package com.logitags.cibet.actuator.shiro;

import com.logitags.cibet.actuator.AbstractActuator;
import com.logitags.cibet.actuator.DeniedException;
import com.logitags.cibet.context.Context;
import com.logitags.cibet.context.InternalSessionScope;
import com.logitags.cibet.core.EventMetadata;
import com.logitags.cibet.core.ExecutionStatus;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Collection;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;

/* loaded from: input_file:com/logitags/cibet/actuator/shiro/ShiroActuator.class */
public class ShiroActuator extends AbstractActuator {
    private static final long serialVersionUID = -8446298508040477937L;
    private static Log log = LogFactory.getLog(ShiroActuator.class);
    public static final String DEFAULTNAME = "SHIRO";
    private String[] isPermittedAll;
    private Boolean requiresAuthentication;
    private Boolean requiresGuest;
    private Boolean requiresUser;
    private Class<? extends DeniedException> deniedExceptionType;
    private Collection<String> hasAllRoles = new ArrayList();
    private boolean throwDeniedException = false;
    private boolean secondPrincipal = false;

    public ShiroActuator() {
        setName(DEFAULTNAME);
    }

    @Override // com.logitags.cibet.actuator.AbstractActuator, com.logitags.cibet.actuator.Actuator
    public void beforeEvent(EventMetadata eventMetadata) {
        Subject subject;
        PrincipalCollection principals;
        PrincipalCollection principals2;
        if (this.hasAllRoles.isEmpty() && this.isPermittedAll == null && this.requiresAuthentication == null && this.requiresGuest == null && this.requiresUser == null) {
            log.warn("no access rules defined");
            return;
        }
        if (this.secondPrincipal) {
            subject = (Subject) Context.internalSessionScope().getProperty(InternalSessionScope.SECOND_PRINCIPAL);
            if (subject == null) {
                log.warn("No Shiro Subject object found in CibetContext.getSecondPrincipal()");
                handleDeniedException(eventMetadata);
                return;
            }
        } else {
            subject = SecurityUtils.getSubject();
        }
        log.debug("authorize user " + subject.getPrincipal());
        if (this.requiresAuthentication != null && this.requiresAuthentication.booleanValue() && !subject.isAuthenticated()) {
            handleDeniedException(eventMetadata);
            return;
        }
        if (this.requiresGuest != null && this.requiresGuest.booleanValue() && (principals2 = subject.getPrincipals()) != null && !principals2.isEmpty()) {
            handleDeniedException(eventMetadata);
            return;
        }
        if (this.requiresUser != null && this.requiresUser.booleanValue() && ((principals = subject.getPrincipals()) == null || principals.isEmpty())) {
            handleDeniedException(eventMetadata);
            return;
        }
        if (!this.hasAllRoles.isEmpty() && !subject.hasAllRoles(this.hasAllRoles)) {
            handleDeniedException(eventMetadata);
        } else if (this.isPermittedAll == null || subject.isPermittedAll(this.isPermittedAll)) {
            log.debug("Access granted for user " + subject.getPrincipal());
        } else {
            handleDeniedException(eventMetadata);
        }
    }

    private void handleDeniedException(EventMetadata eventMetadata) {
        String user;
        eventMetadata.setExecutionStatus(ExecutionStatus.DENIED);
        if (this.secondPrincipal) {
            log.warn("Access denied for user " + Context.internalSessionScope().getSecondUser());
            user = Context.internalSessionScope().getSecondUser();
        } else {
            log.warn("Access denied for user " + Context.internalSessionScope().getUser());
            user = Context.internalSessionScope().getUser();
        }
        if (this.throwDeniedException) {
            try {
                eventMetadata.setException(this.deniedExceptionType.getConstructor(String.class, String.class).newInstance("Access denied", user));
            } catch (IllegalAccessException e) {
                throw new RuntimeException(e);
            } catch (InstantiationException e2) {
                throw new RuntimeException(e2);
            } catch (NoSuchMethodException e3) {
                throw new RuntimeException(e3);
            } catch (InvocationTargetException e4) {
                throw new RuntimeException(e4);
            }
        }
    }

    public Collection<String> getHasAllRoles() {
        return this.hasAllRoles;
    }

    public void setHasAllRoles(Collection<String> collection) {
        this.hasAllRoles = collection;
    }

    public String[] getIsPermittedAll() {
        return this.isPermittedAll;
    }

    public void setIsPermittedAll(String[] strArr) {
        this.isPermittedAll = strArr;
    }

    public Boolean getRequiresAuthentication() {
        return this.requiresAuthentication;
    }

    public void setRequiresAuthentication(Boolean bool) {
        if (bool == null) {
            bool = true;
        }
        this.requiresAuthentication = bool;
        log.debug("set requiresAuthentication: " + this.requiresAuthentication);
        if (bool.booleanValue()) {
            this.requiresGuest = false;
            this.requiresUser = false;
        }
    }

    public Boolean getRequiresGuest() {
        return this.requiresGuest;
    }

    public void setRequiresGuest(Boolean bool) {
        if (bool == null) {
            bool = true;
        }
        this.requiresGuest = bool;
        log.debug("set requiresGuest: " + this.requiresGuest);
        if (bool.booleanValue()) {
            this.requiresAuthentication = false;
            this.requiresUser = false;
        }
    }

    public Boolean getRequiresUser() {
        return this.requiresUser;
    }

    public void setRequiresUser(Boolean bool) {
        if (bool == null) {
            bool = true;
        }
        this.requiresUser = bool;
        log.debug("set requiresUser: " + this.requiresUser);
        if (bool.booleanValue()) {
            this.requiresAuthentication = false;
            this.requiresGuest = false;
        }
    }

    public boolean isThrowDeniedException() {
        return this.throwDeniedException;
    }

    public void setThrowDeniedException(boolean z) {
        this.throwDeniedException = z;
        if (this.throwDeniedException) {
            this.deniedExceptionType = resolveDeniedExceptionType();
        }
    }

    public boolean isSecondPrincipal() {
        return this.secondPrincipal;
    }

    public void setSecondPrincipal(boolean z) {
        this.secondPrincipal = z;
    }

    public Class<? extends DeniedException> getDeniedExceptionType() {
        return this.deniedExceptionType;
    }
}
