package org.geoserver.security.impl;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.logging.Logger;
import org.geoserver.catalog.Catalog;
import org.geoserver.config.GeoServerDataDirectory;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.platform.resource.Resource;
import org.geoserver.security.AccessMode;
import org.geoserver.security.CatalogMode;
import org.geotools.feature.NameImpl;
import org.geotools.util.logging.Logging;
import org.opengis.feature.type.Name;

/* loaded from: input_file:org/geoserver/security/impl/DataAccessRuleDAO.class */
public class DataAccessRuleDAO extends AbstractAccessRuleDAO<DataAccessRule> {
    private static final Logger LOGGER = Logging.getLogger(DataAccessRuleDAO.class);
    static final String LAYERS = "layers.properties";
    Catalog rawCatalog;
    CatalogMode catalogMode;

    public static DataAccessRuleDAO get() {
        return (DataAccessRuleDAO) GeoServerExtensions.bean(DataAccessRuleDAO.class);
    }

    public DataAccessRuleDAO(GeoServerDataDirectory geoServerDataDirectory, Catalog catalog) throws IOException {
        super(geoServerDataDirectory, LAYERS);
        this.catalogMode = CatalogMode.HIDE;
        this.rawCatalog = catalog;
    }

    DataAccessRuleDAO(Catalog catalog, Resource resource) {
        super(resource, LAYERS);
        this.catalogMode = CatalogMode.HIDE;
        this.rawCatalog = catalog;
    }

    public CatalogMode getMode() {
        checkPropertyFile(false);
        return this.catalogMode;
    }

    @Override // org.geoserver.security.impl.AbstractAccessRuleDAO
    protected void loadRules(Properties properties) {
        TreeSet treeSet = new TreeSet();
        this.catalogMode = CatalogMode.HIDE;
        for (Map.Entry entry : properties.entrySet()) {
            String str = (String) entry.getKey();
            String str2 = (String) entry.getValue();
            if ("mode".equalsIgnoreCase(str)) {
                try {
                    this.catalogMode = CatalogMode.valueOf(str2.toUpperCase());
                } catch (Exception e) {
                    LOGGER.warning("Invalid security mode " + str2 + " acceptable values are " + Arrays.asList(CatalogMode.valuesCustom()));
                }
            } else {
                DataAccessRule parseDataAccessRule = parseDataAccessRule(str, str2);
                if (parseDataAccessRule != null) {
                    if (treeSet.contains(parseDataAccessRule)) {
                        LOGGER.warning("Rule " + str + "." + str2 + " overwrites another rule on the same path");
                    }
                    treeSet.add(parseDataAccessRule);
                }
            }
        }
        if (treeSet.size() == 0) {
            treeSet.add(new DataAccessRule(DataAccessRule.READ_ALL));
            treeSet.add(new DataAccessRule(DataAccessRule.WRITE_ALL));
        }
        this.rules = treeSet;
    }

    DataAccessRule parseDataAccessRule(String str, String str2) {
        String str3;
        String str4;
        String str5 = String.valueOf(str) + "=" + str2;
        String[] parseElements = parseElements(str);
        if (parseElements.length != 3 && parseElements.length != 2) {
            LOGGER.warning("Invalid rule " + str5 + ", the expected format is workspace.layer.mode=role1,role2,... or globalGroup.mode=role1,role2,...");
            return null;
        }
        String str6 = parseElements[0];
        if (parseElements.length == 3) {
            str3 = parseElements[1];
            str4 = parseElements[2];
        } else {
            str3 = null;
            str4 = parseElements[1];
        }
        Set<String> parseRoles = parseRoles(str2);
        if (str3 != null) {
            if (!"*".equals(str6) && this.rawCatalog.getWorkspaceByName(str6) == null) {
                LOGGER.warning("Namespace/Workspace " + str6 + " is unknown in rule " + str5);
            }
            if (!"*".equals(str3) && this.rawCatalog.getLayerByName((Name) new NameImpl(str6, str3)) == null && this.rawCatalog.getLayerGroupByName(str6, str3) == null) {
                LOGGER.warning("Layer " + str6 + " is unknown in rule + " + str5);
            }
        } else if (!"*".equals(str6) && this.rawCatalog.getLayerGroupByName(str6) == null) {
            LOGGER.warning("Global layer group " + str6 + " is unknown in rule " + str5);
        }
        AccessMode byAlias = AccessMode.getByAlias(str4);
        if (byAlias == null) {
            LOGGER.warning("Unknown access mode " + str4 + " in " + str + ", skipping rule " + str5);
            return null;
        }
        if ("*".equals(str6) && !"*".equals(str3)) {
            LOGGER.warning("Invalid rule " + str5 + ", when namespace is * then also layer must be *. Skipping rule " + str5);
            return null;
        }
        if (byAlias != AccessMode.ADMIN || "*".equals(str3)) {
            return new DataAccessRule(str6, str3, byAlias, parseRoles);
        }
        LOGGER.warning("Invalid rule " + str5 + ", admin (a) privileges may only be applied globally to a workspace, layer must be *, skipping rule");
        return null;
    }

    @Override // org.geoserver.security.impl.AbstractAccessRuleDAO
    protected Properties toProperties() {
        Properties properties = new Properties();
        properties.put("mode", this.catalogMode.toString());
        for (R r : this.rules) {
            StringBuilder sb = new StringBuilder(r.getRoot().replaceAll("\\.", "\\\\."));
            if (!r.isGlobalGroupRule()) {
                sb.append(".").append(r.getLayer().replaceAll("\\.", "\\\\."));
            }
            sb.append(".").append(r.getAccessMode().getAlias());
            properties.put(sb.toString(), r.getValue());
        }
        return properties;
    }

    static String[] parseElements(String str) {
        String str2;
        String[] split = str.trim().split("\\s*\\.\\s*");
        ArrayList arrayList = new ArrayList();
        String str3 = null;
        int length = split.length;
        for (int i = 0; i < length; i++) {
            String str4 = split[i];
            if (str3 != null) {
                str4 = String.valueOf(str3) + "." + str4;
            }
            if (str4.endsWith("\\")) {
                str2 = str4.substring(0, str4.length() - 1);
            } else {
                arrayList.add(str4);
                str2 = null;
            }
            str3 = str2;
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public void setCatalogMode(CatalogMode catalogMode) {
        this.catalogMode = catalogMode;
    }

    public static CatalogMode getByAlias(String str) {
        for (CatalogMode catalogMode : CatalogMode.valuesCustom()) {
            if (catalogMode.name().equals(str)) {
                return catalogMode;
            }
        }
        return null;
    }

    public SortedSet<DataAccessRule> getRulesAssociatedWithRole(String str) {
        TreeSet treeSet = new TreeSet();
        for (DataAccessRule dataAccessRule : getRules()) {
            if (dataAccessRule.getRoles().contains(str)) {
                treeSet.add(dataAccessRule);
            }
        }
        return treeSet;
    }
}
