package nl.b3p.viewer.config.security;

import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.persistence.EntityManager;
import javax.persistence.NoResultException;
import javax.servlet.http.HttpServletRequest;
import net.sourceforge.stripes.action.ActionBeanContext;
import nl.b3p.viewer.config.app.Application;
import nl.b3p.viewer.config.app.ApplicationLayer;
import nl.b3p.viewer.config.app.ConfiguredComponent;
import nl.b3p.viewer.config.app.Level;
import nl.b3p.viewer.config.services.Layer;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:WEB-INF/lib/viewer-config-persistence-5.6.0.jar:nl/b3p/viewer/config/security/Authorizations.class */
public class Authorizations {
    private static final Object LOCK = new Object();
    private static final String ROLES_ATTRIBUTE = Authorizations.class.getName() + ".roles";
    private static final Log log = LogFactory.getLog(Authorizations.class);
    public static final Set<String> NOBODY = new HashSet(Arrays.asList(null));
    public static final Set<String> EVERYBODY = Collections.EMPTY_SET;
    public static final Map<Long, GeoServiceCache> serviceCache = new HashMap();
    private static final Map<Long, ApplicationCache> applicationCache = new HashMap();
    private static final Map<Long, AppConfiguredComponentsReadersCache> appConfiguredComponentsReadersCache = new HashMap();
    private static final String REQUEST_APP_CACHE = Authorizations.class.getName() + ".REQUEST_APP_CACHE";

    /* loaded from: input_file:WEB-INF/lib/viewer-config-persistence-5.6.0.jar:nl/b3p/viewer/config/security/Authorizations$AppConfiguredComponentsReadersCache.class */
    public static class AppConfiguredComponentsReadersCache {
        Date modified;
        Map<Long, Set<String>> readersByConfiguredComponentId;
    }

    /* loaded from: input_file:WEB-INF/lib/viewer-config-persistence-5.6.0.jar:nl/b3p/viewer/config/security/Authorizations$ApplicationCache.class */
    public static class ApplicationCache {
        Date modified;
        Map<Long, Read> protectedLevels;
        Map<Long, ReadWrite> protectedAppLayers;

        public Date getModified() {
            return this.modified;
        }

        public Map<Long, ReadWrite> getProtectedAppLayers() {
            return this.protectedAppLayers;
        }

        public Map<Long, Read> getProtectedLevels() {
            return this.protectedLevels;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/viewer-config-persistence-5.6.0.jar:nl/b3p/viewer/config/security/Authorizations$GeoServiceCache.class */
    public static class GeoServiceCache {
        Date modified;
        Map<Long, ReadWrite> protectedLayers;

        public Map<Long, ReadWrite> getProtectedLayers() {
            return this.protectedLayers;
        }

        public Date getModified() {
            return this.modified;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/viewer-config-persistence-5.6.0.jar:nl/b3p/viewer/config/security/Authorizations$Read.class */
    public static class Read {
        Set<String> readers;

        public Read(Set<String> set) {
            this.readers = set;
        }

        public Set<String> getReaders() {
            return this.readers;
        }

        public JSONObject toJSON() throws JSONException {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("readers", new JSONArray((Collection<?>) this.readers));
            return jSONObject;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/viewer-config-persistence-5.6.0.jar:nl/b3p/viewer/config/security/Authorizations$ReadWrite.class */
    public static class ReadWrite extends Read {
        Set<String> writers;

        public ReadWrite(Set<String> set, Set<String> set2) {
            super(set);
            this.writers = set2;
        }

        public Set<String> getWriters() {
            return this.writers;
        }

        @Override // nl.b3p.viewer.config.security.Authorizations.Read
        public JSONObject toJSON() throws JSONException {
            JSONObject jSONObject = new JSONObject();
            JSONArray jSONArray = new JSONArray((Collection<?>) this.writers);
            jSONObject.put("readers", new JSONArray((Collection<?>) this.readers));
            jSONObject.put("writers", jSONArray);
            return jSONObject;
        }
    }

    public static Set<String> getRoles(HttpServletRequest httpServletRequest, EntityManager entityManager) {
        if (httpServletRequest.getRemoteUser() == null) {
            return Collections.EMPTY_SET;
        }
        Set<String> set = (Set) httpServletRequest.getAttribute(ROLES_ATTRIBUTE);
        if (set == null) {
            set = new HashSet();
            for (String str : entityManager.createQuery("select name FROM Group").getResultList()) {
                if (httpServletRequest.isUserInRole(str)) {
                    set.add(str);
                }
            }
            httpServletRequest.setAttribute(ROLES_ATTRIBUTE, set);
        }
        return set;
    }

    private static boolean isReadAuthorized(HttpServletRequest httpServletRequest, Read read, EntityManager entityManager) {
        if (read == null || read.readers.equals(EVERYBODY)) {
            return true;
        }
        if (read.readers.equals(NOBODY)) {
            return false;
        }
        Set<String> roles = getRoles(httpServletRequest, entityManager);
        return (roles.isEmpty() || Collections.disjoint(read.readers, roles)) ? false : true;
    }

    private static boolean isWriteAuthorized(HttpServletRequest httpServletRequest, ReadWrite readWrite, EntityManager entityManager) {
        if (!isReadAuthorized(httpServletRequest, readWrite, entityManager)) {
            return false;
        }
        if (readWrite == null || readWrite.writers.equals(EVERYBODY)) {
            return true;
        }
        if (readWrite.writers.equals(NOBODY)) {
            return false;
        }
        Set<String> roles = getRoles(httpServletRequest, entityManager);
        return (roles.isEmpty() || Collections.disjoint(readWrite.writers, roles)) ? false : true;
    }

    private static String unauthMsg(HttpServletRequest httpServletRequest, boolean z) {
        if (("User " + httpServletRequest.getRemoteUser()) == null) {
            return "(none)";
        }
        return httpServletRequest.getRemoteUser() + " not authorized to " + (z ? "edit " : "access ");
    }

    public static boolean isLayerReadAuthorized(Layer layer, HttpServletRequest httpServletRequest, EntityManager entityManager) {
        return isReadAuthorized(httpServletRequest, getLayerAuthorizations(layer, entityManager), entityManager);
    }

    public static void checkLayerReadAuthorized(Layer layer, HttpServletRequest httpServletRequest, EntityManager entityManager) throws Exception {
        if (!isLayerReadAuthorized(layer, httpServletRequest, entityManager)) {
            throw new Exception(unauthMsg(httpServletRequest, false) + " layer #" + layer.getId());
        }
    }

    public static boolean isLayerWriteAuthorized(Layer layer, HttpServletRequest httpServletRequest, EntityManager entityManager) {
        return isWriteAuthorized(httpServletRequest, getLayerAuthorizations(layer, entityManager), entityManager);
    }

    public static void checkLayerWriteAuthorized(Layer layer, HttpServletRequest httpServletRequest, EntityManager entityManager) throws Exception {
        if (!isLayerWriteAuthorized(layer, httpServletRequest, entityManager)) {
            throw new Exception(unauthMsg(httpServletRequest, true) + " layer #" + layer.getId());
        }
    }

    public static boolean isLayerGeomWriteAuthorized(Layer layer, HttpServletRequest httpServletRequest, EntityManager entityManager) {
        if (!isLayerWriteAuthorized(layer, httpServletRequest, entityManager)) {
            return true;
        }
        Iterator<String> it2 = layer.getPreventGeomEditors().iterator();
        while (it2.hasNext()) {
            if (httpServletRequest.isUserInRole(it2.next())) {
                return false;
            }
        }
        return true;
    }

    public static ApplicationCache getApplicationCacheFromRequest(Application application, HttpServletRequest httpServletRequest, EntityManager entityManager) {
        Map map = (Map) httpServletRequest.getAttribute(REQUEST_APP_CACHE);
        if (map == null) {
            map = new HashMap();
            httpServletRequest.setAttribute(REQUEST_APP_CACHE, map);
        }
        ApplicationCache applicationCache2 = (ApplicationCache) map.get(application.getId());
        if (applicationCache2 == null) {
            applicationCache2 = getApplicationCache(application, entityManager);
            map.put(application.getId(), applicationCache2);
        }
        return applicationCache2;
    }

    public static boolean isApplicationReadAuthorized(Application application, HttpServletRequest httpServletRequest, EntityManager entityManager) {
        return isReadAuthorized(httpServletRequest, new Read(application.getReaders()), entityManager);
    }

    public static boolean isLevelReadAuthorized(Application application, Level level, HttpServletRequest httpServletRequest, EntityManager entityManager) {
        return isLevelReadAuthorized(application, level, httpServletRequest, getApplicationCacheFromRequest(application, httpServletRequest, entityManager), entityManager);
    }

    public static boolean isLevelReadAuthorized(Application application, Level level, HttpServletRequest httpServletRequest, ApplicationCache applicationCache2, EntityManager entityManager) {
        if (application.isAuthenticatedRequired() && httpServletRequest.getRemoteUser() == null) {
            return false;
        }
        if (applicationCache2 == null) {
            applicationCache2 = getApplicationCache(application, entityManager);
        }
        return isReadAuthorized(httpServletRequest, applicationCache2.protectedLevels.get(level.getId()), entityManager);
    }

    public static void checkLevelReadAuthorized(Application application, Level level, HttpServletRequest httpServletRequest, EntityManager entityManager) throws Exception {
        if (!isLevelReadAuthorized(application, level, httpServletRequest, entityManager)) {
            throw new Exception(unauthMsg(httpServletRequest, false) + " level #" + level.getId());
        }
    }

    public static boolean isAppLayerReadAuthorized(Application application, ApplicationLayer applicationLayer, HttpServletRequest httpServletRequest, EntityManager entityManager) {
        return isAppLayerReadAuthorized(application, applicationLayer, httpServletRequest, getApplicationCacheFromRequest(application, httpServletRequest, entityManager), entityManager);
    }

    public static boolean isAppLayerReadAuthorized(Application application, ApplicationLayer applicationLayer, HttpServletRequest httpServletRequest, ApplicationCache applicationCache2, EntityManager entityManager) {
        if (application == null) {
            return false;
        }
        if (application.isAuthenticatedRequired() && httpServletRequest.getRemoteUser() == null) {
            return false;
        }
        if (applicationCache2 == null) {
            applicationCache2 = getApplicationCache(application, entityManager);
        }
        return isReadAuthorized(httpServletRequest, applicationCache2.protectedAppLayers.get(applicationLayer.getId()), entityManager);
    }

    public static void checkAppLayerReadAuthorized(Application application, ApplicationLayer applicationLayer, HttpServletRequest httpServletRequest, EntityManager entityManager) throws Exception {
        if (!isAppLayerReadAuthorized(application, applicationLayer, httpServletRequest, entityManager)) {
            throw new Exception(unauthMsg(httpServletRequest, false) + " application layer #" + applicationLayer.getId());
        }
    }

    public static boolean isAppLayerWriteAuthorized(Application application, ApplicationLayer applicationLayer, HttpServletRequest httpServletRequest, EntityManager entityManager) {
        return isAppLayerWriteAuthorized(application, applicationLayer, httpServletRequest, getApplicationCacheFromRequest(application, httpServletRequest, entityManager), entityManager);
    }

    public static boolean isAppLayerWriteAuthorized(Application application, ApplicationLayer applicationLayer, HttpServletRequest httpServletRequest, ApplicationCache applicationCache2, EntityManager entityManager) {
        if (application == null) {
            return false;
        }
        if (application.isAuthenticatedRequired() && httpServletRequest.getRemoteUser() == null) {
            return false;
        }
        if (applicationCache2 == null) {
            applicationCache2 = getApplicationCache(application, entityManager);
        }
        return isWriteAuthorized(httpServletRequest, applicationCache2.protectedAppLayers.get(applicationLayer.getId()), entityManager);
    }

    public static void checkAppLayerWriteAuthorized(Application application, ApplicationLayer applicationLayer, HttpServletRequest httpServletRequest, EntityManager entityManager) throws Exception {
        if (!isAppLayerWriteAuthorized(application, applicationLayer, httpServletRequest, entityManager)) {
            throw new Exception(unauthMsg(httpServletRequest, true) + " application layer #" + applicationLayer.getId());
        }
    }

    public static boolean isConfiguredComponentAuthorized(ConfiguredComponent configuredComponent, HttpServletRequest httpServletRequest, EntityManager entityManager) {
        Set<String> set;
        Application application = configuredComponent.getApplication();
        Long id = application.getId();
        synchronized (appConfiguredComponentsReadersCache) {
            AppConfiguredComponentsReadersCache appConfiguredComponentsReadersCache2 = appConfiguredComponentsReadersCache.get(id);
            if (appConfiguredComponentsReadersCache2 == null || appConfiguredComponentsReadersCache2.modified.before(application.getAuthorizationsModified())) {
                appConfiguredComponentsReadersCache2 = new AppConfiguredComponentsReadersCache();
                appConfiguredComponentsReadersCache.put(id, appConfiguredComponentsReadersCache2);
                appConfiguredComponentsReadersCache2.modified = configuredComponent.getApplication().getAuthorizationsModified();
                appConfiguredComponentsReadersCache2.readersByConfiguredComponentId = new HashMap();
                for (Object[] objArr : entityManager.createQuery("select cc.id, r from ConfiguredComponent cc join cc.readers r where cc.application = :app").setParameter("app", configuredComponent.getApplication()).getResultList()) {
                    Long l = (Long) objArr[0];
                    String str = (String) objArr[1];
                    Set<String> set2 = appConfiguredComponentsReadersCache2.readersByConfiguredComponentId.get(l);
                    if (set2 == null) {
                        set2 = new HashSet();
                        appConfiguredComponentsReadersCache2.readersByConfiguredComponentId.put(l, set2);
                    }
                    set2.add(str);
                }
            }
            set = appConfiguredComponentsReadersCache2.readersByConfiguredComponentId.get(configuredComponent.getId());
        }
        if (set == null) {
            set = EVERYBODY;
        }
        return isReadAuthorized(httpServletRequest, new Read(set), entityManager);
    }

    public static void checkConfiguredComponentAuthorized(ConfiguredComponent configuredComponent, HttpServletRequest httpServletRequest, EntityManager entityManager) throws Exception {
        if (!isReadAuthorized(httpServletRequest, new Read(configuredComponent.getReaders()), entityManager)) {
            throw new Exception(unauthMsg(httpServletRequest, true) + " configured component #" + configuredComponent.getName() + " of app #" + configuredComponent.getApplication().getId());
        }
    }

    public static ReadWrite getLayerAuthorizations(Layer layer, EntityManager entityManager) {
        synchronized (LOCK) {
            GeoServiceCache geoServiceCache = serviceCache.get(layer.getService().getId());
            if (geoServiceCache != null && geoServiceCache.modified.equals(layer.getService().getAuthorizationsModified())) {
                return geoServiceCache.protectedLayers.get(layer.getId());
            }
            GeoServiceCache geoServiceCache2 = new GeoServiceCache();
            serviceCache.put(layer.getService().getId(), geoServiceCache2);
            geoServiceCache2.modified = layer.getService().getAuthorizationsModified();
            geoServiceCache2.protectedLayers = new HashMap();
            List<Layer> loadLayerTree = layer.getService().loadLayerTree(entityManager);
            if (!loadLayerTree.isEmpty()) {
                int i = 0;
                do {
                    List<Layer> subList = loadLayerTree.subList(i, Math.min(loadLayerTree.size(), i + 500));
                    entityManager.createQuery("from Layer l left join fetch l.readers left join fetch l.writers where l in (:layers)").setParameter("layers", subList).getResultList();
                    i += subList.size();
                } while (i < loadLayerTree.size());
            }
            walkLayer(layer.getService().getTopLayer(), EVERYBODY, EVERYBODY, geoServiceCache2.protectedLayers, entityManager);
            return geoServiceCache2.protectedLayers.get(layer.getId());
        }
    }

    public static boolean isUserExpired(User user, ActionBeanContext actionBeanContext) {
        if (user == null) {
            return false;
        }
        try {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("dd-MM-yyyy");
            return simpleDateFormat.parse(simpleDateFormat.format(new Date())).after(simpleDateFormat.parse(user.getDetails().getOrDefault("expiry_date", simpleDateFormat.format(new Date()))));
        } catch (ParseException e) {
            log.error("Error parsing expiry_date for user: " + user.getUsername(), e);
            return true;
        }
    }

    private static Set<String> inheritAuthorizations(Set<String> set, Set<String> set2) {
        if (set2.equals(EVERYBODY)) {
            return set;
        }
        if (set.equals(EVERYBODY)) {
            return new HashSet(set2);
        }
        HashSet hashSet = new HashSet(set);
        hashSet.retainAll(set2);
        return hashSet.isEmpty() ? NOBODY : hashSet;
    }

    private static void walkLayer(Layer layer, Set<String> set, Set<String> set2, Map map, EntityManager entityManager) {
        Set<String> inheritAuthorizations = inheritAuthorizations(set, layer.getReaders());
        Set<String> inheritAuthorizations2 = inheritAuthorizations(set2, layer.getWriters());
        if (!inheritAuthorizations.equals(EVERYBODY) || !inheritAuthorizations2.equals(EVERYBODY)) {
            map.put(layer.getId(), new ReadWrite(inheritAuthorizations, inheritAuthorizations2));
        }
        Iterator<Layer> it2 = layer.getCachedChildren(entityManager).iterator();
        while (it2.hasNext()) {
            walkLayer(it2.next(), inheritAuthorizations, inheritAuthorizations2, map, entityManager);
        }
    }

    public static ApplicationCache getApplicationCache(Application application, EntityManager entityManager) {
        synchronized (LOCK) {
            ApplicationCache applicationCache2 = applicationCache.get(application.getId());
            Date date = null;
            if (applicationCache2 != null && !applicationCache2.modified.before(application.getAuthorizationsModified())) {
                try {
                    date = (Date) entityManager.createQuery("select max(authorizationsModified) from GeoService").getSingleResult();
                    if (date != null) {
                        if (!applicationCache2.modified.before(date)) {
                            return applicationCache2;
                        }
                    }
                } catch (NoResultException e) {
                }
            }
            ApplicationCache applicationCache3 = new ApplicationCache();
            applicationCache.put(application.getId(), applicationCache3);
            if (date != null) {
                applicationCache3.modified = date.after(application.getAuthorizationsModified()) ? date : application.getAuthorizationsModified();
            } else {
                applicationCache3.modified = application.getAuthorizationsModified();
            }
            applicationCache3.protectedLevels = new HashMap();
            applicationCache3.protectedAppLayers = new HashMap();
            Application.TreeCache loadTreeCache = application.loadTreeCache(entityManager);
            loadTreeCache.initializeLevels("left join fetch l.readers", entityManager);
            loadTreeCache.initializeApplicationLayers("left join fetch al.readers left join fetch al.writers", entityManager);
            walkLevel(application.getRoot(), EVERYBODY, applicationCache3, loadTreeCache, entityManager);
            return applicationCache3;
        }
    }

    private static void walkLevel(Level level, Set<String> set, ApplicationCache applicationCache2, Application.TreeCache treeCache, EntityManager entityManager) {
        Set<String> inheritAuthorizations = inheritAuthorizations(set, level.getReaders());
        if (!inheritAuthorizations.equals(EVERYBODY)) {
            applicationCache2.protectedLevels.put(level.getId(), new Read(inheritAuthorizations));
        }
        for (ApplicationLayer applicationLayer : level.getLayers()) {
            if (applicationLayer != null) {
                walkAppLayer(applicationLayer, inheritAuthorizations, applicationCache2, entityManager);
            }
        }
        Iterator<Level> it2 = treeCache.getChildren(level).iterator();
        while (it2.hasNext()) {
            walkLevel(it2.next(), inheritAuthorizations, applicationCache2, treeCache, entityManager);
        }
    }

    private static void walkAppLayer(ApplicationLayer applicationLayer, Set<String> set, ApplicationCache applicationCache2, EntityManager entityManager) {
        ReadWrite layerAuthorizations;
        Set<String> inheritAuthorizations = inheritAuthorizations(set, applicationLayer.getReaders());
        Layer layer = applicationLayer.getService().getLayer(applicationLayer.getLayerName(), entityManager);
        Set<String> writers = applicationLayer.getWriters();
        if (layer != null && (layerAuthorizations = getLayerAuthorizations(layer, entityManager)) != null) {
            inheritAuthorizations = inheritAuthorizations(inheritAuthorizations, layerAuthorizations.readers);
            writers = inheritAuthorizations(writers, layerAuthorizations.writers);
        }
        if (inheritAuthorizations.equals(EVERYBODY) && writers.equals(EVERYBODY)) {
            return;
        }
        applicationCache2.protectedAppLayers.put(applicationLayer.getId(), new ReadWrite(inheritAuthorizations, writers));
    }
}
