package org.openscada.core.server.common;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.Future;
import org.apache.mina.proxy.handlers.http.HttpProxyConstants;
import org.openscada.core.server.Service;
import org.openscada.core.server.Session;
import org.openscada.core.server.common.session.AbstractSessionImpl;
import org.openscada.sec.AuthenticationImplementation;
import org.openscada.sec.AuthorizationImplementation;
import org.openscada.sec.AuthorizationReply;
import org.openscada.sec.AuthorizationRequest;
import org.openscada.sec.AuthorizationResult;
import org.openscada.sec.PermissionDeniedException;
import org.openscada.sec.StatusCodes;
import org.openscada.sec.UserInformation;
import org.openscada.sec.audit.AuditLogService;
import org.openscada.sec.audit.log.slf4j.LogServiceImpl;
import org.openscada.sec.authz.AuthorizationContext;
import org.openscada.sec.callback.CallbackHandler;
import org.openscada.utils.concurrent.CallingFuture;
import org.openscada.utils.concurrent.FutureListener;
import org.openscada.utils.concurrent.InstantFuture;
import org.openscada.utils.concurrent.NotifyFuture;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/org.openscada.core.server.common-1.1.0.v20130529.jar:org/openscada/core/server/common/ServiceCommon.class */
public abstract class ServiceCommon<S extends Session, SI extends AbstractSessionImpl> implements Service<S> {
    private static final Logger logger = LoggerFactory.getLogger(ServiceCommon.class);
    protected static final AuthorizationResult DEFAULT_RESULT = AuthorizationResult.createReject(StatusCodes.AUTHORIZATION_FAILED, Messages.getString("ServiceCommon.DefaultMessage"));
    private AuthenticationImplementation authenticationImplementation = new DefaultAuthentication();
    private AuthorizationImplementation authorizationImplementation = new DefaultAuthorization(new AuthenticationImplementation() { // from class: org.openscada.core.server.common.ServiceCommon.1
        @Override // org.openscada.sec.AuthenticationImplementation
        public UserInformation getUser(String str) {
            return ServiceCommon.this.authenticationImplementation.getUser(str);
        }

        @Override // org.openscada.sec.AuthenticationImplementation
        public NotifyFuture<UserInformation> authenticate(CallbackHandler callbackHandler) {
            return ServiceCommon.this.authenticationImplementation.authenticate(callbackHandler);
        }
    });
    private AuditLogService auditLogService = new LogServiceImpl();

    public void setAuditLogService(AuditLogService auditLogService) {
        this.auditLogService = auditLogService == null ? new LogServiceImpl() : auditLogService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setAuthenticationImplementation(AuthenticationImplementation authenticationImplementation) {
        this.authenticationImplementation = authenticationImplementation;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setAuthorizationImplementation(AuthorizationImplementation authorizationImplementation) {
        this.authorizationImplementation = authorizationImplementation;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<String> extractPrivileges(Properties properties) {
        HashSet hashSet = new HashSet();
        for (Map.Entry entry : properties.entrySet()) {
            if ((entry.getKey() instanceof String) && (entry.getValue() instanceof String)) {
                String str = (String) entry.getKey();
                if (str.startsWith("session.privilege.")) {
                    hashSet.add(str.substring("session.privilege.".length()));
                }
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public NotifyFuture<UserInformation> loginUser(Properties properties, CallbackHandler callbackHandler) {
        return new CallingFuture<AuthorizationReply, UserInformation>(authorize(new AuthorizationRequest("SESSION", null, HttpProxyConstants.CONNECT, UserInformation.ANONYMOUS, null), callbackHandler)) { // from class: org.openscada.core.server.common.ServiceCommon.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.openscada.utils.concurrent.CallingFuture
            public UserInformation call(Future<AuthorizationReply> future) throws Exception {
                AuthorizationReply authorizationReply = future.get();
                PermissionDeniedException asException = authorizationReply.getResult().asException();
                if (asException == null) {
                    return authorizationReply.getUserInformation();
                }
                ServiceCommon.logger.debug("Failed to login user", (Throwable) asException);
                throw asException;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void fillSessionProperties(UserInformation userInformation, Map<String, String> map) {
        if (userInformation != null && !userInformation.isAnonymous()) {
            map.put("userInformation.name", userInformation.getName());
        }
        if (userInformation == null || userInformation.getRoles() == null) {
            return;
        }
        Iterator<String> it = userInformation.getRoles().iterator();
        while (it.hasNext()) {
            map.put(String.format("userInformation.roles.%s", it.next()), "true");
        }
    }

    protected NotifyFuture<AuthorizationReply> authorize(AuthorizationRequest authorizationRequest, CallbackHandler callbackHandler) {
        return authorize(authorizationRequest, callbackHandler, DEFAULT_RESULT);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public NotifyFuture<AuthorizationReply> authorize(final AuthorizationRequest authorizationRequest, CallbackHandler callbackHandler, AuthorizationResult authorizationResult) {
        final AuthorizationContext authorizationContext = new AuthorizationContext();
        authorizationContext.setCallbackHandler(callbackHandler);
        authorizationContext.setRequest(authorizationRequest);
        this.auditLogService.authorizationRequested(authorizationRequest);
        NotifyFuture<AuthorizationReply> authorize = this.authorizationImplementation.authorize(authorizationContext, authorizationResult);
        authorize.addListener(new FutureListener<AuthorizationReply>() { // from class: org.openscada.core.server.common.ServiceCommon.3
            @Override // org.openscada.utils.concurrent.FutureListener
            public void complete(Future<AuthorizationReply> future) {
                try {
                    ServiceCommon.this.auditLogService.authorizationDone(authorizationContext, authorizationRequest, future.get());
                } catch (Exception e) {
                    ServiceCommon.this.auditLogService.authorizationFailed(authorizationContext, authorizationRequest, e);
                }
            }
        });
        return authorize;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public NotifyFuture<UserInformation> makeEffectiveUserInformation(AbstractSessionImpl abstractSessionImpl, final String str, CallbackHandler callbackHandler) {
        UserInformation userInformation = abstractSessionImpl.getUserInformation();
        if (userInformation == null) {
            logger.debug("Session has no user information. Using anonymous.");
            userInformation = UserInformation.ANONYMOUS;
        }
        if (str == null) {
            logger.info("target user is null");
            return new InstantFuture(userInformation);
        }
        if (str.equals(userInformation.getName())) {
            logger.debug("Session user and target user match ... using session user");
            return new InstantFuture(userInformation);
        }
        logger.debug("Trying to set target user: {}", str);
        return new CallingFuture<AuthorizationReply, UserInformation>(authorize(new AuthorizationRequest("SESSION", str, "PROXY_USER", abstractSessionImpl.getUserInformation(), null), callbackHandler)) { // from class: org.openscada.core.server.common.ServiceCommon.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.openscada.utils.concurrent.CallingFuture
            public UserInformation call(Future<AuthorizationReply> future) throws Exception {
                AuthorizationReply authorizationReply = future.get();
                if (authorizationReply.isGranted()) {
                    return ServiceCommon.this.authenticationImplementation.getUser(str);
                }
                ServiceCommon.logger.info("Proxy user is not allowed");
                throw authorizationReply.getResult().asException();
            }
        };
    }
}
