package io.vertigo.persona.impl.security;

import io.vertigo.commons.locale.LocaleManager;
import io.vertigo.commons.locale.LocaleProvider;
import io.vertigo.core.Home;
import io.vertigo.lang.Activeable;
import io.vertigo.lang.Assertion;
import io.vertigo.lang.Option;
import io.vertigo.persona.plugins.security.loaders.SecurityResourceLoaderPlugin;
import io.vertigo.persona.security.ResourceNameFactory;
import io.vertigo.persona.security.UserSession;
import io.vertigo.persona.security.VSecurityManager;
import io.vertigo.persona.security.metamodel.Permission;
import io.vertigo.persona.security.metamodel.Role;
import io.vertigo.util.ClassUtil;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.inject.Inject;
import javax.inject.Named;

/* loaded from: input_file:io/vertigo/persona/impl/security/VSecurityManagerImpl.class */
public final class VSecurityManagerImpl implements VSecurityManager, Activeable {
    private static final ThreadLocal<UserSession> USER_SESSION_THREAD_LOCAL = new ThreadLocal<>();
    private final LocaleManager localeManager;
    private final String userSessionClassName;
    private final Map<String, ResourceNameFactory> resourceNameFactories = new HashMap();

    @Inject
    public VSecurityManagerImpl(SecurityResourceLoaderPlugin securityResourceLoaderPlugin, LocaleManager localeManager, @Named("userSessionClassName") String str) {
        Assertion.checkNotNull(securityResourceLoaderPlugin);
        Assertion.checkNotNull(localeManager);
        Assertion.checkArgNotEmpty(str);
        this.localeManager = localeManager;
        this.userSessionClassName = str;
        Home.getDefinitionSpace().register(Role.class);
        Home.getDefinitionSpace().register(Permission.class);
        Home.getDefinitionSpace().addLoader(securityResourceLoaderPlugin);
    }

    @Override // io.vertigo.lang.Activeable
    public void start() {
        this.localeManager.registerLocaleProvider(createLocaleProvider());
    }

    @Override // io.vertigo.lang.Activeable
    public void stop() {
    }

    @Override // io.vertigo.persona.security.VSecurityManager
    public <U extends UserSession> U createUserSession() {
        return (U) ClassUtil.newInstance(this.userSessionClassName);
    }

    private LocaleProvider createLocaleProvider() {
        return new LocaleProvider() { // from class: io.vertigo.persona.impl.security.VSecurityManagerImpl.1
            @Override // io.vertigo.commons.locale.LocaleProvider
            public Locale getCurrentLocale() {
                Option currentUserSession = VSecurityManagerImpl.this.getCurrentUserSession();
                if (currentUserSession.isDefined()) {
                    return ((UserSession) currentUserSession.get()).getLocale();
                }
                return null;
            }
        };
    }

    @Override // io.vertigo.persona.security.VSecurityManager
    public void startCurrentUserSession(UserSession userSession) {
        Assertion.checkNotNull(userSession);
        if (USER_SESSION_THREAD_LOCAL.get() != null) {
            throw new IllegalStateException("UserSession already created in this thread, check to close session by stopCurrentUserSession in a finally");
        }
        USER_SESSION_THREAD_LOCAL.set(userSession);
    }

    @Override // io.vertigo.persona.security.VSecurityManager
    public void stopCurrentUserSession() {
        USER_SESSION_THREAD_LOCAL.remove();
    }

    @Override // io.vertigo.persona.security.VSecurityManager
    public <U extends UserSession> Option<U> getCurrentUserSession() {
        return Option.option(USER_SESSION_THREAD_LOCAL.get());
    }

    @Override // io.vertigo.persona.security.VSecurityManager
    public boolean hasRole(UserSession userSession, Set<Role> set) {
        Assertion.checkNotNull(userSession);
        Assertion.checkNotNull(set);
        if (set.isEmpty()) {
            return true;
        }
        Set<Role> roles = userSession.getRoles();
        for (Role role : set) {
            Assertion.checkArgument(Home.getDefinitionSpace().containsDefinition(role), "Le rele {0} n est pas defini dans RoleRegistry.", role);
            if (roles.contains(role)) {
                return true;
            }
        }
        return false;
    }

    @Override // io.vertigo.persona.security.VSecurityManager
    public boolean isAuthorized(String str, String str2) {
        Option currentUserSession = getCurrentUserSession();
        if (currentUserSession.isEmpty()) {
            return false;
        }
        UserSession userSession = (UserSession) currentUserSession.get();
        Map<String, String> securityKeys = ((UserSession) currentUserSession.get()).getSecurityKeys();
        Iterator<Role> it = userSession.getRoles().iterator();
        while (it.hasNext()) {
            if (isAuthorized(it.next(), str, str2, securityKeys)) {
                return true;
            }
        }
        return false;
    }

    private static boolean isAuthorized(Role role, String str, String str2, Map<String, String> map) {
        Iterator<Permission> it = role.getPermissions().iterator();
        while (it.hasNext()) {
            if (isAuthorized(it.next(), str, str2, map)) {
                return true;
            }
        }
        return false;
    }

    private static boolean isAuthorized(Permission permission, String str, String str2, Map<String, String> map) {
        return Pattern.compile(applySecurityKeys(permission.getFilter(), map)).matcher(str).matches() && Pattern.compile(permission.getOperation()).matcher(str2).matches();
    }

    private static String applySecurityKeys(String str, Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        int i = 0;
        int indexOf = str.indexOf("${", 0);
        while (true) {
            int i2 = indexOf;
            if (i2 < 0) {
                break;
            }
            sb.append(str.substring(i, i2));
            int indexOf2 = str.indexOf("}", i2 + "${".length());
            Assertion.checkState(indexOf2 >= i2, "missing \\} : {0} à {1}", str, Integer.valueOf(i2));
            sb.append(map.get(str.substring(i2 + "${".length(), indexOf2)));
            i = indexOf2 + "}".length();
            indexOf = str.indexOf("${", i);
        }
        if (i < str.length()) {
            sb.append(str.substring(i, str.length()));
        }
        return sb.toString();
    }

    @Override // io.vertigo.persona.security.VSecurityManager
    public boolean isAuthorized(String str, Object obj, String str2) {
        ResourceNameFactory resourceNameFactory = this.resourceNameFactories.get(str);
        Assertion.checkNotNull(resourceNameFactory, "Ce type de resource : {0}, ne possède pas de ResourceNameFactory.", str);
        return isAuthorized(resourceNameFactory.toResourceName(obj), str2);
    }

    @Override // io.vertigo.persona.security.VSecurityManager
    public void registerResourceNameFactory(String str, ResourceNameFactory resourceNameFactory) {
        Assertion.checkArgNotEmpty(str);
        Assertion.checkNotNull(resourceNameFactory);
        this.resourceNameFactories.put(str, resourceNameFactory);
    }
}
