package org.apache.geode.security.generator;

import java.security.Principal;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import org.apache.geode.cache.operations.OperationContext;
import org.apache.geode.security.generator.AuthzCredentialGenerator;
import org.apache.geode.security.templates.UsernamePrincipal;
import org.apache.geode.security.templates.XmlAuthorization;
import org.apache.geode.util.test.TestUtil;

/* loaded from: input_file:org/apache/geode/security/generator/XmlAuthzCredentialGenerator.class */
public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator {
    private static final String dummyXml = "authz-dummy.xml";
    private static final String ldapXml = "authz-ldap.xml";
    private static final String pkcsXml = "authz-pkcs.xml";
    private static final String sslXml = "authz-ssl.xml";
    private static final byte READER_ROLE = 1;
    private static final byte WRITER_ROLE = 2;
    private static final byte QUERY_ROLE = 3;
    private static final byte ADMIN_ROLE = 4;
    private static Set writerOpsSet;
    private static Set queryOpsSet;
    private static Set queryRegionSet;
    private static final String[] QUERY_REGIONS = {"/Portfolios", "/Positions", "/AuthRegion"};
    public static OperationContext.OperationCode[] READER_OPS = {OperationContext.OperationCode.GET, OperationContext.OperationCode.REGISTER_INTEREST, OperationContext.OperationCode.UNREGISTER_INTEREST, OperationContext.OperationCode.KEY_SET, OperationContext.OperationCode.CONTAINS_KEY, OperationContext.OperationCode.EXECUTE_FUNCTION};
    public static OperationContext.OperationCode[] WRITER_OPS = {OperationContext.OperationCode.PUT, OperationContext.OperationCode.DESTROY, OperationContext.OperationCode.INVALIDATE, OperationContext.OperationCode.REGION_CLEAR};
    public static OperationContext.OperationCode[] QUERY_OPS = {OperationContext.OperationCode.QUERY, OperationContext.OperationCode.EXECUTE_CQ, OperationContext.OperationCode.STOP_CQ, OperationContext.OperationCode.CLOSE_CQ};
    private static Set readerOpsSet = new HashSet();

    @Override // org.apache.geode.security.generator.AuthzCredentialGenerator
    protected Properties init() throws IllegalArgumentException {
        Properties properties = new Properties();
        if (this.generator.classCode().isDummy()) {
            properties.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, "/org/apache/geode/security/generator/authz-dummy.xml"));
        } else {
            if (!this.generator.classCode().isLDAP()) {
                throw new IllegalArgumentException("No XML defined for XmlAuthorization module to work with " + this.generator.getAuthenticator());
            }
            properties.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, "/org/apache/geode/security/generator/authz-ldap.xml"));
        }
        return properties;
    }

    @Override // org.apache.geode.security.generator.AuthzCredentialGenerator
    public AuthzCredentialGenerator.ClassCode classCode() {
        return AuthzCredentialGenerator.ClassCode.XML;
    }

    @Override // org.apache.geode.security.generator.AuthzCredentialGenerator
    public String getAuthorizationCallback() {
        return XmlAuthorization.class.getName() + ".create";
    }

    private Principal getDummyPrincipal(byte b, int i) {
        String[] strArr = {"root", "admin", "administrator"};
        switch (b) {
            case 1:
                return new UsernamePrincipal("reader" + (i % 3));
            case 2:
                return new UsernamePrincipal("writer" + (i % 3));
            case 3:
                return new UsernamePrincipal("reader" + ((i % 2) + 3));
            default:
                return new UsernamePrincipal(strArr[i % strArr.length]);
        }
    }

    @Override // org.apache.geode.security.generator.AuthzCredentialGenerator
    protected Principal getAllowedPrincipal(OperationContext.OperationCode[] operationCodeArr, String[] strArr, int i) {
        if (this.generator.classCode().isDummy()) {
            return getDummyPrincipal(getRequiredRole(operationCodeArr, strArr), i);
        }
        if (this.generator.classCode().isLDAP()) {
            return getLdapPrincipal(getRequiredRole(operationCodeArr, strArr), i);
        }
        return null;
    }

    @Override // org.apache.geode.security.generator.AuthzCredentialGenerator
    protected Principal getDisallowedPrincipal(OperationContext.OperationCode[] operationCodeArr, String[] strArr, int i) {
        byte b = 1;
        switch (getRequiredRole(operationCodeArr, strArr)) {
            case 1:
                b = 2;
                break;
            case 2:
                b = 1;
                break;
            case 3:
                b = 1;
                break;
            case 4:
                b = 1;
                break;
        }
        if (this.generator.classCode().isDummy()) {
            return getDummyPrincipal(b, i);
        }
        if (this.generator.classCode().isLDAP()) {
            return getLdapPrincipal(b, i);
        }
        return null;
    }

    @Override // org.apache.geode.security.generator.AuthzCredentialGenerator
    protected int getNumPrincipalTries(OperationContext.OperationCode[] operationCodeArr, String[] strArr) {
        return 5;
    }

    private Principal getLdapPrincipal(byte b, int i) {
        int[] iArr = {3, 4, 5};
        int[] iArr2 = {6, 7, 8};
        int[] iArr3 = {9, 10};
        int[] iArr4 = {1, 2};
        switch (b) {
            case 1:
                return new UsernamePrincipal("gemfire" + iArr[i % iArr.length]);
            case 2:
                return new UsernamePrincipal("gemfire" + iArr2[i % iArr2.length]);
            case 3:
                return new UsernamePrincipal("gemfire" + iArr3[i % iArr3.length]);
            default:
                return new UsernamePrincipal("gemfire" + iArr4[i % iArr4.length]);
        }
    }

    private byte getRequiredRole(OperationContext.OperationCode[] operationCodeArr, String[] strArr) {
        byte b = 4;
        boolean z = true;
        boolean z2 = true;
        boolean z3 = true;
        for (OperationContext.OperationCode operationCode : operationCodeArr) {
            if (z && !readerOpsSet.contains(operationCode)) {
                z = false;
            }
            if (z2 && !writerOpsSet.contains(operationCode)) {
                z2 = false;
            }
            if (z3 && !queryOpsSet.contains(operationCode)) {
                z3 = false;
            }
        }
        if (z) {
            b = 1;
        } else if (z2) {
            b = 2;
        } else if (z3 && strArr != null && strArr.length > 0) {
            int i = 0;
            while (true) {
                if (i >= strArr.length) {
                    break;
                }
                String normalizeRegionName = XmlAuthorization.normalizeRegionName(strArr[i]);
                if (z3 && !queryRegionSet.contains(normalizeRegionName)) {
                    z3 = false;
                    break;
                }
                i++;
            }
            if (z3) {
                b = 3;
            }
        }
        return b;
    }

    static {
        for (int i = 0; i < READER_OPS.length; i++) {
            readerOpsSet.add(READER_OPS[i]);
        }
        writerOpsSet = new HashSet();
        for (int i2 = 0; i2 < WRITER_OPS.length; i2++) {
            writerOpsSet.add(WRITER_OPS[i2]);
        }
        queryOpsSet = new HashSet();
        for (int i3 = 0; i3 < QUERY_OPS.length; i3++) {
            queryOpsSet.add(QUERY_OPS[i3]);
        }
        queryRegionSet = new HashSet();
        for (int i4 = 0; i4 < QUERY_REGIONS.length; i4++) {
            queryRegionSet.add(QUERY_REGIONS[i4]);
        }
    }
}
