package net.sf.jguard.ext.authentication.manager;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import javax.security.auth.Subject;
import net.sf.jguard.core.PolicyEnforcementPointOptions;
import net.sf.jguard.core.authentication.AuthenticationException;
import net.sf.jguard.core.authentication.credentials.JGuardCredential;
import net.sf.jguard.core.authentication.manager.AuthenticationManager;
import net.sf.jguard.core.authentication.manager.AuthenticationManagerFactory;
import net.sf.jguard.core.organization.Organization;
import net.sf.jguard.core.principals.PrincipalUtils;
import net.sf.jguard.core.principals.RolePrincipal;
import net.sf.jguard.core.principals.UserPrincipal;
import net.sf.jguard.core.provisioning.OrganizationTemplate;
import net.sf.jguard.core.provisioning.RegistrationException;
import net.sf.jguard.core.provisioning.SubjectTemplate;
import net.sf.jguard.core.util.XMLUtils;
import net.sf.jguard.ext.SecurityConstants;
import net.sf.jguard.ext.util.SubjectUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/sf/jguard/ext/authentication/manager/AbstractAuthenticationManager.class */
public abstract class AbstractAuthenticationManager implements AuthenticationManager {
    private static final Logger logger = LoggerFactory.getLogger(AbstractAuthenticationManager.class.getName());
    protected OrganizationTemplate organizationTemplate;
    private static final String credentialId = "login";
    private static final String credentialPassword = "password";
    protected String applicationName;
    protected boolean debug = false;
    protected Organization defaultOrganization = null;
    protected Set localPrincipalsSet = new HashSet();
    protected Map localPrincipals = new HashMap();
    protected Set organizations = new HashSet();

    public AbstractAuthenticationManager(Map map) {
        this.applicationName = (String) map.get(PolicyEnforcementPointOptions.APPLICATION_NAME.getLabel());
    }

    public String getApplicationName() {
        return this.applicationName;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void importXmlData(Map map) {
        String str = (String) map.get("authenticationXmlFileLocation");
        if (str == null || "".equals(str)) {
            throw new IllegalArgumentException("authenticationXmlFileLocation parameter =" + str);
        }
        String resolveLocation = XMLUtils.resolveLocation(str);
        HashMap hashMap = new HashMap();
        hashMap.put(PolicyEnforcementPointOptions.APPLICATION_NAME.getLabel(), this.applicationName);
        hashMap.put("authenticationXmlFileLocation", resolveLocation.substring(0, resolveLocation.lastIndexOf(47)) + "/jGuardUsersPrincipals.xml");
        importAuthenticationManager(new XmlAuthenticationManager(hashMap));
    }

    public Organization getDefaultOrganization() {
        if (this.defaultOrganization == null) {
            this.defaultOrganization = findOrganization(SecurityConstants.SYSTEM);
        }
        if (this.defaultOrganization == null) {
            try {
                OrganizationTemplate organizationTemplate = (OrganizationTemplate) getOrganizationTemplate().clone();
                Set credentials = organizationTemplate.getCredentials();
                Iterator it = credentials.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (((JGuardCredential) it.next()).getName().equals("id")) {
                        it.remove();
                        break;
                    }
                }
                credentials.add(new JGuardCredential("id", SecurityConstants.SYSTEM));
                this.defaultOrganization = createOrganization(organizationTemplate);
            } catch (CloneNotSupportedException e) {
                throw new RuntimeException(e.getMessage(), e);
            } catch (RegistrationException e2) {
                throw new RuntimeException(" default organization called 'system' is not present and cannot be created automatically ", e2);
            }
        }
        return this.defaultOrganization;
    }

    public abstract void setOrganizationTemplate(OrganizationTemplate organizationTemplate) throws AuthenticationException;

    public Subject createUser(SubjectTemplate subjectTemplate, Organization organization) throws RegistrationException {
        if (organization == null) {
            throw new IllegalArgumentException("organization is  null ");
        }
        organization.getSubjectTemplate().validateTemplate(subjectTemplate);
        Subject subject = organization.getSubjectTemplate().toSubject(subjectTemplate, organization);
        try {
            if (userAlreadyExists(subject)) {
                throw new RegistrationException(" user already exists ");
            }
            persistUser(subject);
            logger.debug(" user persisted \n");
            return subject;
        } catch (AuthenticationException e) {
            throw new RegistrationException(e);
        }
    }

    public Subject createUser(Subject subject, Organization organization) throws AuthenticationException {
        if (organization == null) {
            throw new IllegalArgumentException(" organization is null ");
        }
        Set validateRequiredCredentialsFromUser = organization.getSubjectTemplate().validateRequiredCredentialsFromUser(subject);
        subject.getPrincipals(RolePrincipal.class).retainAll(this.localPrincipalsSet);
        if (validateRequiredCredentialsFromUser.size() != 0) {
            throw new AuthenticationException(" the user cannot be created :some credentials are missing " + validateRequiredCredentialsFromUser);
        }
        persistUser(subject);
        return subject;
    }

    public Organization createOrganization(OrganizationTemplate organizationTemplate) throws RegistrationException {
        OrganizationTemplate organizationTemplate2 = getOrganizationTemplate();
        if (organizationTemplate2 == null) {
            throw new IllegalStateException(" organizationTemplate is null");
        }
        return createOrganization(organizationTemplate2, organizationTemplate);
    }

    public Organization createOrganization(OrganizationTemplate organizationTemplate, OrganizationTemplate organizationTemplate2) throws RegistrationException {
        Organization organization;
        if (organizationTemplate == null) {
            throw new IllegalStateException(" organizationTemplate is null ");
        }
        if (organizationTemplate2 != null) {
            organizationTemplate.validateTemplate(organizationTemplate2);
            organization = organizationTemplate.buildOrganization(organizationTemplate2);
        } else {
            organization = organizationTemplate.toOrganization();
        }
        try {
            if (organizationAlreadyExists(organization)) {
                throw new RegistrationException(" organization already exists ");
            }
            persistOrganization(organization);
            logger.debug(" organization persisted \n");
            return organization;
        } catch (AuthenticationException e) {
            throw new RegistrationException(e);
        }
    }

    public void createPrincipal(Principal principal) throws AuthenticationException {
        if (this.localPrincipalsSet.contains(principal) || !isRoleAndLocal(principal)) {
            return;
        }
        this.localPrincipalsSet.add(principal);
        this.localPrincipals.put(principal.getName(), principal);
        persistPrincipal(principal);
    }

    protected abstract void persistUser(Subject subject) throws AuthenticationException;

    protected abstract void persistPrincipal(Principal principal) throws AuthenticationException;

    protected abstract void persistOrganization(Organization organization) throws AuthenticationException;

    public Set getLocalPrincipals() {
        return this.localPrincipalsSet;
    }

    public Principal getLocalPrincipal(String str) throws AuthenticationException {
        RolePrincipal rolePrincipal = (Principal) this.localPrincipals.get(str);
        if (rolePrincipal instanceof RolePrincipal) {
            return (Principal) rolePrincipal.clone();
        }
        return null;
    }

    public boolean userAlreadyExists(Subject subject) throws AuthenticationException {
        return findUser((String) extractIdentityCredentialFromUser(subject).getValue()) != null;
    }

    public boolean organizationAlreadyExists(Organization organization) throws AuthenticationException {
        return findOrganization(organization.getName()) != null;
    }

    public void addPrincipalToUser(Subject subject, String str) throws AuthenticationException {
        Principal principal = (Principal) this.localPrincipals.get(str);
        if (principal == null) {
            throw new AuthenticationException(" role " + str + " does not exists in the current web application ");
        }
        JGuardCredential extractIdentityCredentialFromUser = extractIdentityCredentialFromUser(subject);
        subject.getPrincipals().add(principal);
        updateUser(extractIdentityCredentialFromUser, subject);
    }

    public void addPrincipalToUser(Subject subject, String str, String str2) throws AuthenticationException {
        RolePrincipal rolePrincipal = new RolePrincipal(str, str2);
        JGuardCredential extractIdentityCredentialFromUser = extractIdentityCredentialFromUser(subject);
        subject.getPrincipals().add(rolePrincipal);
        updateUser(extractIdentityCredentialFromUser, subject);
    }

    public boolean hasPrincipal(Principal principal) throws AuthenticationException {
        return this.localPrincipalsSet.contains(principal);
    }

    public boolean hasPrincipal(String str) throws AuthenticationException {
        Iterator it = this.localPrincipalsSet.iterator();
        while (it.hasNext()) {
            if (((Principal) it.next()).getName().equals(str)) {
                return true;
            }
        }
        return false;
    }

    public void updateUser(JGuardCredential jGuardCredential, Subject subject) throws AuthenticationException {
        Set<Principal> principals = subject.getPrincipals();
        boolean z = false;
        Iterator it = subject.getPrincipals(UserPrincipal.class).iterator();
        while (it.hasNext()) {
            principals.remove((Principal) it.next());
            z = true;
        }
        updateUserImpl(jGuardCredential, subject);
        if (z) {
            subject.getPrincipals().add(new UserPrincipal(subject));
        }
    }

    protected abstract void updateUserImpl(JGuardCredential jGuardCredential, Subject subject) throws AuthenticationException;

    public abstract Set findUsers(Collection collection, Collection collection2) throws AuthenticationException;

    public abstract Set getUsers() throws AuthenticationException;

    public void importAuthenticationManager(AuthenticationManager authenticationManager) {
        if (authenticationManager.isEmpty()) {
            logger.warn(" authManager to import is empty ");
            return;
        }
        Set set = null;
        try {
            setOrganizationTemplate(authenticationManager.getOrganizationTemplate());
            set = authenticationManager.getAllPrincipalsSet();
        } catch (AuthenticationException e) {
            logger.error(" principals cannot be grabbed : ", e);
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            try {
                createPrincipal((Principal) it.next());
            } catch (AuthenticationException e2) {
                logger.error(" principal cannot persisted : ", e2);
            }
        }
        try {
            Iterator it2 = authenticationManager.getOrganizations().iterator();
            while (it2.hasNext()) {
                createOrganization((Organization) it2.next());
            }
        } catch (AuthenticationException e3) {
            logger.error(" principal cannot persisted : ", e3);
        }
        try {
            Iterator it3 = authenticationManager.getUsers().iterator();
            while (it3.hasNext()) {
                persistUser((Subject) it3.next());
            }
        } catch (AuthenticationException e4) {
            logger.error(" default subject template cannot be persisted : ", e4);
        }
    }

    protected Set extractCredentials(Set set, Set set2) {
        HashSet hashSet = new HashSet();
        Iterator it = set2.iterator();
        while (it.hasNext()) {
            JGuardCredential jGuardCredential = (JGuardCredential) it.next();
            String name = jGuardCredential.getName();
            Iterator it2 = set.iterator();
            while (it2.hasNext()) {
                if (((String) it2.next()).equals(name)) {
                    hashSet.add(jGuardCredential);
                }
            }
        }
        return hashSet;
    }

    protected Set extractCredentialsFromSubject(Set set, Subject subject) {
        HashSet hashSet = new HashSet();
        hashSet.addAll(extractCredentials(set, subject.getPublicCredentials(JGuardCredential.class)));
        hashSet.addAll(extractCredentials(set, subject.getPrivateCredentials(JGuardCredential.class)));
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JGuardCredential extractIdentityCredentialFromUser(Subject subject) throws AuthenticationException {
        HashSet hashSet = new HashSet();
        hashSet.add(getCredentialId());
        Set extractCredentialsFromSubject = extractCredentialsFromSubject(hashSet, subject);
        if (extractCredentialsFromSubject.size() > 1) {
            throw new IllegalArgumentException(" the user has got more than one identity argument ");
        }
        if (extractCredentialsFromSubject.size() < 1) {
            throw new IllegalArgumentException(" the user has'nt got  one identity argument ");
        }
        return (JGuardCredential) extractCredentialsFromSubject.iterator().next();
    }

    public Principal clonePrincipal(String str) throws AuthenticationException {
        return clonePrincipal(str, str + new Random().nextInt(99999));
    }

    public Principal clonePrincipal(String str, String str2) throws AuthenticationException {
        RolePrincipal principal;
        RolePrincipal rolePrincipal = (Principal) this.localPrincipals.get(str);
        if (rolePrincipal instanceof RolePrincipal) {
            principal = (RolePrincipal) rolePrincipal.clone();
            principal.setName(str2);
        } else {
            principal = PrincipalUtils.getPrincipal(rolePrincipal.getClass().getName(), str2);
        }
        createPrincipal(principal);
        return principal;
    }

    public void setActiveOnRolePrincipal(Subject subject, String str, String str2, boolean z) throws AuthenticationException {
        if (str.equals("guest")) {
            throw new AuthenticationException("guest 'active' property cannot be modified  ");
        }
        JGuardCredential extractIdentityCredentialFromUser = extractIdentityCredentialFromUser(subject);
        if (!z && !checkMultipleActiveRoleExists(subject)) {
            throw new AuthenticationException("only one role is active from the same application. user cannot inactivate it ");
        }
        RolePrincipal role = getRole(subject, str, str2);
        if (!(role instanceof RolePrincipal)) {
            logger.warn("active can only be applied to RolePrincipal");
        } else {
            role.setActive(z);
            updateUser(extractIdentityCredentialFromUser, subject);
        }
    }

    public Principal getRole(Subject subject, String str, String str2) throws AuthenticationException {
        if (str == null || str.equals("")) {
            throw new AuthenticationException("roleName is null or empty");
        }
        if (str2 == null || str2.equals("")) {
            throw new AuthenticationException("applicationName is null or empty");
        }
        Iterator<Principal> it = subject.getPrincipals().iterator();
        Principal principal = null;
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Principal next = it.next();
            if (str.equals(next.getName())) {
                principal = next;
                break;
            }
        }
        if (principal == null) {
            throw new AuthenticationException("  role not found with name=" + str + " and applicationName=" + str2);
        }
        return principal;
    }

    private boolean checkMultipleActiveRoleExists(Subject subject) {
        Iterator<Principal> it = subject.getPrincipals().iterator();
        int i = 0;
        while (it.hasNext()) {
            RolePrincipal rolePrincipal = (Principal) it.next();
            if (rolePrincipal instanceof RolePrincipal) {
                RolePrincipal rolePrincipal2 = rolePrincipal;
                if (rolePrincipal2.isActive() && this.applicationName.equals(rolePrincipal2.getApplicationName())) {
                    i++;
                }
            }
        }
        return i > 1;
    }

    public Subject findUser(String str) {
        Iterator it;
        HashSet hashSet = new HashSet();
        Subject subject = null;
        try {
            JGuardCredential jGuardCredential = new JGuardCredential();
            jGuardCredential.setName(getCredentialId());
            jGuardCredential.setValue(str);
            hashSet.add(jGuardCredential);
            it = findUsers(hashSet, new ArrayList()).iterator();
        } catch (AuthenticationException e) {
            logger.warn(e.getLocalizedMessage());
        }
        if (!it.hasNext()) {
            throw new AuthenticationException(" no user found ");
        }
        subject = (Subject) it.next();
        return subject;
    }

    public void updateRoleDefinition(Subject subject, String str, String str2, String str3) throws AuthenticationException {
        getRole(subject, str, str2).setDefinition(str3);
        AuthenticationManagerFactory.getAuthenticationManager().updateUser(SubjectUtils.getIdentityCredential(subject, this), subject);
    }

    public String getCredentialId() {
        return "login";
    }

    public OrganizationTemplate getOrganizationTemplate() {
        try {
            return (OrganizationTemplate) this.organizationTemplate.clone();
        } catch (CloneNotSupportedException e) {
            throw new IllegalStateException("organizationtemplate cannot be cloned " + e.getMessage());
        }
    }

    private Organization createOrganization(Organization organization) throws RegistrationException {
        return createOrganization(new OrganizationTemplate(organization));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isRoleAndLocal(Principal principal) {
        if (this.applicationName == null) {
            throw new IllegalStateException(" applicationName is null and must be defined ");
        }
        return isRole(principal) && this.applicationName.equals(((RolePrincipal) principal).getApplicationName());
    }

    protected boolean isRole(Principal principal) {
        return principal.getClass().isAssignableFrom(RolePrincipal.class);
    }

    public String getCredentialPassword() {
        return credentialPassword;
    }
}
