package org.kuali.rice.kim.impl.jaxb;

import java.util.HashMap;
import java.util.List;
import java.util.Set;
import javax.xml.bind.UnmarshalException;
import org.apache.commons.lang.StringUtils;
import org.joda.time.DateTime;
import org.joda.time.ReadableInstant;
import org.kuali.rice.core.api.criteria.PredicateFactory;
import org.kuali.rice.core.api.criteria.QueryByCriteria;
import org.kuali.rice.core.api.membership.MemberType;
import org.kuali.rice.core.util.jaxb.NameAndNamespacePair;
import org.kuali.rice.kim.api.group.Group;
import org.kuali.rice.kim.api.identity.principal.Principal;
import org.kuali.rice.kim.api.permission.Permission;
import org.kuali.rice.kim.api.role.Role;
import org.kuali.rice.kim.api.role.RoleMember;
import org.kuali.rice.kim.api.role.RoleService;
import org.kuali.rice.kim.api.services.KimApiServiceLocator;
import org.kuali.rice.kim.impl.jaxb.RoleMemberXmlDTO;
import org.kuali.rice.kim.impl.jaxb.RolePermissionXmlDTO;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2017-09-14.jar:org/kuali/rice/kim/impl/jaxb/RoleXmlUtil.class */
public final class RoleXmlUtil {
    private RoleXmlUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String validateAndPersistNewRole(RoleXmlDTO roleXmlDTO) throws UnmarshalException {
        if (roleXmlDTO == null) {
            throw new IllegalArgumentException("Cannot persist a null role");
        }
        validateAndPrepareRole(roleXmlDTO);
        Role.Builder create = Role.Builder.create();
        create.setActive(roleXmlDTO.getActive().booleanValue());
        create.setDescription(roleXmlDTO.getRoleDescription());
        create.setId(roleXmlDTO.getRoleId());
        create.setKimTypeId(roleXmlDTO.getKimTypeId());
        create.setName(roleXmlDTO.getRoleName());
        create.setNamespaceCode(roleXmlDTO.getNamespaceCode());
        Role createRole = KimApiServiceLocator.getRoleService().createRole(create.build());
        roleXmlDTO.setAlreadyPersisted(true);
        return createRole.getId();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String validateAndPersistNewRoleMember(RoleMemberXmlDTO roleMemberXmlDTO) throws UnmarshalException {
        if (roleMemberXmlDTO == null) {
            throw new IllegalArgumentException("Cannot persist a null role member");
        }
        validateRoleIdAndRoleNameForMember(roleMemberXmlDTO);
        validateMemberIdentity(roleMemberXmlDTO);
        if (roleMemberXmlDTO.getActiveFromDate() != null && roleMemberXmlDTO.getActiveToDate() != null && roleMemberXmlDTO.getActiveFromDate().compareTo((ReadableInstant) roleMemberXmlDTO.getActiveToDate()) > 0) {
            throw new UnmarshalException("Cannot create a role member whose activeFromDate occurs after its activeToDate");
        }
        if (roleMemberXmlDTO.getQualifications() == null) {
            roleMemberXmlDTO.setQualifications(new HashMap());
        }
        return KimApiServiceLocator.getRoleService().createRoleMember(RoleMember.Builder.create(roleMemberXmlDTO.getRoleId(), roleMemberXmlDTO.getRoleIdAsMember(), roleMemberXmlDTO.getMemberId(), roleMemberXmlDTO.getMemberType(), roleMemberXmlDTO.getActiveFromDate() == null ? null : new DateTime(roleMemberXmlDTO.getActiveFromDate().getMillis()), roleMemberXmlDTO.getActiveToDate() == null ? null : new DateTime(roleMemberXmlDTO.getActiveToDate().getMillis()), roleMemberXmlDTO.getQualifications(), null, null).build()).getId();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateAndPersistNewRolePermission(RolePermissionXmlDTO rolePermissionXmlDTO) throws UnmarshalException {
        if (rolePermissionXmlDTO == null) {
            throw new IllegalArgumentException("newRolePermission cannot be null");
        }
        validateAndPrepareRolePermission(rolePermissionXmlDTO);
        KimApiServiceLocator.getRoleService().assignPermissionToRole(rolePermissionXmlDTO.getPermissionId(), rolePermissionXmlDTO.getRoleId());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void removeRoleMembers(String str, Set<String> set) {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("roleId cannot be blank");
        }
        if (set == null) {
            throw new IllegalArgumentException("existingRoleMemberIds cannot be null");
        }
        RoleService roleService = KimApiServiceLocator.getRoleService();
        Role role = KimApiServiceLocator.getRoleService().getRole(str);
        if (role == null) {
            throw new IllegalArgumentException("Cannot remove role members for role with ID \"" + str + "\" because that role does not exist");
        }
        List<RoleMember> results = KimApiServiceLocator.getRoleService().findRoleMembers(QueryByCriteria.Builder.fromPredicates(PredicateFactory.equal("roleId", str))).getResults();
        if (results == null || results.isEmpty()) {
            return;
        }
        for (RoleMember roleMember : results) {
            if (!set.contains(roleMember.getId())) {
                MemberType type = roleMember.getType();
                if (MemberType.PRINCIPAL.equals(type)) {
                    roleService.removePrincipalFromRole(roleMember.getMemberId(), role.getNamespaceCode(), role.getName(), roleMember.getAttributes() != null ? roleMember.getAttributes() : new HashMap<>());
                } else if (MemberType.GROUP.equals(type)) {
                    roleService.removeGroupFromRole(roleMember.getMemberId(), role.getNamespaceCode(), role.getName(), roleMember.getAttributes() != null ? roleMember.getAttributes() : new HashMap<>());
                } else if (MemberType.ROLE.equals(type)) {
                    roleService.removeRoleFromRole(roleMember.getMemberId(), role.getNamespaceCode(), role.getName(), roleMember.getAttributes() != null ? roleMember.getAttributes() : new HashMap<>());
                }
            }
        }
    }

    private static void validateAndPrepareRole(RoleXmlDTO roleXmlDTO) throws UnmarshalException {
        if (StringUtils.isBlank(roleXmlDTO.getRoleName()) || StringUtils.isBlank(roleXmlDTO.getNamespaceCode())) {
            throw new UnmarshalException("Cannot create or override a role with a blank name or a blank namespace");
        }
        if (StringUtils.isBlank(roleXmlDTO.getKimTypeId())) {
            throw new UnmarshalException("Cannot create or override a role without specikfying a KIM type");
        }
        if (StringUtils.isBlank(roleXmlDTO.getRoleDescription())) {
            throw new UnmarshalException("Cannot create or override a role with a blank description");
        }
        String roleIdByNamespaceCodeAndName = KimApiServiceLocator.getRoleService().getRoleIdByNamespaceCodeAndName(roleXmlDTO.getNamespaceCode(), roleXmlDTO.getRoleName());
        if (StringUtils.isNotBlank(roleIdByNamespaceCodeAndName)) {
            roleXmlDTO.setRoleId(roleIdByNamespaceCodeAndName);
        }
    }

    private static void validateRoleIdAndRoleNameForMember(RoleMemberXmlDTO roleMemberXmlDTO) throws UnmarshalException {
        if (roleMemberXmlDTO instanceof RoleMemberXmlDTO.OutsideOfRole) {
            RoleMemberXmlDTO.OutsideOfRole outsideOfRole = (RoleMemberXmlDTO.OutsideOfRole) roleMemberXmlDTO;
            if (outsideOfRole.getRoleNameAndNamespace() != null) {
                String roleIdByNamespaceCodeAndName = KimApiServiceLocator.getRoleService().getRoleIdByNamespaceCodeAndName(outsideOfRole.getRoleNamespaceCode(), outsideOfRole.getRoleName());
                if (StringUtils.isBlank(roleIdByNamespaceCodeAndName)) {
                    throw new UnmarshalException("Cannot create role member for role with name \"" + outsideOfRole.getRoleName() + "\" and namespace \"" + outsideOfRole.getRoleNamespaceCode() + "\" because such a role does not exist");
                }
                if (StringUtils.isBlank(outsideOfRole.getRoleId())) {
                    outsideOfRole.setRoleId(roleIdByNamespaceCodeAndName);
                } else if (!outsideOfRole.getRoleId().equals(roleIdByNamespaceCodeAndName)) {
                    throw new UnmarshalException("Cannot create role member for role with ID \"" + outsideOfRole.getRoleId() + "\", name \"" + outsideOfRole.getRoleName() + "\", and namespace \"" + outsideOfRole.getRoleNamespaceCode() + "\" because the existing role with the same name and namespace has an ID of \"" + roleIdByNamespaceCodeAndName + "\" instead");
                }
            } else {
                if (StringUtils.isBlank(outsideOfRole.getRoleId())) {
                    throw new UnmarshalException("Cannot create role member without providing the role ID or role name + namespace that the member belongs to");
                }
                if (KimApiServiceLocator.getRoleService().getRole(outsideOfRole.getRoleId()) == null) {
                    throw new UnmarshalException("Cannot create role member for the role with ID \"" + outsideOfRole.getRoleId() + "\" because that role does not exist");
                }
            }
        }
        if (StringUtils.isBlank(roleMemberXmlDTO.getRoleId())) {
            throw new UnmarshalException("Cannot create role member without providing the role ID or role name + namespace that the member belongs to");
        }
    }

    private static void validateMemberIdentity(RoleMemberXmlDTO roleMemberXmlDTO) throws UnmarshalException {
        MemberType memberType = roleMemberXmlDTO.getMemberType();
        if (memberType == null) {
            throw new UnmarshalException("Cannot create a role member with no member principal/group/role identification information specified");
        }
        if (StringUtils.isNotBlank(roleMemberXmlDTO.getMemberId())) {
            if (MemberType.PRINCIPAL.equals(memberType)) {
                if (KimApiServiceLocator.getIdentityService().getPrincipal(roleMemberXmlDTO.getPrincipalId()) == null) {
                    throw new UnmarshalException("Cannot create principal role member with principal ID \"" + roleMemberXmlDTO.getPrincipalId() + "\" because such a person does not exist");
                }
            } else if (MemberType.GROUP.equals(memberType)) {
                if (KimApiServiceLocator.getGroupService().getGroup(roleMemberXmlDTO.getGroupId()) == null) {
                    throw new UnmarshalException("Cannot create group role member with group ID \"" + roleMemberXmlDTO.getGroupId() + "\" because such a group does not exist");
                }
            } else if (MemberType.ROLE.equals(memberType)) {
                if (roleMemberXmlDTO.getRoleId().equals(roleMemberXmlDTO.getRoleIdAsMember())) {
                    throw new UnmarshalException("The role with ID \"" + roleMemberXmlDTO.getRoleIdAsMember() + "\" cannot be made a member of itself");
                }
                if (KimApiServiceLocator.getRoleService().getRole(roleMemberXmlDTO.getRoleIdAsMember()) == null) {
                    throw new UnmarshalException("Cannot use role with ID \"" + roleMemberXmlDTO.getRoleIdAsMember() + "\" as a role member because such a role does not exist");
                }
            }
        }
        if (StringUtils.isNotBlank(roleMemberXmlDTO.getMemberName())) {
            if (MemberType.PRINCIPAL.equals(memberType)) {
                Principal principalByPrincipalName = KimApiServiceLocator.getIdentityService().getPrincipalByPrincipalName(roleMemberXmlDTO.getPrincipalName());
                if (principalByPrincipalName == null) {
                    throw new UnmarshalException("Cannot create principal role member with principal name \"" + roleMemberXmlDTO.getPrincipalName() + "\" because such a person does not exist");
                }
                if (StringUtils.isBlank(roleMemberXmlDTO.getPrincipalId())) {
                    roleMemberXmlDTO.setPrincipalId(principalByPrincipalName.getPrincipalId());
                } else if (!roleMemberXmlDTO.getPrincipalId().equals(principalByPrincipalName.getPrincipalId())) {
                    throw new UnmarshalException("Cannot create principal role member with principal ID \"" + roleMemberXmlDTO.getPrincipalId() + "\" and principal name \"" + roleMemberXmlDTO.getPrincipalName() + "\" because the principal with that name has an ID of \"" + principalByPrincipalName.getPrincipalId() + "\" instead");
                }
            } else if (MemberType.GROUP.equals(memberType)) {
                NameAndNamespacePair groupName = roleMemberXmlDTO.getGroupName();
                Group groupByNamespaceCodeAndName = KimApiServiceLocator.getGroupService().getGroupByNamespaceCodeAndName(groupName.getNamespaceCode(), groupName.getName());
                if (groupByNamespaceCodeAndName == null) {
                    throw new UnmarshalException("Cannot create group role member with namespace \"" + groupName.getNamespaceCode() + "\" and name \"" + groupName.getName() + "\" because such a group does not exist");
                }
                if (StringUtils.isBlank(roleMemberXmlDTO.getGroupId())) {
                    roleMemberXmlDTO.setGroupId(groupByNamespaceCodeAndName.getId());
                } else if (!roleMemberXmlDTO.getGroupId().equals(groupByNamespaceCodeAndName.getId())) {
                    throw new UnmarshalException("Cannot create group role member with ID \"" + roleMemberXmlDTO.getGroupId() + "\", namespace \"" + groupName.getNamespaceCode() + "\", and name \"" + groupName.getName() + "\" because the group with that namespace and name has an ID of \"" + groupByNamespaceCodeAndName.getId() + "\" instead");
                }
            } else if (MemberType.ROLE.equals(memberType)) {
                NameAndNamespacePair roleNameAsMember = roleMemberXmlDTO.getRoleNameAsMember();
                Role roleByNamespaceCodeAndName = KimApiServiceLocator.getRoleService().getRoleByNamespaceCodeAndName(roleNameAsMember.getNamespaceCode(), roleNameAsMember.getName());
                if (roleByNamespaceCodeAndName == null) {
                    throw new UnmarshalException("Cannot use role with namespace \"" + roleNameAsMember.getNamespaceCode() + "\" and name \"" + roleNameAsMember.getName() + "\" as a role member because such a role does not exist");
                }
                if (roleMemberXmlDTO.getRoleId().equals(roleByNamespaceCodeAndName.getId())) {
                    throw new UnmarshalException("The role with namespace \"" + roleNameAsMember.getNamespaceCode() + "\" and name \"" + roleNameAsMember.getName() + "\" cannot be made a member of itself");
                }
                if (StringUtils.isBlank(roleMemberXmlDTO.getRoleId())) {
                    roleMemberXmlDTO.setRoleIdAsMember(roleByNamespaceCodeAndName.getId());
                } else if (!roleMemberXmlDTO.getRoleId().equals(roleByNamespaceCodeAndName.getId())) {
                    throw new RuntimeException("Cannot use role with ID \"" + roleMemberXmlDTO.getRoleId() + "\", namespace \"" + roleNameAsMember.getNamespaceCode() + "\", and name \"" + roleNameAsMember.getName() + "\" as a role member because the role with that namespace and name has an ID of \"" + roleByNamespaceCodeAndName.getId() + "\" instead");
                }
            }
        }
        if (StringUtils.isBlank(roleMemberXmlDTO.getMemberId())) {
            throw new RuntimeException("Cannot create a role member with no member principal/group/role identification information specified");
        }
    }

    private static void validateAndPrepareRolePermission(RolePermissionXmlDTO rolePermissionXmlDTO) throws UnmarshalException {
        if (rolePermissionXmlDTO instanceof RolePermissionXmlDTO.OutsideOfRole) {
            RolePermissionXmlDTO.OutsideOfRole outsideOfRole = (RolePermissionXmlDTO.OutsideOfRole) rolePermissionXmlDTO;
            if (outsideOfRole.getRoleNameAndNamespace() != null) {
                String roleIdByNamespaceCodeAndName = KimApiServiceLocator.getRoleService().getRoleIdByNamespaceCodeAndName(outsideOfRole.getRoleNamespaceCode(), outsideOfRole.getRoleName());
                if (StringUtils.isBlank(roleIdByNamespaceCodeAndName)) {
                    throw new UnmarshalException("Cannot assign permission to role with namespace \"" + outsideOfRole.getRoleNamespaceCode() + "\" and name \"" + outsideOfRole.getRoleName() + "\" because that role does not exist");
                }
                if (StringUtils.isBlank(outsideOfRole.getRoleId())) {
                    outsideOfRole.setRoleId(outsideOfRole.getRoleId());
                } else if (!outsideOfRole.getRoleId().equals(roleIdByNamespaceCodeAndName)) {
                    throw new UnmarshalException("Cannot assign permission to role with ID \"" + outsideOfRole.getRoleId() + "\", namespace \"" + outsideOfRole.getRoleNamespaceCode() + "\", and name \"" + outsideOfRole.getRoleName() + "\" because the existing role with that name and namespace has an ID of \"" + roleIdByNamespaceCodeAndName + "\" instead");
                }
            } else {
                if (StringUtils.isBlank(outsideOfRole.getRoleId())) {
                    throw new UnmarshalException("Cannot assign permission to role without providing the role ID or role name + namespace that the permission is assigned to");
                }
                if (KimApiServiceLocator.getRoleService().getRole(outsideOfRole.getRoleId()) == null) {
                    throw new UnmarshalException("Cannot assign permission to role with ID \"" + outsideOfRole.getRoleId() + "\" because that role does not exist");
                }
            }
        }
        if (StringUtils.isBlank(rolePermissionXmlDTO.getRoleId())) {
            throw new UnmarshalException("Cannot assign permission to role without providing the role ID or role name + namespace that the permission is assigned to");
        }
        if (rolePermissionXmlDTO.getPermissionNameAndNamespace() == null) {
            if (StringUtils.isBlank(rolePermissionXmlDTO.getPermissionId())) {
                throw new UnmarshalException("Cannot assign permission to role without specifying the ID or name and namespace of the permission to assign");
            }
            if (KimApiServiceLocator.getPermissionService().getPermission(rolePermissionXmlDTO.getPermissionId()) == null) {
                throw new UnmarshalException("Cannot get role assigned to permission with ID \"" + rolePermissionXmlDTO.getPermissionId() + "\" because that permission does not exist");
            }
            return;
        }
        Permission findPermByNamespaceCodeAndName = KimApiServiceLocator.getPermissionService().findPermByNamespaceCodeAndName(rolePermissionXmlDTO.getPermissionNamespaceCode(), rolePermissionXmlDTO.getPermissionName());
        if (findPermByNamespaceCodeAndName == null) {
            throw new UnmarshalException("Cannot get role assigned to permission with namespace \"" + rolePermissionXmlDTO.getPermissionNamespaceCode() + "\" and name \"" + rolePermissionXmlDTO.getPermissionName() + "\" because that permission does not exist");
        }
        if (StringUtils.isBlank(rolePermissionXmlDTO.getPermissionId())) {
            rolePermissionXmlDTO.setPermissionId(findPermByNamespaceCodeAndName.getId());
        } else if (!rolePermissionXmlDTO.getPermissionId().equals(findPermByNamespaceCodeAndName.getId())) {
            throw new UnmarshalException("Cannot get role assigned to permission with ID \"" + rolePermissionXmlDTO.getPermissionId() + "\", namespace \"" + rolePermissionXmlDTO.getPermissionNamespaceCode() + "\", and name \"" + rolePermissionXmlDTO.getPermissionName() + "\" because the existing permission with that name and namespace has an ID of \"" + findPermByNamespaceCodeAndName.getId() + "\" instead");
        }
    }
}
