package org.jsecurity.realm;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jsecurity.authc.credential.CredentialsMatcher;
import org.jsecurity.authz.AuthorizationException;
import org.jsecurity.authz.AuthorizationInfo;
import org.jsecurity.authz.AuthorizingAccount;
import org.jsecurity.authz.Permission;
import org.jsecurity.authz.UnauthorizedException;
import org.jsecurity.authz.permission.PermissionResolver;
import org.jsecurity.authz.permission.PermissionResolverAware;
import org.jsecurity.authz.permission.WildcardPermissionResolver;
import org.jsecurity.cache.Cache;
import org.jsecurity.cache.CacheManager;
import org.jsecurity.io.IniResource;
import org.jsecurity.subject.PrincipalCollection;
import org.jsecurity.util.Initializable;

/* loaded from: input_file:jsecurity-0.9.0.jar:org/jsecurity/realm/AuthorizingRealm.class */
public abstract class AuthorizingRealm extends AuthenticatingRealm implements Initializable, PermissionResolverAware {
    private static final String DEFAULT_AUTHORIZATION_CACHE_POSTFIX = "-authorization";
    private Cache authorizationCache;
    private String authorizationCacheName;
    private PermissionResolver permissionResolver;
    private static final Log log = LogFactory.getLog(AuthorizingRealm.class);
    private static int INSTANCE_COUNT = 0;

    public AuthorizingRealm() {
        this.authorizationCache = null;
        this.authorizationCacheName = null;
        this.permissionResolver = new WildcardPermissionResolver();
    }

    public AuthorizingRealm(CacheManager cacheManager) {
        super(cacheManager);
        this.authorizationCache = null;
        this.authorizationCacheName = null;
        this.permissionResolver = new WildcardPermissionResolver();
    }

    public AuthorizingRealm(CredentialsMatcher credentialsMatcher) {
        super(credentialsMatcher);
        this.authorizationCache = null;
        this.authorizationCacheName = null;
        this.permissionResolver = new WildcardPermissionResolver();
    }

    public AuthorizingRealm(CacheManager cacheManager, CredentialsMatcher credentialsMatcher) {
        super(cacheManager, credentialsMatcher);
        this.authorizationCache = null;
        this.authorizationCacheName = null;
        this.permissionResolver = new WildcardPermissionResolver();
    }

    public void setAuthorizationCache(Cache cache) {
        this.authorizationCache = cache;
        if (this.authorizationCache != null) {
            afterAuthorizationCacheSet();
        }
    }

    public Cache getAuthorizationCache() {
        return this.authorizationCache;
    }

    public String getAuthorizationCacheName() {
        return this.authorizationCacheName;
    }

    public void setAuthorizationCacheName(String str) {
        this.authorizationCacheName = str;
    }

    public PermissionResolver getPermissionResolver() {
        return this.permissionResolver;
    }

    @Override // org.jsecurity.authz.permission.PermissionResolverAware
    public void setPermissionResolver(PermissionResolver permissionResolver) {
        this.permissionResolver = permissionResolver;
    }

    @Override // org.jsecurity.util.Initializable
    public final void init() {
        initAuthorizationCache();
    }

    @Override // org.jsecurity.realm.CachingRealm
    protected void afterCacheManagerSet() {
        this.authorizationCache = null;
        initAuthorizationCache();
    }

    protected void afterAuthorizationCacheSet() {
    }

    public void initAuthorizationCache() {
        if (log.isTraceEnabled()) {
            log.trace("Initializing authorization cache.");
        }
        if (getAuthorizationCache() == null) {
            if (log.isDebugEnabled()) {
                log.debug("No cache implementation set.  Checking cacheManager...");
            }
            CacheManager cacheManager = getCacheManager();
            if (cacheManager == null) {
                if (log.isInfoEnabled()) {
                    log.info("No cache or cacheManager properties have been set.  Authorization caching is disabled.");
                    return;
                }
                return;
            }
            String authorizationCacheName = getAuthorizationCacheName();
            if (authorizationCacheName == null) {
                StringBuilder append = new StringBuilder().append(getClass().getName()).append("-");
                int i = INSTANCE_COUNT;
                INSTANCE_COUNT = i + 1;
                authorizationCacheName = append.append(i).append(DEFAULT_AUTHORIZATION_CACHE_POSTFIX).toString();
                setAuthorizationCacheName(authorizationCacheName);
            }
            if (log.isDebugEnabled()) {
                log.debug("CacheManager [" + cacheManager + "] has been configured.  Building authorization cache named [" + authorizationCacheName + IniResource.HEADER_SUFFIX);
            }
            setAuthorizationCache(cacheManager.getCache(authorizationCacheName));
        }
    }

    public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principalCollection) {
        if (principalCollection == null) {
            return null;
        }
        AuthorizationInfo authorizationInfo = null;
        if (log.isTraceEnabled()) {
            log.trace("Retrieving AuthorizationInfo for principals [" + principalCollection + IniResource.HEADER_SUFFIX);
        }
        Cache authorizationCache = getAuthorizationCache();
        if (authorizationCache != null) {
            if (log.isTraceEnabled()) {
                log.trace("Attempting to retrieve the AuthorizationIfno from cache.");
            }
            authorizationInfo = (AuthorizationInfo) authorizationCache.get(getAuthorizationCacheKey(principalCollection));
            if (log.isTraceEnabled()) {
                if (authorizationInfo == null) {
                    log.trace("No AuthorizationInfo found in cache for principals [" + principalCollection + IniResource.HEADER_SUFFIX);
                } else {
                    log.trace("AuthorizationInfo found in cache for principals [" + principalCollection + IniResource.HEADER_SUFFIX);
                }
            }
        }
        if (authorizationInfo == null) {
            authorizationInfo = doGetAuthorizationInfo(principalCollection);
            if (authorizationInfo != null && authorizationCache != null) {
                if (log.isTraceEnabled()) {
                    log.trace("Caching authorization info for principals: [" + principalCollection + "].");
                }
                authorizationCache.put(getAuthorizationCacheKey(principalCollection), authorizationInfo);
            }
        }
        return authorizationInfo;
    }

    protected Object getAuthorizationCacheKey(PrincipalCollection principalCollection) {
        return principalCollection;
    }

    protected void clearCachedAuthorizationInfo(PrincipalCollection principalCollection) {
        Cache authorizationCache;
        if (principalCollection == null || (authorizationCache = getAuthorizationCache()) == null) {
            return;
        }
        authorizationCache.remove(getAuthorizationCacheKey(principalCollection));
    }

    protected abstract AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection);

    private Collection<Permission> getPermissions(AuthorizationInfo authorizationInfo) {
        HashSet hashSet = new HashSet();
        if (authorizationInfo != null) {
            if (authorizationInfo.getObjectPermissions() != null) {
                hashSet.addAll(authorizationInfo.getObjectPermissions());
            }
            if (authorizationInfo.getStringPermissions() != null) {
                Iterator<String> it = authorizationInfo.getStringPermissions().iterator();
                while (it.hasNext()) {
                    hashSet.add(getPermissionResolver().resolvePermission(it.next()));
                }
            }
        }
        return hashSet.isEmpty() ? Collections.EMPTY_SET : Collections.unmodifiableSet(hashSet);
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean isPermitted(PrincipalCollection principalCollection, String str) {
        return isPermitted(principalCollection, getPermissionResolver().resolvePermission(str));
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean isPermitted(PrincipalCollection principalCollection, Permission permission) {
        return isPermitted(permission, getAuthorizationInfo(principalCollection));
    }

    private boolean isPermitted(Permission permission, AuthorizationInfo authorizationInfo) {
        if (authorizationInfo instanceof AuthorizingAccount) {
            return ((AuthorizingAccount) authorizationInfo).isPermitted(permission);
        }
        Collection<Permission> permissions = getPermissions(authorizationInfo);
        if (permissions == null || permissions.isEmpty()) {
            return false;
        }
        Iterator<Permission> it = permissions.iterator();
        while (it.hasNext()) {
            if (it.next().implies(permission)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean[] isPermitted(PrincipalCollection principalCollection, String... strArr) {
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            arrayList.add(getPermissionResolver().resolvePermission(str));
        }
        return isPermitted(principalCollection, arrayList);
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean[] isPermitted(PrincipalCollection principalCollection, List<Permission> list) {
        return isPermitted(list, getAuthorizationInfo(principalCollection));
    }

    protected boolean[] isPermitted(List<Permission> list, AuthorizationInfo authorizationInfo) {
        boolean[] zArr;
        if (authorizationInfo instanceof AuthorizingAccount) {
            return ((AuthorizingAccount) authorizationInfo).isPermitted(list);
        }
        if (list == null || list.isEmpty()) {
            zArr = new boolean[0];
        } else {
            zArr = new boolean[list.size()];
            int i = 0;
            Iterator<Permission> it = list.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                zArr[i2] = isPermitted(it.next(), authorizationInfo);
            }
        }
        return zArr;
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean isPermittedAll(PrincipalCollection principalCollection, String... strArr) {
        if (strArr == null || strArr.length <= 0) {
            return false;
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            arrayList.add(getPermissionResolver().resolvePermission(str));
        }
        return isPermittedAll(principalCollection, arrayList);
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean isPermittedAll(PrincipalCollection principalCollection, Collection<Permission> collection) {
        AuthorizationInfo authorizationInfo = getAuthorizationInfo(principalCollection);
        return authorizationInfo != null && isPermittedAll(collection, authorizationInfo);
    }

    protected boolean isPermittedAll(Collection<Permission> collection, AuthorizationInfo authorizationInfo) {
        if (authorizationInfo instanceof AuthorizingAccount) {
            return ((AuthorizingAccount) authorizationInfo).isPermittedAll(collection);
        }
        if (collection == null || collection.isEmpty()) {
            return true;
        }
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            if (!isPermitted(it.next(), authorizationInfo)) {
                return false;
            }
        }
        return true;
    }

    @Override // org.jsecurity.authz.Authorizer
    public void checkPermission(PrincipalCollection principalCollection, String str) throws AuthorizationException {
        checkPermission(principalCollection, getPermissionResolver().resolvePermission(str));
    }

    @Override // org.jsecurity.authz.Authorizer
    public void checkPermission(PrincipalCollection principalCollection, Permission permission) throws AuthorizationException {
        checkPermission(permission, getAuthorizationInfo(principalCollection));
    }

    protected void checkPermission(Permission permission, AuthorizationInfo authorizationInfo) {
        if (authorizationInfo instanceof AuthorizingAccount) {
            ((AuthorizingAccount) authorizationInfo).checkPermission(permission);
        } else if (!isPermitted(permission, authorizationInfo)) {
            throw new UnauthorizedException("User is not permitted [" + permission + IniResource.HEADER_SUFFIX);
        }
    }

    @Override // org.jsecurity.authz.Authorizer
    public void checkPermissions(PrincipalCollection principalCollection, String... strArr) throws AuthorizationException {
        if (strArr != null) {
            for (String str : strArr) {
                checkPermission(principalCollection, str);
            }
        }
    }

    @Override // org.jsecurity.authz.Authorizer
    public void checkPermissions(PrincipalCollection principalCollection, Collection<Permission> collection) throws AuthorizationException {
        checkPermissions(collection, getAuthorizationInfo(principalCollection));
    }

    protected void checkPermissions(Collection<Permission> collection, AuthorizationInfo authorizationInfo) {
        if (authorizationInfo instanceof AuthorizingAccount) {
            ((AuthorizingAccount) authorizationInfo).checkPermissions(collection);
        } else {
            if (collection == null || collection.isEmpty()) {
                return;
            }
            Iterator<Permission> it = collection.iterator();
            while (it.hasNext()) {
                checkPermission(it.next(), authorizationInfo);
            }
        }
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean hasRole(PrincipalCollection principalCollection, String str) {
        return hasRole(str, getAuthorizationInfo(principalCollection));
    }

    protected boolean hasRole(String str, AuthorizationInfo authorizationInfo) {
        return authorizationInfo instanceof AuthorizingAccount ? ((AuthorizingAccount) authorizationInfo).hasRole(str) : (authorizationInfo == null || authorizationInfo.getRoles() == null || !authorizationInfo.getRoles().contains(str)) ? false : true;
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean[] hasRoles(PrincipalCollection principalCollection, List<String> list) {
        AuthorizationInfo authorizationInfo = getAuthorizationInfo(principalCollection);
        boolean[] zArr = new boolean[list != null ? list.size() : 0];
        if (authorizationInfo != null) {
            zArr = hasRoles(list, authorizationInfo);
        }
        return zArr;
    }

    protected boolean[] hasRoles(List<String> list, AuthorizationInfo authorizationInfo) {
        boolean[] zArr;
        if (authorizationInfo instanceof AuthorizingAccount) {
            return ((AuthorizingAccount) authorizationInfo).hasRoles(list);
        }
        if (list == null || list.isEmpty()) {
            zArr = new boolean[0];
        } else {
            zArr = new boolean[list.size()];
            int i = 0;
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                zArr[i2] = hasRole(it.next(), authorizationInfo);
            }
        }
        return zArr;
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean hasAllRoles(PrincipalCollection principalCollection, Collection<String> collection) {
        AuthorizationInfo authorizationInfo = getAuthorizationInfo(principalCollection);
        return authorizationInfo != null && hasAllRoles(collection, authorizationInfo);
    }

    private boolean hasAllRoles(Collection<String> collection, AuthorizationInfo authorizationInfo) {
        if (authorizationInfo instanceof AuthorizingAccount) {
            return ((AuthorizingAccount) authorizationInfo).hasAllRoles(collection);
        }
        if (collection == null || collection.isEmpty()) {
            return true;
        }
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            if (!hasRole(it.next(), authorizationInfo)) {
                return false;
            }
        }
        return true;
    }

    @Override // org.jsecurity.authz.Authorizer
    public void checkRole(PrincipalCollection principalCollection, String str) throws AuthorizationException {
        checkRole(str, getAuthorizationInfo(principalCollection));
    }

    protected void checkRole(String str, AuthorizationInfo authorizationInfo) {
        if (authorizationInfo instanceof AuthorizingAccount) {
            ((AuthorizingAccount) authorizationInfo).checkRole(str);
        } else if (!hasRole(str, authorizationInfo)) {
            throw new UnauthorizedException("User does not have role [" + str + IniResource.HEADER_SUFFIX);
        }
    }

    @Override // org.jsecurity.authz.Authorizer
    public void checkRoles(PrincipalCollection principalCollection, Collection<String> collection) throws AuthorizationException {
        checkRoles(collection, getAuthorizationInfo(principalCollection));
    }

    protected void checkRoles(Collection<String> collection, AuthorizationInfo authorizationInfo) {
        if (authorizationInfo instanceof AuthorizingAccount) {
            ((AuthorizingAccount) authorizationInfo).checkRoles(collection);
        } else {
            if (collection == null || collection.isEmpty()) {
                return;
            }
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                checkRole(it.next(), authorizationInfo);
            }
        }
    }

    @Override // org.jsecurity.realm.AuthenticatingRealm, org.jsecurity.authc.LogoutAware
    public void onLogout(PrincipalCollection principalCollection) {
        clearCachedAuthorizationInfo(principalCollection);
    }
}
