package net.sf.jstuff.integration.auth;

import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import net.sf.jstuff.core.collection.MapWithSets;
import net.sf.jstuff.core.logging.Logger;
import net.sf.jstuff.core.validation.Args;
import net.sf.jstuff.integration.userregistry.GroupDetailsService;
import net.sf.jstuff.integration.userregistry.UserDetailsService;
import org.springframework.util.PatternMatchUtils;

/* loaded from: input_file:net/sf/jstuff/integration/auth/DefaultAuthService.class */
public class DefaultAuthService implements AuthService {
    private static final Logger LOG = Logger.create();
    protected Set<String> applicationRoles;
    protected Authenticator authenticator;
    protected GroupDetailsService groupDetailsService;
    protected MapWithSets<String, String> groupIdToApplicationRoleMappings;
    protected AuthListener listener;
    protected MapWithSets<String, String> uriPatternsToApplicationRoleMappings;
    protected UserDetailsService userDetailsService;

    public DefaultAuthService() {
        LOG.infoNew(this);
    }

    @Override // net.sf.jstuff.integration.auth.AuthService
    public void assertAuthenticated() throws PermissionDeniedException {
        if (!isAuthenticated()) {
            throw new PermissionDeniedException("You are not authorized to perform that operation. You need to authenticate first.");
        }
    }

    @Override // net.sf.jstuff.integration.auth.AuthService
    public void assertIdentity(String str) throws PermissionDeniedException {
        if (!isIdentity(str)) {
            throw new PermissionDeniedException("You are not authorized to perform that operation. Identity mismatch.");
        }
    }

    @Override // net.sf.jstuff.integration.auth.AuthService
    public void assertRole(String str) throws PermissionDeniedException {
        if (!hasRole(str)) {
            throw new PermissionDeniedException("You are not authorized to perform that operation.");
        }
    }

    @Override // net.sf.jstuff.integration.auth.AuthService
    public void assertURIAccess(String str) throws PermissionDeniedException {
        for (Map.Entry entry : this.uriPatternsToApplicationRoleMappings.entrySet()) {
            String str2 = (String) entry.getKey();
            if (PatternMatchUtils.simpleMatch(str2, str)) {
                LOG.trace("%s matches %s", str, str2);
                Collection collection = (Collection) entry.getValue();
                if (collection.size() == 0) {
                    continue;
                } else {
                    boolean z = false;
                    Iterator it = collection.iterator();
                    while (true) {
                        if (it.hasNext()) {
                            if (hasRole((String) it.next())) {
                                z = true;
                                break;
                            }
                        } else {
                            break;
                        }
                    }
                    if (!z) {
                        throw new PermissionDeniedException("You are not authorized to perform that operation.");
                    }
                }
            } else {
                LOG.trace("%s does NOT match %s", str, str2);
            }
        }
    }

    @Override // net.sf.jstuff.integration.auth.AuthService
    public Authentication getAuthentication() {
        return AuthenticationHolder.getAuthentication();
    }

    @Override // net.sf.jstuff.integration.auth.AuthService
    public Set<String> getGrantedRoles() {
        Authentication authentication = AuthenticationHolder.getAuthentication();
        if (authentication.isAuthenticated()) {
            return getGrantedRoles(authentication.getUserDetails().getDistingueshedName());
        }
        LOG.trace("User is not authenticated.");
        return null;
    }

    protected Set<String> getGrantedRoles(String str) {
        Args.notEmpty("userDN", str);
        Set<String> groupIdsByUserDN = this.groupDetailsService.getGroupIdsByUserDN(str);
        HashSet hashSet = new HashSet();
        Iterator<String> it = groupIdsByUserDN.iterator();
        while (it.hasNext()) {
            Collection collection = (Collection) this.groupIdToApplicationRoleMappings.get(it.next());
            if (collection != null) {
                hashSet.addAll(collection);
            }
        }
        return hashSet;
    }

    @Override // net.sf.jstuff.integration.auth.AuthService
    public Set<String> getGroupIds() {
        Authentication authentication = AuthenticationHolder.getAuthentication();
        if (authentication.isAuthenticated()) {
            return this.groupDetailsService.getGroupIdsByUserDN(authentication.getUserDetails().getDistingueshedName());
        }
        LOG.trace("User is not authenticated.");
        return null;
    }

    @Override // net.sf.jstuff.integration.auth.AuthService
    public boolean hasRole(String str) {
        Set<String> grantedRoles = getGrantedRoles();
        if (grantedRoles == null) {
            return false;
        }
        return grantedRoles.contains(str);
    }

    @Override // net.sf.jstuff.integration.auth.AuthService
    public boolean isAuthenticated() {
        return AuthenticationHolder.getAuthentication().isAuthenticated();
    }

    @Override // net.sf.jstuff.integration.auth.AuthService
    public boolean isIdentity(String str) throws PermissionDeniedException {
        Authentication authentication = AuthenticationHolder.getAuthentication();
        return authentication.isAuthenticated() && authentication.getUserDetails().getUserId().equals(str);
    }

    @Override // net.sf.jstuff.integration.auth.AuthService
    public void login(String str, String str2) throws AuthenticationFailedException, AlreadyAuthenticatedException {
        if (isAuthenticated()) {
            throw new AlreadyAuthenticatedException("An authentication for the active session already exists.");
        }
        if (isAuthenticated()) {
            logout();
        }
        if (!this.authenticator.authenticate(str, str2)) {
            throw new AuthenticationFailedException("Incorrect username or password.");
        }
        DefaultAuthentication defaultAuthentication = new DefaultAuthentication(this.userDetailsService.getUserDetailsByLogonName(str), str2);
        AuthenticationHolder.setAuthentication(defaultAuthentication);
        if (this.listener != null) {
            this.listener.afterLogin(defaultAuthentication);
        }
    }

    @Override // net.sf.jstuff.integration.auth.AuthService
    public void logout() {
        AuthenticationHolder.getAuthentication().invalidate();
        if (this.listener != null) {
            this.listener.afterLogout(AuthenticationHolder.getAuthentication().getUserDetails());
        }
    }

    @Inject
    public synchronized void setApplicationRoles(String[] strArr) {
        this.applicationRoles = new HashSet();
        for (String str : strArr) {
            LOG.trace("Registering application role: %s", str);
            this.applicationRoles.add(str);
        }
    }

    @Inject
    public void setAuthenticator(Authenticator authenticator) {
        this.authenticator = authenticator;
    }

    @Inject
    public void setGroupDetailsService(GroupDetailsService groupDetailsService) {
        this.groupDetailsService = groupDetailsService;
    }

    public synchronized void setGroupIdToApplicationRoleMappings(Map<String, String> map) throws UnknownApplicationRoleException {
        this.groupIdToApplicationRoleMappings = new MapWithSets<>();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String trim = entry.getKey().trim();
            String value = entry.getValue();
            if (value != null && trim.length() > 0) {
                String trim2 = value.trim();
                if (trim2.length() > 0) {
                    LOG.trace("Registering groupId -> application role mapping: %s => %s", trim, trim2);
                    if (!this.applicationRoles.contains(trim2)) {
                        throw new UnknownApplicationRoleException("Application role is unknown: " + trim2);
                    }
                    this.groupIdToApplicationRoleMappings.add(trim, trim2);
                } else {
                    continue;
                }
            }
        }
    }

    public synchronized void setGroupIdToApplicationRoleMappingsViaStringArray(String[] strArr) throws UnknownApplicationRoleException {
        this.groupIdToApplicationRoleMappings = new MapWithSets<>();
        for (String str : strArr) {
            String[] split = str.split("=");
            split[0] = split[0].trim();
            split[1] = split[1].trim();
            if (split[0].length() != 0 && split[1].length() != 0) {
                LOG.trace("Registering groupId -> application role mapping: %s => %s", split[0], split[1]);
                if (!this.applicationRoles.contains(split[1])) {
                    throw new UnknownApplicationRoleException("Application role is unknown: " + split[1]);
                }
                this.groupIdToApplicationRoleMappings.add(split[0], split[1]);
            }
        }
    }

    @Override // net.sf.jstuff.integration.auth.AuthService
    public void setListener(AuthListener authListener) {
        this.listener = authListener;
    }

    @Inject
    public synchronized void setUriPatternsToApplicationRoleMappings(String[] strArr) throws UnknownApplicationRoleException {
        this.uriPatternsToApplicationRoleMappings = new MapWithSets<>();
        for (String str : strArr) {
            String[] split = str.split("=");
            split[0] = split[0].trim();
            split[1] = split[1].trim();
            if (split[0].length() != 0 && split[1].length() != 0) {
                LOG.trace("Registering URI pattern -> application role mapping: %s => %s", split[0], split[1]);
                if (!this.applicationRoles.contains(split[1])) {
                    throw new UnknownApplicationRoleException("Application role is unknown: " + split[1]);
                }
                this.uriPatternsToApplicationRoleMappings.add(split[0], split[1]);
            }
        }
    }

    @Inject
    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }
}
