package co.pishfa.security.entity.authentication;

import co.pishfa.accelerate.cdi.CdiUtils;
import co.pishfa.security.entity.audit.AuditLevel;
import co.pishfa.security.entity.authorization.Permission;
import co.pishfa.security.exception.AuthenticationException;
import co.pishfa.security.exception.AuthorizationException;
import co.pishfa.security.exception.LoginRequiredException;
import co.pishfa.security.service.AuditService;
import co.pishfa.security.service.AuthenticationService;
import co.pishfa.security.service.AuthorizationService;
import co.pishfa.security.service.SecurityConfig;
import co.pishfa.security.service.SecurityConstants;
import co.pishfa.security.service.handler.AllPermissionHandler;
import co.pishfa.security.service.handler.PermissionScopeHandler;
import java.io.Serializable;
import java.lang.annotation.Annotation;
import java.util.Arrays;
import javax.annotation.PostConstruct;
import javax.enterprise.context.SessionScoped;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@SessionScoped
@Named("identity")
/* loaded from: input_file:co/pishfa/security/entity/authentication/Identity.class */
public class Identity implements Serializable {
    private static final long serialVersionUID = 1;

    @Inject
    private SecurityConfig securityConfig;

    @Inject
    private AuthenticationService authenticationService;

    @Inject
    private AuthorizationService authorizationService;

    @Inject
    private AuditService auditService;
    private boolean systemMode = false;
    private OnlineUser onlineUser;
    private User user;
    private static final Logger log = LoggerFactory.getLogger(Identity.class);
    private static final AllPermissionHandler allPermissionHandler = new AllPermissionHandler();

    public static Identity getInstance() {
        return (Identity) CdiUtils.getInstance(Identity.class, new Annotation[0]);
    }

    @PostConstruct
    public void init() {
        log.info("init");
    }

    public OnlineUser getOnlineUser() {
        return this.onlineUser;
    }

    public User getUser() {
        return this.user;
    }

    public User getUserAttached() {
        return this.authenticationService.getCurrentUserAttached();
    }

    public void setOnlineUser(OnlineUser onlineUser) {
        this.onlineUser = onlineUser;
        this.user = onlineUser == null ? null : onlineUser.getUser();
    }

    public void setUser(User user) {
        this.user = user;
        this.onlineUser.setUser(user);
    }

    public boolean is(String str) {
        return hasRole(str);
    }

    public boolean canAny(String str) {
        return hasOneOfPermissions(null, StringUtils.split(str, '|'));
    }

    public boolean canAny(Object obj, String str) {
        return hasOneOfPermissions(obj, StringUtils.split(str, '|'));
    }

    public boolean can(String str) {
        return can(null, str);
    }

    public boolean can(Object obj, String str) {
        return hasPermission(obj, str);
    }

    public boolean isLoggedIn() {
        if (shouldBypassSecurity()) {
            return true;
        }
        return this.onlineUser.isLoggedIn();
    }

    public void setLoggedIn(boolean z) {
        this.onlineUser.setLoggedIn(z);
    }

    public boolean shouldBypassSecurity() {
        return !this.securityConfig.isSecurityEnabled() || this.systemMode;
    }

    public boolean hasRole(String str) {
        if (shouldBypassSecurity()) {
            return true;
        }
        return this.authorizationService.getImpliedRoles(this.user).containsKey(str);
    }

    public Permission findPermission(String str) {
        return this.authorizationService.findPermission(this, str);
    }

    public boolean hasOneOfPermissions(Object obj, String... strArr) {
        if (strArr == null) {
            return hasPermission(obj, null);
        }
        for (String str : strArr) {
            if (hasPermission(obj, str)) {
                return true;
            }
        }
        return false;
    }

    public void checkOneOfPermissions(Object obj, String... strArr) throws AuthorizationException {
        if (hasOneOfPermissions(obj, strArr)) {
            return;
        }
        if (!isLoggedIn()) {
            throw new LoginRequiredException();
        }
        String arrays = Arrays.toString(strArr);
        this.auditService.audit(this.authorizationService.findAction(arrays), "unathorized.access", String.valueOf(obj), AuditLevel.RISK);
        throw new AuthorizationException(obj, arrays, getPermissionMsg(obj, arrays));
    }

    public void checkPermission(Object obj, String str) throws AuthorizationException {
        if (str != null && str.startsWith("#")) {
            checkRole(str);
        }
        if (hasPermission(obj, str)) {
            return;
        }
        if (!isLoggedIn()) {
            throw new LoginRequiredException();
        }
        this.auditService.audit(this.authorizationService.findAction(str), "unathorized.access", String.valueOf(obj), AuditLevel.RISK);
        throw new AuthorizationException(obj, str, getPermissionMsg(obj, str));
    }

    public String getPermissionMsg(Object obj, String str) {
        return String.format("User %s is not authorized to perform %s on %s", this.user.getName(), str, obj);
    }

    public void checkRole(String str) throws AuthorizationException {
        if (hasRole(str)) {
            return;
        }
        String name = this.user.getName();
        if (!isLoggedIn()) {
            throw new LoginRequiredException();
        }
        throw new AuthorizationException(name, str, "User " + name + " has not the required role " + str);
    }

    public void checkOneOfRoles(String... strArr) throws AuthorizationException {
        if (hasOneOfRoles(strArr)) {
            return;
        }
        String name = this.user.getName();
        if (!isLoggedIn()) {
            throw new LoginRequiredException();
        }
        throw new AuthorizationException(name, strArr.toString(), "User " + name + " has none of the required roles");
    }

    public boolean hasOneOfRoles(String... strArr) {
        for (String str : strArr) {
            if (hasRole(str)) {
                return true;
            }
        }
        return false;
    }

    public boolean hasPermission(Object obj, String str) {
        if (shouldBypassSecurity()) {
            return true;
        }
        return (str == null || !str.startsWith("#")) ? this.authorizationService.hasPermission(this, obj, str) : hasRole(str.substring(1));
    }

    public boolean isSystemMode() {
        return this.systemMode;
    }

    public void setSystemMode(boolean z) {
        this.systemMode = z;
    }

    public void login(String str, String str2) throws AuthenticationException {
        this.authenticationService.login(str, str2);
    }

    public void logout() {
        this.authenticationService.logout(getOnlineUser());
    }

    public static Identity getFromSession(HttpSession httpSession) {
        Validate.notNull(httpSession);
        return (Identity) httpSession.getAttribute(SecurityConstants.SESSION_IDENTITY);
    }

    public void putInSession(HttpSession httpSession) {
        Validate.notNull(httpSession);
        httpSession.setAttribute(SecurityConstants.SESSION_IDENTITY, this);
    }

    public <E> PermissionScopeHandler<E> getScopeHandler(Permission permission) {
        return shouldBypassSecurity() ? allPermissionHandler : this.authorizationService.getScopeHandler(permission);
    }
}
