package net.thevpc.nuts.runtime.standalone.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Stack;
import net.thevpc.nuts.NutsAddUserCommand;
import net.thevpc.nuts.NutsAuthenticationAgent;
import net.thevpc.nuts.NutsIllegalArgumentException;
import net.thevpc.nuts.NutsMessage;
import net.thevpc.nuts.NutsRemoveUserCommand;
import net.thevpc.nuts.NutsRepository;
import net.thevpc.nuts.NutsRepositoryConfig;
import net.thevpc.nuts.NutsRepositoryEvent;
import net.thevpc.nuts.NutsRepositoryListener;
import net.thevpc.nuts.NutsSecurityException;
import net.thevpc.nuts.NutsSession;
import net.thevpc.nuts.NutsUpdateUserCommand;
import net.thevpc.nuts.NutsUser;
import net.thevpc.nuts.NutsUserConfig;
import net.thevpc.nuts.NutsUtilStrings;
import net.thevpc.nuts.NutsWorkspace;
import net.thevpc.nuts.NutsWorkspaceSecurityManager;
import net.thevpc.nuts.runtime.core.config.NutsRepositoryConfigManagerExt;
import net.thevpc.nuts.runtime.core.config.NutsWorkspaceConfigManagerExt;
import net.thevpc.nuts.runtime.standalone.repos.DefaultNutsRepoConfigManager;
import net.thevpc.nuts.runtime.standalone.util.NutsWorkspaceUtils;
import net.thevpc.nuts.runtime.standalone.wscommands.DefaultNutsAddUserCommand;
import net.thevpc.nuts.runtime.standalone.wscommands.DefaultNutsRemoveUserCommand;
import net.thevpc.nuts.runtime.standalone.wscommands.DefaultNutsUpdateUserCommand;

/* loaded from: input_file:net/thevpc/nuts/runtime/standalone/security/DefaultNutsRepositorySecurityModel.class */
public class DefaultNutsRepositorySecurityModel {
    private final NutsRepository repository;
    private final WrapperNutsAuthenticationAgent agent;
    private final Map<String, NutsAuthorizations> authorizations = new HashMap();

    public DefaultNutsRepositorySecurityModel(NutsRepository nutsRepository) {
        this.repository = nutsRepository;
        this.agent = new WrapperNutsAuthenticationAgent(nutsRepository.getWorkspace(), nutsSession -> {
            return nutsRepository.env().setSession(nutsSession).toMap();
        }, (str, nutsSession2) -> {
            return getAuthenticationAgent(str, nutsSession2);
        });
        this.repository.addRepositoryListener(new NutsRepositoryListener() { // from class: net.thevpc.nuts.runtime.standalone.security.DefaultNutsRepositorySecurityModel.1
            public void onConfigurationChanged(NutsRepositoryEvent nutsRepositoryEvent) {
                DefaultNutsRepositorySecurityModel.this.authorizations.clear();
            }
        });
    }

    public void checkAllowed(String str, String str2, NutsSession nutsSession) {
        NutsWorkspaceUtils.checkSession(this.repository.getWorkspace(), nutsSession);
        if (isAllowed(str, nutsSession)) {
            return;
        }
        if (!NutsUtilStrings.isBlank(str2)) {
            throw new NutsSecurityException(nutsSession, NutsMessage.cstyle("%s : %s not allowed!", new Object[]{str2, str}));
        }
        throw new NutsSecurityException(nutsSession, NutsMessage.cstyle("%s not allowed!", new Object[]{str}));
    }

    public NutsAddUserCommand addUser(String str, NutsSession nutsSession) {
        return new DefaultNutsAddUserCommand(this.repository);
    }

    public NutsUpdateUserCommand updateUser(String str, NutsSession nutsSession) {
        return new DefaultNutsUpdateUserCommand(this.repository);
    }

    public NutsRemoveUserCommand removeUser(String str, NutsSession nutsSession) {
        return new DefaultNutsRemoveUserCommand(this.repository);
    }

    private NutsAuthorizations getAuthorizations(String str, NutsSession nutsSession) {
        NutsAuthorizations nutsAuthorizations;
        NutsAuthorizations nutsAuthorizations2 = this.authorizations.get(str);
        if (nutsAuthorizations2 != null) {
            return nutsAuthorizations2;
        }
        NutsUserConfig user = NutsRepositoryConfigManagerExt.of(this.repository.config()).getModel().getUser(str, nutsSession);
        if (user != null) {
            String[] permissions = user.getPermissions();
            nutsAuthorizations = new NutsAuthorizations(Arrays.asList(permissions == null ? new String[0] : permissions));
            this.authorizations.put(str, nutsAuthorizations);
        } else {
            nutsAuthorizations = new NutsAuthorizations(Collections.emptyList());
        }
        return nutsAuthorizations;
    }

    public boolean isAllowed(String str, NutsSession nutsSession) {
        NutsWorkspaceSecurityManager session = this.repository.getWorkspace().security().setSession(nutsSession);
        if (!session.isSecure()) {
            return true;
        }
        String currentUsername = session.getCurrentUsername();
        if ("admin".equals(currentUsername)) {
            return true;
        }
        Stack stack = new Stack();
        HashSet hashSet = new HashSet();
        hashSet.add(currentUsername);
        stack.push(currentUsername);
        while (!stack.isEmpty()) {
            String str2 = (String) stack.pop();
            Boolean explicitAccept = getAuthorizations(str2, nutsSession).explicitAccept(str);
            if (explicitAccept != null) {
                return explicitAccept.booleanValue();
            }
            NutsUserConfig user = NutsRepositoryConfigManagerExt.of(this.repository.config()).getModel().getUser(str2, nutsSession);
            if (user != null && user.getGroups() != null) {
                for (String str3 : user.getGroups()) {
                    if (!hashSet.contains(str3)) {
                        hashSet.add(str3);
                        stack.push(str3);
                    }
                }
            }
        }
        return session.isAllowed(str);
    }

    public NutsUser[] findUsers(NutsSession nutsSession) {
        ArrayList arrayList = new ArrayList();
        for (NutsUserConfig nutsUserConfig : NutsRepositoryConfigManagerExt.of(this.repository.config()).getModel().getUsers(nutsSession)) {
            arrayList.add(getEffectiveUser(nutsUserConfig.getUser(), nutsSession));
        }
        return (NutsUser[]) arrayList.toArray(new NutsUser[0]);
    }

    public NutsUser getEffectiveUser(String str, NutsSession nutsSession) {
        NutsUserConfig user = NutsRepositoryConfigManagerExt.of(this.repository.config()).getModel().getUser(str, nutsSession);
        Stack stack = new Stack();
        if (user != null) {
            Stack stack2 = new Stack();
            stack2.push(str);
            Stack stack3 = new Stack();
            stack3.addAll(Arrays.asList(user.getGroups()));
            while (!stack3.empty()) {
                String str2 = (String) stack3.pop();
                stack2.add(str2);
                NutsUserConfig user2 = NutsRepositoryConfigManagerExt.of(this.repository.config()).getModel().getUser(str2, nutsSession);
                if (user2 != null) {
                    stack.addAll(Arrays.asList(user2.getPermissions()));
                    for (String str3 : user2.getGroups()) {
                        if (!stack2.contains(str3)) {
                            stack3.push(str3);
                        }
                    }
                }
            }
        }
        if (user == null) {
            return null;
        }
        return new DefaultNutsUser(user, (String[]) stack.toArray(new String[0]));
    }

    public NutsAuthenticationAgent getAuthenticationAgent(String str, NutsSession nutsSession) {
        String trim = NutsUtilStrings.trim(str);
        if (trim.isEmpty()) {
            trim = ((DefaultNutsRepoConfigManager) this.repository.config()).getModel().getStoredConfig(nutsSession).getAuthenticationAgent();
        }
        return NutsWorkspaceConfigManagerExt.of(this.repository.getWorkspace().config()).getModel().createAuthenticationAgent(trim, nutsSession);
    }

    public void setAuthenticationAgent(String str, NutsSession nutsSession) {
        DefaultNutsRepoConfigManager defaultNutsRepoConfigManager = (DefaultNutsRepoConfigManager) this.repository.config().setSession(nutsSession);
        if (NutsWorkspaceConfigManagerExt.of(this.repository.getWorkspace().config()).getModel().createAuthenticationAgent(str, nutsSession) == null) {
            throw new NutsIllegalArgumentException(nutsSession, NutsMessage.cstyle("unsupported Authentication Agent %s", new Object[]{str}));
        }
        NutsRepositoryConfig storedConfig = defaultNutsRepoConfigManager.getModel().getStoredConfig(nutsSession);
        if (Objects.equals(storedConfig.getAuthenticationAgent(), str)) {
            return;
        }
        storedConfig.setAuthenticationAgent(str);
        defaultNutsRepoConfigManager.getModel().fireConfigurationChanged("authentication-agent", nutsSession);
    }

    public void checkCredentials(char[] cArr, char[] cArr2, NutsSession nutsSession) throws NutsSecurityException {
        this.agent.checkCredentials(cArr, cArr2, nutsSession);
    }

    public char[] getCredentials(char[] cArr, NutsSession nutsSession) {
        return this.agent.getCredentials(cArr, nutsSession);
    }

    public boolean removeCredentials(char[] cArr, NutsSession nutsSession) {
        return this.agent.removeCredentials(cArr, nutsSession);
    }

    public char[] createCredentials(char[] cArr, boolean z, char[] cArr2, NutsSession nutsSession) {
        return this.agent.createCredentials(cArr, z, cArr2, nutsSession);
    }

    public NutsRepository getRepository() {
        return this.repository;
    }

    public NutsWorkspace getWorkspace() {
        return this.repository.getWorkspace();
    }
}
