package org.geoserver.security.impl;

import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.geoserver.security.AccessMode;
import org.geoserver.security.GeoServerSecurityFilterChainProxy;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:org/geoserver/security/impl/SecureTreeNode.class */
public class SecureTreeNode {
    static final Set<String> EVERYBODY = Collections.singleton("*");
    static final String ROOT_ROLE = GeoServerRole.ADMIN_ROLE.getAuthority();
    static int ROOT_DEPTH = 0;
    static int WS_LG_DEPTH = 1;
    static int RESOURCE_DEPTH = 2;
    SecureTreeNode parent;
    Map<String, SecureTreeNode> children = new HashMap();
    Map<AccessMode, Set<String>> authorizedRoles = new HashMap();

    private SecureTreeNode(SecureTreeNode secureTreeNode) {
        this.parent = secureTreeNode;
    }

    public SecureTreeNode() {
        for (AccessMode accessMode : AccessMode.values()) {
            switch (accessMode) {
                case ADMIN:
                    this.authorizedRoles.put(accessMode, Collections.singleton(ROOT_ROLE));
                    break;
                default:
                    this.authorizedRoles.put(accessMode, EVERYBODY);
                    break;
            }
        }
    }

    public SecureTreeNode getChild(String str) {
        return this.children.get(str);
    }

    public SecureTreeNode addChild(String str) {
        if (getChild(str) != null) {
            throw new IllegalArgumentException("This pathElement " + str + " is already among my children");
        }
        SecureTreeNode secureTreeNode = new SecureTreeNode(this);
        this.children.put(str, secureTreeNode);
        return secureTreeNode;
    }

    public boolean canAccess(Authentication authentication, AccessMode accessMode) {
        Set<String> authorizedRoles = getAuthorizedRoles(accessMode);
        if (!GeoServerSecurityFilterChainProxy.isSecurityEnabledForCurrentRequest()) {
            return true;
        }
        if (authorizedRoles == null) {
            return this.parent.canAccess(authentication, accessMode);
        }
        if (authorizedRoles.equals(EVERYBODY)) {
            return true;
        }
        if (authentication == null || authentication.getAuthorities() == null) {
            return false;
        }
        Iterator it = authentication.getAuthorities().iterator();
        while (it.hasNext()) {
            String authority = ((GrantedAuthority) it.next()).getAuthority();
            if (authorizedRoles.contains(authority) || ROOT_ROLE.equals(authority)) {
                return true;
            }
        }
        return false;
    }

    public Set<String> getAuthorizedRoles(AccessMode accessMode) {
        return this.authorizedRoles.get(accessMode);
    }

    public void setAuthorizedRoles(AccessMode accessMode, Set<String> set) {
        this.authorizedRoles.put(accessMode, set);
    }

    public SecureTreeNode getDeepestNode(String... strArr) {
        SecureTreeNode secureTreeNode = this;
        SecureTreeNode secureTreeNode2 = this;
        for (String str : strArr) {
            SecureTreeNode child = secureTreeNode.getChild(str);
            if (child == null) {
                return secureTreeNode2;
            }
            secureTreeNode = child;
            if (secureTreeNode.authorizedRoles != null && !secureTreeNode.authorizedRoles.isEmpty()) {
                secureTreeNode2 = secureTreeNode;
            }
        }
        return secureTreeNode;
    }

    public SecureTreeNode getNode(String... strArr) {
        SecureTreeNode secureTreeNode = this;
        for (String str : strArr) {
            SecureTreeNode child = secureTreeNode.getChild(str);
            if (child == null) {
                return null;
            }
            secureTreeNode = child;
        }
        return secureTreeNode;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, SecureTreeNode> getChildren() {
        return this.children;
    }

    public String toString() {
        return "SecureTreeNode [childrenCount=" + this.children.size() + ", hasParent=" + (this.parent != null) + ", authorizedRoles=" + this.authorizedRoles + "]";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getDepth() {
        int i = 0;
        HashSet hashSet = new HashSet();
        SecureTreeNode secureTreeNode = this;
        while (true) {
            SecureTreeNode secureTreeNode2 = secureTreeNode;
            if (secureTreeNode2.parent == null || hashSet.contains(secureTreeNode2.parent)) {
                break;
            }
            i++;
            hashSet.add(secureTreeNode2);
            secureTreeNode = secureTreeNode2.parent;
        }
        return i;
    }
}
