package org.jboss.as.console.client.rbac;

import com.allen_sauer.gwt.log.client.Log;
import com.google.gwt.safehtml.shared.SafeHtml;
import com.google.gwt.safehtml.shared.SafeHtmlBuilder;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.jboss.as.console.client.rbac.Constraints;
import org.jboss.as.console.client.v3.dmr.AddressTemplate;
import org.jboss.ballroom.client.rbac.AuthorisationDecision;
import org.jboss.ballroom.client.rbac.SecurityContext;

/* loaded from: input_file:org/jboss/as/console/client/rbac/SecurityContextImpl.class */
public class SecurityContextImpl implements SecurityContext {
    String nameToken;
    Set<AddressTemplate> requiredResources;
    private Map<AddressTemplate, Map<String, Constraints>> accessConstraints = new HashMap();
    private Map<AddressTemplate, String> activeConstraints = new HashMap();
    private AddressTemplate[] resourceAddresses;

    /* loaded from: input_file:org/jboss/as/console/client/rbac/SecurityContextImpl$Priviledge.class */
    public interface Priviledge {
        boolean isGranted(Constraints constraints);
    }

    public SecurityContextImpl(String str, Set<AddressTemplate> set) {
        this.nameToken = str;
        this.requiredResources = set;
    }

    public SafeHtml asHtml() {
        try {
            return RBACUtil.dump(this);
        } catch (Throwable th) {
            th.printStackTrace();
            return new SafeHtmlBuilder().appendEscaped(th.getMessage()).toSafeHtml();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<AddressTemplate> getResourceAddresses() {
        return this.accessConstraints.keySet();
    }

    public Set<String> getConstraintsKeys(AddressTemplate addressTemplate) {
        return this.accessConstraints.get(addressTemplate).keySet();
    }

    public String getActiveKey(AddressTemplate addressTemplate) {
        return this.activeConstraints.get(addressTemplate);
    }

    private AuthorisationDecision checkPriviledge(Priviledge priviledge, boolean z) {
        AuthorisationDecision authorisationDecision = new AuthorisationDecision(true);
        Iterator<AddressTemplate> it = this.requiredResources.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            AddressTemplate next = it.next();
            if (!next.isOptional()) {
                Constraints constraints = getConstraints(next, z);
                if (constraints == null) {
                    authorisationDecision.getErrorMessages().add("Missing constraints for " + next.toString());
                } else if (!priviledge.isGranted(constraints)) {
                    authorisationDecision.getErrorMessages().add(next.toString());
                }
                if (authorisationDecision.hasErrorMessages()) {
                    authorisationDecision.setGranted(false);
                    break;
                }
            }
        }
        return authorisationDecision;
    }

    public AuthorisationDecision getReadPriviledge() {
        return checkPriviledge(new Priviledge() { // from class: org.jboss.as.console.client.rbac.SecurityContextImpl.1
            @Override // org.jboss.as.console.client.rbac.SecurityContextImpl.Priviledge
            public boolean isGranted(Constraints constraints) {
                boolean isReadResource = constraints.isReadResource();
                if (!isReadResource) {
                    Log.info("read privilege denied for: " + constraints.getResourceAddress());
                }
                return isReadResource;
            }
        }, false);
    }

    public AuthorisationDecision getReadPrivilege(String str) {
        return new AuthorisationDecision(getConstraints(AddressTemplate.of(str), false).isReadResource());
    }

    public AuthorisationDecision getWritePriviledge() {
        return checkPriviledge(new Priviledge() { // from class: org.jboss.as.console.client.rbac.SecurityContextImpl.2
            @Override // org.jboss.as.console.client.rbac.SecurityContextImpl.Priviledge
            public boolean isGranted(Constraints constraints) {
                boolean isWriteResource = constraints.isWriteResource();
                if (!isWriteResource) {
                    Log.info("write privilege denied for: " + constraints.getResourceAddress());
                }
                return isWriteResource;
            }
        }, false);
    }

    public AuthorisationDecision getWritePrivilege(String str) {
        return new AuthorisationDecision(getConstraints(AddressTemplate.of(str), false).isWriteResource());
    }

    public AuthorisationDecision getAttributeWritePriviledge(final String str) {
        return checkPriviledge(new Priviledge() { // from class: org.jboss.as.console.client.rbac.SecurityContextImpl.3
            @Override // org.jboss.as.console.client.rbac.SecurityContextImpl.Priviledge
            public boolean isGranted(Constraints constraints) {
                return constraints.isAttributeWrite(str);
            }
        }, true);
    }

    public AuthorisationDecision getAttributeReadPriviledge(final String str) {
        return checkPriviledge(new Priviledge() { // from class: org.jboss.as.console.client.rbac.SecurityContextImpl.4
            @Override // org.jboss.as.console.client.rbac.SecurityContextImpl.Priviledge
            public boolean isGranted(Constraints constraints) {
                return constraints.isAttributeRead(str);
            }
        }, true);
    }

    public AuthorisationDecision getAttributeWritePriviledge(String str, String str2) {
        Constraints.AttributePerm attributePerm = getConstraints(AddressTemplate.of(str), true).attributePermissions.get(str2);
        if (null == attributePerm) {
            throw new RuntimeException("No such attribute: " + str2);
        }
        return new AuthorisationDecision(attributePerm.isWrite());
    }

    public AuthorisationDecision getAttributeReadPriviledge(String str, String str2) {
        Constraints.AttributePerm attributePerm = getConstraints(AddressTemplate.of(str), true).attributePermissions.get(str2);
        if (null == attributePerm) {
            throw new RuntimeException("No such attribute: " + str2);
        }
        return new AuthorisationDecision(attributePerm.isRead());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Constraints getActiveConstraints(AddressTemplate addressTemplate) {
        return this.accessConstraints.get(addressTemplate).get(this.activeConstraints.containsKey(addressTemplate) ? this.activeConstraints.get(addressTemplate) : addressTemplate.getTemplate());
    }

    Constraints getConstraints(AddressTemplate addressTemplate, boolean z) {
        Constraints activeConstraints = getActiveConstraints(addressTemplate);
        if (null == activeConstraints) {
            throw new RuntimeException("Missing constraints for " + addressTemplate + ". Make sure the resource address matches the @AccessControl annotation");
        }
        return activeConstraints;
    }

    public void addConstraints(AddressTemplate addressTemplate, Constraints constraints) {
        if (!this.accessConstraints.containsKey(addressTemplate)) {
            this.accessConstraints.put(addressTemplate, new HashMap());
        }
        Map<String, Constraints> map = this.accessConstraints.get(addressTemplate);
        String template = addressTemplate.getTemplate();
        if (map.containsKey(template)) {
            throw new IllegalStateException("Constraints already registered: " + template);
        }
        map.put(template, constraints);
    }

    public void addChildContext(AddressTemplate addressTemplate, String str, Constraints constraints) {
        if (!this.accessConstraints.containsKey(addressTemplate)) {
            throw new IllegalStateException("Missing parent context for address " + addressTemplate);
        }
        constraints.setParent(addressTemplate);
        Map<String, Constraints> map = this.accessConstraints.get(addressTemplate);
        if (map.containsKey(str)) {
            new IllegalStateException("Child context already exists, skipping: " + str).printStackTrace();
        } else {
            map.put(str, constraints);
        }
    }

    public boolean hasChildContext(Object obj, String str) {
        return (obj == null || this.accessConstraints.get((AddressTemplate) obj).get(str) == null) ? false : true;
    }

    public void activateChildContext(Object obj, String str) {
        if (null == str) {
            this.activeConstraints.remove(obj);
        } else {
            this.activeConstraints.put((AddressTemplate) obj, str);
        }
    }

    public void seal() {
    }

    public AuthorisationDecision getOperationPriviledge(String str, String str2) {
        boolean isOperationExec = getConstraints(AddressTemplate.of(str), true).isOperationExec(str2);
        AuthorisationDecision authorisationDecision = new AuthorisationDecision(true);
        authorisationDecision.setGranted(isOperationExec);
        return authorisationDecision;
    }
}
