package com.evermind.server;

import com.evermind.security.Group;
import com.evermind.security.RoleManager;
import com.evermind.security.User;
import com.evermind.security.UserAlreadyExistsException;
import com.evermind.server.deployment.EnterpriseArchive;
import com.evermind.server.deployment.SecurityRole;
import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Iterator;

/* loaded from: input_file:com/evermind/server/ApplicationRoleManager.class */
public class ApplicationRoleManager implements RoleManager {
    private Application application;

    public ApplicationRoleManager(Application application) {
        this.application = application;
    }

    @Override // com.evermind.security.RoleManager
    public Principal getPrincipal(String str) {
        return this.application.getUserManager().getUser(str);
    }

    @Override // com.evermind.security.RoleManager
    public void addToRole(Principal principal, String str) {
        User user = getUser(principal);
        SecurityRole securityRole = ((EnterpriseArchive) this.application.getConfig()).getSecurityRole(str);
        if (securityRole == null) {
            throw new IllegalArgumentException(new StringBuffer().append("No such role: ").append(str).toString());
        }
        boolean z = true;
        Iterator it = securityRole.getGroups().iterator();
        while (it.hasNext()) {
            z = false;
            Group group = this.application.getUserManager().getGroup(it.next().toString());
            if (group != null) {
                user.addToGroup(group);
            }
        }
        if (z) {
            throw new IllegalArgumentException(new StringBuffer().append("Role '").append(str).append("' is not mapped to any groups in it's <security-role-mapping>. Check your deployment configuration (orion-* file).").toString());
        }
    }

    @Override // com.evermind.security.RoleManager
    public Principal createPrincipal(String str, String str2, String str3) throws InstantiationException, UserAlreadyExistsException {
        if (str == null) {
            throw new NullPointerException("username was null");
        }
        User createUser = this.application.getUserManager().createUser(str, str2);
        if (str3 != null) {
            addToRole(createUser, str3);
        }
        return createUser;
    }

    @Override // com.evermind.security.RoleManager
    public Principal createPrincipal(String str, String str2, X509Certificate x509Certificate) throws InstantiationException, UserAlreadyExistsException {
        if (str == null) {
            throw new NullPointerException("username was null");
        }
        User createUser = this.application.getUserManager().createUser(str, str2);
        createUser.setCertificate(x509Certificate);
        return createUser;
    }

    @Override // com.evermind.security.RoleManager
    public Principal createPrincipal(String str, String str2) throws InstantiationException, UserAlreadyExistsException {
        if (str == null) {
            throw new NullPointerException("username was null");
        }
        return this.application.getUserManager().createUser(str, str2);
    }

    @Override // com.evermind.security.RoleManager
    public void remove(Principal principal) {
        this.application.getUserManager().remove(getUser(principal));
    }

    @Override // com.evermind.security.RoleManager
    public void removeFromRole(Principal principal, String str) {
        User user = getUser(principal);
        SecurityRole securityRole = ((EnterpriseArchive) this.application.getConfig()).getSecurityRole(str);
        if (securityRole == null) {
            throw new IllegalArgumentException(new StringBuffer().append("No such role: ").append(str).toString());
        }
        Iterator it = securityRole.getGroups().iterator();
        while (it.hasNext()) {
            Group group = this.application.getUserManager().getGroup(it.next().toString());
            if (group != null) {
                user.removeFromGroup(group);
            }
        }
    }

    @Override // com.evermind.security.RoleManager
    public void store() throws IOException {
        this.application.getUserManager().store();
    }

    protected User getUser(Principal principal) {
        if (principal instanceof User) {
            return (User) principal;
        }
        User user = this.application.getUserManager().getUser(principal.getName());
        if (user == null) {
            throw new IllegalArgumentException(new StringBuffer().append("No such user: ").append(principal.getName()).toString());
        }
        return user;
    }

    @Override // com.evermind.security.RoleManager
    public boolean isPrincipalInRole(Principal principal, String str) {
        User user = getUser(principal);
        SecurityRole securityRole = ((EnterpriseArchive) this.application.getConfig()).getSecurityRole(str);
        if (securityRole == null) {
            throw new IllegalArgumentException(new StringBuffer().append("No such role: ").append(str).toString());
        }
        Iterator it = securityRole.getGroups().iterator();
        while (it.hasNext()) {
            Object next = it.next();
            Group group = next instanceof Group ? (Group) it.next() : this.application.getUserManager().getGroup(next.toString());
            if (group != null && user.isMemberOf(group)) {
                return true;
            }
        }
        Iterator it2 = securityRole.getUsers().iterator();
        while (it2.hasNext()) {
            if (user.getName().equals((String) it2.next())) {
                return true;
            }
        }
        return false;
    }

    @Override // com.evermind.security.RoleManager
    public void login(String str, String str2) throws SecurityException {
        User user = this.application.getUserManager().getUser(str);
        if (user == null || !user.authenticate(str2)) {
            throw new SecurityException("Invalid username/password");
        }
        ThreadState currentState = ThreadState.getCurrentState();
        currentState.user = user;
        if (currentState.applicationThread == null || currentState.applicationThread.httpHandler == null) {
            return;
        }
        currentState.applicationThread.httpHandler.request.setRemoteUser(user);
    }
}
