package de.mhus.lib.core.aaa;

import de.mhus.lib.annotations.generic.Public;
import de.mhus.lib.annotations.lang.Function0;
import de.mhus.lib.core.M;
import de.mhus.lib.core.MApi;
import de.mhus.lib.core.MCast;
import de.mhus.lib.core.MCollection;
import de.mhus.lib.core.MPassword;
import de.mhus.lib.core.MString;
import de.mhus.lib.core.cache.CacheConfig;
import de.mhus.lib.core.cache.ICache;
import de.mhus.lib.core.cache.ICacheService;
import de.mhus.lib.core.cfg.CfgBoolean;
import de.mhus.lib.core.cfg.CfgInt;
import de.mhus.lib.core.cfg.CfgLong;
import de.mhus.lib.core.cfg.CfgString;
import de.mhus.lib.core.logging.ITracer;
import de.mhus.lib.core.logging.Log;
import de.mhus.lib.core.security.TrustApi;
import de.mhus.lib.core.util.Value;
import io.opentracing.Scope;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.UUID;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.ShiroException;
import org.apache.shiro.UnavailableSecurityManagerException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.BearerToken;
import org.apache.shiro.authc.SimpleAccount;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresGuest;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.authz.annotation.RequiresUser;
import org.apache.shiro.authz.aop.AuthenticatedAnnotationHandler;
import org.apache.shiro.authz.aop.AuthorizingAnnotationHandler;
import org.apache.shiro.authz.aop.GuestAnnotationHandler;
import org.apache.shiro.authz.aop.PermissionAnnotationHandler;
import org.apache.shiro.authz.aop.RoleAnnotationHandler;
import org.apache.shiro.authz.aop.UserAnnotationHandler;
import org.apache.shiro.authz.permission.WildcardPermission;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;

/* loaded from: input_file:de/mhus/lib/core/aaa/Aaa.class */
public class Aaa {
    public static final String READ = "read";
    public static final String CREATE = "create";
    public static final String UPDATE = "update";
    public static final String DELETE = "delete";
    public static final String VIEW = "view";
    public static final String ADMIN = "admin";
    private static final String ATTR_LOCALE = "locale";
    public static final String TICKET_PREFIX_TRUST = "tru";
    public static final String TICKET_PREFIX_ACCOUNT = "acc";
    public static final String TICKET_PREFIX_BEARER = "jwt";
    private static ICache<String, Boolean> accessCacheApi;
    private static Subject GUEST_SUBJECT;
    private static boolean doInitGuestSubject;
    public static final CfgString USER_ADMIN = new CfgString(AccessApi.class, "adminUser", "admin");
    public static final CfgString USER_GUEST = new CfgString(AccessApi.class, "guestUser", "guest");
    private static final CfgBoolean CFG_USE_ACCESS_CACHE = new CfgBoolean(AccessApi.class, "accessCacheEnabled", false);
    private static final CfgInt CFG_ACCESS_CACHE_SIZE = new CfgInt(AccessApi.class, "accessCacheSize", 1000000);
    private static final CfgLong CFG_ACCESS_CACHE_TTL = new CfgLong(AccessApi.class, "accessCacheTTL", 900000);
    private static final Log log = Log.getLog(Aaa.class);
    public static final CfgString ROLE_ADMIN = new CfgString(AccessApi.class, "adminRole", "GLOBAL_ADMIN");
    public static final Object CURRENT_PRINCIPAL_OR_GUEST = new Object() { // from class: de.mhus.lib.core.aaa.Aaa.1
        public String toString() {
            return Aaa.getPrincipalOrGuest();
        }
    };
    public static Map<String, AuthorizingAnnotationHandler> shiroAnnotations = Collections.unmodifiableMap(MCollection.asMap(RequiresPermissions.class.getCanonicalName(), new PermissionAnnotationHandler(), RequiresRoles.class.getCanonicalName(), new RoleAnnotationHandler(), RequiresAuthentication.class.getCanonicalName(), new AuthenticatedAnnotationHandler(), RequiresUser.class.getCanonicalName(), new UserAnnotationHandler(), RequiresGuest.class.getCanonicalName(), new GuestAnnotationHandler(), Public.class.getCanonicalName(), new PublicAnnotationHandler()));
    public static final SimpleAccount ACCOUNT_ADMIN = new SimpleAccount(USER_ADMIN.value(), UUID.randomUUID().toString(), "");
    public static final SimpleAccount ACCOUNT_GUEST = new SimpleAccount(USER_GUEST.value(), UUID.randomUUID().toString(), "");
    private static final CfgString PERMS_GUEST_INT = (CfgString) new CfgString(AccessApi.class, "permsGuestInt", "de.mhus.lib.core.aaa.TrustedToken:admin:de.mhus.karaf.commands.impl.CmdAccessAdmin;de.mhus.lib.core.aaa.TrustedToken:*:de.mhus.karaf.commands.impl.CmdAccessLogin;de.mhus.lib.core.aaa.TrustedToken:*:de.mhus.lib.core.schedule.SchedulerJob;de.mhus.lib.core.aaa.TrustedToken:*:de.mhus.osgi.dev.dev.CmdAccessTool;de.mhus.lib.core.aaa.TrustedToken:*:de.mhus.lib.jms.ServerJms;de.mhus.lib.core.aaa.TrustedToken:*:de.mhus.lib.core.aaa.TrustedAaa;de.mhus.lib.core.aaa.TrustedToken:*:de.mhus.rest.core.impl.RestServlet").updateAction(str -> {
        updateGuestPerms();
    });
    public static final CfgString PERMS_GUEST = (CfgString) new CfgString(AccessApi.class, "permsGuest", "").updateAction(str -> {
        updateGuestPerms();
    });
    public static final CfgString ROLES_GUEST = (CfgString) new CfgString(AccessApi.class, "rolesGuest", "").updateAction(str -> {
        if (str != null) {
            HashSet hashSet = new HashSet();
            for (String str : str.split(";")) {
                if (MString.isSetTrim(str)) {
                    hashSet.add(str.trim());
                }
            }
            ACCOUNT_GUEST.setRoles(hashSet);
        }
    });
    public static final CfgString ROLES_ADMIN = (CfgString) new CfgString(AccessApi.class, "rolesAdmin", "").updateAction(str -> {
        if (str != null) {
            HashSet hashSet = new HashSet();
            hashSet.add(ROLE_ADMIN.value());
            for (String str : str.split(";")) {
                if (MString.isSetTrim(str)) {
                    hashSet.add(str.trim());
                }
            }
            ACCOUNT_ADMIN.setRoles(hashSet);
        }
    });
    public static final CfgBoolean ADMIN_LOGIN_ALLOWED = new CfgBoolean(AccessApi.class, "allowAdminLogin", false);
    private static Subject DUMMY_SUBJECT = null;

    /* JADX INFO: Access modifiers changed from: private */
    public static synchronized void updateGuestPerms() {
        HashSet hashSet = new HashSet();
        String value = PERMS_GUEST_INT.value();
        if (MString.isSetTrim(value)) {
            for (String str : value.split(";")) {
                if (MString.isSetTrim(str)) {
                    hashSet.add(new WildcardPermission(str.trim()));
                }
            }
        }
        String value2 = PERMS_GUEST.value();
        if (MString.isSetTrim(value2)) {
            for (String str2 : value2.split(";")) {
                if (MString.isSetTrim(str2)) {
                    hashSet.add(new WildcardPermission(str2.trim()));
                }
            }
        }
        ACCOUNT_GUEST.setObjectPermissions(hashSet);
        GUEST_SUBJECT = null;
    }

    public static boolean hasAccess(Class<?> cls, String str, String str2) {
        return hasAccess(getSubject(), cls.getCanonicalName() + ":" + (str == null ? "*" : normalize(str)) + (str2 != null ? ":" + normalize(str2) : ""));
    }

    public static boolean hasAccess(String str, String str2, String str3) {
        return hasAccess(getSubject(), normalize(str) + ":" + (str2 == null ? "*" : normalize(str2)) + (str3 != null ? ":" + normalize(str3) : ""));
    }

    public static boolean hasAccess(String str) {
        return hasAccess(getSubject(), str);
    }

    public static boolean hasAccess(Subject subject, String str, String str2, String str3) {
        return hasAccess(subject, normalize(str) + ":" + (str2 == null ? "*" : normalize(str2)) + (str3 != null ? ":" + normalize(str3) : ""));
    }

    public static boolean hasAccess(Subject subject, Class<?> cls, String str, String str2) {
        return hasAccess(subject, cls.getCanonicalName() + ":" + (str == null ? "*" : normalize(str)) + (str2 != null ? ":" + normalize(str2) : ""));
    }

    public static boolean hasAccess(Subject subject, String str) {
        if (subject.getPrincipal() == null) {
            subject = getGuestSubject(false);
        }
        touch(subject);
        Boolean cachedAccess = getCachedAccess(subject, "access", str);
        if (cachedAccess != null) {
            return cachedAccess.booleanValue();
        }
        boolean isPermitted = subject.isPermitted(str);
        doCacheAccess(subject, "access", str, isPermitted);
        return isPermitted;
    }

    private static synchronized Subject getGuestSubject(boolean z) {
        if (GUEST_SUBJECT == null || !isPrincipal(GUEST_SUBJECT, z)) {
            if (z) {
                return null;
            }
            try {
                if (doInitGuestSubject) {
                    MApi.dirtyLogDebug("Aaa.getGuestSubject prevent infinitiy loop - return null");
                    return null;
                }
                try {
                    doInitGuestSubject = true;
                    GUEST_SUBJECT = ((AccessApi) M.l(AccessApi.class)).createSubject();
                    if (GUEST_SUBJECT == null || USER_GUEST == null || USER_GUEST.value() == null) {
                        MApi.dirtyLogDebug("Aaa.getGuestSubject can't initialize guest subject - return null");
                        GUEST_SUBJECT = null;
                        doInitGuestSubject = false;
                        return null;
                    }
                    GUEST_SUBJECT.login(new TrustedToken(USER_GUEST.value()));
                    doInitGuestSubject = false;
                } catch (Throwable th) {
                    MApi.dirtyLogDebug("Aaa.getGuestSubject can't initialize guest subject - return null: " + th);
                    MApi.dirtyLogDebug(th);
                    GUEST_SUBJECT = null;
                    doInitGuestSubject = false;
                    return null;
                }
            } catch (Throwable th2) {
                doInitGuestSubject = false;
                throw th2;
            }
        }
        return GUEST_SUBJECT;
    }

    private static void doCacheAccess(Subject subject, String str, String str2, boolean z) {
        if (CFG_USE_ACCESS_CACHE.value().booleanValue()) {
            initAccessCache();
            if (accessCacheApi == null) {
                return;
            }
            accessCacheApi.put(subject.getPrincipal() + ":" + str + "@" + str2, Boolean.valueOf(z));
        }
    }

    private static synchronized void initAccessCache() {
        if (accessCacheApi != null) {
            return;
        }
        try {
            accessCacheApi = ((ICacheService) M.l(ICacheService.class)).createCache(new Aaa(), "aaaAccess", String.class, Boolean.class, new CacheConfig().setHeapSize(CFG_ACCESS_CACHE_SIZE.value().intValue()).setTTL(CFG_ACCESS_CACHE_TTL.value().longValue()));
        } catch (Throwable th) {
            MApi.dirtyLogDebug("Aaa:initAccessCache", th.toString());
        }
    }

    private static Boolean getCachedAccess(Subject subject, String str, String str2) {
        if (!CFG_USE_ACCESS_CACHE.value().booleanValue()) {
            return null;
        }
        initAccessCache();
        if (accessCacheApi == null) {
            return null;
        }
        return (Boolean) accessCacheApi.get(subject.getPrincipal() + ":" + str + "@" + str2);
    }

    public static boolean isAdmin() {
        try {
            Subject subject = getSubject();
            if (subject == null) {
                return false;
            }
            Boolean cachedAccess = getCachedAccess(subject, "admin", "");
            if (cachedAccess != null) {
                return cachedAccess.booleanValue();
            }
            boolean hasRole = subject.hasRole(ROLE_ADMIN.value());
            doCacheAccess(subject, "admin", "", hasRole);
            return hasRole;
        } catch (Throwable th) {
            log.d(th);
            return false;
        }
    }

    public static boolean isAdmin(Subject subject) {
        try {
            Boolean cachedAccess = getCachedAccess(subject, "admin", "");
            if (cachedAccess != null) {
                return cachedAccess.booleanValue();
            }
            boolean hasRole = subject.hasRole(ROLE_ADMIN.value());
            doCacheAccess(subject, "admin", "", hasRole);
            return hasRole;
        } catch (Throwable th) {
            log.d(th);
            return false;
        }
    }

    public static Subject getSubject() {
        try {
            SecurityUtils.getSecurityManager();
            return SecurityUtils.getSubject();
        } catch (UnavailableSecurityManagerException e) {
            MApi.dirtyLogDebug(e.toString());
            return null;
        } catch (UnknownSessionException e2) {
            ((AccessApi) M.l(AccessApi.class)).destroySession();
            return null;
        } catch (Throwable th) {
            log.d(th);
            return null;
        }
    }

    public static boolean isAuthenticated() {
        try {
            Subject subject = getSubject();
            if (subject != null) {
                if (subject.isAuthenticated()) {
                    return true;
                }
            }
            return false;
        } catch (UnknownSessionException e) {
            ((AccessApi) M.l(AccessApi.class)).destroySession();
            return false;
        } catch (Throwable th) {
            log.d(th);
            return false;
        }
    }

    public static String getPrincipal() {
        try {
            Subject subject = getSubject();
            if (subject == null) {
                return null;
            }
            return getPrincipal(subject);
        } catch (UnknownSessionException e) {
            ((AccessApi) M.l(AccessApi.class)).destroySession();
            return null;
        } catch (Throwable th) {
            log.d(th);
            return null;
        }
    }

    public static String getPrincipalOrGuest() {
        String principal;
        try {
            Subject subject = getSubject();
            if (subject != null && (principal = getPrincipal(subject)) != null) {
                return principal;
            }
            return USER_GUEST.value();
        } catch (UnknownSessionException e) {
            ((AccessApi) M.l(AccessApi.class)).destroySession();
            return USER_GUEST.value();
        } catch (Throwable th) {
            log.d(th);
            return USER_GUEST.value();
        }
    }

    public static String getPrincipal(Subject subject) {
        try {
            Object principal = subject.getPrincipal();
            if (principal == null) {
                return null;
            }
            return String.valueOf(principal);
        } catch (UnknownSessionException e) {
            ((AccessApi) M.l(AccessApi.class)).destroySession();
            return null;
        }
    }

    public static boolean isPrincipal(Subject subject, boolean z) {
        if (subject == null) {
            return false;
        }
        try {
            return subject.getPrincipal() != null;
        } catch (UnknownSessionException e) {
            if (z) {
                return false;
            }
            ((AccessApi) M.l(AccessApi.class)).destroySession();
            return false;
        }
    }

    public static String toString(Subject subject) {
        if (subject == null) {
            return "[null]";
        }
        if (!subject.isAuthenticated()) {
            return USER_GUEST.value();
        }
        Object principal = subject.getPrincipal();
        return principal == null ? "[?]" : String.valueOf(principal);
    }

    public static void subjectCleanup() {
        ThreadContext.remove();
    }

    public static SubjectEnvironment asAdmin() {
        return asSubject(createSubjectWithoutCheck(USER_ADMIN.value()));
    }

    public static SubjectEnvironment asSubject(String str) {
        if (str == null) {
            str = USER_GUEST.value();
        }
        return asSubject(createSubjectWithoutCheck(str));
    }

    public static SubjectEnvironment asSubject(Subject subject) {
        Scope enter = ITracer.get().enter("asSubject " + subject.getPrincipal(), "username", subject.getPrincipal());
        Subject subject2 = ThreadContext.getSubject();
        ThreadContext.bind(subject);
        return new SubjectEnvironment(subject, subject2, enter);
    }

    public static SubjectEnvironment asSubjectWithoutTracing(Subject subject) {
        Subject subject2 = ThreadContext.getSubject();
        ThreadContext.bind(subject);
        return new SubjectEnvironment(subject, subject2, null);
    }

    public static SubjectEnvironment asSubjectOrAnonymous(Subject subject) {
        if (subject == null) {
            if (DUMMY_SUBJECT == null) {
                DUMMY_SUBJECT = createNewSubject();
            }
            subject = DUMMY_SUBJECT;
        }
        Scope enter = ITracer.get().enter("asSubject " + subject.getPrincipal(), "username", subject.getPrincipal());
        Subject subject2 = ThreadContext.getSubject();
        ThreadContext.bind(subject);
        return new SubjectEnvironment(subject, subject2, enter);
    }

    public static Collection<Realm> getRealms() {
        try {
            return ((AccessApi) M.l(AccessApi.class)).getSecurityManager().getRealms();
        } catch (Throwable th) {
            log.d(th);
            return Collections.emptyList();
        }
    }

    public static PrincipalData loadPrincipalDataFromRealm(Subject subject) {
        Map<String, String> userData;
        if (!subject.isAuthenticated()) {
            return null;
        }
        Iterator<Realm> it = getRealms().iterator();
        while (it.hasNext()) {
            PrincipalDataRealm principalDataRealm = (Realm) it.next();
            if ((principalDataRealm instanceof PrincipalDataRealm) && (userData = principalDataRealm.getUserData(subject)) != null) {
                userData.put(PrincipalData.NAME, String.valueOf(subject.getPrincipal()));
                if (!userData.containsKey(PrincipalData.DISPLAY_NAME)) {
                    userData.put(PrincipalData.DISPLAY_NAME, String.valueOf(subject.getPrincipal()));
                }
                return new MutablePrincipalData(userData);
            }
        }
        return null;
    }

    public static void loadPrincipalData(Subject subject) {
        synchronized (subject) {
            if (subject.getSession().getAttribute(PrincipalData.SESSION_KEY) == null) {
                PrincipalData loadPrincipalDataFromRealm = loadPrincipalDataFromRealm(subject);
                if (loadPrincipalDataFromRealm == null) {
                    HashMap hashMap = new HashMap();
                    hashMap.put(PrincipalData.NAME, String.valueOf(subject.getPrincipal()));
                    hashMap.put(PrincipalData.DISPLAY_NAME, String.valueOf(subject.getPrincipal()));
                    loadPrincipalDataFromRealm = new PrincipalData(hashMap);
                }
                subject.getSession().setAttribute(PrincipalData.SESSION_KEY, loadPrincipalDataFromRealm);
            }
        }
    }

    public static PrincipalData getPrincipalData(Subject subject) {
        loadPrincipalData(subject);
        return (PrincipalData) subject.getSession().getAttribute(PrincipalData.SESSION_KEY);
    }

    public static PrincipalData getPrincipalData() {
        return getPrincipalData(getSubject());
    }

    public static Subject createSubjectFromSessionId(String str) {
        return new Subject.Builder().sessionId(str).buildSubject();
    }

    public static String getSessionId(boolean z) {
        Session session = getSubject().getSession(z);
        if (session == null) {
            return null;
        }
        return String.valueOf(session.getId());
    }

    public static boolean isPermitted(String str, String str2, String str3) {
        Subject subject = getSubject();
        if (subject == null) {
            subject = getGuestSubject(false);
        }
        return isPermitted(subject, str, str2, str3);
    }

    public static boolean isPermitted(Subject subject, String str, String str2, String str3) {
        touch(subject);
        if (subject == null) {
            return false;
        }
        try {
            StringBuilder append = new StringBuilder().append(normalizeWildcardPart(str));
            if (str2 != null || str3 != null) {
                if (str2 == null) {
                    append.append(":*");
                } else {
                    append.append(':').append(normalizeWildcardPart(str2));
                }
                if (str3 != null) {
                    append.append(':').append(normalizeWildcardPart(str3));
                }
            }
            return subject.isPermitted(new WildcardPermission(append.toString()));
        } catch (Throwable th) {
            log.d(th);
            return false;
        }
    }

    private static String normalizeWildcardPart(String str) {
        return str == null ? "*" : str.indexOf(58) < 0 ? str : str.replace(':', '_');
    }

    public static boolean isPermitted(String str) {
        Subject subject = getSubject();
        if (subject == null) {
            subject = getGuestSubject(false);
        }
        return isPermitted(subject, str);
    }

    public static boolean isPermitted(Subject subject, String str) {
        touch(subject);
        try {
            return subject.isPermitted(new WildcardPermission(str));
        } catch (Throwable th) {
            log.d(th);
            return false;
        }
    }

    public static Locale getLocale() {
        return getLocale(getSubject());
    }

    public static Locale getLocale(Subject subject) {
        Session session;
        Object attribute;
        if (subject != null && (session = subject.getSession(false)) != null && (attribute = session.getAttribute(ATTR_LOCALE)) != null) {
            if (attribute instanceof Locale) {
                return (Locale) attribute;
            }
            if (attribute instanceof String) {
                return Locale.forLanguageTag((String) attribute);
            }
        }
        return Locale.getDefault();
    }

    public static void setLocale(Locale locale) {
        setLocale(getSubject(), locale);
    }

    public static void setLocale(Subject subject, Locale locale) {
        if (subject == null) {
            return;
        }
        subject.getSession().setAttribute(ATTR_LOCALE, locale);
    }

    public static void setLocale(Subject subject, String str) {
        if (subject == null) {
            return;
        }
        subject.getSession().setAttribute(ATTR_LOCALE, Locale.forLanguageTag(str));
    }

    public static Object getSessionAttribute(String str) {
        Subject subject = getSubject();
        if (subject == null) {
            subject = getGuestSubject(false);
        }
        Session session = subject.getSession(false);
        if (session == null) {
            return null;
        }
        Object attribute = session.getAttribute(str);
        if (attribute != null) {
            return attribute;
        }
        if (((PrincipalData) session.getAttribute(PrincipalData.SESSION_KEY)) != null) {
        }
        return null;
    }

    public static String getSessionAttribute(String str, String str2) {
        Object sessionAttribute = getSessionAttribute(str);
        return sessionAttribute == null ? str2 : sessionAttribute instanceof String ? (String) sessionAttribute : String.valueOf(sessionAttribute);
    }

    public static Object getSessionAttribute(Subject subject, String str) {
        Session session;
        if (subject == null || (session = subject.getSession(false)) == null) {
            return null;
        }
        Object attribute = session.getAttribute(str);
        if (attribute != null) {
            return attribute;
        }
        if (((PrincipalData) session.getAttribute(PrincipalData.SESSION_KEY)) != null) {
        }
        return null;
    }

    public static String getSessionAttribute(Subject subject, String str, String str2) {
        Object sessionAttribute = getSessionAttribute(subject, str);
        return sessionAttribute == null ? str2 : sessionAttribute instanceof String ? (String) sessionAttribute : String.valueOf(sessionAttribute);
    }

    public static void setSessionAttribute(String str, Object obj) {
        Subject subject = getSubject();
        if (subject == null) {
            return;
        }
        subject.getSession().setAttribute(str, obj);
    }

    public static void setSessionAttribute(Subject subject, String str, Object obj) {
        if (subject == null) {
            return;
        }
        subject.getSession().setAttribute(str, obj);
    }

    public static boolean login(Subject subject, String str, String str2, boolean z, Locale locale) {
        try {
            try {
                subject.getSession(true).getAttributeKeys();
            } catch (Throwable th) {
                log.w(th);
            }
        } catch (UnknownSessionException e) {
            subject.logout();
        }
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(str, MPassword.decode(str2));
        usernamePasswordToken.setRememberMe(z);
        try {
            subject.login(usernamePasswordToken);
            loadPrincipalData(subject);
            if (locale == null) {
                return true;
            }
            setLocale(locale);
            return true;
        } catch (AuthenticationException e2) {
            log.d(e2);
            return false;
        }
    }

    public static String createAccountTicket(String str, String str2) {
        return "acc:" + str + ":" + MPassword.encode(str2);
    }

    public static Subject login(String str) {
        return (Subject) properEnvironment(() -> {
            AuthenticationToken createToken = createToken(str);
            Subject createSubject = ((AccessApi) M.l(AccessApi.class)).createSubject();
            createSubject.login(createToken);
            return createSubject;
        }, false);
    }

    public static void login(Subject subject, AuthenticationToken authenticationToken) {
        properEnvironment(() -> {
            subject.login(authenticationToken);
            return null;
        }, false);
    }

    public static AuthenticationToken createToken(String str) {
        M.l(AccessApi.class);
        if (str == null) {
            throw new AuthorizationException("ticket not set");
        }
        if (str.startsWith("tru,")) {
            String[] split = str.split(MString.DEFAULT_SEPARATOR);
            str = split[0] + ":" + split[1] + ":" + split[3] + ":" + split[2];
        }
        int indexOf = str.indexOf(58);
        if (indexOf < 0) {
            throw new AuthorizationException("ticket not valide (3)");
        }
        String substring = str.substring(0, indexOf);
        if (substring.equals(TICKET_PREFIX_TRUST)) {
            if (str.split(":", 4).length != 4) {
                throw new AuthorizationException("ticket not valide (1)");
            }
            return ((TrustApi) M.l(TrustApi.class)).createToken(str.substring(indexOf + 1));
        }
        if (!substring.equals(TICKET_PREFIX_ACCOUNT)) {
            if (substring.equals(TICKET_PREFIX_BEARER)) {
                return new BearerToken(str.substring(indexOf + 1));
            }
            throw new AuthorizationException("unknown ticket type");
        }
        String[] split2 = str.split(":", 3);
        if (split2.length != 3) {
            throw new AuthorizationException("ticket not valide (2)");
        }
        return new UsernamePasswordToken(split2[1], MPassword.decode(split2[2]));
    }

    public static Subject createSubjectWithoutCheck(String str) {
        Scope enter = ITracer.get().enter("createSubjectWithoutCheck " + str, "username", str);
        try {
            Subject subject = (Subject) properEnvironment(() -> {
                Subject createSubject = ((AccessApi) M.l(AccessApi.class)).createSubject();
                createSubject.login(new TrustedToken(str));
                return createSubject;
            }, false);
            if (enter != null) {
                enter.close();
            }
            return subject;
        } catch (Throwable th) {
            if (enter != null) {
                try {
                    enter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static boolean hasRole(String str) {
        Subject subject = getSubject();
        if (subject.getPrincipal() == null) {
            subject = getGuestSubject(false);
        }
        touch(subject);
        return subject.hasRole(str);
    }

    public static boolean hasRole(Subject subject, String str) {
        if (subject.getPrincipal() == null) {
            subject = getGuestSubject(false);
        }
        return subject.hasRole(str);
    }

    public static boolean hasPermission(Subject subject, Class<?> cls) {
        return hasPermission(subject, cls.getAnnotations());
    }

    public static boolean hasPermission(Subject subject, Method method) {
        return hasPermission(subject, method.getAnnotations());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static boolean hasPermission(Subject subject, Annotation[] annotationArr) {
        if (subject.getPrincipal() == null) {
            subject = getGuestSubject(false);
        }
        touch(subject);
        Value value = new Value(true);
        subject.execute(() -> {
            try {
                for (Annotation annotation : annotationArr) {
                    AuthorizingAnnotationHandler authorizingAnnotationHandler = shiroAnnotations.get(annotation.getClass().getCanonicalName());
                    if (authorizingAnnotationHandler != null) {
                        authorizingAnnotationHandler.assertAuthorized(annotation);
                    }
                }
            } catch (AuthorizationException e) {
                value.value = false;
            }
        });
        return ((Boolean) value.value).booleanValue();
    }

    public static void checkPermission(Object obj) throws AuthorizationException {
        if (obj == null) {
            return;
        }
        checkPermission(obj.getClass());
    }

    public static void checkPermission(Class<?> cls) throws AuthorizationException {
        checkPermission(cls.getAnnotations());
    }

    public static void checkPermission(Method method) throws AuthorizationException {
        checkPermission(method.getAnnotations());
    }

    public static void checkPermission(Annotation[] annotationArr) throws AuthorizationException {
        touch();
        properEnvironment(() -> {
            for (Annotation annotation : annotationArr) {
                AuthorizingAnnotationHandler authorizingAnnotationHandler = shiroAnnotations.get(annotation.annotationType().getCanonicalName());
                if (authorizingAnnotationHandler != null) {
                    authorizingAnnotationHandler.assertAuthorized(annotation);
                }
            }
            return null;
        }, true);
    }

    public static <R> R properEnvironment(Function0<R> function0, boolean z) {
        Subject guestSubject;
        if (!isPrincipal(getSubject(), z) && (guestSubject = getGuestSubject(z)) != null) {
            SubjectEnvironment asSubjectWithoutTracing = asSubjectWithoutTracing(guestSubject);
            try {
                R r = (R) function0.apply();
                if (asSubjectWithoutTracing != null) {
                    asSubjectWithoutTracing.close();
                }
                return r;
            } catch (Throwable th) {
                if (asSubjectWithoutTracing != null) {
                    try {
                        asSubjectWithoutTracing.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        return (R) function0.apply();
    }

    public static boolean isAnnotated(Class<?> cls) {
        return isAnnotated(cls.getAnnotations());
    }

    public static boolean isAnnotated(Method method) {
        return isAnnotated(method.getAnnotations());
    }

    public static boolean isAnnotated(Annotation[] annotationArr) {
        for (Annotation annotation : annotationArr) {
            if (shiroAnnotations.get(annotation.annotationType().getCanonicalName()) != null) {
                return true;
            }
        }
        return false;
    }

    public static String createBearerToken(Subject subject, String str) throws ShiroException {
        Iterator<Realm> it = getRealms().iterator();
        while (it.hasNext()) {
            BearerRealm bearerRealm = (Realm) it.next();
            if (bearerRealm instanceof BearerRealm) {
                return bearerRealm.createBearerToken(getSubject(), str);
            }
        }
        return null;
    }

    public static String createBearerToken(Subject subject, String str, BearerConfiguration bearerConfiguration) throws ShiroException {
        Iterator<Realm> it = getRealms().iterator();
        while (it.hasNext()) {
            BearerRealm bearerRealm = (Realm) it.next();
            if (bearerRealm instanceof BearerRealm) {
                return bearerRealm.createBearerToken(getSubject(), str, bearerConfiguration);
            }
        }
        return null;
    }

    public static boolean hasAccessByList(String str, Subject subject, String str2) {
        return hasAccessByList((List<String>) MCollection.toList(str.split(";")), subject, str2);
    }

    public static boolean hasAccessByList(List<String> list, Subject subject, String str) {
        boolean z = false;
        if (subject.getPrincipal() == null) {
            subject = getGuestSubject(false);
        }
        String principal = getPrincipal(subject);
        Iterator<String> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String trim = it.next().trim();
            if (trim.length() != 0) {
                if (trim.startsWith("policy:")) {
                    z = MCast.toboolean(trim.substring(7), z);
                } else if (trim.startsWith("user:")) {
                    if (trim.substring(5).equals(principal)) {
                        log.d("access granted", str, trim);
                        z = true;
                        break;
                    }
                } else if (trim.startsWith("notuser:")) {
                    if (trim.substring(8).equals(principal)) {
                        log.d("access denied", str, trim);
                        z = false;
                        break;
                    }
                } else if (trim.startsWith("not:")) {
                    if (subject.hasRole(trim.substring(4))) {
                        log.d("access denied", str, trim);
                        z = false;
                        break;
                    }
                } else {
                    if (trim.equals("*")) {
                        log.d("access granted", str, trim);
                        z = true;
                        break;
                    }
                    if (subject.hasRole(trim)) {
                        log.d("access granted", str, trim);
                        z = true;
                        break;
                    }
                }
            }
        }
        return z;
    }

    public static boolean isPermitted(List<String> list, Class<?> cls, String str, Object obj) {
        return isPermitted(list, cls == null ? null : cls.getCanonicalName(), str, obj == null ? null : obj.toString());
    }

    public static boolean isPermitted(List<String> list, String str, String str2, String str3) {
        Subject subject = getSubject();
        touch(subject);
        String principal = getPrincipal(subject);
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String trim = it.next().trim();
            if (!trim.isEmpty() && !trim.startsWith("#")) {
                if (trim.equals("authenticated")) {
                    if (!subject.isAuthenticated()) {
                        return false;
                    }
                } else if (trim.equals("!authenticated")) {
                    if (subject.isAuthenticated()) {
                        return false;
                    }
                } else if (trim.startsWith("user:")) {
                    if (!trim.substring(5).equals(principal)) {
                        return false;
                    }
                } else if (trim.startsWith("!user:")) {
                    if (trim.substring(6).equals(principal)) {
                        return false;
                    }
                } else if (trim.startsWith("role:")) {
                    if (!subject.hasRole(trim.substring(5))) {
                        return false;
                    }
                } else if (trim.startsWith("!role:")) {
                    if (subject.hasRole(trim.substring(6))) {
                        return false;
                    }
                } else if (trim.startsWith("permission:")) {
                    if (!subject.isPermitted(new WildcardPermission(replacePermission(trim.substring(11), str, str2, str3)))) {
                        return false;
                    }
                } else if (trim.startsWith("!permission:") && subject.isPermitted(new WildcardPermission(replacePermission(trim.substring(12), str, str2, str3)))) {
                    return false;
                }
            }
        }
        return true;
    }

    private static String replacePermission(String str, String str2, String str3, String str4) {
        if (!str.contains("${")) {
            return str;
        }
        String normalizeWildcardPart = normalizeWildcardPart(str2);
        String normalizeWildcardPart2 = normalizeWildcardPart(str3);
        return str.replaceAll("\\${permission}", normalizeWildcardPart).replaceAll("\\${level}", normalizeWildcardPart2).replaceAll("\\${instance}", normalizeWildcardPart(str4));
    }

    public static String normalize(String str) {
        return str == null ? "" : str.contains(":") ? str.replace(':', '_') : str;
    }

    public static Subject createNewSubject() {
        return ((AccessApi) M.l(AccessApi.class)).createSubject();
    }

    public static Collection<String> getPerms(Subject subject) {
        return TrustedAaa.getPerms(subject);
    }

    public static void touch() {
        Session session;
        try {
            Subject subject = getSubject();
            if (subject == null || (session = subject.getSession(false)) == null) {
                return;
            }
            session.touch();
        } catch (Throwable th) {
            log.d(th);
        }
    }

    public static void touch(Subject subject) {
        if (subject == null) {
            return;
        }
        try {
            Session session = subject.getSession(false);
            if (session == null) {
                return;
            }
            session.touch();
        } catch (Throwable th) {
            log.d(th);
        }
    }

    public static Collection<String> getRoles(String str) {
        SimpleAccount subjectFromRealm = getSubjectFromRealm(str);
        return (subjectFromRealm == null || !(subjectFromRealm instanceof SimpleAccount)) ? M.EMPTY_LIST : subjectFromRealm.getRoles();
    }

    private static AuthenticationInfo getSubjectFromRealm(String str) {
        AuthenticationInfo authenticationInfo;
        for (Realm realm : SecurityUtils.getSecurityManager().getRealms()) {
            try {
                authenticationInfo = realm.getAuthenticationInfo(new TrustedToken(str));
            } catch (Throwable th) {
                log.d(str, realm, th);
            }
            if (authenticationInfo != null) {
                return authenticationInfo;
            }
        }
        return null;
    }

    static {
        ACCOUNT_ADMIN.addStringPermission("*");
        ROLES_ADMIN.doUpdateAction();
        PERMS_GUEST.doUpdateAction();
        ROLES_GUEST.doUpdateAction();
    }
}
