package org.commonjava.auth.shiro.couch;

import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.permission.PermissionResolver;
import org.apache.shiro.authz.permission.RolePermissionResolver;
import org.commonjava.auth.couch.data.UserDataException;
import org.commonjava.auth.couch.data.UserDataManager;
import org.commonjava.auth.shiro.couch.model.ShiroPermission;
import org.commonjava.couch.rbac.Role;
import org.commonjava.util.logging.Logger;

@Singleton
/* loaded from: input_file:WEB-INF/classes/org/commonjava/auth/shiro/couch/CouchPermissionResolver.class */
public class CouchPermissionResolver implements PermissionResolver, RolePermissionResolver {
    private final Logger logger = new Logger(getClass());

    @Inject
    private UserDataManager dataManager;
    private boolean autoCreate;

    CouchPermissionResolver() {
    }

    public CouchPermissionResolver(UserDataManager userDataManager) {
        this.dataManager = userDataManager;
    }

    public void setAutoCreateAuthorizationInfo(boolean z) {
        this.autoCreate = z;
    }

    public boolean isAutoCreateAuthorizationInfo() {
        return this.autoCreate;
    }

    @Override // org.apache.shiro.authz.permission.PermissionResolver
    public Permission resolvePermission(String str) {
        this.logger.info("Resolving permission: %s from datamanager: %s", str, this.dataManager);
        try {
            org.commonjava.couch.rbac.Permission permission = this.dataManager.getPermission(str);
            if (permission == null) {
                if (!this.autoCreate) {
                    throw new AuthorizationException("No such permission: " + str);
                }
                permission = new org.commonjava.couch.rbac.Permission(str, new String[0]);
                try {
                    this.dataManager.storePermission(permission);
                } catch (UserDataException e) {
                    this.logger.error("Failed to auto-create permission: %s. Reason: %s", e, str, e.getMessage());
                    throw new AuthorizationException("Cannot auto-create permission. System configuration is invalid.");
                }
            }
            return new ShiroPermission(permission);
        } catch (UserDataException e2) {
            this.logger.error("Failed to retrieve permission: %s. Reason: %s", e2, str, e2.getMessage());
            throw new AuthorizationException("Cannot retrieve permission. System configuration is invalid.");
        }
    }

    @Override // org.apache.shiro.authz.permission.RolePermissionResolver
    public Collection<Permission> resolvePermissionsInRole(String str) {
        HashSet hashSet = new HashSet();
        try {
            Role role = this.dataManager.getRole(str);
            if (role == null) {
                if (!this.autoCreate) {
                    throw new AuthorizationException("No such role: " + str);
                }
                new Role(str, new org.commonjava.couch.rbac.Permission[0]);
                try {
                    role = this.dataManager.createRole(str, new org.commonjava.couch.rbac.Permission[0]);
                } catch (UserDataException e) {
                    this.logger.error("Failed to auto-create role: %s. Reason: %s", e, str, e.getMessage());
                    throw new AuthorizationException("Cannot auto-create role. System configuration is invalid.");
                }
            }
            if (role.getPermissions() != null) {
                try {
                    Set<org.commonjava.couch.rbac.Permission> permissions = this.dataManager.getPermissions(role);
                    if (permissions != null) {
                        Iterator<org.commonjava.couch.rbac.Permission> it = permissions.iterator();
                        while (it.hasNext()) {
                            hashSet.add(new ShiroPermission(it.next()));
                        }
                    }
                } catch (UserDataException e2) {
                    this.logger.error("Failed to retrieve permissions for role: %s. Reason: %s", e2, str, e2.getMessage());
                    throw new AuthorizationException("Cannot retrieve permissions for role. System configuration is invalid.");
                }
            }
            return hashSet;
        } catch (UserDataException e3) {
            this.logger.error("Failed to retrieve role: %s. Reason: %s", e3, str, e3.getMessage());
            throw new AuthorizationException("Cannot retrieve role. System configuration is invalid.");
        }
    }
}
