package org.geoserver.security;

import java.util.logging.Level;
import java.util.logging.Logger;
import org.acegisecurity.Authentication;
import org.geoserver.catalog.LayerInfo;
import org.geoserver.catalog.ResourceInfo;
import org.geoserver.catalog.WorkspaceInfo;
import org.geoserver.security.DataAccessManager;
import org.geotools.util.logging.Logging;

/* loaded from: input_file:WEB-INF/lib/main-GS-Tecgraf-1.1.0.6.jar:org/geoserver/security/DefaultDataAccessManager.class */
public class DefaultDataAccessManager implements DataAccessManager {
    static final Logger LOGGER = Logging.getLogger((Class<?>) DataAccessManager.class);
    SecureTreeNode root;
    DataAccessRuleDAO dao;
    long lastLoaded = Long.MIN_VALUE;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DefaultDataAccessManager(DataAccessRuleDAO dataAccessRuleDAO) {
        this.dao = dataAccessRuleDAO;
        this.root = buildAuthorizationTree(dataAccessRuleDAO);
    }

    @Override // org.geoserver.security.DataAccessManager
    public DataAccessManager.CatalogMode getMode() {
        return this.dao.getMode();
    }

    @Override // org.geoserver.security.DataAccessManager
    public boolean canAccess(Authentication authentication, WorkspaceInfo workspaceInfo, AccessMode accessMode) {
        checkPropertyFile();
        return this.root.getDeepestNode(new String[]{workspaceInfo.getName()}).canAccess(authentication, accessMode);
    }

    @Override // org.geoserver.security.DataAccessManager
    public boolean canAccess(Authentication authentication, LayerInfo layerInfo, AccessMode accessMode) {
        checkPropertyFile();
        if (layerInfo.getResource() != null) {
            return canAccess(authentication, layerInfo.getResource(), accessMode);
        }
        LOGGER.log(Level.FINE, "Layer " + layerInfo + " has no attached resource, assuming it's possible to access it");
        return true;
    }

    @Override // org.geoserver.security.DataAccessManager
    public boolean canAccess(Authentication authentication, ResourceInfo resourceInfo, AccessMode accessMode) {
        checkPropertyFile();
        try {
            return this.root.getDeepestNode(new String[]{resourceInfo.getStore().getWorkspace().getName(), resourceInfo.getName()}).canAccess(authentication, accessMode);
        } catch (Exception e) {
            LOGGER.log(Level.FINE, "Errors occurred trying to gather workspace of resource " + resourceInfo.getName());
            return true;
        }
    }

    void checkPropertyFile() {
        long lastModified = this.dao.getLastModified();
        if (this.lastLoaded < lastModified) {
            this.root = buildAuthorizationTree(this.dao);
            this.lastLoaded = lastModified;
        }
    }

    SecureTreeNode buildAuthorizationTree(DataAccessRuleDAO dataAccessRuleDAO) {
        SecureTreeNode secureTreeNode;
        SecureTreeNode secureTreeNode2 = new SecureTreeNode();
        for (DataAccessRule dataAccessRule : dataAccessRuleDAO.getRules()) {
            String workspace = dataAccessRule.getWorkspace();
            String layer = dataAccessRule.getLayer();
            AccessMode accessMode = dataAccessRule.getAccessMode();
            if ("*".equals(workspace)) {
                secureTreeNode = secureTreeNode2;
            } else {
                SecureTreeNode child = secureTreeNode2.getChild(workspace);
                if (child == null) {
                    child = secureTreeNode2.addChild(workspace);
                }
                if ("*".equals(layer)) {
                    secureTreeNode = child;
                } else {
                    SecureTreeNode child2 = child.getChild(layer);
                    if (child2 == null) {
                        child2 = child.addChild(layer);
                    }
                    secureTreeNode = child2;
                }
            }
            if (secureTreeNode.getAuthorizedRoles(accessMode) != null && secureTreeNode.getAuthorizedRoles(accessMode).size() > 0 && secureTreeNode != secureTreeNode2) {
                LOGGER.warning("Rule " + dataAccessRule + " is overriding another rule targetting the same resource");
            }
            secureTreeNode.setAuthorizedRoles(accessMode, dataAccessRule.getRoles());
        }
        return secureTreeNode2;
    }
}
