package org.usergrid.rest.security;

import com.sun.jersey.api.model.AbstractMethod;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
import com.sun.jersey.spi.container.ResourceFilterFactory;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.usergrid.management.ApplicationInfo;
import org.usergrid.management.ManagementService;
import org.usergrid.persistence.EntityManagerFactory;
import org.usergrid.persistence.Identifier;
import org.usergrid.rest.exceptions.SecurityException;
import org.usergrid.rest.security.annotations.RequireAdminUserAccess;
import org.usergrid.rest.security.annotations.RequireApplicationAccess;
import org.usergrid.rest.security.annotations.RequireOrganizationAccess;
import org.usergrid.rest.security.annotations.RequireSystemAccess;
import org.usergrid.rest.utils.PathingUtils;
import org.usergrid.security.shiro.utils.SubjectUtils;
import org.usergrid.services.ServiceManagerFactory;

@Component
/* loaded from: input_file:usergrid-rest-0.0.27.1-classes.jar:org/usergrid/rest/security/SecuredResourceFilterFactory.class */
public class SecuredResourceFilterFactory implements ResourceFilterFactory {
    private static final Logger logger = LoggerFactory.getLogger(SecuredResourceFilterFactory.class);

    @Context
    private UriInfo uriInfo;
    EntityManagerFactory emf;
    ServiceManagerFactory smf;
    Properties properties;
    ManagementService management;

    /* loaded from: input_file:usergrid-rest-0.0.27.1-classes.jar:org/usergrid/rest/security/SecuredResourceFilterFactory$AbstractFilter.class */
    public abstract class AbstractFilter implements ResourceFilter, ContainerRequestFilter {
        public AbstractFilter() {
        }

        @Override // com.sun.jersey.spi.container.ResourceFilter
        public ContainerRequestFilter getRequestFilter() {
            return this;
        }

        @Override // com.sun.jersey.spi.container.ResourceFilter
        public ContainerResponseFilter getResponseFilter() {
            return null;
        }

        @Override // com.sun.jersey.spi.container.ContainerRequestFilter
        public ContainerRequest filter(ContainerRequest containerRequest) {
            SecuredResourceFilterFactory.logger.debug("Filtering {}", containerRequest.getRequestUri().toString());
            if (containerRequest.getMethod().equalsIgnoreCase("OPTIONS")) {
                SecuredResourceFilterFactory.logger.debug("Skipping option request");
                return containerRequest;
            }
            SecuredResourceFilterFactory.logger.debug("Params: {}", SecuredResourceFilterFactory.this.uriInfo.getPathParameters().keySet());
            authorize(containerRequest);
            return containerRequest;
        }

        public abstract void authorize(ContainerRequest containerRequest);

        public Identifier getApplicationIdentifier() {
            Identifier fromName;
            String first = SecuredResourceFilterFactory.this.uriInfo.getPathParameters().getFirst("applicationId");
            if (StringUtils.isNotEmpty(first)) {
                fromName = Identifier.from(first);
            } else {
                String assembleAppName = PathingUtils.assembleAppName(SecuredResourceFilterFactory.this.uriInfo.getPathParameters());
                if (SecuredResourceFilterFactory.logger.isDebugEnabled()) {
                    SecuredResourceFilterFactory.logger.debug("Pulled applicationName {}", assembleAppName);
                }
                fromName = Identifier.fromName(assembleAppName);
            }
            return fromName;
        }

        public Identifier getOrganizationIdentifier() {
            MultivaluedMap<String, String> pathParameters = SecuredResourceFilterFactory.this.uriInfo.getPathParameters();
            String first = pathParameters.getFirst("organizationId");
            return StringUtils.isNotEmpty(first) ? Identifier.from(first) : Identifier.fromName(pathParameters.getFirst(PathingUtils.PARAM_ORG_NAME));
        }

        public Identifier getUserIdentifier() {
            MultivaluedMap<String, String> pathParameters = SecuredResourceFilterFactory.this.uriInfo.getPathParameters();
            String first = pathParameters.getFirst("userId");
            if (StringUtils.isNotEmpty(first)) {
                return Identifier.from(first);
            }
            String first2 = pathParameters.getFirst("username");
            if (first2 != null) {
                return Identifier.fromName(first2);
            }
            String first3 = pathParameters.getFirst("email");
            if (first3 != null) {
                return Identifier.fromEmail(first3);
            }
            return null;
        }
    }

    /* loaded from: input_file:usergrid-rest-0.0.27.1-classes.jar:org/usergrid/rest/security/SecuredResourceFilterFactory$AdminUserFilter.class */
    public class AdminUserFilter extends AbstractFilter {
        public AdminUserFilter() {
            super();
        }

        @Override // org.usergrid.rest.security.SecuredResourceFilterFactory.AbstractFilter
        public void authorize(ContainerRequest containerRequest) {
            SecuredResourceFilterFactory.logger.debug("AdminUserFilter.authorize");
            if (!SubjectUtils.isUser(getUserIdentifier())) {
                throw SecurityException.mappableSecurityException("unauthorized", "No admin user access authorized");
            }
        }
    }

    /* loaded from: input_file:usergrid-rest-0.0.27.1-classes.jar:org/usergrid/rest/security/SecuredResourceFilterFactory$ApplicationFilter.class */
    private class ApplicationFilter extends AbstractFilter {
        protected ApplicationFilter() {
            super();
        }

        @Override // org.usergrid.rest.security.SecuredResourceFilterFactory.AbstractFilter
        public void authorize(ContainerRequest containerRequest) {
            SecuredResourceFilterFactory.logger.debug("ApplicationFilter.authorize");
            if (SubjectUtils.isAnonymous()) {
                ApplicationInfo applicationInfo = null;
                try {
                    applicationInfo = SecuredResourceFilterFactory.this.management.getApplicationInfo(getApplicationIdentifier());
                } catch (Exception e) {
                    e.printStackTrace();
                }
                Map<String, String> map = null;
                try {
                    map = SecuredResourceFilterFactory.this.emf.getEntityManager(applicationInfo.getId()).getRoles();
                    SecuredResourceFilterFactory.logger.debug("found roles {}", map);
                } catch (Exception e2) {
                    SecuredResourceFilterFactory.logger.error("Unable retrieve roles", (Throwable) e2);
                }
                if (map == null || !map.containsKey("guest")) {
                    throw SecurityException.mappableSecurityException("unauthorized", "No application guest access authorized");
                }
                SubjectUtils.loginApplicationGuest(applicationInfo);
            }
            if (!SubjectUtils.isPermittedAccessToApplication(getApplicationIdentifier())) {
                throw SecurityException.mappableSecurityException("unauthorized", "No application access authorized");
            }
        }
    }

    /* loaded from: input_file:usergrid-rest-0.0.27.1-classes.jar:org/usergrid/rest/security/SecuredResourceFilterFactory$OrganizationFilter.class */
    private class OrganizationFilter extends AbstractFilter {
        protected OrganizationFilter() {
            super();
        }

        @Override // org.usergrid.rest.security.SecuredResourceFilterFactory.AbstractFilter
        public void authorize(ContainerRequest containerRequest) {
            SecuredResourceFilterFactory.logger.debug("OrganizationFilter.authorize");
            if (!SubjectUtils.isPermittedAccessToOrganization(getOrganizationIdentifier())) {
                throw SecurityException.mappableSecurityException("unauthorized", "No organization access authorized");
            }
        }
    }

    /* loaded from: input_file:usergrid-rest-0.0.27.1-classes.jar:org/usergrid/rest/security/SecuredResourceFilterFactory$SystemFilter.class */
    public class SystemFilter extends AbstractFilter {
        public SystemFilter() {
            super();
        }

        @Override // org.usergrid.rest.security.SecuredResourceFilterFactory.AbstractFilter
        public void authorize(ContainerRequest containerRequest) {
            SecuredResourceFilterFactory.logger.debug("SystemFilter.authorize");
            try {
                if (containerRequest.isUserInRole("sysadmin")) {
                } else {
                    throw SecurityException.mappableSecurityException("unauthorized", "No system access authorized", "Usergrid Authentication");
                }
            } catch (IllegalStateException e) {
                if (containerRequest.getUserPrincipal() == null || !"sysadmin".equals(containerRequest.getUserPrincipal().getName())) {
                    throw SecurityException.mappableSecurityException("unauthorized", "No system access authorized", "Usergrid Authentication");
                }
            }
        }
    }

    public SecuredResourceFilterFactory() {
        logger.info("SecuredResourceFilterFactory is installed");
    }

    @Autowired
    public void setEntityManagerFactory(EntityManagerFactory entityManagerFactory) {
        this.emf = entityManagerFactory;
    }

    public EntityManagerFactory getEntityManagerFactory() {
        return this.emf;
    }

    @Autowired
    public void setServiceManagerFactory(ServiceManagerFactory serviceManagerFactory) {
        this.smf = serviceManagerFactory;
    }

    public ServiceManagerFactory getServiceManagerFactory() {
        return this.smf;
    }

    @Autowired
    public void setProperties(Properties properties) {
        this.properties = properties;
    }

    @Autowired
    public void setManagementService(ManagementService managementService) {
        this.management = managementService;
    }

    @Override // com.sun.jersey.spi.container.ResourceFilterFactory
    public List<ResourceFilter> create(AbstractMethod abstractMethod) {
        if (abstractMethod.isAnnotationPresent(RequireApplicationAccess.class)) {
            return Collections.singletonList(new ApplicationFilter());
        }
        if (abstractMethod.isAnnotationPresent(RequireOrganizationAccess.class)) {
            return Collections.singletonList(new OrganizationFilter());
        }
        if (abstractMethod.isAnnotationPresent(RequireSystemAccess.class)) {
            return Collections.singletonList(new SystemFilter());
        }
        if (abstractMethod.isAnnotationPresent(RequireAdminUserAccess.class)) {
            return Collections.singletonList(new AdminUserFilter());
        }
        return null;
    }
}
