package org.nuiton.topia.security;

import java.security.AccessController;
import java.security.Permission;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.Configuration;
import org.apache.commons.collections.map.ReferenceMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuiton.topia.TopiaContext;
import org.nuiton.topia.TopiaException;
import org.nuiton.topia.TopiaNotFoundException;
import org.nuiton.topia.TopiaSecurityDAOHelper;
import org.nuiton.topia.event.TopiaTransactionEvent;
import org.nuiton.topia.event.TopiaTransactionVetoable;
import org.nuiton.topia.framework.TopiaContextImplementor;
import org.nuiton.topia.persistence.TopiaId;
import org.nuiton.topia.security.entities.authorization.TopiaAssociationAuthorizationDAO;
import org.nuiton.topia.security.entities.authorization.TopiaAuthorization;
import org.nuiton.topia.security.entities.authorization.TopiaAuthorizationDAO;
import org.nuiton.topia.security.entities.authorization.TopiaEntityAuthorizationDAO;
import org.nuiton.topia.security.entities.authorization.TopiaEntityAuthorizationImpl;
import org.nuiton.topia.security.entities.authorization.TopiaExpressionLink;
import org.nuiton.topia.security.entities.authorization.TopiaExpressionLinkDAO;
import org.nuiton.topia.security.entities.user.TopiaGroupDAO;
import org.nuiton.topia.security.entities.user.TopiaUser;
import org.nuiton.topia.security.entities.user.TopiaUserDAO;
import org.nuiton.topia.security.jaas.TopiaConfiguration;
import org.nuiton.topia.security.jaas.TopiaPermission;
import org.nuiton.topia.security.jaas.TopiaPolicy;
import org.nuiton.topia.security.listener.EntityVetoable;
import org.nuiton.topia.security.listener.NoSecurityLoad;
import org.nuiton.topia.security.listener.PropertyReadListener;
import org.nuiton.topia.security.listener.PropertyVetoable;
import org.nuiton.topia.security.listener.PropertyWriteListener;
import org.nuiton.topia.security.util.TopiaSecurityCaching;
import org.nuiton.topia.security.util.TopiaSecurityUtil;

/* loaded from: input_file:org/nuiton/topia/security/TopiaSecurityServiceImpl.class */
public class TopiaSecurityServiceImpl implements TopiaSecurityService, TopiaTransactionVetoable {
    private static Log log = LogFactory.getLog(TopiaSecurityServiceImpl.class);
    private TopiaContext rootContext;
    private TopiaContext securityContext;
    private EntityVetoable entityVetoable = new EntityVetoable(this);
    private PropertyReadListener read = new PropertyReadListener(this);
    private PropertyWriteListener write = new PropertyWriteListener(this);
    private PropertyVetoable propertyVetoable = new PropertyVetoable(this.read, this.write);
    private TopiaPolicy policy = new TopiaPolicy(this);
    private transient TopiaSecurityCaching entitiesLoadingCache = new TopiaSecurityCaching(2);
    private transient Map<String, Permission> authorizationsCache = Collections.synchronizedMap(new ReferenceMap(1, 1));
    private transient Map<String, Set<Permission>> permissionsCache = Collections.synchronizedMap(new ReferenceMap(1, 1));

    public String getServiceName() {
        return TopiaSecurityService.SERVICE_NAME;
    }

    public Class<?>[] getPersistenceClasses() {
        return TopiaSecurityUtil.TOPIA_SECURITY_PERSISTENCE_CLASSES;
    }

    public boolean preInit(TopiaContextImplementor topiaContextImplementor) {
        return true;
    }

    public boolean postInit(TopiaContextImplementor topiaContextImplementor) {
        this.rootContext = topiaContextImplementor;
        this.securityContext = null;
        this.rootContext.addTopiaEntityVetoable(this.entityVetoable);
        this.rootContext.addTopiaEntityListener(this.propertyVetoable);
        this.rootContext.addTopiaTransactionVetoable(this);
        this.policy.installPolicy();
        Configuration.setConfiguration(new TopiaConfiguration("topia", this));
        return true;
    }

    public void beginTransaction(TopiaTransactionEvent topiaTransactionEvent) {
        TopiaContext source = topiaTransactionEvent.getSource();
        source.addTopiaEntityVetoable(this.entityVetoable);
        source.addTopiaEntityListener(this.propertyVetoable);
        source.addTopiaTransactionVetoable(this);
    }

    public TopiaContext getSecurityContext() throws TopiaException {
        if (this.securityContext == null) {
            this.securityContext = this.rootContext.beginTransaction();
        }
        return this.securityContext;
    }

    public TopiaUserDAO getTopiaUserDAO() {
        try {
            return TopiaSecurityDAOHelper.getTopiaUserDAO(getSecurityContext());
        } catch (TopiaException e) {
            log.error("Recuperation du TopiaUserDAO impossible", e);
            return null;
        }
    }

    public TopiaGroupDAO getTopiaGroupDAO() {
        try {
            return TopiaSecurityDAOHelper.getTopiaGroupDAO(getSecurityContext());
        } catch (TopiaException e) {
            log.error("Recuperation du TopiaGroupDAO impossible", e);
            return null;
        }
    }

    public TopiaAuthorizationDAO getTopiaAuthorizationDAO() {
        try {
            return TopiaSecurityDAOHelper.getTopiaAuthorizationDAO(getSecurityContext());
        } catch (TopiaException e) {
            log.error("Recuperation du TopiaAuthorizationDAO impossible", e);
            return null;
        }
    }

    public TopiaEntityAuthorizationDAO getTopiaEntityAuthorizationDAO() {
        try {
            return TopiaSecurityDAOHelper.getTopiaEntityAuthorizationDAO(getSecurityContext());
        } catch (TopiaException e) {
            log.error("Recuperation du TopiaEntityAuthorizationDAO impossible", e);
            return null;
        }
    }

    public TopiaExpressionLinkDAO getTopiaIdLinkDAO() {
        try {
            return TopiaSecurityDAOHelper.getTopiaExpressionLinkDAO(getSecurityContext());
        } catch (TopiaException e) {
            log.error("Recuperation du TopiaLinkAuthorizationDAO impossible", e);
            return null;
        }
    }

    public TopiaAssociationAuthorizationDAO getTopiaAssociationAuthorizationDAO() {
        try {
            return TopiaSecurityDAOHelper.getTopiaAssociationAuthorizationDAO(getSecurityContext());
        } catch (TopiaException e) {
            log.error("Recuperation du TopiaAssociationAuthorizationDAO impossible", e);
            return null;
        }
    }

    public Set<Permission> putPermissionsCache(String str) throws TopiaException {
        List<TopiaAuthorization> findAll = getTopiaAuthorizationDAO().findAll();
        HashSet hashSet = new HashSet();
        this.permissionsCache.put(str, hashSet);
        boolean equals = TopiaId.getClassNameAsString(str).equals(TopiaUser.class.getName());
        for (TopiaAuthorization topiaAuthorization : findAll) {
            Set principals = topiaAuthorization.getPrincipals();
            if (principals.contains(str) || (equals && principals.isEmpty())) {
                hashSet.add(getAuthorizationCache(topiaAuthorization));
            }
        }
        getSecurityContext().commitTransaction();
        return hashSet;
    }

    private Permission getAuthorizationCache(TopiaAuthorization topiaAuthorization) {
        String topiaId = topiaAuthorization.getTopiaId();
        Permission permission = this.authorizationsCache.get(topiaId);
        if (permission == null) {
            permission = new TopiaPermission(topiaAuthorization);
            this.authorizationsCache.put(topiaId, permission);
        }
        return permission;
    }

    public Set<Permission> getPermissionsCache(String str) {
        return this.permissionsCache.get(str);
    }

    public void putEntitiesLoadingCache(String str, boolean z) {
        String userPrincipal = TopiaSecurityUtil.getUserPrincipal();
        if (userPrincipal != null) {
            this.entitiesLoadingCache.put(Boolean.valueOf(z), userPrincipal, str);
        }
    }

    public Boolean getEntitiesLoadingCache(String str) {
        String userPrincipal = TopiaSecurityUtil.getUserPrincipal();
        if (userPrincipal != null) {
            return (Boolean) this.entitiesLoadingCache.get(userPrincipal, str);
        }
        return null;
    }

    public void removeEntitiesLoadingCache(String str) {
        this.entitiesLoadingCache.clear(str);
    }

    public boolean containEntitiesLoadingCache(String str) {
        return getEntitiesLoadingCache(str) != null;
    }

    protected List<String> getRealExpressions(String str) {
        try {
            List<String> findAll = getSecurityContext().findAll("select distinct link.by from " + TopiaExpressionLink.class.getName() + " link where link.replace=:replace", new Object[]{TopiaExpressionLink.PROPERTY_REPLACE, str});
            getSecurityContext().commitTransaction();
            if (findAll == null) {
                findAll = new ArrayList();
            }
            findAll.add(str);
            return findAll;
        } catch (TopiaException e) {
            throw new SecurityException("Replace expression for link failed", e);
        }
    }

    protected int getRealActions(String str, int i) {
        try {
            if (NoSecurityLoad.class.isAssignableFrom(TopiaId.getClassName(str))) {
                i &= 14;
            }
        } catch (TopiaNotFoundException e) {
            if (log.isDebugEnabled()) {
                log.debug("Real actions failed", e);
            }
        }
        return i;
    }

    @Override // org.nuiton.topia.security.TopiaSecurityService
    public void checkPermission(Class<?> cls, int i) throws SecurityException {
        if (log.isTraceEnabled()) {
            log.trace("Checking permissions to entity class : " + cls);
        }
        if (cls == null) {
            throw new SecurityException("Class cannot be null");
        }
        checkPermission(cls.getName() + "#*", i);
    }

    @Override // org.nuiton.topia.security.TopiaSecurityService
    public void checkPermission(String str, int i) throws SecurityException {
        int realActions = getRealActions(str, i);
        if (realActions != 0) {
            Subject subject = Subject.getSubject(AccessController.getContext());
            if (subject == null) {
                if (log.isWarnEnabled()) {
                    log.warn("Use doAs() and login first");
                    return;
                }
                return;
            }
            boolean z = false;
            Iterator<String> it = getRealExpressions(str).iterator();
            while (it.hasNext()) {
                try {
                    AccessController.checkPermission(new TopiaPermission(new TopiaEntityAuthorizationImpl(it.next(), realActions, subject.getPrincipals())));
                    z = true;
                    break;
                } catch (SecurityException e) {
                    z = false;
                }
            }
            if (!z) {
                throw new SecurityException("Access denied to object \"" + str + "\" for \"" + subject + "\"");
            }
        }
    }
}
