package oracle.kv.impl.security;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import oracle.kv.AuthenticationRequiredException;
import oracle.kv.UnauthorizedException;
import oracle.kv.impl.api.RequestHandlerImpl;

/* loaded from: input_file:oracle/kv/impl/security/ExecutionContext.class */
public final class ExecutionContext {
    private static final ThreadLocal<ExecutionContext> currentContext = new ThreadLocal<>();
    private final AuthContext requestorCtx;
    private final Subject requestorSubj;
    private final OperationContext opCtx;
    private final String clientHost = RequestHandlerImpl.getClientHost();
    private final PrivilegeCollection privileges;

    /* loaded from: input_file:oracle/kv/impl/security/ExecutionContext$Operation.class */
    public interface Operation<R, E extends Exception> {
        R run() throws Exception;
    }

    /* loaded from: input_file:oracle/kv/impl/security/ExecutionContext$PrivilegeCollection.class */
    public static class PrivilegeCollection {
        private final Set<KVStorePrivilege> privilegeSet;

        PrivilegeCollection(Set<KVStorePrivilege> set) {
            this.privilegeSet = set;
        }

        public String toString() {
            return "PrivilegeCollection" + this.privilegeSet;
        }

        public boolean implies(KVStorePrivilege kVStorePrivilege) {
            if (this.privilegeSet == null) {
                return false;
            }
            if (this.privilegeSet.contains(kVStorePrivilege)) {
                return true;
            }
            KVStorePrivilege[] implyingPrivileges = kVStorePrivilege.implyingPrivileges();
            if (implyingPrivileges == null) {
                return false;
            }
            for (KVStorePrivilege kVStorePrivilege2 : implyingPrivileges) {
                if (this.privilegeSet.contains(kVStorePrivilege2)) {
                    return true;
                }
            }
            return false;
        }

        public boolean impliesAll(Collection<? extends KVStorePrivilege> collection) {
            if (collection == null) {
                return false;
            }
            Iterator<? extends KVStorePrivilege> it = collection.iterator();
            while (it.hasNext()) {
                if (!implies(it.next())) {
                    return false;
                }
            }
            return true;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/security/ExecutionContext$Procedure.class */
    public interface Procedure<E extends Exception> {
        void run() throws Exception;
    }

    /* loaded from: input_file:oracle/kv/impl/security/ExecutionContext$SimpleOperation.class */
    public interface SimpleOperation<R> {
        R run();
    }

    /* loaded from: input_file:oracle/kv/impl/security/ExecutionContext$SimpleProcedure.class */
    public interface SimpleProcedure {
        void run();
    }

    private ExecutionContext(AuthContext authContext, Subject subject, PrivilegeCollection privilegeCollection, OperationContext operationContext) {
        this.requestorCtx = authContext;
        this.requestorSubj = subject;
        this.opCtx = operationContext;
        this.privileges = privilegeCollection;
    }

    public AuthContext requestorContext() {
        return this.requestorCtx;
    }

    public Subject requestorSubject() {
        return this.requestorSubj;
    }

    public String requestorHost() {
        return this.clientHost;
    }

    public OperationContext operationContext() {
        return this.opCtx;
    }

    public PrivilegeCollection requestorPrivileges() {
        return this.privileges;
    }

    public static ExecutionContext create(AccessChecker accessChecker, AuthContext authContext, OperationContext operationContext) throws AuthenticationRequiredException, UnauthorizedException, SessionAccessException {
        Subject identifyRequestor;
        PrivilegeCollection privilegeCollection;
        if (accessChecker == null) {
            identifyRequestor = null;
            privilegeCollection = null;
        } else {
            identifyRequestor = accessChecker.identifyRequestor(authContext);
            privilegeCollection = new PrivilegeCollection(accessChecker.identifyPrivileges(identifyRequestor));
        }
        ExecutionContext executionContext = new ExecutionContext(authContext, identifyRequestor, privilegeCollection, operationContext);
        if (accessChecker != null) {
            accessChecker.checkAccess(executionContext, operationContext);
        }
        return executionContext;
    }

    public static <R, E extends Exception> R runWithContext(Operation<R, E> operation, ExecutionContext executionContext) throws Exception {
        ExecutionContext executionContext2 = currentContext.get();
        try {
            currentContext.set(executionContext);
            R run = operation.run();
            currentContext.set(executionContext2);
            return run;
        } catch (Throwable th) {
            currentContext.set(executionContext2);
            throw th;
        }
    }

    public static <R> R runWithContext(SimpleOperation<R> simpleOperation, ExecutionContext executionContext) {
        ExecutionContext executionContext2 = currentContext.get();
        try {
            currentContext.set(executionContext);
            R run = simpleOperation.run();
            currentContext.set(executionContext2);
            return run;
        } catch (Throwable th) {
            currentContext.set(executionContext2);
            throw th;
        }
    }

    public static <E extends Exception> void runWithContext(Procedure<E> procedure, ExecutionContext executionContext) throws Exception {
        ExecutionContext executionContext2 = currentContext.get();
        try {
            currentContext.set(executionContext);
            procedure.run();
            currentContext.set(executionContext2);
        } catch (Throwable th) {
            currentContext.set(executionContext2);
            throw th;
        }
    }

    public static void runWithContext(SimpleProcedure simpleProcedure, ExecutionContext executionContext) {
        ExecutionContext executionContext2 = currentContext.get();
        try {
            currentContext.set(executionContext);
            simpleProcedure.run();
            currentContext.set(executionContext2);
        } catch (Throwable th) {
            currentContext.set(executionContext2);
            throw th;
        }
    }

    public static ExecutionContext getCurrent() {
        return currentContext.get();
    }

    public static Subject getCurrentUserSubject() {
        ExecutionContext current = getCurrent();
        if (current == null) {
            return null;
        }
        return current.requestorSubject();
    }

    public static String getCurrentUserHost() {
        ExecutionContext current = getCurrent();
        if (current == null) {
            return null;
        }
        return current.requestorHost();
    }

    public static KVStoreUserPrincipal getCurrentUserPrincipal() {
        return getSubjectUserPrincipal(getCurrentUserSubject());
    }

    public static PrivilegeCollection getCurrentPrivileges() {
        ExecutionContext current = getCurrent();
        if (current == null) {
            return null;
        }
        return current.requestorPrivileges();
    }

    public static KVStoreUserPrincipal getSubjectUserPrincipal(Subject subject) {
        if (subject == null) {
            return null;
        }
        Set principals = subject.getPrincipals(KVStoreUserPrincipal.class);
        if (principals.isEmpty()) {
            return null;
        }
        if (principals.size() != 1) {
            throw new IllegalStateException("Current user has multiple user principals");
        }
        return (KVStoreUserPrincipal) principals.iterator().next();
    }

    public static KVStoreRolePrincipal[] getSubjectRolePrincipals(Subject subject) {
        if (subject == null) {
            return null;
        }
        Set principals = subject.getPrincipals(KVStoreRolePrincipal.class);
        return (KVStoreRolePrincipal[]) principals.toArray(new KVStoreRolePrincipal[principals.size()]);
    }

    public static String[] getSubjectRoles(Subject subject) {
        if (subject == null) {
            return null;
        }
        Set principals = subject.getPrincipals(KVStoreRolePrincipal.class);
        ArrayList arrayList = new ArrayList();
        Iterator it = principals.iterator();
        while (it.hasNext()) {
            arrayList.add(((KVStoreRolePrincipal) it.next()).getName());
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public boolean hasRole(String str) {
        return subjectHasRole(this.requestorSubj, str);
    }

    public static boolean subjectHasRole(Subject subject, String str) {
        for (Principal principal : subject.getPrincipals()) {
            if (KVStoreRolePrincipal.class.isAssignableFrom(principal.getClass()) && ((KVStoreRolePrincipal) principal).getName().equals(str)) {
                return true;
            }
        }
        return false;
    }

    public boolean hasAllPrivileges(Collection<? extends KVStorePrivilege> collection) {
        return this.privileges != null && this.privileges.impliesAll(collection);
    }

    public boolean hasPrivilege(KVStorePrivilege kVStorePrivilege) {
        return this.privileges != null && this.privileges.implies(kVStorePrivilege);
    }
}
