package org.drools.guvnor.server.security;

import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.drools.core.util.KeyStoreHelper;
import org.drools.guvnor.client.configurations.Capability;
import org.drools.guvnor.client.rpc.SecurityService;
import org.drools.guvnor.client.rpc.UserSecurityContext;
import org.jboss.seam.security.AuthorizationException;
import org.jboss.seam.security.Credentials;
import org.jboss.seam.security.Identity;
import org.picketlink.idm.impl.api.PasswordCredential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/guvnor-webapp-core-5.5.0.Final.jar:org/drools/guvnor/server/security/SecurityServiceImpl.class */
public class SecurityServiceImpl implements SecurityService {
    public static final String GUEST_LOGIN = "guest";
    private static final Logger log = LoggerFactory.getLogger(SecurityServiceImpl.class);
    private static final String[] serializationProperties = {KeyStoreHelper.PROP_PVT_KS_URL, KeyStoreHelper.PROP_PVT_KS_PWD, KeyStoreHelper.PROP_PVT_ALIAS, KeyStoreHelper.PROP_PVT_PWD, KeyStoreHelper.PROP_PUB_KS_URL, KeyStoreHelper.PROP_PUB_KS_PWD};

    @Inject
    private RoleBasedPermissionManager roleBasedPermissionManager;

    @Inject
    private RoleBasedPermissionResolver roleBasedPermissionResolver;

    @Inject
    private Identity identity;

    @Inject
    private Credentials credentials;

    @Override // org.drools.guvnor.client.rpc.SecurityService
    public boolean login(String str, String str2) {
        if (str == null || str.trim().equals("")) {
            str = "admin";
        }
        log.info("Logging in user [" + str + "]");
        for (char c : new char[]{'\'', '*', '[', ']'}) {
            if (str.indexOf(c) >= 0) {
                log.error("Not a valid name character " + c);
                return false;
            }
        }
        this.credentials.setUsername(str);
        this.credentials.setCredential(new PasswordCredential(str2));
        this.identity.login();
        if (!this.identity.isLoggedIn()) {
            log.error("Unable to login.");
        }
        return this.identity.isLoggedIn();
    }

    @Override // org.drools.guvnor.client.rpc.SecurityService
    public void logout() {
        this.identity.logout();
    }

    @Override // org.drools.guvnor.client.rpc.SecurityService
    public UserSecurityContext getCurrentUser() {
        tryAutoLoginAsGuest();
        return new UserSecurityContext(this.identity.isLoggedIn() ? this.credentials.getUsername() : null, getUserCapabilities().contains(Capability.SHOW_ADMIN));
    }

    private void tryAutoLoginAsGuest() {
        if (this.identity.isLoggedIn()) {
            return;
        }
        this.credentials.setUsername(GUEST_LOGIN);
        this.identity.login();
    }

    @Override // org.drools.guvnor.client.rpc.SecurityService
    public List<Capability> getUserCapabilities() {
        if (!this.identity.hasRole(RoleType.ADMIN.getName(), null, null) && this.roleBasedPermissionResolver.isEnableRoleBasedAuthorization()) {
            List<RoleBasedPermission> roleBasedPermission = this.roleBasedPermissionManager.getRoleBasedPermission();
            if (roleBasedPermission.size() == 0) {
                this.identity.logout();
                throw new AuthorizationException("This user has no permissions setup.");
            }
            if (!invalidSecuritySerializationSetup()) {
                return new CapabilityCalculator().calcCapabilities(roleBasedPermission);
            }
            this.identity.logout();
            throw new AuthorizationException(" Configuration error - Please refer to the Administration Guide section on installation. You must configure a key store before proceding.  ");
        }
        return CapabilityCalculator.grantAllCapabilities();
    }

    private boolean invalidSecuritySerializationSetup() {
        String property = System.getProperty(KeyStoreHelper.PROP_SIGN);
        if (property == null || !property.equalsIgnoreCase("true")) {
            return false;
        }
        for (String str : serializationProperties) {
            String property2 = System.getProperty(str);
            if (property2 == null || property2.trim().equals("")) {
                return true;
            }
        }
        return false;
    }
}
