package org.sonatype.nexus.security;

import com.google.common.base.Preconditions;
import java.util.Arrays;
import java.util.stream.StreamSupport;
import javax.inject.Named;
import javax.inject.Singleton;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.sonatype.goodies.common.ComponentSupport;
import org.sonatype.nexus.security.authz.WildcardPermission2;

@Singleton
@Named
/* loaded from: input_file:org/sonatype/nexus/security/SecurityHelper.class */
public class SecurityHelper extends ComponentSupport {
    public SecurityManager getSecurityManager() {
        return SecurityUtils.getSecurityManager();
    }

    public Subject subject() {
        return SecurityUtils.getSubject();
    }

    public void ensurePermitted(Subject subject, Permission... permissionArr) {
        Preconditions.checkNotNull(subject);
        Preconditions.checkNotNull(permissionArr);
        Preconditions.checkArgument(permissionArr.length != 0);
        if (this.log.isTraceEnabled()) {
            this.log.trace("Ensuring subject '{}' has permissions: {}", subject.getPrincipal(), Arrays.toString(permissionArr));
        }
        subject.checkPermissions(Arrays.asList(permissionArr));
    }

    public void ensureAnyPermitted(Subject subject, Permission... permissionArr) {
        Preconditions.checkNotNull(subject);
        Preconditions.checkNotNull(permissionArr);
        Preconditions.checkArgument(permissionArr.length != 0);
        if (this.log.isTraceEnabled()) {
            this.log.trace("Ensuring subject '{}' has any of the following permissions: {}", subject.getPrincipal(), Arrays.toString(permissionArr));
        }
        if (anyPermitted(subject, permissionArr)) {
        } else {
            throw new AuthorizationException("User is not permitted: " + (permissionArr.length > 1 ? "[" + permissionArr[0] + ", ...]" : permissionArr[0]));
        }
    }

    public void ensurePermitted(Permission... permissionArr) {
        ensurePermitted(subject(), permissionArr);
    }

    public boolean anyPermitted(Subject subject, Permission... permissionArr) {
        Preconditions.checkNotNull(subject);
        Preconditions.checkNotNull(permissionArr);
        Preconditions.checkArgument(permissionArr.length != 0);
        boolean isTraceEnabled = this.log.isTraceEnabled();
        if (isTraceEnabled) {
            this.log.trace("Checking if subject '{}' has ANY of these permissions: {}", subject.getPrincipal(), Arrays.toString(permissionArr));
        }
        for (Permission permission : permissionArr) {
            if (subject.isPermitted(permission)) {
                if (!isTraceEnabled) {
                    return true;
                }
                this.log.trace("Subject '{}' has permission: {}", subject.getPrincipal(), permission);
                return true;
            }
        }
        if (!isTraceEnabled) {
            return false;
        }
        this.log.trace("Subject '{}' missing required permissions: {}", subject.getPrincipal(), Arrays.toString(permissionArr));
        return false;
    }

    public boolean anyPermitted(Subject subject, Iterable<Permission> iterable) {
        return anyPermitted(subject, (Permission[]) StreamSupport.stream(iterable.spliterator(), false).toArray(i -> {
            return new Permission[i];
        }));
    }

    public boolean anyPermitted(Permission... permissionArr) {
        return anyPermitted(subject(), permissionArr);
    }

    public boolean allPermitted(Subject subject, Permission... permissionArr) {
        Preconditions.checkNotNull(subject);
        Preconditions.checkNotNull(permissionArr);
        Preconditions.checkArgument(permissionArr.length != 0);
        boolean isTraceEnabled = this.log.isTraceEnabled();
        if (isTraceEnabled) {
            this.log.trace("Checking if subject '{}' has ALL of these permissions: {}", subject.getPrincipal(), Arrays.toString(permissionArr));
        }
        for (Permission permission : permissionArr) {
            if (!subject.isPermitted(permission)) {
                if (!isTraceEnabled) {
                    return false;
                }
                this.log.trace("Subject '{}' missing permission: {}", subject.getPrincipal(), permission);
                return false;
            }
        }
        if (!isTraceEnabled) {
            return true;
        }
        this.log.trace("Subject '{}' has required permissions: {}", subject.getPrincipal(), Arrays.toString(permissionArr));
        return true;
    }

    public boolean allPermitted(Permission... permissionArr) {
        return allPermitted(subject(), permissionArr);
    }

    public boolean[] isPermitted(Subject subject, Permission... permissionArr) {
        Preconditions.checkNotNull(subject);
        Preconditions.checkNotNull(permissionArr);
        Preconditions.checkArgument(permissionArr.length != 0);
        boolean isTraceEnabled = this.log.isTraceEnabled();
        if (isTraceEnabled) {
            this.log.trace("Checking which permissions subject '{}' has in: {}", subject.getPrincipal(), Arrays.toString(permissionArr));
        }
        boolean[] isPermitted = subject.isPermitted(Arrays.asList(permissionArr));
        if (isTraceEnabled) {
            this.log.trace("Subject '{}' has permissions: [{}] results {}", subject.getPrincipal(), Arrays.toString(permissionArr), isPermitted);
        }
        return isPermitted;
    }

    public boolean[] isPermitted(Permission... permissionArr) {
        return isPermitted(subject(), permissionArr);
    }

    public boolean isAllPermitted() {
        return isPermitted(new WildcardPermission2("nexus:*"))[0];
    }
}
