package com.urbancode.anthill3.domain.authorization.sso;

import com.urbancode.anthill3.domain.authentication.HttpHeaderCallback;
import com.urbancode.anthill3.domain.authorization.AuthorizationRealm;
import com.urbancode.anthill3.domain.persistent.PersistenceException;
import com.urbancode.anthill3.domain.security.AuthorizationException;
import com.urbancode.anthill3.domain.security.Role;
import com.urbancode.anthill3.domain.security.RoleFactory;
import com.urbancode.anthill3.domain.security.User;
import com.urbancode.commons.util.xml.annotation.XMLBasicElement;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.callback.Callback;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/urbancode/anthill3/domain/authorization/sso/SingleSignOnAuthorizationRealm.class */
public class SingleSignOnAuthorizationRealm extends AuthorizationRealm {
    private static final long serialVersionUID = 1;
    private static final Logger log = Logger.getLogger(SingleSignOnAuthorizationRealm.class);

    @XMLBasicElement(name = "roleHeaderName")
    protected String rolesHeaderName;

    @XMLBasicElement(name = "delimiter")
    protected String delimiter;

    @XMLBasicElement(name = "mappingExpression")
    protected String mappingExpression;
    Collection<SingleSignOnRoleMapping> roleMappings;

    public SingleSignOnAuthorizationRealm() {
        this(true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SingleSignOnAuthorizationRealm(boolean z) {
        super(z);
        this.delimiter = ",";
        this.mappingExpression = "";
        this.roleMappings = new ArrayList();
    }

    public String getRolesHeaderName() {
        return this.rolesHeaderName;
    }

    public void setRolesHeaderName(String str) {
        if (StringUtils.equals(this.rolesHeaderName, str)) {
            return;
        }
        setDirty();
        this.rolesHeaderName = str;
    }

    public void setDelimiter(String str) {
        if (StringUtils.equals(this.delimiter, str)) {
            return;
        }
        setDirty();
        this.delimiter = str;
    }

    public String getDelimiter() {
        return this.delimiter;
    }

    public void setMappingExpression(String str) {
        if (StringUtils.equals(this.mappingExpression, str)) {
            return;
        }
        setDirty();
        this.mappingExpression = str;
    }

    public String getMappingExpression() {
        return this.mappingExpression;
    }

    public Collection<SingleSignOnRoleMapping> getRoleMappings() {
        return this.roleMappings;
    }

    public void addRoleMapping(SingleSignOnRoleMapping singleSignOnRoleMapping) {
        synchronized (this.roleMappings) {
            boolean z = true;
            Iterator<SingleSignOnRoleMapping> it = getRoleMappings().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SingleSignOnRoleMapping next = it.next();
                if (next.getAnthillRole() != null && next.getAnthillRole().equals(singleSignOnRoleMapping.getAnthillRole()) && next.getSingleSignOnRoleName().equals(singleSignOnRoleMapping.getSingleSignOnRoleName())) {
                    z = false;
                    break;
                }
            }
            if (z) {
                setDirty(true);
                this.roleMappings.add(singleSignOnRoleMapping);
            }
        }
    }

    public boolean removeRoleMapping(SingleSignOnRoleMapping singleSignOnRoleMapping) {
        boolean remove;
        synchronized (this.roleMappings) {
            remove = this.roleMappings.remove(singleSignOnRoleMapping);
        }
        if (remove) {
            setDirty(true);
        }
        return remove;
    }

    public boolean hasSingleSignOnMappedRoles() {
        return !this.roleMappings.isEmpty();
    }

    @Override // com.urbancode.anthill3.domain.authorization.AuthorizationRealm
    public boolean allowsRoleManagement() {
        return false;
    }

    @Override // com.urbancode.anthill3.domain.authorization.AuthorizationRealm
    public Callback[] getCallbacks() {
        return new Callback[]{new HttpHeaderCallback(getRolesHeaderName())};
    }

    @Override // com.urbancode.anthill3.domain.authorization.AuthorizationRealm
    public Role[] getUserRoles(User user, Callback[] callbackArr) throws AuthorizationException {
        HashMap hashMap = new HashMap();
        String headerValue = ((HttpHeaderCallback) callbackArr[0]).getHeaderValue();
        if (log.isDebugEnabled()) {
            log.debug(String.format("Found sso role header %s with value '%s'", this.rolesHeaderName, headerValue));
        }
        String[] split = StringUtils.split(headerValue, this.delimiter);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Split sso role header into %d values using delimiter %s", Integer.valueOf(split.length), this.delimiter));
        }
        for (String str : split) {
            try {
                String trimToNull = StringUtils.trimToNull(str);
                if (StringUtils.isNotEmpty(trimToNull)) {
                    addSingleSignOnMappedRoles(trimToNull, hashMap);
                }
            } catch (PersistenceException e) {
                throw new AuthorizationException("Error mapping User Roles: " + e.getMessage());
            }
        }
        return (Role[]) hashMap.values().toArray(new Role[0]);
    }

    protected void addSingleSignOnMappedRoles(String str, Map<String, Role> map) throws PersistenceException {
        String str2;
        boolean z = false;
        synchronized (this.roleMappings) {
            for (SingleSignOnRoleMapping singleSignOnRoleMapping : getRoleMappings()) {
                if (singleSignOnRoleMapping.getSingleSignOnRoleName().equals(str)) {
                    Role anthillRole = singleSignOnRoleMapping.getAnthillRole();
                    map.put(anthillRole.getName(), anthillRole);
                    log.debug("Mapped sso role " + str + " to ahp role " + anthillRole.getName());
                    z = true;
                }
            }
        }
        if (StringUtils.isNotEmpty(this.mappingExpression)) {
            Matcher matcher = Pattern.compile(this.mappingExpression).matcher(str);
            if (matcher.matches()) {
                String group = matcher.group();
                if (matcher.groupCount() > 0) {
                    group = matcher.group(1);
                }
                Role role = map.get(group);
                if (role == null) {
                    role = RoleFactory.getInstance().restoreForName(group);
                }
                if (role == null) {
                    role = new Role(true);
                    role.setName(group);
                    role.store();
                }
                map.put(group, role);
                z = true;
                str2 = "sso role %s was mapped by expression %s to ahp role %s";
                log.debug(String.format(role.isNew() ? str2 + " (new ahp role)" : "sso role %s was mapped by expression %s to ahp role %s", str, this.mappingExpression, group));
            } else {
                log.debug("sso role " + str + " did not match " + this.mappingExpression);
            }
        }
        if (z) {
            return;
        }
        log.debug("sso role " + str + " did not map to any ahp role");
    }
}
