package de.sep.sesam.restapi.authentication;

import com.fasterxml.jackson.annotation.JsonIgnore;
import de.sep.sesam.model.Groups;
import de.sep.sesam.model.Permissions;
import de.sep.sesam.model.Roles;
import de.sep.sesam.model.Users;
import de.sep.sesam.model.auth.SessionType;
import de.sep.sesam.model.core.AbstractSerializableObject;
import de.sep.sesam.model.core.defaults.DefaultRoleNames;
import de.sep.sesam.model.core.defaults.DefaultUserNames;
import de.sep.sesam.model.type.AuthenticationType;
import de.sep.sesam.rest.exceptions.ServiceException;
import de.sep.sesam.restapi.dao.DaoAccessor;
import de.sep.sesam.restapi.dao.GroupsDaoServer;
import de.sep.sesam.restapi.dao.PermissionsDaoServer;
import de.sep.sesam.restapi.dao.RolesDaoServer;
import de.sep.sesam.restapi.service.impl.LoginServiceImpl;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.locks.ReentrantLock;
import java.util.stream.Collectors;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:de/sep/sesam/restapi/authentication/SessionContext.class */
public final class SessionContext extends AbstractSerializableObject implements Authentication {

    @JsonIgnore
    private static final long serialVersionUID = 3038880396153348160L;
    private static final long SESSION_INACTIVE_TIMEOUT = 600000;
    public static final String SKIPRIGHT_AUTH = "SUPERUSER";
    private String id;
    private transient long lastAccess;
    private Users user;
    private List<Groups> groups;
    private String loginName;
    private SessionType sessionType;
    private AuthenticationType loginType;
    private String ip;
    private transient boolean authenticated;
    private transient DaoAccessor daos;
    private transient Collection<SimpleGrantedAuthority> authorities;
    private transient HashSet<Roles> roles;
    private transient boolean skipRights;
    private transient HashSet<String> permissionLookup;
    static final /* synthetic */ boolean $assertionsDisabled;

    public SessionContext(DaoAccessor daoAccessor, SessionType sessionType, AuthenticationType authenticationType, Users users, String str, String str2) {
        this.skipRights = false;
        if (!$assertionsDisabled && daoAccessor == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && authenticationType == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && users == null) {
            throw new AssertionError();
        }
        this.id = UUID.randomUUID().toString();
        this.lastAccess = System.currentTimeMillis();
        this.user = users;
        this.loginName = StringUtils.isNotBlank(str2) ? str2 : users.getName();
        this.authorities = new ArrayList();
        this.permissionLookup = new HashSet<>();
        this.roles = new HashSet<>();
        this.authenticated = true;
        this.ip = str;
        this.loginType = authenticationType;
        this.sessionType = sessionType;
        this.daos = daoAccessor;
        collectPermissions();
        if (CollectionUtils.containsAny(this.permissionLookup, "SUPERUSER") || LoginServiceImpl.isUnitTestMode()) {
            this.skipRights = true;
        }
        Iterator<String> it = this.permissionLookup.iterator();
        while (it.hasNext()) {
            this.authorities.add(new SimpleGrantedAuthority(it.next()));
        }
    }

    public SessionContext(SessionContext sessionContext, SessionType sessionType, Users users) {
        this.skipRights = false;
        if (!$assertionsDisabled && sessionContext == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && sessionType == null) {
            throw new AssertionError();
        }
        this.id = UUID.randomUUID().toString();
        this.lastAccess = System.currentTimeMillis();
        this.sessionType = sessionType;
        this.user = sessionContext.user;
        this.groups = sessionContext.groups;
        this.loginName = sessionContext.loginName;
        this.authorities = sessionContext.authorities;
        this.permissionLookup = sessionContext.permissionLookup;
        this.roles = sessionContext.roles;
        this.authenticated = sessionContext.authenticated;
        this.ip = sessionContext.ip;
        this.loginType = sessionContext.loginType;
        this.daos = sessionContext.daos;
        this.skipRights = sessionContext.skipRights;
        if (users != null) {
            this.user = users;
            this.groups = null;
            this.authorities = new ArrayList();
            this.permissionLookup = new HashSet<>();
            this.roles = new HashSet<>();
            collectPermissions();
            if (CollectionUtils.containsAny(this.permissionLookup, "SUPERUSER") || LoginServiceImpl.isUnitTestMode()) {
                this.skipRights = true;
            }
            Iterator<String> it = this.permissionLookup.iterator();
            while (it.hasNext()) {
                this.authorities.add(new SimpleGrantedAuthority(it.next()));
            }
        }
    }

    public void touch() {
        this.lastAccess = System.currentTimeMillis();
    }

    public String getId() {
        return this.id;
    }

    public boolean isTimedOut() {
        return this.lastAccess + SESSION_INACTIVE_TIMEOUT < System.currentTimeMillis();
    }

    public List<Groups> getGroups() {
        collectGroups();
        return this.groups;
    }

    public boolean isSkipRights() {
        return this.skipRights;
    }

    public AuthenticationType getLoginType() {
        return this.loginType;
    }

    public SessionType getSessionType() {
        return this.sessionType;
    }

    public Users getUser() {
        return this.user;
    }

    @Override // java.security.Principal
    public String getName() {
        if ($assertionsDisabled || this.user != null) {
            return this.user.getName();
        }
        throw new AssertionError();
    }

    public String getLoginName() {
        return this.loginName;
    }

    public String getIp() {
        return this.ip;
    }

    public void setIp(String str) {
        this.ip = str;
    }

    public DaoAccessor getDaos() {
        return this.daos;
    }

    public Set<Roles> getRoles() {
        return Collections.unmodifiableSet(this.roles);
    }

    @Override // org.springframework.security.core.Authentication
    public Collection<SimpleGrantedAuthority> getAuthorities() {
        return Collections.unmodifiableCollection(this.authorities);
    }

    @Override // org.springframework.security.core.Authentication
    public Object getCredentials() {
        return this.user;
    }

    @Override // org.springframework.security.core.Authentication
    public Object getDetails() {
        return this.user;
    }

    @Override // org.springframework.security.core.Authentication
    public Object getPrincipal() {
        return this.user;
    }

    @Override // org.springframework.security.core.Authentication
    public boolean isAuthenticated() {
        return this.authenticated;
    }

    @Override // org.springframework.security.core.Authentication
    public void setAuthenticated(boolean z) throws IllegalArgumentException {
        this.authenticated = z;
    }

    private void collectGroups() {
        if (!CollectionUtils.isEmpty(this.groups) || this.daos == null) {
            return;
        }
        try {
            if (this.user != null) {
                this.groups = ((GroupsDaoServer) this.daos.getService(GroupsDaoServer.class)).getGroupsByUser(this.user);
            }
        } catch (ServiceException e) {
        }
        if (CollectionUtils.isEmpty(this.groups) && StringUtils.equalsAny(getLoginName(), DefaultUserNames.ADMIN_USER, "root", DefaultUserNames.SESAM_USER)) {
            try {
                Groups byName = ((GroupsDaoServer) this.daos.getService(GroupsDaoServer.class)).getByName("SUPERUSER");
                if (byName != null) {
                    this.groups = Arrays.asList(byName);
                }
            } catch (ServiceException e2) {
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void collectPermissions() {
        if (!CollectionUtils.isEmpty(this.permissionLookup) || this.daos == null) {
            return;
        }
        ReentrantLock checkLock = LoginServiceImpl.getCheckLock();
        if (!$assertionsDisabled && checkLock == null) {
            throw new AssertionError();
        }
        try {
            checkLock.lock();
            collectGroups();
            if (CollectionUtils.isNotEmpty(this.groups)) {
                try {
                    Map<Long, Set<Long>> allMappedPermissions = ((RolesDaoServer) this.daos.getService(RolesDaoServer.class)).getAllMappedPermissions();
                    Iterator<Groups> it = this.groups.iterator();
                    while (it.hasNext()) {
                        for (Roles roles : ((RolesDaoServer) this.daos.getService(RolesDaoServer.class)).getByGroup(it.next())) {
                            this.roles.add(roles);
                            Set<Long> set = allMappedPermissions.get(roles.getId());
                            if (set != null) {
                                Iterator<Long> it2 = set.iterator();
                                while (it2.hasNext()) {
                                    this.permissionLookup.add(((Permissions) ((PermissionsDaoServer) this.daos.getService(PermissionsDaoServer.class)).get(it2.next())).getName());
                                }
                            }
                        }
                    }
                } catch (ServiceException e) {
                }
            }
            if (CollectionUtils.isEmpty(this.permissionLookup) && StringUtils.equalsAny(getLoginName(), DefaultUserNames.ADMIN_USER, "root", DefaultUserNames.SESAM_USER)) {
                this.permissionLookup.add(DefaultRoleNames.SUPERUSER_ROLE);
            }
        } finally {
            checkLock.unlock();
        }
    }

    public boolean hasAnyRole(String... strArr) {
        if (ArrayUtils.isEmpty(strArr) || isSkipRights()) {
            return true;
        }
        collectPermissions();
        Set set = null;
        if (CollectionUtils.isNotEmpty(this.roles)) {
            set = (Set) this.roles.stream().map((v0) -> {
                return v0.getName();
            }).filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).collect(Collectors.toSet());
        }
        Set emptySet = set != null ? set : Collections.emptySet();
        return Arrays.stream(strArr).filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).anyMatch(str -> {
            return CollectionUtils.containsAny(emptySet, str) || (CollectionUtils.containsAny(emptySet, DefaultRoleNames.ALL_ROLE) && !StringUtils.equalsAny(str, DefaultRoleNames.SUPERUSER_ROLE));
        });
    }

    public boolean hasAnyPermission(String... strArr) {
        if (ArrayUtils.isEmpty(strArr) || isSkipRights()) {
            return true;
        }
        collectPermissions();
        return Arrays.stream(strArr).filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).anyMatch(str -> {
            return CollectionUtils.containsAny(this.permissionLookup, str);
        });
    }

    public long getLastAccess() {
        return this.lastAccess;
    }

    static {
        $assertionsDisabled = !SessionContext.class.desiredAssertionStatus();
    }
}
