package de.gwdg.cdstar.auth.simple;

import de.gwdg.cdstar.Utils;
import de.gwdg.cdstar.auth.Credentials;
import de.gwdg.cdstar.auth.KnownPrincipalCredentials;
import de.gwdg.cdstar.auth.Permission;
import de.gwdg.cdstar.auth.Principal;
import de.gwdg.cdstar.auth.Session;
import de.gwdg.cdstar.auth.StringPermission;
import de.gwdg.cdstar.auth.UsernamePasswordCredentials;
import de.gwdg.cdstar.auth.realm.Authenticator;
import de.gwdg.cdstar.auth.realm.Authorizer;
import de.gwdg.cdstar.auth.realm.CheckResult;
import de.gwdg.cdstar.auth.realm.GroupResolver;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:de/gwdg/cdstar/auth/simple/SimpleAuthorizer.class */
public class SimpleAuthorizer implements Authorizer, Authenticator, GroupResolver {
    Account anonymous;
    Map<QName, Account> accounts;
    Map<QName, Set<String>> groups;
    Map<String, Set<StringPermission>> roles;
    String domain;

    public SimpleAuthorizer(String str) {
        this.accounts = new HashMap();
        this.groups = new HashMap();
        this.roles = new HashMap();
        this.domain = "static";
        this.domain = str;
    }

    public SimpleAuthorizer() {
        this("static");
    }

    public Account account(String str) {
        return account(str, getDomain());
    }

    public Account account(String str, String str2) {
        return this.accounts.computeIfAbsent(new QName(str, str2), qName -> {
            return new Account(this, qName);
        });
    }

    public String getDomain() {
        return this.domain;
    }

    public Account addAnonymous() {
        if (this.anonymous == null) {
            this.anonymous = new Account(this, null);
        }
        return this.anonymous;
    }

    public void addRole(String str, String... strArr) {
        this.roles.computeIfAbsent(str, str2 -> {
            return new HashSet();
        }).addAll(Utils.map(Arrays.asList(strArr), StringPermission::parse));
    }

    public void addGroup(String str, String... strArr) {
        this.groups.computeIfAbsent(new QName(str, getDomain()), qName -> {
            return new HashSet();
        }).addAll(Arrays.asList(strArr));
    }

    @Override // de.gwdg.cdstar.auth.realm.Realm
    public String getName() {
        return this.domain;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Account resolveAccount(Session session) {
        if (session == 0) {
            return this.anonymous;
        }
        if (!(session instanceof Account)) {
            return resolveAccount(session.getPrincipal().getId(), session.getPrincipal().getDomain());
        }
        Account account = (Account) session;
        if (account.parent == this) {
            return account;
        }
        return null;
    }

    private Account resolveAccount(String str, String str2) {
        if (str2 == null) {
            str2 = getDomain();
        }
        return this.accounts.get(new QName(str, str2));
    }

    @Override // de.gwdg.cdstar.auth.realm.Authorizer
    public CheckResult isPermitted(Session session, Permission permission) {
        Account resolveAccount = resolveAccount(session);
        if (resolveAccount == null) {
            return CheckResult.UNKNOWN;
        }
        Iterator<StringPermission> it = resolveAccount.permissions.iterator();
        while (it.hasNext()) {
            if (it.next().implies(permission)) {
                return CheckResult.YES;
            }
        }
        Iterator<String> it2 = resolveAccount.roles.iterator();
        while (it2.hasNext()) {
            Iterator<StringPermission> it3 = this.roles.getOrDefault(it2.next(), Collections.emptySet()).iterator();
            while (it3.hasNext()) {
                if (it3.next().implies(permission)) {
                    return CheckResult.YES;
                }
            }
        }
        Iterator<QName> it4 = resolveAccount.groups.iterator();
        while (it4.hasNext()) {
            Iterator<String> it5 = this.groups.getOrDefault(it4.next(), Collections.emptySet()).iterator();
            while (it5.hasNext()) {
                Iterator<StringPermission> it6 = this.roles.getOrDefault(it5.next(), Collections.emptySet()).iterator();
                while (it6.hasNext()) {
                    if (it6.next().implies(permission)) {
                        return CheckResult.YES;
                    }
                }
            }
        }
        return CheckResult.UNKNOWN;
    }

    @Override // de.gwdg.cdstar.auth.realm.GroupResolver
    public CheckResult isMemberOf(Session session, String str, String str2) {
        Account resolveAccount = resolveAccount(session);
        return (resolveAccount == null || !resolveAccount.groups.contains(new QName(str, str2))) ? CheckResult.UNKNOWN : CheckResult.YES;
    }

    @Override // de.gwdg.cdstar.auth.realm.Authenticator
    public Session login(Credentials credentials) {
        if (credentials instanceof UsernamePasswordCredentials) {
            UsernamePasswordCredentials usernamePasswordCredentials = (UsernamePasswordCredentials) credentials;
            Account resolveAccount = resolveAccount(usernamePasswordCredentials.getName(), usernamePasswordCredentials.getDomain());
            if (resolveAccount != null && resolveAccount.checkPassword(usernamePasswordCredentials.getPassword())) {
                return new SimpleSession(resolveAccount, false);
            }
        }
        if (!(credentials instanceof KnownPrincipalCredentials)) {
            return null;
        }
        Principal principal = ((KnownPrincipalCredentials) credentials).getPrincipal();
        if ((principal instanceof Account) && ((Account) principal).parent == this) {
            return new SimpleSession((Account) principal, true);
        }
        return null;
    }

    @Override // de.gwdg.cdstar.auth.realm.Authenticator
    public void logout(Session session) {
    }
}
