package org.fcrepo.auth.webac;

import java.net.URI;
import java.security.Principal;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import javax.inject.Inject;
import javax.jcr.PathNotFoundException;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import org.apache.http.auth.BasicUserPrincipal;
import org.apache.jena.rdf.model.Resource;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.fcrepo.auth.common.ContainerRolesPrincipalProvider;
import org.fcrepo.auth.common.DelegateHeaderPrincipalProvider;
import org.fcrepo.auth.common.HttpHeaderPrincipalProvider;
import org.fcrepo.http.api.FedoraLdp;
import org.fcrepo.http.commons.api.rdf.HttpResourceConverter;
import org.fcrepo.http.commons.session.HttpSession;
import org.fcrepo.http.commons.session.SessionFactory;
import org.fcrepo.kernel.api.exception.RepositoryConfigurationException;
import org.fcrepo.kernel.api.exception.RepositoryRuntimeException;
import org.fcrepo.kernel.api.identifiers.IdentifierConverter;
import org.fcrepo.kernel.api.models.FedoraResource;
import org.fcrepo.kernel.modeshape.FedoraResourceImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/fcrepo/auth/webac/WebACAuthorizingRealm.class */
public class WebACAuthorizingRealm extends AuthorizingRealm {
    private static final Logger log = LoggerFactory.getLogger(WebACAuthorizingRealm.class);
    private static final ContainerRolesPrincipalProvider.ContainerRolesPrincipal adminPrincipal = new ContainerRolesPrincipalProvider.ContainerRolesPrincipal("fedoraAdmin");
    private static final ContainerRolesPrincipalProvider.ContainerRolesPrincipal userPrincipal = new ContainerRolesPrincipalProvider.ContainerRolesPrincipal("fedoraUser");

    @Inject
    private SessionFactory sessionFactory;

    @Inject
    private HttpServletRequest request;

    @Inject
    private WebACRolesProvider rolesProvider;
    private HttpSession session;
    private IdentifierConverter<Resource, FedoraResource> idTranslator;

    @Context
    private UriInfo uriInfo;

    private HttpSession session() {
        if (this.session == null) {
            this.session = this.sessionFactory.getSession(this.request);
        }
        return this.session;
    }

    private IdentifierConverter<Resource, FedoraResource> translator() {
        if (this.idTranslator == null) {
            this.idTranslator = new HttpResourceConverter(session(), UriBuilder.fromResource(FedoraLdp.class));
        }
        return this.idTranslator;
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        boolean z = false;
        Collection byType = principalCollection.byType(DelegateHeaderPrincipalProvider.DelegatedHeaderPrincipal.class);
        if (principalCollection.byType(ContainerRolesPrincipalProvider.ContainerRolesPrincipal.class).contains(adminPrincipal)) {
            if (byType.size() > 1) {
                throw new RepositoryConfigurationException("Too many delegates! " + byType);
            }
            if (byType.size() < 1) {
                simpleAuthorizationInfo.addRole("fedoraAdmin");
                return simpleAuthorizationInfo;
            }
            z = true;
            simpleAuthorizationInfo.addRole("fedoraUser");
        } else if (principalCollection.byType(ContainerRolesPrincipalProvider.ContainerRolesPrincipal.class).contains(userPrincipal)) {
            simpleAuthorizationInfo.addRole("fedoraUser");
        }
        Map<String, Collection<String>> rolesForPath = getRolesForPath();
        Iterator it = principalCollection.asList().iterator();
        while (it.hasNext()) {
            log.debug("User has principal with name: {}", ((Principal) it.next()).getName());
        }
        Principal principal = (Principal) principalCollection.oneByType(BasicUserPrincipal.class);
        Collection byType2 = principalCollection.byType(HttpHeaderPrincipalProvider.HttpHeaderPrincipal.class);
        if (z && byType.size() == 1) {
            DelegateHeaderPrincipalProvider.DelegatedHeaderPrincipal delegatedHeaderPrincipal = (DelegateHeaderPrincipalProvider.DelegatedHeaderPrincipal) byType.iterator().next();
            log.debug("Admin user is delegating to {}", delegatedHeaderPrincipal);
            addPermissions(simpleAuthorizationInfo, rolesForPath, delegatedHeaderPrincipal.getName());
            addPermissions(simpleAuthorizationInfo, rolesForPath, URIConstants.WEBAC_AUTHENTICATED_AGENT_VALUE);
        } else if (principal != null) {
            log.debug("Basic user principal username: {}", principal.getName());
            addPermissions(simpleAuthorizationInfo, rolesForPath, principal.getName());
            addPermissions(simpleAuthorizationInfo, rolesForPath, URIConstants.WEBAC_AUTHENTICATED_AGENT_VALUE);
        } else {
            log.debug("No basic user principal found");
        }
        if (byType2.isEmpty()) {
            log.debug("No header principals found!");
        }
        byType2.forEach(httpHeaderPrincipal -> {
            addPermissions(simpleAuthorizationInfo, rolesForPath, httpHeaderPrincipal.getName());
        });
        addPermissions(simpleAuthorizationInfo, rolesForPath, URIConstants.FOAF_AGENT_VALUE);
        return simpleAuthorizationInfo;
    }

    private Map<String, Collection<String>> getRolesForPath() {
        Map<String, Collection<String>> map = null;
        FedoraResourceImpl resourceOrParentFromPath = getResourceOrParentFromPath(this.request.getPathInfo());
        if (resourceOrParentFromPath != null) {
            map = this.rolesProvider.getRoles(resourceOrParentFromPath.getNode());
        }
        return map;
    }

    private void addPermissions(SimpleAuthorizationInfo simpleAuthorizationInfo, Map<String, Collection<String>> map, String str) {
        Collection<String> collection;
        if (map == null || (collection = map.get(str)) == null) {
            return;
        }
        URI create = URI.create(this.request.getRequestURL().toString());
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            WebACPermission webACPermission = new WebACPermission(URI.create(it.next()), create);
            simpleAuthorizationInfo.addObjectPermission(webACPermission);
            log.debug("Added permission {}", webACPermission);
        }
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        return null;
    }

    public boolean supports(AuthenticationToken authenticationToken) {
        return false;
    }

    private FedoraResource getResourceOrParentFromPath(String str) {
        FedoraResource fedoraResource = null;
        log.debug("Attempting to get FedoraResource for {}", str);
        try {
            fedoraResource = (FedoraResource) translator().convert(translator().toDomain(str));
            log.debug("Got FedoraResource for {}", str);
        } catch (RepositoryRuntimeException e) {
            if (e.getCause() instanceof PathNotFoundException) {
                log.debug("Path {} does not exist", str);
                if (str.length() > 1) {
                    int lastIndexOf = str.lastIndexOf("/");
                    fedoraResource = getResourceOrParentFromPath(str.substring(0, lastIndexOf > 0 ? lastIndexOf : lastIndexOf + 1));
                }
            }
        }
        return fedoraResource;
    }
}
