(EventLogField.FieldName.SESSION_ID, str));
            throw new GeneralizedException();
        } catch (NoDatabaseConnectionException e3) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.INTERNAL_ERROR, e3);
            throw new GeneralizedException();
        } catch (NotFoundException e4) {
            return false;
        }
    }

    protected boolean checkModify(String str, long j) throws InsufficientPermissionException, GeneralizedException, NoSessionException {
        return checkModify(str, j, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkModify(String str, long j, String str2) throws InsufficientPermissionException, GeneralizedException, NoSessionException {
        try {
            SessionManagement.SessionInfo sessionInfo = this.sessionManagement.getSessionInfo(str);
            if (sessionInfo.getSessionStatus() != SessionStatus.SESSION_ACTIVE) {
                throw new NoSessionException(sessionInfo.getSessionStatus());
            }
            ObjectPermissionDescriptor userPermissions = this.accessControl.getUserPermissions(sessionInfo.getUserId(), j, true);
            long userId = sessionInfo.getUserId();
            UserManagement.UserDescriptor userDescriptor = this.userManagement.getUserDescriptor(sessionInfo.getUserId());
            String str3 = null;
            if (userDescriptor != null) {
                str3 = userDescriptor.getUserName();
            }
            if (userDescriptor.isUnrestricted()) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_PERMIT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Modify"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userId));
                return true;
            }
            if (userPermissions == null) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY_DEFAULT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Modify"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userId));
                throw new InsufficientPermissionException();
            }
            if (userPermissions.getModifyPermission() == AccessControlDescriptor.Action.PERMIT) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_PERMIT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Modify"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userId));
                return true;
            }
            if (userPermissions.getModifyPermission() == AccessControlDescriptor.Action.DENY) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Modify"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userId));
                throw new InsufficientPermissionException();
            }
            this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY_DEFAULT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Modify"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userId));
            throw new InsufficientPermissionException();
        } catch (SQLException e) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.SQL_EXCEPTION, e);
            throw new GeneralizedException();
        } catch (InputValidationException e2) {
            this.appRes.logEvent(EventLogMessage.EventType.SESSION_ID_ILLEGAL, new EventLogField(EventLogField.FieldName.SESSION_ID, str));
            throw new GeneralizedException();
        } catch (NoDatabaseConnectionException e3) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.INTERNAL_ERROR, e3);
            throw new GeneralizedException();
        } catch (NotFoundException e4) {
            return false;
        }
    }

    protected boolean checkControl(String str, long j) throws InsufficientPermissionException, GeneralizedException, NoSessionException {
        return checkControl(str, j, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkControl(String str, long j, String str2) throws InsufficientPermissionException, GeneralizedException, NoSessionException {
        try {
            SessionManagement.SessionInfo sessionInfo = this.sessionManagement.getSessionInfo(str);
            if (sessionInfo.getSessionStatus() != SessionStatus.SESSION_ACTIVE) {
                throw new NoSessionException(sessionInfo.getSessionStatus());
            }
            ObjectPermissionDescriptor userPermissions = this.accessControl.getUserPermissions(sessionInfo.getUserId(), j, true);
            UserManagement.UserDescriptor userDescriptor = this.userManagement.getUserDescriptor(sessionInfo.getUserId());
            String str3 = null;
            if (userDescriptor != null) {
                str3 = userDescriptor.getUserName();
            }
            if (userDescriptor.isUnrestricted()) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_PERMIT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Control"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()));
                return true;
            }
            if (userPermissions == null) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY_DEFAULT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Control"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()));
                throw new InsufficientPermissionException();
            }
            if (userPermissions.getControlPermission() == AccessControlDescriptor.Action.PERMIT) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_PERMIT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Control"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()));
                return true;
            }
            if (userPermissions.getControlPermission() == AccessControlDescriptor.Action.DENY) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Control"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()));
                throw new InsufficientPermissionException();
            }
            this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY_DEFAULT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Control"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()));
            throw new InsufficientPermissionException();
        } catch (SQLException e) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.SQL_EXCEPTION, e);
            throw new GeneralizedException();
        } catch (InputValidationException e2) {
            this.appRes.logEvent(EventLogMessage.EventType.SESSION_ID_ILLEGAL, new EventLogField(EventLogField.FieldName.SESSION_ID, str));
            throw new GeneralizedException();
        } catch (NoDatabaseConnectionException e3) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.INTERNAL_ERROR, e3);
            throw new GeneralizedException();
        } catch (NotFoundException e4) {
            return false;
        }
    }

    protected boolean checkDelete(String str, long j) throws InsufficientPermissionException, GeneralizedException, NoSessionException {
        return checkDelete(str, j, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkDelete(String str, long j, String str2) throws InsufficientPermissionException, GeneralizedException, NoSessionException {
        try {
            SessionManagement.SessionInfo sessionInfo = this.sessionManagement.getSessionInfo(str);
            if (sessionInfo.getSessionStatus() != SessionStatus.SESSION_ACTIVE) {
                throw new NoSessionException(sessionInfo.getSessionStatus());
            }
            ObjectPermissionDescriptor userPermissions = this.accessControl.getUserPermissions(sessionInfo.getUserId(), j, true);
            UserManagement.UserDescriptor userDescriptor = this.userManagement.getUserDescriptor(sessionInfo.getUserId());
            String str3 = null;
            if (userDescriptor != null) {
                str3 = userDescriptor.getUserName();
            }
            if (userDescriptor.isUnrestricted()) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_PERMIT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Delete"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()));
                return true;
            }
            if (userPermissions == null) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY_DEFAULT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Delete"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()));
                throw new InsufficientPermissionException();
            }
            if (userPermissions.getDeletePermission() == AccessControlDescriptor.Action.PERMIT) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_PERMIT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Delete"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()));
                return true;
            }
            if (userPermissions.getDeletePermission() == AccessControlDescriptor.Action.DENY) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Delete"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()));
                throw new InsufficientPermissionException();
            }
            this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY_DEFAULT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Delete"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()));
            throw new InsufficientPermissionException();
        } catch (SQLException e) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.SQL_EXCEPTION, e);
            throw new GeneralizedException();
        } catch (InputValidationException e2) {
            this.appRes.logEvent(EventLogMessage.EventType.SESSION_ID_ILLEGAL, new EventLogField(EventLogField.FieldName.SESSION_ID, str));
            throw new GeneralizedException();
        } catch (NoDatabaseConnectionException e3) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.INTERNAL_ERROR, e3);
            throw new GeneralizedException();
        } catch (NotFoundException e4) {
            return false;
        }
    }

    protected boolean checkRead(String str, long j) throws InsufficientPermissionException, GeneralizedException, NoSessionException {
        return checkRead(str, j, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkRead(String str, long j, String str2) throws InsufficientPermissionException, GeneralizedException, NoSessionException {
        try {
            SessionManagement.SessionInfo sessionInfo = this.sessionManagement.getSessionInfo(str);
            if (sessionInfo.getSessionStatus() != SessionStatus.SESSION_ACTIVE) {
                throw new NoSessionException(sessionInfo.getSessionStatus());
            }
            ObjectPermissionDescriptor userPermissions = this.accessControl.getUserPermissions(sessionInfo.getUserId(), j, true);
            UserManagement.UserDescriptor userDescriptor = this.userManagement.getUserDescriptor(sessionInfo.getUserId());
            String str3 = null;
            if (userDescriptor != null) {
                str3 = userDescriptor.getUserName();
            }
            if (userDescriptor.isUnrestricted()) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_PERMIT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Read"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()));
                return true;
            }
            if (userPermissions == null) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY_DEFAULT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Read"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()));
                throw new InsufficientPermissionException();
            }
            if (userPermissions.getReadPermission() == AccessControlDescriptor.Action.PERMIT) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_PERMIT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Read"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()));
                return true;
            }
            if (userPermissions.getReadPermission() == AccessControlDescriptor.Action.DENY) {
                this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Read"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()));
                throw new InsufficientPermissionException();
            }
            this.appRes.logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY_DEFAULT, new EventLogField(EventLogField.FieldName.MESSAGE, str2), new EventLogField(EventLogField.FieldName.OPERATION, "Read"), new EventLogField(EventLogField.FieldName.OBJECT_ID, j), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, str3), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, sessionInfo.getUserId()));
            throw new InsufficientPermissionException();
        } catch (SQLException e) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.SQL_EXCEPTION, e);
            throw new GeneralizedException();
        } catch (InputValidationException e2) {
            this.appRes.logEvent(EventLogMessage.EventType.SESSION_ID_ILLEGAL, new EventLogField(EventLogField.FieldName.SESSION_ID, str));
            throw new GeneralizedException();
        } catch (NoDatabaseConnectionException e3) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.INTERNAL_ERROR, e3);
            throw new GeneralizedException();
        } catch (NotFoundException e4) {
            return false;
        }
    }
}
