package org.geoserver.security.impl;

import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.TreeSet;
import org.geoserver.catalog.Catalog;
import org.geoserver.config.GeoServerDataDirectory;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.AccessMode;
import org.geoserver.security.CatalogMode;
import org.geotools.util.logging.Logging;

/* loaded from: input_file:org/geoserver/security/impl/DataAccessRuleDAO.class */
public class DataAccessRuleDAO extends AbstractAccessRuleDAO<DataAccessRule> {
    static final String LAYERS = "layers.properties";
    Catalog rawCatalog;
    CatalogMode catalogMode;

    static {
        LOGGER = Logging.getLogger(DataAccessRuleDAO.class);
    }

    public static DataAccessRuleDAO get() {
        return (DataAccessRuleDAO) GeoServerExtensions.bean(DataAccessRuleDAO.class);
    }

    public DataAccessRuleDAO(GeoServerDataDirectory geoServerDataDirectory, Catalog catalog) throws IOException {
        super(geoServerDataDirectory, LAYERS);
        this.catalogMode = CatalogMode.HIDE;
        this.rawCatalog = catalog;
    }

    DataAccessRuleDAO(Catalog catalog, File file) {
        super(file, LAYERS);
        this.catalogMode = CatalogMode.HIDE;
        this.rawCatalog = catalog;
    }

    public CatalogMode getMode() {
        checkPropertyFile(false);
        return this.catalogMode;
    }

    @Override // org.geoserver.security.impl.AbstractAccessRuleDAO
    protected void loadRules(Properties properties) {
        TreeSet<R> treeSet = new TreeSet<>();
        this.catalogMode = CatalogMode.HIDE;
        for (Map.Entry entry : properties.entrySet()) {
            String str = (String) entry.getKey();
            String str2 = (String) entry.getValue();
            if ("mode".equalsIgnoreCase(str)) {
                try {
                    this.catalogMode = CatalogMode.valueOf(str2.toUpperCase());
                } catch (Exception e) {
                    LOGGER.warning("Invalid security mode " + str2 + " acceptable values are " + Arrays.asList(CatalogMode.valuesCustom()));
                }
            } else {
                DataAccessRule parseDataAccessRule = parseDataAccessRule(str, str2);
                if (parseDataAccessRule != null) {
                    if (treeSet.contains(parseDataAccessRule)) {
                        LOGGER.warning("Rule " + str + "." + str2 + " overwrites another rule on the same path");
                    }
                    treeSet.add(parseDataAccessRule);
                }
            }
        }
        if (treeSet.size() == 0) {
            treeSet.add(new DataAccessRule(DataAccessRule.READ_ALL));
            treeSet.add(new DataAccessRule(DataAccessRule.WRITE_ALL));
        }
        this.rules = treeSet;
    }

    DataAccessRule parseDataAccessRule(String str, String str2) {
        String str3 = String.valueOf(str) + "=" + str2;
        String[] parseElements = parseElements(str);
        if (parseElements.length != 3) {
            LOGGER.warning("Invalid rule " + str3 + ", the expected format is workspace.layer.mode=role1,role2,...");
            return null;
        }
        String str4 = parseElements[0];
        String str5 = parseElements[1];
        String str6 = parseElements[2];
        Set<String> parseRoles = parseRoles(str2);
        if (parseElements.length != 3) {
            LOGGER.warning("Invalid rule '" + str3 + "', the standard form is [namespace].[layer].[mode]=[role]+ Rule has been ignored");
            return null;
        }
        if (!"*".equals(str4) && this.rawCatalog.getWorkspaceByName(str4) == null) {
            LOGGER.warning("Namespace/Workspace " + str4 + " is unknown in rule " + str3);
        }
        if (!"*".equals(str5) && this.rawCatalog.getLayerByName(str5) == null) {
            LOGGER.warning("Layer " + str4 + " is unknown in rule + " + str3);
        }
        AccessMode byAlias = AccessMode.getByAlias(str6);
        if (byAlias == null) {
            LOGGER.warning("Unknown access mode " + str6 + " in " + str + ", skipping rule " + str3);
            return null;
        }
        if (!"*".equals(str4) || "*".equals(str5)) {
            return new DataAccessRule(str4, str5, byAlias, parseRoles);
        }
        LOGGER.warning("Invalid rule " + str3 + ", when namespace is * then also layer must be *. Skipping rule " + str3);
        return null;
    }

    @Override // org.geoserver.security.impl.AbstractAccessRuleDAO
    protected Properties toProperties() {
        Properties properties = new Properties();
        properties.put("mode", this.catalogMode.toString());
        Iterator it = this.rules.iterator();
        while (it.hasNext()) {
            DataAccessRule dataAccessRule = (DataAccessRule) it.next();
            properties.put(String.valueOf(dataAccessRule.getWorkspace().replaceAll("\\.", "\\\\.")) + "." + dataAccessRule.getLayer().replaceAll("\\.", "\\\\.") + "." + dataAccessRule.getAccessMode().getAlias(), dataAccessRule.getValue());
        }
        return properties;
    }

    static String[] parseElements(String str) {
        String str2;
        String[] split = str.trim().split("\\s*\\.\\s*");
        ArrayList arrayList = new ArrayList();
        String str3 = null;
        int length = split.length;
        for (int i = 0; i < length; i++) {
            String str4 = split[i];
            if (str3 != null) {
                str4 = String.valueOf(str3) + "." + str4;
            }
            if (str4.endsWith("\\")) {
                str2 = str4.substring(0, str4.length() - 1);
            } else {
                arrayList.add(str4);
                str2 = null;
            }
            str3 = str2;
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public void setCatalogMode(CatalogMode catalogMode) {
        this.catalogMode = catalogMode;
    }

    public static CatalogMode getByAlias(String str) {
        for (CatalogMode catalogMode : CatalogMode.valuesCustom()) {
            if (catalogMode.name().equals(str)) {
                return catalogMode;
            }
        }
        return null;
    }
}
