package org.gcube.accounting.security.authz;

import java.io.BufferedReader;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Vector;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import net.sf.ehcache.config.TimeoutBehaviorConfiguration;
import org.apache.activemq.transport.stomp.Stomp;
import org.apache.log4j.Logger;
import org.gcube.accounting.common.file.FileChangedListener;
import org.gcube.accounting.exception.NotFoundException;

/* loaded from: input_file:WEB-INF/lib/accounting-common-2.1.0-3.1.0.jar:org/gcube/accounting/security/authz/FileAuthorizationManager.class */
public class FileAuthorizationManager implements AuthorizationManager, FileChangedListener {
    private static Logger logger = Logger.getLogger(FileAuthorizationManager.class);
    private static final String ALL = "all";
    private static final String ANONYMOUS = "anonymous";
    private Map<String, Collection<Permission>> permissions;
    private Map<String, Role> roles;
    private File file;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/accounting-common-2.1.0-3.1.0.jar:org/gcube/accounting/security/authz/FileAuthorizationManager$Section.class */
    public enum Section {
        ROLE,
        PERMISSION
    }

    public FileAuthorizationManager(String str) {
        this(new File(str));
    }

    public FileAuthorizationManager(File file) {
        this.file = file;
        this.permissions = new HashMap();
        this.roles = new HashMap();
        parseAuthorizationFile();
    }

    @Override // org.gcube.accounting.common.file.FileChangedListener
    public void fileChanged(File file) {
        logger.info("Authorization file has changed. Refreshing rules.");
        parseAuthorizationFile();
    }

    private Role parseRoleLine(String str) throws Exception {
        String str2 = " " + str + " ";
        Matcher matcher = Pattern.compile("^\\s*([0-9a-z_-]+)\\s*:\\s*(([0-9a-z_-]+\\s*,?\\s*)*)\\s*$", 2).matcher(str2);
        if (!matcher.matches()) {
            String str3 = "Malformed role definition: " + str2;
            logger.warn(str3);
            throw new Exception(str3);
        }
        Role role = new Role(matcher.group(1));
        String[] split = matcher.group(2).split(TimeoutBehaviorConfiguration.DEFAULT_PROPERTY_SEPARATOR);
        int length = split.length;
        for (int i = 0; i < length; i++) {
            String str4 = split[i];
            try {
                str4 = str4.trim();
                logger.info(String.format("Adding action '%s' to role '%s'", str4, role.getName()));
                role.addAction(Action.getAction(str4));
            } catch (NotFoundException e) {
                logger.warn(String.format("Undefined action '%s' for role '%s'. Ignoring.", str4, role.getName()));
            }
        }
        return role;
    }

    private Collection<Permission> parsePermissionLine(String str) throws Exception {
        String str2 = " " + str + " ";
        String[] split = str2.split(Stomp.Headers.SEPERATOR);
        if (split.length != 3) {
            throw new Exception("Malformed permission definition: " + str2);
        }
        String[] split2 = split[0].split(TimeoutBehaviorConfiguration.DEFAULT_PROPERTY_SEPARATOR);
        String[] split3 = split[1].split(TimeoutBehaviorConfiguration.DEFAULT_PROPERTY_SEPARATOR);
        String str3 = split[2];
        Vector vector = new Vector();
        for (String str4 : split2) {
            String trim = str4.trim();
            for (String str5 : split3) {
                String trim2 = str5.trim();
                Role role = this.roles.get(trim2);
                if (role != null) {
                    str3 = str3.trim();
                    logger.info(String.format("Granting role '%s' to user '%s' over '%s'.", trim2, trim, str3));
                    vector.add(new Permission(trim, str3, role));
                } else {
                    logger.warn(String.format("Undefined role '%s'. Ignoring", trim2));
                }
            }
        }
        return vector;
    }

    private void parseAuthorizationFile() {
        this.permissions.clear();
        this.roles.clear();
        parseAuthorizationFile(Section.ROLE);
        parseAuthorizationFile(Section.PERMISSION);
    }

    private void parseAuthorizationFile(Section section) {
        DataInputStream dataInputStream;
        BufferedReader bufferedReader;
        Section section2;
        Pattern compile = Pattern.compile("\\s*\\[\\s*role\\s*\\]\\s*", 2);
        Pattern compile2 = Pattern.compile("\\s*\\[\\s*permission\\s*\\]\\s*", 2);
        try {
            dataInputStream = new DataInputStream(new FileInputStream(this.file));
            bufferedReader = new BufferedReader(new InputStreamReader(dataInputStream));
            section2 = null;
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            return;
        }
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                dataInputStream.close();
                return;
            }
            if (!readLine.trim().startsWith("#") && !readLine.trim().equals("")) {
                if (compile.matcher(readLine).matches()) {
                    logger.debug("entering 'role' section");
                    section2 = Section.ROLE;
                } else if (compile2.matcher(readLine).matches()) {
                    logger.debug("entering 'permission' section");
                    section2 = Section.PERMISSION;
                } else if (section == section2) {
                    if (section == Section.ROLE) {
                        try {
                            addRole(parseRoleLine(readLine));
                        } catch (Exception e2) {
                            logger.error(e2.getMessage());
                        }
                    }
                    if (section == Section.PERMISSION) {
                        try {
                            addPermissions(parsePermissionLine(readLine));
                        } catch (Exception e3) {
                            logger.error(e3.getMessage());
                        }
                    }
                }
            }
            logger.error(e.getMessage(), e);
            return;
        }
    }

    private void addRole(Role role) throws Exception {
        if (role == null || role.getName() == null) {
            return;
        }
        if (this.roles.containsKey(role.getName())) {
            String format = String.format("Duplicate role '%s'", role.getName());
            logger.debug(format);
            throw new Exception(format);
        }
        logger.debug("Adding role " + role.getName());
        this.roles.put(role.getName(), role);
    }

    private void addPermissions(Collection<Permission> collection) {
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            addPermission(it.next());
        }
    }

    private Collection<Permission> retrieveUserPermission(String str) {
        Collection<Permission> collection = this.permissions.get(str);
        if (collection == null) {
            collection = new Vector();
            this.permissions.put(str, collection);
        }
        return collection;
    }

    private void addPermission(Permission permission) {
        if (permission == null) {
            return;
        }
        logger.debug(String.format("Adding permission '%s'", permission.toString()));
        retrieveUserPermission(permission.getUserId()).add(permission);
    }

    private Collection<Permission> computeUserPermissions(String str) {
        if (str == null) {
            return retrieveUserPermission(ANONYMOUS);
        }
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(retrieveUserPermission(str));
        arrayList.addAll(retrieveUserPermission(ALL));
        return arrayList;
    }

    @Override // org.gcube.accounting.security.authz.AuthorizationManager
    public boolean isAllowed(String str, Action action) {
        Iterator<Permission> it = computeUserPermissions(str).iterator();
        while (it.hasNext()) {
            if (it.next().isAllowed(action)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.gcube.accounting.security.authz.AuthorizationManager
    public boolean isAllowed(String str, Action action, String str2) {
        Iterator<Permission> it = computeUserPermissions(str).iterator();
        while (it.hasNext()) {
            if (it.next().isAllowed(action, str2)) {
                return true;
            }
        }
        return false;
    }
}
