package org.apache.knox.gateway.topology.monitor;

import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.io.FileUtils;
import org.apache.knox.gateway.GatewayMessages;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClient;
import org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService;
import org.apache.knox.gateway.services.security.impl.RemoteAliasService;

/* loaded from: input_file:org/apache/knox/gateway/topology/monitor/DefaultRemoteConfigurationMonitor.class */
class DefaultRemoteConfigurationMonitor implements RemoteConfigurationMonitor {
    private static final String NODE_KNOX = "/knox";
    private static final String NODE_KNOX_CONFIG = "/knox/config";
    private static final String NODE_KNOX_PROVIDERS = "/knox/config/shared-providers";
    private static final String NODE_KNOX_DESCRIPTORS = "/knox/config/descriptors";
    private static GatewayMessages log = (GatewayMessages) MessagesFactory.get(GatewayMessages.class);
    private static final RemoteConfigurationRegistryClient.EntryACL AUTHENTICATED_USERS_ALL = new RemoteConfigurationRegistryClient.EntryACL() { // from class: org.apache.knox.gateway.topology.monitor.DefaultRemoteConfigurationMonitor.1
        public String getId() {
            return "";
        }

        public String getType() {
            return "auth";
        }

        public Object getPermissions() {
            return 31;
        }

        public boolean canRead() {
            return true;
        }

        public boolean canWrite() {
            return true;
        }
    };
    private static final RemoteConfigurationRegistryClient.EntryACL WORLD_ANYONE_READ = new RemoteConfigurationRegistryClient.EntryACL() { // from class: org.apache.knox.gateway.topology.monitor.DefaultRemoteConfigurationMonitor.2
        public String getId() {
            return "anyone";
        }

        public String getType() {
            return "world";
        }

        public Object getPermissions() {
            return 1;
        }

        public boolean canRead() {
            return true;
        }

        public boolean canWrite() {
            return false;
        }
    };
    private RemoteConfigurationRegistryClient client;
    private File providersDir;
    private File descriptorsDir;
    private final List<RemoteConfigurationRegistryClient.EntryACL> replacementACL = new ArrayList();

    /* renamed from: org.apache.knox.gateway.topology.monitor.DefaultRemoteConfigurationMonitor$3, reason: invalid class name */
    /* loaded from: input_file:org/apache/knox/gateway/topology/monitor/DefaultRemoteConfigurationMonitor$3.class */
    static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$knox$gateway$services$config$client$RemoteConfigurationRegistryClient$ChildEntryListener$Type = new int[RemoteConfigurationRegistryClient.ChildEntryListener.Type.values().length];

        static {
            try {
                $SwitchMap$org$apache$knox$gateway$services$config$client$RemoteConfigurationRegistryClient$ChildEntryListener$Type[RemoteConfigurationRegistryClient.ChildEntryListener.Type.REMOVED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$knox$gateway$services$config$client$RemoteConfigurationRegistryClient$ChildEntryListener$Type[RemoteConfigurationRegistryClient.ChildEntryListener.Type.ADDED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* loaded from: input_file:org/apache/knox/gateway/topology/monitor/DefaultRemoteConfigurationMonitor$ConfigDirChildEntryListener.class */
    private static class ConfigDirChildEntryListener implements RemoteConfigurationRegistryClient.ChildEntryListener {
        File localDir;

        ConfigDirChildEntryListener(File file) {
            this.localDir = file;
        }

        public void childEvent(RemoteConfigurationRegistryClient remoteConfigurationRegistryClient, RemoteConfigurationRegistryClient.ChildEntryListener.Type type, String str) {
            File file = new File(this.localDir, str.substring(str.lastIndexOf(RemoteAliasService.PATH_SEPARATOR) + 1));
            switch (AnonymousClass3.$SwitchMap$org$apache$knox$gateway$services$config$client$RemoteConfigurationRegistryClient$ChildEntryListener$Type[type.ordinal()]) {
                case 1:
                    FileUtils.deleteQuietly(file);
                    DefaultRemoteConfigurationMonitor.log.deletedRemoteConfigFile(this.localDir.getName(), file.getName());
                    try {
                        remoteConfigurationRegistryClient.removeEntryListener(str);
                        return;
                    } catch (Exception e) {
                        DefaultRemoteConfigurationMonitor.log.errorRemovingRemoteConfigurationListenerForPath(str, e);
                        return;
                    }
                case 2:
                    try {
                        remoteConfigurationRegistryClient.addEntryListener(str, new ConfigEntryListener(this.localDir));
                        return;
                    } catch (Exception e2) {
                        DefaultRemoteConfigurationMonitor.log.errorAddingRemoteConfigurationListenerForPath(str, e2);
                        return;
                    }
                default:
                    return;
            }
        }
    }

    /* loaded from: input_file:org/apache/knox/gateway/topology/monitor/DefaultRemoteConfigurationMonitor$ConfigEntryListener.class */
    private static class ConfigEntryListener implements RemoteConfigurationRegistryClient.EntryListener {
        private File localDir;

        ConfigEntryListener(File file) {
            this.localDir = file;
        }

        public void entryChanged(RemoteConfigurationRegistryClient remoteConfigurationRegistryClient, String str, byte[] bArr) {
            File file = new File(this.localDir, str.substring(str.lastIndexOf(RemoteAliasService.PATH_SEPARATOR)));
            if (bArr == null) {
                FileUtils.deleteQuietly(file);
                DefaultRemoteConfigurationMonitor.log.deletedRemoteConfigFile(this.localDir.getName(), file.getName());
                return;
            }
            try {
                if (!file.exists() || !Arrays.equals(FileUtils.readFileToByteArray(file), bArr)) {
                    FileUtils.writeByteArrayToFile(file, bArr);
                    DefaultRemoteConfigurationMonitor.log.downloadedRemoteConfigFile(this.localDir.getName(), file.getName());
                }
            } catch (IOException e) {
                DefaultRemoteConfigurationMonitor.log.errorDownloadingRemoteConfiguration(str, e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DefaultRemoteConfigurationMonitor(GatewayConfig gatewayConfig, RemoteConfigurationRegistryClientService remoteConfigurationRegistryClientService) {
        this.client = null;
        this.providersDir = new File(gatewayConfig.getGatewayProvidersConfigDir());
        this.descriptorsDir = new File(gatewayConfig.getGatewayDescriptorsDir());
        if (remoteConfigurationRegistryClientService != null) {
            String remoteConfigurationMonitorClientName = gatewayConfig.getRemoteConfigurationMonitorClientName();
            if (remoteConfigurationMonitorClientName != null) {
                this.client = remoteConfigurationRegistryClientService.get(remoteConfigurationMonitorClientName);
                if (this.client == null) {
                    log.unresolvedClientConfigurationForRemoteMonitoring(remoteConfigurationMonitorClientName);
                } else if (gatewayConfig.allowUnauthenticatedRemoteRegistryReadAccess()) {
                    this.replacementACL.add(WORLD_ANYONE_READ);
                }
            } else {
                log.missingClientConfigurationForRemoteMonitoring();
            }
        }
        this.replacementACL.add(AUTHENTICATED_USERS_ALL);
    }

    public RemoteConfigurationRegistryClient getClient() {
        return this.client;
    }

    public void start() throws Exception {
        if (this.client == null) {
            throw new IllegalStateException("Failed to acquire a remote configuration registry client.");
        }
        String address = this.client.getAddress();
        log.startingRemoteConfigurationMonitor(address);
        ensureEntries();
        List<String> listChildEntries = this.client.listChildEntries(NODE_KNOX_PROVIDERS);
        if (listChildEntries == null) {
            throw new IllegalStateException("Unable to access remote path: /knox/config/shared-providers");
        }
        for (String str : listChildEntries) {
            File file = new File(this.providersDir, str);
            byte[] bytes = this.client.getEntryData("/knox/config/shared-providers/" + str).getBytes(StandardCharsets.UTF_8);
            if (!file.exists() || !Arrays.equals(bytes, FileUtils.readFileToByteArray(file))) {
                FileUtils.writeByteArrayToFile(file, bytes);
                log.downloadedRemoteConfigFile(this.providersDir.getName(), str);
            }
        }
        if (this.client.listChildEntries(NODE_KNOX_DESCRIPTORS) == null) {
            throw new IllegalStateException("Unable to access remote path: /knox/config/descriptors");
        }
        this.client.addChildEntryListener(NODE_KNOX_PROVIDERS, new ConfigDirChildEntryListener(this.providersDir));
        this.client.addChildEntryListener(NODE_KNOX_DESCRIPTORS, new ConfigDirChildEntryListener(this.descriptorsDir));
        log.monitoringRemoteConfigurationSource(address);
    }

    public void stop() throws Exception {
        this.client.removeEntryListener(NODE_KNOX_PROVIDERS);
        this.client.removeEntryListener(NODE_KNOX_DESCRIPTORS);
    }

    private void ensureEntries() {
        ensureEntry("/knox");
        ensureEntry(NODE_KNOX_CONFIG);
        ensureEntry(NODE_KNOX_PROVIDERS);
        ensureEntry(NODE_KNOX_DESCRIPTORS);
    }

    private void ensureEntry(String str) {
        if (!this.client.entryExists(str)) {
            this.client.createEntry(str);
            return;
        }
        for (RemoteConfigurationRegistryClient.EntryACL entryACL : this.client.getACL(str)) {
            if (entryACL.getType().equals("world") && entryACL.getId().equals("anyone")) {
                log.suspectWritableRemoteConfigurationEntry(str);
                if (this.client.isAuthenticationConfigured()) {
                    log.correctingSuspectWritableRemoteConfigurationEntry(str);
                    this.client.setACL(str, this.replacementACL);
                }
            }
        }
    }
}
