package org.pentaho.platform.engine.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.concurrent.Callable;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.pentaho.platform.api.engine.IAclHolder;
import org.pentaho.platform.api.engine.IAclVoter;
import org.pentaho.platform.api.engine.IAuthorizationPolicy;
import org.pentaho.platform.api.engine.IParameterProvider;
import org.pentaho.platform.api.engine.IPentahoSession;
import org.pentaho.platform.api.engine.ISecurityHelper;
import org.pentaho.platform.api.engine.IUserRoleListService;
import org.pentaho.platform.api.mt.ITenant;
import org.pentaho.platform.api.mt.ITenantedPrincipleNameResolver;
import org.pentaho.platform.engine.core.system.BasePentahoRequestContext;
import org.pentaho.platform.engine.core.system.PentahoSessionHolder;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.engine.core.system.StandaloneSession;
import org.pentaho.platform.engine.core.system.UserSession;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;

/* loaded from: input_file:org/pentaho/platform/engine/security/SecurityHelper.class */
public class SecurityHelper implements ISecurityHelper {
    private static final Log logger = LogFactory.getLog(SecurityHelper.class);
    private static ISecurityHelper instance = new SecurityHelper();
    private static ISecurityHelper mockInstance;
    private ITenantedPrincipleNameResolver tenantedUserNameUtils;
    private IAuthorizationPolicy policy;
    private IAclVoter aclVoter;
    private UserDetailsService userDetailsService;
    private IUserRoleListService userRoleListService;

    public static ISecurityHelper getInstance() {
        return mockInstance != null ? mockInstance : instance;
    }

    public static void setMockInstance(ISecurityHelper iSecurityHelper) {
        mockInstance = iSecurityHelper;
    }

    protected SecurityHelper() {
    }

    public void becomeUser(String str) {
        becomeUser(str, null);
    }

    public void becomeUser(String str, IParameterProvider iParameterProvider) {
        UserSession userSession;
        this.tenantedUserNameUtils = getTenantedUserNameUtils();
        if (this.tenantedUserNameUtils != null) {
            userSession = new UserSession(str, null, false, iParameterProvider);
            ITenant tenant = this.tenantedUserNameUtils.getTenant(str);
            userSession.setAttribute("org.pentaho.tenantId", tenant.getId());
            userSession.setAuthenticated(tenant.getId(), str);
        } else {
            userSession = new UserSession(str, null, false, iParameterProvider);
            userSession.setAuthenticated(str);
        }
        PentahoSessionHolder.setSession(userSession);
        Authentication createAuthentication = createAuthentication(str);
        PentahoSessionHolder.getSession().setAttribute("roles", createAuthentication.getAuthorities());
        SecurityContextHolder.clearContext();
        SecurityContextHolder.getContext().setAuthentication(createAuthentication);
        PentahoSystem.sessionStartup(PentahoSessionHolder.getSession(), iParameterProvider);
    }

    public <T> T runAsUser(String str, Callable<T> callable) throws Exception {
        return (T) runAsUser(str, null, callable);
    }

    public <T> T runAsUser(String str, IParameterProvider iParameterProvider, Callable<T> callable) throws Exception {
        IPentahoSession session = PentahoSessionHolder.getSession();
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        try {
            becomeUser(str);
            T call = callable.call();
            IPentahoSession session2 = PentahoSessionHolder.getSession();
            if (session2 != null && session2 != session) {
                try {
                    session2.destroy();
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
            PentahoSessionHolder.setSession(session);
            SecurityContextHolder.getContext().setAuthentication(authentication);
            return call;
        } catch (Throwable th) {
            IPentahoSession session3 = PentahoSessionHolder.getSession();
            if (session3 != null && session3 != session) {
                try {
                    session3.destroy();
                } catch (Exception e2) {
                    e2.printStackTrace();
                }
            }
            PentahoSessionHolder.setSession(session);
            SecurityContextHolder.getContext().setAuthentication(authentication);
            throw th;
        }
    }

    public <T> T runAsAnonymous(Callable<T> callable) throws Exception {
        IPentahoSession session = PentahoSessionHolder.getSession();
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        try {
            PentahoSessionHolder.setSession(new StandaloneSession());
            String systemSetting = PentahoSystem.getSystemSetting("anonymous-authentication/anonymous-user", "anonymousUser");
            String systemSetting2 = PentahoSystem.getSystemSetting("anonymous-authentication/anonymous-role", "Anonymous");
            ArrayList arrayList = new ArrayList();
            arrayList.add(new SimpleGrantedAuthority(systemSetting2));
            AnonymousAuthenticationToken anonymousAuthenticationToken = new AnonymousAuthenticationToken("anonymousUser", new User(systemSetting, "ignored", true, true, true, true, arrayList), arrayList);
            SecurityContextHolder.clearContext();
            SecurityContextHolder.getContext().setAuthentication(anonymousAuthenticationToken);
            T call = callable.call();
            PentahoSessionHolder.setSession(session);
            SecurityContextHolder.getContext().setAuthentication(authentication);
            return call;
        } catch (Throwable th) {
            PentahoSessionHolder.setSession(session);
            SecurityContextHolder.getContext().setAuthentication(authentication);
            throw th;
        }
    }

    @Deprecated
    public boolean isPentahoAdministrator(IPentahoSession iPentahoSession) {
        IAuthorizationPolicy authorizationPolicy = getAuthorizationPolicy();
        if (authorizationPolicy == null) {
            logger.warn("No IAuthorizationPolicy set in PentahoSystem");
        }
        return authorizationPolicy.isAllowed("org.pentaho.repository.read") && authorizationPolicy.isAllowed("org.pentaho.repository.create") && authorizationPolicy.isAllowed("org.pentaho.security.administerSecurity");
    }

    public boolean isGranted(IPentahoSession iPentahoSession, GrantedAuthority grantedAuthority) {
        Collection authorities;
        Authentication authentication = getAuthentication();
        if (authentication == null || !authentication.isAuthenticated() || (authorities = authentication.getAuthorities()) == null) {
            return false;
        }
        Iterator it = authorities.iterator();
        while (it.hasNext()) {
            if (((GrantedAuthority) it.next()).equals(grantedAuthority)) {
                return true;
            }
        }
        return false;
    }

    @Deprecated
    public boolean hasAccess(IAclHolder iAclHolder, int i, IPentahoSession iPentahoSession) {
        int i2;
        switch (i) {
            case 0:
                i2 = 1;
                break;
            case 1:
            case 2:
                i2 = 8;
                break;
            case 3:
                i2 = 16;
                break;
            case 4:
                i2 = 60;
                break;
            default:
                i2 = 1;
                break;
        }
        return getAclVoter().hasAccess(iPentahoSession, iAclHolder, i2);
    }

    @Deprecated
    public IAclVoter getAclVoter() {
        if (this.aclVoter == null) {
            this.aclVoter = (IAclVoter) PentahoSystem.get(IAclVoter.class);
        }
        return this.aclVoter;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v9, types: [java.util.List] */
    public Authentication createAuthentication(String str) {
        String systemSetting = PentahoSystem.getSystemSetting("anonymous-authentication/anonymous-user", "anonymousUser");
        this.userDetailsService = getUserDetailsService();
        this.userRoleListService = getUserRoleListService();
        ArrayList arrayList = new ArrayList();
        if (systemSetting.equals(str)) {
            arrayList.add(PentahoSystem.getSystemSetting("anonymous-authentication/anonymous-role", "Anonymous"));
        } else {
            arrayList = this.userRoleListService.getRolesForUser((ITenant) null, str);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("rolesForUser:" + arrayList);
        }
        ArrayList arrayList2 = new ArrayList();
        if (arrayList != null) {
            arrayList2 = new ArrayList(arrayList.size());
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                arrayList2.add(new SimpleGrantedAuthority((String) it.next()));
            }
        }
        return new UsernamePasswordAuthenticationToken(new User(str, BasePentahoRequestContext.EMPTY, true, true, true, true, arrayList2), (Object) null, arrayList2);
    }

    public Authentication getAuthentication() {
        return SecurityContextHolder.getContext().getAuthentication();
    }

    public Authentication getAuthentication(IPentahoSession iPentahoSession, boolean z) {
        return getAuthentication();
    }

    public <T> T runAsSystem(Callable<T> callable) throws Exception {
        String str = (String) PentahoSystem.get(String.class, "singleTenantAdminUserName", (IPentahoSession) null);
        IPentahoSession session = PentahoSessionHolder.getSession();
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        StandaloneSession standaloneSession = null;
        try {
            standaloneSession = new StandaloneSession(str);
            standaloneSession.setAuthenticated(str);
            PentahoSessionHolder.setSession(standaloneSession);
            SecurityContextHolder.clearContext();
            SecurityContextHolder.getContext().setAuthentication(createAuthentication(str));
            T call = callable.call();
            if (standaloneSession != null) {
                try {
                    standaloneSession.destroy();
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
            PentahoSessionHolder.setSession(session);
            SecurityContextHolder.getContext().setAuthentication(authentication);
            return call;
        } catch (Throwable th) {
            if (standaloneSession != null) {
                try {
                    standaloneSession.destroy();
                } catch (Exception e2) {
                    e2.printStackTrace();
                }
            }
            PentahoSessionHolder.setSession(session);
            SecurityContextHolder.getContext().setAuthentication(authentication);
            throw th;
        }
    }

    public IAuthorizationPolicy getAuthorizationPolicy() {
        if (this.policy == null) {
            this.policy = (IAuthorizationPolicy) PentahoSystem.get(IAuthorizationPolicy.class);
        }
        return this.policy;
    }

    public ITenantedPrincipleNameResolver getTenantedUserNameUtils() {
        if (this.tenantedUserNameUtils == null) {
            this.tenantedUserNameUtils = (ITenantedPrincipleNameResolver) PentahoSystem.get(ITenantedPrincipleNameResolver.class, "tenantedUserNameUtils", (IPentahoSession) null);
        }
        return this.tenantedUserNameUtils;
    }

    public UserDetailsService getUserDetailsService() {
        if (this.userDetailsService == null) {
            this.userDetailsService = (UserDetailsService) PentahoSystem.get(UserDetailsService.class);
        }
        return this.userDetailsService;
    }

    public IUserRoleListService getUserRoleListService() {
        if (this.userRoleListService == null) {
            this.userRoleListService = (IUserRoleListService) PentahoSystem.get(IUserRoleListService.class);
        }
        return this.userRoleListService;
    }
}
