package net.sf.jguard.core.principals;

import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import net.sf.jguard.core.authorization.permissions.JGPositivePermissionCollection;
import net.sf.jguard.core.authorization.permissions.PermissionUtils;
import org.apache.commons.jexl.ExpressionFactory;
import org.apache.commons.jexl.JexlContext;
import org.apache.commons.jexl.JexlHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/sf/jguard/core/principals/PrincipalUtils.class */
public final class PrincipalUtils {
    private static final Logger logger = LoggerFactory.getLogger(PrincipalUtils.class.getName());

    private PrincipalUtils() {
    }

    public static Principal getPrincipal(String str, String str2) {
        Principal principal = null;
        Class<?> cls = null;
        try {
            cls = Class.forName(str);
        } catch (ClassNotFoundException e) {
            logger.error("", e);
        }
        Constructor<?> constructor = null;
        try {
            constructor = cls.getConstructor(String.class);
        } catch (NoSuchMethodException e2) {
            logger.error("", e2);
        } catch (SecurityException e3) {
            logger.error("", e3);
        }
        if (constructor == null) {
            throw new IllegalArgumentException(" the provided Class=" + str + " has'nt got any constructor with a String argument ");
        }
        try {
            principal = (Principal) constructor.newInstance(str2);
        } catch (IllegalAccessException e4) {
            logger.error("", e4);
        } catch (IllegalArgumentException e5) {
            logger.error("", e5);
        } catch (InstantiationException e6) {
            logger.error("", e6);
        } catch (InvocationTargetException e7) {
            logger.error("", e7);
        }
        return principal;
    }

    public static Principal getPrincipal(Class cls, Class[] clsArr, Object[] objArr) {
        Principal principal = null;
        Constructor constructor = null;
        try {
            constructor = cls.getConstructor(clsArr);
        } catch (NoSuchMethodException e) {
            logger.error("", e);
        } catch (SecurityException e2) {
            logger.error("", e2);
        }
        if (constructor != null) {
            try {
                principal = (Principal) constructor.newInstance(objArr);
            } catch (IllegalAccessException e3) {
                logger.error("", e3);
            } catch (IllegalArgumentException e4) {
                logger.error("", e4);
            } catch (InstantiationException e5) {
                logger.error("", e5);
            } catch (InvocationTargetException e6) {
                logger.error("", e6);
            }
        }
        return principal;
    }

    public static Set<Principal> clonePrincipalsSet(Set<? extends Principal> set) throws CloneNotSupportedException {
        HashSet hashSet = new HashSet();
        Iterator<? extends Principal> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add((Principal) ((BasePrincipal) it.next()).clone());
        }
        return hashSet;
    }

    public static void checkPrincipals(Set set, Set<RolePrincipal> set2) {
        Iterator<RolePrincipal> it = set2.iterator();
        while (it.hasNext()) {
            RolePrincipal next = it.next();
            if (!set.containsAll(next.getAllPermissions())) {
                logger.warn(" principal called " + next.getLocalName() + " has been removed from the SubjectTemplate ");
                logger.warn(" because it contains permissions not owned by this organization throw its Principals ");
                it.remove();
            }
        }
    }

    private static boolean evaluateDefinition(String str, UserPrincipal userPrincipal) {
        if (str == null) {
            return false;
        }
        if (Boolean.TRUE.toString().equalsIgnoreCase(str)) {
            return true;
        }
        if (Boolean.FALSE.toString().equalsIgnoreCase(str)) {
            return false;
        }
        if (userPrincipal == null) {
            logger.warn("evaluateDefinition() no UserPrincipal defined, can not use regex definition");
        }
        String substring = str.substring(2, str.length() - 1);
        JexlContext createContext = JexlHelper.createContext();
        Map vars = createContext.getVars();
        if (userPrincipal != null) {
            vars.put("subject.organization", userPrincipal.getOrganization());
            vars.put("subject.roles", userPrincipal.getRoles());
            vars.put("subject.publicCredentials", userPrincipal.getPublicCredentials());
            vars.put("subject.privateCredentials", userPrincipal.getPrivateCredentials());
        }
        Object obj = null;
        try {
            obj = ExpressionFactory.createExpression(substring).evaluate(createContext);
        } catch (Exception e) {
            logger.warn("Failed to evaluate : " + substring);
        }
        if (obj instanceof Boolean) {
            return ((Boolean) obj).booleanValue();
        }
        logger.warn("Subject does not have the required credentials to resolve the role activation : " + substring);
        return false;
    }

    public static boolean evaluatePrincipal(RolePrincipal rolePrincipal, UserPrincipal userPrincipal) {
        if (!evaluateDefinition(rolePrincipal.getDefinition(), userPrincipal)) {
            if (!logger.isDebugEnabled()) {
                return false;
            }
            logger.debug("evaluatePrincipal() -  user's principal definition attr evaluates to false=" + rolePrincipal.getLocalName());
            return false;
        }
        if (rolePrincipal.isActive()) {
            return true;
        }
        if (!logger.isDebugEnabled()) {
            return false;
        }
        logger.debug("evaluatePrincipal() -  user's principal active attr is false=" + rolePrincipal.getLocalName());
        return false;
    }

    public static PermissionCollection evaluatePermissionCollection(ProtectionDomain protectionDomain, PermissionCollection permissionCollection) {
        Principal[] principals = protectionDomain.getPrincipals();
        boolean z = false;
        int i = 0;
        while (!z && i < principals.length) {
            z = principals[i] instanceof UserPrincipal;
            i++;
        }
        if (!z) {
            logger.debug("no UserPrincipal defined, can not use regex permissions");
            return permissionCollection;
        }
        JGPositivePermissionCollection jGPositivePermissionCollection = new JGPositivePermissionCollection();
        UserPrincipal userPrincipal = (UserPrincipal) principals[i - 1];
        JexlContext createContext = JexlHelper.createContext();
        Map vars = createContext.getVars();
        vars.put("subject.roles", userPrincipal.getRoles());
        vars.put("subject.publicCredentials", userPrincipal.getPublicCredentials());
        vars.put("subject.privateCredentials", userPrincipal.getPrivateCredentials());
        Enumeration<Permission> elements = permissionCollection.elements();
        HashMap hashMap = new HashMap();
        while (elements.hasMoreElements()) {
            Permission nextElement = elements.nextElement();
            logger.debug("Resolving permission = " + nextElement);
            Enumeration<Permission> elements2 = PermissionUtils.resolvePermission(nextElement, hashMap, createContext).elements();
            while (elements2.hasMoreElements()) {
                jGPositivePermissionCollection.add(elements2.nextElement());
            }
        }
        return jGPositivePermissionCollection;
    }
}
