package org.sakaiproject.component.legacy.security;

import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Stack;
import java.util.Vector;
import org.apache.batik.util.XMLConstants;
import org.sakaiproject.api.kernel.thread_local.ThreadLocalManager;
import org.sakaiproject.service.framework.log.Logger;
import org.sakaiproject.service.framework.memory.MultiRefCache;
import org.sakaiproject.service.framework.memory.cover.MemoryService;
import org.sakaiproject.service.legacy.authzGroup.cover.AuthzGroupService;
import org.sakaiproject.service.legacy.resource.cover.EntityManager;
import org.sakaiproject.service.legacy.security.SecurityAdvisor;
import org.sakaiproject.service.legacy.security.SecurityService;
import org.sakaiproject.service.legacy.site.cover.SiteService;
import org.sakaiproject.service.legacy.user.User;
import org.sakaiproject.service.legacy.user.cover.UserDirectoryService;

/* loaded from: input_file:WEB-INF/lib/sakai-legacy-component-sakai_2-1-1.jar:org/sakaiproject/component/legacy/security/SakaiSecurity.class */
public class SakaiSecurity implements SecurityService {
    protected static final String ADVISOR_STACK = "SakaiSecurity.advisor.stack";
    protected MultiRefCache m_callCache = null;
    protected Logger m_logger = null;
    protected ThreadLocalManager m_threadLocalManager = null;
    protected int m_cacheMinutes = 3;

    public void setLogger(Logger logger) {
        this.m_logger = logger;
    }

    public void setThreadLocalManager(ThreadLocalManager threadLocalManager) {
        this.m_threadLocalManager = threadLocalManager;
    }

    public void setCacheMinutes(String str) {
        this.m_cacheMinutes = Integer.parseInt(str);
    }

    public void init() {
        if (this.m_cacheMinutes > 0) {
            this.m_callCache = MemoryService.newMultiRefCache(900L);
        }
        this.m_logger.info(new StringBuffer().append(this).append(".init() - caching minutes: ").append(this.m_cacheMinutes).toString());
    }

    public void destroy() {
        this.m_logger.info(new StringBuffer().append(this).append(".destroy()").toString());
    }

    public boolean isSuperUser() {
        return isSuperUser(UserDirectoryService.getCurrentUser());
    }

    protected boolean isSuperUser(User user) {
        if (user == null || user.getId().length() == 0) {
            return false;
        }
        String stringBuffer = new StringBuffer().append("super@").append(user.getId()).toString();
        if (this.m_callCache != null && this.m_callCache.containsKey(stringBuffer)) {
            return ((Boolean) this.m_callCache.get(stringBuffer)).booleanValue();
        }
        boolean z = false;
        if ("admin".equalsIgnoreCase(user.getId())) {
            z = true;
        } else if ("postmaster".equalsIgnoreCase(user.getId())) {
            z = true;
        } else if (AuthzGroupService.isAllowed(user.getId(), SiteService.SECURE_UPDATE_SITE, "/site/!admin")) {
            z = true;
        }
        if (this.m_callCache != null) {
            Vector vector = new Vector();
            vector.add("/site/!admin");
            this.m_callCache.put(stringBuffer, Boolean.valueOf(z), this.m_cacheMinutes * 60, (String) null, vector);
        }
        return z;
    }

    public boolean unlock(String str, String str2) {
        return unlock(null, str, str2);
    }

    public boolean unlock(User user, String str, String str2) {
        SecurityAdvisor.SecurityAdvice adviseIsAllowed;
        User user2 = user;
        if (user2 == null) {
            user2 = UserDirectoryService.getCurrentUser();
        }
        if (user2 == null || str == null || str2 == null) {
            this.m_logger.warn(new StringBuffer().append(this).append(".unlock(): null: ").append(user2).append(XMLConstants.XML_SPACE).append(str).append(XMLConstants.XML_SPACE).append(str2).toString());
            return false;
        }
        if (isSuperUser(user2)) {
            return true;
        }
        return (!hasAdvisors() || (adviseIsAllowed = adviseIsAllowed(user2.getId(), str, str2)) == SecurityAdvisor.SecurityAdvice.PASS) ? checkAuthzGroups(user2.getId(), str, str2) : adviseIsAllowed == SecurityAdvisor.SecurityAdvice.ALLOWED;
    }

    protected boolean checkAuthzGroups(String str, String str2, String str3) {
        String stringBuffer = new StringBuffer().append("unlock@").append(str).append("@").append(str2).append("@").append(str3).toString();
        if (this.m_callCache != null && this.m_callCache.containsKey(stringBuffer)) {
            return ((Boolean) this.m_callCache.get(stringBuffer)).booleanValue();
        }
        Collection realms = EntityManager.newReference(str3).getRealms();
        boolean isAllowed = AuthzGroupService.isAllowed(str, str2, realms);
        if (this.m_callCache != null) {
            this.m_callCache.put(stringBuffer, Boolean.valueOf(isAllowed), this.m_cacheMinutes * 60, str3, realms);
        }
        return isAllowed;
    }

    public List unlockUsers(String str, String str2) {
        if (str2 == null) {
            this.m_logger.warn(new StringBuffer().append(this).append(".unlockUsers(): null resource: ").append(str).toString());
            return new Vector();
        }
        Collection realms = EntityManager.newReference(str2).getRealms();
        Vector vector = new Vector();
        vector.addAll(AuthzGroupService.getUsersIsAllowed(str, realms));
        List users = UserDirectoryService.getUsers(vector);
        Collections.sort(users);
        return users;
    }

    public void addKey(String str, String str2, String str3, boolean z) {
        this.m_logger.warn(new StringBuffer().append(this).append(".addKey() [NOT SUPPORTED]: user: ").append(str).append(" lock: ").append(str2).append(" resource: ").append(str3).append(" allow: ").append(z).toString());
    }

    public void removeKey(String str, String str2, String str3, boolean z) {
        this.m_logger.warn(new StringBuffer().append(this).append(".removeKey()[NOT SUPPORTED]: user: ").append(str).append(" lock: ").append(str2).append(" resource: ").append(str3).append(" allow: ").append(z).toString());
    }

    protected Stack getAdvisorStack(boolean z) {
        Stack stack = (Stack) this.m_threadLocalManager.get(ADVISOR_STACK);
        if (stack == null && z) {
            stack = new Stack();
            this.m_threadLocalManager.set(ADVISOR_STACK, stack);
        }
        return stack;
    }

    protected void dropAdvisorStack() {
        this.m_threadLocalManager.set(ADVISOR_STACK, (Object) null);
    }

    protected SecurityAdvisor.SecurityAdvice adviseIsAllowed(String str, String str2, String str3) {
        Stack advisorStack = getAdvisorStack(false);
        if (advisorStack == null || advisorStack.isEmpty()) {
            return SecurityAdvisor.SecurityAdvice.PASS;
        }
        for (int size = advisorStack.size() - 1; size >= 0; size--) {
            SecurityAdvisor.SecurityAdvice isAllowed = ((SecurityAdvisor) advisorStack.elementAt(size)).isAllowed(str, str2, str3);
            if (isAllowed != SecurityAdvisor.SecurityAdvice.PASS) {
                return isAllowed;
            }
        }
        return SecurityAdvisor.SecurityAdvice.PASS;
    }

    public void pushAdvisor(SecurityAdvisor securityAdvisor) {
        getAdvisorStack(true).push(securityAdvisor);
    }

    public SecurityAdvisor popAdvisor() {
        Stack advisorStack = getAdvisorStack(false);
        if (advisorStack == null) {
            return null;
        }
        SecurityAdvisor securityAdvisor = null;
        if (advisorStack.size() > 0) {
            securityAdvisor = (SecurityAdvisor) advisorStack.pop();
        }
        if (advisorStack.isEmpty()) {
            dropAdvisorStack();
        }
        return securityAdvisor;
    }

    public boolean hasAdvisors() {
        Stack advisorStack = getAdvisorStack(false);
        return (advisorStack == null || advisorStack.isEmpty()) ? false : true;
    }

    public void clearAdvisors() {
        dropAdvisorStack();
    }
}
