package de.gwdg.cdstar.auth;

import de.gwdg.cdstar.auth.realm.Authenticator;
import de.gwdg.cdstar.auth.realm.Authorizer;
import de.gwdg.cdstar.auth.realm.GroupResolver;
import de.gwdg.cdstar.auth.realm.PermissionResolver;
import de.gwdg.cdstar.auth.realm.SessionStore;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gwdg/cdstar/auth/SubjectImpl.class */
public class SubjectImpl implements Subject {
    private final AuthConfigImpl config;
    static Logger log = LoggerFactory.getLogger((Class<?>) AuthConfigImpl.class);
    private Session session;
    private String rememberToken;

    public SubjectImpl(AuthConfigImpl authConfigImpl) {
        this.config = authConfigImpl;
    }

    @Override // de.gwdg.cdstar.auth.Subject
    public boolean tryLogin(Credentials credentials) {
        if (hasPrincipal()) {
            logout();
        }
        Iterator it = this.config.getRealmsByClass(Authenticator.class).iterator();
        while (it.hasNext()) {
            this.session = ((Authenticator) it.next()).login(credentials);
            if (this.session != null) {
                log.debug("Login accepted: [{}] -> [{}]", credentials, this);
                return true;
            }
        }
        log.debug("Login failed: [{}]", credentials);
        return false;
    }

    @Override // de.gwdg.cdstar.auth.Subject
    public Principal getPrincipal() {
        if (this.session == null) {
            return null;
        }
        return this.session.getPrincipal();
    }

    @Override // de.gwdg.cdstar.auth.Subject
    public AuthConfig getConfig() {
        return this.config;
    }

    @Override // de.gwdg.cdstar.auth.Subject
    public boolean isMemberOf(String str, String str2) {
        if (this.session == null) {
            return false;
        }
        if (str2 == null) {
            str2 = getPrincipal().getDomain();
        }
        GroupResolver groupResolver = null;
        for (GroupResolver groupResolver2 : this.config.getRealmsByClass(GroupResolver.class)) {
            switch (groupResolver2.isMemberOf(this.session, str, str2)) {
                case NO:
                    log.debug("Group check denied: [{}@{}] for [{}] by [{}]", str, str2, this, groupResolver2);
                    return false;
                case YES:
                    if (groupResolver == null) {
                        groupResolver = groupResolver2;
                        break;
                    } else {
                        break;
                    }
            }
        }
        if (groupResolver != null) {
            log.debug("Group check confirmed: [{}@{}] for [{}] by [{}]", str, str2, this, groupResolver);
            return true;
        }
        log.debug("Group check denied: [{}@{}] for [{}]", str, str2, this);
        return false;
    }

    @Override // de.gwdg.cdstar.auth.Subject
    public boolean isPermitted(Permission permission) {
        return permittedBy(permission) != null;
    }

    protected Authorizer permittedBy(Permission permission) {
        if (this.session == null) {
            return null;
        }
        ArrayList<Permission> arrayList = new ArrayList();
        arrayList.add(permission);
        Iterator it = this.config.getRealmsByClass(PermissionResolver.class).iterator();
        while (it.hasNext()) {
            Iterator<Permission> it2 = ((PermissionResolver) it.next()).resolve(permission).iterator();
            while (it2.hasNext()) {
                arrayList.add(it2.next());
            }
        }
        Authorizer authorizer = null;
        List<Authorizer> realmsByClass = this.config.getRealmsByClass(Authorizer.class);
        for (Permission permission2 : arrayList) {
            for (Authorizer authorizer2 : realmsByClass) {
                switch (authorizer2.isPermitted(this.session, permission)) {
                    case NO:
                        log.info("Permission [{}] denied for [{}] by [{}]", permission2, this, authorizer2);
                        return null;
                    case YES:
                        log.debug("Permission [{}] granted for [{}] by [{}]", permission2, this, authorizer2);
                        authorizer = authorizer2;
                        break;
                }
            }
        }
        if (authorizer != null) {
            return authorizer;
        }
        log.info("Permission [{}] not granted for [{}] by any installed authenticator", permission, this);
        return null;
    }

    @Override // de.gwdg.cdstar.auth.Subject
    public boolean isRemembered() {
        return this.session != null && this.session.isRemembered();
    }

    @Override // de.gwdg.cdstar.auth.Subject
    public String remember() {
        if (this.session == null) {
            throw new IllegalStateException("Cannot remember unauthenticated session");
        }
        if (this.rememberToken != null) {
            return this.rememberToken;
        }
        Iterator it = this.config.getRealmsByClass(SessionStore.class).iterator();
        while (it.hasNext()) {
            this.rememberToken = ((SessionStore) it.next()).remember(this.session);
            if (this.rememberToken != null) {
                return this.rememberToken;
            }
        }
        throw new UnsupportedOperationException("No realm was able to remember this subject.");
    }

    @Override // de.gwdg.cdstar.auth.Subject
    public boolean hasPrincipal() {
        return this.session != null;
    }

    @Override // de.gwdg.cdstar.auth.Subject
    public void logout() {
        this.session.getAuthenticator().logout(this.session);
        this.session = null;
    }

    public String toString() {
        return isAnonymous() ? "anonymous" : getPrincipal().toString();
    }
}
