package com.hypersocket.auth;

import com.hypersocket.events.SystemEvent;
import com.hypersocket.permissions.AccessDeniedException;
import com.hypersocket.permissions.PermissionScope;
import com.hypersocket.permissions.PermissionStrategy;
import com.hypersocket.permissions.PermissionType;
import com.hypersocket.permissions.Role;
import com.hypersocket.properties.ResourceUtils;
import com.hypersocket.realm.Principal;
import com.hypersocket.realm.PrincipalType;
import com.hypersocket.realm.Realm;
import com.hypersocket.realm.RealmService;
import com.hypersocket.session.Session;
import com.hypersocket.session.SessionService;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.Stack;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/hypersocket/auth/AuthenticatedServiceImpl.class */
public abstract class AuthenticatedServiceImpl implements AuthenticatedService {
    static Logger log = LoggerFactory.getLogger(AuthenticatedServiceImpl.class);
    static ThreadLocal<Stack<Principal>> currentPrincipal = new ThreadLocal<>();
    static ThreadLocal<Stack<Session>> currentSession = new ThreadLocal<>();
    static ThreadLocal<Stack<Realm>> currentRealm = new ThreadLocal<>();
    static ThreadLocal<Stack<Locale>> currentLocale = new ThreadLocal<>();
    static Map<Session, Role> XcurrentRole = new HashMap();
    static ThreadLocal<Boolean> isDelayingEvents = new ThreadLocal<>();
    static ThreadLocal<LinkedList<SystemEvent>> delayedEvents = new ThreadLocal<>();
    static ThreadLocal<Stack<Set<PermissionType>>> elevatedPermissions = new ThreadLocal<>();

    @Autowired
    private SessionService sessionService;

    @Autowired
    private RealmService realmService;

    protected abstract void verifyPermission(Principal principal, PermissionStrategy permissionStrategy, PermissionType... permissionTypeArr) throws AccessDeniedException;

    protected abstract Role getPersonalRole(Principal principal) throws AccessDeniedException;

    @Override // com.hypersocket.auth.Elevatable
    @Deprecated
    public void elevatePermissions(PermissionType... permissionTypeArr) {
        if (elevatedPermissions.get() == null) {
            throw new IllegalStateException("No session in context to elevate permissions on");
        }
        elevatedPermissions.get().peek().addAll(Arrays.asList(permissionTypeArr));
    }

    @Override // com.hypersocket.auth.Elevatable
    @Deprecated
    public void clearElevatedPermissions() {
        if (elevatedPermissions.get() == null) {
            throw new IllegalStateException("No session in context to elevate permissions on");
        }
        elevatedPermissions.get().peek().clear();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<PermissionType> getElevatedPermissions() {
        if (elevatedPermissions.get() == null) {
            throw new IllegalStateException("No session in context to elevate permissions on");
        }
        return elevatedPermissions.get().peek();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasElevatedPermissions() {
        return (elevatedPermissions.get() == null || elevatedPermissions.get().isEmpty()) ? false : true;
    }

    protected boolean isDelegatedRealm() {
        return !getCurrentRealm().equals(getCurrentPrincipal().getRealm());
    }

    @Override // com.hypersocket.auth.Elevatable
    public void setupAnonymousContext(String str, String str2, String str3, Map<String, String[]> map) throws AccessDeniedException {
        Realm realmByHost = this.sessionService.getRealmByHost(str2);
        if (log.isDebugEnabled()) {
            log.debug("Logging anonymous onto the {} realm [{}]", realmByHost.getName(), str2);
        }
        setCurrentSession(this.sessionService.getSystemSession(), realmByHost, Locale.getDefault());
    }

    @Override // com.hypersocket.auth.Elevatable
    @Deprecated
    public void setupSystemContext() {
        setCurrentSession(this.sessionService.getSystemSession(), Locale.getDefault());
    }

    @Override // com.hypersocket.auth.Elevatable
    @Deprecated
    public void setupSystemContext(Realm realm) {
        setCurrentSession(this.sessionService.getSystemSession(), realm, Locale.getDefault());
    }

    @Override // com.hypersocket.auth.Elevatable
    @Deprecated
    public void setupSystemContext(Principal principal) {
        if (Objects.isNull(principal)) {
            throw new IllegalStateException("Principal object cannot be null when starting a System context");
        }
        setCurrentSession(this.sessionService.getSystemSession(), principal.getRealm(), principal, Locale.getDefault());
    }

    @Override // com.hypersocket.auth.Elevatable
    @Deprecated
    public void setCurrentSession(Session session, Locale locale) {
        setCurrentSession(session, session.getCurrentRealm(), locale);
    }

    @Override // com.hypersocket.auth.Elevatable
    @Deprecated
    public void setCurrentSession(Session session, Realm realm, Locale locale) {
        Principal currentPrincipal2 = session.getCurrentPrincipal(this.realmService);
        if (currentPrincipal2 == null) {
            System.out.println("BRK");
        }
        setCurrentSession(session, realm, currentPrincipal2, locale);
    }

    @Override // com.hypersocket.auth.Elevatable
    @Deprecated
    public void setCurrentSession(Session session, Realm realm, Principal principal, Locale locale) {
        if (log.isDebugEnabled()) {
            log.debug("Setting current session context " + session.getId());
        }
        if (principal == null) {
            throw new InvalidAuthenticationContext("Session does not have a current principal!");
        }
        if (currentSession.get() == null) {
            currentSession.set(new Stack<>());
            currentPrincipal.set(new Stack<>());
            currentRealm.set(new Stack<>());
            currentLocale.set(new Stack<>());
            elevatedPermissions.set(new Stack<>());
        }
        currentPrincipal.get().push(principal);
        currentSession.get().push(session);
        currentRealm.get().push(realm);
        currentLocale.get().push(locale);
        elevatedPermissions.get().push(new HashSet());
        if (log.isDebugEnabled()) {
            log.debug(String.format("There are now %d context references", Integer.valueOf(currentSession.get().size())));
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Context realm=%s principal=%s session=%s", getCurrentRealm().getName(), getCurrentPrincipal().getName(), getCurrentSession().getId()));
        }
    }

    @Override // com.hypersocket.auth.AuthenticatedService
    public Principal getCurrentPrincipal() {
        if (currentPrincipal.get() == null) {
            throw new InvalidAuthenticationContext("No session is attached to the current context!");
        }
        Principal peek = currentPrincipal.get().peek();
        if (log.isDebugEnabled()) {
            log.debug(String.format("Current principal is %s", peek.getPrincipalName()));
        }
        return peek;
    }

    @Override // com.hypersocket.auth.AuthenticatedService
    public Session getCurrentSession() throws InvalidAuthenticationContext {
        if (currentSession.get() == null) {
            throw new InvalidAuthenticationContext("No session is attached to the current context!");
        }
        return currentSession.get().peek();
    }

    @Override // com.hypersocket.auth.AuthenticatedService
    public Locale getCurrentLocale() {
        if (currentLocale.get() == null) {
            throw new InvalidAuthenticationContext("No session is attached to the current context!");
        }
        return currentLocale.get().peek();
    }

    @Override // com.hypersocket.auth.AuthenticatedService
    public Realm getCurrentRealm(Principal principal) {
        return currentRealm.get() == null ? principal.getRealm() : currentRealm.get().peek();
    }

    @Override // com.hypersocket.auth.AuthenticatedService
    public Realm getCurrentRealm() {
        if (currentRealm.get() == null) {
            throw new InvalidAuthenticationContext("No session is attached to the current context!");
        }
        return currentRealm.get().peek();
    }

    @Override // com.hypersocket.auth.Elevatable
    @Deprecated
    public void clearPrincipalContext() {
        if (currentSession.get() != null) {
            currentSession.get().pop();
            currentPrincipal.get().pop();
            currentLocale.get().pop();
            currentRealm.get().pop();
            elevatedPermissions.get().pop();
            if (currentSession.get().size() > 0) {
                if (log.isDebugEnabled()) {
                    log.debug(String.format("There are %d context references left", Integer.valueOf(currentSession.get().size())));
                    return;
                }
                return;
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("There are no context references left", new Object[0]));
        }
        currentLocale.remove();
        currentPrincipal.remove();
        currentSession.remove();
        currentRealm.remove();
        elevatedPermissions.remove();
    }

    @Override // com.hypersocket.auth.AuthenticatedService
    public String getCurrentUsername() {
        return getCurrentPrincipal().getPrincipalName();
    }

    protected abstract Set<Role> getCurrentRoles();

    protected void assertPermissionOrRole(PermissionScope permissionScope, PermissionType permissionType, Role... roleArr) throws AccessDeniedException {
        Set<Role> currentRoles = getCurrentRoles();
        for (Role role : roleArr) {
            if (currentRoles.contains(role)) {
                return;
            }
        }
        assertAnyPermission(PermissionStrategy.INCLUDE_IMPLIED, permissionType);
    }

    protected void assertAdministrativePermission() throws AccessDeniedException {
        if (!hasAdministrativePermission(getCurrentPrincipal())) {
            throw new AccessDeniedException();
        }
    }

    protected abstract boolean hasAdministrativePermission(Principal principal);

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertAnyPermissionOrRealmAdministrator(PermissionScope permissionScope, PermissionType... permissionTypeArr) throws AccessDeniedException {
        Realm realm = getCurrentPrincipal().getRealm();
        Realm currentRealm2 = getCurrentRealm();
        if (permissionScope == PermissionScope.INCLUDE_CHILD_REALMS) {
            while (!realm.equals(currentRealm2) && currentRealm2.hasParent()) {
                currentRealm2 = currentRealm2.getParent();
            }
        }
        if (!realm.equals(currentRealm2)) {
            assertAnyPermission(PermissionStrategy.INCLUDE_IMPLIED, permissionTypeArr);
        }
        for (Role role : getCurrentRoles()) {
            if (role.isSystem() && role.isAllPermissions()) {
                return;
            }
        }
        assertAnyPermission(PermissionStrategy.INCLUDE_IMPLIED, permissionTypeArr);
    }

    protected void assertRealmAdministrator(PermissionScope permissionScope) throws AccessDeniedException {
        Realm realm = getCurrentPrincipal().getRealm();
        Realm currentRealm2 = getCurrentRealm();
        if (permissionScope == PermissionScope.INCLUDE_CHILD_REALMS) {
            while (!realm.equals(currentRealm2) && currentRealm2.hasParent()) {
                currentRealm2 = currentRealm2.getParent();
            }
        }
        if (!realm.equals(currentRealm2)) {
            throw new AccessDeniedException();
        }
        for (Role role : getCurrentRoles()) {
            if (role.isSystem() && role.isAllPermissions()) {
                return;
            }
        }
        throw new AccessDeniedException();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertRole(Role... roleArr) throws AccessDeniedException {
        if (hasAdministrativePermission(getCurrentPrincipal())) {
            return;
        }
        Set<Role> currentRoles = getCurrentRoles();
        for (Role role : roleArr) {
            if (currentRoles.contains(role)) {
                return;
            }
        }
        throw new AccessDeniedException("User is not a member of " + ResourceUtils.createCommaSeparatedString(Arrays.asList(roleArr)) + " in ");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertRoleOrAnyPermission(Role role, PermissionType... permissionTypeArr) throws AccessDeniedException {
        if (getCurrentRoles().contains(role)) {
            return;
        }
        assertAnyPermission(PermissionStrategy.INCLUDE_IMPLIED, permissionTypeArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertPermission(PermissionType permissionType) throws AccessDeniedException {
        assertAnyPermission(PermissionStrategy.INCLUDE_IMPLIED, permissionType);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertAnyPermission(PermissionType... permissionTypeArr) throws AccessDeniedException {
        assertAnyPermission(PermissionStrategy.INCLUDE_IMPLIED, permissionTypeArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertAnyPermission(PermissionStrategy permissionStrategy, PermissionType... permissionTypeArr) throws AccessDeniedException {
        if (permissionTypeArr.length > 0) {
            if (log.isWarnEnabled() && !hasAuthenticatedContext()) {
                log.warn("Permission " + permissionTypeArr[0].getResourceKey() + " is being asserted without a principal in context");
            }
            if (hasSessionContext() && getCurrentSession().isImpersonating() && getCurrentSession().isInheritPermissions()) {
                verifyPermission(getCurrentSession().getInheritedPrincipal(this.realmService), permissionStrategy, permissionTypeArr);
                return;
            }
        }
        verifyPermission(getCurrentPrincipal(), permissionStrategy, permissionTypeArr);
    }

    @Override // com.hypersocket.auth.AuthenticatedService
    public boolean hasAuthenticatedContext() {
        return currentPrincipal.get() != null;
    }

    @Override // com.hypersocket.auth.AuthenticatedService
    public boolean hasSystemContext() {
        try {
            Principal currentPrincipal2 = getCurrentPrincipal();
            if (currentPrincipal2.isSystem()) {
                if (currentPrincipal2.getType() == PrincipalType.SYSTEM) {
                    return true;
                }
            }
            return false;
        } catch (InvalidAuthenticationContext e) {
            return false;
        }
    }

    @Override // com.hypersocket.auth.AuthenticatedService
    public boolean hasSessionContext() {
        return currentSession.get() != null;
    }
}
