package org.jboss.seam.security;

import java.io.InputStreamReader;
import java.security.acl.Permission;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.drools.FactHandle;
import org.drools.RuleBase;
import org.drools.RuleBaseFactory;
import org.drools.WorkingMemory;
import org.drools.compiler.PackageBuilder;
import org.drools.compiler.PackageBuilderConfiguration;
import org.jboss.seam.Component;
import org.jboss.seam.InterceptionType;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Create;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Intercept;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.contexts.Context;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.core.Expressions;
import org.jboss.seam.security.rules.PermissionCheck;
import org.jboss.seam.util.Resources;

@Name("org.jboss.seam.securityManager")
@Scope(ScopeType.APPLICATION)
@Install(value = false, precedence = Install.BUILT_IN)
@Intercept(InterceptionType.NEVER)
/* loaded from: input_file:org/jboss/seam/security/SeamSecurityManager.class */
public class SeamSecurityManager {
    private static final String SECURITY_RULES_FILENAME = "/META-INF/security-rules.drl";
    private static final String SECURITY_CONTEXT_NAME = "org.jboss.seam.security.securityContext";
    private RuleBase securityRules;
    private Map<String, Set<Permission>> rolePermissions = new HashMap();

    @Create
    public void initSecurityManager() throws Exception {
        PackageBuilderConfiguration packageBuilderConfiguration = new PackageBuilderConfiguration();
        packageBuilderConfiguration.setCompiler(1);
        PackageBuilder packageBuilder = new PackageBuilder(packageBuilderConfiguration);
        packageBuilder.addPackageFromDrl(new InputStreamReader(Resources.getResourceAsStream(SECURITY_RULES_FILENAME)));
        this.securityRules = RuleBaseFactory.newRuleBase();
        this.securityRules.addPackage(packageBuilder.getPackage());
    }

    public static SeamSecurityManager instance() {
        if (!Contexts.isApplicationContextActive()) {
            throw new IllegalStateException("No active application context");
        }
        SeamSecurityManager seamSecurityManager = (SeamSecurityManager) Component.getInstance((Class<?>) SeamSecurityManager.class, ScopeType.APPLICATION);
        if (seamSecurityManager == null) {
            throw new IllegalStateException("No SeamSecurityManager could be created, make sure the Component exists in application scope");
        }
        return seamSecurityManager;
    }

    public boolean evaluateExpression(String str) {
        return ((Boolean) Expressions.instance().createValueBinding(str).getValue()).booleanValue();
    }

    public static boolean hasRole(String str) {
        return Identity.instance().isUserInRole(str);
    }

    public static boolean hasPermission(String str, String str2, Object... objArr) {
        SeamSecurityManager instance = instance();
        ArrayList arrayList = new ArrayList();
        PermissionCheck permissionCheck = new PermissionCheck(str, str2);
        WorkingMemory workingMemoryForSession = instance.getWorkingMemoryForSession();
        arrayList.add(workingMemoryForSession.assertObject(permissionCheck));
        for (Object obj : objArr) {
            arrayList.add(workingMemoryForSession.assertObject(obj));
        }
        workingMemoryForSession.fireAllRules();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            workingMemoryForSession.retractObject((FactHandle) it.next());
        }
        return permissionCheck.isGranted();
    }

    private WorkingMemory getWorkingMemoryForSession() {
        if (!Contexts.isSessionContextActive()) {
            throw new IllegalStateException("No active session context found.");
        }
        Context sessionContext = Contexts.getSessionContext();
        if (sessionContext.isSet(SECURITY_CONTEXT_NAME)) {
            return (WorkingMemory) sessionContext.get(SECURITY_CONTEXT_NAME);
        }
        if (!Identity.instance().isValid()) {
            throw new IllegalStateException("Authenticated Identity is not valid");
        }
        WorkingMemory newWorkingMemory = this.securityRules.newWorkingMemory();
        newWorkingMemory.assertObject(Identity.instance());
        for (Role role : Identity.instance().getRoles()) {
            newWorkingMemory.assertObject(role);
        }
        sessionContext.set(SECURITY_CONTEXT_NAME, newWorkingMemory);
        return newWorkingMemory;
    }
}
