package org.xillium.gear.auth;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.xillium.core.AuthorizationException;
import org.xillium.core.Authorizer;
import org.xillium.core.PlatformAware;
import org.xillium.core.Service;
import org.xillium.core.ServiceException;
import org.xillium.core.management.ManagedComponent;
import org.xillium.core.management.WithCache;
import org.xillium.data.DataBinder;
import org.xillium.data.persistence.Persistence;

/* loaded from: input_file:org/xillium/gear/auth/StandardAuthorizer.class */
public class StandardAuthorizer extends ManagedComponent implements Authorizer, PlatformAware, WithCache {
    private static final Logger _logger = Logger.getLogger(StandardAuthorizer.class.getName());
    private final Map<String, Permission[]> _roles = new HashMap();
    private final Authority _authority;
    private final Authenticator _authenticator;

    public StandardAuthorizer(Authority authority, Authenticator authenticator) {
        this._authority = authority;
        this._authenticator = authenticator;
    }

    public void configure(String str, String str2) {
    }

    public void initialize(String str, String str2) {
        refresh();
    }

    public void terminate(String str, String str2) {
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void refresh() {
        try {
            this._roles.clear();
            ArrayList arrayList = new ArrayList();
            String str = null;
            for (Permission permission : this._authority.loadRolesAndPermissions()) {
                if (str != null && !str.equals(permission.roleId)) {
                    _logger.fine(str + " with " + arrayList.size() + " authorizations");
                    this._roles.put(str, arrayList.toArray(new Permission[arrayList.size()]));
                    arrayList.clear();
                }
                str = permission.roleId;
                arrayList.add(permission);
            }
            if (str != null) {
                _logger.fine(str + " with " + arrayList.size() + " authorizations");
                this._roles.put(str, arrayList.toArray(new Permission[arrayList.size()]));
            }
            _logger.info("Completed loading all roles & permissions");
        } catch (Exception e) {
            throw new ServiceException("***FailureInLoadingRoles", e);
        }
    }

    public WithCache.CacheState getCacheState() {
        return null;
    }

    protected void authorize(String str, List<Role> list) throws AuthorizationException {
        int i = -1;
        int i2 = -1;
        String str2 = '/' + str;
        _logger.fine("target function is " + str2);
        _logger.fine("# of roles to check: " + list.size());
        for (Role role : list) {
            _logger.fine("role: " + role.roleId);
            Permission[] permissionArr = this._roles.get(role.roleId);
            if (permissionArr != null) {
                for (Permission permission : permissionArr) {
                    if (str2.startsWith(permission.function)) {
                        i = Math.max(i, role.permission + permission.permission);
                        i2 = Math.max(i2, role.prerequisite + permission.permission);
                        _logger.fine("authorized function: " + permission.function + ", authorization = " + i);
                    }
                }
            }
        }
        _logger.fine("final authorization = " + i + ", prerequisite = " + i2);
        if (i < 0) {
            throw new AuthorizationException("OperationNotAuthorized");
        }
        if (i < 1) {
            throw new AuthorizationException("PasswordExpired");
        }
        if (i2 < 1) {
            throw new AuthorizationException("PrerequisiteNotMet");
        }
    }

    public void authorize(Service service, String str, DataBinder dataBinder, Persistence persistence) throws AuthorizationException {
        try {
            List<Role> authenticate = this._authenticator.authenticate(dataBinder);
            if (authenticate.size() <= 0) {
                throw new AuthorizationException("InvalidCredential");
            }
            authorize(str, authenticate);
        } catch (Exception e) {
            _logger.log(Level.WARNING, "Unexpected", (Throwable) e);
            throw new AuthorizationException(e.getMessage(), e);
        } catch (AuthorizationException e2) {
            throw e2;
        }
    }
}
