package org.jboss.seam.security.permission;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import javax.enterprise.context.SessionScoped;
import javax.enterprise.event.Observes;
import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
import org.drools.ClassObjectFilter;
import org.drools.KnowledgeBase;
import org.drools.runtime.StatefulKnowledgeSession;
import org.drools.runtime.rule.FactHandle;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.events.PostAuthenticateEvent;
import org.jboss.seam.security.events.PostLoggedOutEvent;
import org.jboss.solder.core.Requires;
import org.jboss.solder.logging.Logger;
import org.picketlink.idm.api.Group;
import org.picketlink.idm.api.Role;

@Requires({"org.drools.KnowledgeBase"})
@SessionScoped
/* loaded from: input_file:WEB-INF/lib/seam-security-3.1.0.Beta5.jar:org/jboss/seam/security/permission/RuleBasedPermissionResolver.class */
public class RuleBasedPermissionResolver implements PermissionResolver, Serializable {
    private static final long serialVersionUID = -7572627522601793024L;
    private StatefulKnowledgeSession securityContext;

    @Inject
    Logger log;

    @Inject
    SecurityRuleLoader securityRuleLoader;

    @Inject
    BeanManager manager;

    @Inject
    Identity identity;

    @Inject
    public void init() {
        if (getSecurityRules() != null) {
            setSecurityContext(getSecurityRules().newStatefulKnowledgeSession());
        }
    }

    @Override // org.jboss.seam.security.permission.PermissionResolver
    public boolean hasPermission(Object obj, String str) {
        StatefulKnowledgeSession securityContext;
        PermissionCheck permissionCheck;
        if (getSecurityRules() == null || (securityContext = getSecurityContext()) == null) {
            return false;
        }
        ArrayList arrayList = new ArrayList();
        synchronized (securityContext) {
            if (!(obj instanceof String) && !(obj instanceof Class)) {
                arrayList.add(securityContext.insert(obj));
            } else if (obj instanceof Class) {
                obj = 0 != 0 ? null : ((Class) obj).getName();
            }
            permissionCheck = new PermissionCheck(obj, str);
            try {
                synchronizeContext();
                arrayList.add(securityContext.insert(permissionCheck));
                securityContext.fireAllRules();
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    securityContext.retract((FactHandle) it.next());
                }
            } catch (Throwable th) {
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    securityContext.retract((FactHandle) it2.next());
                }
                throw th;
            }
        }
        return permissionCheck.isGranted();
    }

    @Override // org.jboss.seam.security.permission.PermissionResolver
    public void filterSetByAction(Set<Object> set, String str) {
        Iterator<Object> it = set.iterator();
        while (it.hasNext()) {
            if (hasPermission(it.next(), str)) {
                it.remove();
            }
        }
    }

    public boolean checkConditionalRole(String str, Object obj, String str2) {
        StatefulKnowledgeSession securityContext;
        if (getSecurityRules() == null || (securityContext = getSecurityContext()) == null) {
            return false;
        }
        RoleCheck roleCheck = new RoleCheck(str);
        ArrayList arrayList = new ArrayList();
        PermissionCheck permissionCheck = new PermissionCheck(obj, str2);
        synchronized (securityContext) {
            if (!(obj instanceof String) && !(obj instanceof Class)) {
                arrayList.add(securityContext.insert(obj));
            } else if (obj instanceof Class) {
                String name = 0 != 0 ? null : ((Class) obj).getName();
            }
            try {
                arrayList.add(securityContext.insert(permissionCheck));
                securityContext.fireAllRules();
                synchronizeContext();
                arrayList.add(securityContext.insert(roleCheck));
                arrayList.add(securityContext.insert(permissionCheck));
                securityContext.fireAllRules();
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    securityContext.retract((FactHandle) it.next());
                }
            } catch (Throwable th) {
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    securityContext.retract((FactHandle) it2.next());
                }
                throw th;
            }
        }
        return roleCheck.isGranted();
    }

    public void unAuthenticate(@Observes PostLoggedOutEvent postLoggedOutEvent) {
        if (getSecurityContext() != null) {
            getSecurityContext().dispose();
            setSecurityContext(null);
        }
        init();
    }

    private void synchronizeContext() {
        if (getSecurityContext() != null) {
            getSecurityContext().insert(this.identity.getUser());
            for (Role role : this.identity.getRoles()) {
                Iterator<Object> it = getSecurityContext().getObjects(new ClassObjectFilter(Role.class)).iterator();
                boolean z = false;
                while (true) {
                    if (it.hasNext()) {
                        if (((Role) it.next()).equals(role)) {
                            z = true;
                            break;
                        }
                    } else {
                        break;
                    }
                }
                if (!z) {
                    getSecurityContext().insert(role);
                }
            }
            for (Group group : this.identity.getGroups()) {
                Iterator<Object> it2 = getSecurityContext().getObjects(new ClassObjectFilter(Group.class)).iterator();
                boolean z2 = false;
                while (true) {
                    if (it2.hasNext()) {
                        if (((Group) it2.next()).equals(group)) {
                            z2 = true;
                            break;
                        }
                    } else {
                        break;
                    }
                }
                if (!z2) {
                    getSecurityContext().insert(group);
                }
            }
            Iterator<Object> it3 = getSecurityContext().getObjects(new ClassObjectFilter(Role.class)).iterator();
            while (it3.hasNext()) {
                Role role2 = (Role) it3.next();
                if (!this.identity.hasRole(role2.getRoleType().getName(), role2.getGroup().getName(), role2.getGroup().getGroupType())) {
                    getSecurityContext().retract(getSecurityContext().getFactHandle(role2));
                }
            }
        }
    }

    public StatefulKnowledgeSession getSecurityContext() {
        return this.securityContext;
    }

    public void setSecurityContext(StatefulKnowledgeSession statefulKnowledgeSession) {
        this.securityContext = statefulKnowledgeSession;
    }

    public KnowledgeBase getSecurityRules() {
        return this.securityRuleLoader.getKnowledgeBase();
    }

    public void setUserAccountInSecurityContext(@Observes PostAuthenticateEvent postAuthenticateEvent) {
        if (getSecurityContext() != null) {
            getSecurityContext().insert(this.identity.getUser());
        }
    }
}
