package org.nuiton.topia.taas;

import com.google.common.collect.Lists;
import java.security.AccessController;
import java.security.Permission;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.security.auth.Subject;
import javax.security.auth.login.Configuration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuiton.topia.TopiaContext;
import org.nuiton.topia.TopiaContextFactory;
import org.nuiton.topia.TopiaException;
import org.nuiton.topia.TopiaNotFoundException;
import org.nuiton.topia.event.TopiaTransactionEvent;
import org.nuiton.topia.event.TopiaTransactionVetoable;
import org.nuiton.topia.framework.TopiaContextImplementor;
import org.nuiton.topia.framework.TopiaService;
import org.nuiton.topia.persistence.TopiaEntity;
import org.nuiton.topia.persistence.TopiaEntityContextable;
import org.nuiton.topia.persistence.TopiaId;
import org.nuiton.topia.taas.entities.TaasAuthorizationImpl;
import org.nuiton.topia.taas.entities.TaasPrincipalImpl;
import org.nuiton.topia.taas.entities.TaasUserImpl;
import org.nuiton.topia.taas.event.TaasAccessEntity;
import org.nuiton.topia.taas.event.TaasEntityVetoable;
import org.nuiton.topia.taas.jaas.TaasConfiguration;
import org.nuiton.topia.taas.jaas.TaasLoginModule;
import org.nuiton.topia.taas.jaas.TaasPermission;
import org.nuiton.topia.taas.jaas.TaasPolicy;
import org.nuiton.topia.taas.jaas.TaasPrincipalWrapper;
import org.nuiton.topia.taas.jaas.TaasSubjectFinder;
import org.nuiton.topia.taas.jaas.TaasSubjectFinderImpl;

/* loaded from: input_file:org/nuiton/topia/taas/TaasService.class */
public class TaasService implements TopiaService, TopiaTransactionVetoable {
    public static final String SERVICE_NAME = "taas";
    public static final String SERVICE_EVENT = "topia.service.taas.event";
    public static final String SERVICE_SUBJECT = "topia.service.taas.subject";
    public static final String TOPIA_SERVICE_TAAS = "topia.service.taas";
    private TaasPolicy policy = new TaasPolicy(this);
    private TopiaContextImplementor rootContext;
    private TopiaContext rootContextNoSecure;
    private TaasAccessEntity accessEntity;
    private TaasSubjectFinder subjectFinder;
    private static Log log = LogFactory.getLog(TaasService.class);
    public static final String SERVICE_LOGIN_MODULE = TaasLoginModule.class.getName();

    public Class<?>[] getPersistenceClasses() {
        return getTaasPersistenceClasses();
    }

    public static Class<?>[] getTaasPersistenceClasses() {
        return new Class[]{TaasUserImpl.class, TaasPrincipalImpl.class, TaasAuthorizationImpl.class};
    }

    public String getServiceName() {
        return SERVICE_NAME;
    }

    public boolean preInit(TopiaContextImplementor topiaContextImplementor) {
        this.rootContext = topiaContextImplementor;
        try {
            Properties properties = (Properties) this.rootContext.getConfig().clone();
            String property = properties.getProperty(SERVICE_EVENT);
            if (property == null || "".equals(property)) {
                this.accessEntity = new TaasEntityVetoable(this);
            } else {
                this.accessEntity = (TaasAccessEntity) Class.forName(property).getConstructor(TaasService.class).newInstance(this);
            }
            String property2 = properties.getProperty(SERVICE_SUBJECT);
            if (property2 == null || "".equals(property2)) {
                this.subjectFinder = new TaasSubjectFinderImpl();
            } else {
                this.subjectFinder = (TaasSubjectFinder) Class.forName(property2).newInstance();
            }
            properties.remove(TOPIA_SERVICE_TAAS);
            String property3 = properties.getProperty("topia.persistence.classes");
            for (Class<?> cls : getPersistenceClasses()) {
                property3 = property3 + "," + cls.getName();
            }
            properties.setProperty("topia.persistence.classes", property3);
            this.rootContextNoSecure = TopiaContextFactory.getContext(properties);
            initSecurity(this.rootContext);
            return true;
        } catch (Exception e) {
            throw new SecurityException("Init security error", e);
        }
    }

    public void beginTransaction(TopiaTransactionEvent topiaTransactionEvent) {
        TopiaContext source = topiaTransactionEvent.getSource();
        if (this.subjectFinder != null) {
            initSecurity(source);
        }
    }

    private void initSecurity(TopiaContext topiaContext) {
        Iterator it = this.rootContext.getPersistenceClasses().iterator();
        while (it.hasNext()) {
            topiaContext.addTopiaEntityVetoable((Class) it.next(), this.accessEntity);
        }
        for (Class<?> cls : getPersistenceClasses()) {
            topiaContext.addTopiaEntityVetoable(cls, this.accessEntity);
        }
        topiaContext.addTopiaEntitiesVetoable(this.accessEntity);
        topiaContext.addTopiaTransactionVetoable(this);
    }

    public boolean postInit(TopiaContextImplementor topiaContextImplementor) {
        this.policy.installPolicy();
        if (Configuration.getConfiguration() != null) {
            return true;
        }
        Configuration.setConfiguration(new TaasConfiguration(SERVICE_NAME, this));
        return true;
    }

    public TopiaContextImplementor getRootContext() {
        return this.rootContext;
    }

    public TopiaContext getRootContextNoSecure() throws TopiaException {
        return this.rootContextNoSecure;
    }

    public Subject findSubject() {
        Subject findSubject = this.subjectFinder.findSubject();
        if (log.isDebugEnabled()) {
            log.debug("findSubject : " + this.subjectFinder + " value " + findSubject);
        }
        return findSubject;
    }

    public void check(Collection<? extends TopiaEntity> collection, int i) throws SecurityException {
        Subject findSubject = findSubject();
        if (findSubject == null) {
            throw new SecurityException("Use doAs() and login first");
        }
        Iterator<? extends TopiaEntity> it = collection.iterator();
        while (it.hasNext()) {
            TopiaEntity next = it.next();
            try {
                checkPermission(findSubject, new TaasPermission(next.getTopiaId(), i));
            } catch (SecurityException e) {
                if (log.isDebugEnabled()) {
                    log.debug(TaasUtil.getPrincipalNames(findSubject) + " does not have permissions to load: " + next, e);
                }
                it.remove();
            }
        }
    }

    public void check(TopiaEntity topiaEntity, int i) throws SecurityException {
        check(topiaEntity.getTopiaId(), i);
    }

    public void check(String str, int i) throws SecurityException {
        Subject findSubject = findSubject();
        if (findSubject == null) {
            throw new SecurityException("Use doAs() and login first");
        }
        try {
            checkPermission(findSubject, new TaasPermission(str, i));
        } catch (SecurityException e) {
            throw new SecurityException("Access denied to object \"" + str + "\" for \"" + TaasUtil.getPrincipalNames(findSubject) + "\"", e);
        }
    }

    protected void checkPermission(Subject subject, Permission permission) {
        for (TaasPrincipalWrapper taasPrincipalWrapper : subject.getPrincipals(TaasPrincipalWrapper.class)) {
            if (log.isDebugEnabled()) {
                log.debug("Check permissions for principal wrapper : " + taasPrincipalWrapper);
            }
            if (taasPrincipalWrapper.getPermissions().implies(permission)) {
                return;
            }
        }
        throw new SecurityException("Access denied to object " + permission);
    }

    public void checkRequestPermission(TopiaEntity topiaEntity, int i) throws SecurityException {
        Subject findSubject = findSubject();
        if (findSubject == null) {
            throw new SecurityException("Use doAs() and login first");
        }
        List<Permission> requestPermission = getRequestPermission(topiaEntity, i);
        if (requestPermission == null) {
            try {
                checkPermission(findSubject, new TaasPermission(topiaEntity.getTopiaId(), i));
            } catch (SecurityException e) {
                throw new SecurityException("Access denied to object \"" + topiaEntity.getTopiaId() + "\" for \"" + TaasUtil.getPrincipalNames(findSubject) + "\"", e);
            }
        } else {
            Iterator<Permission> it = requestPermission.iterator();
            if (it.hasNext()) {
                try {
                    checkPermission(findSubject, it.next());
                } catch (SecurityException e2) {
                    throw new SecurityException("Access denied to object \"" + topiaEntity.getTopiaId() + "\" for \"" + TaasUtil.getPrincipalNames(findSubject) + "\"", e2);
                }
            }
        }
    }

    public void checkRequestPermission(Collection<? extends TopiaEntity> collection, int i) throws SecurityException {
        if (findSubject() == null) {
            throw new SecurityException("Use doAs() and login first");
        }
        Iterator<? extends TopiaEntity> it = collection.iterator();
        while (it.hasNext()) {
            TopiaEntity next = it.next();
            List<Permission> requestPermission = getRequestPermission(next, i);
            if (requestPermission == null) {
                try {
                    AccessController.checkPermission(new TaasPermission(next.getTopiaId(), i));
                } catch (SecurityException e) {
                    it.remove();
                }
            } else {
                Iterator<Permission> it2 = requestPermission.iterator();
                while (it2.hasNext()) {
                    try {
                        AccessController.checkPermission(it2.next());
                        break;
                    } catch (SecurityException e2) {
                        it.remove();
                    }
                }
            }
        }
    }

    public List<Permission> getRequestPermission(TopiaEntity topiaEntity, int i) {
        List<Permission> requestPermission;
        String topiaId = topiaEntity.getTopiaId();
        try {
            Class className = TopiaId.getClassName(topiaId);
            if (topiaEntity instanceof TopiaEntityContextable) {
                try {
                    requestPermission = ((TopiaEntityContextable) topiaEntity).getTopiaContext().getDAO(className).getRequestPermission(topiaId, i);
                } catch (TopiaException e) {
                    throw new SecurityException("Error in getRequestPermission for " + className.getName(), e);
                }
            } else {
                requestPermission = Lists.newArrayList();
            }
            return requestPermission;
        } catch (TopiaNotFoundException e2) {
            throw new SecurityException("Invalid topiaId", e2);
        }
    }
}
