package org.sakaiproject.authz.impl;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.sakaiproject.authz.api.AuthzGroup;
import org.sakaiproject.authz.api.Member;
import org.sakaiproject.authz.api.Role;
import org.sakaiproject.authz.impl.BaseAuthzGroupService;
import org.sakaiproject.db.api.SqlReader;
import org.sakaiproject.db.api.SqlService;
import org.sakaiproject.javax.PagingPosition;
import org.sakaiproject.time.api.Time;
import org.sakaiproject.user.api.UserNotDefinedException;
import org.sakaiproject.util.BaseDbFlatStorage;
import org.sakaiproject.util.StringUtil;

/* loaded from: input_file:org/sakaiproject/authz/impl/DbAuthzGroupService.class */
public abstract class DbAuthzGroupService extends BaseAuthzGroupService {
    private static Log M_log = LogFactory.getLog(DbAuthzGroupService.class);
    protected Collection m_functionCache = new HashSet();
    protected Collection m_roleNameCache = new HashSet();
    protected String m_realmTableName = "SAKAI_REALM";
    protected String m_realmPropTableName = "SAKAI_REALM_PROPERTY";
    protected String m_realmIdFieldName = "REALM_ID";
    protected String m_realmDbidField = "REALM_KEY";
    protected String[] m_realmReadFieldNames = {"REALM_ID", "PROVIDER_ID", "(select MAX(ROLE_NAME) from SAKAI_REALM_ROLE where ROLE_KEY = MAINTAIN_ROLE)", "CREATEDBY", "MODIFIEDBY", "CREATEDON", "MODIFIEDON", "REALM_KEY"};
    protected String[] m_realmUpdateFieldNames = {"REALM_ID", "PROVIDER_ID", "MAINTAIN_ROLE = (select MAX(ROLE_KEY) from SAKAI_REALM_ROLE where ROLE_NAME = ?)", "CREATEDBY", "MODIFIEDBY", "CREATEDON", "MODIFIEDON"};
    protected String[] m_realmInsertFieldNames = {"REALM_ID", "PROVIDER_ID", "MAINTAIN_ROLE", "CREATEDBY", "MODIFIEDBY", "CREATEDON", "MODIFIEDON"};
    protected String[] m_realmInsertValueNames = {"?", "?", "(select MAX(ROLE_KEY) from SAKAI_REALM_ROLE where ROLE_NAME = ?)", "?", "?", "?", "?"};
    protected boolean m_useExternalLocks = true;
    protected boolean m_autoDdl = false;
    protected static final int MAX_IN_CLAUSE = 99;

    /* loaded from: input_file:org/sakaiproject/authz/impl/DbAuthzGroupService$DbStorage.class */
    protected class DbStorage extends BaseDbFlatStorage implements BaseAuthzGroupService.Storage, SqlReader {

        /* loaded from: input_file:org/sakaiproject/authz/impl/DbAuthzGroupService$DbStorage$RealmAndProvider.class */
        public class RealmAndProvider {
            public Integer realmId;
            public String providerId;

            public RealmAndProvider(Integer num, String str) {
                this.realmId = num;
                this.providerId = str;
            }
        }

        /* loaded from: input_file:org/sakaiproject/authz/impl/DbAuthzGroupService$DbStorage$RealmAndRole.class */
        public class RealmAndRole {
            public Integer realmId;
            public String role;
            boolean active;
            boolean provided;

            public RealmAndRole(Integer num, String str, boolean z, boolean z2) {
                this.realmId = num;
                this.role = str;
                this.active = z;
                this.provided = z2;
            }

            public boolean equals(Object obj) {
                if (!(obj instanceof RealmAndRole)) {
                    return false;
                }
                if (this == obj) {
                    return true;
                }
                RealmAndRole realmAndRole = (RealmAndRole) obj;
                if (StringUtil.different(this.role, realmAndRole.role) || this.provided != realmAndRole.provided || this.active != realmAndRole.active) {
                    return false;
                }
                if (this.realmId == null && realmAndRole.realmId != null) {
                    return false;
                }
                if (this.realmId == null || realmAndRole.realmId != null) {
                    return this.realmId == null || realmAndRole.realmId == null || this.realmId.equals(realmAndRole.realmId);
                }
                return false;
            }

            public int hashCode() {
                return (this.role + Boolean.valueOf(this.provided).toString() + Boolean.valueOf(this.active).toString() + this.realmId).hashCode();
            }
        }

        /* loaded from: input_file:org/sakaiproject/authz/impl/DbAuthzGroupService$DbStorage$RoleAndDescription.class */
        public class RoleAndDescription {
            public String role;
            public String description;
            public boolean providerOnly;

            public RoleAndDescription(String str, String str2, boolean z) {
                this.role = str;
                this.description = str2;
                this.providerOnly = z;
            }

            public boolean equals(Object obj) {
                if (!(obj instanceof RoleAndDescription)) {
                    return false;
                }
                if (this == obj) {
                    return true;
                }
                RoleAndDescription roleAndDescription = (RoleAndDescription) obj;
                return (StringUtil.different(this.role, roleAndDescription.role) || StringUtil.different(this.description, roleAndDescription.description) || this.providerOnly != roleAndDescription.providerOnly) ? false : true;
            }

            public int hashCode() {
                return (this.role + this.description + Boolean.valueOf(this.providerOnly).toString()).hashCode();
            }
        }

        /* loaded from: input_file:org/sakaiproject/authz/impl/DbAuthzGroupService$DbStorage$RoleAndFunction.class */
        public class RoleAndFunction {
            public String role;
            public String function;

            public RoleAndFunction(String str, String str2) {
                this.role = str;
                this.function = str2;
            }

            public boolean equals(Object obj) {
                if (!(obj instanceof RoleAndFunction)) {
                    return false;
                }
                if (this == obj) {
                    return true;
                }
                RoleAndFunction roleAndFunction = (RoleAndFunction) obj;
                return (StringUtil.different(this.role, roleAndFunction.role) || StringUtil.different(this.function, roleAndFunction.function)) ? false : true;
            }

            public int hashCode() {
                return (this.role + this.function).hashCode();
            }
        }

        /* loaded from: input_file:org/sakaiproject/authz/impl/DbAuthzGroupService$DbStorage$UserAndRole.class */
        public class UserAndRole {
            public String userId;
            public String role;
            boolean active;
            boolean provided;

            public UserAndRole(String str, String str2, boolean z, boolean z2) {
                this.userId = str;
                this.role = str2;
                this.active = z;
                this.provided = z2;
            }

            public boolean equals(Object obj) {
                if (!(obj instanceof UserAndRole)) {
                    return false;
                }
                if (this == obj) {
                    return true;
                }
                UserAndRole userAndRole = (UserAndRole) obj;
                return !StringUtil.different(this.role, userAndRole.role) && this.provided == userAndRole.provided && this.active == userAndRole.active && !StringUtil.different(this.userId, userAndRole.userId);
            }

            public int hashCode() {
                return (this.role + Boolean.valueOf(this.provided).toString() + Boolean.valueOf(this.active).toString() + this.userId).hashCode();
            }
        }

        public DbStorage() {
            super(DbAuthzGroupService.this.m_realmTableName, DbAuthzGroupService.this.m_realmIdFieldName, DbAuthzGroupService.this.m_realmReadFieldNames, DbAuthzGroupService.this.m_realmPropTableName, DbAuthzGroupService.this.m_useExternalLocks, (SqlReader) null, DbAuthzGroupService.this.sqlService());
            this.m_reader = this;
            setDbidField(DbAuthzGroupService.this.m_realmDbidField);
            setWriteFields(DbAuthzGroupService.this.m_realmUpdateFieldNames, DbAuthzGroupService.this.m_realmInsertFieldNames, DbAuthzGroupService.this.m_realmInsertValueNames);
            setLocking(false);
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public boolean check(String str) {
            return super.checkResource(str);
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public AuthzGroup get(String str) {
            return get(null, str);
        }

        protected AuthzGroup get(Connection connection, String str) {
            BaseAuthzGroup baseAuthzGroup = (BaseAuthzGroup) super.getResource(connection, str);
            completeGet(connection, baseAuthzGroup, false);
            return baseAuthzGroup;
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public void completeGet(BaseAuthzGroup baseAuthzGroup) {
            completeGet(null, baseAuthzGroup, false);
        }

        protected void completeGet(Connection connection, final BaseAuthzGroup baseAuthzGroup, boolean z) {
            if (baseAuthzGroup != null && baseAuthzGroup.m_lazy) {
                baseAuthzGroup.m_lazy = false;
                if (z) {
                    refreshAuthzGroup(baseAuthzGroup);
                }
                if (baseAuthzGroup.m_properties.isLazy()) {
                    baseAuthzGroup.m_properties.setLazy(false);
                    super.readProperties(connection, baseAuthzGroup.getKey(), baseAuthzGroup.m_properties);
                }
                Object[] objArr = {baseAuthzGroup.getId()};
                this.m_sql.dbRead(connection, "SELECT SAKAI_REALM_ROLE.ROLE_NAME, SAKAI_REALM_FUNCTION.FUNCTION_NAME FROM SAKAI_REALM_RL_FN INNER JOIN SAKAI_REALM ON SAKAI_REALM.REALM_KEY = SAKAI_REALM_RL_FN.REALM_KEY AND SAKAI_REALM.REALM_ID = ? INNER JOIN SAKAI_REALM_ROLE ON SAKAI_REALM_ROLE.ROLE_KEY = SAKAI_REALM_RL_FN.ROLE_KEY INNER JOIN SAKAI_REALM_FUNCTION ON SAKAI_REALM_FUNCTION.FUNCTION_KEY = SAKAI_REALM_RL_FN.FUNCTION_KEY", objArr, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.DbStorage.1
                    public Object readSqlResultRecord(ResultSet resultSet) {
                        try {
                            String string = resultSet.getString(1);
                            String string2 = resultSet.getString(2);
                            BaseRole baseRole = (BaseRole) baseAuthzGroup.m_roles.get(string);
                            if (baseRole == null) {
                                baseRole = new BaseRole(string);
                                baseAuthzGroup.m_roles.put(baseRole.getId(), baseRole);
                            }
                            baseRole.allowFunction(string2);
                            return null;
                        } catch (SQLException e) {
                            return null;
                        }
                    }
                });
                this.m_sql.dbRead(connection, "SELECT SAKAI_REALM_ROLE.ROLE_NAME, SAKAI_REALM_ROLE_DESC.DESCRIPTION, SAKAI_REALM_ROLE_DESC.PROVIDER_ONLY FROM SAKAI_REALM_ROLE_DESC INNER JOIN SAKAI_REALM ON SAKAI_REALM.REALM_KEY = SAKAI_REALM_ROLE_DESC.REALM_KEY AND SAKAI_REALM.REALM_ID = ? INNER JOIN SAKAI_REALM_ROLE ON SAKAI_REALM_ROLE.ROLE_KEY = SAKAI_REALM_ROLE_DESC.ROLE_KEY", objArr, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.DbStorage.2
                    public Object readSqlResultRecord(ResultSet resultSet) {
                        try {
                            String string = resultSet.getString(1);
                            String string2 = resultSet.getString(2);
                            boolean equals = "1".equals(resultSet.getString(3));
                            BaseRole baseRole = (BaseRole) baseAuthzGroup.m_roles.get(string);
                            if (baseRole == null) {
                                baseRole = new BaseRole(string);
                                baseAuthzGroup.m_roles.put(baseRole.getId(), baseRole);
                            }
                            baseRole.setDescription(string2);
                            baseRole.setProviderOnly(equals);
                            return null;
                        } catch (SQLException e) {
                            return null;
                        }
                    }
                });
                this.m_sql.dbRead(connection, "SELECT SAKAI_REALM_ROLE.ROLE_NAME, SAKAI_REALM_RL_GR.USER_ID, SAKAI_REALM_RL_GR.ACTIVE, SAKAI_REALM_RL_GR.PROVIDED FROM SAKAI_REALM_RL_GR INNER JOIN SAKAI_REALM ON SAKAI_REALM.REALM_KEY = SAKAI_REALM_RL_GR.REALM_KEY AND SAKAI_REALM.REALM_ID = ? INNER JOIN SAKAI_REALM_ROLE ON SAKAI_REALM_ROLE.ROLE_KEY = SAKAI_REALM_RL_GR.ROLE_KEY", objArr, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.DbStorage.3
                    public Object readSqlResultRecord(ResultSet resultSet) {
                        try {
                            String string = resultSet.getString(1);
                            String string2 = resultSet.getString(2);
                            String string3 = resultSet.getString(3);
                            String string4 = resultSet.getString(4);
                            if (((BaseMember) baseAuthzGroup.m_userGrants.get(string2)) != null) {
                                DbAuthzGroupService.M_log.warn("completeGet: additional user - role grant: " + string2 + " " + string);
                                return null;
                            }
                            BaseRole baseRole = (BaseRole) baseAuthzGroup.m_roles.get(string);
                            if (baseRole == null) {
                                baseRole = new BaseRole(string);
                                baseAuthzGroup.m_roles.put(baseRole.getId(), baseRole);
                            }
                            baseAuthzGroup.m_userGrants.put(string2, new BaseMember(baseRole, "1".equals(string3), "1".equals(string4), string2));
                            return null;
                        } catch (SQLException e) {
                            return null;
                        }
                    }
                });
            }
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public List getAuthzGroups(String str, PagingPosition pagingPosition) {
            List allResources;
            if (str != null) {
                String str2 = "%" + str + "%";
                Object[] objArr = {str2, str2};
                allResources = pagingPosition != null ? getSelectedResources("( UPPER(REALM_ID) like UPPER(?) or UPPER(PROVIDER_ID) like UPPER(?) )", objArr, pagingPosition.getFirst(), pagingPosition.getLast()) : getSelectedResources("( UPPER(REALM_ID) like UPPER(?) or UPPER(PROVIDER_ID) like UPPER(?) )", objArr);
            } else {
                allResources = pagingPosition != null ? getAllResources(pagingPosition.getFirst(), pagingPosition.getLast()) : getAllResources();
            }
            return allResources;
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public int countAuthzGroups(String str) {
            int countAllResources;
            if (str != null) {
                String str2 = "%" + str + "%";
                countAllResources = countSelectedResources("( UPPER(REALM_ID) like UPPER(?) or UPPER(PROVIDER_ID) like UPPER(?) )", new Object[]{str2, str2});
            } else {
                countAllResources = countAllResources();
            }
            return countAllResources;
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public Set getProviderIds(String str) {
            List dbRead = DbAuthzGroupService.this.sqlService().dbRead("select srp.PROVIDER_ID from SAKAI_REALM sr INNER JOIN SAKAI_REALM_PROVIDER srp on sr.REALM_KEY = srp.REALM_KEY where sr.REALM_ID=?", new Object[]{str}, (SqlReader) null);
            return dbRead == null ? new HashSet() : new HashSet(dbRead);
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public Set getAuthzGroupIds(String str) {
            List dbRead = DbAuthzGroupService.this.sqlService().dbRead("select sr.REALM_ID from SAKAI_REALM sr INNER JOIN SAKAI_REALM_PROVIDER srp on sr.REALM_KEY = srp.REALM_KEY where srp.PROVIDER_ID=?", new Object[]{str}, (SqlReader) null);
            return dbRead == null ? new HashSet() : new HashSet(dbRead);
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public Set getAuthzGroupsIsAllowed(String str, String str2, Collection collection) {
            if ((collection != null && collection.isEmpty()) || str2 == null) {
                return new HashSet();
            }
            boolean z = (str == null || DbAuthzGroupService.this.userDirectoryService().getAnonymousUser().getId().equals(str)) ? false : true;
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("select SR.REALM_ID ");
            stringBuffer.append("from SAKAI_REALM_FUNCTION SRF ");
            stringBuffer.append("inner join SAKAI_REALM_RL_FN SRRF on SRF.FUNCTION_KEY = SRRF.FUNCTION_KEY ");
            stringBuffer.append("inner join SAKAI_REALM_RL_GR SRRG on SRRF.ROLE_KEY = SRRG.ROLE_KEY and SRRF.REALM_KEY = SRRG.REALM_KEY ");
            stringBuffer.append("inner join SAKAI_REALM SR on SRRF.REALM_KEY = SR.REALM_KEY ");
            stringBuffer.append("where SRF.FUNCTION_NAME = ? ");
            stringBuffer.append("and SRRG.USER_ID = ? ");
            stringBuffer.append("and SRRG.ACTIVE = '1' ");
            if (collection != null) {
                stringBuffer.append("and SR.REALM_ID in (");
                for (int i = 0; i < collection.size() - 1; i++) {
                    stringBuffer.append("?,");
                }
                stringBuffer.append("?) ");
            }
            String stringBuffer2 = stringBuffer.toString();
            Object[] objArr = new Object[collection != null ? 2 + collection.size() : 2];
            objArr[0] = str2;
            objArr[1] = str;
            if (collection != null) {
                int i2 = 2;
                Iterator it = collection.iterator();
                while (it.hasNext()) {
                    int i3 = i2;
                    i2++;
                    objArr[i3] = it.next();
                }
            }
            List dbRead = this.m_sql.dbRead(stringBuffer2, objArr, (SqlReader) null);
            HashSet hashSet = new HashSet();
            hashSet.addAll(dbRead);
            return hashSet;
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public AuthzGroup put(String str) {
            BaseAuthzGroup putResource = super.putResource(str, fields(str, null, false));
            if (putResource != null) {
                putResource.activate();
            }
            return putResource;
        }

        public AuthzGroup edit(String str) {
            BaseAuthzGroup baseAuthzGroup = (BaseAuthzGroup) super.editResource(str);
            if (baseAuthzGroup != null) {
                baseAuthzGroup.activate();
                completeGet(null, baseAuthzGroup, true);
            }
            return baseAuthzGroup;
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public void save(AuthzGroup authzGroup) {
            for (Role role : ((BaseAuthzGroup) authzGroup).m_roles.values()) {
                DbAuthzGroupService.this.checkRoleName(role.getId());
                Iterator it = role.getAllowedFunctions().iterator();
                while (it.hasNext()) {
                    DbAuthzGroupService.this.checkFunctionName((String) it.next());
                }
            }
            save_REALM_RL_FN(authzGroup);
            save_REALM_RL_GR(authzGroup);
            save_REALM_PROVIDER(authzGroup);
            save_REALM_ROLE_DESC(authzGroup);
            super.commitResource((Connection) null, authzGroup, fields(authzGroup.getId(), (BaseAuthzGroup) authzGroup, true), authzGroup.getProperties(), ((BaseAuthzGroup) authzGroup).getKey());
            refreshAuthzGroup((BaseAuthzGroup) authzGroup);
        }

        protected void save_REALM_RL_FN(AuthzGroup authzGroup) {
            final HashSet<RoleAndFunction> hashSet = new HashSet();
            for (Role role : ((BaseAuthzGroup) authzGroup).m_roles.values()) {
                Iterator it = role.getAllowedFunctions().iterator();
                while (it.hasNext()) {
                    hashSet.add(new RoleAndFunction(role.getId(), (String) it.next()));
                }
            }
            final HashSet<RoleAndFunction> hashSet2 = new HashSet();
            this.m_sql.dbRead("SELECT RR.ROLE_NAME, RF.FUNCTION_NAME FROM SAKAI_REALM_RL_FN RRF INNER JOIN SAKAI_REALM R ON RRF.REALM_KEY = R.REALM_KEY AND R.REALM_ID = ? INNER JOIN SAKAI_REALM_ROLE RR ON RRF.ROLE_KEY = RR.ROLE_KEY INNER JOIN SAKAI_REALM_FUNCTION RF ON RRF.FUNCTION_KEY = RF.FUNCTION_KEY", new Object[]{caseId(authzGroup.getId())}, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.DbStorage.4
                public Object readSqlResultRecord(ResultSet resultSet) {
                    try {
                        RoleAndFunction roleAndFunction = new RoleAndFunction(resultSet.getString(1), resultSet.getString(2));
                        if (hashSet.contains(roleAndFunction)) {
                            hashSet.remove(roleAndFunction);
                        } else {
                            hashSet2.add(roleAndFunction);
                        }
                        return null;
                    } catch (Throwable th) {
                        DbAuthzGroupService.M_log.warn("save_REALM_RL_FN: " + th.toString());
                        return null;
                    }
                }
            });
            Object[] objArr = new Object[3];
            objArr[0] = caseId(authzGroup.getId());
            String str = "mysql".equals(DbAuthzGroupService.this.sqlService().getVendor()) ? "DELETE RRF FROM SAKAI_REALM_RL_FN RRF INNER JOIN SAKAI_REALM R ON RRF.REALM_KEY = R.REALM_KEY AND R.REALM_ID = ? INNER JOIN SAKAI_REALM_ROLE RR ON RRF.ROLE_KEY = RR.ROLE_KEY AND RR.ROLE_NAME = ? INNER JOIN SAKAI_REALM_FUNCTION RF ON RRF.FUNCTION_KEY = RF.FUNCTION_KEY AND RF.FUNCTION_NAME = ?" : "DELETE FROM SAKAI_REALM_RL_FN WHERE REALM_KEY IN (SELECT REALM_KEY FROM SAKAI_REALM WHERE REALM_ID = ?) AND ROLE_KEY IN (SELECT ROLE_KEY FROM SAKAI_REALM_ROLE WHERE ROLE_NAME = ?) AND FUNCTION_KEY IN (SELECT FUNCTION_KEY FROM SAKAI_REALM_FUNCTION WHERE FUNCTION_NAME = ?)";
            for (RoleAndFunction roleAndFunction : hashSet2) {
                objArr[1] = roleAndFunction.role;
                objArr[2] = roleAndFunction.function;
                this.m_sql.dbWrite(str, objArr);
            }
            for (RoleAndFunction roleAndFunction2 : hashSet) {
                objArr[1] = roleAndFunction2.role;
                objArr[2] = roleAndFunction2.function;
                this.m_sql.dbWrite("INSERT INTO SAKAI_REALM_RL_FN (REALM_KEY, ROLE_KEY, FUNCTION_KEY) VALUES ( (SELECT REALM_KEY FROM SAKAI_REALM WHERE REALM_ID = ?), (SELECT ROLE_KEY FROM SAKAI_REALM_ROLE WHERE ROLE_NAME = ?), (SELECT FUNCTION_KEY FROM SAKAI_REALM_FUNCTION WHERE FUNCTION_NAME = ?))", objArr);
            }
        }

        protected void save_REALM_RL_GR(AuthzGroup authzGroup) {
            final HashSet<UserAndRole> hashSet = new HashSet();
            Iterator it = ((BaseAuthzGroup) authzGroup).m_userGrants.entrySet().iterator();
            while (it.hasNext()) {
                Member member = (Member) ((Map.Entry) it.next()).getValue();
                hashSet.add(new UserAndRole(member.getUserId(), member.getRole().getId(), member.isActive(), member.isProvided()));
            }
            final HashSet<UserAndRole> hashSet2 = new HashSet();
            this.m_sql.dbRead("SELECT RRG.USER_ID, RR.ROLE_NAME, RRG.ACTIVE, RRG.PROVIDED FROM SAKAI_REALM_RL_GR RRG  INNER JOIN SAKAI_REALM R ON RRG.REALM_KEY = R.REALM_KEY AND R.REALM_ID = ? INNER JOIN SAKAI_REALM_ROLE RR ON RRG.ROLE_KEY = RR.ROLE_KEY", new Object[]{caseId(authzGroup.getId())}, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.DbStorage.5
                public Object readSqlResultRecord(ResultSet resultSet) {
                    try {
                        UserAndRole userAndRole = new UserAndRole(resultSet.getString(1), resultSet.getString(2), "1".equals(resultSet.getString(3)), "1".equals(resultSet.getString(4)));
                        if (hashSet.contains(userAndRole)) {
                            hashSet.remove(userAndRole);
                        } else {
                            hashSet2.add(userAndRole);
                        }
                        return null;
                    } catch (Throwable th) {
                        DbAuthzGroupService.M_log.warn("save_REALM_RL_GR: " + th.toString());
                        return null;
                    }
                }
            });
            Object[] objArr = new Object[5];
            objArr[0] = caseId(authzGroup.getId());
            String str = "mysql".equals(DbAuthzGroupService.this.sqlService().getVendor()) ? "DELETE RRG FROM SAKAI_REALM_RL_GR RRG INNER JOIN SAKAI_REALM R ON RRG.REALM_KEY = R.REALM_KEY AND R.REALM_ID = ? INNER JOIN SAKAI_REALM_ROLE RR ON RRG.ROLE_KEY = RR.ROLE_KEY AND RR.ROLE_NAME = ? WHERE RRG.USER_ID = ? AND RRG.ACTIVE = ? AND RRG.PROVIDED = ?" : "DELETE FROM SAKAI_REALM_RL_GR WHERE REALM_KEY IN (SELECT REALM_KEY FROM SAKAI_REALM WHERE REALM_ID = ?) AND ROLE_KEY IN (SELECT ROLE_KEY FROM SAKAI_REALM_ROLE WHERE ROLE_NAME = ?) AND USER_ID = ? AND ACTIVE = ? AND PROVIDED = ?";
            for (UserAndRole userAndRole : hashSet2) {
                objArr[1] = userAndRole.role;
                objArr[2] = userAndRole.userId;
                objArr[3] = userAndRole.active ? "1" : "0";
                objArr[4] = userAndRole.provided ? "1" : "0";
                this.m_sql.dbWrite(str, objArr);
            }
            for (UserAndRole userAndRole2 : hashSet) {
                objArr[1] = userAndRole2.userId;
                objArr[2] = userAndRole2.role;
                objArr[3] = userAndRole2.active ? "1" : "0";
                objArr[4] = userAndRole2.provided ? "1" : "0";
                this.m_sql.dbWrite("INSERT INTO SAKAI_REALM_RL_GR (REALM_KEY, USER_ID, ROLE_KEY, ACTIVE, PROVIDED) VALUES ( (SELECT REALM_KEY FROM SAKAI_REALM WHERE REALM_ID = ?), ?,  (SELECT ROLE_KEY FROM SAKAI_REALM_ROLE WHERE ROLE_NAME = ?), ?, ?)", objArr);
            }
        }

        protected void save_REALM_PROVIDER(AuthzGroup authzGroup) {
            if (authzGroup.getProviderGroupId() == null || DbAuthzGroupService.this.m_provider == null) {
                this.m_sql.dbWrite("mysql".equals(DbAuthzGroupService.this.sqlService().getVendor()) ? "DELETE RP FROM SAKAI_REALM_PROVIDER RP INNER JOIN SAKAI_REALM R ON RP.REALM_KEY = R.REALM_KEY AND R.REALM_ID = ?" : "DELETE FROM SAKAI_REALM_PROVIDER WHERE REALM_KEY IN (SELECT REALM_KEY FROM SAKAI_REALM WHERE REALM_ID = ?)", new Object[]{caseId(authzGroup.getId())});
                return;
            }
            final HashSet hashSet = new HashSet();
            String[] unpackId = DbAuthzGroupService.this.m_provider.unpackId(authzGroup.getProviderGroupId());
            if (unpackId != null) {
                for (String str : unpackId) {
                    hashSet.add(str);
                }
            }
            final HashSet hashSet2 = new HashSet();
            this.m_sql.dbRead("SELECT RP.PROVIDER_ID FROM SAKAI_REALM_PROVIDER RP INNER JOIN SAKAI_REALM R ON RP.REALM_KEY = R.REALM_KEY AND R.REALM_ID = ?", new Object[]{caseId(authzGroup.getId())}, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.DbStorage.6
                public Object readSqlResultRecord(ResultSet resultSet) {
                    try {
                        String string = resultSet.getString(1);
                        if (hashSet.contains(string)) {
                            hashSet.remove(string);
                        } else {
                            hashSet2.add(string);
                        }
                        return null;
                    } catch (Throwable th) {
                        DbAuthzGroupService.M_log.warn("save_REALM_PROVIDER: " + th.toString());
                        return null;
                    }
                }
            });
            Object[] objArr = new Object[2];
            objArr[0] = caseId(authzGroup.getId());
            String str2 = "mysql".equals(DbAuthzGroupService.this.sqlService().getVendor()) ? "DELETE RP FROM SAKAI_REALM_PROVIDER RP INNER JOIN SAKAI_REALM R ON RP.REALM_KEY = R.REALM_KEY AND R.REALM_ID = ? WHERE RP.PROVIDER_ID = ?" : "DELETE FROM SAKAI_REALM_PROVIDER WHERE REALM_KEY IN (SELECT REALM_KEY FROM SAKAI_REALM WHERE REALM_ID = ?) AND PROVIDER_ID = ?";
            Iterator it = hashSet2.iterator();
            while (it.hasNext()) {
                objArr[1] = (String) it.next();
                this.m_sql.dbWrite(str2, objArr);
            }
            Iterator it2 = hashSet.iterator();
            while (it2.hasNext()) {
                objArr[1] = (String) it2.next();
                this.m_sql.dbWrite("INSERT INTO SAKAI_REALM_PROVIDER (REALM_KEY, PROVIDER_ID) VALUES ( (SELECT REALM_KEY FROM SAKAI_REALM WHERE REALM_ID = ?), ?)", objArr);
            }
        }

        protected void save_REALM_ROLE_DESC(AuthzGroup authzGroup) {
            final HashSet<RoleAndDescription> hashSet = new HashSet();
            for (Role role : ((BaseAuthzGroup) authzGroup).m_roles.values()) {
                hashSet.add(new RoleAndDescription(role.getId(), role.getDescription(), role.isProviderOnly()));
            }
            final HashSet hashSet2 = new HashSet();
            this.m_sql.dbRead("SELECT RR.ROLE_NAME, RRD.DESCRIPTION, RRD.PROVIDER_ONLY FROM SAKAI_REALM_ROLE_DESC RRD INNER JOIN SAKAI_REALM R ON RRD.REALM_KEY = R.REALM_KEY AND R.REALM_ID = ? INNER JOIN SAKAI_REALM_ROLE RR ON RRD.ROLE_KEY = RR.ROLE_KEY", new Object[]{caseId(authzGroup.getId())}, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.DbStorage.7
                public Object readSqlResultRecord(ResultSet resultSet) {
                    try {
                        RoleAndDescription roleAndDescription = new RoleAndDescription(resultSet.getString(1), resultSet.getString(2), "1".equals(resultSet.getString(3)));
                        if (hashSet.contains(roleAndDescription)) {
                            hashSet.remove(roleAndDescription);
                        } else {
                            hashSet2.add(roleAndDescription);
                        }
                        return null;
                    } catch (Throwable th) {
                        DbAuthzGroupService.M_log.warn("save_REALM_ROLE_DESC: " + th.toString());
                        return null;
                    }
                }
            });
            Object[] objArr = new Object[2];
            objArr[0] = caseId(authzGroup.getId());
            String str = "mysql".equals(DbAuthzGroupService.this.sqlService().getVendor()) ? "DELETE RRD FROM SAKAI_REALM_ROLE_DESC RRD INNER JOIN SAKAI_REALM R ON RRD.REALM_KEY = R.REALM_KEY AND R.REALM_ID = ? INNER JOIN SAKAI_REALM_ROLE RR ON RRD.ROLE_KEY = RR.ROLE_KEY AND RR.ROLE_NAME = ?" : "DELETE FROM SAKAI_REALM_ROLE_DESC WHERE REALM_KEY IN (SELECT REALM_KEY FROM SAKAI_REALM WHERE REALM_ID = ?) AND ROLE_KEY IN (SELECT ROLE_KEY FROM SAKAI_REALM_ROLE WHERE ROLE_NAME = ?)";
            Iterator it = hashSet2.iterator();
            while (it.hasNext()) {
                objArr[1] = ((RoleAndDescription) it.next()).role;
                this.m_sql.dbWrite(str, objArr);
            }
            Object[] objArr2 = new Object[4];
            objArr2[0] = caseId(authzGroup.getId());
            for (RoleAndDescription roleAndDescription : hashSet) {
                objArr2[1] = roleAndDescription.role;
                objArr2[2] = roleAndDescription.description;
                objArr2[3] = roleAndDescription.providerOnly ? "1" : "0";
                this.m_sql.dbWrite("INSERT INTO SAKAI_REALM_ROLE_DESC (REALM_KEY, ROLE_KEY, DESCRIPTION, PROVIDER_ONLY) VALUES ( (SELECT REALM_KEY FROM SAKAI_REALM WHERE REALM_ID = ?), (SELECT ROLE_KEY FROM SAKAI_REALM_ROLE WHERE ROLE_NAME = ?), ?, ?)", objArr2);
            }
        }

        public void cancel(AuthzGroup authzGroup) {
            super.cancelResource(authzGroup);
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public void remove(AuthzGroup authzGroup) {
            Object[] objArr = {caseId(authzGroup.getId())};
            this.m_sql.dbWrite("mysql".equals(DbAuthzGroupService.this.sqlService().getVendor()) ? "DELETE SAKAI_REALM_RL_FN FROM SAKAI_REALM_RL_FN INNER JOIN SAKAI_REALM ON SAKAI_REALM_RL_FN.REALM_KEY = SAKAI_REALM.REALM_KEY AND SAKAI_REALM.REALM_ID = ?" : "DELETE FROM SAKAI_REALM_RL_FN WHERE REALM_KEY IN (SELECT REALM_KEY FROM SAKAI_REALM WHERE REALM_ID = ?)", objArr);
            this.m_sql.dbWrite("mysql".equals(DbAuthzGroupService.this.sqlService().getVendor()) ? "DELETE SAKAI_REALM_RL_GR FROM SAKAI_REALM_RL_GR INNER JOIN SAKAI_REALM ON SAKAI_REALM_RL_GR.REALM_KEY = SAKAI_REALM.REALM_KEY AND SAKAI_REALM.REALM_ID = ?" : "DELETE FROM SAKAI_REALM_RL_GR WHERE REALM_KEY IN (SELECT REALM_KEY FROM SAKAI_REALM WHERE REALM_ID = ?)", objArr);
            this.m_sql.dbWrite("mysql".equals(DbAuthzGroupService.this.sqlService().getVendor()) ? "DELETE SAKAI_REALM_PROVIDER FROM SAKAI_REALM_PROVIDER INNER JOIN SAKAI_REALM ON SAKAI_REALM_PROVIDER.REALM_KEY = SAKAI_REALM.REALM_KEY AND SAKAI_REALM.REALM_ID = ?" : "DELETE FROM SAKAI_REALM_PROVIDER WHERE REALM_KEY IN (SELECT REALM_KEY FROM SAKAI_REALM WHERE REALM_ID = ?)", objArr);
            this.m_sql.dbWrite("mysql".equals(DbAuthzGroupService.this.sqlService().getVendor()) ? "DELETE SAKAI_REALM_ROLE_DESC FROM SAKAI_REALM_ROLE_DESC INNER JOIN SAKAI_REALM ON SAKAI_REALM_ROLE_DESC.REALM_KEY = SAKAI_REALM.REALM_KEY AND SAKAI_REALM.REALM_ID = ?" : "DELETE FROM SAKAI_REALM_ROLE_DESC WHERE REALM_KEY IN (SELECT REALM_KEY FROM SAKAI_REALM WHERE REALM_ID = ?)", objArr);
            super.removeResource((Connection) null, authzGroup, ((BaseAuthzGroup) authzGroup).getKey());
        }

        protected Object[] fields(String str, BaseAuthzGroup baseAuthzGroup, boolean z) {
            Object[] objArr = new Object[z ? 8 : 7];
            objArr[0] = caseId(str);
            if (z) {
                objArr[7] = objArr[0];
            }
            if (baseAuthzGroup == null) {
                String currentSessionUserId = DbAuthzGroupService.this.sessionManager().getCurrentSessionUserId();
                if (currentSessionUserId == null) {
                    currentSessionUserId = "";
                }
                Time newTime = DbAuthzGroupService.this.timeService().newTime();
                objArr[1] = "";
                objArr[2] = "";
                objArr[3] = currentSessionUserId;
                objArr[4] = currentSessionUserId;
                objArr[5] = newTime;
                objArr[6] = newTime;
            } else {
                objArr[1] = StringUtil.trimToZero(baseAuthzGroup.m_providerRealmId);
                objArr[2] = StringUtil.trimToZero(baseAuthzGroup.m_maintainRole);
                objArr[3] = StringUtil.trimToZero(baseAuthzGroup.m_createdUserId);
                objArr[4] = StringUtil.trimToZero(baseAuthzGroup.m_lastModifiedUserId);
                objArr[5] = baseAuthzGroup.getCreatedTime();
                objArr[6] = baseAuthzGroup.getModifiedTime();
            }
            return objArr;
        }

        public Object readSqlResultRecord(ResultSet resultSet) {
            try {
                String string = resultSet.getString(1);
                String string2 = resultSet.getString(2);
                String string3 = resultSet.getString(3);
                String string4 = resultSet.getString(4);
                String string5 = resultSet.getString(5);
                Timestamp timestamp = resultSet.getTimestamp(6, DbAuthzGroupService.this.sqlService().getCal());
                Time time = null;
                if (timestamp != null) {
                    time = DbAuthzGroupService.this.timeService().newTime(timestamp.getTime());
                }
                Timestamp timestamp2 = resultSet.getTimestamp(7, DbAuthzGroupService.this.sqlService().getCal());
                Time time2 = null;
                if (timestamp2 != null) {
                    time2 = DbAuthzGroupService.this.timeService().newTime(timestamp2.getTime());
                }
                return new BaseAuthzGroup(new Integer(resultSet.getInt(8)), string, string2, string3, string4, time, string5, time2);
            } catch (SQLException e) {
                DbAuthzGroupService.M_log.warn("readSqlResultRecord: " + e);
                return null;
            }
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public boolean isAllowed(String str, String str2, String str3) {
            if (str2 == null || str3 == null) {
                return false;
            }
            List dbRead = this.m_sql.dbRead("select count(1) from   SAKAI_REALM_RL_FN MAINTABLE      LEFT JOIN SAKAI_REALM_RL_GR GRANTED_ROLES         ON (MAINTABLE.REALM_KEY = GRANTED_ROLES.REALM_KEY AND MAINTABLE.ROLE_KEY = GRANTED_ROLES.ROLE_KEY),   SAKAI_REALM REALMS,   SAKAI_REALM_ROLE ROLES,   SAKAI_REALM_FUNCTION FUNCTIONS where   (     ROLES.ROLE_NAME in('.anon'" + (str != null && !DbAuthzGroupService.this.userDirectoryService().getAnonymousUser().getId().equals(str) ? ",'.auth'" : "") + ")     or     (       GRANTED_ROLES.USER_ID = ?       AND GRANTED_ROLES.ACTIVE = 1     )   )  AND FUNCTIONS.FUNCTION_NAME = ?   AND REALMS.REALM_ID in (?)   AND MAINTABLE.REALM_KEY = REALMS.REALM_KEY   AND MAINTABLE.FUNCTION_KEY = FUNCTIONS.FUNCTION_KEY   AND MAINTABLE.ROLE_KEY = ROLES.ROLE_KEY ", new Object[]{str, str2, str3}, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.DbStorage.8
                public Object readSqlResultRecord(ResultSet resultSet) {
                    try {
                        return new Integer(resultSet.getInt(1));
                    } catch (SQLException e) {
                        return null;
                    }
                }
            });
            boolean z = false;
            if (!dbRead.isEmpty()) {
                z = ((Integer) dbRead.get(0)).intValue() > 0;
            }
            return z;
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public boolean isAllowed(String str, String str2, Collection collection) {
            if (str2 == null) {
                return false;
            }
            boolean z = (str == null || DbAuthzGroupService.this.userDirectoryService().getAnonymousUser().getId().equals(str)) ? false : true;
            if (collection == null || collection.size() < 1) {
                DbAuthzGroupService.M_log.warn("isAllowed(): called with no realms: lock: " + str2 + " user: " + str);
                if (!DbAuthzGroupService.M_log.isDebugEnabled()) {
                    return false;
                }
                try {
                    throw new Exception();
                } catch (Exception e) {
                    DbAuthzGroupService.M_log.debug("isAllowed():", e);
                    return false;
                }
            }
            String orInClause = DbAuthzGroupService.this.orInClause(collection.size(), "SAKAI_REALM.REALM_ID");
            String str3 = ("mysql".equals(DbAuthzGroupService.this.sqlService().getVendor()) ? "select count(1) from SAKAI_REALM_RL_FN,SAKAI_REALM force index (AK_SAKAI_REALM_ID) where SAKAI_REALM_RL_FN.REALM_KEY = SAKAI_REALM.REALM_KEY and " + orInClause : "select count(1) from SAKAI_REALM_RL_FN where REALM_KEY in (select REALM_KEY from SAKAI_REALM where " + orInClause + ")") + " and FUNCTION_KEY in (select FUNCTION_KEY from SAKAI_REALM_FUNCTION where FUNCTION_NAME = ?) and (ROLE_KEY in (select ROLE_KEY from SAKAI_REALM_RL_GR where ACTIVE = '1' and USER_ID = ? and REALM_KEY in (select REALM_KEY from SAKAI_REALM where " + orInClause + ")) or ROLE_KEY in (select ROLE_KEY from SAKAI_REALM_ROLE where ROLE_NAME = '.anon') " + (z ? "or ROLE_KEY in (select ROLE_KEY from SAKAI_REALM_ROLE where ROLE_NAME = '.auth') " : "") + ")";
            Object[] objArr = new Object[2 + (2 * collection.size())];
            int i = 0;
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                objArr[i2] = (String) it.next();
            }
            int i3 = i;
            int i4 = i + 1;
            objArr[i3] = str2;
            int i5 = i4 + 1;
            objArr[i4] = str;
            Iterator it2 = collection.iterator();
            while (it2.hasNext()) {
                int i6 = i5;
                i5++;
                objArr[i6] = (String) it2.next();
            }
            List dbRead = this.m_sql.dbRead(str3, objArr, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.DbStorage.9
                public Object readSqlResultRecord(ResultSet resultSet) {
                    try {
                        return new Integer(resultSet.getInt(1));
                    } catch (SQLException e2) {
                        return null;
                    }
                }
            });
            boolean z2 = false;
            if (!dbRead.isEmpty()) {
                z2 = ((Integer) dbRead.get(0)).intValue() > 0;
            }
            return z2;
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public Set getUsersIsAllowed(String str, Collection collection) {
            if (str == null || collection == null || collection.isEmpty()) {
                return new HashSet();
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("select SRRG.USER_ID ");
            stringBuffer.append("from SAKAI_REALM_RL_GR SRRG ");
            if ("mysql".equals(DbAuthzGroupService.this.sqlService().getVendor())) {
                stringBuffer.append("inner join SAKAI_REALM SR force index (AK_SAKAI_REALM_ID) ON SRRG.REALM_KEY = SR.REALM_KEY ");
            } else {
                stringBuffer.append("inner join SAKAI_REALM SR ON SRRG.REALM_KEY = SR.REALM_KEY ");
            }
            stringBuffer.append("where " + DbAuthzGroupService.this.orInClause(collection.size(), "SR.REALM_ID") + " ");
            stringBuffer.append("and SRRG.ACTIVE = '1' ");
            stringBuffer.append("and SRRG.ROLE_KEY in ");
            stringBuffer.append("(select SRRF.ROLE_KEY ");
            stringBuffer.append("from SAKAI_REALM_RL_FN SRRF ");
            stringBuffer.append("inner join SAKAI_REALM_FUNCTION SRF ON SRRF.FUNCTION_KEY = SRF.FUNCTION_KEY ");
            if ("mysql".equals(DbAuthzGroupService.this.sqlService().getVendor())) {
                stringBuffer.append("inner join SAKAI_REALM SR1 force index (AK_SAKAI_REALM_ID) ON SRRF.REALM_KEY = SR1.REALM_KEY ");
            } else {
                stringBuffer.append("inner join SAKAI_REALM SR1 ON SRRF.REALM_KEY = SR1.REALM_KEY ");
            }
            stringBuffer.append("where SRF.FUNCTION_NAME = ? ");
            stringBuffer.append("and " + DbAuthzGroupService.this.orInClause(collection.size(), "SR1.REALM_ID") + ")");
            String stringBuffer2 = stringBuffer.toString();
            Object[] objArr = new Object[1 + (2 * collection.size())];
            int i = 0;
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                objArr[i2] = (String) it.next();
            }
            int i3 = i;
            int i4 = i + 1;
            objArr[i3] = str;
            Iterator it2 = collection.iterator();
            while (it2.hasNext()) {
                int i5 = i4;
                i4++;
                objArr[i5] = (String) it2.next();
            }
            List dbRead = this.m_sql.dbRead(stringBuffer2, objArr, (SqlReader) null);
            HashSet hashSet = new HashSet();
            hashSet.addAll(dbRead);
            return hashSet;
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public Set getAllowedFunctions(String str, Collection collection) {
            if (str == null || collection == null || collection.isEmpty()) {
                return new HashSet();
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("select DISTINCT FUNCTION_NAME ");
            stringBuffer.append("from SAKAI_REALM_FUNCTION SRF ");
            stringBuffer.append("inner join SAKAI_REALM_RL_FN SRRF on SRF.FUNCTION_KEY = SRRF.FUNCTION_KEY ");
            stringBuffer.append("inner join SAKAI_REALM_ROLE SRR on SRRF.ROLE_KEY = SRR.ROLE_KEY ");
            stringBuffer.append("inner join SAKAI_REALM SR on SRRF.REALM_KEY = SR.REALM_KEY ");
            stringBuffer.append("where SRR.ROLE_NAME = ? ");
            stringBuffer.append("and " + DbAuthzGroupService.this.orInClause(collection.size(), "SR.REALM_ID"));
            String stringBuffer2 = stringBuffer.toString();
            Object[] objArr = new Object[1 + collection.size()];
            objArr[0] = str;
            int i = 1;
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                objArr[i2] = (String) it.next();
            }
            List dbRead = this.m_sql.dbRead(stringBuffer2, objArr, (SqlReader) null);
            HashSet hashSet = new HashSet();
            hashSet.addAll(dbRead);
            return hashSet;
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public void refreshUser(String str, Map map) {
            if (str == null) {
                return;
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("select SRRG.REALM_KEY, SRR.ROLE_NAME, SRRG.ACTIVE, SRRG.PROVIDED ");
            stringBuffer.append("from SAKAI_REALM_ROLE SRR ");
            stringBuffer.append("inner join SAKAI_REALM_RL_GR SRRG on SRR.ROLE_KEY = SRRG.ROLE_KEY ");
            stringBuffer.append("where SRRG.USER_ID = ?");
            List<RealmAndRole> dbRead = this.m_sql.dbRead(stringBuffer.toString(), new Object[]{str}, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.DbStorage.10
                public Object readSqlResultRecord(ResultSet resultSet) {
                    try {
                        int i = resultSet.getInt(1);
                        return new RealmAndRole(new Integer(i), resultSet.getString(2), "1".equals(resultSet.getString(3)), "1".equals(resultSet.getString(4)));
                    } catch (Throwable th) {
                        return null;
                    }
                }
            });
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            for (RealmAndRole realmAndRole : dbRead) {
                if (realmAndRole.active && realmAndRole.provided) {
                    if (hashMap.containsKey(realmAndRole.realmId)) {
                        DbAuthzGroupService.M_log.warn("refreshUser: duplicate realm id found in provider grants: " + realmAndRole.realmId);
                    } else {
                        hashMap.put(realmAndRole.realmId, realmAndRole.role);
                    }
                } else if (hashMap2.containsKey(realmAndRole.realmId)) {
                    DbAuthzGroupService.M_log.warn("refreshUser: duplicate realm id found in nonProvider grants: " + realmAndRole.realmId);
                } else {
                    hashMap2.put(realmAndRole.realmId, realmAndRole.role);
                }
            }
            HashMap hashMap3 = new HashMap();
            if (map != null && map.size() > 0) {
                StringBuffer stringBuffer2 = new StringBuffer();
                stringBuffer2.append("select distinct SRP.REALM_KEY, SR.PROVIDER_ID ");
                stringBuffer2.append("from SAKAI_REALM_PROVIDER SRP ");
                stringBuffer2.append("inner join SAKAI_REALM SR on SRP.REALM_KEY = SR.REALM_KEY ");
                stringBuffer2.append("where " + DbAuthzGroupService.this.orInClause(map.size(), "SRP.PROVIDER_ID"));
                String stringBuffer3 = stringBuffer2.toString();
                Object[] objArr = new Object[map.size()];
                int i = 0;
                Iterator it = map.keySet().iterator();
                while (it.hasNext()) {
                    int i2 = i;
                    i++;
                    objArr[i2] = (String) it.next();
                }
                List<RealmAndProvider> dbRead2 = this.m_sql.dbRead(stringBuffer3, objArr, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.DbStorage.11
                    public Object readSqlResultRecord(ResultSet resultSet) {
                        try {
                            int i3 = resultSet.getInt(1);
                            return new RealmAndProvider(new Integer(i3), resultSet.getString(2));
                        } catch (Throwable th) {
                            return null;
                        }
                    }
                });
                if (dbRead2 != null && dbRead2.size() > 0) {
                    for (RealmAndProvider realmAndProvider : dbRead2) {
                        String str2 = (String) map.get(realmAndProvider.providerId);
                        if (str2 != null) {
                            if (hashMap3.containsKey(realmAndProvider.realmId)) {
                                DbAuthzGroupService.M_log.warn("refreshUser: duplicate realm id computed for new grants: " + realmAndProvider.realmId);
                            } else {
                                hashMap3.put(realmAndProvider.realmId, str2);
                            }
                        }
                    }
                }
            }
            Vector vector = new Vector();
            for (Map.Entry entry : hashMap.entrySet()) {
                Integer num = (Integer) entry.getKey();
                String str3 = (String) entry.getValue();
                String str4 = (String) hashMap3.get(num);
                if (str4 == null || !str4.equals(str3)) {
                    vector.add(num);
                }
            }
            Vector<RealmAndRole> vector2 = new Vector();
            for (Map.Entry entry2 : hashMap3.entrySet()) {
                Integer num2 = (Integer) entry2.getKey();
                String str5 = (String) entry2.getValue();
                String str6 = (String) hashMap.get(num2);
                if (((String) hashMap2.get(num2)) == null && (str6 == null || !str6.equals(str5))) {
                    vector2.add(new RealmAndRole(num2, str5, true, true));
                }
            }
            if (vector.size() > 0 || vector2.size() > 0) {
                Object[] objArr2 = new Object[2];
                objArr2[1] = str;
                Iterator it2 = vector.iterator();
                while (it2.hasNext()) {
                    objArr2[0] = (Integer) it2.next();
                    this.m_sql.dbWrite("delete from SAKAI_REALM_RL_GR where REALM_KEY = ? and USER_ID = ?", objArr2);
                }
                Object[] objArr3 = new Object[3];
                objArr3[1] = str;
                for (RealmAndRole realmAndRole2 : vector2) {
                    objArr3[0] = realmAndRole2.realmId;
                    objArr3[2] = realmAndRole2.role;
                    this.m_sql.dbWrite("insert into SAKAI_REALM_RL_GR (REALM_KEY, USER_ID, ROLE_KEY, ACTIVE, PROVIDED) values (?, ?, (select ROLE_KEY from SAKAI_REALM_ROLE where ROLE_NAME = ?), '1', '1')", objArr3);
                }
            }
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public void refreshAuthzGroup(BaseAuthzGroup baseAuthzGroup) {
            if (baseAuthzGroup == null || DbAuthzGroupService.this.m_provider == null) {
                return;
            }
            Map userRolesForGroup = DbAuthzGroupService.this.m_provider.getUserRolesForGroup(baseAuthzGroup.getProviderGroupId());
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("select SRRG.USER_ID, SRR.ROLE_NAME, SRRG.ACTIVE, SRRG.PROVIDED ");
            stringBuffer.append("from SAKAI_REALM_RL_GR SRRG ");
            stringBuffer.append("inner join SAKAI_REALM SR on SRRG. REALM_KEY = SR. REALM_KEY ");
            stringBuffer.append("inner join SAKAI_REALM_ROLE SRR on SRRG.ROLE_KEY = SRR.ROLE_KEY ");
            stringBuffer.append("where SR.REALM_ID = ?");
            List<UserAndRole> dbRead = this.m_sql.dbRead(stringBuffer.toString(), new Object[]{caseId(baseAuthzGroup.getId())}, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.DbStorage.12
                public Object readSqlResultRecord(ResultSet resultSet) {
                    try {
                        return new UserAndRole(resultSet.getString(1), resultSet.getString(2), "1".equals(resultSet.getString(3)), "1".equals(resultSet.getString(4)));
                    } catch (Throwable th) {
                        return null;
                    }
                }
            });
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            for (UserAndRole userAndRole : dbRead) {
                if (userAndRole.active && userAndRole.provided) {
                    if (hashMap.containsKey(userAndRole.userId)) {
                        DbAuthzGroupService.M_log.warn("refreshRealm: duplicate user id found in provider grants: " + userAndRole.userId);
                    } else {
                        hashMap.put(userAndRole.userId, userAndRole.role);
                    }
                } else if (hashMap2.containsKey(userAndRole.userId)) {
                    DbAuthzGroupService.M_log.warn("refreshRealm: duplicate user id found in nonProvider grants: " + userAndRole.userId);
                } else {
                    hashMap2.put(userAndRole.userId, userAndRole.role);
                }
            }
            Vector vector = new Vector();
            for (Map.Entry entry : hashMap.entrySet()) {
                String str = (String) entry.getKey();
                String str2 = (String) entry.getValue();
                try {
                    String str3 = (String) userRolesForGroup.get(DbAuthzGroupService.this.userDirectoryService().getUserEid(str));
                    if (str3 == null || !str3.equals(str2)) {
                        vector.add(str);
                    }
                } catch (UserNotDefinedException e) {
                    DbAuthzGroupService.M_log.warn("refreshAuthzGroup: cannot find eid for user: " + str);
                }
            }
            Vector<UserAndRole> vector2 = new Vector();
            for (Map.Entry entry2 : userRolesForGroup.entrySet()) {
                String str4 = (String) entry2.getKey();
                try {
                    String userId = DbAuthzGroupService.this.userDirectoryService().getUserId(str4);
                    String str5 = (String) entry2.getValue();
                    String str6 = (String) hashMap.get(userId);
                    if (((String) hashMap2.get(userId)) == null && (str6 == null || !str6.equals(str5))) {
                        vector2.add(new UserAndRole(userId, str5, true, true));
                    }
                } catch (UserNotDefinedException e2) {
                    DbAuthzGroupService.M_log.warn("refreshAuthzGroup: cannot find id for user eid: " + str4);
                }
            }
            if (vector.size() > 0 || vector2.size() > 0) {
                String str7 = "mysql".equals(DbAuthzGroupService.this.sqlService().getVendor()) ? "DELETE SAKAI_REALM_RL_GR FROM SAKAI_REALM_RL_GR INNER JOIN SAKAI_REALM ON SAKAI_REALM_RL_GR.REALM_KEY = SAKAI_REALM.REALM_KEY AND SAKAI_REALM.REALM_ID = ? WHERE SAKAI_REALM_RL_GR.USER_ID = ?" : "DELETE FROM SAKAI_REALM_RL_GR  WHERE REALM_KEY IN (SELECT REALM_KEY FROM SAKAI_REALM WHERE REALM_ID = ?) AND USER_ID = ?";
                Object[] objArr = new Object[2];
                objArr[0] = caseId(baseAuthzGroup.getId());
                Iterator it = vector.iterator();
                while (it.hasNext()) {
                    objArr[1] = (String) it.next();
                    this.m_sql.dbWrite(str7, objArr);
                }
                Object[] objArr2 = new Object[3];
                objArr2[0] = caseId(baseAuthzGroup.getId());
                for (UserAndRole userAndRole2 : vector2) {
                    objArr2[1] = userAndRole2.userId;
                    objArr2[2] = userAndRole2.role;
                    this.m_sql.dbWrite("insert into SAKAI_REALM_RL_GR (REALM_KEY, USER_ID, ROLE_KEY, ACTIVE, PROVIDED) values ((select REALM_KEY from SAKAI_REALM where REALM_ID = ?), ?, (select ROLE_KEY from SAKAI_REALM_ROLE where ROLE_NAME = ?), '1', '1')", objArr2);
                }
            }
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public String getUserRole(String str, String str2) {
            if (str == null || str2 == null) {
                return null;
            }
            List dbRead = this.m_sql.dbRead("select SRR.ROLE_NAME from SAKAI_REALM_RL_GR SRRG inner join SAKAI_REALM SR on SRRG.REALM_KEY = SR.REALM_KEY inner join SAKAI_REALM_ROLE SRR on SRRG.ROLE_KEY = SRR.ROLE_KEY where SR.REALM_ID = ? and SRRG.USER_ID = ? and SRRG.ACTIVE = '1'", new Object[]{str2, str}, (SqlReader) null);
            String str3 = null;
            if (dbRead != null && !dbRead.isEmpty()) {
                str3 = (String) dbRead.get(0);
                if (dbRead.size() > 1) {
                    DbAuthzGroupService.M_log.warn("getUserRole: user: " + str + " multiple roles");
                }
            }
            return str3;
        }

        @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService.Storage
        public Map getUsersRole(Collection collection, String str) {
            if (collection == null || collection.isEmpty() || str == null) {
                return new HashMap();
            }
            String str2 = "select SRRG.USER_ID, SRR.ROLE_NAME from SAKAI_REALM_RL_GR SRRG inner join SAKAI_REALM SR on SRRG.REALM_KEY = SR.REALM_KEY inner join SAKAI_REALM_ROLE SRR on SRRG.ROLE_KEY = SRR.ROLE_KEY where SR.REALM_ID = ? and " + DbAuthzGroupService.this.orInClause(collection.size(), "SRRG.USER_ID") + " and SRRG.ACTIVE = '1'";
            Object[] objArr = new Object[1 + collection.size()];
            objArr[0] = str;
            int i = 1;
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                objArr[i2] = it.next();
            }
            final HashMap hashMap = new HashMap();
            this.m_sql.dbRead(str2, objArr, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.DbStorage.13
                public Object readSqlResultRecord(ResultSet resultSet) {
                    try {
                        String string = resultSet.getString(1);
                        String string2 = resultSet.getString(2);
                        if (string != null && string2 != null) {
                            hashMap.put(string, string2);
                        }
                        return null;
                    } catch (Throwable th) {
                        return null;
                    }
                }
            });
            return hashMap;
        }
    }

    protected abstract SqlService sqlService();

    public void setExternalLocks(String str) {
        this.m_useExternalLocks = new Boolean(str).booleanValue();
    }

    public void setAutoDdl(String str) {
        this.m_autoDdl = new Boolean(str).booleanValue();
    }

    @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService
    public void init() {
        try {
            if (this.m_autoDdl) {
                sqlService().ddl(getClass().getClassLoader(), "sakai_realm");
                sqlService().ddl(getClass().getClassLoader(), "sakai_realm_2_4_0_001");
            }
            super.init();
            cacheRoleNames();
            cacheFunctionNames();
            M_log.info("init(): table: " + this.m_realmTableName + " external locks: " + this.m_useExternalLocks);
        } catch (Throwable th) {
            M_log.warn("init(): ", th);
        }
    }

    @Override // org.sakaiproject.authz.impl.BaseAuthzGroupService
    protected BaseAuthzGroupService.Storage newStorage() {
        return new DbStorage();
    }

    protected void checkRoleName(String str) {
        if (str == null) {
            return;
        }
        String intern = str.intern();
        if (this.m_roleNameCache.contains(intern)) {
            return;
        }
        Object[] objArr = {intern};
        List dbRead = sqlService().dbRead("select count(1) from SAKAI_REALM_ROLE where ROLE_NAME = ?", objArr, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.1
            public Object readSqlResultRecord(ResultSet resultSet) {
                try {
                    return new Integer(resultSet.getInt(1));
                } catch (SQLException e) {
                    return null;
                }
            }
        });
        boolean z = false;
        if (!dbRead.isEmpty()) {
            z = ((Integer) dbRead.get(0)).intValue() > 0;
        }
        if (!z) {
            sqlService().dbWriteFailQuiet((Connection) null, "oracle".equals(sqlService().getVendor()) ? "insert into SAKAI_REALM_ROLE (ROLE_KEY, ROLE_NAME) values (SAKAI_REALM_ROLE_SEQ.NEXTVAL, ?)" : "mysql".equals(sqlService().getVendor()) ? "insert into SAKAI_REALM_ROLE (ROLE_KEY, ROLE_NAME) values (DEFAULT, ?)" : "insert into SAKAI_REALM_ROLE (ROLE_KEY, ROLE_NAME) values (NEXT VALUE FOR SAKAI_REALM_ROLE_SEQ, ?)", objArr);
        }
        synchronized (this.m_roleNameCache) {
            this.m_roleNameCache.add(intern);
        }
    }

    protected void cacheRoleNames() {
        synchronized (this.m_roleNameCache) {
            sqlService().dbRead("select ROLE_NAME from SAKAI_REALM_ROLE", (Object[]) null, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.2
                public Object readSqlResultRecord(ResultSet resultSet) {
                    try {
                        DbAuthzGroupService.this.m_roleNameCache.add(resultSet.getString(1));
                        return null;
                    } catch (SQLException e) {
                        return null;
                    }
                }
            });
        }
    }

    protected void checkFunctionName(String str) {
        if (str == null) {
            return;
        }
        String intern = str.intern();
        if (this.m_functionCache.contains(intern)) {
            return;
        }
        Object[] objArr = {intern};
        List dbRead = sqlService().dbRead("select count(1) from SAKAI_REALM_FUNCTION where FUNCTION_NAME = ?", objArr, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.3
            public Object readSqlResultRecord(ResultSet resultSet) {
                try {
                    return new Integer(resultSet.getInt(1));
                } catch (SQLException e) {
                    return null;
                }
            }
        });
        boolean z = false;
        if (!dbRead.isEmpty()) {
            z = ((Integer) dbRead.get(0)).intValue() > 0;
        }
        if (!z) {
            sqlService().dbWriteFailQuiet((Connection) null, "oracle".equals(sqlService().getVendor()) ? "insert into SAKAI_REALM_FUNCTION (FUNCTION_KEY, FUNCTION_NAME) values (SAKAI_REALM_FUNCTION_SEQ.NEXTVAL, ?)" : "mysql".equals(sqlService().getVendor()) ? "insert into SAKAI_REALM_FUNCTION (FUNCTION_KEY, FUNCTION_NAME) values (DEFAULT, ?)" : "insert into SAKAI_REALM_FUNCTION (FUNCTION_KEY, FUNCTION_NAME) values (NEXT VALUE FOR SAKAI_REALM_FUNCTION_SEQ, ?)", objArr);
        }
        synchronized (this.m_functionCache) {
            this.m_functionCache.add(intern);
        }
    }

    protected void cacheFunctionNames() {
        synchronized (this.m_functionCache) {
            sqlService().dbRead("select FUNCTION_NAME from SAKAI_REALM_FUNCTION", (Object[]) null, new SqlReader() { // from class: org.sakaiproject.authz.impl.DbAuthzGroupService.4
                public Object readSqlResultRecord(ResultSet resultSet) {
                    try {
                        DbAuthzGroupService.this.m_functionCache.add(resultSet.getString(1));
                        return null;
                    } catch (SQLException e) {
                        return null;
                    }
                }
            });
        }
    }

    protected String orInClause(int i, String str) {
        int i2 = i / MAX_IN_CLAUSE;
        int i3 = i - (i2 * MAX_IN_CLAUSE);
        StringBuffer stringBuffer = new StringBuffer();
        if (i2 > 0) {
            stringBuffer.append(" (");
        }
        stringBuffer.append(" " + str + " IN ");
        if (i2 > 0) {
            for (int i4 = 0; i4 < i2; i4++) {
                stringBuffer.append("(?");
                for (int i5 = 1; i5 < MAX_IN_CLAUSE; i5++) {
                    stringBuffer.append(",?");
                }
                stringBuffer.append(")");
                if (i4 < i2 - 1) {
                    stringBuffer.append(" OR " + str + " IN ");
                }
            }
        }
        if (i3 > 0) {
            if (i2 > 0) {
                stringBuffer.append(" OR " + str + " IN ");
            }
            stringBuffer.append("(?");
            for (int i6 = 1; i6 < i3; i6++) {
                stringBuffer.append(",?");
            }
            stringBuffer.append(")");
        }
        if (i2 > 0) {
            stringBuffer.append(" )");
        }
        return stringBuffer.toString();
    }
}
