package org.geoserver.rest.security;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.rest.ResourceNotFoundException;
import org.geoserver.rest.RestException;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.impl.AbstractAccessRuleDAO;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.ResponseBody;

/* loaded from: input_file:org/geoserver/rest/security/AbstractAclController.class */
public abstract class AbstractAclController<DAO extends AbstractAccessRuleDAO<Comparable<?>>> {
    public static final String ANY = "*";
    DAO ruleDAO;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractAclController(DAO dao) {
        this.ruleDAO = dao;
    }

    GeoServerSecurityManager getManager() {
        return (GeoServerSecurityManager) GeoServerExtensions.bean(GeoServerSecurityManager.class);
    }

    @GetMapping(produces = {"application/json", "text/json", "application/xml", "text/xml"})
    @ResponseBody
    public RuleMap rulesGet() throws IOException {
        checkUserIsAdmin();
        try {
            return getMap();
        } catch (Exception e) {
            throw createRestException(e);
        }
    }

    @PostMapping(consumes = {"application/json", "text/json", "application/xml", "text/xml"})
    public void rulesPost(@RequestBody RuleMap ruleMap) throws IOException {
        checkUserIsAdmin();
        try {
            postMap(ruleMap);
        } catch (Exception e) {
            throw createRestException(e);
        }
    }

    @PutMapping(consumes = {"application/json", "text/json", "application/xml", "text/xml"})
    public void rulesPut(@RequestBody RuleMap ruleMap) throws IOException {
        checkUserIsAdmin();
        try {
            putMap(ruleMap);
        } catch (Exception e) {
            throw createRestException(e);
        }
    }

    @DeleteMapping(path = {"/**"})
    public void rulesDelete(HttpServletRequest httpServletRequest) throws UnsupportedEncodingException {
        checkUserIsAdmin();
        String decode = URLDecoder.decode(httpServletRequest.getPathInfo().substring(getBasePath().length() + 1), "utf-8");
        String validateRuleKey = validateRuleKey(decode);
        if (validateRuleKey != null) {
            throw new RestException(validateRuleKey, HttpStatus.UNPROCESSABLE_ENTITY);
        }
        Comparable<?> comparable = null;
        Iterator it = this.ruleDAO.getRules().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Comparable<?> comparable2 = (Comparable) it.next();
            if (decode.equals(keyFor(comparable2))) {
                comparable = comparable2;
                break;
            }
        }
        if (comparable == null) {
            throw new ResourceNotFoundException("Rule not found: " + decode);
        }
        try {
            this.ruleDAO.removeRule(comparable);
            this.ruleDAO.storeRules();
        } catch (Exception e) {
            throw createRestException(e);
        }
    }

    protected abstract String getBasePath();

    protected void checkUserIsAdmin() {
        if (!getManager().checkAuthenticationForAdminRole()) {
            throw new RestException("Amdinistrative priveleges required", HttpStatus.FORBIDDEN);
        }
    }

    protected abstract void addRuleToMap(Comparable comparable, Map<String, String> map);

    public RuleMap<String, String> getMap() throws Exception {
        RuleMap<String, String> ruleMap = new RuleMap<>();
        Iterator it = this.ruleDAO.getRules().iterator();
        while (it.hasNext()) {
            addRuleToMap((Comparable) it.next(), ruleMap);
        }
        return ruleMap;
    }

    protected Set<Object> intersection(Map map) {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Iterator it = this.ruleDAO.getRules().iterator();
        while (it.hasNext()) {
            hashSet2.add(keyFor((Comparable) it.next()));
        }
        if (hashSet2.isEmpty() || map.isEmpty()) {
            return hashSet;
        }
        for (Object obj : hashSet2) {
            if (map.containsKey(obj)) {
                hashSet.add(obj);
            }
        }
        return hashSet;
    }

    protected Set<Object> nonExistingKeys(Map map) {
        List rules = this.ruleDAO.getRules();
        if (rules.isEmpty()) {
            return map.keySet();
        }
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Iterator it = rules.iterator();
        while (it.hasNext()) {
            hashSet2.add(keyFor((Comparable) it.next()));
        }
        for (Object obj : map.keySet()) {
            if (!hashSet2.contains(obj)) {
                hashSet.add(obj);
            }
        }
        return hashSet;
    }

    protected abstract String keyFor(Comparable<?> comparable);

    protected String validateRule(String str, String str2) {
        return validateRuleKey(str);
    }

    protected abstract String validateRuleKey(String str);

    protected abstract Comparable convertEntryToRule(Map.Entry<String, String> entry);

    protected void validateMap(Map<String, String> map) {
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String validateRule = validateRule(entry.getKey(), entry.getValue());
            if (validateRule != null) {
                throw new RestException(validateRule, HttpStatus.UNPROCESSABLE_ENTITY);
            }
        }
    }

    protected void postMap(Map map) throws Exception {
        validateMap(map);
        Set<Object> intersection = intersection(map);
        if (!intersection.isEmpty()) {
            throw new RestException("Already existing rules: " + StringUtils.join(intersection.iterator(), ","), HttpStatus.CONFLICT);
        }
        Iterator it = map.entrySet().iterator();
        while (it.hasNext()) {
            this.ruleDAO.addRule(convertEntryToRule((Map.Entry) it.next()));
        }
        this.ruleDAO.storeRules();
    }

    protected void putMap(Map map) throws Exception {
        validateMap(map);
        Set<Object> nonExistingKeys = nonExistingKeys(map);
        if (!nonExistingKeys.isEmpty()) {
            throw new RestException("Unknown rules: " + StringUtils.join(nonExistingKeys.iterator(), ","), HttpStatus.CONFLICT);
        }
        Iterator it = map.entrySet().iterator();
        while (it.hasNext()) {
            Comparable convertEntryToRule = convertEntryToRule((Map.Entry) it.next());
            this.ruleDAO.removeRule(convertEntryToRule);
            this.ruleDAO.addRule(convertEntryToRule);
        }
        this.ruleDAO.storeRules();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<String> parseRoles(String str) {
        String[] split = str.split("[\\s,]+");
        HashSet hashSet = new HashSet(split.length);
        hashSet.addAll(Arrays.asList(split));
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            if (ANY.equals((String) it.next())) {
                return Collections.singleton(ANY);
            }
        }
        return hashSet;
    }

    protected RestException createRestException(Exception exc) {
        return exc instanceof RestException ? (RestException) exc : new RestException("", HttpStatus.INTERNAL_SERVER_ERROR, exc);
    }
}
