package org.apache.brooklyn.core.mgmt.entitlement;

import com.google.common.annotations.Beta;
import com.google.common.base.Joiner;
import com.google.common.base.Objects;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.ImmutableList;
import com.google.common.reflect.TypeToken;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nullable;
import org.apache.brooklyn.api.entity.Entity;
import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.api.mgmt.Task;
import org.apache.brooklyn.api.mgmt.entitlement.EntitlementClass;
import org.apache.brooklyn.api.mgmt.entitlement.EntitlementContext;
import org.apache.brooklyn.api.mgmt.entitlement.EntitlementManager;
import org.apache.brooklyn.api.objs.EntityAdjunct;
import org.apache.brooklyn.api.policy.Policy;
import org.apache.brooklyn.config.ConfigKey;
import org.apache.brooklyn.core.config.ConfigKeys;
import org.apache.brooklyn.core.config.Sanitizer;
import org.apache.brooklyn.core.internal.BrooklynProperties;
import org.apache.brooklyn.core.mgmt.BrooklynTaskTags;
import org.apache.brooklyn.core.mgmt.persist.DeserializingClassRenamesProvider;
import org.apache.brooklyn.util.core.ClassLoaderUtils;
import org.apache.brooklyn.util.core.task.Tasks;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.apache.brooklyn.util.guava.Maybe;
import org.apache.brooklyn.util.javalang.Reflections;
import org.apache.brooklyn.util.text.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Beta
/* loaded from: input_file:org/apache/brooklyn/core/mgmt/entitlement/Entitlements.class */
public class Entitlements {
    public static final String ENTITLEMENTS_CONFIG_PREFIX = "brooklyn.entitlements";
    private static final Logger log = LoggerFactory.getLogger(Entitlements.class);
    public static EntitlementClass<String> SEE_CATALOG_ITEM = new BasicEntitlementClassDefinition("catalog.see", String.class);
    public static EntitlementClass<Object> ADD_CATALOG_ITEM = new BasicEntitlementClassDefinition("catalog.add", Object.class);
    public static EntitlementClass<StringAndArgument> MODIFY_CATALOG_ITEM = new BasicEntitlementClassDefinition("catalog.modify", StringAndArgument.class);
    public static EntitlementClass<Entity> SEE_ENTITY = new BasicEntitlementClassDefinition("entity.see", Entity.class);
    public static EntitlementClass<Entity> RENAME_ENTITY = new BasicEntitlementClassDefinition("entity.rename", Entity.class);
    public static EntitlementClass<EntityAndItem<String>> SEE_SENSOR = new BasicEntitlementClassDefinition("sensor.see", EntityAndItem.typeToken(String.class));
    public static EntitlementClass<EntityAndItem<String>> SEE_CONFIG = new BasicEntitlementClassDefinition("config.see", EntityAndItem.typeToken(String.class));
    public static EntitlementClass<TaskAndItem<String>> SEE_ACTIVITY_STREAMS = new BasicEntitlementClassDefinition("activity.streams.see", TaskAndItem.typeToken(String.class));
    public static EntitlementClass<EntityAndItem<StringAndArgument>> INVOKE_EFFECTOR = new BasicEntitlementClassDefinition("effector.invoke", EntityAndItem.typeToken(StringAndArgument.class));
    public static EntitlementClass<Entity> MODIFY_ENTITY = new BasicEntitlementClassDefinition("entity.modify", Entity.class);
    public static EntitlementClass<EntityAdjunct> DELETE_ADJUNCT = new BasicEntitlementClassDefinition("adjunct.delete", EntityAdjunct.class);
    public static EntitlementClass<StringAndArgument> ADD_LOCATION = new BasicEntitlementClassDefinition("location.add", StringAndArgument.class);
    public static EntitlementClass<StringAndArgument> DELETE_LOCATION = new BasicEntitlementClassDefinition("location.delete", StringAndArgument.class);
    public static EntitlementClass<StringAndArgument> SEE_LOCATION = new BasicEntitlementClassDefinition("location.see", StringAndArgument.class);
    public static EntitlementClass<StringAndArgument> ADD_POLICY = new BasicEntitlementClassDefinition("policy.add", StringAndArgument.class);
    public static EntitlementClass<Policy> DELETE_POLICY = new BasicEntitlementClassDefinition("policy.delete", Policy.class);
    public static EntitlementClass<Policy> START_POLICY = new BasicEntitlementClassDefinition("policy.start", Policy.class);
    public static EntitlementClass<Policy> STOP_POLICY = new BasicEntitlementClassDefinition("policy.stop", Policy.class);
    public static EntitlementClass<Void> SYSTEM_ADMIN = new BasicEntitlementClassDefinition("system.admin", Void.class);
    public static EntitlementClass<Void> HA_STATS = new BasicEntitlementClassDefinition("system.ha.stats", Void.class);
    public static EntitlementClass<Void> HA_ADMIN = new BasicEntitlementClassDefinition("system.ha.admin", Void.class);
    public static EntitlementClass<Void> SHUTDOWN = new BasicEntitlementClassDefinition("system.shutdown", Void.class);
    public static EntitlementClass<Void> USAGE = new BasicEntitlementClassDefinition("system.usage", Void.class);
    public static EntitlementClass<Object> DEPLOY_APPLICATION = new BasicEntitlementClassDefinition("app.deploy", Object.class);
    public static EntitlementClass<Object> ADD_JAVA = new BasicEntitlementClassDefinition("java.add", Object.class);
    public static EntitlementClass<Void> SEE_ALL_SERVER_INFO = new BasicEntitlementClassDefinition("server.info.all.see", Void.class);
    public static EntitlementClass<Void> SERVER_STATUS = new BasicEntitlementClassDefinition("server.status", Void.class);
    public static EntitlementClass<Void> ROOT = new BasicEntitlementClassDefinition("root", Void.class);
    public static EntitlementClass<Void> LOGBOOK_LOG_STORE_QUERY = new BasicEntitlementClassDefinition("logbook.query", Void.class);
    public static EntitlementClass<Void> EXECUTE_GROOVY_SCRIPT = new BasicEntitlementClassDefinition("groovy_script.execute", Void.class);
    public static EntitlementClass<Void> EXECUTE_SCRIPT = new BasicEntitlementClassDefinition("script.execute", Void.class);
    public static final ConfigKey<String> GLOBAL_ENTITLEMENT_MANAGER = ConfigKeys.newStringConfigKey("brooklyn.entitlements.global", "Class for entitlements in effect globally; short names 'minimal', 'readonly', 'user' or 'root' are permitted here, with the default 'root' giving full access to all declared users; or supply the name of an " + EntitlementManager.class + " class to instantiate, taking a 1-arg BrooklynProperties constructor or a 0-arg constructor", "root");

    /* loaded from: input_file:org/apache/brooklyn/core/mgmt/entitlement/Entitlements$EntitlementClassesEnum.class */
    public enum EntitlementClassesEnum {
        ENTITLEMENT_SEE_CATALOG_ITEM(Entitlements.SEE_CATALOG_ITEM) { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum.1
            @Override // org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum
            public <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj) {
                return entitlementClassesHandler.handleSeeCatalogItem((String) obj);
            }
        },
        ENTITLEMENT_ADD_CATALOG_ITEM(Entitlements.ADD_CATALOG_ITEM) { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum.2
            @Override // org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum
            public <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj) {
                return entitlementClassesHandler.handleAddCatalogItem(obj);
            }
        },
        ENTITLEMENT_MODIFY_CATALOG_ITEM(Entitlements.MODIFY_CATALOG_ITEM) { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum.3
            @Override // org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum
            public <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj) {
                return entitlementClassesHandler.handleModifyCatalogItem((StringAndArgument) obj);
            }
        },
        ENTITLEMENT_SEE_ENTITY(Entitlements.SEE_ENTITY) { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum.4
            @Override // org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum
            public <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj) {
                return entitlementClassesHandler.handleSeeEntity((Entity) obj);
            }
        },
        ENTITLEMENT_SEE_SENSOR(Entitlements.SEE_SENSOR) { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum.5
            @Override // org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum
            public <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj) {
                return entitlementClassesHandler.handleSeeSensor((EntityAndItem) obj);
            }
        },
        ENTITLEMENT_INVOKE_EFFECTOR(Entitlements.INVOKE_EFFECTOR) { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum.6
            @Override // org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum
            public <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj) {
                return entitlementClassesHandler.handleInvokeEffector((EntityAndItem) obj);
            }
        },
        ENTITLEMENT_MODIFY_ENTITY(Entitlements.MODIFY_ENTITY) { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum.7
            @Override // org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum
            public <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj) {
                return entitlementClassesHandler.handleModifyEntity((Entity) obj);
            }
        },
        ENTITLEMENT_DEPLOY_APPLICATION(Entitlements.DEPLOY_APPLICATION) { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum.8
            @Override // org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum
            public <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj) {
                return entitlementClassesHandler.handleDeployApplication(obj);
            }
        },
        ENTITLEMENT_ADD_JAVA(Entitlements.ADD_JAVA) { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum.9
            @Override // org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum
            public <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj) {
                return entitlementClassesHandler.handleAddJava(obj);
            }
        },
        ENTITLEMENT_SEE_ALL_SERVER_INFO(Entitlements.SEE_ALL_SERVER_INFO) { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum.10
            @Override // org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum
            public <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj) {
                return entitlementClassesHandler.handleSeeAllServerInfo();
            }
        },
        ENTITLEMENT_SERVER_STATUS(Entitlements.SERVER_STATUS) { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum.11
            @Override // org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum
            public <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj) {
                return entitlementClassesHandler.handleSeeServerStatus();
            }
        },
        ENTITLEMENT_ROOT(Entitlements.ROOT) { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum.12
            @Override // org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum
            public <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj) {
                return entitlementClassesHandler.handleRoot();
            }
        },
        ENTITLEMENT_EXECUTE_GROOVY_SCRIPT(Entitlements.EXECUTE_GROOVY_SCRIPT) { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum.13
            @Override // org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum
            public <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj) {
                return entitlementClassesHandler.handleExecuteGroovyScript();
            }
        },
        ENTITLEMENT_EXECUTE_SCRIPT(Entitlements.EXECUTE_SCRIPT) { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum.14
            @Override // org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum
            public <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj) {
                return entitlementClassesHandler.handleExecuteScript();
            }
        },
        ENTITLEMENT_LOGBOOK_QUERY(Entitlements.LOGBOOK_LOG_STORE_QUERY) { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum.15
            @Override // org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntitlementClassesEnum
            public <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj) {
                return entitlementClassesHandler.handleRoot();
            }
        };

        private EntitlementClass<?> entitlementClass;

        EntitlementClassesEnum(EntitlementClass entitlementClass) {
            this.entitlementClass = entitlementClass;
        }

        public EntitlementClass<?> getEntitlementClass() {
            return this.entitlementClass;
        }

        public abstract <T> T handle(EntitlementClassesHandler<T> entitlementClassesHandler, Object obj);

        public static EntitlementClassesEnum of(EntitlementClass<?> entitlementClass) {
            for (EntitlementClassesEnum entitlementClassesEnum : values()) {
                if (entitlementClass.equals(entitlementClassesEnum.getEntitlementClass())) {
                    return entitlementClassesEnum;
                }
            }
            return null;
        }
    }

    /* loaded from: input_file:org/apache/brooklyn/core/mgmt/entitlement/Entitlements$EntitlementClassesHandler.class */
    public interface EntitlementClassesHandler<T> {
        T handleSeeCatalogItem(String str);

        T handleSeeServerStatus();

        T handleAddCatalogItem(Object obj);

        T handleModifyCatalogItem(StringAndArgument stringAndArgument);

        T handleSeeEntity(Entity entity);

        T handleSeeSensor(EntityAndItem<String> entityAndItem);

        T handleInvokeEffector(EntityAndItem<StringAndArgument> entityAndItem);

        T handleModifyEntity(Entity entity);

        T handleDeployApplication(Object obj);

        T handleAddJava(Object obj);

        T handleSeeAllServerInfo();

        T handleExecuteGroovyScript();

        T handleExecuteScript();

        T handleRoot();
    }

    /* loaded from: input_file:org/apache/brooklyn/core/mgmt/entitlement/Entitlements$EntityAndItem.class */
    public static class EntityAndItem<T> extends Pair<Entity, T> {
        public static <TT> TypeToken<EntityAndItem<TT>> typeToken(Class<TT> cls) {
            return new TypeToken<EntityAndItem<TT>>() { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.EntityAndItem.1
                private static final long serialVersionUID = -738154831809025407L;
            };
        }

        public EntityAndItem(Entity entity, T t) {
            super(entity, t);
        }

        public Entity getEntity() {
            return (Entity) this.p1;
        }

        public T getItem() {
            return (T) this.p2;
        }

        public static <T> EntityAndItem<T> of(Entity entity, T t) {
            return new EntityAndItem<>(entity, t);
        }
    }

    /* loaded from: input_file:org/apache/brooklyn/core/mgmt/entitlement/Entitlements$FineGrainedEntitlements.class */
    public static class FineGrainedEntitlements {
        private static final Joiner COMMA_JOINER = Joiner.on(',');

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/apache/brooklyn/core/mgmt/entitlement/Entitlements$FineGrainedEntitlements$NonSecretPredicate.class */
        public static class NonSecretPredicate implements Predicate<EntityAndItem<String>> {
            private NonSecretPredicate() {
            }

            public boolean apply(EntityAndItem<String> entityAndItem) {
                return (entityAndItem == null || Sanitizer.IS_SECRET_PREDICATE.apply(entityAndItem.getItem())) ? false : true;
            }

            public String toString() {
                return "Predicates.nonSecret";
            }
        }

        /* loaded from: input_file:org/apache/brooklyn/core/mgmt/entitlement/Entitlements$FineGrainedEntitlements$SinglePermissionEntitlementChecker.class */
        public static class SinglePermissionEntitlementChecker<U> implements EntitlementManager {
            final EntitlementClass<U> permission;
            final Predicate<U> test;

            protected SinglePermissionEntitlementChecker(EntitlementClass<U> entitlementClass, Predicate<U> predicate) {
                this.permission = entitlementClass;
                this.test = predicate;
            }

            public <T> boolean isEntitled(EntitlementContext entitlementContext, EntitlementClass<T> entitlementClass, T t) {
                return Objects.equal(this.permission, entitlementClass) && this.test.apply(t);
            }

            public String toString() {
                return "Entitlements.allowing(" + this.permission + " -> " + this.test + ")";
            }
        }

        public static EntitlementManager anyOf(EntitlementManager... entitlementManagerArr) {
            return anyOf(Arrays.asList(entitlementManagerArr));
        }

        public static EntitlementManager anyOf(final Iterable<? extends EntitlementManager> iterable) {
            return new EntitlementManager() { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.FineGrainedEntitlements.1
                public <T> boolean isEntitled(EntitlementContext entitlementContext, EntitlementClass<T> entitlementClass, T t) {
                    Iterator<T> it = iterable.iterator();
                    while (it.hasNext()) {
                        if (((EntitlementManager) it.next()).isEntitled(entitlementContext, entitlementClass, t)) {
                            return true;
                        }
                    }
                    return false;
                }

                public String toString() {
                    return "Entitlements.anyOf(" + FineGrainedEntitlements.COMMA_JOINER.join(iterable) + ")";
                }
            };
        }

        public static EntitlementManager allOf(EntitlementManager... entitlementManagerArr) {
            return allOf(Arrays.asList(entitlementManagerArr));
        }

        public static EntitlementManager allOf(final Iterable<? extends EntitlementManager> iterable) {
            return new EntitlementManager() { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.FineGrainedEntitlements.2
                public <T> boolean isEntitled(EntitlementContext entitlementContext, EntitlementClass<T> entitlementClass, T t) {
                    Iterator<T> it = iterable.iterator();
                    while (it.hasNext()) {
                        if (((EntitlementManager) it.next()).isEntitled(entitlementContext, entitlementClass, t)) {
                            return true;
                        }
                    }
                    return false;
                }

                public String toString() {
                    return "Entitlements.allOf(" + FineGrainedEntitlements.COMMA_JOINER.join(iterable) + ")";
                }
            };
        }

        public static <U> EntitlementManager allowing(EntitlementClass<U> entitlementClass, Predicate<U> predicate) {
            return new SinglePermissionEntitlementChecker(entitlementClass, predicate);
        }

        public static <U> EntitlementManager allowing(EntitlementClass<U> entitlementClass) {
            return new SinglePermissionEntitlementChecker(entitlementClass, Predicates.alwaysTrue());
        }

        public static EntitlementManager seeNonSecretSensors() {
            return allowing(Entitlements.SEE_SENSOR, new NonSecretPredicate());
        }

        public static EntitlementManager seeNonSecretConfig() {
            return allowing(Entitlements.SEE_CONFIG, new NonSecretPredicate());
        }
    }

    @Beta
    /* loaded from: input_file:org/apache/brooklyn/core/mgmt/entitlement/Entitlements$LifecycleEffectors.class */
    public static class LifecycleEffectors {
        public static final String DELETE = "delete";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/brooklyn/core/mgmt/entitlement/Entitlements$Pair.class */
    public static class Pair<T1, T2> {
        protected final T1 p1;
        protected final T2 p2;

        protected Pair(T1 t1, T2 t2) {
            this.p1 = t1;
            this.p2 = t2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/brooklyn/core/mgmt/entitlement/Entitlements$PerThreadEntitlementContextHolder.class */
    public static class PerThreadEntitlementContextHolder {
        public static final ThreadLocal<EntitlementContext> perThreadEntitlementsContextHolder = new ThreadLocal<>();

        private PerThreadEntitlementContextHolder() {
        }
    }

    /* loaded from: input_file:org/apache/brooklyn/core/mgmt/entitlement/Entitlements$StringAndArgument.class */
    public static class StringAndArgument extends Pair<String, Object> {
        public StringAndArgument(String str, Object obj) {
            super(str, obj);
        }

        /* JADX WARN: Multi-variable type inference failed */
        public String getString() {
            return (String) this.p1;
        }

        public Object getArgument() {
            return this.p2;
        }

        public static StringAndArgument of(String str, Object obj) {
            return new StringAndArgument(str, obj);
        }
    }

    /* loaded from: input_file:org/apache/brooklyn/core/mgmt/entitlement/Entitlements$TaskAndItem.class */
    public static class TaskAndItem<T> extends Pair<Task<?>, T> {
        public static <TT> TypeToken<TaskAndItem<TT>> typeToken(Class<TT> cls) {
            return new TypeToken<TaskAndItem<TT>>() { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.TaskAndItem.1
                private static final long serialVersionUID = 3103447462213439135L;
            };
        }

        public TaskAndItem(Task<?> task, T t) {
            super(task, t);
        }

        public Task<?> getTask() {
            return (Task) this.p1;
        }

        public T getItem() {
            return (T) this.p2;
        }

        public static <T> TaskAndItem<T> of(Task<?> task, T t) {
            return new TaskAndItem<>(task, t);
        }
    }

    public static EntitlementManager root() {
        return new EntitlementManager() { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.1
            public <T> boolean isEntitled(EntitlementContext entitlementContext, EntitlementClass<T> entitlementClass, T t) {
                return true;
            }

            public String toString() {
                return "Entitlements.root";
            }
        };
    }

    public static EntitlementManager powerUser() {
        return new EntitlementManager() { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.2
            public <T> boolean isEntitled(EntitlementContext entitlementContext, EntitlementClass<T> entitlementClass, T t) {
                return (Entitlements.EXECUTE_GROOVY_SCRIPT.equals(entitlementClass) || Entitlements.EXECUTE_SCRIPT.equals(entitlementClass)) ? false : true;
            }

            public String toString() {
                return "Entitlements.powerUser";
            }
        };
    }

    public static EntitlementManager user() {
        return new EntitlementManager() { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.3
            public <T> boolean isEntitled(EntitlementContext entitlementContext, EntitlementClass<T> entitlementClass, T t) {
                return (Entitlements.SEE_ALL_SERVER_INFO.equals(entitlementClass) || Entitlements.ROOT.equals(entitlementClass) || Entitlements.LOGBOOK_LOG_STORE_QUERY.equals(entitlementClass) || Entitlements.EXECUTE_GROOVY_SCRIPT.equals(entitlementClass) || Entitlements.EXECUTE_SCRIPT.equals(entitlementClass) || Entitlements.MODIFY_ENTITY.equals(entitlementClass) || Entitlements.HA_ADMIN.equals(entitlementClass)) ? false : true;
            }

            public String toString() {
                return "Entitlements.user";
            }
        };
    }

    public static EntitlementManager blueprintAuthor() {
        return new EntitlementManager() { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.4
            public <T> boolean isEntitled(EntitlementContext entitlementContext, EntitlementClass<T> entitlementClass, T t) {
                return Entitlements.user().isEntitled(entitlementContext, entitlementClass, t) && !Entitlements.ADD_JAVA.equals(entitlementClass);
            }

            public String toString() {
                return "Entitlements.user";
            }
        };
    }

    public static EntitlementManager logViewer() {
        return new EntitlementManager() { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.5
            public <T> boolean isEntitled(EntitlementContext entitlementContext, EntitlementClass<T> entitlementClass, T t) {
                return Entitlements.LOGBOOK_LOG_STORE_QUERY.equals(entitlementClass);
            }

            public String toString() {
                return "Entitlements.logViewer";
            }
        };
    }

    public static EntitlementManager minimal() {
        return new EntitlementManager() { // from class: org.apache.brooklyn.core.mgmt.entitlement.Entitlements.6
            public <T> boolean isEntitled(EntitlementContext entitlementContext, EntitlementClass<T> entitlementClass, T t) {
                return false;
            }

            public String toString() {
                return "Entitlements.minimal";
            }
        };
    }

    public static EntitlementManager readOnly() {
        return FineGrainedEntitlements.anyOf(FineGrainedEntitlements.allowing(SEE_ENTITY), FineGrainedEntitlements.allowing(SEE_ACTIVITY_STREAMS), FineGrainedEntitlements.allowing(SEE_CATALOG_ITEM), FineGrainedEntitlements.allowing(SERVER_STATUS), FineGrainedEntitlements.allowing(SEE_LOCATION), FineGrainedEntitlements.allowing(HA_STATS), FineGrainedEntitlements.seeNonSecretSensors(), FineGrainedEntitlements.seeNonSecretConfig());
    }

    public static EntitlementManager serverStatusOnly() {
        return FineGrainedEntitlements.allowing(SERVER_STATUS);
    }

    public static EntitlementContext getEntitlementContext() {
        EntitlementContext entitlementContext = PerThreadEntitlementContextHolder.perThreadEntitlementsContextHolder.get();
        if (entitlementContext != null) {
            return entitlementContext;
        }
        Task current = Tasks.current();
        while (true) {
            Task task = current;
            if (task == null) {
                return null;
            }
            EntitlementContext entitlement = BrooklynTaskTags.getEntitlement((Task<?>) task);
            if (entitlement != null) {
                return entitlement;
            }
            current = task.getSubmittedByTask();
        }
    }

    public static String getEntitlementContextUser() {
        return (String) getEntitlementContextUserMaybe().or("<system>");
    }

    public static Maybe<String> getEntitlementContextUserMaybe() {
        EntitlementContext entitlementContext = getEntitlementContext();
        if (entitlementContext != null) {
            String user = entitlementContext.user();
            if (Strings.isNonBlank(user)) {
                return Maybe.of(user);
            }
        }
        return Maybe.absent();
    }

    public static void setEntitlementContext(EntitlementContext entitlementContext) {
        EntitlementContext entitlementContext2 = PerThreadEntitlementContextHolder.perThreadEntitlementsContextHolder.get();
        if (entitlementContext2 != null && entitlementContext != null) {
            log.warn("Changing entitlement context from " + entitlementContext2 + " to " + entitlementContext + "; context should have been reset or extended, not replaced");
            log.debug("Trace for entitlement context duplicate overwrite", new Throwable("Trace for entitlement context overwrite"));
        }
        PerThreadEntitlementContextHolder.perThreadEntitlementsContextHolder.set(entitlementContext);
    }

    public static void clearEntitlementContext() {
        PerThreadEntitlementContextHolder.perThreadEntitlementsContextHolder.set(null);
    }

    public static <T> boolean isEntitled(EntitlementManager entitlementManager, EntitlementClass<T> entitlementClass, T t) {
        return entitlementManager.isEntitled(getEntitlementContext(), entitlementClass, t);
    }

    public static <T> void checkEntitled(EntitlementManager entitlementManager, EntitlementClass<T> entitlementClass, T t) {
        if (!isEntitled(entitlementManager, entitlementClass, t)) {
            throw new NotEntitledException(getEntitlementContext(), entitlementClass, t);
        }
    }

    public static EntitlementManager newManager(ManagementContext managementContext, BrooklynProperties brooklynProperties) {
        return newGlobalManager(managementContext, brooklynProperties);
    }

    private static EntitlementManager newGlobalManager(ManagementContext managementContext, BrooklynProperties brooklynProperties) {
        return load(managementContext, brooklynProperties, (String) brooklynProperties.getConfig(GLOBAL_ENTITLEMENT_MANAGER));
    }

    public static EntitlementManager load(@Nullable ManagementContext managementContext, BrooklynProperties brooklynProperties, String str) {
        if ("root".equalsIgnoreCase(str)) {
            return root();
        }
        if ("readonly".equalsIgnoreCase(str) || "read_only".equalsIgnoreCase(str)) {
            return readOnly();
        }
        if ("minimal".equalsIgnoreCase(str)) {
            return minimal();
        }
        if ("user".equalsIgnoreCase(str)) {
            return user();
        }
        if ("powerUser".equalsIgnoreCase(str) || "power_user".equalsIgnoreCase(str)) {
            return powerUser();
        }
        if ("blueprintAuthor".equalsIgnoreCase(str) || "blueprint_author".equalsIgnoreCase(str)) {
            return blueprintAuthor();
        }
        if ("logViewer".equalsIgnoreCase(str) || "log_viewer".equalsIgnoreCase(str) || "log".equalsIgnoreCase(str)) {
            return logViewer();
        }
        if (!Strings.isNonBlank(str)) {
            throw new IllegalStateException("Invalid entitlement manager specified: '" + str + "'");
        }
        try {
            return (EntitlementManager) instantiate(new ClassLoaderUtils((Class<?>) Entitlements.class, managementContext).loadClass(DeserializingClassRenamesProvider.INSTANCE.findMappedName(str)), ImmutableList.of(new Object[]{managementContext, brooklynProperties}, new Object[]{managementContext}, new Object[]{brooklynProperties}, new Object[0]));
        } catch (Exception e) {
            throw Exceptions.propagate(e);
        }
    }

    private static Object instantiate(Class<?> cls, List<Object[]> list) {
        try {
            Iterator<Object[]> it = list.iterator();
            while (it.hasNext()) {
                Maybe invokeConstructorFromArgs = Reflections.invokeConstructorFromArgs(cls, it.next());
                if (invokeConstructorFromArgs.isPresent()) {
                    return invokeConstructorFromArgs.get();
                }
            }
            throw new IllegalStateException("No matching constructor to instantiate " + cls);
        } catch (Exception e) {
            throw Exceptions.propagate(e);
        }
    }
}
