package org.apache.isis.security.file.authorization;

import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import org.apache.isis.applib.Identifier;
import org.apache.isis.core.commons.config.IsisConfiguration;
import org.apache.isis.core.commons.config.IsisConfigurationException;
import org.apache.isis.core.commons.config.JmxBeanServer;
import org.apache.isis.core.commons.ensure.Assert;
import org.apache.isis.core.commons.exceptions.IsisException;
import org.apache.isis.core.commons.resource.ResourceStreamSource;
import org.apache.isis.core.runtime.authorization.standard.AuthorizorAbstract;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/apache/isis/security/file/authorization/FileAuthorizor.class */
public class FileAuthorizor extends AuthorizorAbstract implements FileAuthorizorMBean {
    private static final Logger LOG = Logger.getLogger(FileAuthorizor.class);
    private static final String NONE = "";
    private static final String ACCESS_QUALIFIER_RO = "-ro";
    private static final String ACCESS_QUALIFIER_RW = "-rw";
    private Map<String, List<String>> whiteListMap;
    private Map<String, List<String>> blackListMap;
    private final ResourceStreamSource resourceStreamSource;
    private final boolean learn;
    private final String whiteListResourceName;
    private InputStream whiteListInputResource;
    private final String blackListResourceName;
    private InputStream blackListInputResource;
    private boolean printedWarning;
    private boolean printedDebug;

    public FileAuthorizor(IsisConfiguration isisConfiguration) {
        super(isisConfiguration);
        this.resourceStreamSource = getConfiguration().getResourceStreamSource();
        this.learn = getConfiguration().getBoolean("isis.authorization.learn", false);
        this.whiteListResourceName = getConfiguration().getString(FileAuthorizationConstants.WHITELIST_RESOURCE_KEY, FileAuthorizationConstants.WHITELIST_RESOURCE_DEFAULT);
        Assert.assertTrue(this.whiteListResourceName.length() > 0);
        this.blackListResourceName = getConfiguration().getString(FileAuthorizationConstants.BLACKLIST_RESOURCE_KEY, "");
        findResources();
    }

    private void findResources() {
        this.whiteListInputResource = this.resourceStreamSource.readResource(this.whiteListResourceName);
        if (this.whiteListInputResource == null) {
            throw new IsisException("Cannot read whitelist authorization file: " + this.whiteListResourceName);
        }
        if (this.blackListResourceName.length() <= 0) {
            this.blackListInputResource = null;
            return;
        }
        this.blackListInputResource = this.resourceStreamSource.readResource(this.blackListResourceName);
        if (this.blackListInputResource == null) {
            throw new IsisException("Blacklist authorization file exists, but it cannot be read: " + this.blackListResourceName);
        }
    }

    @Override // org.apache.isis.core.commons.components.ApplicationScopedComponent
    public void init() {
        this.whiteListMap = Maps.newHashMap();
        this.blackListMap = Maps.newHashMap();
        if (this.learn) {
            return;
        }
        cacheAuthorizationDetails(this.whiteListMap, this.whiteListInputResource);
        if (this.blackListInputResource != null) {
            cacheAuthorizationDetails(this.blackListMap, this.blackListInputResource);
        }
        JmxBeanServer.getInstance().register("file-authorizer", this);
    }

    @Override // org.apache.isis.security.file.authorization.FileAuthorizorMBean
    public void reload() {
        HashMap newHashMap = Maps.newHashMap();
        HashMap newHashMap2 = Maps.newHashMap();
        findResources();
        cacheAuthorizationDetails(newHashMap, this.whiteListInputResource);
        if (this.blackListInputResource != null) {
            cacheAuthorizationDetails(newHashMap2, this.blackListInputResource);
            this.blackListMap = newHashMap2;
        }
        this.whiteListMap = newHashMap;
    }

    private void cacheAuthorizationDetails(Map<String, List<String>> map, InputStream inputStream) {
        try {
            if (LOG.isInfoEnabled()) {
                LOG.info("loading authorization details from " + this.whiteListResourceName);
            }
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    bufferedReader.close();
                    return;
                }
                tokenizeLine(map, readLine);
            }
        } catch (Exception e) {
            throw new IsisException(e);
        }
    }

    private void tokenizeLine(Map<String, List<String>> map, String str) {
        if (str.trim().startsWith("#") || str.trim().length() == 0) {
            return;
        }
        int indexOf = str.trim().indexOf(">");
        if (indexOf == -1) {
            StringTokenizer stringTokenizer = new StringTokenizer(str.trim(), ":", false);
            if (stringTokenizer.countTokens() != 2) {
                throw new IsisConfigurationException("Invalid line: " + str);
            }
            String nextToken = stringTokenizer.nextToken();
            String nextToken2 = stringTokenizer.nextToken();
            map.put(memberFromString(nextToken.trim()).toIdentityString(Identifier.CLASS_MEMBERNAME_PARAMETERS), tokenizeRoles(nextToken2));
            return;
        }
        HashMap hashMap = new HashMap();
        for (String str2 : map.keySet()) {
            String substring = str.trim().substring(0, indexOf);
            String substring2 = str.trim().substring(indexOf + 1);
            if (str2.startsWith(substring2)) {
                hashMap.put(substring + str2.substring(substring2.length()), map.get(str2));
            }
        }
        map.putAll(hashMap);
    }

    private Identifier memberFromString(String str) {
        return Identifier.fromIdentityString(str);
    }

    private List<String> tokenizeRoles(String str) {
        ArrayList arrayList = new ArrayList();
        StringTokenizer stringTokenizer = new StringTokenizer(str, "|", false);
        while (stringTokenizer.hasMoreTokens()) {
            arrayList.add(stringTokenizer.nextToken().trim());
        }
        return arrayList;
    }

    @Override // org.apache.isis.core.commons.components.ApplicationScopedComponent
    public void shutdown() {
        if (this.learn) {
            writeMap();
        }
    }

    @Override // org.apache.isis.core.runtime.authorization.standard.Authorizor
    public boolean isUsableInRole(String str, Identifier identifier) {
        return isAuthorized(str, identifier, Arrays.asList("", ACCESS_QUALIFIER_RW));
    }

    @Override // org.apache.isis.core.runtime.authorization.standard.Authorizor
    public boolean isVisibleInRole(String str, Identifier identifier) {
        return isAuthorized(str, identifier, Arrays.asList("", ACCESS_QUALIFIER_RO, ACCESS_QUALIFIER_RW));
    }

    private boolean isAuthorized(String str, Identifier identifier, List<String> list) {
        return this.learn ? learn(str, identifier) : isWhiteListed(str, identifier, list) && !isBlackListed(str, identifier, list);
    }

    private boolean isWhiteListed(String str, Identifier identifier, List<String> list) {
        return isListed(this.whiteListMap, str, identifier, list);
    }

    private boolean isBlackListed(String str, Identifier identifier, List<String> list) {
        return isListed(this.blackListMap, str, identifier, list);
    }

    private boolean isListed(Map<String, List<String>> map, String str, Identifier identifier, List<String> list) {
        if (map.isEmpty()) {
            return false;
        }
        List<String> rolesFor = rolesFor(map, identifier.toIdentityString(Identifier.CLASS_MEMBERNAME_PARAMETERS));
        if (rolesFor == null) {
            rolesFor = rolesFor(map, identifier.toIdentityString(Identifier.CLASS_MEMBERNAME));
        }
        if (rolesFor == null) {
            rolesFor = rolesFor(map, identifier.toIdentityString(Identifier.CLASS));
        }
        if (rolesFor == null) {
            rolesFor = rolesFor(map, "*#" + identifier.toIdentityString(Identifier.MEMBERNAME_ONLY));
        }
        if (rolesFor == null) {
            return false;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (rolesFor.contains(str + it.next())) {
                return true;
            }
        }
        return false;
    }

    private List<String> rolesFor(Map<String, List<String>> map, String str) {
        if (map.containsKey(str)) {
            return map.get(str);
        }
        return null;
    }

    private boolean learn(String str, Identifier identifier) {
        String identityString = identifier.toIdentityString(Identifier.CLASS_MEMBERNAME_PARAMETERS);
        if (this.whiteListMap.containsKey(identityString)) {
            List<String> list = this.whiteListMap.get(identityString);
            if (!list.contains(str)) {
                list.add(str);
            }
        } else {
            this.whiteListMap.put(identityString, Arrays.asList(str));
        }
        writeMap();
        return true;
    }

    private void writeMap() {
        try {
            OutputStream writeResource = this.resourceStreamSource.writeResource(this.whiteListResourceName);
            if (writeResource == null) {
                if (this.printedWarning) {
                    return;
                }
                LOG.warn("unable to write out authorisation details");
                this.printedWarning = true;
                return;
            }
            if (LOG.isDebugEnabled() && !this.printedDebug) {
                LOG.debug("writing authorisation details to " + this.whiteListResourceName);
                this.printedDebug = true;
            }
            ArrayList newArrayList = Lists.newArrayList(this.whiteListMap.entrySet());
            BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(writeResource));
            Iterator it = newArrayList.iterator();
            while (it.hasNext()) {
                writeTo((Map.Entry) it.next(), bufferedWriter);
            }
            bufferedWriter.flush();
            bufferedWriter.close();
        } catch (IOException e) {
            throw new IsisException(e);
        }
    }

    public void writeTo(Map.Entry<String, List<String>> entry, BufferedWriter bufferedWriter) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(entry.getKey()).append(":");
        List<String> value = entry.getValue();
        for (int i = 0; i < value.size(); i++) {
            stringBuffer.append(value.get(i));
            if (i < value.size() - 1) {
                stringBuffer.append("|");
            }
        }
        bufferedWriter.write(stringBuffer.toString());
        bufferedWriter.newLine();
    }
}
