package it.geosolutions.geostore.services.rest.impl;

import it.geosolutions.geostore.core.model.SecurityRule;
import it.geosolutions.geostore.core.model.User;
import it.geosolutions.geostore.core.model.UserGroup;
import it.geosolutions.geostore.core.model.enums.GroupReservedNames;
import it.geosolutions.geostore.core.model.enums.Role;
import it.geosolutions.geostore.core.model.enums.UserReservedNames;
import it.geosolutions.geostore.services.SecurityService;
import it.geosolutions.geostore.services.UserService;
import it.geosolutions.geostore.services.exception.NotFoundServiceEx;
import it.geosolutions.geostore.services.rest.exception.InternalErrorWebEx;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.ws.rs.core.SecurityContext;
import org.apache.commons.collections.CollectionUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:WEB-INF/lib/geostore-rest-impl-2.2.0.jar:it/geosolutions/geostore/services/rest/impl/RESTServiceImpl.class */
public abstract class RESTServiceImpl {
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) RESTServiceImpl.class);

    @Autowired
    UserService userService;

    /* loaded from: input_file:WEB-INF/lib/geostore-rest-impl-2.2.0.jar:it/geosolutions/geostore/services/rest/impl/RESTServiceImpl$ResourceAuth.class */
    protected static class ResourceAuth {
        boolean canRead;
        boolean canWrite;

        public ResourceAuth() {
            this(false, false);
        }

        public ResourceAuth(boolean z, boolean z2) {
            this.canRead = z;
            this.canWrite = z2;
        }
    }

    public static List<String> extratcGroupNames(Set<UserGroup> set) {
        ArrayList arrayList = new ArrayList(set.size() + 1);
        Iterator<UserGroup> it2 = set.iterator();
        while (it2.hasNext()) {
            arrayList.add(it2.next().getGroupName());
        }
        return arrayList;
    }

    protected abstract SecurityService getSecurityService();

    public void setUserService(UserService userService) {
        this.userService = userService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public User extractAuthUser(SecurityContext securityContext) throws InternalErrorWebEx {
        if (securityContext == null) {
            throw new InternalErrorWebEx("Missing auth info");
        }
        Principal userPrincipal = securityContext.getUserPrincipal();
        if (userPrincipal == null) {
            userPrincipal = createGuestPrincipal();
        }
        if (!(userPrincipal instanceof Authentication)) {
            logMismatchedPrincipal();
            throw new InternalErrorWebEx("Mismatching auth principal (" + userPrincipal.getClass() + ")");
        }
        Authentication authentication = (Authentication) userPrincipal;
        if (!(authentication.getPrincipal() instanceof User)) {
            logMismatchedPrincipal();
            throw new InternalErrorWebEx("Mismatching auth principal (not a GeoStore User)");
        }
        User user = (User) authentication.getPrincipal();
        LOGGER.info("Accessing service with user {} and role {}", user.getName(), user.getRole());
        return user;
    }

    private static void logMismatchedPrincipal() {
        if (LOGGER.isInfoEnabled()) {
            LOGGER.info("Mismatching auth principal");
        }
    }

    public boolean resourceAccessWrite(User user, long j) {
        List<SecurityRule> groupSecurityRule;
        if (user.getRole().equals(Role.ADMIN)) {
            return true;
        }
        List<SecurityRule> userSecurityRule = getSecurityService().getUserSecurityRule(user.getName(), j);
        if (userSecurityRule != null && !userSecurityRule.isEmpty()) {
            for (SecurityRule securityRule : userSecurityRule) {
                if (securityRule.isCanWrite() && securityRule.getUser() != null && securityRule.getUser().getName().equals(user.getName())) {
                    return true;
                }
            }
        }
        List<String> extratcGroupNames = extratcGroupNames(user.getGroups());
        if (extratcGroupNames.isEmpty() || (groupSecurityRule = getSecurityService().getGroupSecurityRule(extratcGroupNames, j)) == null || groupSecurityRule.isEmpty()) {
            return false;
        }
        Iterator<SecurityRule> it2 = groupSecurityRule.iterator();
        while (it2.hasNext()) {
            if (it2.next().isCanWrite()) {
                return true;
            }
        }
        return false;
    }

    public boolean resourceAccessRead(User user, long j) {
        List<SecurityRule> groupSecurityRule;
        if (user.getRole().equals(Role.ADMIN)) {
            return true;
        }
        List<SecurityRule> userSecurityRule = getSecurityService().getUserSecurityRule(user.getName(), j);
        if (userSecurityRule != null && !userSecurityRule.isEmpty()) {
            for (SecurityRule securityRule : userSecurityRule) {
                if (securityRule.isCanRead() && securityRule.getUser() != null && securityRule.getUser().getName().equals(user.getName())) {
                    return true;
                }
            }
        }
        List<String> extratcGroupNames = extratcGroupNames(user.getGroups());
        if (extratcGroupNames.isEmpty() || (groupSecurityRule = getSecurityService().getGroupSecurityRule(extratcGroupNames, j)) == null || groupSecurityRule.isEmpty()) {
            return false;
        }
        Iterator<SecurityRule> it2 = groupSecurityRule.iterator();
        while (it2.hasNext()) {
            if (it2.next().isCanRead()) {
                return true;
            }
        }
        return false;
    }

    public ResourceAuth getResourceAuth(User user, long j) {
        if (user.getRole().equals(Role.ADMIN)) {
            return new ResourceAuth(true, true);
        }
        List<SecurityRule> userSecurityRule = getSecurityService().getUserSecurityRule(user.getName(), j);
        ResourceAuth resourceAuth = new ResourceAuth();
        if (CollectionUtils.isNotEmpty(userSecurityRule)) {
            for (SecurityRule securityRule : userSecurityRule) {
                resourceAuth.canRead |= securityRule.isCanRead();
                resourceAuth.canWrite |= securityRule.isCanWrite();
                if (resourceAuth.canRead && resourceAuth.canWrite) {
                    return resourceAuth;
                }
            }
        }
        List<String> extratcGroupNames = extratcGroupNames(user.getGroups());
        if (!extratcGroupNames.isEmpty()) {
            List<SecurityRule> groupSecurityRule = getSecurityService().getGroupSecurityRule(extratcGroupNames, j);
            if (CollectionUtils.isNotEmpty(groupSecurityRule)) {
                for (SecurityRule securityRule2 : groupSecurityRule) {
                    resourceAuth.canRead |= securityRule2.isCanRead();
                    resourceAuth.canWrite |= securityRule2.isCanWrite();
                    if (resourceAuth.canRead && resourceAuth.canWrite) {
                        return resourceAuth;
                    }
                }
            }
        }
        return resourceAuth;
    }

    public Principal createGuestPrincipal() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new SimpleGrantedAuthority("ROLE_GUEST"));
        try {
            return new UsernamePasswordAuthenticationToken(this.userService.get(UserReservedNames.GUEST.userName()), "", arrayList);
        } catch (NotFoundServiceEx e) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("User GUEST is not configured, creating on-the-fly a default one");
            }
            User user = new User();
            user.setName("guest");
            user.setRole(Role.GUEST);
            HashSet hashSet = new HashSet();
            UserGroup userGroup = new UserGroup();
            userGroup.setEnabled(true);
            userGroup.setId(-1L);
            userGroup.setGroupName(GroupReservedNames.EVERYONE.groupName());
            hashSet.add(userGroup);
            user.setGroups(hashSet);
            return new UsernamePasswordAuthenticationToken(user, "", arrayList);
        }
    }
}
