package net.thevpc.nuts.runtime.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Stack;
import net.thevpc.nuts.NutsAddUserCommand;
import net.thevpc.nuts.NutsAuthenticationAgent;
import net.thevpc.nuts.NutsIllegalArgumentException;
import net.thevpc.nuts.NutsLogger;
import net.thevpc.nuts.NutsRemoveUserCommand;
import net.thevpc.nuts.NutsRepository;
import net.thevpc.nuts.NutsRepositoryConfig;
import net.thevpc.nuts.NutsRepositoryEvent;
import net.thevpc.nuts.NutsRepositoryListener;
import net.thevpc.nuts.NutsRepositorySecurityManager;
import net.thevpc.nuts.NutsSecurityException;
import net.thevpc.nuts.NutsSession;
import net.thevpc.nuts.NutsUpdateOptions;
import net.thevpc.nuts.NutsUpdateUserCommand;
import net.thevpc.nuts.NutsUser;
import net.thevpc.nuts.NutsUserConfig;
import net.thevpc.nuts.runtime.core.config.NutsRepositoryConfigManagerExt;
import net.thevpc.nuts.runtime.core.config.NutsWorkspaceConfigManagerExt;
import net.thevpc.nuts.runtime.main.repos.DefaultNutsRepoConfigManager;
import net.thevpc.nuts.runtime.main.wscommands.DefaultNutsAddUserCommand;
import net.thevpc.nuts.runtime.main.wscommands.DefaultNutsRemoveUserCommand;
import net.thevpc.nuts.runtime.main.wscommands.DefaultNutsUpdateUserCommand;
import net.thevpc.nuts.runtime.util.CoreNutsUtils;
import net.thevpc.nuts.runtime.util.common.CoreStringUtils;

/* loaded from: input_file:net/thevpc/nuts/runtime/security/DefaultNutsRepositorySecurityManager.class */
public class DefaultNutsRepositorySecurityManager implements NutsRepositorySecurityManager {
    private final NutsLogger LOG;
    private final NutsRepository repo;
    private final WrapperNutsAuthenticationAgent agent;
    private final Map<String, NutsAuthorizations> authorizations = new HashMap();

    public DefaultNutsRepositorySecurityManager(NutsRepository nutsRepository) {
        this.repo = nutsRepository;
        this.agent = new WrapperNutsAuthenticationAgent(nutsRepository.getWorkspace(), () -> {
            return nutsRepository.env().toMap();
        }, str -> {
            return getAuthenticationAgent(str, nutsRepository.getWorkspace().createSession());
        });
        this.repo.addRepositoryListener(new NutsRepositoryListener() { // from class: net.thevpc.nuts.runtime.security.DefaultNutsRepositorySecurityManager.1
            public void onConfigurationChanged(NutsRepositoryEvent nutsRepositoryEvent) {
                DefaultNutsRepositorySecurityManager.this.authorizations.clear();
            }
        });
        this.LOG = nutsRepository.getWorkspace().log().of(DefaultNutsRepositorySecurityManager.class);
    }

    public NutsRepositorySecurityManager checkAllowed(String str, String str2) {
        if (isAllowed(str)) {
            return this;
        }
        if (CoreStringUtils.isBlank(str2)) {
            throw new NutsSecurityException(this.repo.getWorkspace(), str + " not allowed!");
        }
        throw new NutsSecurityException(this.repo.getWorkspace(), str2 + ": " + str + " not allowed!");
    }

    public NutsAddUserCommand addUser(String str) {
        return new DefaultNutsAddUserCommand(this.repo);
    }

    public NutsUpdateUserCommand updateUser(String str) {
        return new DefaultNutsUpdateUserCommand(this.repo);
    }

    public NutsRemoveUserCommand removeUser(String str) {
        return new DefaultNutsRemoveUserCommand(this.repo);
    }

    private NutsAuthorizations getAuthorizations(String str) {
        NutsAuthorizations nutsAuthorizations;
        NutsAuthorizations nutsAuthorizations2 = this.authorizations.get(str);
        if (nutsAuthorizations2 != null) {
            return nutsAuthorizations2;
        }
        NutsUserConfig user = NutsRepositoryConfigManagerExt.of(this.repo.config()).getUser(str);
        if (user != null) {
            String[] permissions = user.getPermissions();
            nutsAuthorizations = new NutsAuthorizations(Arrays.asList(permissions == null ? new String[0] : permissions));
            this.authorizations.put(str, nutsAuthorizations);
        } else {
            nutsAuthorizations = new NutsAuthorizations(Collections.emptyList());
        }
        return nutsAuthorizations;
    }

    public boolean isAllowed(String str) {
        if (!this.repo.getWorkspace().security().isSecure()) {
            return true;
        }
        String currentUsername = this.repo.getWorkspace().security().getCurrentUsername();
        if ("admin".equals(currentUsername)) {
            return true;
        }
        Stack stack = new Stack();
        HashSet hashSet = new HashSet();
        hashSet.add(currentUsername);
        stack.push(currentUsername);
        while (!stack.isEmpty()) {
            String str2 = (String) stack.pop();
            Boolean explicitAccept = getAuthorizations(str2).explicitAccept(str);
            if (explicitAccept != null) {
                return explicitAccept.booleanValue();
            }
            NutsUserConfig user = NutsRepositoryConfigManagerExt.of(this.repo.config()).getUser(str2);
            if (user != null && user.getGroups() != null) {
                for (String str3 : user.getGroups()) {
                    if (!hashSet.contains(str3)) {
                        hashSet.add(str3);
                        stack.push(str3);
                    }
                }
            }
        }
        return this.repo.getWorkspace().security().isAllowed(str);
    }

    public NutsUser[] findUsers(NutsSession nutsSession) {
        ArrayList arrayList = new ArrayList();
        for (NutsUserConfig nutsUserConfig : NutsRepositoryConfigManagerExt.of(this.repo.config()).getUsers()) {
            arrayList.add(getEffectiveUser(nutsUserConfig.getUser(), nutsSession));
        }
        return (NutsUser[]) arrayList.toArray(new NutsUser[0]);
    }

    public NutsUser getEffectiveUser(String str, NutsSession nutsSession) {
        NutsUserConfig user = NutsRepositoryConfigManagerExt.of(this.repo.config()).getUser(str);
        Stack stack = new Stack();
        if (user != null) {
            Stack stack2 = new Stack();
            stack2.push(str);
            Stack stack3 = new Stack();
            stack3.addAll(Arrays.asList(user.getGroups()));
            while (!stack3.empty()) {
                String str2 = (String) stack3.pop();
                stack2.add(str2);
                NutsUserConfig user2 = NutsRepositoryConfigManagerExt.of(this.repo.config()).getUser(str2);
                if (user2 != null) {
                    stack.addAll(Arrays.asList(user2.getPermissions()));
                    for (String str3 : user2.getGroups()) {
                        if (!stack2.contains(str3)) {
                            stack3.push(str3);
                        }
                    }
                }
            }
        }
        if (user == null) {
            return null;
        }
        return new DefaultNutsUser(user, (String[]) stack.toArray(new String[0]));
    }

    public NutsAuthenticationAgent getAuthenticationAgent(String str, NutsSession nutsSession) {
        String trim = CoreStringUtils.trim(str);
        if (trim.isEmpty()) {
            trim = ((DefaultNutsRepoConfigManager) this.repo.config()).getStoredConfig().getAuthenticationAgent();
        }
        return NutsWorkspaceConfigManagerExt.of(this.repo.getWorkspace().config()).createAuthenticationAgent(trim, nutsSession);
    }

    public NutsRepositorySecurityManager setAuthenticationAgent(String str, NutsUpdateOptions nutsUpdateOptions) {
        NutsUpdateOptions validate = CoreNutsUtils.validate(nutsUpdateOptions, this.repo.getWorkspace());
        DefaultNutsRepoConfigManager defaultNutsRepoConfigManager = (DefaultNutsRepoConfigManager) this.repo.config();
        if (NutsWorkspaceConfigManagerExt.of(this.repo.getWorkspace().config()).createAuthenticationAgent(str, validate.getSession()) == null) {
            throw new NutsIllegalArgumentException(this.repo.getWorkspace(), "Unsupported Authentication Agent " + str);
        }
        NutsRepositoryConfig storedConfig = defaultNutsRepoConfigManager.getStoredConfig();
        if (!Objects.equals(storedConfig.getAuthenticationAgent(), str)) {
            storedConfig.setAuthenticationAgent(str);
            defaultNutsRepoConfigManager.fireConfigurationChanged("authentication-agent", validate.getSession());
        }
        return this;
    }

    public void checkCredentials(char[] cArr, char[] cArr2, NutsSession nutsSession) throws NutsSecurityException {
        this.agent.checkCredentials(cArr, cArr2, nutsSession);
    }

    public char[] getCredentials(char[] cArr, NutsSession nutsSession) {
        return this.agent.getCredentials(cArr, nutsSession);
    }

    public boolean removeCredentials(char[] cArr, NutsSession nutsSession) {
        return this.agent.removeCredentials(cArr, nutsSession);
    }

    public char[] createCredentials(char[] cArr, boolean z, char[] cArr2, NutsSession nutsSession) {
        return this.agent.createCredentials(cArr, z, cArr2, nutsSession);
    }
}
