package com.orientechnologies.orient.server.security;

import com.orientechnologies.common.io.OIOUtils;
import com.orientechnologies.common.log.OLogManager;
import com.orientechnologies.common.parser.OSystemVariableResolver;
import com.orientechnologies.common.util.OCallable;
import com.orientechnologies.orient.core.Orient;
import com.orientechnologies.orient.core.config.OGlobalConfiguration;
import com.orientechnologies.orient.core.db.ODatabase;
import com.orientechnologies.orient.core.db.ODatabaseDocumentInternal;
import com.orientechnologies.orient.core.db.ODatabaseRecordThreadLocal;
import com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx;
import com.orientechnologies.orient.core.metadata.schema.OType;
import com.orientechnologies.orient.core.metadata.security.OSecurity;
import com.orientechnologies.orient.core.metadata.security.OSecurityExternal;
import com.orientechnologies.orient.core.metadata.security.OSystemUser;
import com.orientechnologies.orient.core.metadata.security.OUser;
import com.orientechnologies.orient.core.record.impl.ODocument;
import com.orientechnologies.orient.core.security.OAuditingOperation;
import com.orientechnologies.orient.core.security.OInvalidPasswordException;
import com.orientechnologies.orient.core.security.OSecurityFactory;
import com.orientechnologies.orient.core.security.OSecurityManager;
import com.orientechnologies.orient.core.security.OSecuritySystemException;
import com.orientechnologies.orient.server.OClientConnection;
import com.orientechnologies.orient.server.OClientConnectionManager;
import com.orientechnologies.orient.server.OServer;
import com.orientechnologies.orient.server.OServerLifecycleListener;
import com.orientechnologies.orient.server.config.OServerConfigurationManager;
import com.orientechnologies.orient.server.config.OServerEntryConfiguration;
import com.orientechnologies.orient.server.config.OServerUserConfiguration;
import com.orientechnologies.orient.server.network.protocol.ONetworkProtocolData;
import com.orientechnologies.orient.server.network.protocol.http.ONetworkProtocolHttpAbstract;
import com.orientechnologies.orient.server.plugin.OServerPluginInfo;
import java.io.File;
import java.io.FileInputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: input_file:WEB-INF/lib/orientdb-server-2.2.36.jar:com/orientechnologies/orient/server/security/ODefaultServerSecurity.class */
public class ODefaultServerSecurity implements OSecurityFactory, OServerLifecycleListener, OServerSecurity {
    private OPasswordValidator passwordValidator;
    private OSecurityComponent importLDAP;
    private OAuditingService auditingService;
    private ODocument configDoc;
    private OServer server;
    private OServerConfigurationManager serverConfig;
    private ODocument auditingDoc;
    private ODocument serverDoc;
    private ODocument authDoc;
    private ODocument passwdValDoc;
    private ODocument ldapImportDoc;
    private String superUserPassword;
    private OServerUserConfiguration superUserCfg;
    private OSyslog sysLog;
    private boolean enabled = false;
    private boolean debug = false;
    private boolean storePasswords = true;
    private boolean allowDefault = true;
    private final Object passwordValidatorSynch = new Object();
    private final Object importLDAPSynch = new Object();
    private final Object auditingSynch = new Object();
    private final String superUser = "OSecurityModuleSuperUser";
    private final List<OSecurityAuthenticator> authenticatorsList = new ArrayList();
    private ConcurrentHashMap<String, Class<?>> securityClassMap = new ConcurrentHashMap<>();

    public ODefaultServerSecurity(OServer oServer, OServerConfigurationManager oServerConfigurationManager) {
        this.server = oServer;
        this.serverConfig = oServerConfigurationManager;
        oServer.registerLifecycleListener(this);
        OSecurityManager.instance().setSecurityFactory(this);
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public void shutdown() {
        this.server.unregisterLifecycleListener(this);
    }

    private Class<?> getClass(ODocument oDocument) {
        Class<?> cls = null;
        try {
            if (oDocument.containsField("class")) {
                String str = (String) oDocument.field("class");
                cls = this.securityClassMap.containsKey(str) ? this.securityClassMap.get(str) : Class.forName(str);
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "ODefaultServerSecurity.getClass() Throwable: ", e, new Object[0]);
        }
        return cls;
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public boolean isDefaultAllowed() {
        if (isEnabled()) {
            return this.allowDefault;
        }
        return true;
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public String authenticate(String str, String str2) {
        String authenticate;
        if (str != null) {
            try {
                if (!str.isEmpty()) {
                    if (this.debug) {
                        OLogManager.instance().info(this, "ODefaultServerSecurity.authenticate() ** Authenticating username: %s", str);
                    }
                    if (str.equals("OSecurityModuleSuperUser") && str2.equals(this.superUserPassword)) {
                        return "OSecurityModuleSuperUser";
                    }
                }
            } catch (Exception e) {
                OLogManager.instance().error(this, "ODefaultServerSecurity.authenticate()", e, new Object[0]);
                return null;
            }
        }
        synchronized (this.authenticatorsList) {
            for (OSecurityAuthenticator oSecurityAuthenticator : this.authenticatorsList) {
                if (oSecurityAuthenticator.isEnabled() && (authenticate = oSecurityAuthenticator.authenticate(str, str2)) != null) {
                    return authenticate;
                }
            }
            return null;
        }
    }

    protected OServer getServer() {
        return this.server;
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public String getAuthenticationHeader(String str) {
        String authenticationHeader;
        String str2 = str != null ? "WWW-Authenticate: Basic realm=\"OrientDB db-" + str + "\"" : "WWW-Authenticate: Basic realm=\"OrientDB Server\"";
        if (isEnabled()) {
            synchronized (this.authenticatorsList) {
                StringBuilder sb = new StringBuilder();
                for (OSecurityAuthenticator oSecurityAuthenticator : this.authenticatorsList) {
                    if (oSecurityAuthenticator.isEnabled() && (authenticationHeader = oSecurityAuthenticator.getAuthenticationHeader(str)) != null && authenticationHeader.trim().length() > 0) {
                        if (sb.length() > 0) {
                            sb.append("\r\n");
                        }
                        sb.append(authenticationHeader);
                    }
                }
                if (sb.length() > 0) {
                    str2 = sb.toString();
                }
            }
        }
        return str2;
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public ODocument getConfig() {
        ODocument oDocument = new ODocument();
        try {
            oDocument.field("enabled", (Object) Boolean.valueOf(this.enabled));
            oDocument.field("debug", (Object) Boolean.valueOf(this.debug));
            if (this.serverDoc != null) {
                oDocument.field("server", (Object) this.serverDoc, OType.EMBEDDED);
            }
            if (this.authDoc != null) {
                oDocument.field("authentication", (Object) this.authDoc, OType.EMBEDDED);
            }
            if (this.passwdValDoc != null) {
                oDocument.field("passwordValidator", (Object) this.passwdValDoc, OType.EMBEDDED);
            }
            if (this.ldapImportDoc != null) {
                oDocument.field("ldapImporter", (Object) this.ldapImportDoc, OType.EMBEDDED);
            }
            if (this.auditingDoc != null) {
                oDocument.field("auditing", (Object) this.auditingDoc, OType.EMBEDDED);
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "ODefaultServerSecurity.getConfig() Exception: %s", e, new Object[0]);
        }
        return oDocument;
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public ODocument getComponentConfig(String str) {
        if (str == null) {
            return null;
        }
        if (str.equalsIgnoreCase("auditing")) {
            return this.auditingDoc;
        }
        if (str.equalsIgnoreCase("authentication")) {
            return this.authDoc;
        }
        if (str.equalsIgnoreCase("ldapImporter")) {
            return this.ldapImportDoc;
        }
        if (str.equalsIgnoreCase("passwordValidator")) {
            return this.passwdValDoc;
        }
        if (str.equalsIgnoreCase("server")) {
            return this.serverDoc;
        }
        return null;
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public OUser getSystemUser(String str, final String str2) {
        if (isEnabled()) {
            return (OUser) this.server.getSystemDatabase().execute(new OCallable<Object, Object>() { // from class: com.orientechnologies.orient.server.security.ODefaultServerSecurity.1
                @Override // com.orientechnologies.common.util.OCallable
                public Object call(Object obj) {
                    List list = (List) obj;
                    if (list == null || list.isEmpty()) {
                        return null;
                    }
                    return new OSystemUser((ODocument) list.get(0), str2);
                }
            }, "select from OUser where name = ? limit 1 fetchplan roles:1", str);
        }
        return null;
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public boolean isAuthorized(String str, String str2) {
        if (!isEnabled() || str == null || str2 == null) {
            return false;
        }
        if (str.equals("OSecurityModuleSuperUser")) {
            return true;
        }
        synchronized (this.authenticatorsList) {
            for (OSecurityAuthenticator oSecurityAuthenticator : this.authenticatorsList) {
                if (oSecurityAuthenticator.isEnabled() && oSecurityAuthenticator.isAuthorized(str, str2)) {
                    return true;
                }
            }
            return false;
        }
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public boolean isEnabled() {
        return this.enabled;
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public boolean arePasswordsStored() {
        if (isEnabled()) {
            return this.storePasswords;
        }
        return true;
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public boolean isSingleSignOnSupported() {
        OSecurityAuthenticator primaryAuthenticator;
        if (!isEnabled() || (primaryAuthenticator = getPrimaryAuthenticator()) == null) {
            return false;
        }
        return primaryAuthenticator.isSingleSignOnSupported();
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public void validatePassword(String str) throws OInvalidPasswordException {
        if (isEnabled()) {
            synchronized (this.passwordValidatorSynch) {
                if (this.passwordValidator != null) {
                    this.passwordValidator.validatePassword(str);
                }
            }
        }
    }

    @Override // com.orientechnologies.orient.server.security.OServerSecurity
    public OAuditingService getAuditing() {
        return this.auditingService;
    }

    @Override // com.orientechnologies.orient.server.security.OServerSecurity
    public OSecurityAuthenticator getAuthenticator(String str) {
        if (!isEnabled()) {
            return null;
        }
        synchronized (this.authenticatorsList) {
            for (OSecurityAuthenticator oSecurityAuthenticator : this.authenticatorsList) {
                if (str == null || str.isEmpty()) {
                    return oSecurityAuthenticator;
                }
                if (oSecurityAuthenticator.getName() != null && oSecurityAuthenticator.getName().equalsIgnoreCase(str)) {
                    return oSecurityAuthenticator;
                }
            }
            return null;
        }
    }

    @Override // com.orientechnologies.orient.server.security.OServerSecurity
    public OSecurityAuthenticator getPrimaryAuthenticator() {
        if (!isEnabled()) {
            return null;
        }
        synchronized (this.authenticatorsList) {
            if (this.authenticatorsList.size() <= 0) {
                return null;
            }
            return this.authenticatorsList.get(0);
        }
    }

    @Override // com.orientechnologies.orient.server.security.OServerSecurity
    public OServerUserConfiguration getUser(String str) {
        OServerUserConfiguration oServerUserConfiguration = null;
        if (isEnabled()) {
            if (str.equals("OSecurityModuleSuperUser")) {
                return this.superUserCfg;
            }
            synchronized (this.authenticatorsList) {
                for (OSecurityAuthenticator oSecurityAuthenticator : this.authenticatorsList) {
                    if (oSecurityAuthenticator.isEnabled()) {
                        oServerUserConfiguration = oSecurityAuthenticator.getUser(str);
                        if (oServerUserConfiguration != null) {
                            break;
                        }
                    }
                }
            }
        }
        return oServerUserConfiguration;
    }

    @Override // com.orientechnologies.orient.server.security.OServerSecurity
    public ODatabase<?> openDatabase(String str) {
        ODatabaseDocumentTx oDatabaseDocumentTx = null;
        if (isEnabled()) {
            oDatabaseDocumentTx = this.server.openDatabase(str, "OSecurityModuleSuperUser", "", (ONetworkProtocolData) null, true);
        }
        return oDatabaseDocumentTx;
    }

    @Override // com.orientechnologies.orient.server.security.OServerSecurity
    public OSyslog getSyslog() {
        OServerPluginInfo pluginByName;
        if (this.sysLog == null && (pluginByName = this.server.getPluginManager().getPluginByName("syslog")) != null) {
            this.sysLog = (OSyslog) pluginByName.getInstance();
        }
        return this.sysLog;
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public void log(OAuditingOperation oAuditingOperation, String str, String str2, String str3) {
        synchronized (this.auditingSynch) {
            if (this.auditingService != null) {
                this.auditingService.log(oAuditingOperation, str, str2, str3);
            }
        }
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public void registerSecurityClass(Class<?> cls) {
        String fullTypeName = getFullTypeName(cls);
        if (fullTypeName != null) {
            this.securityClassMap.put(fullTypeName, cls);
        }
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public void unregisterSecurityClass(Class<?> cls) {
        String fullTypeName = getFullTypeName(cls);
        if (fullTypeName != null) {
            this.securityClassMap.remove(fullTypeName);
        }
    }

    private static String getFullTypeName(Class<?> cls) {
        String simpleName = cls.getSimpleName();
        Package r0 = cls.getPackage();
        if (r0 != null) {
            simpleName = r0.getName() + "." + simpleName;
        }
        return simpleName;
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public void reload(String str) {
        reload(loadConfig(str));
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public void reload(ODocument oDocument) {
        if (oDocument == null) {
            OLogManager.instance().warn(this, "ODefaultServerSecurity.reload(ODocument) The provided configuration document is null", new Object[0]);
            throw new OSecuritySystemException("ODefaultServerSecurity.reload(ODocument) The provided configuration document is null");
        }
        onBeforeDeactivate();
        this.configDoc = oDocument;
        onAfterDynamicPlugins();
        log(OAuditingOperation.RELOADEDSECURITY, null, null, "The security configuration file has been reloaded");
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public void reloadComponent(String str, ODocument oDocument) {
        if (str == null || str.isEmpty()) {
            throw new OSecuritySystemException("ODefaultServerSecurity.reloadComponent() name is null or empty");
        }
        if (oDocument == null) {
            throw new OSecuritySystemException("ODefaultServerSecurity.reloadComponent() Configuration document is null");
        }
        if (str.equalsIgnoreCase("auditing")) {
            this.auditingDoc = oDocument;
            reloadAuditingService();
        } else if (str.equalsIgnoreCase("authentication")) {
            this.authDoc = oDocument;
            reloadAuthMethods();
        } else if (str.equalsIgnoreCase("ldapImporter")) {
            this.ldapImportDoc = oDocument;
            reloadImportLDAP();
        } else if (str.equalsIgnoreCase("passwordValidator")) {
            this.passwdValDoc = oDocument;
            reloadPasswordValidator();
        } else if (str.equalsIgnoreCase("server")) {
            this.serverDoc = oDocument;
            reloadServer();
        }
        setSection(str, oDocument);
        log(OAuditingOperation.RELOADEDSECURITY, null, null, String.format("The %s security component has been reloaded", str));
    }

    @Override // com.orientechnologies.orient.core.security.OSecuritySystem
    public void securityRecordChange(final String str, ODocument oDocument) {
        Orient.instance().submit(new Runnable() { // from class: com.orientechnologies.orient.server.security.ODefaultServerSecurity.2
            @Override // java.lang.Runnable
            public void run() {
                try {
                    OClientConnectionManager clientConnectionManager = ODefaultServerSecurity.this.server.getClientConnectionManager();
                    if (clientConnectionManager != null) {
                        Iterator<OClientConnection> it = clientConnectionManager.getConnections().iterator();
                        while (it.hasNext()) {
                            OClientConnection next = it.next();
                            try {
                                try {
                                    next.acquire();
                                    ODatabaseDocumentInternal database = next.getDatabase();
                                    if (database != null) {
                                        database.activateOnCurrentThread();
                                        if (!database.isClosed() && database.getURL() != null && database.getURL().equals(str)) {
                                            database.reloadUser();
                                        }
                                    }
                                    next.release();
                                } catch (Exception e) {
                                    OLogManager.instance().error(this, "securityRecordChange() Exception: ", e, new Object[0]);
                                    next.release();
                                }
                            } finally {
                            }
                        }
                    }
                } catch (Exception e2) {
                    OLogManager.instance().error(this, "securityRecordChange() Exception: ", e2, new Object[0]);
                }
                ODatabaseRecordThreadLocal.instance().remove();
            }
        });
    }

    private void createSuperUser() {
        if ("OSecurityModuleSuperUser" == 0) {
            throw new OSecuritySystemException("ODefaultServerSecurity.createSuperUser() SuperUser cannot be null");
        }
        try {
            this.superUserPassword = OSecurityManager.instance().createSHA256(String.valueOf(new Random().nextLong()));
            this.superUserCfg = new OServerUserConfiguration("OSecurityModuleSuperUser", this.superUserPassword, "*");
        } catch (Exception e) {
            OLogManager.instance().error(this, "createSuperUser() Exception: ", e, new Object[0]);
        }
        if (this.superUserPassword == null) {
            throw new OSecuritySystemException("ODefaultServerSecurity Could not create SuperUser");
        }
    }

    private void loadAuthenticators(ODocument oDocument) {
        synchronized (this.authenticatorsList) {
            Iterator<OSecurityAuthenticator> it = this.authenticatorsList.iterator();
            while (it.hasNext()) {
                it.next().dispose();
            }
            this.authenticatorsList.clear();
            if (oDocument.containsField("authenticators")) {
                for (ODocument oDocument2 : (List) oDocument.field("authenticators")) {
                    try {
                        if (oDocument2.containsField("name")) {
                            String str = (String) oDocument2.field("name");
                            if (oDocument2.containsField("enabled") ? ((Boolean) oDocument2.field("enabled")).booleanValue() : true) {
                                Class<?> cls = getClass(oDocument2);
                                if (cls == null) {
                                    OLogManager.instance().error(this, "ODefaultServerSecurity.loadAuthenticators() authentication class is null for %s", null, str);
                                } else if (OSecurityAuthenticator.class.isAssignableFrom(cls)) {
                                    OSecurityAuthenticator oSecurityAuthenticator = (OSecurityAuthenticator) cls.newInstance();
                                    oSecurityAuthenticator.config(this.server, this.serverConfig, oDocument2);
                                    oSecurityAuthenticator.active();
                                    this.authenticatorsList.add(oSecurityAuthenticator);
                                } else {
                                    OLogManager.instance().error(this, "ODefaultServerSecurity.loadAuthenticators() class is not an OSecurityAuthenticator", null, new Object[0]);
                                }
                            }
                        } else {
                            OLogManager.instance().error(this, "ODefaultServerSecurity.loadAuthenticators() authentication object is missing name", null, new Object[0]);
                        }
                    } catch (Exception e) {
                        OLogManager.instance().error(this, "ODefaultServerSecurity.loadAuthenticators() Exception: ", e, new Object[0]);
                    }
                }
            }
        }
    }

    @Override // com.orientechnologies.orient.server.OServerLifecycleListener
    public void onBeforeActivate() {
        createSuperUser();
        String resolveSystemVariables = OSystemVariableResolver.resolveSystemVariables("${ORIENTDB_HOME}/config/security.json");
        String configProperty = getConfigProperty("server.security.file");
        if (configProperty != null) {
            resolveSystemVariables = configProperty;
        }
        String valueAsString = OGlobalConfiguration.SERVER_SECURITY_FILE.getValueAsString();
        if (valueAsString != null) {
            resolveSystemVariables = valueAsString;
        }
        this.configDoc = loadConfig(resolveSystemVariables);
    }

    @Override // com.orientechnologies.orient.server.OServerLifecycleListener
    public void onAfterActivate() {
    }

    @Override // com.orientechnologies.orient.server.security.OServerSecurity
    public void onAfterDynamicPlugins() {
        if (this.configDoc == null) {
            OLogManager.instance().warn(this, "onAfterDynamicPlugins() Configuration document is empty", new Object[0]);
            return;
        }
        loadComponents();
        if (isEnabled()) {
            registerRESTCommands();
            log(OAuditingOperation.SECURITY, null, null, "The security module is now loaded");
        }
    }

    @Override // com.orientechnologies.orient.server.OServerLifecycleListener
    public void onBeforeDeactivate() {
        if (this.enabled) {
            unregisterRESTCommands();
            synchronized (this.importLDAPSynch) {
                if (this.importLDAP != null) {
                    this.importLDAP.dispose();
                    this.importLDAP = null;
                }
            }
            synchronized (this.passwordValidatorSynch) {
                if (this.passwordValidator != null) {
                    this.passwordValidator.dispose();
                    this.passwordValidator = null;
                }
            }
            synchronized (this.auditingSynch) {
                if (this.auditingService != null) {
                    this.auditingService.dispose();
                    this.auditingService = null;
                }
            }
            synchronized (this.authenticatorsList) {
                Iterator<OSecurityAuthenticator> it = this.authenticatorsList.iterator();
                while (it.hasNext()) {
                    it.next().dispose();
                }
                this.authenticatorsList.clear();
            }
            this.enabled = false;
        }
    }

    @Override // com.orientechnologies.orient.server.OServerLifecycleListener
    public void onAfterDeactivate() {
    }

    protected void loadComponents() {
        loadSecurity();
        if (isEnabled()) {
            this.auditingDoc = getSection("auditing");
            reloadAuditingService();
            this.serverDoc = getSection("server");
            reloadServer();
            this.authDoc = getSection("authentication");
            reloadAuthMethods();
            this.passwdValDoc = getSection("passwordValidator");
            reloadPasswordValidator();
            this.ldapImportDoc = getSection("ldapImporter");
            reloadImportLDAP();
        }
    }

    private ODocument getSection(String str) {
        ODocument oDocument = null;
        try {
            if (this.configDoc == null) {
                OLogManager.instance().error(this, "ODefaultServerSecurity.getSection(%s) Configuration document is null", null, str);
            } else if (this.configDoc.containsField(str)) {
                oDocument = (ODocument) this.configDoc.field(str);
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "ODefaultServerSecurity.getSection(%s)", e, str);
        }
        return oDocument;
    }

    private void setSection(String str, ODocument oDocument) {
        ODocument section = getSection(str);
        try {
            if (this.configDoc != null) {
                this.configDoc.field(str, (Object) oDocument);
                String resolveSystemVariables = OSystemVariableResolver.resolveSystemVariables("${ORIENTDB_HOME}/config/security.json");
                String configProperty = getConfigProperty("server.security.file");
                if (configProperty != null) {
                    resolveSystemVariables = configProperty;
                }
                String valueAsString = OGlobalConfiguration.SERVER_SECURITY_FILE.getValueAsString();
                if (valueAsString != null) {
                    resolveSystemVariables = valueAsString;
                }
                OIOUtils.writeFile(new File(resolveSystemVariables), this.configDoc.toJSON("prettyPrint"));
            }
        } catch (Exception e) {
            this.configDoc.field(str, (Object) section);
            OLogManager.instance().error(this, "ODefaultServerSecurity.setSection(%s)", e, str);
        }
    }

    private ODocument loadConfig(String str) {
        ODocument oDocument = null;
        try {
            if (str != null) {
                String resolveSystemVariables = OSystemVariableResolver.resolveSystemVariables(str);
                File file = new File(resolveSystemVariables);
                if (file.exists() && file.canRead()) {
                    FileInputStream fileInputStream = null;
                    try {
                        fileInputStream = new FileInputStream(file);
                        byte[] bArr = new byte[(int) file.length()];
                        fileInputStream.read(bArr);
                        oDocument = new ODocument().fromJSON(new String(bArr), "noMap");
                        if (fileInputStream != null) {
                            fileInputStream.close();
                        }
                    } catch (Throwable th) {
                        if (fileInputStream != null) {
                            fileInputStream.close();
                        }
                        throw th;
                    }
                } else {
                    OLogManager.instance().error(this, "ODefaultServerSecurity.loadConfig() Could not access the security JSON file: %s", null, resolveSystemVariables);
                }
            } else {
                OLogManager.instance().error(this, "ODefaultServerSecurity.loadConfig() Configuration file path is null", null, new Object[0]);
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "ODefaultServerSecurity.loadConfig()", e, new Object[0]);
        }
        return oDocument;
    }

    protected String getConfigProperty(String str) {
        String str2 = null;
        if (this.server.getConfiguration() != null && this.server.getConfiguration().properties != null) {
            OServerEntryConfiguration[] oServerEntryConfigurationArr = this.server.getConfiguration().properties;
            int length = oServerEntryConfigurationArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                OServerEntryConfiguration oServerEntryConfiguration = oServerEntryConfigurationArr[i];
                if (oServerEntryConfiguration.name.equals(str)) {
                    str2 = OSystemVariableResolver.resolveSystemVariables(oServerEntryConfiguration.value);
                    break;
                }
                i++;
            }
        }
        return str2;
    }

    private boolean isEnabled(ODocument oDocument) {
        boolean z = true;
        try {
            if (oDocument.containsField("enabled")) {
                z = ((Boolean) oDocument.field("enabled")).booleanValue();
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "ODefaultServerSecurity.isEnabled()", e, new Object[0]);
        }
        return z;
    }

    private void loadSecurity() {
        try {
            this.enabled = false;
            if (this.configDoc != null) {
                if (this.configDoc.containsField("enabled")) {
                    this.enabled = ((Boolean) this.configDoc.field("enabled")).booleanValue();
                }
                if (this.configDoc.containsField("debug")) {
                    this.debug = ((Boolean) this.configDoc.field("debug")).booleanValue();
                }
            } else {
                OLogManager.instance().error(this, "ODefaultServerSecurity.loadSecurity() jsonConfig is null", null, new Object[0]);
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "ODefaultServerSecurity.loadSecurity()", e, new Object[0]);
        }
    }

    private void reloadServer() {
        try {
            this.storePasswords = true;
            if (this.serverDoc != null) {
                if (this.serverDoc.containsField("createDefaultUsers")) {
                    OGlobalConfiguration.CREATE_DEFAULT_USERS.setValue(this.serverDoc.field("createDefaultUsers"));
                }
                if (this.serverDoc.containsField("storePasswords")) {
                    this.storePasswords = ((Boolean) this.serverDoc.field("storePasswords")).booleanValue();
                }
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "ODefaultServerSecurity.loadServer()", e, new Object[0]);
        }
    }

    private void reloadAuthMethods() {
        if (this.authDoc != null) {
            if (this.authDoc.containsField("allowDefault")) {
                this.allowDefault = ((Boolean) this.authDoc.field("allowDefault")).booleanValue();
            }
            loadAuthenticators(this.authDoc);
        }
    }

    private void reloadPasswordValidator() {
        try {
            synchronized (this.passwordValidatorSynch) {
                if (this.passwordValidator != null) {
                    this.passwordValidator.dispose();
                    this.passwordValidator = null;
                }
                if (this.passwdValDoc != null && isEnabled(this.passwdValDoc)) {
                    Class<?> cls = getClass(this.passwdValDoc);
                    if (cls == null) {
                        OLogManager.instance().error(this, "ODefaultServerSecurity.reloadPasswordValidator() PasswordValidator class property is missing", null, new Object[0]);
                    } else if (OPasswordValidator.class.isAssignableFrom(cls)) {
                        this.passwordValidator = (OPasswordValidator) cls.newInstance();
                        this.passwordValidator.config(this.server, this.serverConfig, this.passwdValDoc);
                        this.passwordValidator.active();
                    } else {
                        OLogManager.instance().error(this, "ODefaultServerSecurity.reloadPasswordValidator() class is not an OPasswordValidator", null, new Object[0]);
                    }
                }
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "ODefaultServerSecurity.reloadPasswordValidator()", e, new Object[0]);
        }
    }

    private void reloadImportLDAP() {
        try {
            synchronized (this.importLDAPSynch) {
                if (this.importLDAP != null) {
                    this.importLDAP.dispose();
                    this.importLDAP = null;
                }
                if (this.ldapImportDoc != null && isEnabled(this.ldapImportDoc)) {
                    Class<?> cls = getClass(this.ldapImportDoc);
                    if (cls == null) {
                        OLogManager.instance().error(this, "ODefaultServerSecurity.reloadImportLDAP() ImportLDAP class property is missing", null, new Object[0]);
                    } else if (OSecurityComponent.class.isAssignableFrom(cls)) {
                        this.importLDAP = (OSecurityComponent) cls.newInstance();
                        this.importLDAP.config(this.server, this.serverConfig, this.ldapImportDoc);
                        this.importLDAP.active();
                    } else {
                        OLogManager.instance().error(this, "ODefaultServerSecurity.reloadImportLDAP() class is not an OSecurityComponent", null, new Object[0]);
                    }
                }
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "ODefaultServerSecurity.reloadImportLDAP()", e, new Object[0]);
        }
    }

    private void reloadAuditingService() {
        try {
            synchronized (this.auditingSynch) {
                if (this.auditingService != null) {
                    this.auditingService.dispose();
                    this.auditingService = null;
                }
                if (this.auditingDoc != null && isEnabled(this.auditingDoc)) {
                    Class<?> cls = getClass(this.auditingDoc);
                    if (cls == null) {
                        OLogManager.instance().error(this, "ODefaultServerSecurity.reloadAuditingService() Auditing class property is missing", null, new Object[0]);
                    } else if (OAuditingService.class.isAssignableFrom(cls)) {
                        this.auditingService = (OAuditingService) cls.newInstance();
                        this.auditingService.config(this.server, this.serverConfig, this.auditingDoc);
                        this.auditingService.active();
                    } else {
                        OLogManager.instance().error(this, "ODefaultServerSecurity.reloadAuditingService() class is not an OAuditingService", null, new Object[0]);
                    }
                }
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "ODefaultServerSecurity.reloadAuditingService()", e, new Object[0]);
        }
    }

    @Override // com.orientechnologies.orient.core.security.OSecurityFactory
    public OSecurity newSecurity() {
        return new OSecurityExternal();
    }

    private void registerRESTCommands() {
        try {
            if (this.server.getListenerByProtocol(ONetworkProtocolHttpAbstract.class) == null) {
                OLogManager.instance().error(this, "ODefaultServerSecurity.registerRESTCommands() unable to retrieve Network Protocol listener.", null, new Object[0]);
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "ODefaultServerSecurity.registerRESTCommands()", e, new Object[0]);
        }
    }

    private void unregisterRESTCommands() {
        try {
            if (this.server.getListenerByProtocol(ONetworkProtocolHttpAbstract.class) == null) {
                OLogManager.instance().error(this, "ODefaultServerSecurity.unregisterRESTCommands() unable to retrieve Network Protocol listener.", null, new Object[0]);
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "ODefaultServerSecurity.unregisterRESTCommands()", e, new Object[0]);
        }
    }
}
