package it.geosolutions.geofence.services;

import com.googlecode.genericdao.search.Filter;
import com.googlecode.genericdao.search.Search;
import com.vividsolutions.jts.geom.Geometry;
import it.geosolutions.geofence.core.dao.GSUserDAO;
import it.geosolutions.geofence.core.dao.LayerDetailsDAO;
import it.geosolutions.geofence.core.dao.RuleDAO;
import it.geosolutions.geofence.core.dao.UserGroupDAO;
import it.geosolutions.geofence.core.model.GSUser;
import it.geosolutions.geofence.core.model.LayerAttribute;
import it.geosolutions.geofence.core.model.LayerDetails;
import it.geosolutions.geofence.core.model.Rule;
import it.geosolutions.geofence.core.model.RuleLimits;
import it.geosolutions.geofence.core.model.UserGroup;
import it.geosolutions.geofence.core.model.enums.AccessType;
import it.geosolutions.geofence.core.model.enums.GrantType;
import it.geosolutions.geofence.services.dto.AccessInfo;
import it.geosolutions.geofence.services.dto.AuthUser;
import it.geosolutions.geofence.services.dto.RuleFilter;
import it.geosolutions.geofence.services.dto.ShortRule;
import it.geosolutions.geofence.services.exception.BadRequestServiceEx;
import it.geosolutions.geofence.services.util.AccessInfoInternal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:it/geosolutions/geofence/services/RuleReaderServiceImpl.class */
public class RuleReaderServiceImpl implements RuleReaderService {
    private static final Logger LOGGER = LogManager.getLogger(RuleReaderServiceImpl.class);
    private RuleDAO ruleDAO;
    private LayerDetailsDAO detailsDAO;
    private GSUserDAO userDAO;
    private UserGroupDAO userGroupDAO;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: it.geosolutions.geofence.services.RuleReaderServiceImpl$1, reason: invalid class name */
    /* loaded from: input_file:it/geosolutions/geofence/services/RuleReaderServiceImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$it$geosolutions$geofence$core$model$enums$GrantType;
        static final /* synthetic */ int[] $SwitchMap$it$geosolutions$geofence$services$dto$RuleFilter$FilterType = new int[RuleFilter.FilterType.values().length];

        static {
            try {
                $SwitchMap$it$geosolutions$geofence$services$dto$RuleFilter$FilterType[RuleFilter.FilterType.IDVALUE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$it$geosolutions$geofence$services$dto$RuleFilter$FilterType[RuleFilter.FilterType.NAMEVALUE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$it$geosolutions$geofence$services$dto$RuleFilter$FilterType[RuleFilter.FilterType.DEFAULT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$it$geosolutions$geofence$services$dto$RuleFilter$FilterType[RuleFilter.FilterType.ANY.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$it$geosolutions$geofence$core$model$enums$GrantType = new int[GrantType.values().length];
            try {
                $SwitchMap$it$geosolutions$geofence$core$model$enums$GrantType[GrantType.LIMIT.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$it$geosolutions$geofence$core$model$enums$GrantType[GrantType.DENY.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$it$geosolutions$geofence$core$model$enums$GrantType[GrantType.ALLOW.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    @Deprecated
    public List<ShortRule> getMatchingRules(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        return getMatchingRules(new RuleFilter(str, str2, str3, str4, str5, str6, str7));
    }

    public List<ShortRule> getMatchingRules(RuleFilter ruleFilter) {
        Map<UserGroup, List<Rule>> rules = getRules(ruleFilter);
        TreeMap treeMap = new TreeMap();
        Iterator<List<Rule>> it2 = rules.values().iterator();
        while (it2.hasNext()) {
            for (Rule rule : it2.next()) {
                treeMap.put(rule.getId(), rule);
            }
        }
        ArrayList arrayList = new ArrayList();
        Iterator it3 = treeMap.values().iterator();
        while (it3.hasNext()) {
            arrayList.add((Rule) it3.next());
        }
        return convertToShortList(arrayList);
    }

    @Deprecated
    public AccessInfo getAccessInfo(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        return getAccessInfo(new RuleFilter(str, str2, str3, str4, str5, str6, str7));
    }

    public AccessInfo getAccessInfo(RuleFilter ruleFilter) {
        AccessInfo accessInfo;
        LOGGER.info("Requesting access for " + ruleFilter);
        AccessInfoInternal accessInfoInternal = null;
        for (Map.Entry<UserGroup, List<Rule>> entry : getRules(ruleFilter).entrySet()) {
            UserGroup key = entry.getKey();
            AccessInfoInternal resolveRuleset = resolveRuleset(entry.getValue());
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Filter " + ruleFilter + " on group " + key + " has access " + resolveRuleset);
            }
            accessInfoInternal = enlargeAccessInfo(accessInfoInternal, resolveRuleset);
        }
        if (accessInfoInternal == null) {
            LOGGER.warn("No access for filter " + ruleFilter);
            accessInfo = new AccessInfo(GrantType.DENY);
        } else {
            accessInfo = accessInfoInternal.toAccessInfo();
        }
        LOGGER.info("Returning " + accessInfo + " for " + ruleFilter);
        return accessInfo;
    }

    private AccessInfoInternal enlargeAccessInfo(AccessInfoInternal accessInfoInternal, AccessInfoInternal accessInfoInternal2) {
        if (accessInfoInternal == null) {
            if (accessInfoInternal2 != null && accessInfoInternal2.getGrant() == GrantType.ALLOW) {
                return accessInfoInternal2;
            }
            return null;
        }
        if (accessInfoInternal2 != null && accessInfoInternal2.getGrant() != GrantType.DENY) {
            AccessInfoInternal accessInfoInternal3 = new AccessInfoInternal(GrantType.ALLOW);
            accessInfoInternal3.setCqlFilterRead(unionCQL(accessInfoInternal.getCqlFilterRead(), accessInfoInternal2.getCqlFilterRead()));
            accessInfoInternal3.setCqlFilterWrite(unionCQL(accessInfoInternal.getCqlFilterWrite(), accessInfoInternal2.getCqlFilterWrite()));
            if (accessInfoInternal.getDefaultStyle() == null || accessInfoInternal2.getDefaultStyle() == null) {
                accessInfoInternal3.setDefaultStyle(null);
            } else {
                accessInfoInternal3.setDefaultStyle(accessInfoInternal.getDefaultStyle());
            }
            accessInfoInternal3.setAllowedStyles(unionAllowedStyles(accessInfoInternal.getAllowedStyles(), accessInfoInternal2.getAllowedStyles()));
            accessInfoInternal3.setAttributes(unionAttributes(accessInfoInternal.getAttributes(), accessInfoInternal2.getAttributes()));
            accessInfoInternal3.setArea(unionGeometry(accessInfoInternal.getArea(), accessInfoInternal2.getArea()));
            return accessInfoInternal3;
        }
        return accessInfoInternal;
    }

    private String unionCQL(String str, String str2) {
        if (str == null || str2 == null) {
            return null;
        }
        return "(" + str + ") OR (" + str2 + ")";
    }

    private Geometry unionGeometry(Geometry geometry, Geometry geometry2) {
        if (geometry == null || geometry2 == null) {
            return null;
        }
        return union(geometry, geometry2);
    }

    private static Set<LayerAttribute> unionAttributes(Set<LayerAttribute> set, Set<LayerAttribute> set2) {
        if (set == null || set.isEmpty()) {
            return Collections.EMPTY_SET;
        }
        if (set2 == null || set2.isEmpty()) {
            return Collections.EMPTY_SET;
        }
        HashSet hashSet = new HashSet();
        for (LayerAttribute layerAttribute : set) {
            LayerAttribute attribute = getAttribute(layerAttribute.getName(), set2);
            if (attribute == null) {
                hashSet.add(layerAttribute.clone());
            } else {
                LayerAttribute clone = layerAttribute.clone();
                if (layerAttribute.getAccess() == AccessType.READWRITE || attribute.getAccess() == AccessType.READWRITE) {
                    clone.setAccess(AccessType.READWRITE);
                } else if (layerAttribute.getAccess() == AccessType.READONLY || attribute.getAccess() == AccessType.READONLY) {
                    clone.setAccess(AccessType.READONLY);
                }
                hashSet.add(clone);
            }
        }
        for (LayerAttribute layerAttribute2 : set2) {
            if (getAttribute(layerAttribute2.getName(), set) == null) {
                hashSet.add(layerAttribute2.clone());
            }
        }
        return hashSet;
    }

    private static LayerAttribute getAttribute(String str, Set<LayerAttribute> set) {
        for (LayerAttribute layerAttribute : set) {
            if (layerAttribute.getName().equals(str)) {
                return layerAttribute;
            }
        }
        return null;
    }

    private static Set<String> unionAllowedStyles(Set<String> set, Set<String> set2) {
        if (set == null || set.isEmpty()) {
            return Collections.EMPTY_SET;
        }
        if (set2 == null || set2.isEmpty()) {
            return Collections.EMPTY_SET;
        }
        HashSet hashSet = new HashSet();
        hashSet.addAll(set);
        hashSet.addAll(set2);
        return hashSet;
    }

    private AccessInfoInternal resolveRuleset(List<Rule> list) {
        ArrayList arrayList = new ArrayList();
        AccessInfoInternal accessInfoInternal = null;
        for (Rule rule : list) {
            if (accessInfoInternal != null) {
                return accessInfoInternal;
            }
            switch (AnonymousClass1.$SwitchMap$it$geosolutions$geofence$core$model$enums$GrantType[rule.getAccess().ordinal()]) {
                case 1:
                    RuleLimits ruleLimits = rule.getRuleLimits();
                    if (ruleLimits != null) {
                        LOGGER.info("Collecting limits: " + ruleLimits);
                        arrayList.add(ruleLimits);
                        break;
                    } else {
                        LOGGER.warn(rule + " has no associated limits");
                        break;
                    }
                case 2:
                    accessInfoInternal = new AccessInfoInternal(GrantType.DENY);
                    break;
                case 3:
                    accessInfoInternal = buildAllowAccessInfo(rule, arrayList, null);
                    break;
                default:
                    throw new IllegalStateException("Unknown GrantType " + rule.getAccess());
            }
        }
        return accessInfoInternal;
    }

    private GSUser getUserByName(String str) {
        Search search = new Search(GSUser.class);
        search.addFilterEqual("name", str);
        List search2 = this.userDAO.search(search);
        if (search2.size() > 1) {
            throw new IllegalStateException("Found more than one user with name '" + str + "'");
        }
        if (search2.isEmpty()) {
            return null;
        }
        return (GSUser) search2.get(0);
    }

    private GSUser getFullUser(RuleFilter.IdNameFilter idNameFilter) {
        switch (AnonymousClass1.$SwitchMap$it$geosolutions$geofence$services$dto$RuleFilter$FilterType[idNameFilter.getType().ordinal()]) {
            case 1:
                return this.userDAO.getFull(idNameFilter.getId());
            case 2:
                return this.userDAO.getFull(idNameFilter.getName());
            case 3:
            case 4:
                return null;
            default:
                throw new IllegalStateException("Unknown filter type '" + idNameFilter + "'");
        }
    }

    private UserGroup getUserGroup(RuleFilter.IdNameFilter idNameFilter) {
        Search search = new Search(UserGroup.class);
        switch (AnonymousClass1.$SwitchMap$it$geosolutions$geofence$services$dto$RuleFilter$FilterType[idNameFilter.getType().ordinal()]) {
            case 1:
                search.addFilterEqual("id", idNameFilter.getId());
                break;
            case 2:
                search.addFilterEqual("name", idNameFilter.getName());
                break;
            default:
                return null;
        }
        List search2 = this.userGroupDAO.search(search);
        if (search2.size() > 1) {
            throw new IllegalStateException("Found more than one userGroup '" + idNameFilter + "'");
        }
        if (search2.isEmpty()) {
            return null;
        }
        return (UserGroup) search2.get(0);
    }

    private AccessInfoInternal buildAllowAccessInfo(Rule rule, List<RuleLimits> list, RuleFilter.IdNameFilter idNameFilter) {
        AccessInfoInternal accessInfoInternal = new AccessInfoInternal(GrantType.ALLOW);
        Geometry intersect = intersect(list);
        LayerDetails layerDetails = rule.getLayerDetails();
        if (layerDetails != null) {
            intersect = intersect(intersect, layerDetails.getArea());
            accessInfoInternal.setAttributes(layerDetails.getAttributes());
            accessInfoInternal.setCqlFilterRead(layerDetails.getCqlFilterRead());
            accessInfoInternal.setCqlFilterWrite(layerDetails.getCqlFilterWrite());
            accessInfoInternal.setDefaultStyle(layerDetails.getDefaultStyle());
            accessInfoInternal.setAllowedStyles(layerDetails.getAllowedStyles());
        }
        if (intersect != null) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Attaching an area to Accessinfo: " + intersect.getClass().getName() + " " + intersect.toString());
            }
            accessInfoInternal.setArea(intersect);
        }
        return accessInfoInternal;
    }

    private Geometry intersect(List<RuleLimits> list) {
        Geometry geometry = null;
        Iterator<RuleLimits> it2 = list.iterator();
        while (it2.hasNext()) {
            Geometry allowedArea = it2.next().getAllowedArea();
            if (allowedArea != null) {
                geometry = geometry == null ? allowedArea : geometry.intersection(allowedArea);
            }
        }
        return geometry;
    }

    private Geometry intersect(Geometry geometry, Geometry geometry2) {
        return geometry != null ? geometry2 == null ? geometry : geometry.intersection(geometry2) : geometry2;
    }

    private Geometry union(Geometry geometry, Geometry geometry2) {
        return geometry != null ? geometry2 == null ? geometry : geometry.union(geometry2) : geometry2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v71, types: [java.util.Set] */
    /* JADX WARN: Type inference failed for: r0v77, types: [java.util.Set] */
    protected Map<UserGroup, List<Rule>> getRules(RuleFilter ruleFilter) throws BadRequestServiceEx {
        GSUser fullUser = getFullUser(ruleFilter.getUser());
        UserGroup userGroup = getUserGroup(ruleFilter.getUserGroup());
        HashSet<UserGroup> hashSet = new HashSet();
        if (fullUser != null) {
            Set groups = fullUser.getGroups();
            if (userGroup != null) {
                if (!groups.contains(userGroup)) {
                    LOGGER.warn("User does not belong to user group [FUser:" + ruleFilter.getUser() + "] [FGroup:" + userGroup + "] [Grps:" + groups + "]");
                    return Collections.EMPTY_MAP;
                }
                hashSet = Collections.singleton(userGroup);
            } else if (ruleFilter.getUserGroup().getType() == RuleFilter.FilterType.ANY) {
                if (fullUser.getGroups().isEmpty()) {
                    ruleFilter.setUserGroup(RuleFilter.SpecialFilterType.DEFAULT);
                } else {
                    hashSet = fullUser.getGroups();
                }
            }
        } else if (userGroup != null) {
            hashSet.add(userGroup);
        }
        HashMap hashMap = new HashMap();
        if (hashSet.isEmpty()) {
            hashMap.put(null, getRuleAux(ruleFilter, ruleFilter.getUserGroup()));
        } else {
            for (UserGroup userGroup2 : hashSet) {
                RuleFilter.IdNameFilter idNameFilter = new RuleFilter.IdNameFilter(userGroup2.getId().longValue());
                idNameFilter.setIncludeDefault(true);
                hashMap.put(userGroup2, getRuleAux(ruleFilter, idNameFilter));
            }
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Filter " + ruleFilter + " is matching the following Rules:");
            boolean z = false;
            for (Map.Entry entry : hashMap.entrySet()) {
                UserGroup userGroup3 = (UserGroup) entry.getKey();
                LOGGER.debug("    Group:" + userGroup3);
                Iterator it2 = ((List) entry.getValue()).iterator();
                while (it2.hasNext()) {
                    LOGGER.debug("    Group:" + userGroup3 + " ---> " + ((Rule) it2.next()));
                    z = true;
                }
            }
            if (!z) {
                LOGGER.debug("No rules matching filter " + ruleFilter);
            }
        }
        return hashMap;
    }

    protected List<Rule> getRuleAux(RuleFilter ruleFilter, RuleFilter.IdNameFilter idNameFilter) {
        Search search = new Search(Rule.class);
        search.addSortAsc("priority");
        addCriteria(search, "gsuser", ruleFilter.getUser());
        addCriteria(search, "userGroup", idNameFilter);
        addCriteria(search, "instance", ruleFilter.getInstance());
        addStringCriteria(search, "service", ruleFilter.getService());
        addStringCriteria(search, "request", ruleFilter.getRequest());
        addStringCriteria(search, "workspace", ruleFilter.getWorkspace());
        addStringCriteria(search, "layer", ruleFilter.getLayer());
        return this.ruleDAO.search(search);
    }

    private void addCriteria(Search search, String str, RuleFilter.IdNameFilter idNameFilter) {
        switch (AnonymousClass1.$SwitchMap$it$geosolutions$geofence$services$dto$RuleFilter$FilterType[idNameFilter.getType().ordinal()]) {
            case 1:
                search.addFilterOr(new Filter[]{Filter.isNull(str), Filter.equal(str + ".id", idNameFilter.getId())});
                return;
            case 2:
                search.addFilterOr(new Filter[]{Filter.isNull(str), Filter.equal(str + ".name", idNameFilter.getName())});
                return;
            case 3:
                search.addFilterNull(str);
                return;
            case 4:
                return;
            default:
                throw new AssertionError();
        }
    }

    private void addStringCriteria(Search search, String str, RuleFilter.NameFilter nameFilter) {
        switch (AnonymousClass1.$SwitchMap$it$geosolutions$geofence$services$dto$RuleFilter$FilterType[nameFilter.getType().ordinal()]) {
            case 1:
            default:
                throw new AssertionError();
            case 2:
                search.addFilterOr(new Filter[]{Filter.isNull(str), Filter.equal(str, nameFilter.getName())});
                return;
            case 3:
                search.addFilterNull(str);
                return;
            case 4:
                return;
        }
    }

    public AuthUser authorize(String str, String str2) {
        GSUser userByName = getUserByName(str);
        if (userByName == null) {
            LOGGER.debug("User not found " + str);
            return null;
        }
        if (userByName.getPassword().equals(str2)) {
            return new AuthUser(str, userByName.isAdmin() ? AuthUser.Role.ADMIN : AuthUser.Role.USER);
        }
        LOGGER.debug("Bad pw for user " + str);
        return null;
    }

    private List<ShortRule> convertToShortList(List<Rule> list) {
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<Rule> it2 = list.iterator();
        while (it2.hasNext()) {
            arrayList.add(new ShortRule(it2.next()));
        }
        return arrayList;
    }

    public void setRuleDAO(RuleDAO ruleDAO) {
        this.ruleDAO = ruleDAO;
    }

    public void setLayerDetailsDAO(LayerDetailsDAO layerDetailsDAO) {
        this.detailsDAO = layerDetailsDAO;
    }

    public void setGsUserDAO(GSUserDAO gSUserDAO) {
        this.userDAO = gSUserDAO;
    }

    public void setUserGroupDAO(UserGroupDAO userGroupDAO) {
        this.userGroupDAO = userGroupDAO;
    }
}
