package com.orientechnologies.orient.server.security;

import com.orientechnologies.orient.core.db.ODatabaseSession;
import com.orientechnologies.orient.core.metadata.security.ORole;
import com.orientechnologies.orient.core.metadata.security.ORule;
import com.orientechnologies.orient.core.metadata.security.OSecurityExternal;
import com.orientechnologies.orient.core.metadata.security.OSecurityPolicy;
import com.orientechnologies.orient.core.metadata.security.OSecurityRole;
import com.orientechnologies.orient.core.metadata.security.OSystemUser;
import com.orientechnologies.orient.core.metadata.security.OUser;
import com.orientechnologies.orient.core.record.impl.ODocument;
import com.orientechnologies.orient.server.OServer;
import com.orientechnologies.orient.server.config.OServerUserConfiguration;
import com.orientechnologies.orient.server.distributed.ODistributedConfiguration;
import com.orientechnologies.orient.server.network.protocol.http.OHttpUtils;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:com/orientechnologies/orient/server/security/OSecurityServerExternal.class */
public class OSecurityServerExternal extends OSecurityExternal {
    private OServer server;

    public OSecurityServerExternal(OServer oServer) {
        this.server = oServer;
    }

    public OUser getUser(ODatabaseSession oDatabaseSession, String str) {
        OServerUserConfiguration user;
        OUser user2 = super.getUser(oDatabaseSession, str);
        if (user2 == null && str != null && (user = this.server.getUser(str)) != null) {
            user2 = new OSystemUser(str, "null", "Server");
            user2.addRole(createRole(user));
        }
        return user2;
    }

    public ORole createRole(OServerUserConfiguration oServerUserConfiguration) {
        ORole oRole = new ORole(oServerUserConfiguration.name, (ORole) null, OSecurityRole.ALLOW_MODES.ALLOW_ALL_BUT);
        if (oServerUserConfiguration.resources.equalsIgnoreCase(ODistributedConfiguration.ALL_WILDCARD)) {
            createRoot(oRole);
        } else {
            mapPermission(oRole, oServerUserConfiguration);
        }
        return oRole;
    }

    private void mapPermission(ORole oRole, OServerUserConfiguration oServerUserConfiguration) {
        for (String str : oServerUserConfiguration.resources.split(",")) {
            ORule.ResourceGeneric mapLegacyResourceToGenericResource = ORule.mapLegacyResourceToGenericResource(str);
            if (mapLegacyResourceToGenericResource != null) {
                oRole.addRule(mapLegacyResourceToGenericResource, (String) null, ORole.PERMISSION_ALL);
            }
        }
    }

    private void createRoot(ORole oRole) {
        oRole.addRule(ORule.ResourceGeneric.BYPASS_RESTRICTED, (String) null, ORole.PERMISSION_ALL);
        oRole.addRule(ORule.ResourceGeneric.ALL, (String) null, ORole.PERMISSION_ALL);
        oRole.addRule(ORule.ResourceGeneric.CLASS, (String) null, ORole.PERMISSION_ALL);
        oRole.addRule(ORule.ResourceGeneric.CLUSTER, (String) null, ORole.PERMISSION_ALL);
        oRole.addRule(ORule.ResourceGeneric.SYSTEM_CLUSTERS, (String) null, ORole.PERMISSION_ALL);
        oRole.addRule(ORule.ResourceGeneric.DATABASE, (String) null, ORole.PERMISSION_ALL);
        oRole.addRule(ORule.ResourceGeneric.SCHEMA, (String) null, ORole.PERMISSION_ALL);
        oRole.addRule(ORule.ResourceGeneric.COMMAND, (String) null, ORole.PERMISSION_ALL);
        oRole.addRule(ORule.ResourceGeneric.COMMAND_GREMLIN, (String) null, ORole.PERMISSION_ALL);
        oRole.addRule(ORule.ResourceGeneric.FUNCTION, (String) null, ORole.PERMISSION_ALL);
        createSecurityPolicyWithBitmask(oRole, ODistributedConfiguration.ALL_WILDCARD, ORole.PERMISSION_ALL);
    }

    public void createSecurityPolicyWithBitmask(OSecurityRole oSecurityRole, String str, int i) {
        OSecurityPolicy oSecurityPolicy = new OSecurityPolicy(new ODocument().field(OHttpUtils.MULTIPART_CONTENT_NAME, "default_" + i));
        oSecurityPolicy.setCreateRule((i & ORole.PERMISSION_CREATE) > 0 ? "true" : "false");
        oSecurityPolicy.setReadRule((i & ORole.PERMISSION_READ) > 0 ? "true" : "false");
        oSecurityPolicy.setBeforeUpdateRule((i & ORole.PERMISSION_UPDATE) > 0 ? "true" : "false");
        oSecurityPolicy.setAfterUpdateRule((i & ORole.PERMISSION_UPDATE) > 0 ? "true" : "false");
        oSecurityPolicy.setDeleteRule((i & ORole.PERMISSION_DELETE) > 0 ? "true" : "false");
        oSecurityPolicy.setExecuteRule((i & ORole.PERMISSION_EXECUTE) > 0 ? "true" : "false");
        addSecurityPolicy(oSecurityRole, str, oSecurityPolicy);
    }

    public void addSecurityPolicy(OSecurityRole oSecurityRole, String str, OSecurityPolicy oSecurityPolicy) {
        ODocument document = oSecurityRole.getDocument();
        if (document == null) {
            return;
        }
        Map map = (Map) document.getProperty("policies");
        if (map == null) {
            map = new HashMap();
            document.setProperty("policies", map);
        }
        map.put(str, oSecurityPolicy.getElement());
    }
}
