package com.dtolabs.rundeck.core.authorization;

import com.dtolabs.rundeck.core.authentication.Group;
import com.dtolabs.rundeck.core.authentication.Username;
import com.dtolabs.rundeck.core.authorization.providers.PoliciesParseException;
import com.dtolabs.rundeck.core.authorization.providers.SAREAuthorization;
import com.dtolabs.rundeck.core.common.Framework;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.util.Calendar;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/dtolabs/rundeck/core/authorization/BaseAclsAuthorization.class */
public abstract class BaseAclsAuthorization implements Authorization, LegacyAuthorization {
    static Logger logger = Logger.getLogger(BaseAclsAuthorization.class);
    private final File aclBasedir;
    private final SAREAuthorization authorization;
    private String[] matchedRoles = new String[0];

    public BaseAclsAuthorization(Framework framework, File file) throws IOException, PoliciesParseException {
        this.aclBasedir = file;
        this.authorization = new SAREAuthorization(file);
    }

    public static List<String> listRoles(File file) throws IOException {
        try {
            return new SAREAuthorization(file).hackMeSomeRoles();
        } catch (PoliciesParseException e) {
            return Collections.emptyList();
        }
    }

    void setMatchedRoles(String[] strArr) {
        this.matchedRoles = strArr;
    }

    @Override // com.dtolabs.rundeck.core.authorization.LegacyAuthorization
    public String[] getMatchedRoles() {
        if (null != this.matchedRoles) {
            return (String[]) this.matchedRoles.clone();
        }
        return null;
    }

    @Override // com.dtolabs.rundeck.core.authorization.LegacyAuthorization
    public String listMatchedRoles() {
        String[] matchedRoles = getMatchedRoles();
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < matchedRoles.length; i++) {
            stringBuffer.append(matchedRoles[i]);
            if (i != matchedRoles.length - 1) {
                stringBuffer.append(" ");
            }
        }
        return stringBuffer.toString();
    }

    boolean authorize(String str, String str2, String str3, String str4, String str5, String str6) throws AuthorizationException {
        logger.debug("authorize(), user: " + str + ",  project: " + str2 + ",  deploymentType: " + str3 + ",  deploymentName: " + str4 + ",  module: " + str5 + ",  command: " + str6);
        if (null == str2) {
            return true;
        }
        Calendar calendar = Calendar.getInstance();
        String timeanddayExp = new TimeanddayExp(Integer.toString(calendar.get(7) - 1), Integer.toString(calendar.get(11)), Integer.toString(calendar.get(12))).toString();
        String[] determineUserRoles = determineUserRoles(str);
        setMatchedRoles(determineUserRoles);
        if (null == determineUserRoles) {
            logger.error("Unable to obtain role memberships for user: " + str);
            throw new AuthorizationException("Unable to obtain role memberships for user: " + str + " unknown error");
        }
        if (determineUserRoles.length == 0) {
            logger.debug("no roles defined for user: " + str + " , returning false");
            return false;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("module", str5);
        hashMap.put("name", str6);
        Subject subject = new Subject();
        subject.getPrincipals().add(new Username(str));
        for (String str7 : determineUserRoles) {
            subject.getPrincipals().add(new Group(str7));
        }
        HashSet hashSet = new HashSet();
        hashSet.add(new Attribute(URI.create("http://dtolabs.com/rundeck/env/resource-type"), str3));
        hashSet.add(new Attribute(URI.create("http://dtolabs.com/rundeck/env/resource-name"), str4));
        hashSet.add(new Attribute(URI.create("http://dtolabs.com/rundeck/env/project"), str2));
        hashSet.add(new Attribute(URI.create("http://dtolabs.com/rundeck/env/now.cron"), timeanddayExp));
        return this.authorization.evaluate(hashMap, subject, "EXECUTE", hashSet).isAuthorized();
    }

    @Override // com.dtolabs.rundeck.core.authorization.LegacyAuthorization
    public boolean authorizeScript(String str, String str2, String str3) throws AuthorizationException {
        if (logger.isDebugEnabled()) {
            logger.debug("authorize(), user: " + str + ",  project: " + str2 + ",  adhocScript: " + str3);
        }
        if (null == str2) {
            return true;
        }
        Calendar calendar = Calendar.getInstance();
        String timeanddayExp = new TimeanddayExp(Integer.toString(calendar.get(7) - 1), Integer.toString(calendar.get(11)), Integer.toString(calendar.get(12))).toString();
        String[] determineUserRoles = determineUserRoles(str);
        setMatchedRoles(determineUserRoles);
        if (null == determineUserRoles) {
            logger.error("Unable to obtain role memberships for user: " + str);
            throw new AuthorizationException("Unable to obtain role memberships for user: " + str + " unknown error");
        }
        if (determineUserRoles.length == 0) {
            logger.debug("no roles defined for user: " + str + " , returning false");
            return false;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("job", str3);
        Subject subject = new Subject();
        subject.getPrincipals().add(new Username(str));
        for (String str4 : determineUserRoles) {
            subject.getPrincipals().add(new Group(str4));
        }
        HashSet hashSet = new HashSet();
        hashSet.add(new Attribute(URI.create("http://dtolabs.com/rundeck/env/project"), str2));
        hashSet.add(new Attribute(URI.create("http://dtolabs.com/rundeck/env/now.cron"), timeanddayExp));
        Decision evaluate = this.authorization.evaluate(hashMap, subject, "EXECUTE", hashSet);
        if (logger.isDebugEnabled()) {
            logger.debug(str + " authorized: " + evaluate);
        }
        return evaluate.isAuthorized();
    }

    public abstract String[] determineUserRoles(String str);

    public String toString() {
        return "BaseAclsAuthorization{aclBasedir=" + this.aclBasedir + "}";
    }

    public File getAclBasedir() {
        return this.aclBasedir;
    }

    @Override // com.dtolabs.rundeck.core.authorization.Authorization
    public Decision evaluate(Map<String, String> map, Subject subject, String str, Set<Attribute> set) {
        return this.authorization.evaluate(map, subject, str, set);
    }

    @Override // com.dtolabs.rundeck.core.authorization.Authorization
    public Set<Decision> evaluate(Set<Map<String, String>> set, Subject subject, Set<String> set2, Set<Attribute> set3) {
        return this.authorization.evaluate(set, subject, set2, set3);
    }
}
