package net.cnri.cordra.util.cmdline;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.stream.JsonReader;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import joptsimple.OptionParser;
import joptsimple.OptionSet;
import net.cnri.cordra.api.BadRequestCordraException;
import net.cnri.cordra.api.CordraClient;
import net.cnri.cordra.api.CordraException;
import net.cnri.cordra.api.CordraObject;
import net.cnri.cordra.api.HttpCordraClient;
import net.cnri.cordra.api.InternalErrorCordraException;
import net.cnri.cordra.api.SearchResults;
import net.cnri.cordra.util.JsonUtil;
import org.apache.http.HttpEntity;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.protocol.HttpContext;
import org.apache.http.util.EntityUtils;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.core.config.Configurator;
import org.apache.logging.log4j.core.config.DefaultConfiguration;

/* loaded from: input_file:net/cnri/cordra/util/cmdline/AddPermissions.class */
public class AddPermissions {
    private Gson gson = new GsonBuilder().disableHtmlEscaping().create();
    private String baseUri;
    private String username;
    private String password;

    public static void main(String[] strArr) throws Exception {
        configureLogging();
        new AddPermissions().run(strArr);
    }

    private static void configureLogging() {
        try {
            Configurator.initialize(new DefaultConfiguration());
            Configurator.setRootLevel(Level.WARN);
            Configurator.setLevel("net.cnri", Level.TRACE);
        } catch (Throwable th) {
        }
    }

    void run(String[] strArr) throws Exception {
        OptionSet parseOptions = parseOptions(strArr);
        extractOptions(parseOptions);
        addPermissions(parseOptions);
    }

    private OptionSet parseOptions(String[] strArr) throws Exception {
        OptionParser optionParser = new OptionParser();
        optionParser.acceptsAll(Arrays.asList("h", "help")).forHelp();
        optionParser.acceptsAll(Arrays.asList("b", "base-uri")).withRequiredArg().required();
        optionParser.acceptsAll(Arrays.asList("u", "username"), "Username to talk to Cordra").withRequiredArg().required();
        optionParser.acceptsAll(Arrays.asList("p", "password"), "Can be entered as standard input").withRequiredArg();
        optionParser.acceptsAll(Arrays.asList("g", "group-id"), "Id of group").withRequiredArg();
        optionParser.acceptsAll(Arrays.asList("group-name"), "Name of group").withRequiredArg();
        optionParser.acceptsAll(Arrays.asList("group-name-json-pointer"), "Field to query group name (default /groupName)").withRequiredArg().defaultsTo("/groupName", new String[0]);
        optionParser.acceptsAll(Arrays.asList("s", "schema-name"), "Name of schema").withRequiredArg().required();
        optionParser.acceptsAll(Arrays.asList("a", "add-permission"), "Permission to add (read, write, create, read-schema, write-schema)").withRequiredArg().required();
        try {
            OptionSet parse = optionParser.parse(strArr);
            if (!parse.has("h") && !parse.has("group-id") && !parse.has("group-name")) {
                throw new Exception("At least one of group-id, group-name must be specified");
            }
            if (!parse.has("h")) {
                return parse;
            }
            System.out.println("This tool will add permissions for a group.");
            System.out.println("You can specify multiple groups, schemas, and permissions.");
            System.exit(1);
            return null;
        } catch (Exception e) {
            System.out.println("Error parsing options: " + e.getMessage());
            System.out.println("This tool will add permissions for a group.");
            System.out.println("You can specify multiple groups, schemas, and permissions.");
            optionParser.printHelpOn(System.out);
            System.exit(1);
            return null;
        }
    }

    private void extractOptions(OptionSet optionSet) throws IOException {
        this.baseUri = (String) optionSet.valueOf("base-uri");
        this.username = (String) optionSet.valueOf("username");
        this.password = (String) optionSet.valueOf("password");
        if (this.password == null) {
            System.out.print("Password: ");
            InputStreamReader inputStreamReader = new InputStreamReader(System.in, StandardCharsets.UTF_8);
            try {
                BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
                try {
                    this.password = bufferedReader.readLine();
                    bufferedReader.close();
                    inputStreamReader.close();
                } finally {
                }
            } catch (Throwable th) {
                try {
                    inputStreamReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
    }

    private void addPermissions(OptionSet optionSet) throws CordraException, IOException {
        HttpCordraClient httpCordraClient = new HttpCordraClient(this.baseUri, this.username, this.password);
        try {
            addPermissions(httpCordraClient, httpCordraClient.getHttpClient(), optionSet);
            httpCordraClient.close();
        } catch (Throwable th) {
            try {
                httpCordraClient.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private void addPermissions(CordraClient cordraClient, CloseableHttpClient closeableHttpClient, OptionSet optionSet) throws CordraException, IOException {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        for (String str : optionSet.valuesOf("add-permission")) {
            if ("read".equalsIgnoreCase(str)) {
                z = true;
            } else if ("write".equalsIgnoreCase(str)) {
                z2 = true;
            } else if ("create".equalsIgnoreCase(str)) {
                z3 = true;
            } else if ("read-schema".equalsIgnoreCase(str)) {
                z4 = true;
            } else {
                if (!"write-schema".equalsIgnoreCase(str)) {
                    throw new BadRequestCordraException("Unknown permission " + str);
                }
                z5 = true;
            }
        }
        List<String> valuesOf = optionSet.valuesOf("schema-name");
        Collection<String> groups = getGroups(cordraClient, optionSet);
        if (groups.isEmpty()) {
            throw new BadRequestCordraException("No groups found");
        }
        AuthConfig authConfig = getAuthConfig(closeableHttpClient);
        if (authConfig == null) {
            authConfig = new AuthConfig();
        }
        DefaultAcls defaultAcls = authConfig.defaultAcls;
        if (defaultAcls == null) {
            defaultAcls = new DefaultAcls();
        }
        if (z || z2 || z3) {
            for (String str2 : valuesOf) {
                if (!authConfig.schemaAcls.containsKey(str2)) {
                    authConfig.schemaAcls.put(str2, cloneDefaultAcls(defaultAcls));
                }
                DefaultAcls defaultAcls2 = authConfig.schemaAcls.get(str2);
                if (z) {
                    defaultAcls2.defaultAclRead = addToListOmitPublicOrAuthenticated(defaultAcls2.defaultAclRead, groups);
                }
                if (z2) {
                    defaultAcls2.defaultAclWrite = addToListOmitPublicOrAuthenticated(defaultAcls2.defaultAclWrite, groups);
                }
                if (z3) {
                    defaultAcls2.aclCreate = addToListOmitPublicOrAuthenticated(defaultAcls2.aclCreate, groups);
                }
            }
            setAuthConfig(closeableHttpClient, authConfig);
        }
        if (z4 || z5) {
            DefaultAcls defaultAcls3 = authConfig.schemaAcls.get("Schema");
            List<String> list = null;
            List<String> list2 = null;
            if (defaultAcls3 != null) {
                list = defaultAcls3.defaultAclRead;
                list2 = defaultAcls3.defaultAclWrite;
            }
            if (list == null) {
                list = defaultAcls.defaultAclRead;
            }
            if (list2 == null) {
                list2 = defaultAcls.defaultAclWrite;
            }
            ArrayList arrayList = new ArrayList();
            for (CordraObject cordraObject : getSchemaObjects(cordraClient, valuesOf)) {
                if (z4) {
                    if (cordraObject.acl == null) {
                        cordraObject.acl = new CordraObject.AccessControlList();
                    }
                    if (cordraObject.acl.readers == null) {
                        cordraObject.acl.readers = addToListOmitPublicOrAuthenticated(list, groups);
                    } else {
                        cordraObject.acl.readers = addToListOmitPublicOrAuthenticated(cordraObject.acl.readers, groups);
                    }
                }
                if (z5) {
                    if (cordraObject.acl == null) {
                        cordraObject.acl = new CordraObject.AccessControlList();
                    }
                    if (cordraObject.acl.writers == null) {
                        cordraObject.acl.writers = addToListOmitPublicOrAuthenticated(list2, groups);
                    } else {
                        cordraObject.acl.writers = addToListOmitPublicOrAuthenticated(cordraObject.acl.writers, groups);
                    }
                }
                arrayList.add(cordraObject);
            }
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                cordraClient.update((CordraObject) it.next());
            }
        }
    }

    private static List<String> addToListOmitPublicOrAuthenticated(List<String> list, Collection<String> collection) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (list != null) {
            linkedHashSet.addAll(list);
        }
        if (collection != null && !collection.isEmpty()) {
            linkedHashSet.remove("authenticated");
            linkedHashSet.remove("public");
            linkedHashSet.addAll(collection);
        }
        return new ArrayList(linkedHashSet);
    }

    private static DefaultAcls cloneDefaultAcls(DefaultAcls defaultAcls) {
        DefaultAcls defaultAcls2 = new DefaultAcls();
        if (defaultAcls.aclCreate != null) {
            defaultAcls2.aclCreate = new ArrayList();
            defaultAcls2.aclCreate.addAll(defaultAcls.aclCreate);
        }
        if (defaultAcls.defaultAclRead != null) {
            defaultAcls2.defaultAclRead = new ArrayList();
            defaultAcls2.defaultAclRead.addAll(defaultAcls.defaultAclRead);
        }
        if (defaultAcls.defaultAclWrite != null) {
            defaultAcls2.defaultAclWrite = new ArrayList();
            defaultAcls2.defaultAclWrite.addAll(defaultAcls.defaultAclWrite);
        }
        return defaultAcls2;
    }

    private AuthConfig getAuthConfig(CloseableHttpClient closeableHttpClient) throws IOException, ClientProtocolException {
        CloseableHttpResponse execute = closeableHttpClient.execute(new HttpGet(ensureSlash(this.baseUri) + "design"));
        try {
            HttpEntity entity = execute.getEntity();
            try {
                InputStream content = entity.getContent();
                try {
                    InputStreamReader inputStreamReader = new InputStreamReader(content, StandardCharsets.UTF_8);
                    try {
                        BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
                        try {
                            JsonReader jsonReader = new JsonReader(bufferedReader);
                            try {
                                jsonReader.beginObject();
                                while (jsonReader.hasNext()) {
                                    if ("authConfig".equals(jsonReader.nextName())) {
                                        AuthConfig authConfig = (AuthConfig) this.gson.fromJson(jsonReader, AuthConfig.class);
                                        jsonReader.close();
                                        bufferedReader.close();
                                        inputStreamReader.close();
                                        if (content != null) {
                                            content.close();
                                        }
                                        if (execute != null) {
                                            execute.close();
                                        }
                                        return authConfig;
                                    }
                                    jsonReader.skipValue();
                                }
                                jsonReader.close();
                                bufferedReader.close();
                                inputStreamReader.close();
                                if (content != null) {
                                    content.close();
                                }
                                EntityUtils.consumeQuietly(entity);
                                if (execute != null) {
                                    execute.close();
                                }
                                throw new AssertionError("No authConfig found!");
                            } catch (Throwable th) {
                                try {
                                    jsonReader.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                                throw th;
                            }
                        } catch (Throwable th3) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                            throw th3;
                        }
                    } catch (Throwable th5) {
                        try {
                            inputStreamReader.close();
                        } catch (Throwable th6) {
                            th5.addSuppressed(th6);
                        }
                        throw th5;
                    }
                } catch (Throwable th7) {
                    if (content != null) {
                        try {
                            content.close();
                        } catch (Throwable th8) {
                            th7.addSuppressed(th8);
                        }
                    }
                    throw th7;
                }
            } finally {
                EntityUtils.consumeQuietly(entity);
            }
        } catch (Throwable th9) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th10) {
                    th9.addSuppressed(th10);
                }
            }
            throw th9;
        }
    }

    /* JADX WARN: Finally extract failed */
    private void setAuthConfig(CloseableHttpClient closeableHttpClient, AuthConfig authConfig) throws IOException, CordraException {
        HttpPut httpPut = new HttpPut(ensureSlash(this.baseUri) + "authConfig");
        try {
            httpPut.addHeader(new BasicScheme().authenticate(new UsernamePasswordCredentials(this.username, this.password), httpPut, (HttpContext) null));
            httpPut.setEntity(new StringEntity(this.gson.toJson(authConfig), StandardCharsets.UTF_8));
            CloseableHttpResponse execute = closeableHttpClient.execute(httpPut);
            try {
                HttpEntity entity = execute.getEntity();
                try {
                    if (execute.getStatusLine().getStatusCode() != 200) {
                        throw new InternalErrorCordraException("Unable to set authConfig: " + EntityUtils.toString(entity));
                    }
                    EntityUtils.consumeQuietly(entity);
                    if (execute != null) {
                        execute.close();
                    }
                } catch (Throwable th) {
                    EntityUtils.consumeQuietly(entity);
                    throw th;
                }
            } catch (Throwable th2) {
                if (execute != null) {
                    try {
                        execute.close();
                    } catch (Throwable th3) {
                        th2.addSuppressed(th3);
                    }
                }
                throw th2;
            }
        } catch (AuthenticationException e) {
            throw new AssertionError(e);
        }
    }

    private static String ensureSlash(String str) {
        return str.endsWith("/") ? str : str + "/";
    }

    private Collection<String> getGroups(CordraClient cordraClient, OptionSet optionSet) throws CordraException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (optionSet.has("group-id")) {
            Iterator it = optionSet.valuesOf("group-id").iterator();
            while (it.hasNext()) {
                linkedHashSet.add((String) it.next());
            }
        }
        if (optionSet.has("group-name")) {
            List valuesOf = optionSet.valuesOf("group-name");
            String str = (String) optionSet.valueOf("group-name-json-pointer");
            String str2 = "";
            Iterator it2 = valuesOf.iterator();
            while (it2.hasNext()) {
                str2 = str2 + escape(str) + ":\"" + escape((String) it2.next()) + "\" ";
            }
            SearchResults<CordraObject> search = cordraClient.search(str2);
            try {
                for (CordraObject cordraObject : search) {
                    if (valuesOf.contains(JsonUtil.getJsonAtPointer(cordraObject.content, str).getAsString())) {
                        linkedHashSet.add(cordraObject.id);
                    }
                }
                if (search != null) {
                    search.close();
                }
            } catch (Throwable th) {
                if (search != null) {
                    try {
                        search.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        return linkedHashSet;
    }

    private Collection<CordraObject> getSchemaObjects(CordraClient cordraClient, List<String> list) throws CordraException {
        String str = "";
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            str = str + "schemaName:\"" + escape(it.next()) + "\" ";
        }
        ArrayList arrayList = new ArrayList();
        SearchResults<CordraObject> search = cordraClient.search(str);
        try {
            for (CordraObject cordraObject : search) {
                if (list.contains(JsonUtil.getJsonAtPointer(cordraObject.content, "/name").getAsString())) {
                    arrayList.add(cordraObject);
                }
            }
            if (search != null) {
                search.close();
            }
            return arrayList;
        } catch (Throwable th) {
            if (search != null) {
                try {
                    search.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static String escape(String str) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (charAt == '\\' || charAt == '+' || charAt == '-' || charAt == '!' || charAt == '(' || charAt == ')' || charAt == ':' || charAt == '^' || charAt == '[' || charAt == ']' || charAt == '\"' || charAt == '{' || charAt == '}' || charAt == '~' || charAt == '*' || charAt == '?' || charAt == '|' || charAt == '&' || charAt == '/') {
                sb.append('\\');
            }
            sb.append(charAt);
        }
        return sb.toString();
    }
}
