package org.codehaus.plexus.redback.authorization.rbac;

import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import org.codehaus.plexus.redback.authorization.AuthorizationDataSource;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.authorization.AuthorizationResult;
import org.codehaus.plexus.redback.authorization.Authorizer;
import org.codehaus.plexus.redback.authorization.NotAuthorizedException;
import org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluationException;
import org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator;
import org.codehaus.plexus.redback.rbac.Permission;
import org.codehaus.plexus.redback.rbac.RBACManager;
import org.codehaus.plexus.redback.rbac.RbacManagerException;
import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserManager;
import org.codehaus.plexus.redback.users.UserNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("authorizer#rbac")
/* loaded from: input_file:WEB-INF/lib/redback-authorization-rbac-1.2.4.jar:org/codehaus/plexus/redback/authorization/rbac/RbacAuthorizer.class */
public class RbacAuthorizer implements Authorizer {
    private Logger log = LoggerFactory.getLogger(RbacAuthorizer.class);

    @Resource(name = "rBACManager#cached")
    private RBACManager manager;

    @Resource(name = "userManager#configurable")
    private UserManager userManager;

    @Resource
    private PermissionEvaluator evaluator;

    @Override // org.codehaus.plexus.redback.authorization.Authorizer
    public String getId() {
        return "RBAC Authorizer - " + getClass().getName();
    }

    @Override // org.codehaus.plexus.redback.authorization.Authorizer
    public AuthorizationResult isAuthorized(AuthorizationDataSource authorizationDataSource) throws AuthorizationException {
        Object principal = authorizationDataSource.getPrincipal();
        Object permission = authorizationDataSource.getPermission();
        Object resource = authorizationDataSource.getResource();
        if (principal != null) {
            try {
                Map<String, List<Permission>> assignedPermissionMap = this.manager.getAssignedPermissionMap(principal.toString());
                if (assignedPermissionMap.keySet().contains(permission.toString())) {
                    for (Permission permission2 : assignedPermissionMap.get(permission.toString())) {
                        if (this.evaluator.evaluate(permission2, permission, resource, principal)) {
                            return new AuthorizationResult(true, permission2, null);
                        }
                    }
                }
            } catch (PermissionEvaluationException e) {
                return new AuthorizationResult(false, null, e);
            } catch (RbacObjectNotFoundException e2) {
                return new AuthorizationResult(false, null, e2);
            } catch (RbacManagerException e3) {
                return new AuthorizationResult(false, null, e3);
            } catch (UserNotFoundException e4) {
                return new AuthorizationResult(false, null, new NotAuthorizedException("no matching permissions, guest not found"));
            }
        }
        User guestUser = this.userManager.getGuestUser();
        if (!guestUser.isLocked()) {
            Map<String, List<Permission>> assignedPermissionMap2 = this.manager.getAssignedPermissionMap(guestUser.getPrincipal().toString());
            if (assignedPermissionMap2.keySet().contains(permission.toString())) {
                for (Permission permission3 : assignedPermissionMap2.get(permission.toString())) {
                    this.log.debug("checking permission " + permission3.getName());
                    if (this.evaluator.evaluate(permission3, permission, resource, guestUser.getPrincipal())) {
                        return new AuthorizationResult(true, permission3, null);
                    }
                }
            }
        }
        return new AuthorizationResult(false, null, new NotAuthorizedException("no matching permissions"));
    }
}
