package net.sf.jguard.core.authorization.permissions;

import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import net.sf.ehcache.Cache;
import net.sf.ehcache.CacheException;
import net.sf.ehcache.CacheManager;
import net.sf.ehcache.Element;
import org.apache.commons.jexl.ExpressionFactory;
import org.apache.commons.jexl.JexlContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/sf/jguard/core/authorization/permissions/PermissionUtils.class */
public final class PermissionUtils {
    private static CacheManager manager;
    private static Cache unresolvedPermToNeededExpressions;
    private static Cache unresolvedPermAndValuesToResolvedPerm;
    private static boolean cachesEnabled;
    private static final Logger logger = LoggerFactory.getLogger(PermissionUtils.class.getName());
    private static final Pattern JEXL_PATTERN = Pattern.compile("(\\$\\{[^\\}]+\\})");

    private PermissionUtils() {
    }

    private static Set createKey(Permission permission, Map<String, Object> map) {
        HashSet hashSet = new HashSet();
        hashSet.add(permission);
        hashSet.add(map);
        return hashSet;
    }

    public static PermissionCollection resolvePermission(Permission permission, Map<String, Object> map, JexlContext jexlContext) {
        JGPositivePermissionCollection jGPositivePermissionCollection = new JGPositivePermissionCollection();
        if (cachesEnabled) {
            try {
                Element element = unresolvedPermToNeededExpressions.get(permission);
                if (element != null) {
                    Set<String> set = (Set) element.getValue();
                    if (set.isEmpty()) {
                        jGPositivePermissionCollection.add(permission);
                        logger.debug("get permission from cache with no resolution needed");
                        return jGPositivePermissionCollection;
                    }
                    HashMap hashMap = new HashMap();
                    boolean z = false;
                    for (String str : set) {
                        Object obj = null;
                        if (map.containsKey(str)) {
                            obj = map.get(str);
                            hashMap.put(str, obj);
                        } else {
                            try {
                                obj = ExpressionFactory.createExpression(str).evaluate(jexlContext);
                                map.put(str, obj);
                                hashMap.put(str, obj);
                            } catch (Exception e) {
                                logger.warn("Failed to evaluate : " + str);
                            }
                        }
                        if (obj == null || ((obj instanceof List) && ((List) obj).isEmpty())) {
                            z = true;
                            break;
                        }
                    }
                    if (z) {
                        logger.warn("Subject does not have the required credentials to resolve the permission : " + permission);
                        jGPositivePermissionCollection.add(permission);
                        return jGPositivePermissionCollection;
                    }
                    Element element2 = unresolvedPermAndValuesToResolvedPerm.get(createKey(permission, hashMap));
                    if (element2 != null) {
                        PermissionCollection permissionCollection = (PermissionCollection) element2.getValue();
                        logger.debug("get resolved permission from cache");
                        Enumeration<Permission> elements = permissionCollection.elements();
                        while (elements.hasMoreElements()) {
                            jGPositivePermissionCollection.add(elements.nextElement());
                        }
                        return jGPositivePermissionCollection;
                    }
                }
            } catch (CacheException e2) {
                logger.warn("Failed using caches : " + e2.getMessage());
            }
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(permission);
        HashMap hashMap2 = new HashMap();
        while (!arrayList.isEmpty()) {
            Permission permission2 = (Permission) arrayList.remove(0);
            String name = permission2.getName();
            Set resolvePartiallyExpression = resolvePartiallyExpression(name, JEXL_PATTERN, jexlContext, hashMap2, map);
            if (resolvePartiallyExpression == null) {
                return new JGPositivePermissionCollection();
            }
            if ((resolvePartiallyExpression.size() == 1 && resolvePartiallyExpression.contains(name)) ? false : true) {
                Iterator it = resolvePartiallyExpression.iterator();
                while (it.hasNext()) {
                    try {
                        arrayList.add(net.sf.jguard.core.authorization.Permission.getPermission(permission.getClass(), (String) it.next(), permission2.getActions()));
                    } catch (ClassNotFoundException e3) {
                        logger.warn(e3.getMessage());
                    }
                }
            } else {
                String actions = permission2.getActions();
                if (actions == null) {
                    actions = "";
                }
                String str2 = actions.split(",")[0];
                Set resolvePartiallyExpression2 = resolvePartiallyExpression(str2, JEXL_PATTERN, jexlContext, hashMap2, map);
                if (resolvePartiallyExpression2 == null) {
                    return new JGPositivePermissionCollection();
                }
                if ((resolvePartiallyExpression2.size() == 1 && resolvePartiallyExpression2.contains(str2)) ? false : true) {
                    Iterator it2 = resolvePartiallyExpression2.iterator();
                    while (it2.hasNext()) {
                        try {
                            arrayList.add(net.sf.jguard.core.authorization.Permission.getPermission(permission.getClass(), permission2.getName(), (String) it2.next()));
                        } catch (ClassNotFoundException e4) {
                            logger.warn(e4.getMessage());
                        }
                    }
                } else {
                    jGPositivePermissionCollection.add(permission2);
                }
            }
        }
        if (cachesEnabled) {
            try {
                if (!unresolvedPermToNeededExpressions.isKeyInCache(permission)) {
                    unresolvedPermToNeededExpressions.put(new Element(permission, new HashSet(hashMap2.keySet())));
                }
            } catch (CacheException e5) {
                logger.warn("Failed using caches : " + e5.getMessage());
            }
            unresolvedPermAndValuesToResolvedPerm.put(new Element(createKey(permission, hashMap2), jGPositivePermissionCollection));
            logger.debug("add resolved permissions to cache");
        }
        return jGPositivePermissionCollection;
    }

    private static Set resolvePartiallyExpression(String str, Pattern pattern, JexlContext jexlContext, Map<String, Object> map, Map<String, Object> map2) {
        boolean z = false;
        boolean z2 = false;
        HashSet hashSet = new HashSet();
        Matcher matcher = pattern.matcher(str);
        if (matcher.find()) {
            z = true;
            String group = matcher.group();
            String substring = group.substring(2, group.length() - 1);
            Object obj = null;
            if (map2.containsKey(substring)) {
                obj = map2.get(substring);
            } else {
                try {
                    obj = ExpressionFactory.createExpression(substring).evaluate(jexlContext);
                    map2.put(substring, obj);
                } catch (Exception e) {
                    logger.warn("Failed to resolve expression : " + substring);
                }
            }
            if (!map.containsKey(substring)) {
                map.put(substring, obj);
            }
            if (obj == null) {
                z2 = true;
            } else if (obj instanceof Set) {
                for (Object obj2 : (Set) obj) {
                    StringBuffer stringBuffer = new StringBuffer(str);
                    stringBuffer.replace(matcher.start(), matcher.end(), (String) obj2);
                    hashSet.add(stringBuffer.toString());
                }
            } else if (obj instanceof String) {
                StringBuffer stringBuffer2 = new StringBuffer(str);
                stringBuffer2.replace(matcher.start(), matcher.end(), (String) obj);
                hashSet.add(stringBuffer2.toString());
            }
        }
        if (!z) {
            hashSet.add(str);
        }
        if (z2) {
            return null;
        }
        return hashSet;
    }

    public static void createCaches() throws CacheException {
        if (unresolvedPermToNeededExpressions == null || unresolvedPermAndValuesToResolvedPerm == null) {
            logger.info("Creating caches for permissions evaluations");
            manager = CacheManager.create();
            unresolvedPermToNeededExpressions = manager.getCache("unresolvedPermToNeededExpressions");
            unresolvedPermAndValuesToResolvedPerm = manager.getCache("unresolvedPermAndValuesToResolvedPerm");
            if (unresolvedPermToNeededExpressions == null || unresolvedPermAndValuesToResolvedPerm == null) {
                logger.warn("Failed to create caches for permissions evaluations, use non-caching evaluation");
                cachesEnabled = false;
            } else {
                cachesEnabled = true;
            }
        }
        cachesEnabled = true;
    }

    public static boolean isCachesEnabled() {
        return cachesEnabled;
    }

    public static void setCachesEnabled(boolean z) {
        cachesEnabled = z;
    }

    public static Permissions mergePermissionCollections(PermissionCollection permissionCollection, PermissionCollection permissionCollection2) {
        Permissions permissions = new Permissions();
        addPermissionCollectionToPermissions(permissions, permissionCollection);
        addPermissionCollectionToPermissions(permissions, permissionCollection2);
        return permissions;
    }

    private static void addPermissionCollectionToPermissions(Permissions permissions, PermissionCollection permissionCollection) {
        if (permissionCollection == null || permissions == null) {
            return;
        }
        Enumeration<Permission> elements = permissionCollection.elements();
        while (elements.hasMoreElements()) {
            permissions.add(elements.nextElement());
        }
    }
}
