package org.killbill.billing.util.security.api;

import com.google.common.base.Function;
import com.google.common.base.Functions;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.base.Strings;
import com.google.common.collect.Collections2;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.Nullable;
import javax.inject.Inject;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.killbill.billing.ErrorCode;
import org.killbill.billing.security.Logical;
import org.killbill.billing.security.Permission;
import org.killbill.billing.security.SecurityApiException;
import org.killbill.billing.security.api.SecurityApi;
import org.killbill.billing.util.callcontext.CallContext;
import org.killbill.billing.util.callcontext.TenantContext;
import org.killbill.billing.util.security.shiro.dao.RolesPermissionsModelDao;
import org.killbill.billing.util.security.shiro.dao.UserDao;
import org.killbill.billing.util.security.shiro.dao.UserRolesModelDao;
import org.killbill.billing.util.security.shiro.realm.KillBillJdbcRealm;

/* loaded from: input_file:org/killbill/billing/util/security/api/DefaultSecurityApi.class */
public class DefaultSecurityApi implements SecurityApi {
    private static final String[] allPermissions = new String[Permission.values().length];
    private final UserDao userDao;

    @Inject
    public DefaultSecurityApi(UserDao userDao) {
        this.userDao = userDao;
    }

    public synchronized void login(final Object obj, final Object obj2) {
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            logout();
        }
        if (obj.equals(subject.getPrincipal()) && subject.isAuthenticated()) {
            return;
        }
        if ((obj instanceof String) && (obj2 instanceof String)) {
            subject.login(new UsernamePasswordToken((String) obj, (String) obj2));
        } else if ((obj instanceof String) && (obj2 instanceof char[])) {
            subject.login(new UsernamePasswordToken((String) obj, (char[]) obj2));
        } else {
            subject.login(new AuthenticationToken() { // from class: org.killbill.billing.util.security.api.DefaultSecurityApi.1
                public Object getPrincipal() {
                    return obj;
                }

                public Object getCredentials() {
                    return obj2;
                }
            });
        }
    }

    public void logout() {
        Subject subject = SecurityUtils.getSubject();
        if (subject == null || !subject.isAuthenticated()) {
            return;
        }
        subject.logout();
    }

    public boolean isSubjectAuthenticated() {
        return SecurityUtils.getSubject().isAuthenticated();
    }

    public Set<Permission> getCurrentUserPermissions(TenantContext tenantContext) {
        Permission[] values = Permission.values();
        boolean[] isPermitted = SecurityUtils.getSubject().isPermitted(getAllPermissionsAsStrings());
        HashSet hashSet = new HashSet();
        for (int i = 0; i < isPermitted.length; i++) {
            if (isPermitted[i]) {
                hashSet.add(values[i]);
            }
        }
        return hashSet;
    }

    public void checkCurrentUserPermissions(List<Permission> list, Logical logical, TenantContext tenantContext) throws SecurityApiException {
        String[] strArr = (String[]) Lists.transform(list, Functions.toStringFunction()).toArray(new String[list.size()]);
        try {
            Subject subject = SecurityUtils.getSubject();
            if (strArr.length == 1) {
                subject.checkPermission(strArr[0]);
            } else if (Logical.AND.equals(logical)) {
                subject.checkPermissions(strArr);
            } else if (Logical.OR.equals(logical)) {
                boolean z = false;
                int length = strArr.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (subject.isPermitted(strArr[i])) {
                        z = true;
                        break;
                    }
                    i++;
                }
                if (!z) {
                    subject.checkPermission(strArr[0]);
                }
            }
        } catch (AuthorizationException e) {
            throw new SecurityApiException(e, ErrorCode.SECURITY_NOT_ENOUGH_PERMISSIONS, new Object[0]);
        }
    }

    public void addUserRoles(String str, String str2, List<String> list, CallContext callContext) throws SecurityApiException {
        this.userDao.insertUser(str, str2, list, callContext.getUserName());
    }

    public void updateUserPassword(String str, String str2, CallContext callContext) throws SecurityApiException {
        this.userDao.updateUserPassword(str, str2, callContext.getUserName());
    }

    public void updateUserRoles(String str, List<String> list, CallContext callContext) throws SecurityApiException {
        this.userDao.updateUserRoles(str, list, callContext.getUserName());
        invalidateJDBCAuthorizationCache(str);
    }

    public void invalidateUser(String str, CallContext callContext) throws SecurityApiException {
        this.userDao.invalidateUser(str, callContext.getUserName());
    }

    public List<String> getUserRoles(String str, TenantContext tenantContext) throws SecurityApiException {
        return ImmutableList.copyOf(Iterables.transform(this.userDao.getUserRoles(str), new Function<UserRolesModelDao, String>() { // from class: org.killbill.billing.util.security.api.DefaultSecurityApi.2
            @Nullable
            public String apply(UserRolesModelDao userRolesModelDao) {
                return userRolesModelDao.getRoleName();
            }
        }));
    }

    public void addRoleDefinition(String str, List<String> list, CallContext callContext) throws SecurityApiException {
        this.userDao.addRoleDefinition(str, sanitizeAndValidatePermissions(list), callContext.getUserName());
    }

    public void updateRoleDefinition(String str, List<String> list, CallContext callContext) throws SecurityApiException {
        this.userDao.updateRoleDefinition(str, sanitizeAndValidatePermissions(list), callContext.getUserName());
    }

    public List<String> getRoleDefinition(String str, TenantContext tenantContext) {
        return ImmutableList.copyOf(Iterables.transform(this.userDao.getRoleDefinition(str), new Function<RolesPermissionsModelDao, String>() { // from class: org.killbill.billing.util.security.api.DefaultSecurityApi.3
            @Nullable
            public String apply(RolesPermissionsModelDao rolesPermissionsModelDao) {
                return rolesPermissionsModelDao.getPermission();
            }
        }));
    }

    private List<String> sanitizeAndValidatePermissions(List<String> list) throws SecurityApiException {
        Set set;
        if (list == null) {
            return ImmutableList.of();
        }
        Collection<String> filter = Collections2.filter(Lists.transform(list, new Function<String, String>() { // from class: org.killbill.billing.util.security.api.DefaultSecurityApi.4
            public String apply(String str) {
                return Strings.emptyToNull(str);
            }
        }), Predicates.notNull());
        HashMap hashMap = new HashMap();
        for (String str : filter) {
            if ("*".equals(str)) {
                return ImmutableList.of("*");
            }
            String[] split = str.split(":");
            if (split.length != 1 && split.length != 2) {
                throw new SecurityApiException(ErrorCode.SECURITY_INVALID_PERMISSIONS, new Object[]{str});
            }
            boolean z = false;
            Permission[] values = Permission.values();
            int length = values.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Permission permission = values[i];
                if (permission.getGroup().equals(split[0])) {
                    set = (Set) hashMap.get(split[0]);
                    if (set == null) {
                        set = new HashSet();
                        hashMap.put(split[0], set);
                    }
                    if (split.length == 1 || "*".equals(split[1])) {
                        break;
                    }
                    if (permission.getValue().equals(split[1])) {
                        set.add(split[1]);
                        z = true;
                        break;
                    }
                }
                i++;
            }
            set.clear();
            set.add("*");
            z = true;
            if (!z) {
                throw new SecurityApiException(ErrorCode.SECURITY_INVALID_PERMISSIONS, new Object[]{str});
            }
        }
        ArrayList arrayList = new ArrayList();
        for (String str2 : hashMap.keySet()) {
            Iterator it = ((Set) hashMap.get(str2)).iterator();
            while (it.hasNext()) {
                arrayList.add(String.format("%s:%s", str2, (String) it.next()));
            }
        }
        return arrayList;
    }

    private String[] getAllPermissionsAsStrings() {
        if (allPermissions[0] == null) {
            synchronized (allPermissions) {
                if (allPermissions[0] == null) {
                    Permission[] values = Permission.values();
                    for (int i = 0; i < values.length; i++) {
                        allPermissions[i] = values[i].toString();
                    }
                }
            }
        }
        return allPermissions;
    }

    private void invalidateJDBCAuthorizationCache(String str) {
        KillBillJdbcRealm killBillJdbcRealm = (KillBillJdbcRealm) Iterables.tryFind(SecurityUtils.getSecurityManager().getRealms(), new Predicate<Realm>() { // from class: org.killbill.billing.util.security.api.DefaultSecurityApi.5
            public boolean apply(@Nullable Realm realm) {
                return realm instanceof KillBillJdbcRealm;
            }
        }).orNull();
        if (killBillJdbcRealm != null) {
            SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
            simplePrincipalCollection.add(str, killBillJdbcRealm.getName());
            killBillJdbcRealm.clearCachedAuthorizationInfo(simplePrincipalCollection);
        }
    }
}
