package net.sf.jguard.core.authorization.permissions;

import java.io.Serializable;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import net.sf.ehcache.Cache;
import net.sf.ehcache.CacheException;
import net.sf.ehcache.CacheManager;
import net.sf.ehcache.Element;
import net.sf.jguard.core.principals.RolePrincipal;
import net.sf.jguard.core.principals.UserPrincipal;
import org.apache.commons.jexl.ExpressionFactory;
import org.apache.commons.jexl.JexlContext;
import org.apache.commons.jexl.JexlHelper;
import org.apache.xerces.impl.xs.SchemaSymbols;

/* loaded from: input_file:WEB-INF/lib/jguard-core-1.1.0-beta-3.jar:net/sf/jguard/core/authorization/permissions/PermissionUtils.class */
public class PermissionUtils {
    private static final Logger logger;
    private static CacheManager manager;
    private static Cache unresolvedPermToNeededExpressions;
    private static Cache unresolvedPermAndValuesToResolvedPerm;
    private static boolean cachesEnabled;
    private static Pattern JEXL_PATTERN;
    static Class class$net$sf$jguard$core$authorization$permissions$PermissionUtils;
    static Class class$java$lang$String;
    static Class class$java$security$BasicPermission;

    public static Permission getPermission(String str, String str2, String str3) throws ClassNotFoundException {
        Class<?> cls;
        Class<?> cls2;
        Class<?> cls3;
        Class<?> cls4;
        Class cls5;
        Class cls6;
        try {
            Class<?> loadClass = Thread.currentThread().getContextClassLoader().loadClass(str);
            Class<?>[] clsArr = new Class[2];
            if (class$java$lang$String == null) {
                cls = class$("java.lang.String");
                class$java$lang$String = cls;
            } else {
                cls = class$java$lang$String;
            }
            clsArr[0] = cls;
            if (class$java$lang$String == null) {
                cls2 = class$("java.lang.String");
                class$java$lang$String = cls2;
            } else {
                cls2 = class$java$lang$String;
            }
            clsArr[1] = cls2;
            Class<?>[] clsArr2 = new Class[1];
            if (class$java$lang$String == null) {
                cls3 = class$("java.lang.String");
                class$java$lang$String = cls3;
            } else {
                cls3 = class$java$lang$String;
            }
            clsArr2[0] = cls3;
            Object[] objArr = {str2, str3};
            Permission permission = null;
            try {
                if (class$java$security$BasicPermission == null) {
                    cls4 = class$("java.security.BasicPermission");
                    class$java$security$BasicPermission = cls4;
                } else {
                    cls4 = class$java$security$BasicPermission;
                }
            } catch (IllegalAccessException e) {
                logger.log(Level.SEVERE, new StringBuffer().append("className=").append(str).toString());
                logger.log(Level.SEVERE, new StringBuffer().append("name=").append(str2).toString());
                logger.log(Level.SEVERE, new StringBuffer().append("actions=").append(str3).toString());
                logger.log(Level.SEVERE, e.getMessage(), (Throwable) e);
            } catch (IllegalArgumentException e2) {
                logger.log(Level.SEVERE, " illegal argument ", (Throwable) e2);
            } catch (InstantiationException e3) {
                logger.log(Level.SEVERE, new StringBuffer().append("className=").append(str).toString());
                logger.log(Level.SEVERE, new StringBuffer().append("name=").append(str2).toString());
                logger.log(Level.SEVERE, new StringBuffer().append("actions=").append(str3).toString());
                logger.log(Level.SEVERE, " you cannot instantiate a permission ", (Throwable) e3);
            } catch (NoSuchMethodException e4) {
                logger.log(Level.SEVERE, "method not found =", (Throwable) e4);
            } catch (SecurityException e5) {
                logger.log(Level.SEVERE, new StringBuffer().append("className=").append(str).toString());
                logger.log(Level.SEVERE, new StringBuffer().append("name=").append(str2).toString());
                logger.log(Level.SEVERE, new StringBuffer().append("actions=").append(str3).toString());
                logger.log(Level.SEVERE, " you don't have right to instantiate a permission ", (Throwable) e5);
            } catch (InvocationTargetException e6) {
                logger.log(Level.SEVERE, new StringBuffer().append("className=").append(str).toString());
                logger.log(Level.SEVERE, new StringBuffer().append("name=").append(str2).toString());
                logger.log(Level.SEVERE, new StringBuffer().append("actions=").append(str3).toString());
                logger.log(Level.SEVERE, e6.getMessage(), (Throwable) e6);
            }
            if (loadClass.isAssignableFrom(cls4)) {
                return (Permission) loadClass.getConstructor(clsArr).newInstance(objArr);
            }
            Object[] objArr2 = {str2};
            Constructor<?>[] constructors = loadClass.getConstructors();
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= constructors.length) {
                    break;
                }
                Class<?>[] parameterTypes = constructors[i].getParameterTypes();
                if (parameterTypes.length == 2) {
                    Class<?> cls7 = parameterTypes[0];
                    if (class$java$lang$String == null) {
                        cls5 = class$("java.lang.String");
                        class$java$lang$String = cls5;
                    } else {
                        cls5 = class$java$lang$String;
                    }
                    if (cls7.equals(cls5)) {
                        Class<?> cls8 = parameterTypes[1];
                        if (class$java$lang$String == null) {
                            cls6 = class$("java.lang.String");
                            class$java$lang$String = cls6;
                        } else {
                            cls6 = class$java$lang$String;
                        }
                        if (cls8.equals(cls6)) {
                            z = true;
                            break;
                        }
                    } else {
                        continue;
                    }
                }
                i++;
            }
            permission = z ? (Permission) loadClass.getConstructor(clsArr).newInstance(objArr) : (Permission) loadClass.getConstructor(clsArr2).newInstance(objArr2);
            return permission;
        } catch (ClassNotFoundException e7) {
            logger.log(Level.SEVERE, new StringBuffer().append(" class ").append(str).append(" is not found please check your classPath \n and the permission set in the Datasource \n(either database or JGuardPrincipalsPermissions.xml file) ").toString(), (Throwable) e7);
            throw e7;
        }
    }

    private static boolean evaluateDefinition(String str, UserPrincipal userPrincipal) {
        if (str == null) {
            return false;
        }
        if (SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase(str)) {
            return true;
        }
        if (SchemaSymbols.ATTVAL_FALSE.equalsIgnoreCase(str)) {
            return false;
        }
        if (str != null && userPrincipal == null) {
            logger.warning("evaluateDefinition() no UserPrincipal defined, can not use regex definition");
        }
        String substring = str.substring(2, str.length() - 1);
        JexlContext createContext = JexlHelper.createContext();
        createContext.getVars().put("subject.organization", userPrincipal.getOrganization());
        createContext.getVars().put("subject.roles", userPrincipal.getRoles());
        createContext.getVars().put("subject.publicCredentials", userPrincipal.getPublicCredentials());
        createContext.getVars().put("subject.privateCredentials", userPrincipal.getPrivateCredentials());
        Object obj = null;
        try {
            obj = ExpressionFactory.createExpression(substring).evaluate(createContext);
        } catch (Exception e) {
            logger.warning(new StringBuffer().append("Failed to evaluate : ").append(substring).toString());
        }
        if (obj != null && (obj instanceof Boolean)) {
            return ((Boolean) obj).booleanValue();
        }
        logger.warning(new StringBuffer().append("Subject does not have the required credentials to resolve the role activation : ").append(substring).toString());
        return false;
    }

    public static boolean evaluatePrincipal(RolePrincipal rolePrincipal, UserPrincipal userPrincipal) {
        if (!evaluateDefinition(rolePrincipal.getDefinition(), userPrincipal)) {
            if (!logger.isLoggable(Level.FINEST)) {
                return false;
            }
            logger.finest(new StringBuffer().append("evaluatePrincipal() -  user's principal definition attr evaluates to false=").append(rolePrincipal.getLocalName()).toString());
            return false;
        }
        if (rolePrincipal.isActive()) {
            return true;
        }
        if (!logger.isLoggable(Level.FINEST)) {
            return false;
        }
        logger.finest(new StringBuffer().append("evaluatePrincipal() -  user's principal active attr is false=").append(rolePrincipal.getLocalName()).toString());
        return false;
    }

    public static PermissionCollection evaluatePermissionCollection(ProtectionDomain protectionDomain, PermissionCollection permissionCollection) {
        Principal[] principals = protectionDomain.getPrincipals();
        boolean z = false;
        int i = 0;
        while (!z && i < principals.length) {
            z = principals[i] instanceof UserPrincipal;
            i++;
        }
        if (!z) {
            logger.warning("no UserPrincipal defined, can not use regex permissions");
            return permissionCollection;
        }
        JGPositivePermissionCollection jGPositivePermissionCollection = new JGPositivePermissionCollection();
        UserPrincipal userPrincipal = (UserPrincipal) principals[i - 1];
        JexlContext createContext = JexlHelper.createContext();
        Map vars = createContext.getVars();
        vars.put("subject.roles", userPrincipal.getRoles());
        vars.put("subject.publicCredentials", userPrincipal.getPublicCredentials());
        vars.put("subject.privateCredentials", userPrincipal.getPrivateCredentials());
        Enumeration<Permission> elements = permissionCollection.elements();
        HashMap hashMap = new HashMap();
        while (elements.hasMoreElements()) {
            Permission nextElement = elements.nextElement();
            logger.finest(new StringBuffer().append("Resolving permission = ").append(nextElement).toString());
            Enumeration<Permission> elements2 = resolvePermission(nextElement, hashMap, createContext).elements();
            while (elements2.hasMoreElements()) {
                jGPositivePermissionCollection.add(elements2.nextElement());
            }
        }
        return jGPositivePermissionCollection;
    }

    private static HashSet createKey(Permission permission, Map map) {
        HashSet hashSet = new HashSet();
        hashSet.add(permission);
        hashSet.add(map);
        return hashSet;
    }

    private static PermissionCollection resolvePermission(Permission permission, Map map, JexlContext jexlContext) {
        JGPositivePermissionCollection jGPositivePermissionCollection = new JGPositivePermissionCollection();
        if (cachesEnabled) {
            try {
                Element element = unresolvedPermToNeededExpressions.get((Serializable) permission);
                if (element != null) {
                    Set<String> set = (Set) element.getValue();
                    if (set.isEmpty()) {
                        jGPositivePermissionCollection.add(permission);
                        logger.finest("get permission from cache with no resolution needed");
                        return jGPositivePermissionCollection;
                    }
                    HashMap hashMap = new HashMap();
                    boolean z = false;
                    for (String str : set) {
                        Object obj = null;
                        if (map.containsKey(str)) {
                            obj = map.get(str);
                            hashMap.put(str, obj);
                        } else {
                            try {
                                obj = ExpressionFactory.createExpression(str).evaluate(jexlContext);
                                map.put(str, obj);
                                hashMap.put(str, obj);
                            } catch (Exception e) {
                                logger.warning(new StringBuffer().append("Failed to evaluate : ").append(str).toString());
                            }
                        }
                        if (obj == null || ((obj instanceof List) && ((List) obj).isEmpty())) {
                            z = true;
                            break;
                        }
                    }
                    if (z) {
                        logger.warning(new StringBuffer().append("Subject does not have the required credentials to resolve the permission : ").append(permission).toString());
                        jGPositivePermissionCollection.add(permission);
                        return jGPositivePermissionCollection;
                    }
                    Element element2 = unresolvedPermAndValuesToResolvedPerm.get((Serializable) createKey(permission, hashMap));
                    if (element2 != null) {
                        PermissionCollection permissionCollection = (PermissionCollection) element2.getValue();
                        logger.finest("get resolved permission from cache");
                        Enumeration<Permission> elements = permissionCollection.elements();
                        while (elements.hasMoreElements()) {
                            jGPositivePermissionCollection.add(elements.nextElement());
                        }
                        return jGPositivePermissionCollection;
                    }
                }
            } catch (CacheException e2) {
                logger.log(Level.WARNING, new StringBuffer().append("Failed using caches : ").append(e2.getMessage()).toString());
            }
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(permission);
        HashMap hashMap2 = new HashMap();
        while (!arrayList.isEmpty()) {
            Permission permission2 = (Permission) arrayList.remove(0);
            String name = permission2.getName();
            Set resolvePartiallyExpression = resolvePartiallyExpression(name, JEXL_PATTERN, jexlContext, hashMap2, map);
            if (resolvePartiallyExpression == null) {
                return new JGPositivePermissionCollection();
            }
            if ((resolvePartiallyExpression.size() == 1 && resolvePartiallyExpression.contains(name)) ? false : true) {
                Iterator it = resolvePartiallyExpression.iterator();
                while (it.hasNext()) {
                    try {
                        arrayList.add(getPermission(permission.getClass().getName(), (String) it.next(), permission2.getActions()));
                    } catch (ClassNotFoundException e3) {
                        logger.warning(e3.getMessage());
                    }
                }
            } else {
                String actions = permission2.getActions();
                if (actions == null) {
                    actions = "";
                }
                String str2 = actions.split(",")[0];
                Set resolvePartiallyExpression2 = resolvePartiallyExpression(str2, JEXL_PATTERN, jexlContext, hashMap2, map);
                if (resolvePartiallyExpression2 == null) {
                    return new JGPositivePermissionCollection();
                }
                if ((resolvePartiallyExpression2.size() == 1 && resolvePartiallyExpression2.contains(str2)) ? false : true) {
                    Iterator it2 = resolvePartiallyExpression2.iterator();
                    while (it2.hasNext()) {
                        try {
                            arrayList.add(getPermission(permission.getClass().getName(), permission2.getName(), (String) it2.next()));
                        } catch (ClassNotFoundException e4) {
                            logger.warning(e4.getMessage());
                        }
                    }
                } else {
                    jGPositivePermissionCollection.add(permission2);
                }
            }
        }
        if (cachesEnabled) {
            try {
                if (!unresolvedPermToNeededExpressions.getKeys().contains(permission)) {
                    unresolvedPermToNeededExpressions.put(new Element((Serializable) permission, (Serializable) new HashSet(hashMap2.keySet())));
                }
            } catch (CacheException e5) {
                logger.log(Level.WARNING, new StringBuffer().append("Failed using caches : ").append(e5.getMessage()).toString());
            }
            unresolvedPermAndValuesToResolvedPerm.put(new Element((Serializable) createKey(permission, hashMap2), (Serializable) jGPositivePermissionCollection));
            logger.finest("add resolved permissions to cache");
        }
        return jGPositivePermissionCollection;
    }

    private static Set resolvePartiallyExpression(String str, Pattern pattern, JexlContext jexlContext, Map map, Map map2) {
        boolean z = false;
        boolean z2 = false;
        HashSet hashSet = new HashSet();
        Matcher matcher = pattern.matcher(str);
        if (matcher.find()) {
            z = true;
            String group = matcher.group();
            String substring = group.substring(2, group.length() - 1);
            Object obj = null;
            if (map2.containsKey(substring)) {
                obj = (Set) map2.get(substring);
            } else {
                try {
                    obj = ExpressionFactory.createExpression(substring).evaluate(jexlContext);
                    map2.put(substring, obj);
                } catch (Exception e) {
                    logger.warning(new StringBuffer().append("Failed to resolve expression : ").append(substring).toString());
                }
            }
            if (!map.containsKey(substring)) {
                map.put(substring, obj);
            }
            if (obj == null) {
                z2 = true;
            } else if (obj instanceof Set) {
                Iterator it = ((Set) obj).iterator();
                while (it.hasNext()) {
                    StringBuffer stringBuffer = new StringBuffer(str);
                    stringBuffer.replace(matcher.start(), matcher.end(), (String) it.next());
                    hashSet.add(stringBuffer.toString());
                }
            } else if (obj instanceof String) {
                StringBuffer stringBuffer2 = new StringBuffer(str);
                stringBuffer2.replace(matcher.start(), matcher.end(), (String) obj);
                hashSet.add(stringBuffer2.toString());
            }
        }
        if (!z) {
            hashSet.add(str);
        }
        if (z2) {
            return null;
        }
        return hashSet;
    }

    public static void createCaches() throws CacheException {
        if (unresolvedPermToNeededExpressions == null || unresolvedPermAndValuesToResolvedPerm == null) {
            logger.info("Creating caches for permissions evaluations");
            manager = CacheManager.create();
            unresolvedPermToNeededExpressions = manager.getCache("unresolvedPermToNeededExpressions");
            unresolvedPermAndValuesToResolvedPerm = manager.getCache("unresolvedPermAndValuesToResolvedPerm");
            if (unresolvedPermToNeededExpressions == null || unresolvedPermAndValuesToResolvedPerm == null) {
                logger.warning("Failed to create caches for permissions evaluations, use non-caching evaluation");
                setCachesEnabled(false);
            }
        }
    }

    public static boolean isCachesEnabled() {
        return cachesEnabled;
    }

    public static void setCachesEnabled(boolean z) {
        cachesEnabled = z;
    }

    public static Permissions mergePermissionCollections(PermissionCollection permissionCollection, PermissionCollection permissionCollection2) {
        Permissions permissions = new Permissions();
        Enumeration<Permission> elements = permissionCollection.elements();
        while (elements.hasMoreElements()) {
            permissions.add(elements.nextElement());
        }
        Enumeration<Permission> elements2 = permissionCollection2.elements();
        while (elements2.hasMoreElements()) {
            permissions.add(elements2.nextElement());
        }
        return permissions;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$net$sf$jguard$core$authorization$permissions$PermissionUtils == null) {
            cls = class$("net.sf.jguard.core.authorization.permissions.PermissionUtils");
            class$net$sf$jguard$core$authorization$permissions$PermissionUtils = cls;
        } else {
            cls = class$net$sf$jguard$core$authorization$permissions$PermissionUtils;
        }
        logger = Logger.getLogger(cls.getName());
        JEXL_PATTERN = Pattern.compile("(\\$\\{[^\\}]+\\})");
    }
}
