package org.jboss.dashboard.users;

import java.io.Serializable;
import java.security.Permission;
import java.security.Principal;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.enterprise.context.SessionScoped;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.inject.Named;
import javax.security.auth.Subject;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.xml.serialize.LineSeparator;
import org.jboss.dashboard.SecurityServices;
import org.jboss.dashboard.annotation.Install;
import org.jboss.dashboard.annotation.config.Config;
import org.jboss.dashboard.commons.cdi.CDIBeanLocator;
import org.jboss.dashboard.security.AccessController;
import org.jboss.dashboard.security.SecurityCache;
import org.jboss.dashboard.security.principals.ComplementaryRolePrincipal;
import org.jboss.dashboard.security.principals.RolePrincipal;
import org.jboss.dashboard.security.principals.UserPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@SessionScoped
@Named("userStatus")
/* loaded from: input_file:WEB-INF/lib/dashboard-security-6.4.0.Beta1.jar:org/jboss/dashboard/users/UserStatus.class */
public class UserStatus implements LogoutSurvivor, Serializable {
    private static transient Logger log = LoggerFactory.getLogger(UserStatus.class.getName());

    @Inject
    @Config("root")
    protected String rootLogin;

    @Inject
    @Config("root")
    protected String rootUserName;

    @Inject
    protected SecurityCache securityCache;

    @Inject
    @Install
    protected Instance<UserStatusListener> statusChangedListeners;
    protected transient String userLogin;
    protected transient String userName;
    protected transient String userEmail;
    protected transient Set<String> userRoleIds = new HashSet();
    protected transient Subject userAuth;

    public static UserStatus lookup() {
        return (UserStatus) CDIBeanLocator.getBeanByName("userStatus");
    }

    public UserStatus() {
        clear();
        this.userRoleIds.add(Role.ANONYMOUS);
    }

    public String getRootLogin() {
        return this.rootLogin;
    }

    public void setRootLogin(String str) {
        this.rootLogin = str;
    }

    public String getRootUserName() {
        return this.rootUserName;
    }

    public void setRootUserName(String str) {
        this.rootUserName = str;
    }

    protected void notifyStatusChanged() {
        Iterator it = this.statusChangedListeners.iterator();
        while (it.hasNext()) {
            ((UserStatusListener) it.next()).statusChanged(this);
        }
    }

    public AccessController getAccessController() {
        return SecurityServices.lookup().getAccessController();
    }

    public String getUserLogin() {
        return this.userLogin;
    }

    public void setUserLogin(String str) {
        this.userLogin = str;
    }

    public String getUserName() {
        return isLoggedIn() ? this.userName : "--";
    }

    public void setUserName(String str) {
        this.userName = str;
    }

    public String getUserEmail() {
        return this.userEmail;
    }

    public void setUserEmail(String str) {
        this.userEmail = str;
    }

    public Set<String> getUserRoleIds() {
        return this.userRoleIds;
    }

    public void setUserRoleIds(Set<String> set) {
        this.userRoleIds = set;
    }

    public boolean isRootUser() {
        return this.userLogin != null && this.userLogin.equals(this.rootLogin);
    }

    public boolean isLoggedIn() {
        return !StringUtils.isBlank(this.userLogin);
    }

    public boolean isAnonymous() {
        return StringUtils.isBlank(this.userLogin);
    }

    public synchronized void initSession(String str, Collection<String> collection) {
        if (CollectionUtils.isEmpty(collection)) {
            throw new IllegalArgumentException("User session initialization failed: the list of roles is empty.");
        }
        clear();
        this.userLogin = str;
        this.userRoleIds.addAll(collection);
        invalidateUserPrincipals();
        notifyStatusChanged();
    }

    public synchronized void initSessionAsRoot() {
        clear();
        this.userLogin = this.rootLogin;
        this.userName = this.rootUserName;
        invalidateUserPrincipals();
        notifyStatusChanged();
    }

    public synchronized void closeSession() {
        clear();
        this.userRoleIds.add(Role.ANONYMOUS);
        invalidateUserPrincipals();
        notifyStatusChanged();
    }

    public synchronized void invalidateUserPrincipals() {
        if (log.isDebugEnabled()) {
            log.debug("Security information is obsolete. Clearing.");
        }
        this.securityCache.clear();
        this.userAuth = new Subject(false, calculateUserPrincipals(), new HashSet(), new HashSet());
    }

    public void checkPermission(Permission permission) throws SecurityException {
        if (!hasPermission(permission)) {
            throw new SecurityException("Permission denied.\r\npermission=" + permission.toString() + LineSeparator.Windows);
        }
    }

    public boolean hasPermission(Permission permission) {
        Boolean value;
        if (isRootUser()) {
            return true;
        }
        if (this.securityCache.isCacheEnabled() && (value = this.securityCache.getValue(permission, permission.getActions())) != null) {
            return value.booleanValue();
        }
        boolean evaluatePermission = evaluatePermission(permission);
        if (this.securityCache.isCacheEnabled()) {
            this.securityCache.setValue(permission, permission.getActions(), evaluatePermission);
        }
        return evaluatePermission;
    }

    protected void clear() {
        this.userLogin = null;
        this.userName = null;
        this.userEmail = null;
        this.userAuth = null;
        this.userRoleIds.clear();
    }

    protected boolean evaluatePermission(Permission permission) {
        if (this.userAuth == null) {
            return false;
        }
        if (log.isDebugEnabled()) {
            log.debug("Invoking accessController to determine if permission " + permission + " is granted.");
        }
        boolean hasPermission = getAccessController().hasPermission(this.userAuth, permission);
        if (log.isDebugEnabled()) {
            log.debug("AccessController determines that permission " + permission + " is " + (hasPermission ? "" : "NOT ") + "granted.");
        }
        return hasPermission;
    }

    protected Set<Principal> calculateUserPrincipals() {
        if (log.isDebugEnabled()) {
            log.debug("Calculating principals for current user.");
        }
        HashSet hashSet = new HashSet();
        if (this.userLogin != null) {
            hashSet.add(new UserPrincipal(this.userLogin));
        }
        if (!isRootUser()) {
            for (Role role : SecurityServices.lookup().getRolesManager().getAllRoles()) {
                hashSet.add(this.userRoleIds.contains(role.getName()) ? new RolePrincipal(role) : new ComplementaryRolePrincipal(role));
            }
        }
        return hashSet;
    }
}
