package org.eclipse.scout.rt.server.services.common.security;

import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.Permission;
import java.security.Permissions;
import java.security.Principal;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import org.eclipse.scout.commons.annotations.Priority;
import org.eclipse.scout.commons.logger.IScoutLogger;
import org.eclipse.scout.commons.logger.ScoutLogManager;
import org.eclipse.scout.rt.server.services.common.security.internal.AccessControlStore;
import org.eclipse.scout.rt.shared.security.BasicHierarchyPermission;
import org.eclipse.scout.rt.shared.security.RemoteServiceAccessPermission;
import org.eclipse.scout.rt.shared.services.common.ping.IPingService;
import org.eclipse.scout.rt.shared.services.common.security.IAccessControlService;
import org.eclipse.scout.service.AbstractService;
import org.eclipse.scout.service.SERVICES;
import org.osgi.framework.ServiceRegistration;

@Priority(-1.0f)
/* loaded from: input_file:org/eclipse/scout/rt/server/services/common/security/AbstractAccessControlService.class */
public class AbstractAccessControlService extends AbstractService implements IAccessControlService {
    private static final IScoutLogger LOG = ScoutLogManager.getLogger(AbstractAccessControlService.class);
    private AccessControlStore m_accessControlStore;
    private Pattern[] m_userIdSearchPatterns = {Pattern.compile(".*\\\\([^/@]+)"), Pattern.compile(".*\\\\([^/@]+)[/@].*"), Pattern.compile("([^/@]+)"), Pattern.compile("([^/@]+)[/@].*")};

    protected Pattern[] getUserIdSearchPatterns() {
        return this.m_userIdSearchPatterns;
    }

    protected void setUserIdSearchPatterns(Pattern... patternArr) {
        this.m_userIdSearchPatterns = patternArr;
    }

    protected void setUserIdSearchPatterns(String... strArr) {
        Pattern[] patternArr = new Pattern[strArr.length];
        for (int i = 0; i < patternArr.length; i++) {
            patternArr[i] = Pattern.compile(strArr[i]);
        }
        setUserIdSearchPatterns(patternArr);
    }

    public String getUserIdOfCurrentSubject() {
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject == null || this.m_userIdSearchPatterns == null) {
            return null;
        }
        Iterator<Principal> it = subject.getPrincipals().iterator();
        while (it.hasNext()) {
            String lowerCase = it.next().getName().toLowerCase();
            for (Pattern pattern : this.m_userIdSearchPatterns) {
                Matcher matcher = pattern.matcher(lowerCase);
                if (matcher.matches()) {
                    return matcher.group(1);
                }
            }
        }
        return null;
    }

    public void initializeService(ServiceRegistration serviceRegistration) {
        this.m_accessControlStore = new AccessControlStore();
        super.initializeService(serviceRegistration);
    }

    public boolean checkPermission(Permission permission) {
        Permissions permissions;
        if (permission == null || (permissions = getPermissions()) == null) {
            return true;
        }
        return permissions.implies(permission);
    }

    public int getPermissionLevel(Permission permission) {
        if (permission == null) {
            return 0;
        }
        if (!(permission instanceof BasicHierarchyPermission)) {
            return checkPermission(permission) ? 100 : 0;
        }
        BasicHierarchyPermission basicHierarchyPermission = (BasicHierarchyPermission) permission;
        Permissions permissions = getPermissions();
        if (permissions == null) {
            List validLevels = basicHierarchyPermission.getValidLevels();
            return ((Integer) validLevels.get(validLevels.size() - 1)).intValue();
        }
        int i = -1;
        Enumeration<Permission> elements = permissions.elements();
        while (elements.hasMoreElements()) {
            BasicHierarchyPermission basicHierarchyPermission2 = (Permission) elements.nextElement();
            if (basicHierarchyPermission2 instanceof AllPermission) {
                return 100;
            }
            if (basicHierarchyPermission2 instanceof BasicHierarchyPermission) {
                BasicHierarchyPermission basicHierarchyPermission3 = basicHierarchyPermission2;
                if (basicHierarchyPermission3.getClass().isAssignableFrom(basicHierarchyPermission.getClass())) {
                    i = Math.max(i, basicHierarchyPermission3.getLevel());
                    if (i >= 100) {
                        break;
                    }
                } else {
                    continue;
                }
            }
        }
        return i;
    }

    public Permissions getPermissions() {
        Permissions permissionsOfCurrentSubject = this.m_accessControlStore.getPermissionsOfCurrentSubject();
        if (permissionsOfCurrentSubject != null) {
            return permissionsOfCurrentSubject;
        }
        setPermissions(execLoadPermissions());
        return this.m_accessControlStore.getPermissionsOfCurrentSubject();
    }

    protected Permissions execLoadPermissions() {
        return null;
    }

    private void setPermissions(Permissions permissions) {
        if (permissions != null && !permissions.implies(new RemoteServiceAccessPermission(IPingService.class.getName(), "ping"))) {
            boolean z = false;
            Enumeration<Permission> elements = permissions.elements();
            while (true) {
                if (!elements.hasMoreElements()) {
                    break;
                } else if (elements.nextElement() instanceof RemoteServiceAccessPermission) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                LOG.warn("Legacy security hint: missing any RemoteServiceAccessPermissions in AccessController. Please verify the " + ((IAccessControlService) SERVICES.getService(IAccessControlService.class)).getClass() + " to include such permissions for accessing services using client proxies. Adding default rule to allow services of pattern '*.shared.*'");
                permissions.add(new RemoteServiceAccessPermission("*.shared.*", "*"));
            }
        }
        this.m_accessControlStore.setPermissionsOfCurrentSubject(permissions);
    }

    public boolean isProxyService() {
        return false;
    }

    public void clearCache() {
        this.m_accessControlStore.clearCache();
    }

    @Deprecated
    public void clearCacheOfPrincipals(String... strArr) {
        clearCacheOfUserIds(strArr);
    }

    public void clearCacheOfUserIds(String... strArr) {
        this.m_accessControlStore.clearCacheOfUserIds(strArr);
    }

    public boolean checkServiceTunnelAccess(Class cls, Method method, Object[] objArr) {
        return false;
    }
}
