package be.atbash.ee.security.octopus.subject.support;

import be.atbash.ee.security.octopus.authc.AuthenticationException;
import be.atbash.ee.security.octopus.authz.AuthorizationException;
import be.atbash.ee.security.octopus.authz.UnauthenticatedException;
import be.atbash.ee.security.octopus.authz.permission.Permission;
import be.atbash.ee.security.octopus.realm.AuthorizingRealm;
import be.atbash.ee.security.octopus.subject.ExecutionException;
import be.atbash.ee.security.octopus.subject.PrincipalCollection;
import be.atbash.ee.security.octopus.subject.SecurityManager;
import be.atbash.ee.security.octopus.subject.Subject;
import be.atbash.ee.security.octopus.subject.SubjectBuilder;
import be.atbash.ee.security.octopus.subject.UserPrincipal;
import be.atbash.ee.security.octopus.token.AuthenticationToken;
import be.atbash.ee.security.octopus.util.OctopusCollectionUtils;
import be.atbash.util.CollectionUtils;
import java.util.Collection;
import java.util.List;
import java.util.concurrent.Callable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/atbash/ee/security/octopus/subject/support/DelegatingSubject.class */
public class DelegatingSubject implements Subject {
    private static final Logger log;
    private static final String RUN_AS_PRINCIPALS_SESSION_KEY;
    protected PrincipalCollection principals;
    protected boolean authenticated;
    protected transient SecurityManager securityManager;
    private AuthorizingRealm authorizingRealm;
    static final /* synthetic */ boolean $assertionsDisabled;

    public DelegatingSubject(PrincipalCollection principalCollection, boolean z, SecurityManager securityManager, AuthorizingRealm authorizingRealm) {
        if (securityManager == null) {
            throw new IllegalArgumentException("SecurityManager argument cannot be null.");
        }
        this.securityManager = securityManager;
        this.authorizingRealm = authorizingRealm;
        this.principals = principalCollection;
        this.authenticated = z;
    }

    protected boolean hasPrincipals() {
        return !OctopusCollectionUtils.isEmpty(getPrincipals());
    }

    private UserPrincipal getPrimaryPrincipal(PrincipalCollection principalCollection) {
        if (OctopusCollectionUtils.isEmpty(principalCollection)) {
            return null;
        }
        return principalCollection.getPrimaryPrincipal();
    }

    public UserPrincipal getPrincipal() {
        return getPrimaryPrincipal(getPrincipals());
    }

    public PrincipalCollection getPrincipals() {
        List<PrincipalCollection> runAsPrincipalsStack = getRunAsPrincipalsStack();
        return CollectionUtils.isEmpty(runAsPrincipalsStack) ? this.principals : runAsPrincipalsStack.get(0);
    }

    public boolean isPermitted(String str) {
        return hasPrincipals() && this.securityManager.isPermitted(getPrincipals(), str);
    }

    public boolean isPermitted(Permission permission) {
        return hasPrincipals() && this.securityManager.isPermitted(getPrincipals(), permission);
    }

    public boolean[] isPermitted(String... strArr) {
        return hasPrincipals() ? this.securityManager.isPermitted(getPrincipals(), strArr) : new boolean[strArr.length];
    }

    public boolean[] isPermitted(List<Permission> list) {
        return hasPrincipals() ? this.securityManager.isPermitted(getPrincipals(), list) : new boolean[list.size()];
    }

    public boolean isPermittedAll(String... strArr) {
        return hasPrincipals() && this.securityManager.isPermittedAll(getPrincipals(), strArr);
    }

    public boolean isPermittedAll(Collection<Permission> collection) {
        return hasPrincipals() && this.securityManager.isPermittedAll(getPrincipals(), collection);
    }

    protected void assertAuthzCheckPossible() throws AuthorizationException {
        if (!hasPrincipals()) {
            throw new UnauthenticatedException("This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against.  A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing " + Subject.class.getName() + ".login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager.  This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again.  Because an identity is currently not known due to any of these conditions, authorization is denied.");
        }
    }

    public void checkPermission(String str) throws AuthorizationException {
        assertAuthzCheckPossible();
        this.securityManager.checkPermission(getPrincipals(), str);
    }

    public void checkPermission(Permission permission) throws AuthorizationException {
        assertAuthzCheckPossible();
        this.securityManager.checkPermission(getPrincipals(), permission);
    }

    public void checkPermissions(String... strArr) throws AuthorizationException {
        assertAuthzCheckPossible();
        this.securityManager.checkPermissions(getPrincipals(), strArr);
    }

    public void checkPermissions(Collection<Permission> collection) throws AuthorizationException {
        assertAuthzCheckPossible();
        this.securityManager.checkPermissions(getPrincipals(), collection);
    }

    public boolean hasRole(String str) {
        return hasPrincipals() && this.securityManager.hasRole(getPrincipals(), str);
    }

    public boolean[] hasRoles(List<String> list) {
        return hasPrincipals() ? this.securityManager.hasRoles(getPrincipals(), list) : new boolean[list.size()];
    }

    public boolean hasAllRoles(Collection<String> collection) {
        return hasPrincipals() && this.securityManager.hasAllRoles(getPrincipals(), collection);
    }

    public void checkRole(String str) throws AuthorizationException {
        assertAuthzCheckPossible();
        this.securityManager.checkRole(getPrincipals(), str);
    }

    public void checkRoles(String... strArr) throws AuthorizationException {
        assertAuthzCheckPossible();
        this.securityManager.checkRoles(getPrincipals(), strArr);
    }

    public void checkRoles(Collection<String> collection) throws AuthorizationException {
        assertAuthzCheckPossible();
        this.securityManager.checkRoles(getPrincipals(), collection);
    }

    public void login(AuthenticationToken authenticationToken) throws AuthenticationException {
        PrincipalCollection principals = this.securityManager.login(this, authenticationToken).getPrincipals();
        if (principals == null || principals.isEmpty()) {
            throw new IllegalStateException("Principals returned from securityManager.login( token ) returned a null or empty value.  This value must be non null and populated with one or more elements.");
        }
        this.principals = principals;
        this.authenticated = true;
    }

    public boolean isAuthenticated() {
        return this.authenticated;
    }

    public boolean isRemembered() {
        return false;
    }

    public void logout() {
        try {
            this.securityManager.logout(this);
        } finally {
            this.principals = null;
            this.authenticated = false;
        }
    }

    public <V> V execute(Callable<V> callable) throws ExecutionException {
        try {
            return associateWith(callable).call();
        } catch (Throwable th) {
            throw new ExecutionException(th);
        }
    }

    public void execute(Runnable runnable) {
        associateWith(runnable).run();
    }

    public <V> Callable<V> associateWith(Callable<V> callable) {
        return new SubjectCallable(this, callable);
    }

    public Runnable associateWith(Runnable runnable) {
        if (runnable instanceof Thread) {
            throw new UnsupportedOperationException("This implementation does not support Thread arguments because of JDK ThreadLocal inheritance mechanisms required by Shiro.  Instead, the method argument should be a non-Thread Runnable and the return value from this method can then be given to an ExecutorService or another Thread.");
        }
        return new SubjectRunnable(this, runnable);
    }

    public void runAs(PrincipalCollection principalCollection) {
        if (!hasPrincipals()) {
            throw new IllegalStateException("This subject does not yet have an identity.  Assuming the identity of another Subject is only allowed for Subjects with an existing identity.  Try logging this subject in first, or using the " + SubjectBuilder.class.getName() + " to build ad hoc Subject instances with identities as necessary.");
        }
        pushIdentity(principalCollection);
    }

    public boolean isRunAs() {
        return !CollectionUtils.isEmpty(getRunAsPrincipalsStack());
    }

    public PrincipalCollection getPreviousPrincipals() {
        PrincipalCollection principalCollection = null;
        List<PrincipalCollection> runAsPrincipalsStack = getRunAsPrincipalsStack();
        int size = runAsPrincipalsStack != null ? runAsPrincipalsStack.size() : 0;
        if (size > 0) {
            if (size == 1) {
                principalCollection = this.principals;
            } else {
                if (!$assertionsDisabled && runAsPrincipalsStack == null) {
                    throw new AssertionError();
                }
                principalCollection = runAsPrincipalsStack.get(1);
            }
        }
        return principalCollection;
    }

    public PrincipalCollection releaseRunAs() {
        return popIdentity();
    }

    private List<PrincipalCollection> getRunAsPrincipalsStack() {
        return null;
    }

    private void clearRunAsIdentities() {
        throw new UnsupportedOperationException("Need to implement be.atbash.ee.security.octopus.subject.support.DelegatingSubject.clearRunAsIdentities");
    }

    private void pushIdentity(PrincipalCollection principalCollection) throws NullPointerException {
        throw new UnsupportedOperationException("Need to implement be.atbash.ee.security.octopus.subject.support.DelegatingSubject.pushIdentity");
    }

    private PrincipalCollection popIdentity() {
        throw new UnsupportedOperationException("Need to implement be.atbash.ee.security.octopus.subject.support.DelegatingSubject.popIdentity");
    }

    public Collection<Permission> getAllPermissions() {
        return this.authorizingRealm.getPermissions(this);
    }

    static {
        $assertionsDisabled = !DelegatingSubject.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger(DelegatingSubject.class);
        RUN_AS_PRINCIPALS_SESSION_KEY = DelegatingSubject.class.getName() + ".RUN_AS_PRINCIPALS_SESSION_KEY";
    }
}
