package ddf.security.service.impl;

import ddf.security.assertion.SecurityAssertion;
import ddf.security.expansion.Expansion;
import ddf.security.permission.KeyValueCollectionPermission;
import ddf.security.permission.KeyValuePermission;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.CollectionUtils;
import org.opensaml.core.xml.schema.XSString;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.osgi.framework.Bundle;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.ServiceReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:ddf-security-common-2.9.1.jar:ddf/security/service/impl/AbstractAuthorizingRealm.class */
public abstract class AbstractAuthorizingRealm extends AuthorizingRealm {
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractAuthorizingRealm.class);
    private static final String SAML_ROLE = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
    protected Map<ServiceReference, Expansion> userExpansionServices = new ConcurrentHashMap();
    protected Map<ServiceReference, Expansion> metacardExpansionServices = new ConcurrentHashMap();

    public void addUserExpansion(ServiceReference<Expansion> serviceReference) {
        Bundle bundle = FrameworkUtil.getBundle(AbstractAuthorizingRealm.class);
        if (bundle != null) {
            addUserExpansion(serviceReference, (Expansion) bundle.getBundleContext().getService(serviceReference));
        }
    }

    public void addUserExpansion(ServiceReference<Expansion> serviceReference, Expansion expansion) {
        if (serviceReference != null) {
            this.userExpansionServices.put(serviceReference, expansion);
        }
    }

    public void removeUserExpansion(ServiceReference<Expansion> serviceReference) {
        this.userExpansionServices.remove(serviceReference);
    }

    public void addMetacardExpansion(ServiceReference<Expansion> serviceReference) {
        Bundle bundle = FrameworkUtil.getBundle(AbstractAuthorizingRealm.class);
        if (bundle != null) {
            addMetacardExpansion(serviceReference, (Expansion) bundle.getBundleContext().getService(serviceReference));
        }
    }

    public void addMetacardExpansion(ServiceReference<Expansion> serviceReference, Expansion expansion) {
        if (serviceReference != null) {
            this.metacardExpansionServices.put(serviceReference, expansion);
        }
    }

    public void removeMetacardExpansion(ServiceReference<Expansion> serviceReference) {
        this.metacardExpansionServices.remove(serviceReference);
    }

    public AbstractAuthorizingRealm() {
        setAuthorizationCachingEnabled(false);
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        LOGGER.debug("Retrieving authorization info for {}", principalCollection.getPrimaryPrincipal());
        SecurityAssertion securityAssertion = (SecurityAssertion) principalCollection.oneByType(SecurityAssertion.class);
        if (securityAssertion == null) {
            LOGGER.warn("No assertion found, cannot retrieve authorization info.");
            throw new AuthorizationException("No assertion found, cannot retrieve authorization info.");
        }
        List attributeStatements = securityAssertion.getAttributeStatements();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashMap hashMap = new HashMap();
        Collection<Expansion> userExpansionServices = getUserExpansionServices();
        Iterator it = attributeStatements.iterator();
        while (it.hasNext()) {
            addAttributesToMap(((AttributeStatement) it.next()).getAttributes(), hashMap, userExpansionServices);
        }
        for (Map.Entry<String, Set<String>> entry : hashMap.entrySet()) {
            hashSet.add(new KeyValuePermission(entry.getKey(), entry.getValue()));
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Adding permission: {} : {}", entry.getKey(), StringUtils.join(entry.getValue(), ","));
            }
        }
        if (hashMap.containsKey(SAML_ROLE)) {
            hashSet2.addAll(hashMap.get(SAML_ROLE));
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Adding roles to authorization info: {}", StringUtils.join(hashSet2, ","));
            }
        }
        simpleAuthorizationInfo.setObjectPermissions(hashSet);
        simpleAuthorizationInfo.setRoles(hashSet2);
        return simpleAuthorizationInfo;
    }

    private void addAttributesToMap(List<Attribute> list, Map<String, Set<String>> map, Collection<Expansion> collection) {
        for (Attribute attribute : list) {
            Set<String> expandAttributes = expandAttributes(attribute, collection);
            if (expandAttributes != null) {
                if (map.containsKey(attribute.getName())) {
                    map.get(attribute.getName()).addAll(expandAttributes);
                } else {
                    map.put(attribute.getName(), new HashSet(expandAttributes));
                }
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v19, types: [java.util.Set] */
    private Set<String> expandAttributes(Attribute attribute, Collection<Expansion> collection) {
        HashSet hashSet = new HashSet();
        String name = attribute.getName();
        for (XSString xSString : attribute.getAttributeValues()) {
            if (xSString instanceof XSString) {
                hashSet.add(xSString.getValue());
            } else {
                LOGGER.info("Unexpected attribute type (non-string) for attribute named {} - ignored", name);
            }
        }
        for (Expansion expansion : collection) {
            LOGGER.debug("Expanding attributes for {} - original values: {}", name, hashSet);
            hashSet = expansion.expand(name, hashSet);
        }
        LOGGER.debug("Expanded attributes for {} - values: {}", name, hashSet);
        return hashSet;
    }

    protected List<Permission> expandPermissions(List<Permission> list) {
        Collection<Expansion> metacardExpansionServices = getMetacardExpansionServices();
        if (CollectionUtils.isEmpty(metacardExpansionServices)) {
            return list;
        }
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<Permission> it = list.iterator();
        while (it.hasNext()) {
            KeyValueCollectionPermission keyValueCollectionPermission = (Permission) it.next();
            if (keyValueCollectionPermission instanceof KeyValuePermission) {
                Iterator<Expansion> it2 = metacardExpansionServices.iterator();
                while (it2.hasNext()) {
                    arrayList.add(new KeyValuePermission(((KeyValuePermission) keyValueCollectionPermission).getKey(), it2.next().expand(((KeyValuePermission) keyValueCollectionPermission).getKey(), new HashSet(((KeyValuePermission) keyValueCollectionPermission).getValues()))));
                }
            } else if (keyValueCollectionPermission instanceof KeyValueCollectionPermission) {
                arrayList.add(new KeyValueCollectionPermission(keyValueCollectionPermission.getAction(), castToKeyValueList(expandPermissions(keyValueCollectionPermission.getKeyValuePermissionList()))));
            } else {
                arrayList.add(keyValueCollectionPermission);
            }
        }
        return arrayList;
    }

    private Collection<Expansion> getUserExpansionServices() {
        return this.userExpansionServices.values();
    }

    private Collection<Expansion> getMetacardExpansionServices() {
        return this.metacardExpansionServices.values();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <T> List<T> castToKeyValueList(List<Permission> list) {
        return list;
    }
}
