package it.geosolutions.geostore.services.rest.impl;

import it.geosolutions.geostore.core.model.Resource;
import it.geosolutions.geostore.core.model.SecurityRule;
import it.geosolutions.geostore.core.model.User;
import it.geosolutions.geostore.core.model.UserGroup;
import it.geosolutions.geostore.core.model.enums.Role;
import it.geosolutions.geostore.core.model.enums.UserReservedNames;
import it.geosolutions.geostore.services.SecurityService;
import it.geosolutions.geostore.services.UserService;
import it.geosolutions.geostore.services.dto.ShortResource;
import it.geosolutions.geostore.services.exception.NotFoundServiceEx;
import it.geosolutions.geostore.services.rest.exception.InternalErrorWebEx;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.ws.rs.core.SecurityContext;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.GrantedAuthorityImpl;

/* loaded from: input_file:it/geosolutions/geostore/services/rest/impl/RESTServiceImpl.class */
public abstract class RESTServiceImpl {
    private static final Logger LOGGER = Logger.getLogger(RESTServiceImpl.class);

    @Autowired
    UserService userService;

    protected abstract SecurityService getSecurityService();

    /* JADX INFO: Access modifiers changed from: protected */
    public User extractAuthUser(SecurityContext securityContext) throws InternalErrorWebEx {
        if (securityContext == null) {
            throw new InternalErrorWebEx("Missing auth info");
        }
        Principal userPrincipal = securityContext.getUserPrincipal();
        if (userPrincipal == null) {
            userPrincipal = createGuestPrincipal();
        }
        if (userPrincipal instanceof UsernamePasswordAuthenticationToken) {
            User user = (User) ((UsernamePasswordAuthenticationToken) userPrincipal).getPrincipal();
            LOGGER.info("Accessing service with user " + user.getName() + " and role " + user.getRole());
            return user;
        }
        if (LOGGER.isInfoEnabled()) {
            LOGGER.info("Mismatching auth principal");
        }
        throw new InternalErrorWebEx("Mismatching auth principal (" + userPrincipal.getClass() + ")");
    }

    public boolean resourceAccessWrite(User user, long j) {
        List groupSecurityRule;
        if (user.getRole().equals(Role.ADMIN)) {
            return true;
        }
        List userSecurityRule = getSecurityService().getUserSecurityRule(user.getName(), j);
        if (userSecurityRule != null && userSecurityRule.size() > 0 && ((SecurityRule) userSecurityRule.get(0)).isCanWrite()) {
            return true;
        }
        List<String> extratcGroupNames = extratcGroupNames(user.getGroups());
        if (extratcGroupNames == null || extratcGroupNames.size() <= 0 || (groupSecurityRule = getSecurityService().getGroupSecurityRule(extratcGroupNames, j)) == null || groupSecurityRule.size() <= 0) {
            return false;
        }
        Iterator it2 = groupSecurityRule.iterator();
        while (it2.hasNext()) {
            if (((SecurityRule) it2.next()).isCanWrite()) {
                return true;
            }
        }
        return false;
    }

    public boolean resourceAccessRead(User user, long j) {
        List groupSecurityRule;
        if (user.getRole().equals(Role.ADMIN)) {
            return true;
        }
        List userSecurityRule = getSecurityService().getUserSecurityRule(user.getName(), j);
        if (userSecurityRule != null && userSecurityRule.size() > 0 && ((SecurityRule) userSecurityRule.get(0)).isCanRead()) {
            return true;
        }
        List<String> extratcGroupNames = extratcGroupNames(user.getGroups());
        if (extratcGroupNames == null || extratcGroupNames.size() <= 0 || (groupSecurityRule = getSecurityService().getGroupSecurityRule(extratcGroupNames, j)) == null || groupSecurityRule.size() <= 0) {
            return false;
        }
        Iterator it2 = groupSecurityRule.iterator();
        while (it2.hasNext()) {
            if (((SecurityRule) it2.next()).isCanRead()) {
                return true;
            }
        }
        return false;
    }

    public Principal createGuestPrincipal() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new GrantedAuthorityImpl("ROLE_GUEST"));
        try {
            return new UsernamePasswordAuthenticationToken(this.userService.get(UserReservedNames.GUEST.userName()), "", arrayList);
        } catch (NotFoundServiceEx e) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("User GUEST is not configured, creating on-the-fly a default one");
            }
            User user = new User();
            user.setName("guest");
            user.setRole(Role.GUEST);
            user.setGroups(new HashSet());
            return new UsernamePasswordAuthenticationToken(user, "", arrayList);
        }
    }

    public static List<String> extratcGroupNames(Set<UserGroup> set) {
        ArrayList arrayList = new ArrayList();
        Iterator<UserGroup> it2 = set.iterator();
        while (it2.hasNext()) {
            arrayList.add(it2.next().getGroupName());
        }
        return arrayList;
    }

    public static boolean belongTo(User user, String str) {
        Iterator it2 = user.getGroups().iterator();
        while (it2.hasNext()) {
            if (((UserGroup) it2.next()).getGroupName().equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    public List<Resource> getResourcesAllowed(List<Resource> list, User user) {
        ArrayList arrayList = new ArrayList();
        for (Resource resource : list) {
            if (resourceAccessRead(user, resource.getId().longValue())) {
                arrayList.add(resource);
            }
        }
        return arrayList;
    }

    public List<ShortResource> getShortResourcesAllowed(List<ShortResource> list, User user) {
        ArrayList arrayList = new ArrayList();
        for (ShortResource shortResource : list) {
            if (resourceAccessRead(user, shortResource.getId())) {
                arrayList.add(shortResource);
            }
        }
        return arrayList;
    }
}
