package org.jsecurity.realm;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.jsecurity.authc.Account;
import org.jsecurity.authc.credential.CredentialsMatcher;
import org.jsecurity.authz.AuthorizationException;
import org.jsecurity.authz.AuthorizingAccount;
import org.jsecurity.authz.MissingAccountException;
import org.jsecurity.authz.Permission;
import org.jsecurity.authz.UnsupportedAccountException;
import org.jsecurity.authz.permission.PermissionResolver;
import org.jsecurity.authz.permission.PermissionResolverAware;
import org.jsecurity.authz.permission.WildcardPermissionResolver;
import org.jsecurity.cache.Cache;
import org.jsecurity.cache.CacheManager;
import org.jsecurity.subject.PrincipalCollection;
import org.jsecurity.util.Initializable;

/* loaded from: input_file:org/jsecurity/realm/AuthorizingRealm.class */
public abstract class AuthorizingRealm extends AuthenticatingRealm implements Initializable, PermissionResolverAware {
    private static final String DEFAULT_ACCOUNT_CACHE_POSTFIX = "-accounts";
    private static int INSTANCE_COUNT = 0;
    private Cache accountCache;
    private String accountCacheName;
    private PermissionResolver permissionResolver;

    public AuthorizingRealm() {
        this.accountCache = null;
        this.accountCacheName = null;
        this.permissionResolver = new WildcardPermissionResolver();
    }

    public AuthorizingRealm(CacheManager cacheManager) {
        super(cacheManager);
        this.accountCache = null;
        this.accountCacheName = null;
        this.permissionResolver = new WildcardPermissionResolver();
    }

    public AuthorizingRealm(CredentialsMatcher credentialsMatcher) {
        super(credentialsMatcher);
        this.accountCache = null;
        this.accountCacheName = null;
        this.permissionResolver = new WildcardPermissionResolver();
    }

    public AuthorizingRealm(CacheManager cacheManager, CredentialsMatcher credentialsMatcher) {
        super(cacheManager, credentialsMatcher);
        this.accountCache = null;
        this.accountCacheName = null;
        this.permissionResolver = new WildcardPermissionResolver();
    }

    public void setAccountCache(Cache cache) {
        this.accountCache = cache;
    }

    public Cache getAccountCache() {
        return this.accountCache;
    }

    public String getAccountCacheName() {
        return this.accountCacheName;
    }

    public void setAccountCacheName(String str) {
        this.accountCacheName = str;
    }

    public PermissionResolver getPermissionResolver() {
        return this.permissionResolver;
    }

    @Override // org.jsecurity.authz.permission.PermissionResolverAware
    public void setPermissionResolver(PermissionResolver permissionResolver) {
        this.permissionResolver = permissionResolver;
    }

    @Override // org.jsecurity.util.Initializable
    public final void init() {
        initAccountCache();
        afterAccountCacheSet();
    }

    protected void afterAccountCacheSet() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initAccountCache() {
        if (this.log.isTraceEnabled()) {
            this.log.trace("Initializing account cache.");
        }
        if (getAccountCache() == null) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("No cache implementation set.  Checking cacheManager...");
            }
            CacheManager cacheManager = getCacheManager();
            if (cacheManager == null) {
                if (this.log.isInfoEnabled()) {
                    this.log.info("No cache or cacheManager properties have been set.  Account caching is disabled.");
                    return;
                }
                return;
            }
            String accountCacheName = getAccountCacheName();
            if (accountCacheName == null) {
                StringBuilder append = new StringBuilder().append(getClass().getName()).append("-");
                int i = INSTANCE_COUNT;
                INSTANCE_COUNT = i + 1;
                accountCacheName = append.append(i).append(DEFAULT_ACCOUNT_CACHE_POSTFIX).toString();
                setAccountCacheName(accountCacheName);
            }
            if (this.log.isDebugEnabled()) {
                this.log.debug("CacheManager [" + cacheManager + "] has been configured.  Building Account cache named [" + accountCacheName + "]");
            }
            setAccountCache(cacheManager.getCache(accountCacheName));
        }
    }

    protected Account getAccount(PrincipalCollection principalCollection) {
        if (principalCollection == null) {
            return null;
        }
        Account account = null;
        if (this.log.isTraceEnabled()) {
            this.log.trace("Retrieving Account for principals [" + principalCollection + "]");
        }
        Cache accountCache = getAccountCache();
        if (accountCache != null) {
            if (this.log.isTraceEnabled()) {
                this.log.trace("Attempting to retrieve the Account from cache.");
            }
            account = (Account) accountCache.get(getAccountCacheKey(principalCollection));
            if (this.log.isTraceEnabled()) {
                if (account == null) {
                    this.log.trace("No Account found in cache for principals [" + principalCollection + "]");
                } else {
                    this.log.trace("Account found in cache for principals [" + principalCollection + "]");
                }
            }
        }
        if (account == null) {
            account = doGetAccount(principalCollection);
            if (account != null && accountCache != null) {
                if (this.log.isTraceEnabled()) {
                    this.log.trace("Caching Account [" + principalCollection + "].");
                }
                accountCache.put(getAccountCacheKey(principalCollection), account);
            }
        }
        return account;
    }

    protected Object getAccountCacheKey(PrincipalCollection principalCollection) {
        return principalCollection;
    }

    protected abstract AuthorizingAccount doGetAccount(PrincipalCollection principalCollection);

    protected AuthorizingAccount getAuthorizingAccount(PrincipalCollection principalCollection) {
        if (principalCollection == null) {
            throw new AuthorizationException("Specified principals argument is null and authorization checks cannot occur without a known account identity.");
        }
        Account account = getAccount(principalCollection);
        assertNotNullAccount(principalCollection, account);
        assertAuthorizingAccount(account);
        return (AuthorizingAccount) account;
    }

    protected void assertNotNullAccount(PrincipalCollection principalCollection, Account account) {
        if (account == null) {
            throw new MissingAccountException("No Account found for Subject principals [" + principalCollection + "]");
        }
    }

    protected void assertAuthorizingAccount(Account account) {
        if (!(account instanceof AuthorizingAccount)) {
            throw new UnsupportedAccountException("Underlying Account instance [" + account + "] does not implement the " + AuthorizingAccount.class.getName() + " interface.  The JSecurity " + AuthorizingRealm.class.getName() + " class and its default implementations can only provide default authorization (access control) support for Accounts that implement this interface.  If you do not wish to implement this interface, you will need to override all of this Realm's Authorizer methods to perform the authorization check explicitly.\n\nNote that there is nothing wrong with this approach since it often gives finer control of how authorization checks occur, but you would have to override these methods explicitly since JSecurity can't infer your application's security data model.");
        }
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean isPermitted(PrincipalCollection principalCollection, String str) {
        return isPermitted(principalCollection, getPermissionResolver().resolvePermission(str));
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean isPermitted(PrincipalCollection principalCollection, Permission permission) {
        return getAuthorizingAccount(principalCollection).isPermitted(permission);
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean[] isPermitted(PrincipalCollection principalCollection, String... strArr) {
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            arrayList.add(getPermissionResolver().resolvePermission(str));
        }
        return isPermitted(principalCollection, arrayList);
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean[] isPermitted(PrincipalCollection principalCollection, List<Permission> list) {
        return getAuthorizingAccount(principalCollection).isPermitted(list);
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean isPermittedAll(PrincipalCollection principalCollection, String... strArr) {
        if (strArr == null || strArr.length <= 0) {
            return false;
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            arrayList.add(getPermissionResolver().resolvePermission(str));
        }
        return isPermittedAll(principalCollection, arrayList);
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean isPermittedAll(PrincipalCollection principalCollection, Collection<Permission> collection) {
        AuthorizingAccount authorizingAccount = getAuthorizingAccount(principalCollection);
        return authorizingAccount != null && authorizingAccount.isPermittedAll(collection);
    }

    @Override // org.jsecurity.authz.Authorizer
    public void checkPermission(PrincipalCollection principalCollection, String str) throws AuthorizationException {
        checkPermission(principalCollection, getPermissionResolver().resolvePermission(str));
    }

    @Override // org.jsecurity.authz.Authorizer
    public void checkPermission(PrincipalCollection principalCollection, Permission permission) throws AuthorizationException {
        getAuthorizingAccount(principalCollection).checkPermission(permission);
    }

    @Override // org.jsecurity.authz.Authorizer
    public void checkPermissions(PrincipalCollection principalCollection, String... strArr) throws AuthorizationException {
        if (strArr != null) {
            for (String str : strArr) {
                checkPermission(principalCollection, str);
            }
        }
    }

    @Override // org.jsecurity.authz.Authorizer
    public void checkPermissions(PrincipalCollection principalCollection, Collection<Permission> collection) throws AuthorizationException {
        getAuthorizingAccount(principalCollection).checkPermissions(collection);
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean hasRole(PrincipalCollection principalCollection, String str) {
        return getAuthorizingAccount(principalCollection).hasRole(str);
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean[] hasRoles(PrincipalCollection principalCollection, List<String> list) {
        AuthorizingAccount authorizingAccount = getAuthorizingAccount(principalCollection);
        boolean[] zArr = new boolean[list != null ? list.size() : 0];
        if (authorizingAccount != null) {
            zArr = authorizingAccount.hasRoles(list);
        }
        return zArr;
    }

    @Override // org.jsecurity.authz.Authorizer
    public boolean hasAllRoles(PrincipalCollection principalCollection, Collection<String> collection) {
        AuthorizingAccount authorizingAccount = getAuthorizingAccount(principalCollection);
        return authorizingAccount != null && authorizingAccount.hasAllRoles(collection);
    }

    @Override // org.jsecurity.authz.Authorizer
    public void checkRole(PrincipalCollection principalCollection, String str) throws AuthorizationException {
        getAuthorizingAccount(principalCollection).checkRole(str);
    }

    @Override // org.jsecurity.authz.Authorizer
    public void checkRoles(PrincipalCollection principalCollection, Collection<String> collection) throws AuthorizationException {
        getAuthorizingAccount(principalCollection).checkRoles(collection);
    }

    @Override // org.jsecurity.realm.AuthenticatingRealm, org.jsecurity.authc.LogoutAware
    public void onLogout(PrincipalCollection principalCollection) {
        Cache accountCache = getAccountCache();
        if (accountCache == null || principalCollection == null) {
            return;
        }
        accountCache.remove(getAccountCacheKey(principalCollection));
    }
}
