package org.exoplatform.services.security.impl;

import java.security.Principal;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.exoplatform.container.component.ComponentPlugin;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.container.xml.ValueParam;
import org.exoplatform.services.log.LogService;
import org.exoplatform.services.organization.Group;
import org.exoplatform.services.organization.Membership;
import org.exoplatform.services.organization.OrganizationService;
import org.exoplatform.services.security.SecurityService;
import org.exoplatform.services.security.SubjectEventListener;
import org.exoplatform.services.security.jaas.JAASGroup;
import org.exoplatform.services.security.sso.SSOAuthenticationConfig;
import org.exoplatform.services.security.sso.impl.BaseSSOAuthentication;

/* loaded from: input_file:org/exoplatform/services/security/impl/SecurityServiceImpl.class */
public class SecurityServiceImpl implements SecurityService {
    private Map subjects = new HashMap();
    private Log log_;
    private OrganizationService orgService_;
    private String authentication_;
    private BaseSSOAuthentication SSOAuthentication_;

    public SecurityServiceImpl(LogService logService, OrganizationService organizationService, InitParams initParams) {
        this.log_ = logService.getLog("org.exoplatform.services.security");
        this.orgService_ = organizationService;
        ValueParam valueParam = initParams.getValueParam("security.authentication");
        this.authentication_ = null;
        this.SSOAuthentication_ = null;
        if (valueParam != null) {
            this.authentication_ = valueParam.getValue();
        }
        if (this.authentication_ == null || this.authentication_.equals("")) {
            this.authentication_ = "standalone";
        }
    }

    public boolean authenticate(String str, String str2) throws Exception {
        if (str2 != null && !"".equals(str2)) {
            return this.orgService_.getUserHandler().authenticate(str, str2);
        }
        this.log_.debug("password must not be null or empty");
        throw new Exception("password must not be null or empty");
    }

    public void setUpAndCacheSubject(String str, Subject subject) throws Exception {
        subject.getPrincipals().add(new UserPrincipalImpl(str));
        try {
            Collection findGroupsOfUser = this.orgService_.getGroupHandler().findGroupsOfUser(str);
            JAASGroup jAASGroup = new JAASGroup(JAASGroup.ROLES);
            Iterator it = findGroupsOfUser.iterator();
            while (it.hasNext()) {
                jAASGroup.addMember(new RolePrincipalImpl(StringUtils.split(((Group) it.next()).getId(), "/")[0]));
            }
            subject.getPrincipals().add(jAASGroup);
            this.subjects.put(str, subject);
        } catch (Exception e) {
            throw new Exception(e);
        }
    }

    public void setUpAndCacheSubjectTomcat55(String str, Subject subject) throws Exception {
        subject.getPrincipals().add(new UserPrincipalImpl(str));
        try {
            Iterator it = this.orgService_.getGroupHandler().findGroupsOfUser(str).iterator();
            while (it.hasNext()) {
                subject.getPrincipals().add(new RolePrincipalImpl(StringUtils.split(((Group) it.next()).getId(), "/")[0]));
            }
            this.subjects.put(str, subject);
        } catch (Exception e) {
            throw new Exception(e);
        }
    }

    public boolean isUserInRole(String str, String str2) {
        Subject subject = (Subject) this.subjects.get(str);
        if (subject == null) {
            return false;
        }
        Iterator it = subject.getPrincipals(java.security.acl.Group.class).iterator();
        while (it.hasNext()) {
            Enumeration<? extends Principal> members = ((java.security.acl.Group) it.next()).members();
            while (members.hasMoreElements()) {
                if (members.nextElement().getName().equals(str2)) {
                    return true;
                }
            }
        }
        return false;
    }

    public boolean hasMembershipInGroup(String str, String str2, String str3) {
        try {
            Iterator it = this.orgService_.getGroupHandler().findGroupsOfUser(str).iterator();
            if (!"*".equals(str2)) {
                while (it.hasNext()) {
                    try {
                        Iterator it2 = this.orgService_.getMembershipHandler().findMembershipsByUserAndGroup(str, ((Group) it.next()).getId()).iterator();
                        while (it2.hasNext()) {
                            if (((Membership) it2.next()).getMembershipType().equals(str2)) {
                                return true;
                            }
                        }
                    } catch (Exception e) {
                        return false;
                    }
                }
                return false;
            }
            while (it.hasNext()) {
                if (str3.equals(((Group) it.next()).getId())) {
                    return true;
                }
            }
            return false;
        } catch (Exception e2) {
            return false;
        }
    }

    public boolean hasMembershipInGroup(String str, String str2) {
        if ("*".equals(str2)) {
            return true;
        }
        return hasMembershipInGroup(str, str2.substring(0, str2.indexOf(":")), str2.substring(str2.indexOf(":") + 1));
    }

    public Subject getSubject(String str) {
        this.log_.debug("get subject for user " + str);
        return (Subject) this.subjects.get(str);
    }

    public void removeSubject(String str) {
        this.log_.debug("remove subject for user " + str);
        this.subjects.remove(str);
    }

    public void addSubjectEventListener(SubjectEventListener subjectEventListener) {
    }

    public String getSSOAuthentication() {
        if (this.SSOAuthentication_ != null) {
            return this.SSOAuthentication_.getSSOAuthenticationConfig().getAuthenticationName();
        }
        return null;
    }

    public SSOAuthenticationConfig getSSOAuthenticationConfig() {
        if (this.SSOAuthentication_ != null) {
            return this.SSOAuthentication_.getSSOAuthenticationConfig();
        }
        return null;
    }

    public boolean isSSOAuthentication() {
        return "sso".equals(this.authentication_);
    }

    public boolean isStandaloneAuthentication() {
        return "standalone".equals(this.authentication_);
    }

    public String getProxyTicket(String str, String str2) throws Exception {
        if (!isSSOAuthentication()) {
            throw new Exception("Portal is configured for standalone authentication. No proxy authentication feature available !");
        }
        if (this.SSOAuthentication_ == null) {
            throw new Exception("No SSO authentication configured !");
        }
        Iterator<Object> it = getSubject(str).getPrivateCredentials().iterator();
        if (it.hasNext()) {
            return this.SSOAuthentication_.getProxyTicket((String) it.next(), str2);
        }
        return null;
    }

    public void setSSOAuthenticationPlugin(ComponentPlugin componentPlugin) {
        this.SSOAuthentication_ = (BaseSSOAuthentication) componentPlugin;
    }

    public Log getLog() {
        return this.log_;
    }

    public Map getSubjects() {
        return this.subjects;
    }

    public OrganizationService getOrgService() {
        return this.orgService_;
    }
}
