package org.geoserver.geofence;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.geoserver.geofence.config.GeoFenceConfiguration;
import org.geoserver.geofence.services.dto.RuleFilter;
import org.geoserver.ows.Request;
import org.geotools.util.logging.Logging;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:org/geoserver/geofence/RuleFilterBuilder.class */
class RuleFilterBuilder {
    private Request owsRequest;
    private String ipAddress;
    private String workspace;
    private String layer;
    private Authentication user;
    private GeoFenceConfiguration config;
    private static final Logger LOGGER = Logging.getLogger(RuleFilterBuilder.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public RuleFilterBuilder(GeoFenceConfiguration geoFenceConfiguration) {
        this.config = geoFenceConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RuleFilterBuilder withRequest(Request request) {
        this.owsRequest = request;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RuleFilterBuilder withIpAddress(String str) {
        this.ipAddress = str;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RuleFilterBuilder withWorkspace(String str) {
        this.workspace = str;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RuleFilterBuilder withLayer(String str) {
        this.layer = str;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RuleFilterBuilder withUser(Authentication authentication) {
        this.user = authentication;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RuleFilter build() {
        RuleFilter ruleFilter = new RuleFilter(RuleFilter.SpecialFilterType.ANY);
        setRuleFilterUserAndRole(ruleFilter);
        ruleFilter.setInstance(this.config.getInstanceName());
        String str = null;
        String str2 = null;
        if (this.owsRequest != null) {
            str = this.owsRequest.getService();
            str2 = this.owsRequest.getRequest();
        }
        if (str == null) {
            ruleFilter.setService(RuleFilter.SpecialFilterType.DEFAULT);
        } else if ("*".equals(str)) {
            ruleFilter.setService(RuleFilter.SpecialFilterType.ANY);
        } else {
            ruleFilter.setService(str);
        }
        if (str2 == null) {
            ruleFilter.setRequest(RuleFilter.SpecialFilterType.DEFAULT);
        } else if ("*".equals(str2)) {
            ruleFilter.setRequest(RuleFilter.SpecialFilterType.ANY);
        } else {
            ruleFilter.setRequest(str2);
        }
        ruleFilter.setWorkspace(this.workspace);
        ruleFilter.setLayer(this.layer);
        String str3 = this.ipAddress;
        if (str3 != null) {
            ruleFilter.setSourceAddress(str3);
        } else {
            LOGGER.log(Level.WARNING, "No source IP address found");
            ruleFilter.setSourceAddress(RuleFilter.SpecialFilterType.DEFAULT);
        }
        LOGGER.log(Level.FINE, "ResourceInfo filter: {0}", ruleFilter);
        return ruleFilter;
    }

    private void setRuleFilterUserAndRole(RuleFilter ruleFilter) {
        if (this.user == null) {
            LOGGER.log(Level.WARNING, "No user given");
            ruleFilter.setUser(RuleFilter.SpecialFilterType.DEFAULT);
            return;
        }
        setByRole(ruleFilter);
        String name = this.user.getName();
        if (StringUtils.isEmpty(name)) {
            LOGGER.log(Level.WARNING, "Username is null for user: {0}", new Object[]{this.user});
            ruleFilter.setUser(RuleFilter.SpecialFilterType.DEFAULT);
        } else {
            LOGGER.log(Level.FINE, "Setting user for filter: {0}", new Object[]{name});
            ruleFilter.setUser(name);
        }
    }

    private void setByRole(RuleFilter ruleFilter) {
        if (this.config.isUseRolesToFilter()) {
            if (this.config.getRoles().isEmpty()) {
                LOGGER.log(Level.WARNING, "Role filtering requested, but no roles provided. Will only use user authorizations");
            }
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Authorizations found for user {0}: {1}", new Object[]{this.user.getName(), (String) this.user.getAuthorities().stream().map(grantedAuthority -> {
                    return grantedAuthority.getAuthority();
                }).collect(Collectors.joining(",", "[", "]"))});
                LOGGER.log(Level.FINE, "Authorizations allowed: {0}", new Object[]{(String) this.config.getRoles().stream().collect(Collectors.joining(",", "[", "]"))});
            }
        }
        if (!this.config.isUseRolesToFilter() || this.config.getRoles().isEmpty()) {
            return;
        }
        List<String> filteredRoles = getFilteredRoles();
        if (filteredRoles.isEmpty()) {
            filteredRoles.add("UNKNOWN");
        }
        String join = String.join(",", filteredRoles);
        LOGGER.log(Level.FINE, "Setting role for filter: {0}", new Object[]{join});
        ruleFilter.setRole(join);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<String> getFilteredRoles() {
        return getFilteredRoles(this.config.getRoles().contains("*"), (Set) this.config.getRoles().stream().filter(str -> {
            return str.startsWith("-");
        }).map(str2 -> {
            return str2.substring(1);
        }).collect(Collectors.toSet()));
    }

    private List<String> getFilteredRoles(boolean z, Set<String> set) {
        ArrayList arrayList = new ArrayList();
        if (this.user != null) {
            Iterator it = this.user.getAuthorities().iterator();
            while (it.hasNext()) {
                String authority = ((GrantedAuthority) it.next()).getAuthority();
                if (addRole(authority, set, z)) {
                    arrayList.add(authority);
                }
            }
        }
        return arrayList;
    }

    private boolean addRole(String str, Set<String> set, boolean z) {
        return (z || this.config.getRoles().contains(str)) && !set.contains(str);
    }
}
