package org.apache.directory.fortress.core.impl;

import java.io.Serializable;
import java.util.List;
import java.util.Set;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.directory.fortress.annotation.AdminPermissionOperation;
import org.apache.directory.fortress.core.AccessMgr;
import org.apache.directory.fortress.core.GlobalErrIds;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.model.Group;
import org.apache.directory.fortress.core.model.Permission;
import org.apache.directory.fortress.core.model.Role;
import org.apache.directory.fortress.core.model.RoleConstraint;
import org.apache.directory.fortress.core.model.Session;
import org.apache.directory.fortress.core.model.User;
import org.apache.directory.fortress.core.model.UserRole;
import org.apache.directory.fortress.core.util.VUtil;

/* loaded from: input_file:WEB-INF/lib/fortress-core-3.0.1.jar:org/apache/directory/fortress/core/impl/AccessMgrImpl.class */
public class AccessMgrImpl extends Manageable implements AccessMgr, Serializable {
    private static final String CLS_NM = AccessMgrImpl.class.getName();
    private static final UserP userP = new UserP();
    private static final GroupP groupP = new GroupP();
    private static final PermP permP = new PermP();

    @Override // org.apache.directory.fortress.core.AccessMgr
    public Session authenticate(String str, String str2) throws SecurityException {
        VUtil.assertNotNullOrEmpty(str, GlobalErrIds.USER_ID_NULL, getFullMethodName(CLS_NM, "authenticate"));
        VUtil.assertNotNullOrEmpty(str2, GlobalErrIds.USER_PW_NULL, getFullMethodName(CLS_NM, "authenticate"));
        User user = new User(str);
        user.setContextId(this.contextId);
        User read = userP.read(user, false);
        read.setPassword(str2);
        read.setContextId(this.contextId);
        Session authenticate = userP.authenticate(read);
        authenticate.setUser(read);
        return authenticate;
    }

    @Override // org.apache.directory.fortress.core.AccessMgr
    public Session createSession(User user, boolean z) throws SecurityException {
        assertContext(CLS_NM, "createSession", user, GlobalErrIds.USER_NULL);
        return userP.createSession(user, z);
    }

    @Override // org.apache.directory.fortress.core.AccessMgr
    public Session createSession(User user, List<RoleConstraint> list, boolean z) throws SecurityException {
        assertContext(CLS_NM, "createSession", user, GlobalErrIds.USER_NULL);
        VUtil.assertNotNull(list, GlobalErrIds.ROLE_CONSTRAINT_NULL, "createSession");
        return userP.createSession(user, list, z);
    }

    @Override // org.apache.directory.fortress.core.AccessMgr
    public Session createSession(Group group) throws SecurityException {
        assertContext(CLS_NM, "createSession", group, GlobalErrIds.GROUP_NULL);
        return groupP.createSession(group);
    }

    @Override // org.apache.directory.fortress.core.AccessMgr
    @AdminPermissionOperation
    public boolean checkAccess(Session session, Permission permission) throws SecurityException {
        assertContext(CLS_NM, "checkAccess", permission, GlobalErrIds.PERM_NULL);
        assertContext(CLS_NM, "checkAccess", session, GlobalErrIds.USER_SESS_NULL);
        VUtil.assertNotNullOrEmpty(permission.getOpName(), GlobalErrIds.PERM_OPERATION_NULL, getFullMethodName(CLS_NM, "checkAccess"));
        VUtil.assertNotNullOrEmpty(permission.getObjName(), GlobalErrIds.PERM_OBJECT_NULL, getFullMethodName(CLS_NM, "checkAccess"));
        VUtil.getInstance().validateConstraints(session, VUtil.ConstraintType.USER, false);
        VUtil.getInstance().validateConstraints(session, VUtil.ConstraintType.ROLE, false);
        setEntitySession(CLS_NM, "checkAccess", session);
        return permP.checkPermission(session, permission);
    }

    @Override // org.apache.directory.fortress.core.AccessMgr
    @AdminPermissionOperation
    public boolean checkAccess(User user, Permission permission, boolean z) throws SecurityException {
        return checkAccess(createSession(user, z), permission);
    }

    @Override // org.apache.directory.fortress.core.AccessMgr
    public boolean isUserInRole(User user, Role role, boolean z) throws SecurityException {
        assertContext(CLS_NM, "isUserInRole", role, GlobalErrIds.ROLE_NULL);
        VUtil.assertNotNullOrEmpty(role.getName(), GlobalErrIds.ROLE_NM_NULL, getFullMethodName(CLS_NM, "isUserInRole"));
        boolean z2 = false;
        List<UserRole> roles = createSession(user, z).getRoles();
        UserRole userRole = new UserRole(user.getUserId(), role.getName());
        if (roles != null && roles.contains(userRole)) {
            z2 = true;
        }
        return z2;
    }

    @Override // org.apache.directory.fortress.core.AccessMgr
    @AdminPermissionOperation
    public List<Permission> sessionPermissions(Session session) throws SecurityException {
        assertContext(CLS_NM, "sessionPermissions", session, GlobalErrIds.USER_SESS_NULL);
        VUtil.getInstance().validateConstraints(session, VUtil.ConstraintType.USER, false);
        VUtil.getInstance().validateConstraints(session, VUtil.ConstraintType.ROLE, false);
        setEntitySession(CLS_NM, "sessionPermissions", session);
        return permP.search(session);
    }

    @Override // org.apache.directory.fortress.core.AccessMgr
    @AdminPermissionOperation
    public List<UserRole> sessionRoles(Session session) throws SecurityException {
        assertContext(CLS_NM, "sessionRoles", session, GlobalErrIds.USER_SESS_NULL);
        VUtil.getInstance().validateConstraints(session, VUtil.ConstraintType.USER, false);
        VUtil.getInstance().validateConstraints(session, VUtil.ConstraintType.ROLE, false);
        setEntitySession(CLS_NM, "sessionRoles", session);
        return session.getRoles();
    }

    @Override // org.apache.directory.fortress.core.AccessMgr
    @AdminPermissionOperation
    public Set<String> authorizedRoles(Session session) throws SecurityException {
        assertContext(CLS_NM, "authorizedRoles", session, GlobalErrIds.USER_SESS_NULL);
        if (session.isGroupSession()) {
            VUtil.assertNotNull(session.getGroup(), GlobalErrIds.GROUP_NULL, CLS_NM + ".authorizedRoles");
        } else {
            VUtil.assertNotNull(session.getUser(), GlobalErrIds.USER_NULL, CLS_NM + ".authorizedRoles");
        }
        VUtil.getInstance().validateConstraints(session, VUtil.ConstraintType.USER, false);
        VUtil.getInstance().validateConstraints(session, VUtil.ConstraintType.ROLE, false);
        setEntitySession(CLS_NM, "authorizedRoles", session);
        return RoleUtil.getInstance().getInheritedRoles(session.getRoles(), this.contextId);
    }

    @Override // org.apache.directory.fortress.core.AccessMgr
    public void addActiveRole(Session session, UserRole userRole) throws SecurityException {
        List<UserRole> roles;
        int indexOf;
        assertContext(CLS_NM, "addActiveRole", session, GlobalErrIds.USER_SESS_NULL);
        assertContext(CLS_NM, "addActiveRole", userRole, GlobalErrIds.ROLE_NULL);
        String groupName = session.isGroupSession() ? session.getGroupName() : session.getUserId();
        userRole.setUserId(groupName);
        List<UserRole> roles2 = session.getRoles();
        if (roles2 != null && roles2.contains(userRole)) {
            throw new SecurityException(GlobalErrIds.URLE_ALREADY_ACTIVE, getFullMethodName(CLS_NM, "addActiveRole") + " Entity [" + groupName + "] Role [" + userRole.getName() + "] role already activated.");
        }
        if (session.isGroupSession()) {
            Group group = new Group(session.getGroupName());
            group.setContextId(this.contextId);
            roles = groupP.read(group).getRoles();
        } else {
            User user = new User(session.getUserId());
            user.setContextId(this.contextId);
            roles = userP.read(user, true).getRoles();
        }
        if (CollectionUtils.isEmpty(roles) || (indexOf = roles.indexOf(userRole)) == -1) {
            throw new SecurityException(GlobalErrIds.URLE_ACTIVATE_FAILED, getFullMethodName(CLS_NM, "addActiveRole") + " Role [" + userRole.getName() + "] Entity [" + groupName + "] role not authorized for entity.");
        }
        SDUtil.getInstance().validateDSD(session, userRole);
        session.setRole(roles.get(indexOf));
        VUtil.getInstance().validateConstraints(session, VUtil.ConstraintType.ROLE, false);
    }

    @Override // org.apache.directory.fortress.core.AccessMgr
    public void dropActiveRole(Session session, UserRole userRole) throws SecurityException {
        assertContext(CLS_NM, "dropActiveRole", session, GlobalErrIds.USER_SESS_NULL);
        assertContext(CLS_NM, "dropActiveRole", userRole, GlobalErrIds.ROLE_NULL);
        userRole.setUserId(session.isGroupSession() ? session.getGroupName() : session.getUserId());
        List<UserRole> roles = session.getRoles();
        VUtil.assertNotNull(roles, GlobalErrIds.URLE_DEACTIVE_FAILED, CLS_NM + getFullMethodName(CLS_NM, "dropActiveRole"));
        if (roles.indexOf(userRole) == -1) {
            throw new SecurityException(GlobalErrIds.URLE_NOT_ACTIVE, getFullMethodName(CLS_NM, "dropActiveRole") + " Role [" + userRole.getName() + "] Entity [" + session.getUserId() + "], not previously activated");
        }
        roles.remove(userRole);
    }

    @Override // org.apache.directory.fortress.core.AccessMgr
    public String getUserId(Session session) throws SecurityException {
        assertContext(CLS_NM, "getUserId", session, GlobalErrIds.USER_SESS_NULL);
        return session.getUserId();
    }

    @Override // org.apache.directory.fortress.core.AccessMgr
    public User getUser(Session session) throws SecurityException {
        assertContext(CLS_NM, "getUser", session, GlobalErrIds.USER_SESS_NULL);
        return session.getUser();
    }
}
