package org.geoserver.security;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.batik.util.XMLConstants;
import org.geoserver.catalog.Catalog;
import org.geoserver.platform.GeoServerExtensions;
import org.geotools.util.logging.Logging;
import org.vfny.geoserver.global.ConfigurationException;
import org.vfny.geoserver.global.GeoserverDataDirectory;

/* loaded from: input_file:WEB-INF/lib/main-GS-Tecgraf-1.1.0.0.jar:org/geoserver/security/ServiceAccessRuleDAO.class */
public class ServiceAccessRuleDAO {
    static final Logger LOGGER = Logging.getLogger((Class<?>) ServiceAccessRuleDAO.class);
    Catalog rawCatalog;
    TreeSet<ServiceAccessRule> rules;
    PropertyFileWatcher watcher;
    long lastModified;
    File securityDir;

    public static ServiceAccessRuleDAO get() {
        return (ServiceAccessRuleDAO) GeoServerExtensions.bean(ServiceAccessRuleDAO.class);
    }

    public ServiceAccessRuleDAO(Catalog catalog) throws ConfigurationException {
        this.rawCatalog = catalog;
        this.securityDir = GeoserverDataDirectory.findCreateConfigDir("security");
    }

    public ServiceAccessRuleDAO() throws ConfigurationException {
        this.securityDir = GeoserverDataDirectory.findCreateConfigDir("security");
    }

    ServiceAccessRuleDAO(Catalog catalog, File file) throws ConfigurationException {
        this.securityDir = file;
    }

    public List<ServiceAccessRule> getRules() {
        checkPropertyFile(false);
        return new ArrayList(this.rules);
    }

    public boolean addRule(ServiceAccessRule serviceAccessRule) {
        this.lastModified = System.currentTimeMillis();
        return this.rules.add(serviceAccessRule);
    }

    public void reload() {
        checkPropertyFile(true);
    }

    public void clear() {
        this.rules.clear();
        this.lastModified = System.currentTimeMillis();
    }

    public boolean removeRule(ServiceAccessRule serviceAccessRule) {
        this.lastModified = System.currentTimeMillis();
        return this.rules.remove(serviceAccessRule);
    }

    public void storeRules() throws IOException {
        FileOutputStream fileOutputStream = null;
        try {
            try {
                Properties properties = toProperties();
                fileOutputStream = new FileOutputStream(new File(this.securityDir, "service.properties"));
                properties.store(fileOutputStream, (String) null);
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
            } catch (Exception e) {
                if (!(e instanceof IOException)) {
                    throw ((IOException) new IOException("Could not write updated data access rules to file system").initCause(e));
                }
                throw ((IOException) e);
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            throw th;
        }
    }

    void checkPropertyFile(boolean z) {
        try {
            if (this.rules == null) {
                if (this.securityDir == null || !this.securityDir.exists()) {
                    this.rules = new TreeSet<>();
                } else {
                    File file = new File(this.securityDir, "service.properties");
                    if (file.exists()) {
                        this.watcher = new PropertyFileWatcher(file);
                        loadRules(this.watcher.getProperties());
                    } else {
                        this.rules = new TreeSet<>();
                    }
                }
                this.lastModified = System.currentTimeMillis();
            } else if (this.watcher != null && (this.watcher.isStale() || z)) {
                loadRules(this.watcher.getProperties());
                this.lastModified = System.currentTimeMillis();
            }
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "Failed to reload data access rules from layers.properties, keeping old rules", (Throwable) e);
        }
    }

    void loadRules(Properties properties) {
        TreeSet<ServiceAccessRule> treeSet = new TreeSet<>();
        for (Map.Entry entry : properties.entrySet()) {
            String str = (String) entry.getKey();
            String str2 = (String) entry.getValue();
            ServiceAccessRule parseServiceAccessRule = parseServiceAccessRule(str, str2);
            if (parseServiceAccessRule != null) {
                if (treeSet.contains(parseServiceAccessRule)) {
                    LOGGER.warning("Rule " + str + "." + str2 + " overwrites another rule on the same path");
                }
                treeSet.add(parseServiceAccessRule);
            }
        }
        if (treeSet.size() == 0) {
            treeSet.add(new ServiceAccessRule(new ServiceAccessRule()));
        }
        this.rules = treeSet;
    }

    ServiceAccessRule parseServiceAccessRule(String str, String str2) {
        String str3 = str + XMLConstants.XML_EQUAL_SIGN + str2;
        String[] parseElements = parseElements(str);
        if (parseElements.length != 2) {
            LOGGER.warning("Invalid rule " + str3 + ", the expected format is service.method=role1,role2,...");
            return null;
        }
        String str4 = parseElements[0];
        String str5 = parseElements[1];
        Set<String> parseRoles = parseRoles(str2);
        if (!"*".equals(str4) || "*".equals(str5)) {
            return new ServiceAccessRule(str4, str5, parseRoles);
        }
        LOGGER.warning("Invalid rule " + str3 + ", when namespace is * then also layer must be *. Skipping rule " + str3);
        return null;
    }

    Properties toProperties() {
        Properties properties = new Properties();
        Iterator<ServiceAccessRule> it2 = this.rules.iterator();
        while (it2.hasNext()) {
            ServiceAccessRule next = it2.next();
            properties.put(next.getKey(), next.getValue());
        }
        return properties;
    }

    public long getLastModified() {
        return this.lastModified;
    }

    Set<String> parseRoles(String str) {
        String[] split = str.split("[\\s,]+");
        HashSet hashSet = new HashSet(split.length);
        hashSet.addAll(Arrays.asList(split));
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            if ("*".equals((String) it2.next())) {
                return Collections.singleton("*");
            }
        }
        return hashSet;
    }

    private String[] parseElements(String str) {
        return str.split("\\s*\\.\\s*");
    }
}
