package com.untzuntz.ustack.aaa;

import com.mongodb.BasicDBList;
import com.mongodb.DBObject;
import com.untzuntz.ustack.data.APIClient;
import com.untzuntz.ustack.data.UDataCache;
import com.untzuntz.ustack.data.UserAccount;
import com.untzuntz.ustack.exceptions.AuthorizationException;
import com.untzuntz.ustack.exceptions.InvalidAccessAttempt;
import com.untzuntz.ustack.exceptions.InvalidAuthorizationConfig;
import com.untzuntz.ustack.exceptions.InvalidUserAuthException;
import com.untzuntz.ustack.main.UOpts;
import java.util.List;
import java.util.Vector;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/untzuntz/ustack/aaa/Authorization.class */
public class Authorization {
    private static final int AUTH_CACHE_TTL = 300;
    private static Logger logger = Logger.getLogger(Authorization.class);

    public static boolean authorizeUserBool(UserAccount userAccount, String str, UStackPermissionEnum uStackPermissionEnum) {
        try {
            authorizeUser(userAccount, str, (DBObject) null, uStackPermissionEnum);
            return true;
        } catch (AuthorizationException e) {
            return false;
        }
    }

    public static boolean authorizeUserBool(UserAccount userAccount, String str, DBObject dBObject, UStackPermissionEnum uStackPermissionEnum) {
        try {
            authorizeUser(userAccount, str, dBObject, uStackPermissionEnum);
            return true;
        } catch (AuthorizationException e) {
            return false;
        }
    }

    public static boolean authorizeUserBool(UserAccount userAccount, String str, DBObject dBObject, String str2) {
        try {
            authorizeUser(userAccount, str, dBObject, str2);
            return true;
        } catch (AuthorizationException e) {
            return false;
        }
    }

    public static String buildCacheKey(UserAccount userAccount, String str, DBObject dBObject, String str2) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("[");
        stringBuffer.append("[").append(userAccount.getUserName()).append("]");
        stringBuffer.append("[").append(str.replaceAll(" ", "_")).append("]");
        if (dBObject == null) {
            stringBuffer.append("[").append("NULL").append("]");
        } else {
            stringBuffer.append("[").append(dBObject.toString().replaceAll(" ", "_")).append("]");
        }
        stringBuffer.append("[").append(str2).append("]");
        stringBuffer.append("]");
        return stringBuffer.toString();
    }

    public static String buildCacheKey(String str, String str2) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("[");
        stringBuffer.append("[API-").append(str).append("]");
        stringBuffer.append("[").append(str2).append("]");
        stringBuffer.append("]");
        return stringBuffer.toString();
    }

    public static void authorizeUser(UserAccount userAccount, String str, DBObject dBObject, UStackPermissionEnum uStackPermissionEnum) throws AuthorizationException {
        authorizeUser(userAccount, str, dBObject, uStackPermissionEnum.getPermission());
    }

    public static boolean authorizeAPIBool(String str, UStackPermissionEnum uStackPermissionEnum) {
        try {
            authorizeAPI(str, uStackPermissionEnum);
            return true;
        } catch (AuthorizationException e) {
            return false;
        }
    }

    public static void authorizeAPI(String str, UStackPermissionEnum uStackPermissionEnum) throws AuthorizationException {
        if (str == null) {
            throw new InvalidUserAuthException();
        }
        APIClient aPIClient = null;
        try {
            if (UOpts.getCacheEnabled()) {
                String str2 = (String) UDataCache.getInstance().get(buildCacheKey(str, uStackPermissionEnum.getPermission()));
                if ("TRUE".equals(str2)) {
                    logger.debug("Authorization Success (CACHE): [" + str + "/" + uStackPermissionEnum + "]");
                    return;
                } else if (str2 != null) {
                    throw new InvalidAccessAttempt();
                }
            }
            APIClient aPIClient2 = APIClient.getAPIClient(str);
            if (aPIClient2 == null) {
                throw new InvalidUserAuthException();
            }
            List<ResourceLink> resourceLinksByName = aPIClient2.getResourceLinksByName("*", null);
            if (resourceLinksByName.size() == 0) {
                throw new InvalidAccessAttempt();
            }
            logger.debug(String.valueOf(resourceLinksByName.size()) + " Resource Links Found");
            boolean z = false;
            for (int i = 0; !z && i < resourceLinksByName.size(); i++) {
                ResourceLink resourceLink = resourceLinksByName.get(i);
                ResourceDefinition byName = ResourceDefinition.getByName(resourceLink.getName());
                if (byName == null) {
                    throw new InvalidAuthorizationConfig("No resource named '" + resourceLink.getName() + "'");
                }
                RoleDefinition roleByName = byName.getRoleByName(resourceLink.getRoleName());
                if (roleByName == null) {
                    throw new InvalidAuthorizationConfig("No role named '" + resourceLink.getRoleName() + "' for resource '" + resourceLink.getName() + "'");
                }
                if (roleByName.hasPermission(uStackPermissionEnum.getPermission())) {
                    z = true;
                }
            }
            if (!z) {
                throw new InvalidAccessAttempt();
            }
            if (UOpts.getCacheEnabled()) {
                UDataCache.getInstance().set(buildCacheKey(str, uStackPermissionEnum.getPermission()), AUTH_CACHE_TTL, "TRUE");
            }
            logger.debug("Authorization Success (DIRECT): [" + aPIClient2.getClientId() + "/" + uStackPermissionEnum + "]");
        } catch (AuthorizationException e) {
            if (0 == 0) {
                logger.debug("Authorization FAILED: [NULL/" + uStackPermissionEnum + "]");
            } else {
                logger.debug("Authorization FAILED: [" + aPIClient.getClientId() + "/" + uStackPermissionEnum + "] => " + e.getMessage());
            }
            throw e;
        }
    }

    public static void authorizeUser(UserAccount userAccount, String str, DBObject dBObject, String str2) throws AuthorizationException {
        try {
            if (userAccount == null) {
                throw new InvalidUserAuthException();
            }
            if (UOpts.getCacheEnabled()) {
                String str3 = (String) UDataCache.getInstance().get(buildCacheKey(userAccount, str, dBObject, str2));
                if ("TRUE".equals(str3)) {
                    logger.debug("Authorization Success (CACHE): [" + userAccount.getUserName() + "/" + str + "/" + dBObject + "/" + str2 + "]");
                    return;
                } else if (str3 != null) {
                    throw new InvalidAccessAttempt();
                }
            }
            List<ResourceLink> resourceLinksByName = userAccount.getResourceLinksByName(str, dBObject);
            if (resourceLinksByName.size() == 0) {
                resourceLinksByName = userAccount.getResourceLinksByFullName(str, dBObject);
                if (resourceLinksByName.size() == 0) {
                    throw new InvalidAccessAttempt(str);
                }
            }
            logger.debug(String.valueOf(resourceLinksByName.size()) + " Resource Links Found : " + str + " // " + dBObject);
            boolean z = false;
            for (int i = 0; !z && i < resourceLinksByName.size(); i++) {
                ResourceLink resourceLink = resourceLinksByName.get(i);
                ResourceDefinition byName = ResourceDefinition.getByName(resourceLink.getName());
                if (byName == null) {
                    throw new InvalidAuthorizationConfig("No resource named '" + str + "'");
                }
                RoleDefinition roleByName = byName.getRoleByName(resourceLink.getRoleName());
                if (roleByName == null) {
                    throw new InvalidAuthorizationConfig("No role named '" + resourceLink.getRoleName() + "' for resource '" + str + "'");
                }
                if (roleByName.hasPermission(str2)) {
                    z = true;
                }
            }
            if (!z) {
                throw new InvalidAccessAttempt();
            }
            if (UOpts.getCacheEnabled()) {
                UDataCache.getInstance().set(buildCacheKey(userAccount, str, dBObject, str2), AUTH_CACHE_TTL, "TRUE");
            }
            logger.debug("Authorization Success (DIRECT): [" + userAccount.getUserName() + "/" + str + "/" + dBObject + "/" + str2 + "]");
        } catch (AuthorizationException e) {
            if (userAccount == null) {
                logger.debug("Authorization FAILED: [NULL/" + str + "/" + dBObject + "/" + str2 + "]");
            } else {
                logger.debug("Authorization FAILED: [" + userAccount.getUserName() + "/" + str + "/" + dBObject + "/" + str2 + "] => " + e.getMessage());
            }
            throw e;
        }
    }

    public static boolean hasPermission(ResourceLink resourceLink, UStackPermissionEnum uStackPermissionEnum) {
        try {
            hasPermission(resourceLink.getResourceDefinition(), resourceLink.getRoleName(), uStackPermissionEnum);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static void hasPermission(ResourceDefinition resourceDefinition, String str, UStackPermissionEnum uStackPermissionEnum) throws InvalidAuthorizationConfig, InvalidAccessAttempt {
        RoleDefinition roleByName = resourceDefinition.getRoleByName(str);
        if (roleByName == null) {
            throw new InvalidAuthorizationConfig("No role named '" + str + "' for resource '" + resourceDefinition + "'");
        }
        if (!roleByName.hasPermission(uStackPermissionEnum.getPermission())) {
            throw new InvalidAccessAttempt();
        }
    }

    public static List<ResourceLink> getUserAuthList(UserAccount userAccount, String str, DBObject dBObject, UStackPermissionEnum uStackPermissionEnum) throws AuthorizationException {
        Vector vector = new Vector();
        try {
            if (userAccount == null) {
                throw new InvalidUserAuthException();
            }
            logger.debug("getResourceLinksByName(" + str + ", " + dBObject + ")");
            List<ResourceLink> resourceLinksByName = userAccount.getResourceLinksByName(str, dBObject);
            if (resourceLinksByName.size() == 0) {
                throw new InvalidAccessAttempt();
            }
            BasicDBList basicDBList = new BasicDBList();
            for (int i = 0; i < resourceLinksByName.size(); i++) {
                ResourceLink resourceLink = resourceLinksByName.get(i);
                logger.debug("getByInternalName(" + str + ")");
                ResourceDefinition byName = ResourceDefinition.getByName(resourceLink.getName());
                if (byName == null) {
                    throw new InvalidAuthorizationConfig("No resource named '" + str + "'");
                }
                RoleDefinition roleByName = byName.getRoleByName(resourceLink.getRoleName());
                if (roleByName == null) {
                    throw new InvalidAuthorizationConfig("No role named '" + resourceLink.getRoleName() + "' for resource '" + str + "'");
                }
                if (roleByName.hasPermission(uStackPermissionEnum.getPermission())) {
                    vector.add(resourceLink);
                    basicDBList.add(resourceLink);
                    logger.debug("Found [" + byName.getInternalName() + "/" + byName.getName() + "] => " + resourceLink.getLinkText() + " / " + resourceLink.getRoleName());
                }
            }
            logger.debug("Authorization List Success (DIRECT): [" + userAccount.getUserName() + "/" + str + "/" + uStackPermissionEnum.getPermission() + "] => " + vector.size() + " results");
            return vector;
        } catch (AuthorizationException e) {
            logger.debug("Authorization List FAILED: [" + userAccount.getUserName() + "/" + str + "/" + uStackPermissionEnum.getPermission() + "] => " + e.getMessage());
            throw e;
        }
    }
}
