package org.jboss.seam.security;

import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.drools.FactHandle;
import org.drools.RuleBase;
import org.drools.WorkingMemory;
import org.jboss.seam.Component;
import org.jboss.seam.InterceptionType;
import org.jboss.seam.ScopeType;
import org.jboss.seam.Seam;
import org.jboss.seam.annotations.Create;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Intercept;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Startup;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.core.Events;
import org.jboss.seam.core.Expressions;
import org.jboss.seam.core.FacesMessages;
import org.jboss.seam.core.Selector;
import org.jboss.seam.log.LogProvider;
import org.jboss.seam.log.Logging;
import org.jboss.seam.util.UnifiedELValueBinding;

@Name("org.jboss.seam.security.identity")
@Scope(ScopeType.SESSION)
@Install(precedence = Install.BUILT_IN, classDependencies = {"org.drools.WorkingMemory"})
@Startup
@Intercept(InterceptionType.NEVER)
/* loaded from: input_file:org/jboss/seam/security/Identity.class */
public class Identity extends Selector {
    private static final long serialVersionUID = 3751659008033189259L;
    private static final LogProvider log = Logging.getLogProvider(Identity.class);
    public static final String RULES_COMPONENT_NAME = "securityRules";
    private String username;
    private String password;
    private Expressions.MethodBinding authenticateMethod;
    private Principal principal;
    private Subject subject;
    private WorkingMemory securityContext;
    private RuleBase securityRules;
    private String jaasConfigName = null;
    private List<String> preAuthenticationRoles = new ArrayList();

    @Override // org.jboss.seam.core.Selector
    protected String getCookieName() {
        return "org.jboss.seam.security.username";
    }

    @Create
    public void create() {
        this.subject = new Subject();
        initSecurityContext();
        initCredentialsFromCookie();
    }

    private void initCredentialsFromCookie() {
        setCookieEnabled(true);
        this.username = getCookieValue();
        setDirty();
        setCookieEnabled(false);
        if (this.username != null) {
            postRememberMe();
        }
    }

    protected void postRememberMe() {
        Events.instance().raiseEvent("org.jboss.seam.rememberMe", new Object[0]);
    }

    protected void initSecurityContext() {
        if (this.securityRules == null) {
            this.securityRules = (RuleBase) Component.getInstance(RULES_COMPONENT_NAME, true);
        }
        if (this.securityRules != null) {
            this.securityContext = this.securityRules.newWorkingMemory(false);
        }
    }

    public static Identity instance() {
        if (!Contexts.isSessionContextActive()) {
            throw new IllegalStateException("No active session context");
        }
        Identity identity = (Identity) Component.getInstance((Class<?>) Identity.class, ScopeType.SESSION, true);
        if (identity == null) {
            throw new IllegalStateException("No Identity could be created");
        }
        return identity;
    }

    public boolean isLoggedIn() {
        return getPrincipal() != null;
    }

    public Principal getPrincipal() {
        return this.principal;
    }

    public Subject getSubject() {
        return this.subject;
    }

    public void checkRestriction(String str) {
        if (evaluateExpression(str)) {
            return;
        }
        if (isLoggedIn()) {
            throw new AuthorizationException(String.format("Authorization check failed for expression [%s]", str));
        }
        Events.instance().raiseEvent("org.jboss.seam.notLoggedIn", new Object[0]);
        throw new NotLoggedInException(String.format("Error evaluating expression [%s] - User not logged in", str));
    }

    public String login() {
        try {
            authenticate();
            log.debug("Login successful for: #0" + getUsername());
            FacesMessages.instance().addFromResourceBundle(FacesMessage.SEVERITY_INFO, "org.jboss.seam.loginSuccessful", "Welcome, #0", getUsername());
            return "success";
        } catch (LoginException e) {
            log.debug("Login failed for:" + getUsername(), e);
            FacesMessages.instance().addFromResourceBundle(FacesMessage.SEVERITY_INFO, "org.jboss.seam.loginFailed", "Login failed", e);
            return null;
        }
    }

    public void authenticate() throws LoginException {
        authenticate(getLoginContext());
    }

    public void authenticate(LoginContext loginContext) throws LoginException {
        preAuthenticate();
        loginContext.login();
        postAuthenticate();
    }

    protected void preAuthenticate() {
        this.preAuthenticationRoles.clear();
        Events.instance().raiseEvent("org.jboss.seam.preAuthenticate", new Object[0]);
    }

    protected void postAuthenticate() {
        populateSecurityContext();
        if (!this.preAuthenticationRoles.isEmpty() && isLoggedIn()) {
            Iterator<String> it = this.preAuthenticationRoles.iterator();
            while (it.hasNext()) {
                addRole(it.next());
            }
            this.preAuthenticationRoles.clear();
        }
        setCookieValue(getUsername());
        this.password = null;
        setDirty();
        Events.instance().raiseEvent("org.jboss.seam.postAuthenticate", new Object[0]);
    }

    protected void populateSecurityContext() {
        WorkingMemory securityContext = getSecurityContext();
        assertSecurityContextExists();
        for (Principal principal : getSubject().getPrincipals()) {
            if ((principal instanceof Group) && "roles".equals(((Group) principal).getName())) {
                Enumeration<? extends Principal> members = ((Group) principal).members();
                while (members.hasMoreElements()) {
                    securityContext.assertObject(new Role(members.nextElement().getName()));
                }
            } else {
                if (this.principal == null) {
                    this.principal = principal;
                    setDirty();
                }
                securityContext.assertObject(principal);
            }
        }
    }

    private void assertSecurityContextExists() {
        if (this.securityContext == null) {
            throw new IllegalStateException("no security rule base available - please install a RuleBase with the name 'securityRules'");
        }
    }

    protected void unAuthenticate() {
        Iterator it = getSecurityContext().getObjects(Role.class).iterator();
        while (it.hasNext()) {
            getSecurityContext().retractObject(getSecurityContext().getFactHandle((Role) it.next()));
        }
        for (Group group : this.subject.getPrincipals(Group.class)) {
            if ("roles".equals(group.getName())) {
                this.subject.getPrincipals().remove(group);
                return;
            }
        }
    }

    protected LoginContext getLoginContext() throws LoginException {
        return getJaasConfigName() != null ? new LoginContext(getJaasConfigName(), this.subject, getDefaultCallbackHandler()) : new LoginContext("default", this.subject, getDefaultCallbackHandler(), Configuration.instance());
    }

    public void logout() {
        this.principal = null;
        Seam.invalidateSession();
    }

    public boolean hasRole(String str) {
        for (Group group : this.subject.getPrincipals(Group.class)) {
            if ("roles".equals(group.getName())) {
                return group.isMember(new SimplePrincipal(str));
            }
        }
        return false;
    }

    public void addRole(String str) {
        if (!isLoggedIn()) {
            this.preAuthenticationRoles.add(str);
            return;
        }
        for (Group group : this.subject.getPrincipals(Group.class)) {
            if ("roles".equals(group.getName())) {
                getSecurityContext().assertObject(new Role(str));
                group.addMember(new SimplePrincipal(str));
                return;
            }
        }
        getSecurityContext().assertObject(new Role(str));
        SimpleGroup simpleGroup = new SimpleGroup("roles");
        simpleGroup.addMember(new SimplePrincipal(str));
        this.subject.getPrincipals().add(simpleGroup);
    }

    public void removeRole(String str) {
        Iterator it = getSecurityContext().getObjects(Role.class).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Role role = (Role) it.next();
            if (role.getName().equals(str)) {
                getSecurityContext().retractObject(getSecurityContext().getFactHandle(role));
                break;
            }
        }
        for (Group group : this.subject.getPrincipals(Group.class)) {
            if ("roles".equals(group.getName())) {
                Enumeration<? extends Principal> members = group.members();
                while (true) {
                    if (members.hasMoreElements()) {
                        Principal nextElement = members.nextElement();
                        if (nextElement.getName().equals(str)) {
                            group.removeMember(nextElement);
                            break;
                        }
                    }
                }
            }
        }
    }

    public void checkRole(String str) {
        if (hasRole(str)) {
            return;
        }
        if (isLoggedIn()) {
            throw new AuthorizationException(String.format("Authorization check failed for role [%s]", str));
        }
        Events.instance().raiseEvent("org.jboss.seam.notLoggedIn", new Object[0]);
        throw new NotLoggedInException();
    }

    public void checkPermission(String str, String str2, Object... objArr) {
        if (hasPermission(str, str2, objArr)) {
            return;
        }
        if (isLoggedIn()) {
            throw new AuthorizationException(String.format("Authorization check failed for permission [%s,%s]", str, str2));
        }
        Events.instance().raiseEvent("org.jboss.seam.notLoggedIn", new Object[0]);
        throw new NotLoggedInException();
    }

    public boolean hasPermission(String str, String str2, Object... objArr) {
        ArrayList arrayList = new ArrayList();
        PermissionCheck permissionCheck = new PermissionCheck(str, str2);
        WorkingMemory securityContext = getSecurityContext();
        assertSecurityContextExists();
        synchronized (securityContext) {
            arrayList.add(securityContext.assertObject(permissionCheck));
            for (int i = 0; i < objArr.length; i++) {
                if (i == 0 && (objArr[0] instanceof Collection)) {
                    for (Object obj : (Collection) objArr[i]) {
                        if (securityContext.getFactHandle(obj) == null) {
                            arrayList.add(securityContext.assertObject(obj));
                        }
                    }
                } else {
                    arrayList.add(securityContext.assertObject(objArr[i]));
                }
            }
            securityContext.fireAllRules();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                securityContext.retractObject((FactHandle) it.next());
            }
        }
        return permissionCheck.isGranted();
    }

    protected CallbackHandler getDefaultCallbackHandler() {
        return new CallbackHandler() { // from class: org.jboss.seam.security.Identity.1
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                for (int i = 0; i < callbackArr.length; i++) {
                    if (callbackArr[i] instanceof NameCallback) {
                        ((NameCallback) callbackArr[i]).setName(Identity.this.getUsername());
                    } else {
                        if (!(callbackArr[i] instanceof PasswordCallback)) {
                            throw new UnsupportedCallbackException(callbackArr[i], "Unsupported callback");
                        }
                        ((PasswordCallback) callbackArr[i]).setPassword(Identity.this.getPassword() != null ? Identity.this.getPassword().toCharArray() : null);
                    }
                }
            }
        };
    }

    protected boolean evaluateExpression(String str) {
        return ((Boolean) new UnifiedELValueBinding(str).getValue(FacesContext.getCurrentInstance())).booleanValue();
    }

    public String getUsername() {
        return this.username;
    }

    public void setUsername(String str) {
        setDirty(this.username, str);
        this.username = str;
    }

    public String getPassword() {
        return this.password;
    }

    public void setPassword(String str) {
        setDirty(this.password, str);
        this.password = str;
    }

    public WorkingMemory getSecurityContext() {
        return this.securityContext;
    }

    public void setSecurityContext(WorkingMemory workingMemory) {
        this.securityContext = workingMemory;
    }

    public Expressions.MethodBinding getAuthenticateMethod() {
        return this.authenticateMethod;
    }

    public void setAuthenticateMethod(Expressions.MethodBinding methodBinding) {
        this.authenticateMethod = methodBinding;
    }

    public boolean isRememberMe() {
        return isCookieEnabled();
    }

    public void setRememberMe(boolean z) {
        setCookieEnabled(z);
    }

    public String getJaasConfigName() {
        return this.jaasConfigName;
    }

    public void setJaasConfigName(String str) {
        this.jaasConfigName = str;
    }

    public RuleBase getSecurityRules() {
        return this.securityRules;
    }

    public void setSecurityRules(RuleBase ruleBase) {
        this.securityRules = ruleBase;
    }
}
