package com.urbancode.anthill3.domain.authorization.custom;

import com.urbancode.anthill3.domain.authorization.AuthorizationModule;
import com.urbancode.anthill3.domain.authorization.AuthorizationRealm;
import com.urbancode.anthill3.domain.authorization.RoleMapping;
import com.urbancode.anthill3.domain.persistent.PersistenceException;
import com.urbancode.anthill3.domain.security.AuthorizationException;
import com.urbancode.anthill3.domain.security.Role;
import com.urbancode.anthill3.domain.security.RoleFactory;
import com.urbancode.anthill3.domain.security.User;
import com.urbancode.commons.util.ObjectUtil;
import com.urbancode.commons.util.xml.annotation.XMLBasicElement;
import com.urbancode.commons.util.xml.annotation.XMLNestedCollectionElement;
import com.urbancode.commons.util.xml.annotation.XMLSerializableElement;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.callback.Callback;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;

@XMLSerializableElement(name = "realm")
/* loaded from: input_file:com/urbancode/anthill3/domain/authorization/custom/CustomAuthorizationRealm.class */
public class CustomAuthorizationRealm extends AuthorizationRealm {
    private static final long serialVersionUID = 1;
    private static Logger log = Logger.getLogger(CustomAuthorizationRealm.class);

    @XMLBasicElement(name = "authModuleClass")
    private String authorizationModuleClass;

    @XMLNestedCollectionElement(name = "properties", nestedName = "property", collectionType = String[].class, itemType = String.class)
    private String[] properties;

    @XMLBasicElement(name = "mappingExpression")
    protected String mappingExpression;

    @XMLNestedCollectionElement(name = "roleMappings", nestedName = "roleMapping", collectionType = ArrayList.class, itemType = RoleMapping.class)
    private Collection<RoleMapping> roleMappings;

    public CustomAuthorizationRealm() {
        this.mappingExpression = null;
        this.roleMappings = new ArrayList();
    }

    CustomAuthorizationRealm(boolean z) {
        super(z);
        this.mappingExpression = null;
        this.roleMappings = new ArrayList();
    }

    @Override // com.urbancode.anthill3.domain.authorization.AuthorizationRealm
    public boolean allowsRoleManagement() {
        return false;
    }

    private AuthorizationModule getModuleInstance() {
        try {
            return (AuthorizationModule) Class.forName(getAuthorizationModuleClass()).newInstance();
        } catch (Exception e) {
            log.error("Unable to instantiate the AuthorizationModule: " + getAuthorizationModuleClass(), e);
            throw new RuntimeException("Unable to instantiate the AuthorizationModule: " + getAuthorizationModuleClass());
        }
    }

    @Override // com.urbancode.anthill3.domain.authorization.AuthorizationRealm
    public Callback[] getCallbacks() {
        return getModuleInstance().getCallbacks();
    }

    @Override // com.urbancode.anthill3.domain.authorization.AuthorizationRealm
    public Role[] getUserRoles(User user, Callback[] callbackArr) throws AuthorizationException {
        AuthorizationModule moduleInstance = getModuleInstance();
        Role[] roleArr = new Role[0];
        log.warn("Calling custom AuthorizationModule for roles with user " + user.getName());
        String[] userRoles = moduleInstance.getUserRoles(user, callbackArr);
        if (userRoles != null) {
            try {
                HashSet hashSet = new HashSet();
                for (String str : userRoles) {
                    Collections.addAll(hashSet, getMappedRoles(str));
                }
                roleArr = (Role[]) hashSet.toArray(roleArr);
            } catch (PersistenceException e) {
                throw new AuthorizationException("Unable to perform authorization due to a persistence error", e);
            }
        }
        return roleArr;
    }

    public String getAuthorizationModuleClass() {
        return this.authorizationModuleClass;
    }

    public void setAuthorizationModuleClass(String str) {
        if (ObjectUtil.isEqual(getAuthorizationModuleClass(), str)) {
            return;
        }
        setDirty();
        this.authorizationModuleClass = str;
    }

    public void setPropertyArray(String[] strArr) {
        setDirty(true);
        if (strArr == null) {
            this.properties = new String[0];
            return;
        }
        this.properties = (String[]) strArr.clone();
        for (int i = 0; i < strArr.length; i++) {
            this.properties[i] = this.properties[i].trim();
        }
    }

    public String[] getPropertyArray() {
        if (this.properties == null) {
            return null;
        }
        return (String[]) this.properties.clone();
    }

    public String getAllProperties() {
        StringBuilder sb = new StringBuilder("");
        String[] propertyArray = getPropertyArray();
        if (propertyArray != null) {
            for (String str : propertyArray) {
                sb.append(str).append("\n");
            }
        }
        return sb.toString();
    }

    public boolean hasMappedRoles() {
        return !getRoleMappings().isEmpty() || StringUtils.isNotEmpty(this.mappingExpression);
    }

    public void setMappingExpression(String str) {
        if (StringUtils.equals(this.mappingExpression, str)) {
            return;
        }
        setDirty();
        this.mappingExpression = str;
    }

    public String getMappingExpression() {
        return this.mappingExpression;
    }

    public Collection<RoleMapping> getRoleMappings() {
        return this.roleMappings;
    }

    public void addRoleMapping(String str, Role role) {
        addRoleMapping(new RoleMapping(str, role));
    }

    public void addRoleMapping(RoleMapping roleMapping) {
        synchronized (this.roleMappings) {
            boolean z = true;
            Iterator<RoleMapping> it = getRoleMappings().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RoleMapping next = it.next();
                if (next.getAnthillRole() != null && next.getAnthillRole().equals(roleMapping.getAnthillRole()) && next.getRoleName().equals(roleMapping.getRoleName())) {
                    z = false;
                    break;
                }
            }
            if (z) {
                setDirty(true);
                this.roleMappings.add(roleMapping);
            }
        }
    }

    public boolean removeRoleMapping(RoleMapping roleMapping) {
        boolean remove;
        synchronized (this.roleMappings) {
            remove = this.roleMappings.remove(roleMapping);
        }
        if (remove) {
            setDirty(true);
        }
        return remove;
    }

    private Role[] getMappedRoles(String str) throws PersistenceException {
        Role restoreForName;
        String str2;
        HashMap hashMap = new HashMap();
        boolean z = false;
        for (RoleMapping roleMapping : getRoleMappings()) {
            if (roleMapping.getRoleName().equals(str)) {
                Role anthillRole = roleMapping.getAnthillRole();
                hashMap.put(anthillRole.getName(), anthillRole);
                log.debug("Adding mapped role " + str + " to ahp role " + anthillRole.getName());
            }
        }
        if (StringUtils.isNotEmpty(this.mappingExpression)) {
            Matcher matcher = Pattern.compile(this.mappingExpression).matcher(str);
            if (matcher.matches()) {
                String group = matcher.group();
                if (matcher.groupCount() > 0) {
                    group = matcher.group(1);
                }
                Role role = (Role) hashMap.get(group);
                if (role == null) {
                    role = RoleFactory.getInstance().restoreForName(group);
                }
                if (role == null) {
                    role = new Role(true);
                    role.setName(group);
                    role.store();
                }
                hashMap.put(group, role);
                z = true;
                str2 = "role %s was mapped by expression %s to ahp role %s";
                log.debug(String.format(role.isNew() ? str2 + " (new ahp role)" : "role %s was mapped by expression %s to ahp role %s", str, this.mappingExpression, str));
            } else {
                log.debug("role " + str + " did not match " + this.mappingExpression);
            }
        }
        if (hashMap.isEmpty() && (restoreForName = RoleFactory.getInstance().restoreForName(str)) != null) {
            log.debug("Adding (identity) mapped role " + str + " to ahp role " + restoreForName.getName());
            hashMap.put(restoreForName.getName(), restoreForName);
        }
        if (!z) {
            log.debug("role " + str + " did not map to any ahp role");
        }
        return (Role[]) hashMap.values().toArray(new Role[0]);
    }
}
