package org.geoserver.web.security;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.geoserver.catalog.CatalogInfo;
import org.geoserver.catalog.LayerGroupInfo;
import org.geoserver.catalog.LayerInfo;
import org.geoserver.catalog.PublishedInfo;
import org.geoserver.catalog.WorkspaceInfo;
import org.geoserver.security.AccessMode;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.SecureCatalogImpl;
import org.geoserver.security.impl.DataAccessRule;
import org.geoserver.security.impl.DataAccessRuleDAO;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.web.GeoServerApplication;
import org.geoserver.web.spring.security.GeoServerSession;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:WEB-INF/lib/gs-web-core-2.18.7-georchestra.jar:org/geoserver/web/security/AccessDataRuleInfoManager.class */
public class AccessDataRuleInfoManager {
    private DataAccessRuleDAO dao = DataAccessRuleDAO.get();
    static List<AccessMode> MODES = Arrays.asList(AccessMode.READ, AccessMode.WRITE, AccessMode.ADMIN);

    public GeoServerSecurityManager getSecurityManager() {
        return GeoServerApplication.get().getSecurityManager();
    }

    public Set<String> getAvailableRoles() {
        try {
            return (Set) getSecurityManager().getRolesForAccessControl().stream().map(geoServerRole -> {
                return geoServerRole.getAuthority();
            }).collect(Collectors.toSet());
        } catch (IOException e) {
            return null;
        }
    }

    public String getWorkspaceName(CatalogInfo catalogInfo) {
        if (catalogInfo instanceof WorkspaceInfo) {
            return ((WorkspaceInfo) catalogInfo).getName();
        }
        if (catalogInfo instanceof LayerInfo) {
            return ((LayerInfo) catalogInfo).getResource().getStore().getWorkspace().getName();
        }
        if (!(catalogInfo instanceof LayerGroupInfo)) {
            return null;
        }
        LayerGroupInfo layerGroupInfo = (LayerGroupInfo) catalogInfo;
        return layerGroupInfo.getWorkspace() != null ? layerGroupInfo.getWorkspace().getName() : null;
    }

    public String getLayerName(CatalogInfo catalogInfo) {
        if (catalogInfo instanceof PublishedInfo) {
            return ((PublishedInfo) catalogInfo).getName();
        }
        return null;
    }

    public List<DataAccessRule> getRules() {
        return getSecurityManager().getDataAccessRuleDAO().getRules();
    }

    public Set<DataAccessRule> getWorkspaceDataAccessRules(String str) {
        return (Set) getRules().stream().filter(dataAccessRule -> {
            return dataAccessRule.getRoot().equalsIgnoreCase(str) && dataAccessRule.getLayer().equals("*");
        }).collect(Collectors.toSet());
    }

    public Set<DataAccessRule> getGlobalLayerGroupSecurityRule(String str) {
        return (Set) getRules().stream().filter(dataAccessRule -> {
            return dataAccessRule.getRoot().equalsIgnoreCase(str);
        }).collect(Collectors.toSet());
    }

    public Set<DataAccessRule> getLayerSecurityRule(String str, String str2) {
        return (Set) getRules().stream().filter(dataAccessRule -> {
            return dataAccessRule.getRoot().equalsIgnoreCase(str) && dataAccessRule.getLayer().equalsIgnoreCase(str2);
        }).collect(Collectors.toSet());
    }

    public Set<DataAccessRule> getResourceRule(String str, CatalogInfo catalogInfo) {
        Set<DataAccessRule> set = null;
        if (catalogInfo instanceof LayerInfo) {
            set = getLayerSecurityRule(str, ((PublishedInfo) catalogInfo).getName());
        } else if (catalogInfo instanceof LayerGroupInfo) {
            set = str == null ? getGlobalLayerGroupSecurityRule(((LayerGroupInfo) catalogInfo).getName()) : getLayerSecurityRule(str, ((PublishedInfo) catalogInfo).getName());
        } else if (catalogInfo instanceof WorkspaceInfo) {
            set = getWorkspaceDataAccessRules(((WorkspaceInfo) catalogInfo).getName());
        }
        return set;
    }

    public List<DataAccessRuleInfo> mapTo(Set<DataAccessRule> set, Set<String> set2, String str, String str2) {
        if (set == null || set.isEmpty()) {
            return getNewInfoList(str, str2, set2);
        }
        ArrayList arrayList = new ArrayList(set2.size());
        HashMap hashMap = new HashMap(set2.size());
        for (String str3 : set2) {
            HashSet hashSet = new HashSet(3);
            for (AccessMode accessMode : MODES) {
                set.stream().filter(dataAccessRule -> {
                    return dataAccessRule.getAccessMode() == accessMode;
                }).forEach(dataAccessRule2 -> {
                    if (dataAccessRule2.getRoles().contains(str3)) {
                        hashSet.add(accessMode);
                    }
                });
            }
            hashMap.put(str3, hashSet);
        }
        set.forEach(dataAccessRule3 -> {
            set2.removeAll(dataAccessRule3.getRoles());
        });
        set2.forEach(str4 -> {
            hashMap.put(str4, null);
        });
        for (String str5 : hashMap.keySet()) {
            Set<AccessMode> set3 = (Set) hashMap.get(str5);
            DataAccessRuleInfo dataAccessRuleInfo = new DataAccessRuleInfo(str5, str, str2);
            dataAccessRuleInfo.setAdminFromMode(set3);
            dataAccessRuleInfo.setReadFromMode(set3);
            dataAccessRuleInfo.setWriteFromMode(set3);
            arrayList.add(dataAccessRuleInfo);
        }
        return arrayList;
    }

    public List<DataAccessRuleInfo> getNewInfoList(String str, String str2, Set<String> set) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it2 = set.iterator();
        while (it2.hasNext()) {
            DataAccessRuleInfo dataAccessRuleInfo = new DataAccessRuleInfo(it2.next(), str, str2);
            dataAccessRuleInfo.setRead(false);
            dataAccessRuleInfo.setWrite(false);
            dataAccessRuleInfo.setAdmin(false);
            arrayList.add(dataAccessRuleInfo);
        }
        return arrayList;
    }

    public Set<DataAccessRule> mapFrom(List<DataAccessRuleInfo> list, Set<String> set, String str, String str2, boolean z) {
        HashSet hashSet = new HashSet(set.size());
        HashMap hashMap = new HashMap(MODES.size());
        for (AccessMode accessMode : MODES) {
            HashSet hashSet2 = new HashSet();
            for (String str3 : set) {
                list.stream().filter(dataAccessRuleInfo -> {
                    return dataAccessRuleInfo.getRoleName().equalsIgnoreCase(str3);
                }).forEach(dataAccessRuleInfo2 -> {
                    if (dataAccessRuleInfo2.hasMode(accessMode)) {
                        hashSet2.add(str3);
                    }
                });
            }
            hashMap.put(accessMode, hashSet2);
        }
        for (AccessMode accessMode2 : hashMap.keySet()) {
            Set set2 = (Set) hashMap.get(accessMode2);
            if (set2 != null && set2.size() > 0) {
                DataAccessRule dataAccessRule = new DataAccessRule();
                if (z) {
                    dataAccessRule.setRoot(str2);
                    dataAccessRule.setLayer(null);
                    dataAccessRule.setGlobalGroupRule(true);
                } else {
                    dataAccessRule.setRoot(str);
                    dataAccessRule.setLayer(str2 != null ? str2 : "*");
                }
                dataAccessRule.setAccessMode(accessMode2);
                dataAccessRule.getRoles().addAll(set2);
                hashSet.add(dataAccessRule);
            }
        }
        return hashSet;
    }

    public void saveRules(Set<DataAccessRule> set, Set<DataAccessRule> set2) throws IOException {
        synchronized (this) {
            set.forEach(dataAccessRule -> {
                this.dao.removeRule(dataAccessRule);
            });
            if (!set2.isEmpty()) {
                set2.forEach(dataAccessRule2 -> {
                    this.dao.addRule(dataAccessRule2);
                });
            }
            this.dao.storeRules();
        }
    }

    public List<DataAccessRuleInfo> getDataAccessRuleInfo(CatalogInfo catalogInfo) {
        String workspaceName = getWorkspaceName(catalogInfo);
        String layerName = getLayerName(catalogInfo);
        return mapTo(getResourceRule(workspaceName, catalogInfo), getAvailableRoles(), workspaceName, layerName);
    }

    public void removeAllResourceRules(String str, CatalogInfo catalogInfo) throws IOException {
        getResourceRule(str, catalogInfo).forEach(dataAccessRule -> {
            this.dao.removeRule(dataAccessRule);
        });
        this.dao.storeRules();
    }

    public static boolean canAccess() {
        boolean z = false;
        Iterator<? extends GrantedAuthority> it2 = GeoServerSession.get().getAuthentication().getAuthorities().iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            if (it2.next().getAuthority().equalsIgnoreCase(GeoServerRole.ADMIN_ROLE.getAuthority())) {
                z = true;
                break;
            }
        }
        return ((SecureCatalogImpl) GeoServerApplication.get().getBeanOfType(SecureCatalogImpl.class)).isDefaultAccessManager() && z;
    }
}
