package org.osaf.cosmo.security.impl;

import java.util.HashSet;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osaf.cosmo.acegisecurity.userdetails.CosmoUserDetails;
import org.osaf.cosmo.model.Item;
import org.osaf.cosmo.model.Ticket;
import org.osaf.cosmo.model.User;
import org.osaf.cosmo.security.CosmoSecurityContext;
import org.osaf.cosmo.security.CosmoSecurityException;
import org.osaf.cosmo.security.CosmoSecurityManager;
import org.osaf.cosmo.security.PermissionDeniedException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/osaf/cosmo/security/impl/CosmoSecurityManagerImpl.class */
public class CosmoSecurityManagerImpl implements CosmoSecurityManager {
    private static final Log log = LogFactory.getLog(CosmoSecurityManagerImpl.class);
    private AuthenticationManager authenticationManager;
    private final ThreadLocal<Set<Ticket>> tickets = new ThreadLocal<>();

    @Override // org.osaf.cosmo.security.CosmoSecurityManager
    public CosmoSecurityContext getSecurityContext() throws CosmoSecurityException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            throw new CosmoSecurityException("no Authentication found in SecurityContext");
        }
        return createSecurityContext(authentication);
    }

    @Override // org.osaf.cosmo.security.CosmoSecurityManager
    public CosmoSecurityContext initiateSecurityContext(String str, String str2) throws CosmoSecurityException {
        try {
            Authentication authenticate = this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(str, str2));
            SecurityContextHolder.getContext().setAuthentication(authenticate);
            return createSecurityContext(authenticate);
        } catch (AuthenticationException e) {
            throw new CosmoSecurityException("can't establish security context", e);
        }
    }

    @Override // org.osaf.cosmo.security.CosmoSecurityManager
    public CosmoSecurityContext initiateSecurityContext(User user) throws CosmoSecurityException {
        CosmoUserDetails cosmoUserDetails = new CosmoUserDetails(user);
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(cosmoUserDetails, "", cosmoUserDetails.getAuthorities());
        usernamePasswordAuthenticationToken.setDetails(cosmoUserDetails);
        SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
        return createSecurityContext(usernamePasswordAuthenticationToken);
    }

    @Override // org.osaf.cosmo.security.CosmoSecurityManager
    public void checkPermission(Item item, int i) throws PermissionDeniedException, CosmoSecurityException {
        CosmoSecurityContext securityContext = getSecurityContext();
        if (securityContext.isAnonymous()) {
            log.warn("Anonymous access attempted to item " + item.getUid());
            throw new PermissionDeniedException("Anonymous principals have no permissions");
        }
        if (securityContext.isAdmin()) {
            return;
        }
        User user = securityContext.getUser();
        if (user != null) {
            if (user.equals(item.getOwner())) {
                return;
            }
            log.warn("User " + user.getUsername() + " attempted access to item " + item.getUid() + " owned by " + item.getOwner().getUsername());
            throw new PermissionDeniedException("User does not have appropriate permissions on item " + item.getUid());
        }
        Ticket ticket = securityContext.getTicket();
        if (ticket != null) {
            if (!ticket.isGranted(item)) {
                log.warn("Non-granted ticket " + ticket.getKey() + " attempted access to item " + item.getUid());
                throw new PermissionDeniedException("Ticket " + ticket.getKey() + " is not granted on item " + item.getUid());
            }
            if (i == 100 && ticket.getPrivileges().contains("read")) {
                return;
            }
            if (i == 200 && ticket.getPrivileges().contains("write")) {
                return;
            }
            if (i == 300 && ticket.getPrivileges().contains("freebusy")) {
                return;
            }
            log.warn("Granted ticket " + ticket.getKey() + " attempted access to item " + item.getUid());
            throw new PermissionDeniedException("Ticket " + ticket.getKey() + " does not have appropriate permissions on item " + item.getUid());
        }
    }

    protected CosmoSecurityContext createSecurityContext(Authentication authentication) {
        return new CosmoSecurityContextImpl(authentication, this.tickets.get());
    }

    public AuthenticationManager getAuthenticationManager() {
        return this.authenticationManager;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Override // org.osaf.cosmo.security.CosmoSecurityManager
    public void registerTickets(Set<Ticket> set) {
        if (this.tickets.get() == null) {
            this.tickets.set(new HashSet());
        }
        this.tickets.get().addAll(set);
    }

    @Override // org.osaf.cosmo.security.CosmoSecurityManager
    public void unregisterTickets() {
        this.tickets.remove();
    }
}
