package org.deegree.portal.standard.security.control;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.http.HttpSession;
import org.deegree.enterprise.control.AbstractListener;
import org.deegree.i18n.Messages;
import org.deegree.security.GeneralSecurityException;
import org.deegree.security.UnauthorizedException;
import org.deegree.security.drm.SecurityAccess;
import org.deegree.security.drm.SecurityAccessManager;
import org.deegree.security.drm.SecurityTransaction;
import org.deegree.security.drm.model.RightType;
import org.deegree.security.drm.model.Role;
import org.deegree.security.drm.model.User;

/* loaded from: input_file:WEB-INF/lib/deegree2.jar:org/deegree/portal/standard/security/control/SecurityHelper.class */
public class SecurityHelper {
    public static SecurityAccess acquireAccess(AbstractListener abstractListener) throws GeneralSecurityException {
        HttpSession session = abstractListener.getRequest().getSession(false);
        if (session == null) {
            throw new UnauthorizedException(Messages.getMessage("IGEO_STD_SEC_ERROR_UNAUTHORIZED_ACCESS", new Object[0]));
        }
        String str = (String) session.getAttribute("USERNAME");
        String str2 = (String) session.getAttribute(ClientHelper.KEY_PASSWORD);
        SecurityAccessManager securityAccessManager = SecurityAccessManager.getInstance();
        User userByName = securityAccessManager.getUserByName(str);
        userByName.authenticate(str2);
        return securityAccessManager.acquireAccess(userByName);
    }

    public static SecurityTransaction acquireTransaction(AbstractListener abstractListener) throws GeneralSecurityException {
        HttpSession session = abstractListener.getRequest().getSession(false);
        String str = (String) session.getAttribute("USERNAME");
        String str2 = (String) session.getAttribute(ClientHelper.KEY_PASSWORD);
        SecurityAccessManager securityAccessManager = SecurityAccessManager.getInstance();
        User userByName = securityAccessManager.getUserByName(str);
        userByName.authenticate(str2);
        return securityAccessManager.acquireTransaction(userByName);
    }

    public static Role findAdminForRole(SecurityAccess securityAccess, Role role) throws GeneralSecurityException {
        Role[] allRoles = securityAccess.getAllRoles();
        Role roleById = securityAccess.getRoleById(3);
        for (int i = 0; i < allRoles.length; i++) {
            if (allRoles[i].getName().startsWith("SUBADMIN:") && allRoles[i].hasRight(securityAccess, RightType.UPDATE, role)) {
                roleById = allRoles[i];
            }
        }
        return roleById;
    }

    public static Role checkForAdminOrSubadminRole(SecurityAccess securityAccess) throws GeneralSecurityException {
        Role role = null;
        Role[] roles = securityAccess.getUser().getRoles(securityAccess);
        for (int i = 0; i < roles.length; i++) {
            if (roles[i].getID() == 3 || roles[i].getName().startsWith("SUBADMIN:")) {
                if (role != null) {
                    throw new GeneralSecurityException(Messages.getMessage("IGEO_STD_SEC_WRONG_ROLE", new Object[0]));
                }
                role = roles[i];
            }
        }
        if (role == null) {
            throw new UnauthorizedException(Messages.getMessage("IGEO_STD_SEC_MISSING_SUBADMIN_ROLE", new Object[0]));
        }
        return role;
    }

    public static void checkForAdminRole(SecurityAccess securityAccess) throws GeneralSecurityException {
        for (Role role : securityAccess.getUser().getRoles(securityAccess)) {
            if (role.getID() == 3) {
                return;
            }
        }
        throw new UnauthorizedException(Messages.getMessage("IGEO_STD_SEC_MISSING_ADMIN_ROLE", new Object[0]));
    }

    public static void checkSubadminRoleValidity(SecurityAccess securityAccess) throws GeneralSecurityException {
        Role[] rolesByNS = securityAccess.getRolesByNS("SUBADMIN");
        Set[] setArr = new Set[rolesByNS.length + 1];
        String[] strArr = new String[rolesByNS.length + 1];
        User[] allUsers = securityAccess.getRoleById(3).getAllUsers(securityAccess);
        setArr[0] = new HashSet();
        strArr[0] = "Administrator";
        for (User user : allUsers) {
            setArr[0].add(user);
        }
        for (int i = 1; i < setArr.length; i++) {
            User[] allUsers2 = rolesByNS[i - 1].getAllUsers(securityAccess);
            setArr[i] = new HashSet();
            strArr[i] = rolesByNS[i - 1].getTitle();
            for (User user2 : allUsers2) {
                setArr[i].add(user2);
            }
        }
        for (int i2 = 0; i2 < setArr.length - 1; i2++) {
            Set set = setArr[i2];
            for (int i3 = i2 + 1; i3 < setArr.length; i3++) {
                Iterator it = setArr[i3].iterator();
                while (it.hasNext()) {
                    if (set.contains((User) it.next())) {
                        throw new GeneralSecurityException(Messages.getMessage("IGEO_STD_SEC_INVALID_SUBADMIN_ROLE", new Object[0]));
                    }
                }
            }
        }
    }
}
