package com.enginframe.acl;

import com.enginframe.common.User;
import com.enginframe.common.service.MetadataInfo;
import com.enginframe.common.service.ServiceInfo;
import com.enginframe.common.service.Spooler;
import com.enginframe.common.utils.Utils;
import com.enginframe.common.utils.log.Log;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;

/* JADX WARN: Classes with same name are omitted:
  input_file:kernel/ef_root/WEBAPP/WEB-INF/lib/ef.jar:com/enginframe/acl/AuthorizationChecks.class
  input_file:kernel/ef_root/agent/agent.jar:com/enginframe/acl/AuthorizationChecks.class
 */
/* loaded from: input_file:com/enginframe/acl/AuthorizationChecks.class */
public final class AuthorizationChecks {
    static final ApplyACLInfo SPOOLER_READ_ALLOW_ACL = new ApplyACLInfo("admin-only, view-all-spoolers, manage-all-spoolers", "simple", ApplyACLInfo.APPLY_ACL_PRIORITY_ALLOW);
    static final ApplyACLInfo SERVICE_RUN_OS_ACTION_AS_USER_ALLOW_ACL = new ApplyACLInfo("admin-only, run-os-action-as-user", "simple", ApplyACLInfo.APPLY_ACL_PRIORITY_ALLOW);
    static final ApplyACLInfo SERVICE_RUN_AS_USER_ALLOW_ACL = new ApplyACLInfo("admin-only, run-as-user", "simple", ApplyACLInfo.APPLY_ACL_PRIORITY_ALLOW);
    static final ApplyACLInfo SPOOLER_WRITE_ALLOW_ACL = new ApplyACLInfo("admin-only, manage-all-spoolers", "simple", ApplyACLInfo.APPLY_ACL_PRIORITY_ALLOW);
    static final ApplyACLInfo PRIVILEGED_CONFIGURATION_READ_ALLOW_ACL = new ApplyACLInfo("admin-only, read-privileged-configuration", "simple", ApplyACLInfo.APPLY_ACL_PRIORITY_ALLOW);
    static final ApplyACLInfo ADMIN_ONLY_ACL = new ApplyACLInfo("admin-only", "simple", "deny");

    private AuthorizationChecks() {
    }

    private static AuthorizationManager authorizationManager() {
        return (AuthorizationManager) Utils.locate(AuthorizationManager.class);
    }

    public static void checkReadAuthorizationOnSpooler(User user, Spooler spooler) throws UnauthorizedOperationException {
        checkUserNull(user);
        if (!spooler.belongsTo(user) && !spooler.hasGuest(user.getUsername()) && !authorizationManager().check(SPOOLER_READ_ALLOW_ACL, user.getUsername(), "read")) {
            throw new UnauthorizedOperationException(String.format("User (%s) attempted to perform an unauthorized operation", user));
        }
    }

    private static void checkUserNull(User user) throws UnauthorizedOperationException {
        if (user == null) {
            throw new UnauthorizedOperationException("Cannot check authorization to perform the requested operation since it is not possible to retrieve the current user");
        }
    }

    public static void checkWriteAuthorizationOnSpooler(User user, Spooler spooler) throws UnauthorizedOperationException {
        checkUserNull(user);
        if (!spooler.belongsTo(user) && !authorizationManager().check(SPOOLER_WRITE_ALLOW_ACL, user.getUsername(), "write")) {
            throw new UnauthorizedOperationException(String.format("User (%s) attempted to perform an unauthorized operation", user));
        }
    }

    public static void checkReadAuthorizationOnSpoolerMetadata(User user, Spooler spooler, String str) throws UnauthorizedOperationException {
        checkUserNull(user);
        if (!spooler.belongsTo(user) && !canReadMetadata(user, spooler, spooler.getMetadata(str)) && !authorizationManager().check(SPOOLER_READ_ALLOW_ACL, user.getUsername(), "read")) {
            throw new UnauthorizedOperationException(String.format("User (%s) attempted to perform an unauthorized operation", user));
        }
    }

    private static boolean canReadMetadata(User user, Spooler spooler, Spooler.Metadata metadata) {
        if (metadata == null) {
            return true;
        }
        return spooler.hasGuest(user.getUsername()) && metadata.isVisibleTo(spooler.getGuest(user.getUsername()));
    }

    public static void checkRunAsUserAuthorization(User user) throws UnauthorizedOperationException {
        checkUserNull(user);
        if (!authorizationManager().check(SERVICE_RUN_OS_ACTION_AS_USER_ALLOW_ACL, user.getUsername(), "execute")) {
            throw new UnauthorizedOperationException(String.format("User (%s) attempted to perform an unauthorized operation", user));
        }
    }

    public static void checkExecuteAuthorizationOnService(User user, ServiceInfo serviceInfo) throws UnauthorizedOperationException {
        checkUserNull(user);
        if (!authorizationManager().check(serviceInfo.applyACLInfo(), user.getUsername(), "execute")) {
            throw new UnauthorizedOperationException(String.format("User (%s) not unauthorized to execute service (%s)", user, serviceInfo.getServiceId()));
        }
    }

    public static void checkExecuteAsUserAuthorization(User user) throws UnauthorizedOperationException {
        checkUserNull(user);
        if (!authorizationManager().check(SERVICE_RUN_AS_USER_ALLOW_ACL, user.getUsername(), "execute")) {
            throw new UnauthorizedOperationException(String.format("User (%s) attempted to perform an unauthorized operation", user));
        }
    }

    public static void checkReadAuthorizationOnServiceMetadata(User user, ServiceInfo serviceInfo, String str) throws UnauthorizedOperationException {
        checkUserNull(user);
        if (!authorizationManager().check(serviceInfo.applyACLInfo(), user.getUsername(), "read")) {
            throw new UnauthorizedOperationException(String.format("User (%s) attempted to perform an unauthorized operation", user));
        }
        MetadataInfo metadata = serviceInfo.getMetadata(str);
        if (metadata != null && !authorizationManager().check(metadata.applyACLInfo(), user.getUsername(), "read")) {
            throw new UnauthorizedOperationException(String.format("User (%s) attempted to perform an unauthorized operation", user));
        }
    }

    public static void checkAdminAuthorization(User user, String str) throws UnauthorizedOperationException {
        checkUserNull(user);
        if (!authorizationManager().check(ADMIN_ONLY_ACL, user.getUsername(), str)) {
            throw new UnauthorizedOperationException(String.format("User (%s) attempted to perform an unauthorized operation", user));
        }
    }

    public static void checkReadPrivilegedConfiguration(User user) throws UnauthorizedOperationException {
        checkUserNull(user);
        if (!authorizationManager().check(PRIVILEGED_CONFIGURATION_READ_ALLOW_ACL, user.getUsername(), "read")) {
            throw new UnauthorizedOperationException(String.format("User (%s) is not authorized to read EnginFrame privileged configuration settings", user));
        }
    }

    public static Collection<Spooler.Metadata> filterReadableSpoolerMetadata(User user, Spooler spooler, Log log) {
        if (user == null) {
            return Collections.emptyList();
        }
        if (!spooler.belongsTo(user) && !authorizationManager().check(SPOOLER_READ_ALLOW_ACL, user.getUsername(), "read")) {
            if (!spooler.hasGuest(user.getUsername())) {
                return Collections.emptyList();
            }
            LinkedList linkedList = new LinkedList(spooler.getAllMetadata());
            Iterator it = linkedList.iterator();
            while (it.hasNext()) {
                if (!canReadMetadata(user, spooler, (Spooler.Metadata) it.next())) {
                    it.remove();
                }
            }
            return linkedList;
        }
        return spooler.getAllMetadata();
    }

    public static Collection<MetadataInfo> filterReadableServiceMetadata(User user, ServiceInfo serviceInfo, Log log) {
        if (user != null && authorizationManager().check(serviceInfo.applyACLInfo(), user.getUsername(), "read")) {
            LinkedList linkedList = new LinkedList();
            Iterator<MetadataInfo> metadata = serviceInfo.metadata();
            while (metadata.hasNext()) {
                MetadataInfo next = metadata.next();
                if (authorizationManager().check(next.applyACLInfo(), user.getUsername(), "read")) {
                    linkedList.add(next);
                }
            }
            return linkedList;
        }
        return Collections.emptyList();
    }

    public static boolean checkAuthorization(String str, String str2, String str3) {
        return authorizationManager().check(new ApplyACLInfo(str2, "simple", "deny"), str, str3);
    }
}
