package net.phaedra.auth.wicket;

import java.util.HashMap;
import net.phaedra.auth.AllowAccessForEveryOne;
import net.phaedra.auth.AuthenticationRequired;
import net.phaedra.auth.BasicPermission;
import net.phaedra.auth.Permission;
import net.phaedra.auth.persistence.PermissionRepository;
import net.phaedra.auth.springsecurity.PhaedraAuthentication;
import net.phaedra.webapp.BasicWebApplication;
import org.apache.wicket.Application;
import org.apache.wicket.Component;
import org.apache.wicket.RestartResponseAtInterceptPageException;
import org.apache.wicket.authorization.Action;
import org.apache.wicket.authorization.IAuthorizationStrategy;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.security.actions.ActionFactory;
import org.apache.wicket.security.strategies.LoginException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.SpringSecurityException;
import org.springframework.security.context.SecurityContextHolder;

/* loaded from: input_file:net/phaedra/auth/wicket/AcegiAuthorizationStrategy.class */
public final class AcegiAuthorizationStrategy implements IAuthorizationStrategy {
    private final PermissionRepository permessoRepository;
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private final HashMap accessMap = new HashMap();

    public AcegiAuthorizationStrategy(PermissionRepository permissionRepository) {
        this.permessoRepository = permissionRepository;
        this.accessMap.put("access", Permission.AccessLevel.ACCESS);
        this.accessMap.put("access, render", Permission.AccessLevel.READ);
        this.accessMap.put("access, render, enable", Permission.AccessLevel.WRITE);
    }

    private boolean isComponentAuthenticated(Component component) {
        if (component.getClass().isAnnotationPresent(AllowAccessForEveryOne.class)) {
            return true;
        }
        return isUserAuthenticated();
    }

    private boolean isUserAuthenticated() {
        return SecurityContextHolder.getContext().getAuthentication() != null;
    }

    public void login(Object obj) throws LoginException {
        if (obj == null) {
            throw new LoginException("Not enough information to login");
        }
        Authentication authentication = (Authentication) obj;
        try {
            AuthenticationManager authenticationManager = Application.get().getAuthenticationManager();
            if (authenticationManager == null) {
                throw new LoginException("AuthenticationManager is not available, check if your spring config contains a property for the authenticationManager in your wicketApplication bean.");
            }
            setAuthentication(authenticationManager.authenticate(authentication));
            this.logger.info("login succesfull for token: " + obj);
        } catch (RuntimeException e) {
            setAuthentication(null);
            throw new LoginException(e);
        } catch (SpringSecurityException e2) {
            setAuthentication(null);
            throw new LoginException(e2);
        }
    }

    private void setAuthentication(Authentication authentication) {
        SecurityContextHolder.getContext().setAuthentication(authentication);
    }

    public boolean logoff() {
        setAuthentication(null);
        return true;
    }

    public boolean isInstantiationAuthorized(Class cls) {
        if (!cls.isAnnotationPresent(AuthenticationRequired.class) || isUserAuthenticated()) {
            return true;
        }
        throw new RestartResponseAtInterceptPageException(BasicWebApplication.get().getLoginPage());
    }

    public boolean isActionAuthorized(Component component, Action action) {
        if (component.getClass().isAnnotationPresent(AllowAccessForEveryOne.class)) {
            return true;
        }
        String simpleName = component instanceof WebPage ? component.getPage().getClass().getSimpleName() : String.valueOf(component.getPage().getClass().getSimpleName()) + "." + component.getId();
        if (!this.permessoRepository.exists(simpleName)) {
            return true;
        }
        String name = getActionFactory().getAction(action).getName();
        if (!((BasicPermission) this.permessoRepository.readByCode(simpleName)).isAccessLevel((Permission.AccessLevel) this.accessMap.get(name))) {
            return true;
        }
        if (!isComponentAuthenticated(component)) {
            return false;
        }
        PhaedraAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if ("access".equals(name)) {
            return true;
        }
        return authentication.hasPermission(simpleName, name);
    }

    protected final ActionFactory getActionFactory() {
        return BasicWebApplication.get().getActionFactory();
    }
}
