package de.mhus.lib.core.shiro;

import de.mhus.lib.core.M;
import de.mhus.lib.core.MCollection;
import de.mhus.lib.core.MPassword;
import de.mhus.lib.core.cfg.CfgString;
import de.mhus.lib.core.logging.Log;
import de.mhus.lib.core.security.TrustApi;
import de.mhus.lib.core.util.Value;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresGuest;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.authz.annotation.RequiresUser;
import org.apache.shiro.authz.aop.AuthenticatedAnnotationHandler;
import org.apache.shiro.authz.aop.AuthorizingAnnotationHandler;
import org.apache.shiro.authz.aop.GuestAnnotationHandler;
import org.apache.shiro.authz.aop.PermissionAnnotationHandler;
import org.apache.shiro.authz.aop.RoleAnnotationHandler;
import org.apache.shiro.authz.aop.UserAnnotationHandler;
import org.apache.shiro.authz.permission.WildcardPermission;
import org.apache.shiro.mgt.RealmSecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.slf4j.Marker;

/* loaded from: input_file:de/mhus/lib/core/shiro/AccessUtil.class */
public class AccessUtil {
    private static final String ATTR_LOCALE = "locale";
    private static final String TICKET_PREFIX_TRUST = "tru";
    private static final String TICKET_PREFIX_ACCOUNT = "acc";
    private static final Log log = Log.getLog(AccessUtil.class);
    public static final CfgString ROLE_ADMIN = new CfgString(AccessApi.class, "adminRole", "GLOBAL_ADMIN");
    public static final Object CURRENT_PRINCIPAL = new Object() { // from class: de.mhus.lib.core.shiro.AccessUtil.1
        public String toString() {
            return AccessUtil.getPrincipal();
        }
    };
    public static Map<String, AuthorizingAnnotationHandler> shiroAnnotations = Collections.unmodifiableMap(MCollection.asMap(RequiresPermissions.class.getCanonicalName(), new PermissionAnnotationHandler(), RequiresRoles.class.getCanonicalName(), new RoleAnnotationHandler(), RequiresAuthentication.class.getCanonicalName(), new AuthenticatedAnnotationHandler(), RequiresUser.class.getCanonicalName(), new UserAnnotationHandler(), RequiresGuest.class.getCanonicalName(), new GuestAnnotationHandler()));

    public static boolean isAdmin() {
        return ((AccessApi) M.l(AccessApi.class)).getSubject().hasRole(ROLE_ADMIN.value());
    }

    public static Subject getSubject() {
        return ((AccessApi) M.l(AccessApi.class)).getSubject();
    }

    public static boolean isAuthenticated() {
        return ((AccessApi) M.l(AccessApi.class)).getSubject().isAuthenticated();
    }

    public static String getPrincipal() {
        return getPrincipal(((AccessApi) M.l(AccessApi.class)).getSubject());
    }

    public static String getPrincipal(Subject subject) {
        Object principal = subject.getPrincipal();
        if (principal == null) {
            return null;
        }
        return String.valueOf(principal);
    }

    public static String toString(Subject subject) {
        if (subject == null) {
            return "null";
        }
        if (!subject.isAuthenticated()) {
            return "[guest]";
        }
        Object principal = subject.getPrincipal();
        return principal == null ? "[?]" : String.valueOf(principal);
    }

    public static void subjectCleanup() {
        ThreadContext.remove();
    }

    public static SubjectEnvironment useSubject(Subject subject) {
        Subject subject2 = ThreadContext.getSubject();
        ThreadContext.bind(subject);
        return new SubjectEnvironment(subject, subject2);
    }

    public static Collection<Realm> getRealms() {
        return ((RealmSecurityManager) ((AccessApi) M.l(AccessApi.class)).getSecurityManager()).getRealms();
    }

    public static PrincipalData loadPrincipalDataFromRealm(Subject subject) {
        Map<String, String> userData;
        if (!subject.isAuthenticated()) {
            return null;
        }
        for (Realm realm : getRealms()) {
            if ((realm instanceof PrincipalDataRealm) && (userData = ((PrincipalDataRealm) realm).getUserData(subject)) != null) {
                userData.put(PrincipalData.NAME, String.valueOf(subject.getPrincipal()));
                if (!userData.containsKey(PrincipalData.DISPLAY_NAME)) {
                    userData.put(PrincipalData.DISPLAY_NAME, String.valueOf(subject.getPrincipal()));
                }
                return new PrincipalData(userData);
            }
        }
        return null;
    }

    public static void loadPrincipalData(Subject subject) {
        synchronized (subject) {
            if (subject.getSession().getAttribute(PrincipalData.SESSION_KEY) == null) {
                PrincipalData loadPrincipalDataFromRealm = loadPrincipalDataFromRealm(subject);
                if (loadPrincipalDataFromRealm == null) {
                    HashMap hashMap = new HashMap();
                    hashMap.put(PrincipalData.NAME, String.valueOf(subject.getPrincipal()));
                    hashMap.put(PrincipalData.DISPLAY_NAME, String.valueOf(subject.getPrincipal()));
                    loadPrincipalDataFromRealm = new PrincipalData(hashMap);
                }
                subject.getSession().setAttribute(PrincipalData.SESSION_KEY, loadPrincipalDataFromRealm);
            }
        }
    }

    public static PrincipalData getPrincipalData(Subject subject) {
        loadPrincipalData(subject);
        return (PrincipalData) subject.getSession().getAttribute(PrincipalData.SESSION_KEY);
    }

    public static PrincipalData getPrincipalData() {
        return getPrincipalData(getSubject());
    }

    public static Subject createSubjectFromSessionId(String str) {
        return new Subject.Builder().sessionId(str).buildSubject();
    }

    public static String getSessionId(boolean z) {
        Session session = getSubject().getSession(z);
        if (session == null) {
            return null;
        }
        return String.valueOf(session.getId());
    }

    public static boolean isPermitted(List<String> list, Class<?> cls, String str, Object obj) {
        return isPermitted(list, cls == null ? null : cls.getCanonicalName(), str, obj == null ? null : obj.toString());
    }

    public static boolean isPermitted(List<String> list, String str, String str2, String str3) {
        Subject subject = getSubject();
        String principal = getPrincipal(subject);
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String trim = it.next().trim();
            if (!trim.isEmpty() && !trim.startsWith("#")) {
                if (trim.equals("authenticated")) {
                    if (!subject.isAuthenticated()) {
                        return false;
                    }
                } else if (trim.equals("!authenticated")) {
                    if (subject.isAuthenticated()) {
                        return false;
                    }
                } else if (trim.startsWith("user:")) {
                    if (!trim.substring(5).equals(principal)) {
                        return false;
                    }
                } else if (trim.startsWith("!user:")) {
                    if (trim.substring(6).equals(principal)) {
                        return false;
                    }
                } else if (trim.startsWith("role:")) {
                    if (!subject.hasRole(trim.substring(5))) {
                        return false;
                    }
                } else if (trim.startsWith("!role:")) {
                    if (subject.hasRole(trim.substring(6))) {
                        return false;
                    }
                } else if (trim.startsWith("permission:")) {
                    if (!subject.isPermitted(new WildcardPermission(replacePermission(trim.substring(11), str, str2, str3)))) {
                        return false;
                    }
                } else if (trim.startsWith("!permission:") && subject.isPermitted(new WildcardPermission(replacePermission(trim.substring(12), str, str2, str3)))) {
                    return false;
                }
            }
        }
        return true;
    }

    private static String replacePermission(String str, String str2, String str3, String str4) {
        if (!str.contains("${")) {
            return str;
        }
        String normalizeWildcardPart = normalizeWildcardPart(str2);
        String normalizeWildcardPart2 = normalizeWildcardPart(str3);
        return str.replaceAll("\\${permission}", normalizeWildcardPart).replaceAll("\\${level}", normalizeWildcardPart2).replaceAll("\\${instance}", normalizeWildcardPart(str4));
    }

    public static boolean isPermitted(String str, String str2, String str3) {
        Subject subject = ((AccessApi) M.l(AccessApi.class)).getSubject();
        StringBuilder append = new StringBuilder().append(normalizeWildcardPart(str));
        if (str2 != null || str3 != null) {
            if (str2 == null) {
                append.append(":*");
            } else {
                append.append(':').append(normalizeWildcardPart(str2));
            }
            if (str3 != null) {
                append.append(':').append(normalizeWildcardPart(str3));
            }
        }
        return subject.isPermitted(new WildcardPermission(append.toString()));
    }

    private static String normalizeWildcardPart(String str) {
        return str == null ? Marker.ANY_MARKER : str.indexOf(58) < 0 ? str : str.replace(':', '_');
    }

    public static boolean isPermitted(String str) {
        return ((AccessApi) M.l(AccessApi.class)).getSubject().isPermitted(new WildcardPermission(str));
    }

    public static Locale getLocale() {
        return getLocale(getSubject());
    }

    public static Locale getLocale(Subject subject) {
        Object attribute;
        Session session = subject.getSession(false);
        if (session != null && (attribute = session.getAttribute(ATTR_LOCALE)) != null) {
            if (attribute instanceof Locale) {
                return (Locale) attribute;
            }
            if (attribute instanceof String) {
                return Locale.forLanguageTag((String) attribute);
            }
        }
        return Locale.getDefault();
    }

    public static void setLocale(Locale locale) {
        setLocale(getSubject(), locale);
    }

    public static void setLocale(Subject subject, Locale locale) {
        subject.getSession().setAttribute(ATTR_LOCALE, locale);
    }

    public static void setLocale(Subject subject, String str) {
        subject.getSession().setAttribute(ATTR_LOCALE, Locale.forLanguageTag(str));
    }

    public static Object getSessionAttribute(String str) {
        Session session = getSubject().getSession(false);
        if (session == null) {
            return null;
        }
        Object attribute = session.getAttribute(str);
        if (attribute != null) {
            return attribute;
        }
        if (((PrincipalData) session.getAttribute(PrincipalData.SESSION_KEY)) != null) {
        }
        return null;
    }

    public static String getSessionAttribute(String str, String str2) {
        Object sessionAttribute = getSessionAttribute(str);
        return sessionAttribute == null ? str2 : sessionAttribute instanceof String ? (String) sessionAttribute : String.valueOf(sessionAttribute);
    }

    public static boolean login(Subject subject, String str, String str2, boolean z, Locale locale) {
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(str, MPassword.decode(str2));
        usernamePasswordToken.setRememberMe(z);
        try {
            subject.login(usernamePasswordToken);
            loadPrincipalData(subject);
            if (locale == null) {
                return true;
            }
            setLocale(locale);
            return true;
        } catch (AuthenticationException e) {
            log.d(e);
            return false;
        }
    }

    public static String createTrustTicket(String str, Subject subject) {
        return "tru:" + str + ":" + getPrincipal(subject) + ":" + ((TrustApi) M.l(TrustApi.class)).getPassword(str).value();
    }

    public static String createAccountTicket(String str, String str2) {
        return "acc:" + str + ":" + MPassword.encode(str2);
    }

    public static Subject login(String str) {
        M.l(AccessApi.class);
        if (str == null) {
            throw new AuthorizationException("ticket not set");
        }
        String[] split = str.split(ParameterizedMessage.ERROR_MSG_SEPARATOR);
        if (split[0].equals(TICKET_PREFIX_TRUST)) {
            if (split.length != 4) {
                throw new AuthorizationException("ticket not valide (1)");
            }
            ((TrustApi) M.l(TrustApi.class)).validatePassword(split[1], split[3]);
            return new Subject.Builder().authenticated(true).principals(new SimplePrincipalCollection(split[2], "trust")).buildSubject();
        }
        if (!split[0].equals(TICKET_PREFIX_ACCOUNT)) {
            throw new AuthorizationException("unknown ticket type");
        }
        if (split.length != 3) {
            throw new AuthorizationException("ticket not valide (2)");
        }
        Subject createSubject = ((AccessApi) M.l(AccessApi.class)).createSubject();
        createSubject.login(new UsernamePasswordToken(split[1], split[2]));
        return createSubject;
    }

    public static boolean hasRole(String str) {
        return getSubject().hasRole(str);
    }

    public static boolean hasPermission(Subject subject, Class<?> cls) {
        return hasPermission(subject, cls.getAnnotations());
    }

    public static boolean hasPermission(Subject subject, Method method) {
        return hasPermission(subject, method.getAnnotations());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static boolean hasPermission(Subject subject, Annotation[] annotationArr) {
        Value value = new Value(true);
        subject.execute(() -> {
            try {
                for (Annotation annotation : annotationArr) {
                    AuthorizingAnnotationHandler authorizingAnnotationHandler = shiroAnnotations.get(annotation.getClass().getCanonicalName());
                    if (authorizingAnnotationHandler != null) {
                        authorizingAnnotationHandler.assertAuthorized(annotation);
                    }
                }
            } catch (AuthorizationException e) {
                value.value = false;
            }
        });
        return ((Boolean) value.value).booleanValue();
    }

    public static void checkPermission(Object obj) {
        if (obj == null) {
            return;
        }
        checkPermission(obj.getClass());
    }

    public static void checkPermission(Class<?> cls) {
        checkPermission(cls.getAnnotations());
    }

    public static void checkPermission(Method method) {
        checkPermission(method.getAnnotations());
    }

    public static void checkPermission(Annotation[] annotationArr) {
        for (Annotation annotation : annotationArr) {
            AuthorizingAnnotationHandler authorizingAnnotationHandler = shiroAnnotations.get(annotation.annotationType().getCanonicalName());
            if (authorizingAnnotationHandler != null) {
                authorizingAnnotationHandler.assertAuthorized(annotation);
            }
        }
    }
}
