package org.sonatype.security.authorization;

import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nullable;
import javax.inject.Inject;
import org.apache.shiro.authz.Authorizer;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.permission.RolePermissionResolver;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/nexus-security-2.14.17-01.jar:org/sonatype/security/authorization/ExceptionCatchingModularRealmAuthorizer.class */
public class ExceptionCatchingModularRealmAuthorizer extends ModularRealmAuthorizer {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ExceptionCatchingModularRealmAuthorizer.class);

    public ExceptionCatchingModularRealmAuthorizer(Collection<Realm> collection) {
        super(collection);
    }

    @Inject
    public ExceptionCatchingModularRealmAuthorizer(Collection<Realm> collection, @Nullable RolePermissionResolver rolePermissionResolver) {
        super(collection);
        if (null != rolePermissionResolver) {
            setRolePermissionResolver(rolePermissionResolver);
        }
    }

    @Override // org.apache.shiro.authz.ModularRealmAuthorizer, org.apache.shiro.authz.Authorizer
    public void checkPermission(PrincipalCollection principalCollection, String str) throws org.apache.shiro.authz.AuthorizationException {
        if (!isPermitted(principalCollection, str)) {
            throw new org.apache.shiro.authz.AuthorizationException("User is not permitted: " + str);
        }
    }

    @Override // org.apache.shiro.authz.ModularRealmAuthorizer, org.apache.shiro.authz.Authorizer
    public void checkPermission(PrincipalCollection principalCollection, Permission permission) throws org.apache.shiro.authz.AuthorizationException {
        if (!isPermitted(principalCollection, permission)) {
            throw new org.apache.shiro.authz.AuthorizationException("User is not permitted: " + permission);
        }
    }

    @Override // org.apache.shiro.authz.ModularRealmAuthorizer, org.apache.shiro.authz.Authorizer
    public void checkPermissions(PrincipalCollection principalCollection, String... strArr) throws org.apache.shiro.authz.AuthorizationException {
        for (String str : strArr) {
            checkPermission(principalCollection, str);
        }
    }

    @Override // org.apache.shiro.authz.ModularRealmAuthorizer, org.apache.shiro.authz.Authorizer
    public void checkPermissions(PrincipalCollection principalCollection, Collection<Permission> collection) throws org.apache.shiro.authz.AuthorizationException {
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            checkPermission(principalCollection, it.next());
        }
    }

    @Override // org.apache.shiro.authz.ModularRealmAuthorizer, org.apache.shiro.authz.Authorizer
    public void checkRole(PrincipalCollection principalCollection, String str) throws org.apache.shiro.authz.AuthorizationException {
        if (!hasRole(principalCollection, str)) {
            throw new org.apache.shiro.authz.AuthorizationException("User is not permitted role: " + str);
        }
    }

    @Override // org.apache.shiro.authz.ModularRealmAuthorizer, org.apache.shiro.authz.Authorizer
    public void checkRoles(PrincipalCollection principalCollection, Collection<String> collection) throws org.apache.shiro.authz.AuthorizationException {
        if (!hasAllRoles(principalCollection, collection)) {
            throw new org.apache.shiro.authz.AuthorizationException("User is not permitted role: " + collection);
        }
    }

    @Override // org.apache.shiro.authz.ModularRealmAuthorizer, org.apache.shiro.authz.Authorizer
    public boolean hasAllRoles(PrincipalCollection principalCollection, Collection<String> collection) {
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            if (!hasRole(principalCollection, it.next())) {
                return false;
            }
        }
        return true;
    }

    @Override // org.apache.shiro.authz.ModularRealmAuthorizer, org.apache.shiro.authz.Authorizer
    public boolean hasRole(PrincipalCollection principalCollection, String str) {
        for (Realm realm : getRealms()) {
            if (realm instanceof Authorizer) {
                try {
                    if (((Authorizer) realm).hasRole(principalCollection, str)) {
                        return true;
                    }
                } catch (org.apache.shiro.authz.AuthorizationException e) {
                    logAndIgnore(realm, e);
                } catch (RuntimeException e2) {
                    logAndIgnore(realm, e2);
                }
            }
        }
        return false;
    }

    @Override // org.apache.shiro.authz.ModularRealmAuthorizer, org.apache.shiro.authz.Authorizer
    public boolean[] hasRoles(PrincipalCollection principalCollection, List<String> list) {
        boolean[] zArr = new boolean[list.size()];
        for (Realm realm : getRealms()) {
            if (realm instanceof Authorizer) {
                try {
                    boolean[] hasRoles = ((Authorizer) realm).hasRoles(principalCollection, list);
                    for (int i = 0; i < zArr.length; i++) {
                        zArr[i] = zArr[i] | hasRoles[i];
                    }
                } catch (org.apache.shiro.authz.AuthorizationException e) {
                    logAndIgnore(realm, e);
                } catch (RuntimeException e2) {
                    logAndIgnore(realm, e2);
                }
            }
        }
        return zArr;
    }

    @Override // org.apache.shiro.authz.ModularRealmAuthorizer, org.apache.shiro.authz.Authorizer
    public boolean isPermitted(PrincipalCollection principalCollection, String str) {
        for (Realm realm : getRealms()) {
            if (realm instanceof Authorizer) {
                try {
                    if (((Authorizer) realm).isPermitted(principalCollection, str)) {
                        if (!logger.isTraceEnabled()) {
                            return true;
                        }
                        logger.trace("Realm: " + realm.getName() + " user: " + principalCollection.iterator().next() + " has permission: " + str);
                        return true;
                    }
                    if (logger.isTraceEnabled()) {
                        logger.trace("Realm: " + realm.getName() + " user: " + principalCollection.iterator().next() + " does NOT have permission: " + str);
                    }
                } catch (org.apache.shiro.authz.AuthorizationException e) {
                    logAndIgnore(realm, e);
                } catch (RuntimeException e2) {
                    logAndIgnore(realm, e2);
                }
            }
        }
        return false;
    }

    @Override // org.apache.shiro.authz.ModularRealmAuthorizer, org.apache.shiro.authz.Authorizer
    public boolean isPermitted(PrincipalCollection principalCollection, Permission permission) {
        for (Realm realm : getRealms()) {
            if (realm instanceof Authorizer) {
                try {
                    if (((Authorizer) realm).isPermitted(principalCollection, permission)) {
                        return true;
                    }
                } catch (org.apache.shiro.authz.AuthorizationException e) {
                    logAndIgnore(realm, e);
                } catch (RuntimeException e2) {
                    logAndIgnore(realm, e2);
                }
            }
        }
        return false;
    }

    @Override // org.apache.shiro.authz.ModularRealmAuthorizer, org.apache.shiro.authz.Authorizer
    public boolean[] isPermitted(PrincipalCollection principalCollection, String... strArr) {
        boolean[] zArr = new boolean[strArr.length];
        for (Realm realm : getRealms()) {
            if (realm instanceof Authorizer) {
                try {
                    boolean[] isPermitted = ((Authorizer) realm).isPermitted(principalCollection, strArr);
                    for (int i = 0; i < zArr.length; i++) {
                        zArr[i] = zArr[i] | isPermitted[i];
                    }
                } catch (org.apache.shiro.authz.AuthorizationException e) {
                    logAndIgnore(realm, e);
                } catch (RuntimeException e2) {
                    logAndIgnore(realm, e2);
                }
            }
        }
        return zArr;
    }

    @Override // org.apache.shiro.authz.ModularRealmAuthorizer, org.apache.shiro.authz.Authorizer
    public boolean[] isPermitted(PrincipalCollection principalCollection, List<Permission> list) {
        boolean[] zArr = new boolean[list.size()];
        for (Realm realm : getRealms()) {
            if (realm instanceof Authorizer) {
                try {
                    boolean[] isPermitted = ((Authorizer) realm).isPermitted(principalCollection, list);
                    for (int i = 0; i < zArr.length; i++) {
                        zArr[i] = zArr[i] | isPermitted[i];
                    }
                } catch (org.apache.shiro.authz.AuthorizationException e) {
                    logAndIgnore(realm, e);
                } catch (RuntimeException e2) {
                    logAndIgnore(realm, e2);
                }
            }
        }
        return zArr;
    }

    @Override // org.apache.shiro.authz.ModularRealmAuthorizer, org.apache.shiro.authz.Authorizer
    public boolean isPermittedAll(PrincipalCollection principalCollection, String... strArr) {
        for (String str : strArr) {
            if (!isPermitted(principalCollection, str)) {
                return false;
            }
        }
        return true;
    }

    @Override // org.apache.shiro.authz.ModularRealmAuthorizer, org.apache.shiro.authz.Authorizer
    public boolean isPermittedAll(PrincipalCollection principalCollection, Collection<Permission> collection) {
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            if (!isPermitted(principalCollection, it.next())) {
                return false;
            }
        }
        return true;
    }

    private void logAndIgnore(Realm realm, Exception exc) {
        if (logger.isTraceEnabled()) {
            logger.trace("Realm: '" + realm.getName() + "', caused: " + exc.getMessage(), (Throwable) exc);
        }
    }
}
