package com.urbancode.anthill3.domain.security;

import com.urbancode.anthill3.domain.authentication.AuthenticationRealm;
import com.urbancode.anthill3.domain.persistent.Handle;
import com.urbancode.anthill3.domain.persistent.PersistenceException;
import com.urbancode.anthill3.domain.persistent.PersistenceRuntimeException;
import com.urbancode.anthill3.domain.persistent.Persistent;
import com.urbancode.anthill3.persistence.GenericDelegate;
import com.urbancode.anthill3.persistence.GenericNonPersistentDelegate;
import com.urbancode.anthill3.persistence.GenericWriteTransactionDelegate;
import com.urbancode.anthill3.persistence.UnitOfWork;
import com.urbancode.commons.util.ObjectUtil;
import com.urbancode.commons.util.logging.PerfLogger;
import com.urbancode.commons.util.logging.PerfLoggerFactory;
import java.util.HashMap;
import java.util.Map;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/urbancode/anthill3/domain/security/Authority.class */
public class Authority {
    public static final String ADMIN_USERNAME = "admin";
    private User user = null;
    private HashMap<Handle, Map<String, Boolean>> hasPermissionCache = new HashMap<>();
    private static final Logger log = Logger.getLogger(Authority.class);
    protected static final PerfLoggerFactory perfLogger = PerfLoggerFactory.getLoggerFactory(Authority.class);
    private static ThreadLocal<Authority> threadBoundAuth = new ThreadLocal<>();

    public static Authority getInstance() {
        Authority authority = threadBoundAuth.get();
        if (authority == null) {
            authority = new Authority();
        }
        return authority;
    }

    protected Authority() {
    }

    public boolean isBound() {
        return equals(threadBoundAuth.get());
    }

    public void bindThread() {
        if (isBound()) {
            log.warn("This thread is already bound to this Authority");
            return;
        }
        if (threadBoundAuth.get() != null) {
            log.warn("Supplanting previously bound Authority");
        }
        threadBoundAuth.set(this);
    }

    public void unbindThread() {
        Authority authority = threadBoundAuth.get();
        if (authority == null) {
            log.warn("Authority attempting to unbind from thread that is not currently bound");
        } else if (equals(authority)) {
            threadBoundAuth.set(null);
        } else {
            log.warn("Authority attempting to unbind from thread that is bound to a different Authority");
        }
    }

    public User authenticate(AuthenticationRealm authenticationRealm, String str, String str2) throws AuthorizationException {
        PerfLogger start = perfLogger.start("#authenticate");
        UnitOfWork current = UnitOfWork.getCurrent();
        try {
            User user = (User) current.executeDelegate(new GenericWriteTransactionDelegate(Authority.class, "authenticate", new Class[]{String.class, String.class, Long.class}, str, str2, authenticationRealm.getId()));
            start.debug("Anthill authentication determined the user as " + user);
            log.debug("Anthill authentication determined the user as " + user);
            if (user == null) {
                start.debug("Authentication failed for " + authenticationRealm.getName() + " :: " + str);
                log.debug("Authentication failed for " + authenticationRealm.getName() + " :: " + str);
            } else {
                start.debug("done authenticating " + user);
                current.setUser(user);
            }
            return user;
        } catch (PersistenceException e) {
            start.debug("Exception when authenticating user " + authenticationRealm.getName() + " :: " + str, e);
            throw new AuthorizationException(e);
        }
    }

    public boolean hasSecurityManagement(Persistent persistent) throws PersistenceException {
        try {
            Resource restoreForPersistent = ResourceFactory.getInstance().restoreForPersistent(persistent);
            if (restoreForPersistent == null) {
                throw AuthorizationRuntimeException.createExceptionForCurrentUser("security", persistent.getName());
            }
            return hasSecurityManagement(restoreForPersistent);
        } catch (PersistenceException e) {
            throw new PersistenceRuntimeException(e);
        }
    }

    public boolean hasSecurityManagement(Resource resource) throws PersistenceException {
        return hasPermission(resource, "security");
    }

    public void assertPermission(Handle handle, String str) {
        try {
            User updateUser = updateUser();
            if (!(updateUser != null && (updateUser.isAnthill() || updateUser.isAdmin()))) {
                assertPermission(getPersistentForHandle(handle), str);
            }
        } catch (PersistenceException e) {
            throw AuthorizationRuntimeException.createExceptionForCurrentUser(str, handle.getClass().getSimpleName() + " " + handle.getId());
        }
    }

    public void assertPermission(Persistent persistent, String str) {
        try {
            if (checkPermission(persistent, str)) {
            } else {
                throw AuthorizationRuntimeException.createExceptionForCurrentUser(str, persistent.getName());
            }
        } catch (PersistenceException e) {
            throw AuthorizationRuntimeException.createExceptionForCurrentUser(str, persistent.getName());
        }
    }

    public boolean hasPermission(Handle handle, String str) throws PersistenceException {
        User updateUser = updateUser();
        boolean z = updateUser != null && (updateUser.isAnthill() || updateUser.isAdmin());
        if (!z) {
            z = hasPermission(getPersistentForHandle(handle), str);
        }
        return z;
    }

    public boolean hasPermission(Persistent persistent, String str) throws PersistenceException {
        return checkPermission(persistent, str);
    }

    public ResourceAction[] getActionsForResource(Resource resource) throws PersistenceException {
        Object[] objArr = (Object[]) UnitOfWork.getCurrent().executeDelegate(new GenericNonPersistentDelegate(Permission.class, "getActionsForResource", new Class[]{Resource.class}, resource));
        ResourceAction[] resourceActionArr = new ResourceAction[objArr.length];
        System.arraycopy(objArr, 0, resourceActionArr, 0, objArr.length);
        return resourceActionArr;
    }

    public ResourceAction[] getActionsForResource(Handle handle) throws PersistenceException {
        return getActionsForResource((Resource) handle.dereference());
    }

    public User[] getUsersWithPermissionToPersistent(Persistent persistent, String str) throws PersistenceException {
        return getUsersWithPermissionToPersistent(new Handle(persistent), str);
    }

    public User[] getUsersWithPermissionToPersistent(Handle handle, String str) throws PersistenceException {
        Object[] objArr = (Object[]) UnitOfWork.getCurrent().executeDelegate(new GenericDelegate(User.class, "getUsersWithPermissionToPersistent", new Class[]{Handle.class, String.class}, handle, str));
        User[] userArr = new User[objArr.length];
        System.arraycopy(objArr, 0, userArr, 0, objArr.length);
        return userArr;
    }

    public synchronized void flushCache() {
        this.hasPermissionCache.clear();
    }

    protected User getCurrentUser() {
        User user = null;
        if (UnitOfWork.hasCurrent()) {
            user = UnitOfWork.getCurrent().getUser();
        }
        return user;
    }

    protected Persistent getPersistentForHandle(Handle handle) throws PersistenceException {
        return handle.getTargetClass().equals(Resource.class) ? handle.dereference() : ResourceFactory.getInstance().restoreForPersistent(handle);
    }

    protected synchronized boolean checkPermission(Persistent persistent, String str) throws PersistenceException {
        Boolean bool;
        boolean isDebugEnabled = log.isDebugEnabled();
        if (persistent.isNew()) {
            bool = true;
        } else {
            updateUser();
            if (this.user == null || !(this.user.isAnthill() || this.user.isAdmin())) {
                Handle valueOf = Handle.valueOf(persistent);
                Map<String, Boolean> map = this.hasPermissionCache.get(valueOf);
                if (map == null) {
                    map = new HashMap();
                    this.hasPermissionCache.put(valueOf, map);
                    Resource restoreForPersistent = persistent instanceof Resource ? (Resource) persistent : ResourceFactory.getInstance().restoreForPersistent(persistent);
                    if (restoreForPersistent != null) {
                        for (ResourceAction resourceAction : restoreForPersistent.getResourceType().getActions()) {
                            map.put(resourceAction.getName(), Boolean.FALSE);
                        }
                        ResourceAction[] actionsForResource = getActionsForResource(restoreForPersistent);
                        if (isDebugEnabled) {
                            log.debug("User '" + this.user + "' has " + actionsForResource.length + " permitted actions to '" + persistent.getName() + "', resource " + restoreForPersistent.getId() + ", required action is " + str);
                        }
                        for (ResourceAction resourceAction2 : actionsForResource) {
                            if (isDebugEnabled) {
                                log.debug("User '" + this.user + "' has '" + resourceAction2.getName() + "', caching...");
                            }
                            map.put(resourceAction2.getName(), Boolean.TRUE);
                        }
                    }
                }
                if (map.isEmpty() && isDebugEnabled) {
                    log.debug("Could not find any actions for the type of persistent " + persistent.getName());
                }
                bool = map.get(str);
                if (isDebugEnabled) {
                    if (bool != null) {
                        log.debug("User '" + this.user + "' has cached permission of '" + str + "' on '" + persistent.getName() + "' of " + bool);
                    } else {
                        log.debug("User '" + this.user + "' granted unknown action '" + str + "' on '" + persistent.getName());
                    }
                }
            } else {
                bool = true;
            }
        }
        if (bool == null) {
            return true;
        }
        return bool.booleanValue();
    }

    private synchronized User updateUser() {
        User currentUser = getCurrentUser();
        if (!ObjectUtil.isEqual(currentUser, this.user)) {
            if (log.isDebugEnabled()) {
                log.trace("Authority user has changed from " + this.user + " to " + currentUser);
            }
            flushCache();
            this.user = currentUser;
        }
        return currentUser;
    }
}
