package com.ecyrd.jspwiki.auth;

import com.ecyrd.jspwiki.InternalWikiException;
import com.ecyrd.jspwiki.NoRequiredPropertyException;
import com.ecyrd.jspwiki.TextUtil;
import com.ecyrd.jspwiki.WikiEngine;
import com.ecyrd.jspwiki.WikiException;
import com.ecyrd.jspwiki.WikiPage;
import com.ecyrd.jspwiki.acl.AccessControlList;
import com.ecyrd.jspwiki.acl.AclEntryImpl;
import com.ecyrd.jspwiki.acl.AclImpl;
import com.ecyrd.jspwiki.attachment.Attachment;
import com.ecyrd.jspwiki.auth.permissions.DeletePermission;
import com.ecyrd.jspwiki.auth.permissions.EditPermission;
import com.ecyrd.jspwiki.auth.permissions.ViewPermission;
import com.ecyrd.jspwiki.auth.permissions.WikiPermission;
import com.ecyrd.jspwiki.util.ClassUtil;
import java.security.Principal;
import java.security.acl.AclEntry;
import java.security.acl.NotOwnerException;
import java.util.Iterator;
import java.util.Properties;
import org.apache.log4j.Logger;

/* loaded from: input_file:121914-03/SUNWportal-portlets/reloc/SUNWportal/portletapps/wiki/src/wiki.war.tokenized:WEB-INF/lib/JSPWiki.jar:com/ecyrd/jspwiki/auth/AuthorizationManager.class */
public class AuthorizationManager {
    public static final String PROP_STRICTLOGINS = "jspwiki.policy.strictLogins";
    public static final String PROP_AUTHORIZER = "jspwiki.authorizer";
    public static final String DEFAULT_AUTHORIZER = "com.ecyrd.jspwiki.auth.modules.PageAuthorizer";
    protected static final String PROP_USEOLDAUTH = "jspwiki.auth.useOldAuth";
    static Logger log;
    private WikiAuthorizer m_authorizer;
    private AccessControlList m_defaultPermissions;
    private boolean m_strictLogins;
    private boolean m_useAuth;
    private WikiEngine m_engine;
    static Class class$com$ecyrd$jspwiki$auth$AuthorizationManager;

    public AuthorizationManager(WikiEngine wikiEngine, Properties properties) throws WikiException {
        this.m_strictLogins = false;
        this.m_useAuth = false;
        this.m_engine = wikiEngine;
        this.m_useAuth = TextUtil.getBooleanProperty(properties, PROP_USEOLDAUTH, false);
        this.m_strictLogins = TextUtil.getBooleanProperty(properties, PROP_STRICTLOGINS, false);
        if (this.m_useAuth) {
            this.m_authorizer = getAuthorizerImplementation(properties);
            this.m_authorizer.initialize(wikiEngine, properties);
            AclEntry aclEntryImpl = new AclEntryImpl();
            AllGroup allGroup = new AllGroup();
            allGroup.setName("All");
            aclEntryImpl.setPrincipal(allGroup);
            aclEntryImpl.addPermission(new ViewPermission());
            aclEntryImpl.addPermission(new EditPermission());
            AclEntryImpl aclEntryImpl2 = new AclEntryImpl();
            aclEntryImpl2.setPrincipal(allGroup);
            aclEntryImpl2.setNegativePermissions();
            aclEntryImpl2.addPermission(new DeletePermission());
            try {
                this.m_defaultPermissions = new AclImpl();
                this.m_defaultPermissions.addEntry(null, aclEntryImpl);
                this.m_defaultPermissions.addEntry(null, aclEntryImpl2);
            } catch (NotOwnerException e) {
                throw new InternalWikiException("Nobody told me that owners were in use");
            }
        }
    }

    public boolean strictLogins() {
        return this.m_strictLogins;
    }

    private AccessControlList getAcl(WikiPage wikiPage) {
        AccessControlList acl = wikiPage.getAcl();
        if (acl == null) {
            acl = this.m_authorizer.getPermissions(wikiPage);
            if (acl == null && (wikiPage instanceof Attachment)) {
                acl = getAcl(this.m_engine.getPage(((Attachment) wikiPage).getParentName()));
            }
        }
        return acl;
    }

    private WikiAuthorizer getAuthorizerImplementation(Properties properties) throws WikiException {
        String property = properties.getProperty(PROP_AUTHORIZER, DEFAULT_AUTHORIZER);
        if (property == null) {
            throw new NoRequiredPropertyException("Unable to find a jspwiki.authorizer entry in the properties.", PROP_AUTHORIZER);
        }
        try {
            return (WikiAuthorizer) ClassUtil.findClass("com.ecyrd.jspwiki.auth.modules", property).newInstance();
        } catch (ClassNotFoundException e) {
            log.fatal(new StringBuffer().append("WikiAuthorizer ").append(property).append(" cannot be found").toString(), e);
            throw new WikiException(new StringBuffer().append("WikiAuthorizer ").append(property).append(" cannot be found").toString());
        } catch (IllegalAccessException e2) {
            log.fatal("You are not allowed to access this authorizer class", e2);
            throw new WikiException("You are not allowed to access this authorizer class");
        } catch (InstantiationException e3) {
            log.fatal(new StringBuffer().append("Authorizer ").append(property).append(" cannot be created").toString(), e3);
            throw new WikiException(new StringBuffer().append("Authorizer ").append(property).append(" cannot be created").toString());
        }
    }

    public boolean checkPermission(WikiPage wikiPage, UserProfile userProfile, String str) {
        return checkPermission(wikiPage, userProfile, WikiPermission.newInstance(str));
    }

    public boolean checkPermission(WikiPage wikiPage, UserProfile userProfile, WikiPermission wikiPermission) {
        int i = 0;
        UserManager userManager = this.m_engine.getUserManager();
        if (userProfile == null) {
            return false;
        }
        if (!userProfile.isAuthenticated() && this.m_strictLogins) {
            return false;
        }
        if (!this.m_useAuth) {
            return true;
        }
        if (userProfile.isAuthenticated() && userManager.isAdministrator(userProfile)) {
            return true;
        }
        AccessControlList acl = getAcl(wikiPage);
        if (acl != null) {
            log.debug(new StringBuffer().append("ACL for this page is: ").append(acl).toString());
            log.debug(new StringBuffer().append("Checking for wup: ").append(userProfile).toString());
            log.debug(new StringBuffer().append("Permission: ").append(wikiPermission).toString());
            if (userProfile.isAuthenticated()) {
                i = acl.findPermission(userProfile, wikiPermission);
            }
            if (i == 0) {
                log.debug("Checking groups...");
                try {
                    Iterator it = userManager.getGroupsForPrincipal(userProfile).iterator();
                    while (it.hasNext()) {
                        i = acl.findPermission((Principal) it.next(), wikiPermission);
                        if (i != 0) {
                            break;
                        }
                    }
                } catch (NoSuchPrincipalException e) {
                    log.warn("Internal trouble: No principal defined for requested user.", e);
                }
            }
        }
        if (i == 0) {
            log.debug(new StringBuffer().append("Page defines no permissions for ").append(userProfile.getName()).append(", checking defaults.").toString());
            AccessControlList defaultPermissions = this.m_authorizer.getDefaultPermissions();
            if (defaultPermissions != null) {
                i = defaultPermissions.findPermission(userProfile, wikiPermission);
            }
        }
        if (i == 0) {
            log.debug("No defaults exist, falling back to hardcoded permissions.");
            i = this.m_defaultPermissions.findPermission(userProfile, wikiPermission);
        }
        log.debug(new StringBuffer().append("Permission ").append(wikiPermission).append(" for user ").append(userProfile).append(" is ").append(i).toString());
        if (i == 0) {
            throw new InternalWikiException("No default policy has been defined!");
        }
        return i == 1;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ecyrd$jspwiki$auth$AuthorizationManager == null) {
            cls = class$("com.ecyrd.jspwiki.auth.AuthorizationManager");
            class$com$ecyrd$jspwiki$auth$AuthorizationManager = cls;
        } else {
            cls = class$com$ecyrd$jspwiki$auth$AuthorizationManager;
        }
        log = Logger.getLogger(cls);
    }
}
