package org.uberfire.backend.server.security;

import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Any;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import org.uberfire.commons.services.cdi.Startup;
import org.uberfire.java.nio.file.FileSystem;
import org.uberfire.java.nio.file.api.FileSystemProviders;
import org.uberfire.java.nio.file.spi.FileSystemProvider;
import org.uberfire.java.nio.security.SecurityAware;
import org.uberfire.java.nio.security.Session;
import org.uberfire.java.nio.security.Subject;
import org.uberfire.java.nio.security.UserPassAuthenticator;
import org.uberfire.security.auth.AuthenticationManager;
import org.uberfire.security.auth.RolesMode;
import org.uberfire.security.authz.AuthorizationManager;
import org.uberfire.security.server.SecurityConstants;
import org.uberfire.security.server.UserPassSecurityContext;
import org.uberfire.security.server.auth.impl.JAASAuthenticationManager;
import org.uberfire.security.server.auth.impl.PropertyAuthenticationManager;

@ApplicationScoped
@Startup
/* loaded from: input_file:WEB-INF/lib/uberfire-backend-server-0.4.2.CR1.jar:org/uberfire/backend/server/security/IOServiceSecuritySetup.class */
public class IOServiceSecuritySetup {

    @Inject
    @IOSecurityAuth
    @Any
    private Instance<AuthenticationManager> authenticationManagers;

    @Inject
    @IOSecurityAuthz
    @Any
    private Instance<AuthorizationManager> authorizationManagers;

    /* loaded from: input_file:WEB-INF/lib/uberfire-backend-server-0.4.2.CR1.jar:org/uberfire/backend/server/security/IOServiceSecuritySetup$SubjectWrapper.class */
    class SubjectWrapper implements Subject {
        private final org.uberfire.security.Subject realSubject;

        SubjectWrapper(org.uberfire.security.Subject subject) {
            this.realSubject = subject;
        }

        @Override // org.uberfire.java.nio.security.Subject
        public String getName() {
            return this.realSubject.getName();
        }

        public org.uberfire.security.Subject getRealSubject() {
            return this.realSubject;
        }
    }

    @PostConstruct
    public void setup() {
        RolesMode rolesMode;
        AuthenticationManager authenticationManager = null;
        if (this.authenticationManagers.isUnsatisfied()) {
            String property = System.getProperty("org.uberfire.io.auth", null);
            String property2 = System.getProperty(SecurityConstants.AUTH_DOMAIN_KEY, null);
            try {
                rolesMode = RolesMode.valueOf(System.getProperty(SecurityConstants.ROLE_MODE_KEY, RolesMode.GROUP.toString()));
            } catch (Exception e) {
                rolesMode = RolesMode.GROUP;
            }
            authenticationManager = (property == null || property.toLowerCase().equals("jaas") || property.toLowerCase().equals("container")) ? new JAASAuthenticationManager(property2, rolesMode) : property.toLowerCase().equals("property") ? new PropertyAuthenticationManager(null) : (AuthenticationManager) loadClazz(property, AuthenticationManager.class);
        }
        final FileSystemAuthorizationManager fileSystemAuthorizationManager = this.authorizationManagers.isUnsatisfied() ? new FileSystemAuthorizationManager() : null;
        final AuthenticationManager authenticationManager2 = authenticationManager;
        org.uberfire.java.nio.security.AuthorizationManager authorizationManager = new org.uberfire.java.nio.security.AuthorizationManager() { // from class: org.uberfire.backend.server.security.IOServiceSecuritySetup.1
            @Override // org.uberfire.java.nio.security.AuthorizationManager
            public boolean authorize(FileSystem fileSystem, Subject subject) {
                return fileSystemAuthorizationManager.authorize(new FileSystemResourceAdaptor(fileSystem), ((SubjectWrapper) subject).getRealSubject());
            }
        };
        for (FileSystemProvider fileSystemProvider : FileSystemProviders.installedProviders()) {
            if (fileSystemProvider instanceof SecurityAware) {
                ((SecurityAware) fileSystemProvider).setUserPassAuthenticator(new UserPassAuthenticator() { // from class: org.uberfire.backend.server.security.IOServiceSecuritySetup.2
                    @Override // org.uberfire.java.nio.security.UserPassAuthenticator
                    public boolean authenticate(String str, String str2, Session session) {
                        try {
                            org.uberfire.security.Subject authenticate = authenticationManager2.authenticate(new UserPassSecurityContext(null, str, str2));
                            if (authenticate != null) {
                                session.setSubject(new SubjectWrapper(authenticate));
                            }
                            return authenticate != null;
                        } catch (Exception e2) {
                            return false;
                        }
                    }
                });
                ((SecurityAware) fileSystemProvider).setAuthorizationManager(authorizationManager);
            }
        }
    }

    private <T> T loadClazz(String str, Class<T> cls) {
        if (str == null || str.isEmpty()) {
            return null;
        }
        try {
            Class<?> cls2 = Class.forName(str);
            if (cls.isAssignableFrom(cls2)) {
                return cls.cast(cls2.newInstance());
            }
            return null;
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
            return null;
        }
    }
}
