package org.jboss.seam.security;

import java.io.Serializable;
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Create;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Startup;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.core.Events;
import org.jboss.seam.core.Expressions;
import org.jboss.seam.log.LogProvider;
import org.jboss.seam.log.Logging;
import org.jboss.seam.security.permission.PermissionMapper;
import org.jboss.seam.web.Session;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/org.jboss.seam-jboss-seam-2.1.0.SP1.jar:org/jboss/seam/security/Identity.class
 */
@Name("org.jboss.seam.security.identity")
@Scope(ScopeType.SESSION)
@Install(precedence = 0)
@BypassInterceptors
@Startup
/* loaded from: input_file:WEB-INF/lib/jboss-seam-2.1.0.SP1.jar:org/jboss/seam/security/Identity.class */
public class Identity implements Serializable {
    private static final long serialVersionUID = 3751659008033189259L;
    public static final String EVENT_LOGIN_SUCCESSFUL = "org.jboss.seam.security.loginSuccessful";
    public static final String EVENT_LOGIN_FAILED = "org.jboss.seam.security.loginFailed";
    public static final String EVENT_NOT_LOGGED_IN = "org.jboss.seam.security.notLoggedIn";
    public static final String EVENT_NOT_AUTHORIZED = "org.jboss.seam.security.notAuthorized";
    public static final String EVENT_PRE_AUTHENTICATE = "org.jboss.seam.security.preAuthenticate";
    public static final String EVENT_POST_AUTHENTICATE = "org.jboss.seam.security.postAuthenticate";
    public static final String EVENT_LOGGED_OUT = "org.jboss.seam.security.loggedOut";
    public static final String EVENT_ALREADY_LOGGED_IN = "org.jboss.seam.security.alreadyLoggedIn";
    public static final String EVENT_QUIET_LOGIN = "org.jboss.seam.security.quietLogin";
    public static final String ROLES_GROUP = "Roles";
    private static final String LOGIN_TRIED = "org.jboss.seam.security.loginTried";
    private static final String SILENT_LOGIN = "org.jboss.seam.security.silentLogin";
    private Credentials credentials;
    private Expressions.MethodExpression authenticateMethod;
    private Principal principal;
    private Subject subject;
    private RememberMe rememberMe;
    private transient ThreadLocal<Boolean> systemOp;
    private PermissionMapper permissionMapper;
    protected static boolean securityEnabled = true;
    private static final LogProvider log = Logging.getLogProvider(Identity.class);
    private String jaasConfigName = null;
    private List<String> preAuthenticationRoles = new ArrayList();
    private boolean authenticating = false;

    @Create
    public void create() {
        this.subject = new Subject();
        if (Contexts.isApplicationContextActive()) {
            this.permissionMapper = (PermissionMapper) Component.getInstance((Class<?>) PermissionMapper.class);
        }
        if (Contexts.isSessionContextActive()) {
            this.rememberMe = (RememberMe) Component.getInstance((Class<?>) RememberMe.class, true);
            this.credentials = (Credentials) Component.getInstance((Class<?>) Credentials.class);
        }
        if (this.credentials == null) {
            this.credentials = new Credentials();
        }
    }

    public static boolean isSecurityEnabled() {
        return securityEnabled;
    }

    public static void setSecurityEnabled(boolean z) {
        securityEnabled = z;
    }

    public static Identity instance() {
        if (!Contexts.isSessionContextActive()) {
            throw new IllegalStateException("No active session context");
        }
        Identity identity = (Identity) Component.getInstance((Class<?>) Identity.class, ScopeType.SESSION);
        if (identity == null) {
            throw new IllegalStateException("No Identity could be created");
        }
        return identity;
    }

    public boolean isLoggedIn() {
        return getPrincipal() != null;
    }

    public boolean tryLogin() {
        if (!this.authenticating && getPrincipal() == null && this.credentials.isSet() && Contexts.isEventContextActive() && !Contexts.getEventContext().isSet(LOGIN_TRIED)) {
            Contexts.getEventContext().set(LOGIN_TRIED, true);
            quietLogin();
        }
        return isLoggedIn();
    }

    @Deprecated
    public boolean isLoggedIn(boolean z) {
        return z ? tryLogin() : isLoggedIn();
    }

    public Principal getPrincipal() {
        return this.principal;
    }

    public Subject getSubject() {
        return this.subject;
    }

    public void checkRestriction(String str) {
        if (securityEnabled && !evaluateExpression(str)) {
            if (isLoggedIn()) {
                if (Events.exists()) {
                    Events.instance().raiseEvent(EVENT_NOT_AUTHORIZED, new Object[0]);
                }
                throw new AuthorizationException(String.format("Authorization check failed for expression [%s]", str));
            }
            if (Events.exists()) {
                Events.instance().raiseEvent(EVENT_NOT_LOGGED_IN, new Object[0]);
            }
            log.debug(String.format("Error evaluating expression [%s] - User not logged in", str));
            throw new NotLoggedInException();
        }
    }

    public String login() {
        try {
            if (!isLoggedIn()) {
                authenticate();
                if (!isLoggedIn()) {
                    throw new LoginException();
                }
                if (log.isDebugEnabled()) {
                    log.debug("Login successful for: " + getCredentials().getUsername());
                }
                if (!Events.exists()) {
                    return "loggedIn";
                }
                Events.instance().raiseEvent(EVENT_LOGIN_SUCCESSFUL, new Object[0]);
                return "loggedIn";
            }
            if (Contexts.isEventContextActive() && Contexts.getEventContext().isSet(SILENT_LOGIN)) {
                if (!Events.exists()) {
                    return "loggedIn";
                }
                Events.instance().raiseEvent(EVENT_LOGIN_SUCCESSFUL, new Object[0]);
                return "loggedIn";
            }
            if (!Events.exists()) {
                return "loggedIn";
            }
            Events.instance().raiseEvent(EVENT_ALREADY_LOGGED_IN, new Object[0]);
            return "loggedIn";
        } catch (LoginException e) {
            this.credentials.invalidate();
            if (log.isDebugEnabled()) {
                log.debug("Login failed for: " + getCredentials().getUsername(), e);
            }
            if (!Events.exists()) {
                return null;
            }
            Events.instance().raiseEvent(EVENT_LOGIN_FAILED, e);
            return null;
        }
    }

    public void quietLogin() {
        try {
            if (Events.exists()) {
                Events.instance().raiseEvent(EVENT_QUIET_LOGIN, new Object[0]);
            }
            if (!isLoggedIn() && this.credentials.isSet()) {
                authenticate();
                if (isLoggedIn() && Contexts.isEventContextActive()) {
                    Contexts.getEventContext().set(SILENT_LOGIN, true);
                }
            }
        } catch (LoginException e) {
            this.credentials.invalidate();
        }
    }

    public synchronized void authenticate() throws LoginException {
        if (isLoggedIn() || this.credentials.isInvalid()) {
            return;
        }
        this.principal = null;
        this.subject = new Subject();
        authenticate(getLoginContext());
    }

    protected void authenticate(LoginContext loginContext) throws LoginException {
        try {
            this.authenticating = true;
            preAuthenticate();
            loginContext.login();
            postAuthenticate();
            this.credentials.setPassword(null);
            this.authenticating = false;
        } catch (Throwable th) {
            this.credentials.setPassword(null);
            this.authenticating = false;
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void preAuthenticate() {
        this.preAuthenticationRoles.clear();
        if (Events.exists()) {
            Events.instance().raiseEvent(EVENT_PRE_AUTHENTICATE, new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void postAuthenticate() {
        Iterator<Principal> it = getSubject().getPrincipals().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Principal next = it.next();
            if (!(next instanceof Group) && this.principal == null) {
                this.principal = next;
                break;
            }
        }
        if (!this.preAuthenticationRoles.isEmpty() && isLoggedIn()) {
            Iterator<String> it2 = this.preAuthenticationRoles.iterator();
            while (it2.hasNext()) {
                addRole(it2.next());
            }
            this.preAuthenticationRoles.clear();
        }
        this.credentials.setPassword(null);
        if (Events.exists()) {
            Events.instance().raiseEvent(EVENT_POST_AUTHENTICATE, this);
        }
    }

    public void unAuthenticate() {
        this.principal = null;
        this.subject = new Subject();
        this.credentials.clear();
    }

    protected LoginContext getLoginContext() throws LoginException {
        return getJaasConfigName() != null ? new LoginContext(getJaasConfigName(), getSubject(), this.credentials.createCallbackHandler()) : new LoginContext("default", getSubject(), this.credentials.createCallbackHandler(), Configuration.instance());
    }

    public void logout() {
        if (isLoggedIn()) {
            unAuthenticate();
            Session.instance().invalidate();
            if (Events.exists()) {
                Events.instance().raiseEvent(EVENT_LOGGED_OUT, new Object[0]);
            }
        }
    }

    public boolean hasRole(String str) {
        if (!securityEnabled) {
            return true;
        }
        if (this.systemOp != null && Boolean.TRUE.equals(this.systemOp.get())) {
            return true;
        }
        tryLogin();
        for (Group group : getSubject().getPrincipals(Group.class)) {
            if (ROLES_GROUP.equals(group.getName())) {
                return group.isMember(new Role(str));
            }
        }
        return false;
    }

    public boolean addRole(String str) {
        if (str == null || "".equals(str)) {
            return false;
        }
        if (!isLoggedIn()) {
            this.preAuthenticationRoles.add(str);
            return false;
        }
        for (Group group : getSubject().getPrincipals(Group.class)) {
            if (ROLES_GROUP.equals(group.getName())) {
                return group.addMember(new Role(str));
            }
        }
        SimpleGroup simpleGroup = new SimpleGroup(ROLES_GROUP);
        simpleGroup.addMember(new Role(str));
        getSubject().getPrincipals().add(simpleGroup);
        return true;
    }

    public void removeRole(String str) {
        for (Group group : getSubject().getPrincipals(Group.class)) {
            if (ROLES_GROUP.equals(group.getName())) {
                Enumeration<? extends Principal> members = group.members();
                while (true) {
                    if (members.hasMoreElements()) {
                        Principal nextElement = members.nextElement();
                        if (nextElement.getName().equals(str)) {
                            group.removeMember(nextElement);
                            break;
                        }
                    }
                }
            }
        }
    }

    public void checkRole(String str) {
        tryLogin();
        if (hasRole(str)) {
            return;
        }
        if (isLoggedIn()) {
            if (Events.exists()) {
                Events.instance().raiseEvent(EVENT_NOT_AUTHORIZED, new Object[0]);
            }
            throw new AuthorizationException(String.format("Authorization check failed for role [%s]", str));
        }
        if (Events.exists()) {
            Events.instance().raiseEvent(EVENT_NOT_LOGGED_IN, new Object[0]);
        }
        throw new NotLoggedInException();
    }

    public void checkPermission(String str, String str2, Object... objArr) {
        if (this.systemOp == null || !Boolean.TRUE.equals(this.systemOp.get())) {
            tryLogin();
            if (hasPermission(str, str2, objArr)) {
                return;
            }
            if (isLoggedIn()) {
                if (Events.exists()) {
                    Events.instance().raiseEvent(EVENT_NOT_AUTHORIZED, new Object[0]);
                }
                throw new AuthorizationException(String.format("Authorization check failed for permission [%s,%s]", str, str2));
            }
            if (Events.exists()) {
                Events.instance().raiseEvent(EVENT_NOT_LOGGED_IN, new Object[0]);
            }
            throw new NotLoggedInException();
        }
    }

    public void checkPermission(Object obj, String str) {
        if (this.systemOp == null || !Boolean.TRUE.equals(this.systemOp.get())) {
            tryLogin();
            if (hasPermission(obj, str)) {
                return;
            }
            if (isLoggedIn()) {
                if (Events.exists()) {
                    Events.instance().raiseEvent(EVENT_NOT_AUTHORIZED, new Object[0]);
                }
                throw new AuthorizationException(String.format("Authorization check failed for permission[%s,%s]", obj, str));
            }
            if (Events.exists()) {
                Events.instance().raiseEvent(EVENT_NOT_LOGGED_IN, new Object[0]);
            }
            throw new NotLoggedInException();
        }
    }

    public boolean hasPermission(String str, String str2, Object... objArr) {
        if (!securityEnabled) {
            return true;
        }
        if (this.systemOp != null && Boolean.TRUE.equals(this.systemOp.get())) {
            return true;
        }
        if (this.permissionMapper == null) {
            return false;
        }
        return objArr != null ? this.permissionMapper.resolvePermission(objArr[0], str2) : this.permissionMapper.resolvePermission(str, str2);
    }

    public void filterByPermission(Collection collection, String str) {
        this.permissionMapper.filterByPermission(collection, str);
    }

    public boolean hasPermission(Object obj, String str) {
        if (!securityEnabled) {
            return true;
        }
        if (this.systemOp != null && Boolean.TRUE.equals(this.systemOp.get())) {
            return true;
        }
        if (this.permissionMapper == null || obj == null) {
            return false;
        }
        return this.permissionMapper.resolvePermission(obj, str);
    }

    protected boolean evaluateExpression(String str) {
        return ((Boolean) Expressions.instance().createValueExpression(str, Boolean.class).getValue()).booleanValue();
    }

    @Deprecated
    public String getUsername() {
        return this.credentials.getUsername();
    }

    @Deprecated
    public void setUsername(String str) {
        this.credentials.setUsername(str);
    }

    @Deprecated
    public String getPassword() {
        return this.credentials.getPassword();
    }

    @Deprecated
    public void setPassword(String str) {
        this.credentials.setPassword(str);
    }

    @Deprecated
    public boolean isRememberMe() {
        if (this.rememberMe != null) {
            return this.rememberMe.isEnabled();
        }
        return false;
    }

    @Deprecated
    public void setRememberMe(boolean z) {
        if (this.rememberMe != null) {
            this.rememberMe.setEnabled(z);
        }
    }

    public Credentials getCredentials() {
        return this.credentials;
    }

    public Expressions.MethodExpression getAuthenticateMethod() {
        return this.authenticateMethod;
    }

    public void setAuthenticateMethod(Expressions.MethodExpression methodExpression) {
        this.authenticateMethod = methodExpression;
    }

    public String getJaasConfigName() {
        return this.jaasConfigName;
    }

    public void setJaasConfigName(String str) {
        this.jaasConfigName = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void runAs(RunAsOperation runAsOperation) {
        Principal principal = getPrincipal();
        Subject subject = getSubject();
        try {
            this.principal = runAsOperation.getPrincipal();
            this.subject = runAsOperation.getSubject();
            if (this.systemOp == null) {
                this.systemOp = new ThreadLocal<>();
            }
            this.systemOp.set(Boolean.valueOf(runAsOperation.isSystemOperation()));
            runAsOperation.execute();
            this.systemOp.set(false);
            this.principal = principal;
            this.subject = subject;
        } catch (Throwable th) {
            this.systemOp.set(false);
            this.principal = principal;
            this.subject = subject;
            throw th;
        }
    }
}
