package org.codehaus.plexus.redback.authorization.rbac;

import java.util.List;
import java.util.Map;
import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.redback.authorization.AuthorizationDataSource;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.authorization.AuthorizationResult;
import org.codehaus.plexus.redback.authorization.Authorizer;
import org.codehaus.plexus.redback.authorization.NotAuthorizedException;
import org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluationException;
import org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator;
import org.codehaus.plexus.redback.configuration.UserConfiguration;
import org.codehaus.plexus.redback.rbac.Permission;
import org.codehaus.plexus.redback.rbac.RBACManager;
import org.codehaus.plexus.redback.rbac.RbacManagerException;
import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserManager;
import org.codehaus.plexus.redback.users.UserNotFoundException;

/* loaded from: input_file:org/codehaus/plexus/redback/authorization/rbac/RbacAuthorizer.class */
public class RbacAuthorizer extends AbstractLogEnabled implements Authorizer {
    private RBACManager manager;
    private UserManager userManager;
    private PermissionEvaluator evaluator;
    private UserConfiguration config;

    public String getId() {
        return "RBAC Authorizer - " + getClass().getName();
    }

    public AuthorizationResult isAuthorized(AuthorizationDataSource authorizationDataSource) throws AuthorizationException {
        Object principal = authorizationDataSource.getPrincipal();
        Object permission = authorizationDataSource.getPermission();
        Object resource = authorizationDataSource.getResource();
        if (principal != null) {
            try {
                Map assignedPermissionMap = this.manager.getAssignedPermissionMap(principal.toString());
                if (assignedPermissionMap.keySet().contains(permission.toString())) {
                    for (Permission permission2 : (List) assignedPermissionMap.get(permission.toString())) {
                        if (this.evaluator.evaluate(permission2, permission, resource, principal)) {
                            return new AuthorizationResult(true, permission2, (Exception) null);
                        }
                    }
                }
            } catch (UserNotFoundException e) {
                return new AuthorizationResult(false, (Object) null, new NotAuthorizedException("no matching permissions, guest not found"));
            } catch (RbacManagerException e2) {
                return new AuthorizationResult(false, (Object) null, e2);
            } catch (PermissionEvaluationException e3) {
                return new AuthorizationResult(false, (Object) null, e3);
            } catch (RbacObjectNotFoundException e4) {
                return new AuthorizationResult(false, (Object) null, e4);
            }
        }
        User guestUser = this.userManager.getGuestUser();
        if (!guestUser.isLocked()) {
            Map assignedPermissionMap2 = this.manager.getAssignedPermissionMap(guestUser.getPrincipal().toString());
            if (assignedPermissionMap2.keySet().contains(permission.toString())) {
                for (Permission permission3 : (List) assignedPermissionMap2.get(permission.toString())) {
                    getLogger().debug("checking permission " + permission3.getName());
                    if (this.evaluator.evaluate(permission3, permission, resource, guestUser.getPrincipal())) {
                        return new AuthorizationResult(true, permission3, (Exception) null);
                    }
                }
            }
        }
        return new AuthorizationResult(false, (Object) null, new NotAuthorizedException("no matching permissions"));
    }
}
