package org.jboss.as.console.client.rbac;

import com.allen_sauer.gwt.log.client.Log;
import com.google.gwt.user.client.rpc.AsyncCallback;
import com.google.web.bindery.event.shared.EventBus;
import com.gwtplatform.mvp.client.Presenter;
import com.gwtplatform.mvp.client.proxy.Place;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import org.jboss.as.console.client.Console;
import org.jboss.as.console.client.core.BootstrapContext;
import org.jboss.as.console.client.core.Footer;
import org.jboss.as.console.client.domain.model.SimpleCallback;
import org.jboss.as.console.client.plugins.RequiredResourcesRegistry;
import org.jboss.as.console.client.widgets.progress.ProgressElement;
import org.jboss.as.console.mbui.behaviour.CoreGUIContext;
import org.jboss.as.console.mbui.model.mapping.AddressMapping;
import org.jboss.ballroom.client.rbac.SecurityContext;
import org.jboss.ballroom.client.rbac.SecurityContextAware;
import org.jboss.ballroom.client.rbac.SecurityContextChangedEvent;
import org.jboss.ballroom.client.rbac.SecurityContextChangedHandler;
import org.jboss.dmr.client.ModelNode;
import org.jboss.dmr.client.ModelType;
import org.jboss.dmr.client.Property;
import org.jboss.dmr.client.dispatch.DispatchAsync;
import org.jboss.dmr.client.dispatch.impl.DMRAction;
import org.jboss.dmr.client.dispatch.impl.DMRResponse;
import org.useware.kernel.gui.behaviour.FilteringStatementContext;

/* loaded from: input_file:org/jboss/as/console/client/rbac/SecurityFrameworkImpl.class */
public class SecurityFrameworkImpl implements SecurityFramework, SecurityContextChangedHandler {
    private static final String MODEL_DESCRIPTION = "model-description";
    private static final String DEFAULT = "default";
    private static final String ATTRIBUTES = "attributes";
    private static final String READ = "read";
    private static final String WRITE = "write";
    private static final String ADDRESS = "address";
    private static final String EXECUTE = "execute";
    private static final String EXCEPTIONS = "exceptions";
    private static final String ACCESS_CONTROL = "access-control";
    private static final String TRIM_DESCRIPTIONS = "trim-descriptions";
    private static final String COMBINED_DESCRIPTIONS = "combined-descriptions";
    protected final RequiredResourcesRegistry requiredResourcesRegistry;
    protected final DispatchAsync dispatcher;
    protected final CoreGUIContext statementContext;
    protected final CoreGUIContext coreGUIContext;
    private final FilteringStatementContext filteringStatementContext;
    private static final SecurityContext READ_ONLY = new ReadOnlyContext();
    protected Map<String, SecurityContext> contextMapping = new HashMap();
    protected Map<String, SecurityContext> subContextMapping = new HashMap();
    protected final ContextKeyResolver keyResolver = new PlaceSecurityResolver();
    private final Map<String, SecurityContextAware> contextAwareWidgets = new HashMap();

    @Inject
    public SecurityFrameworkImpl(RequiredResourcesRegistry requiredResourcesRegistry, DispatchAsync dispatchAsync, CoreGUIContext coreGUIContext, final BootstrapContext bootstrapContext, EventBus eventBus, CoreGUIContext coreGUIContext2) {
        this.requiredResourcesRegistry = requiredResourcesRegistry;
        this.dispatcher = dispatchAsync;
        this.statementContext = coreGUIContext;
        this.coreGUIContext = coreGUIContext2;
        this.filteringStatementContext = new FilteringStatementContext(coreGUIContext, new FilteringStatementContext.Filter() { // from class: org.jboss.as.console.client.rbac.SecurityFrameworkImpl.1
            @Override // org.useware.kernel.gui.behaviour.FilteringStatementContext.Filter
            public String filter(String str) {
                if (str.equals("selected.entity")) {
                    return "*";
                }
                if (str.equals("addressable.group")) {
                    return bootstrapContext.getAddressableGroups().isEmpty() ? "*" : bootstrapContext.getAddressableGroups().iterator().next();
                }
                if (str.equals("addressable.host")) {
                    return bootstrapContext.getAddressableHosts().isEmpty() ? "*" : bootstrapContext.getAddressableHosts().iterator().next();
                }
                return null;
            }

            @Override // org.useware.kernel.gui.behaviour.FilteringStatementContext.Filter
            public String[] filterTuple(String str) {
                return null;
            }
        });
        SecurityContextChangedEvent.register(eventBus, this);
    }

    public String resolveToken() {
        return this.keyResolver.resolveKey();
    }

    @Override // org.jboss.as.console.client.rbac.SecurityFramework
    public boolean hasContext(String str) {
        return this.contextMapping.containsKey(str);
    }

    @Override // org.jboss.as.console.client.rbac.SecurityFramework
    public SecurityContext getSecurityContext(String str) {
        SecurityContext securityContext = this.subContextMapping.containsKey(str) ? this.subContextMapping.get(str) : this.contextMapping.get(str);
        if (null == securityContext) {
            new RuntimeException("Failed to resolve security context for #" + str + " (Fallback to read only context)").printStackTrace();
            securityContext = new ReadOnlyContext();
        }
        return securityContext;
    }

    public void registerWidget(String str, SecurityContextAware securityContextAware) {
        this.contextAwareWidgets.put(str, securityContextAware);
    }

    public void unregisterWidget(String str) {
        this.contextAwareWidgets.remove(str);
    }

    public void onSecurityContextChanged(SecurityContextChangedEvent securityContextChangedEvent) {
        Presenter presenter = (Presenter) securityContextChangedEvent.getSource();
        if (!(presenter.getProxy() instanceof Place)) {
            throw new IllegalArgumentException("Source needs to be presenter place");
        }
        String nameToken = presenter.getProxy().getNameToken();
        String normalize = normalize(AddressMapping.fromString(securityContextChangedEvent.getResourceAddress()).asResource(this.coreGUIContext, securityContextChangedEvent.getWildcards()).get(ADDRESS));
        SecurityContext securityContext = this.contextMapping.get(nameToken);
        if (securityContext.hasChildContext(normalize)) {
            this.subContextMapping.put(nameToken, securityContext.getChildContext(normalize));
        } else {
            this.subContextMapping.remove(nameToken);
        }
        forceUpdate(nameToken);
    }

    @Override // org.jboss.as.console.client.rbac.SecurityFramework
    public void createSecurityContext(String str, Set<String> set, boolean z, AsyncCallback<SecurityContext> asyncCallback) {
        if (set.isEmpty()) {
            NoGatekeeperContext noGatekeeperContext = new NoGatekeeperContext();
            this.contextMapping.put(str, noGatekeeperContext);
            asyncCallback.onSuccess(noGatekeeperContext);
        } else {
            try {
                loadSecurityMetadata(str, set, z, asyncCallback);
            } catch (Throwable th) {
                asyncCallback.onFailure(th);
            }
        }
    }

    @Override // org.jboss.as.console.client.rbac.SecurityFramework
    public void assignContext(String str, SecurityContext securityContext) {
        this.contextMapping.put(str, securityContext);
    }

    private void loadSecurityMetadata(final String str, Set<String> set, boolean z, final AsyncCallback<SecurityContext> asyncCallback) {
        ModelNode modelNode = new ModelNode();
        modelNode.get("operation").set("composite");
        modelNode.get(ADDRESS).setEmptyList();
        final LinkedList linkedList = new LinkedList();
        final HashMap hashMap = new HashMap();
        final HashSet<ResourceRef> hashSet = new HashSet(set.size());
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(new ResourceRef(it.next()));
        }
        for (ResourceRef resourceRef : hashSet) {
            ModelNode asResource = AddressMapping.fromString(resourceRef.address).asResource(new ModelNode().setEmptyList(), this.filteringStatementContext, new String[0]);
            hashMap.put("step-" + (linkedList.size() + 1), resourceRef);
            asResource.get("operation").set("read-resource-description");
            if (z) {
                asResource.get("recursive-depth").set(2);
            }
            asResource.get(ACCESS_CONTROL).set(TRIM_DESCRIPTIONS);
            asResource.get("include-aliases").set("true");
            asResource.get("operations").set(true);
            linkedList.add(asResource);
        }
        modelNode.get("steps").set(linkedList);
        final long currentTimeMillis = System.currentTimeMillis();
        final ProgressElement progressElement = Footer.PROGRESS_ELEMENT;
        progressElement.reset();
        progressElement.tick();
        this.dispatcher.execute(new DMRAction(modelNode), new SimpleCallback<DMRResponse>() { // from class: org.jboss.as.console.client.rbac.SecurityFrameworkImpl.2
            @Override // org.jboss.as.console.client.domain.model.SimpleCallback
            public void onFailure(Throwable th) {
                progressElement.finish();
                Log.error("Failed to create security context for " + str + ", fallback to temporary read-only context", th.getMessage());
                SecurityFrameworkImpl.this.contextMapping.put(str, SecurityFrameworkImpl.READ_ONLY);
                asyncCallback.onSuccess(SecurityFrameworkImpl.READ_ONLY);
            }

            public void onSuccess(DMRResponse dMRResponse) {
                Log.info("Context http (" + str + "): " + (System.currentTimeMillis() - currentTimeMillis) + "ms");
                long currentTimeMillis2 = System.currentTimeMillis();
                ModelNode modelNode2 = dMRResponse.get();
                Log.info("Context decode (" + str + "): " + (System.currentTimeMillis() - currentTimeMillis2) + "ms");
                long currentTimeMillis3 = System.currentTimeMillis();
                if (modelNode2.isFailure()) {
                    Log.error("Failed to retrieve access control meta data, fallback to temporary read-only context: ", modelNode2.getFailureDescription());
                    SecurityFrameworkImpl.this.contextMapping.put(str, SecurityFrameworkImpl.READ_ONLY);
                    asyncCallback.onSuccess(SecurityFrameworkImpl.READ_ONLY);
                    return;
                }
                try {
                    ModelNode modelNode3 = modelNode2.get("result");
                    SecurityContextImpl securityContextImpl = new SecurityContextImpl(str, hashSet);
                    for (int i = 1; i <= linkedList.size(); i++) {
                        String str2 = "step-" + i;
                        if (modelNode3.hasDefined(str2)) {
                            ResourceRef resourceRef2 = (ResourceRef) hashMap.get(str2);
                            List asList = AddressMapping.fromString(resourceRef2.address).asResource(new ModelNode().setEmptyList(), SecurityFrameworkImpl.this.filteringStatementContext, new String[0]).get(SecurityFrameworkImpl.ADDRESS).asList();
                            ModelNode modelNode4 = modelNode3.get(str2).get("result");
                            ModelNode modelNode5 = null;
                            if (modelNode4.getType() == ModelType.LIST) {
                                Iterator it2 = modelNode4.asList().iterator();
                                while (true) {
                                    if (!it2.hasNext()) {
                                        break;
                                    }
                                    ModelNode modelNode6 = (ModelNode) it2.next();
                                    if (SecurityFrameworkImpl.matchingAddress(modelNode6.get(SecurityFrameworkImpl.ADDRESS).asList(), asList)) {
                                        modelNode5 = modelNode6;
                                        break;
                                    }
                                }
                                if (modelNode5 == null) {
                                    throw new RuntimeException("Unexpected response format");
                                }
                            } else {
                                modelNode5 = modelNode4;
                            }
                            SecurityFrameworkImpl.this.parseAccessControlChildren(resourceRef2, hashSet, securityContextImpl, modelNode5);
                        }
                    }
                    securityContextImpl.seal();
                    SecurityFrameworkImpl.this.contextMapping.put(str, securityContextImpl);
                    Log.info("Context parse (" + str + "): " + (System.currentTimeMillis() - currentTimeMillis3) + "ms");
                    progressElement.finish();
                    asyncCallback.onSuccess(securityContextImpl);
                } catch (Throwable th) {
                    progressElement.finish();
                    th.printStackTrace();
                    asyncCallback.onFailure(new RuntimeException("Failed to parse access control meta data: " + th.getMessage(), th));
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean matchingAddress(List<ModelNode> list, List<ModelNode> list2) {
        int i = 0;
        int size = list2.size() - list.size();
        for (int size2 = list.size() - 1; size2 >= 0; size2--) {
            if (list2.get(size2 + size).toString().equals(list.get(size2).toString())) {
                i++;
            }
        }
        return i == list.size();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void parseAccessControlChildren(ResourceRef resourceRef, Set<ResourceRef> set, SecurityContextImpl securityContextImpl, ModelNode modelNode) {
        ModelNode modelNode2 = modelNode.hasDefined("result") ? modelNode.get("result") : modelNode;
        parseAccessControlMetaData(resourceRef, securityContextImpl, modelNode2);
        if (modelNode2.hasDefined("children")) {
            ModelNode modelNode3 = modelNode2.get("children");
            for (String str : modelNode3.keys()) {
                ResourceRef resourceRef2 = new ResourceRef(resourceRef.address + "/" + str + "=*");
                if (!set.contains(resourceRef2)) {
                    ModelNode modelNode4 = modelNode3.get(str);
                    if (modelNode4.hasDefined(MODEL_DESCRIPTION)) {
                        ModelNode value = ((Property) modelNode4.get(MODEL_DESCRIPTION).asPropertyList().get(0)).getValue();
                        set.add(resourceRef2);
                        parseAccessControlChildren(resourceRef2, set, securityContextImpl, value);
                    }
                }
            }
        }
    }

    private static void parseAccessControlMetaData(ResourceRef resourceRef, SecurityContextImpl securityContextImpl, ModelNode modelNode) {
        ModelNode modelNode2 = modelNode.get(ACCESS_CONTROL);
        if (modelNode2.isDefined() && modelNode2.hasDefined(DEFAULT)) {
            Constraints parseConstraints = parseConstraints(resourceRef, modelNode2.get(DEFAULT));
            if (resourceRef.optional) {
                securityContextImpl.setOptionalConstraints(resourceRef.address, parseConstraints);
            } else {
                securityContextImpl.setConstraints(resourceRef.address, parseConstraints);
            }
            if (modelNode2.hasDefined(EXCEPTIONS)) {
                for (Property property : modelNode2.get(EXCEPTIONS).asPropertyList()) {
                    String normalize = normalize(property.getValue().get(ADDRESS));
                    if (normalize != null) {
                        securityContextImpl.addChildContext(normalize, parseConstraints(new ResourceRef(normalize), property.getValue()));
                    } else {
                        Log.error("Skip exception " + property.getName() + ": No address found in " + property.getValue());
                    }
                }
            }
        }
    }

    private static String normalize(ModelNode modelNode) {
        if (!modelNode.isDefined()) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        for (Property property : modelNode.asPropertyList()) {
            sb.append("/").append(property.getName()).append("=").append(property.getValue().asString());
        }
        return sb.toString();
    }

    private static Constraints parseConstraints(ResourceRef resourceRef, ModelNode modelNode) {
        Constraints constraints = new Constraints(resourceRef.address);
        if (!modelNode.hasDefined(ADDRESS) || modelNode.get(ADDRESS).asBoolean()) {
            constraints.setReadResource(modelNode.get(READ).asBoolean());
            constraints.setWriteResource(modelNode.get(WRITE).asBoolean());
        } else {
            constraints.setAddress(false);
        }
        if (modelNode.hasDefined("operations")) {
            for (Property property : modelNode.get("operations").asPropertyList()) {
                constraints.setOperationExec(resourceRef.address, property.getName(), property.getValue().get(EXECUTE).asBoolean());
            }
        }
        if (modelNode.hasDefined(ATTRIBUTES)) {
            for (Property property2 : modelNode.get(ATTRIBUTES).asPropertyList()) {
                ModelNode value = property2.getValue();
                constraints.setAttributeRead(property2.getName(), value.get(READ).asBoolean());
                constraints.setAttributeWrite(property2.getName(), value.get(WRITE).asBoolean());
            }
        }
        return constraints;
    }

    public Set<String> getReadOnlyJavaNames(Class<?> cls, SecurityContext securityContext) {
        return (cls == Object.class || cls == null) ? Collections.emptySet() : new MetaDataAdapter(Console.MODULES.getApplicationMetaData()).getReadOnlyJavaNames(cls, securityContext);
    }

    public Set<String> getReadOnlyJavaNames(Class<?> cls, String str, SecurityContext securityContext) {
        return (cls == Object.class || cls == null) ? Collections.emptySet() : new MetaDataAdapter(Console.MODULES.getApplicationMetaData()).getReadOnlyJavaNames(cls, str, securityContext);
    }

    public Set<String> getFilteredJavaNames(Class<?> cls, String str, SecurityContext securityContext) {
        return (cls == Object.class || cls == null) ? Collections.emptySet() : new MetaDataAdapter(Console.MODULES.getApplicationMetaData()).getFilteredJavaNames(cls, str, securityContext);
    }

    public Set<String> getFilteredJavaNames(Class<?> cls, SecurityContext securityContext) {
        return (cls == Object.class || cls == null) ? Collections.emptySet() : new MetaDataAdapter(Console.MODULES.getApplicationMetaData()).getFilteredJavaNames(cls, securityContext);
    }

    public Set<String> getReadOnlyDMRNames(String str, List<String> list, SecurityContext securityContext) {
        HashSet hashSet = new HashSet();
        for (String str2 : list) {
            if (!securityContext.getAttributeWritePriviledge(str2).isGranted()) {
                hashSet.add(str2);
            }
        }
        return hashSet;
    }

    public Set<String> getFilteredDMRNames(String str, List<String> list, SecurityContext securityContext) {
        HashSet hashSet = new HashSet();
        for (String str2 : list) {
            boolean isGranted = securityContext.getAttributeWritePriviledge(str2).isGranted();
            boolean isGranted2 = securityContext.getAttributeReadPriviledge(str2).isGranted();
            if (!isGranted && !isGranted2) {
                hashSet.add(str2);
            }
        }
        return hashSet;
    }

    @Override // org.jboss.as.console.client.rbac.SecurityFramework
    public void forceUpdate(String str) {
        Iterator<Map.Entry<String, SecurityContextAware>> it = this.contextAwareWidgets.entrySet().iterator();
        while (it.hasNext()) {
            SecurityContextAware value = it.next().getValue();
            if (value.getToken().equals(str) && value.isAttached()) {
                value.onSecurityContextChanged();
            }
        }
    }
}
