package org.sonatype.nexus.security.authz;

import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Provider;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.Authorizer;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.permission.RolePermissionResolver;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/sonatype/nexus/security/authz/ExceptionCatchingModularRealmAuthorizer.class */
public class ExceptionCatchingModularRealmAuthorizer extends ModularRealmAuthorizer {
    private static final Logger logger = LoggerFactory.getLogger(ExceptionCatchingModularRealmAuthorizer.class);
    private Provider<RolePermissionResolver> rolePermissionResolverProvider;

    public ExceptionCatchingModularRealmAuthorizer(Collection<Realm> collection) {
        super(collection);
    }

    @Inject
    public ExceptionCatchingModularRealmAuthorizer(Collection<Realm> collection, Provider<RolePermissionResolver> provider) {
        this.rolePermissionResolverProvider = provider;
        setRealms(collection);
    }

    public RolePermissionResolver getRolePermissionResolver() {
        if (this.rolePermissionResolverProvider != null) {
            return (RolePermissionResolver) this.rolePermissionResolverProvider.get();
        }
        return null;
    }

    public void checkPermission(PrincipalCollection principalCollection, String str) {
        if (!isPermitted(principalCollection, str)) {
            throw new AuthorizationException("User is not permitted: " + str);
        }
    }

    public void checkPermission(PrincipalCollection principalCollection, Permission permission) {
        if (!isPermitted(principalCollection, permission)) {
            throw new AuthorizationException("User is not permitted: " + permission);
        }
    }

    public void checkPermissions(PrincipalCollection principalCollection, String... strArr) {
        for (String str : strArr) {
            checkPermission(principalCollection, str);
        }
    }

    public void checkPermissions(PrincipalCollection principalCollection, Collection<Permission> collection) {
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            checkPermission(principalCollection, it.next());
        }
    }

    public void checkRole(PrincipalCollection principalCollection, String str) {
        if (!hasRole(principalCollection, str)) {
            throw new AuthorizationException("User is not permitted role: " + str);
        }
    }

    public void checkRoles(PrincipalCollection principalCollection, Collection<String> collection) {
        if (!hasAllRoles(principalCollection, collection)) {
            throw new AuthorizationException("User is not permitted role: " + collection);
        }
    }

    public boolean hasAllRoles(PrincipalCollection principalCollection, Collection<String> collection) {
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            if (!hasRole(principalCollection, it.next())) {
                return false;
            }
        }
        return true;
    }

    public boolean hasRole(PrincipalCollection principalCollection, String str) {
        for (Authorizer authorizer : getRealms()) {
            if (authorizer instanceof Authorizer) {
                try {
                    if (authorizer.hasRole(principalCollection, str)) {
                        return true;
                    }
                } catch (AuthorizationException e) {
                    logAndIgnore(authorizer, e);
                } catch (RuntimeException e2) {
                    logAndIgnore(authorizer, e2);
                }
            }
        }
        return false;
    }

    public boolean[] hasRoles(PrincipalCollection principalCollection, List<String> list) {
        boolean[] zArr = new boolean[list.size()];
        for (Authorizer authorizer : getRealms()) {
            if (authorizer instanceof Authorizer) {
                try {
                    boolean[] hasRoles = authorizer.hasRoles(principalCollection, list);
                    for (int i = 0; i < zArr.length; i++) {
                        zArr[i] = zArr[i] | hasRoles[i];
                    }
                } catch (AuthorizationException e) {
                    logAndIgnore(authorizer, e);
                } catch (RuntimeException e2) {
                    logAndIgnore(authorizer, e2);
                }
            }
        }
        return zArr;
    }

    public boolean isPermitted(PrincipalCollection principalCollection, String str) {
        for (Authorizer authorizer : getRealms()) {
            if (authorizer instanceof Authorizer) {
                try {
                    if (authorizer.isPermitted(principalCollection, str)) {
                        if (!logger.isTraceEnabled()) {
                            return true;
                        }
                        logger.trace("Realm: " + authorizer.getName() + " user: " + principalCollection.iterator().next() + " has permission: " + str);
                        return true;
                    }
                    if (logger.isTraceEnabled()) {
                        logger.trace("Realm: " + authorizer.getName() + " user: " + principalCollection.iterator().next() + " does NOT have permission: " + str);
                    }
                } catch (AuthorizationException e) {
                    logAndIgnore(authorizer, e);
                } catch (RuntimeException e2) {
                    logAndIgnore(authorizer, e2);
                }
            }
        }
        return false;
    }

    public boolean isPermitted(PrincipalCollection principalCollection, Permission permission) {
        for (Authorizer authorizer : getRealms()) {
            if (authorizer instanceof Authorizer) {
                try {
                    if (authorizer.isPermitted(principalCollection, permission)) {
                        return true;
                    }
                } catch (AuthorizationException e) {
                    logAndIgnore(authorizer, e);
                } catch (RuntimeException e2) {
                    logAndIgnore(authorizer, e2);
                }
            }
        }
        return false;
    }

    public boolean[] isPermitted(PrincipalCollection principalCollection, String... strArr) {
        boolean[] zArr = new boolean[strArr.length];
        for (Authorizer authorizer : getRealms()) {
            if (authorizer instanceof Authorizer) {
                try {
                    boolean[] isPermitted = authorizer.isPermitted(principalCollection, strArr);
                    for (int i = 0; i < zArr.length; i++) {
                        zArr[i] = zArr[i] | isPermitted[i];
                    }
                } catch (RuntimeException e) {
                    logAndIgnore(authorizer, e);
                } catch (AuthorizationException e2) {
                    logAndIgnore(authorizer, e2);
                }
            }
        }
        return zArr;
    }

    public boolean[] isPermitted(PrincipalCollection principalCollection, List<Permission> list) {
        boolean[] zArr = new boolean[list.size()];
        for (Authorizer authorizer : getRealms()) {
            if (authorizer instanceof Authorizer) {
                try {
                    boolean[] isPermitted = authorizer.isPermitted(principalCollection, list);
                    for (int i = 0; i < zArr.length; i++) {
                        zArr[i] = zArr[i] | isPermitted[i];
                    }
                } catch (AuthorizationException e) {
                    logAndIgnore(authorizer, e);
                } catch (RuntimeException e2) {
                    logAndIgnore(authorizer, e2);
                }
            }
        }
        return zArr;
    }

    public boolean isPermittedAll(PrincipalCollection principalCollection, String... strArr) {
        for (String str : strArr) {
            if (!isPermitted(principalCollection, str)) {
                return false;
            }
        }
        return true;
    }

    public boolean isPermittedAll(PrincipalCollection principalCollection, Collection<Permission> collection) {
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            if (!isPermitted(principalCollection, it.next())) {
                return false;
            }
        }
        return true;
    }

    private void logAndIgnore(Realm realm, Exception exc) {
        logger.trace("Realm '{}' failure", realm.getName(), exc);
    }
}
