package li.strolch.runtime.privilege;

import java.io.File;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.text.MessageFormat;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import li.strolch.agent.api.ComponentContainer;
import li.strolch.agent.api.StrolchComponent;
import li.strolch.model.audit.AccessType;
import li.strolch.persistence.api.StrolchTransaction;
import li.strolch.privilege.base.PrivilegeException;
import li.strolch.privilege.handler.SystemAction;
import li.strolch.privilege.handler.SystemActionWithResult;
import li.strolch.privilege.handler.XmlPersistenceHandler;
import li.strolch.privilege.helper.PrivilegeInitializationHelper;
import li.strolch.privilege.model.Certificate;
import li.strolch.privilege.model.PrivilegeContext;
import li.strolch.privilege.model.Usage;
import li.strolch.privilege.model.internal.PrivilegeContainerModel;
import li.strolch.privilege.xml.PrivilegeConfigSaxReader;
import li.strolch.runtime.StrolchConstants;
import li.strolch.runtime.configuration.ComponentConfiguration;
import li.strolch.runtime.configuration.RuntimeConfiguration;
import li.strolch.utils.helper.XmlHelper;

/* loaded from: input_file:li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.class */
public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements PrivilegeHandler {
    public static final String PROP_PRIVILEGE_CONFIG_FILE = "privilegeConfigFile";
    public static final String PRIVILEGE_CONFIG_XML = "PrivilegeConfig.xml";
    private li.strolch.privilege.handler.PrivilegeHandler privilegeHandler;

    public DefaultStrolchPrivilegeHandler(ComponentContainer componentContainer, String str) {
        super(componentContainer, str);
    }

    @Override // li.strolch.agent.api.StrolchComponent
    public void initialize(ComponentConfiguration componentConfiguration) throws Exception {
        super.initialize(componentConfiguration);
        this.privilegeHandler = initializeFromXml(componentConfiguration, componentConfiguration.getConfigFile(PROP_PRIVILEGE_CONFIG_FILE, PRIVILEGE_CONFIG_XML, componentConfiguration.getRuntimeConfiguration()));
    }

    @Override // li.strolch.runtime.privilege.PrivilegeHandler
    public void reloadConfiguration() {
        try {
            runAsAgent(privilegeContext -> {
                this.privilegeHandler.persistSessions(privilegeContext.getCertificate(), getClass().getName());
            });
        } catch (Exception e) {
            logger.error("Failed to persist sessions", e);
        }
        ComponentConfiguration configuration = getConfiguration();
        this.privilegeHandler = initializeFromXml(configuration, configuration.getConfigFile(PROP_PRIVILEGE_CONFIG_FILE, PRIVILEGE_CONFIG_XML, configuration.getRuntimeConfiguration()));
    }

    private li.strolch.privilege.handler.PrivilegeHandler initializeFromXml(ComponentConfiguration componentConfiguration, File file) {
        if (!file.exists()) {
            throw new PrivilegeException(MessageFormat.format("Privilege file does not exist at path {0}", file.getAbsolutePath()));
        }
        try {
            InputStream newInputStream = Files.newInputStream(file.toPath(), new OpenOption[0]);
            try {
                PrivilegeContainerModel privilegeContainerModel = new PrivilegeContainerModel();
                XmlHelper.parseDocument(newInputStream, new PrivilegeConfigSaxReader(privilegeContainerModel));
                Map parameterMap = privilegeContainerModel.getParameterMap();
                RuntimeConfiguration runtimeConfiguration = componentConfiguration.getRuntimeConfiguration();
                if (Boolean.parseBoolean((String) parameterMap.get("persistSessions"))) {
                    parameterMap.put("persistSessionsPath", new File(runtimeConfiguration.getTempPath(), "sessions.dat").getAbsolutePath());
                }
                if (privilegeContainerModel.getPersistenceHandlerClassName().equals(XmlPersistenceHandler.class.getName())) {
                    privilegeContainerModel.getPersistenceHandlerParameterMap().put("basePath", runtimeConfiguration.getConfigPath().getPath());
                }
                li.strolch.privilege.handler.PrivilegeHandler initializeFromXml = PrivilegeInitializationHelper.initializeFromXml(privilegeContainerModel);
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return initializeFromXml;
            } finally {
            }
        } catch (Exception e) {
            throw new PrivilegeException(MessageFormat.format("Failed to load Privilege configuration from {0}", file.getAbsolutePath()), e);
        }
    }

    @Override // li.strolch.runtime.privilege.PrivilegeHandler
    public Certificate authenticate(String str, char[] cArr) {
        assertContainerStarted();
        Certificate authenticate = this.privilegeHandler.authenticate(str, cArr, false);
        writeAudit(authenticate, StrolchConstants.StrolchPrivilegeConstants.LOGIN, AccessType.CREATE, str);
        return authenticate;
    }

    @Override // li.strolch.runtime.privilege.PrivilegeHandler
    public Certificate authenticate(String str, char[] cArr, String str2, Usage usage, boolean z) {
        assertContainerStarted();
        Certificate authenticate = this.privilegeHandler.authenticate(str, cArr, str2, usage, z);
        writeAudit(authenticate, StrolchConstants.StrolchPrivilegeConstants.LOGIN, AccessType.CREATE, str);
        return authenticate;
    }

    @Override // li.strolch.runtime.privilege.PrivilegeHandler
    public Certificate authenticateSingleSignOn(Object obj) {
        assertContainerStarted();
        Certificate authenticateSingleSignOn = this.privilegeHandler.authenticateSingleSignOn(obj, false);
        writeAudit(authenticateSingleSignOn, StrolchConstants.StrolchPrivilegeConstants.LOGIN, AccessType.CREATE, authenticateSingleSignOn.getUsername());
        return authenticateSingleSignOn;
    }

    @Override // li.strolch.runtime.privilege.PrivilegeHandler
    public Certificate authenticateSingleSignOn(Object obj, String str) {
        assertContainerStarted();
        Certificate authenticateSingleSignOn = this.privilegeHandler.authenticateSingleSignOn(obj, str, false);
        writeAudit(authenticateSingleSignOn, StrolchConstants.StrolchPrivilegeConstants.LOGIN, AccessType.CREATE, authenticateSingleSignOn.getUsername());
        return authenticateSingleSignOn;
    }

    @Override // li.strolch.runtime.privilege.PrivilegeHandler
    public Certificate refreshSession(Certificate certificate, String str) {
        assertContainerStarted();
        Certificate refresh = this.privilegeHandler.refresh(certificate, str);
        writeAudit(refresh, StrolchConstants.StrolchPrivilegeConstants.LOGIN, AccessType.CREATE, refresh.getUsername());
        return refresh;
    }

    @Override // li.strolch.runtime.privilege.PrivilegeHandler
    public boolean isRefreshAllowed() {
        return this.privilegeHandler.isRefreshAllowed();
    }

    private void writeAudit(Certificate certificate, String str, AccessType accessType, String str2) {
        StrolchTransaction silentThreshold = getContainer().getRealm(certificate).openTx(certificate, str, false).silentThreshold(1L, TimeUnit.NANOSECONDS);
        try {
            silentThreshold.setSuppressAudits(true);
            silentThreshold.getAuditTrail().add(silentThreshold, silentThreshold.auditFrom(accessType, StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE, StrolchConstants.StrolchPrivilegeConstants.CERTIFICATE, str2));
            if (silentThreshold != null) {
                silentThreshold.close();
            }
        } catch (Throwable th) {
            if (silentThreshold != null) {
                try {
                    silentThreshold.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Override // li.strolch.runtime.privilege.PrivilegeHandler
    public PrivilegeContext validate(Certificate certificate) throws PrivilegeException {
        return this.privilegeHandler.validate(certificate);
    }

    @Override // li.strolch.runtime.privilege.PrivilegeHandler
    public PrivilegeContext validate(Certificate certificate, String str) throws PrivilegeException {
        return this.privilegeHandler.validate(certificate, str);
    }

    @Override // li.strolch.runtime.privilege.PrivilegeHandler
    public void validateSystemSession(PrivilegeContext privilegeContext) throws PrivilegeException {
        this.privilegeHandler.validateSystemSession(privilegeContext);
    }

    @Override // li.strolch.runtime.privilege.PrivilegeHandler
    public boolean invalidate(Certificate certificate) {
        boolean invalidate = this.privilegeHandler.invalidate(certificate);
        writeAudit(certificate, StrolchConstants.StrolchPrivilegeConstants.LOGOUT, AccessType.DELETE, certificate.getUsername());
        return invalidate;
    }

    @Override // li.strolch.runtime.privilege.PrivilegeHandler
    public boolean sessionTimeout(Certificate certificate) {
        assertStarted();
        boolean invalidate = this.privilegeHandler.invalidate(certificate);
        writeAudit(certificate, StrolchConstants.StrolchPrivilegeConstants.SESSION_TIME_OUT, AccessType.DELETE, certificate.getUsername());
        return invalidate;
    }

    @Override // li.strolch.agent.api.StrolchComponent, li.strolch.runtime.privilege.PrivilegeHandler
    public void runAs(String str, SystemAction systemAction) throws Exception {
        this.privilegeHandler.runAs(str, systemAction);
    }

    @Override // li.strolch.agent.api.StrolchComponent, li.strolch.runtime.privilege.PrivilegeHandler
    public <T> T runWithResult(String str, SystemActionWithResult<T> systemActionWithResult) throws Exception {
        return (T) this.privilegeHandler.runWithResult(str, systemActionWithResult);
    }

    @Override // li.strolch.agent.api.StrolchComponent, li.strolch.runtime.privilege.PrivilegeHandler
    public void runAs(String str, PrivilegedRunnable privilegedRunnable) throws Exception {
        this.privilegeHandler.runAs(str, new StrolchSystemAction(privilegedRunnable));
    }

    @Override // li.strolch.agent.api.StrolchComponent, li.strolch.runtime.privilege.PrivilegeHandler
    public <T> T runWithResult(String str, PrivilegedRunnableWithResult<T> privilegedRunnableWithResult) throws Exception {
        return (T) this.privilegeHandler.runWithResult(str, new StrolchSystemActionWithResult(privilegedRunnableWithResult));
    }

    @Override // li.strolch.agent.api.StrolchComponent, li.strolch.runtime.privilege.PrivilegeHandler
    public void runAsAgent(SystemAction systemAction) throws Exception {
        this.privilegeHandler.runAs(StrolchConstants.SYSTEM_USER_AGENT, systemAction);
    }

    @Override // li.strolch.agent.api.StrolchComponent, li.strolch.runtime.privilege.PrivilegeHandler
    public <T> T runAsAgentWithResult(SystemActionWithResult<T> systemActionWithResult) throws Exception {
        return (T) this.privilegeHandler.runWithResult(StrolchConstants.SYSTEM_USER_AGENT, systemActionWithResult);
    }

    @Override // li.strolch.agent.api.StrolchComponent, li.strolch.runtime.privilege.PrivilegeHandler
    public void runAsAgent(PrivilegedRunnable privilegedRunnable) throws Exception {
        this.privilegeHandler.runAs(StrolchConstants.SYSTEM_USER_AGENT, new StrolchSystemAction(privilegedRunnable));
    }

    @Override // li.strolch.agent.api.StrolchComponent, li.strolch.runtime.privilege.PrivilegeHandler
    public <T> T runAsAgentWithResult(PrivilegedRunnableWithResult<T> privilegedRunnableWithResult) throws Exception {
        return (T) this.privilegeHandler.runWithResult(StrolchConstants.SYSTEM_USER_AGENT, new StrolchSystemActionWithResult(privilegedRunnableWithResult));
    }

    @Override // li.strolch.agent.api.StrolchComponent, li.strolch.runtime.privilege.PrivilegeHandler
    public <T> T runAsWithResult(String str, PrivilegedRunnableWithResult<T> privilegedRunnableWithResult) throws Exception {
        return (T) this.privilegeHandler.runWithResult(str, new StrolchSystemActionWithResult(privilegedRunnableWithResult));
    }

    @Override // li.strolch.runtime.privilege.PrivilegeHandler
    public PrivilegeContext openAgentSystemUserContext() throws PrivilegeException {
        return this.privilegeHandler.openSystemUserContext(StrolchConstants.SYSTEM_USER_AGENT);
    }

    @Override // li.strolch.runtime.privilege.PrivilegeHandler
    public li.strolch.privilege.handler.PrivilegeHandler getPrivilegeHandler() {
        return this.privilegeHandler;
    }
}
