package org.jboss.as.console.client.rbac;

import com.allen_sauer.gwt.log.client.Log;
import com.google.gwt.safehtml.shared.SafeHtml;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.jboss.as.console.client.rbac.Constraints;
import org.jboss.ballroom.client.rbac.AuthorisationDecision;
import org.jboss.ballroom.client.rbac.SecurityContext;

/* loaded from: input_file:org/jboss/as/console/client/rbac/SecurityContextImpl.class */
public class SecurityContextImpl implements SecurityContext {
    String nameToken;
    Set<ResourceRef> requiredResources;
    Map<String, Constraints> accessConstraints = new HashMap();
    Map<String, Constraints> optionalConstraints = new HashMap();
    Map<String, SecurityContext> childContexts = new HashMap();
    private boolean sealed;

    /* loaded from: input_file:org/jboss/as/console/client/rbac/SecurityContextImpl$ChildContext.class */
    static class ChildContext implements SecurityContext {
        private final String resourceAddress;
        private final Constraints constraints;

        ChildContext(String str, Constraints constraints) {
            this.resourceAddress = str;
            this.constraints = constraints;
        }

        public AuthorisationDecision getReadPriviledge() {
            return new AuthorisationDecision(this.constraints.isReadResource());
        }

        public AuthorisationDecision getReadPrivilege(String str) {
            return getReadPriviledge();
        }

        public AuthorisationDecision getWritePriviledge() {
            return new AuthorisationDecision(this.constraints.isWriteResource());
        }

        public AuthorisationDecision getWritePrivilege(String str) {
            return getWritePriviledge();
        }

        public AuthorisationDecision getAttributeWritePriviledge(String str) {
            Constraints.AttributePerm attributePerm = this.constraints.attributePermissions.get(str);
            if (attributePerm == null) {
                throw new RuntimeException("No such attribute: " + str);
            }
            return new AuthorisationDecision(attributePerm.isWrite());
        }

        public AuthorisationDecision getAttributeWritePriviledge(String str, String str2) {
            return getAttributeWritePriviledge(str2);
        }

        public AuthorisationDecision getOperationPriviledge(String str, String str2) {
            boolean isOperationExec = this.constraints.isOperationExec(this.resourceAddress, str2);
            AuthorisationDecision authorisationDecision = new AuthorisationDecision(true);
            authorisationDecision.setGranted(isOperationExec);
            return authorisationDecision;
        }

        public boolean hasChildContext(String str) {
            return false;
        }

        public SecurityContext getChildContext(String str) {
            return null;
        }

        public void seal() {
        }
    }

    /* loaded from: input_file:org/jboss/as/console/client/rbac/SecurityContextImpl$Priviledge.class */
    public interface Priviledge {
        boolean isGranted(Constraints constraints);
    }

    public SecurityContextImpl(String str, Set<ResourceRef> set) {
        this.nameToken = str;
        this.requiredResources = set;
    }

    public SafeHtml asHtml() {
        return RBACUtil.dump(this);
    }

    private AuthorisationDecision checkPriviledge(Priviledge priviledge, boolean z) {
        if (!this.sealed) {
            throw new RuntimeException("Should be sealed before policy decisions are evaluated");
        }
        AuthorisationDecision authorisationDecision = new AuthorisationDecision(true);
        Iterator<ResourceRef> it = this.requiredResources.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ResourceRef next = it.next();
            if (!next.optional) {
                Constraints constraints = getConstraints(next.address, z);
                if (constraints == null) {
                    authorisationDecision.getErrorMessages().add("Missing constraints for " + next.address);
                } else if (!priviledge.isGranted(constraints)) {
                    authorisationDecision.getErrorMessages().add(next.address);
                }
                if (authorisationDecision.hasErrorMessages()) {
                    authorisationDecision.setGranted(false);
                    break;
                }
            }
        }
        return authorisationDecision;
    }

    public AuthorisationDecision getReadPriviledge() {
        return checkPriviledge(new Priviledge() { // from class: org.jboss.as.console.client.rbac.SecurityContextImpl.1
            @Override // org.jboss.as.console.client.rbac.SecurityContextImpl.Priviledge
            public boolean isGranted(Constraints constraints) {
                boolean isReadResource = constraints.isReadResource();
                if (!isReadResource) {
                    Log.info("read privilege denied for: " + constraints.getResourceAddress());
                }
                return isReadResource;
            }
        }, false);
    }

    public AuthorisationDecision getReadPrivilege(String str) {
        return new AuthorisationDecision(getConstraints(str, false).isReadResource());
    }

    public AuthorisationDecision getWritePriviledge() {
        return checkPriviledge(new Priviledge() { // from class: org.jboss.as.console.client.rbac.SecurityContextImpl.2
            @Override // org.jboss.as.console.client.rbac.SecurityContextImpl.Priviledge
            public boolean isGranted(Constraints constraints) {
                boolean isWriteResource = constraints.isWriteResource();
                if (!isWriteResource) {
                    Log.info("write privilege denied for: " + constraints.getResourceAddress());
                }
                return isWriteResource;
            }
        }, false);
    }

    public AuthorisationDecision getWritePrivilege(String str) {
        return new AuthorisationDecision(getConstraints(str, false).isWriteResource());
    }

    public AuthorisationDecision getAttributeWritePriviledge(final String str) {
        return checkPriviledge(new Priviledge() { // from class: org.jboss.as.console.client.rbac.SecurityContextImpl.3
            @Override // org.jboss.as.console.client.rbac.SecurityContextImpl.Priviledge
            public boolean isGranted(Constraints constraints) {
                return constraints.isAttributeWrite(str);
            }
        }, true);
    }

    public AuthorisationDecision getAttributeWritePriviledge(String str, String str2) {
        Constraints.AttributePerm attributePerm = getConstraints(str, true).attributePermissions.get(str2);
        if (null == attributePerm) {
            throw new RuntimeException("No such attribute: " + str2);
        }
        return new AuthorisationDecision(attributePerm.isWrite());
    }

    private Constraints getConstraints(String str, boolean z) {
        Constraints constraints;
        if (z) {
            constraints = this.accessConstraints.containsKey(str) ? this.accessConstraints.get(str) : this.optionalConstraints.get(str);
        } else {
            constraints = this.accessConstraints.get(str);
        }
        if (null == constraints) {
            throw new RuntimeException("Missing constraints for " + str + ". Make sure the resource address matches the @AccessControl annotation");
        }
        return constraints;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setConstraints(String str, Constraints constraints) {
        if (this.sealed) {
            throw new RuntimeException("Sealed security context cannot be modified");
        }
        this.accessConstraints.put(str, constraints);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setOptionalConstraints(String str, Constraints constraints) {
        if (this.sealed) {
            throw new RuntimeException("Sealed security context cannot be modified");
        }
        this.optionalConstraints.put(str, constraints);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addChildContext(String str, Constraints constraints) {
        if (this.sealed) {
            throw new RuntimeException("Sealed security context cannot be modified");
        }
        this.childContexts.put(str, new ChildContext(str, constraints));
    }

    public boolean hasChildContext(String str) {
        return str != null && this.childContexts.containsKey(str);
    }

    public SecurityContext getChildContext(String str) {
        return this.childContexts.get(str);
    }

    public void seal() {
        this.sealed = true;
    }

    public AuthorisationDecision getOperationPriviledge(String str, String str2) {
        boolean isOperationExec = getConstraints(str, true).isOperationExec(str, str2);
        AuthorisationDecision authorisationDecision = new AuthorisationDecision(true);
        authorisationDecision.setGranted(isOperationExec);
        return authorisationDecision;
    }
}
