package org.jboss.reliance.drools.core.security;

import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Iterator;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.drools.FactHandle;
import org.drools.RuleBase;
import org.drools.StatefulSession;
import org.drools.base.ClassObjectFilter;
import org.jboss.reliance.drools.core.RuleDependencyCheck;
import org.jboss.reliance.drools.core.aspects.DisableFireAllRules;
import org.jboss.reliance.drools.core.aspects.FireAllRulesAfter;
import org.jboss.reliance.identity.Identity;

/* loaded from: input_file:org/jboss/reliance/drools/core/security/RuleBasedIdentity.class */
public class RuleBasedIdentity extends Identity implements RuleDependencyCheck {
    private StatefulSession securityContext;
    private RuleBase securityRules;

    public void create() {
        super.create();
        if (this.securityContext == null && this.securityRules != null) {
            this.securityContext = this.securityRules.newStatefulSession(false);
        }
        if (this.securityContext == null) {
            log.warn("No security rule base available - please install a RuleBase if permission checks are required.");
        }
    }

    protected void postAuthenticate() {
        super.postAuthenticate();
        StatefulSession securityContext = getSecurityContext();
        if (securityContext != null) {
            for (Principal principal : getSubject().getPrincipals()) {
                if ((principal instanceof Group) && "Roles".equals(principal.getName())) {
                    Enumeration<? extends Principal> members = ((Group) principal).members();
                    while (members.hasMoreElements()) {
                        securityContext.insert(new Role(members.nextElement().getName()));
                    }
                }
            }
            securityContext.insert(getPrincipal());
        }
    }

    @Override // org.jboss.reliance.drools.core.RuleDependencyCheck
    @DisableFireAllRules
    public boolean canResolve(Object obj, Object obj2, Object... objArr) {
        StatefulSession securityContext = getSecurityContext();
        if (securityContext == null) {
            return false;
        }
        ArrayList arrayList = new ArrayList();
        PermissionCheck permissionCheck = new PermissionCheck(obj, obj2);
        synchronized (securityContext) {
            try {
                arrayList.add(securityContext.insert(permissionCheck));
                for (int i = 0; i < objArr.length; i++) {
                    if (i == 0 && (objArr[0] instanceof Collection)) {
                        for (Object obj3 : (Collection) objArr[i]) {
                            if (securityContext.getFactHandle(obj3) == null) {
                                arrayList.add(securityContext.insert(obj3));
                            }
                        }
                    } else {
                        arrayList.add(securityContext.insert(objArr[i]));
                    }
                }
                securityContext.fireAllRules();
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    securityContext.retract((FactHandle) it.next());
                }
            } catch (Throwable th) {
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    securityContext.retract((FactHandle) it2.next());
                }
                throw th;
            }
        }
        return permissionCheck.isGranted();
    }

    protected void unAuthenticate() {
        StatefulSession securityContext = getSecurityContext();
        if (securityContext != null) {
            Iterator iterateObjects = securityContext.iterateObjects(new ClassObjectFilter(Role.class));
            while (iterateObjects.hasNext()) {
                securityContext.retract(securityContext.getFactHandle(iterateObjects.next()));
            }
        }
        super.unAuthenticate();
    }

    public boolean addRole(String str) {
        StatefulSession securityContext;
        if (!super.addRole(str) || (securityContext = getSecurityContext()) == null) {
            return false;
        }
        securityContext.insert(new Role(str));
        return true;
    }

    public void removeRole(String str) {
        StatefulSession securityContext = getSecurityContext();
        if (securityContext != null) {
            Iterator iterateObjects = securityContext.iterateObjects(new ClassObjectFilter(Role.class));
            while (true) {
                if (!iterateObjects.hasNext()) {
                    break;
                }
                Role role = (Role) iterateObjects.next();
                if (role.getName().equals(str)) {
                    securityContext.retract(securityContext.getFactHandle(role));
                    break;
                }
            }
        }
        super.removeRole(str);
    }

    public StatefulSession getSecurityContext() {
        return this.securityContext;
    }

    public void setSecurityContext(StatefulSession statefulSession) {
        this.securityContext = statefulSession;
    }

    public void setSecurityRules(RuleBase ruleBase) {
        this.securityRules = ruleBase;
    }

    @FireAllRulesAfter
    public boolean login() {
        return super.login();
    }

    @FireAllRulesAfter
    public void quietLogin() {
        super.quietLogin();
    }

    @FireAllRulesAfter
    public void authenticate() throws LoginException {
        super.authenticate();
    }

    @FireAllRulesAfter
    public void authenticate(LoginContext loginContext) throws LoginException {
        super.authenticate(loginContext);
    }

    @FireAllRulesAfter
    public boolean isLoggedIn() {
        return super.isLoggedIn();
    }

    @FireAllRulesAfter
    public boolean isLoggedIn(boolean z) {
        return super.isLoggedIn(z);
    }
}
