package org.wicketstuff.security.swarm.strategies;

import java.util.Collections;
import java.util.Set;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.apache.wicket.request.resource.IResource;
import org.wicketstuff.security.authentication.LoginException;
import org.wicketstuff.security.components.ISecureComponent;
import org.wicketstuff.security.components.ISecurePage;
import org.wicketstuff.security.hive.Hive;
import org.wicketstuff.security.hive.HiveMind;
import org.wicketstuff.security.hive.authentication.LoginContainer;
import org.wicketstuff.security.hive.authentication.LoginContext;
import org.wicketstuff.security.hive.authentication.Subject;
import org.wicketstuff.security.hive.authorization.Permission;
import org.wicketstuff.security.log.IAuthorizationMessageSource;
import org.wicketstuff.security.strategies.SecurityException;

/* loaded from: input_file:org/wicketstuff/security/swarm/strategies/SwarmStrategy.class */
public class SwarmStrategy extends AbstractSwarmStrategy {
    private static final long serialVersionUID = 1;
    private Object hiveQueen;

    public SwarmStrategy(Object obj) {
        this(ISecurePage.class, obj);
    }

    public SwarmStrategy(Class<? extends ISecureComponent> cls, Object obj) {
        super(cls);
        this.hiveQueen = obj;
        this.loginContainer = new LoginContainer();
    }

    protected final Hive getHive() {
        Hive hive = HiveMind.getHive(this.hiveQueen);
        if (hive == null) {
            throw new SecurityException("No hive registered for " + String.valueOf(this.hiveQueen));
        }
        return hive;
    }

    @Override // org.wicketstuff.security.swarm.strategies.AbstractSwarmStrategy
    public boolean hasPermission(Permission permission, Subject subject) {
        if (permission == null) {
            throw new SecurityException("permission is not allowed to be null");
        }
        if (getHive().hasPermission(subject, permission)) {
            return true;
        }
        logPermissionDenied(permission, subject);
        return false;
    }

    protected void logPermissionDenied(Permission permission, Subject subject) {
        IAuthorizationMessageSource messageSource = getMessageSource(logMessages());
        if (messageSource == null) {
            return;
        }
        messageSource.addVariable("permission", permission);
        messageSource.addVariable("actions", permission.getActions());
        messageSource.addVariable("subject", subject);
        Set principals = getHive().getPrincipals(permission);
        if (principals.isEmpty()) {
            messageSource.addVariable("principals", Collections.EMPTY_SET);
        } else {
            messageSource.addVariable("principals", principals);
        }
    }

    public void login(Object obj) throws LoginException {
        if (!(obj instanceof LoginContext)) {
            throw new SecurityException("Unable to process login with context: " + String.valueOf(obj));
        }
        this.loginContainer.login((LoginContext) obj);
    }

    public boolean logoff(Object obj) {
        if (obj instanceof LoginContext) {
            return this.loginContainer.logoff((LoginContext) obj);
        }
        throw new SecurityException("Unable to process logoff with context: " + String.valueOf(obj));
    }

    protected final LoginContainer getLoginContainer() {
        return this.loginContainer;
    }

    public boolean isUserAuthenticated() {
        return getSubject() != null;
    }

    public boolean isResourceAuthorized(IResource iResource, PageParameters pageParameters) {
        return true;
    }
}
