package de.tsl2.nano.serviceaccess;

import de.tsl2.nano.core.ENV;
import de.tsl2.nano.core.Messages;
import de.tsl2.nano.core.log.LogFactory;
import de.tsl2.nano.core.serialize.XmlUtil;
import de.tsl2.nano.serviceaccess.aas.principal.APermission;
import de.tsl2.nano.serviceaccess.aas.principal.Role;
import de.tsl2.nano.serviceaccess.aas.principal.UserPrincipal;
import java.io.File;
import java.security.Principal;
import javax.security.auth.Subject;
import org.apache.commons.logging.Log;

/* loaded from: input_file:tsl2.nano.serviceaccess-2.1.1.jar:de/tsl2/nano/serviceaccess/Authorization.class */
public class Authorization implements IAuthorization {
    private static final Log LOG = LogFactory.getLog(IAuthorization.class);
    Subject subject;

    public Authorization(Subject subject) {
        this.subject = subject;
        LOG.info("authorization with subject:\n" + subject);
    }

    public static Authorization create(String str, boolean z) {
        Subject subject = new Subject();
        String str2 = ENV.getConfigPath() + str + "-permissons.xml";
        if (new File(str2).canRead()) {
            subject.getPrincipals().addAll(((Subject) XmlUtil.loadXml(str2, Subject.class)).getPrincipals());
        } else {
            if (!((Boolean) ENV.get("service.autorization.new.createdefault", true)).booleanValue()) {
                throw new IllegalArgumentException("User '" + str + "' not known!");
            }
            subject.getPrincipals().add(new UserPrincipal(str));
            if (!z) {
                subject.getPrincipals().add(new Role("admin", new APermission("*", "*")));
            }
            try {
                XmlUtil.saveXml(str2, subject);
            } catch (Exception e) {
                LOG.error("Couldn't save authorization info in file '" + str2 + "'", e);
            }
        }
        return new Authorization(subject);
    }

    @Override // de.tsl2.nano.serviceaccess.IAuthorization
    public boolean hasAccess(String str, String str2) {
        boolean hasAccess = new APermission(str, str2).hasAccess(getSubject());
        if (!hasAccess) {
            LOG.warn("permission for '" + str + "(" + (str2 == null ? "execute" : str2) + ")' not availabe!");
        }
        return hasAccess;
    }

    @Override // de.tsl2.nano.serviceaccess.IAuthorization
    public boolean hasRole(String str) {
        return hasPrincipal(new Role(str));
    }

    public void checkPrincipal(Principal principal) {
        if (!hasPrincipal(principal)) {
            throw new SecurityException(Messages.getFormattedString(Messages.getString("tsl2nano.login.noprincipal"), getUser(), principal.getName()));
        }
    }

    @Override // de.tsl2.nano.serviceaccess.IAuthorization
    public boolean hasPrincipal(Principal principal) {
        if (getSubject() == null) {
            LOG.warn("ServiceFactory.hasPrincipal: no subject defined!");
            return false;
        }
        boolean contains = getSubject().getPrincipals(principal.getClass()).contains(principal);
        if (!contains) {
            LOG.debug(principal.getClass().getSimpleName() + " was not set for: " + principal.getName());
        }
        return contains;
    }

    @Override // de.tsl2.nano.serviceaccess.IAuthorization
    public Object getUser() {
        UserPrincipal userPrincipal = this.subject != null ? (UserPrincipal) this.subject.getPrincipals(UserPrincipal.class).iterator().next() : null;
        return (userPrincipal == null || userPrincipal.getData() == null) ? userPrincipal.getName() : ENV.format(userPrincipal.getData());
    }

    @Override // de.tsl2.nano.serviceaccess.IAuthorization
    public Subject getSubject() {
        return this.subject;
    }

    public String toString() {
        return this.subject.toString();
    }
}
