package org.apache.geode.examples.security;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import org.apache.commons.io.IOUtils;
import org.apache.geode.management.internal.ManagementConstants;
import org.apache.geode.management.internal.beans.stats.StatsKey;
import org.apache.geode.security.AuthenticationFailedException;
import org.apache.geode.security.NotAuthorizedException;
import org.apache.geode.security.ResourcePermission;
import org.apache.geode.security.SecurityManager;

/* loaded from: input_file:org/apache/geode/examples/security/ExampleSecurityManager.class */
public class ExampleSecurityManager implements SecurityManager {
    public static final String SECURITY_JSON = "security-json";
    protected static final String DEFAULT_JSON_FILE_NAME = "security.json";
    private Map<String, User> userNameToUser;

    /* loaded from: input_file:org/apache/geode/examples/security/ExampleSecurityManager$Role.class */
    public static class Role {
        List<ResourcePermission> permissions = new ArrayList();
        String name;
        String serverGroup;

        public List<ResourcePermission> getPermissions() {
            return this.permissions;
        }

        public void setPermissions(List<ResourcePermission> list) {
            this.permissions = list;
        }

        public String getName() {
            return this.name;
        }

        public void setName(String str) {
            this.name = str;
        }

        public String getServerGroup() {
            return this.serverGroup;
        }

        public void setServerGroup(String str) {
            this.serverGroup = str;
        }
    }

    /* loaded from: input_file:org/apache/geode/examples/security/ExampleSecurityManager$User.class */
    public static class User {
        String name;
        Set<Role> roles = new HashSet();
        String password;

        public String getName() {
            return this.name;
        }

        public void setName(String str) {
            this.name = str;
        }

        public Set<Role> getRoles() {
            return this.roles;
        }

        public void setRoles(Set<Role> set) {
            this.roles = set;
        }

        public String getPassword() {
            return this.password;
        }

        public void setPassword(String str) {
            this.password = str;
        }
    }

    @Override // org.apache.geode.security.SecurityManager
    public boolean authorize(Object obj, ResourcePermission resourcePermission) {
        User user;
        if (obj == null || (user = this.userNameToUser.get(obj.toString())) == null) {
            return false;
        }
        for (Role role : this.userNameToUser.get(user.name).roles) {
            if (role != null) {
                Iterator<ResourcePermission> it = role.permissions.iterator();
                while (it.hasNext()) {
                    if (it.next().implies(resourcePermission)) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    @Override // org.apache.geode.security.SecurityManager
    public void init(Properties properties) throws NotAuthorizedException {
        String property = properties != null ? properties.getProperty(SECURITY_JSON) : null;
        if (property == null) {
            property = DEFAULT_JSON_FILE_NAME;
        }
        if (!initializeFromJsonResource(property)) {
            throw new AuthenticationFailedException("ExampleSecurityManager: unable to find json resource \"" + property + "\" as specified by [" + SECURITY_JSON + "].");
        }
    }

    @Override // org.apache.geode.security.SecurityManager
    public Object authenticate(Properties properties) throws AuthenticationFailedException {
        String property = properties.getProperty("security-username");
        String property2 = properties.getProperty("security-password");
        User user = this.userNameToUser.get(property);
        if (user == null) {
            throw new AuthenticationFailedException("ExampleSecurityManager: wrong username/password");
        }
        if (property == null || user.password.equals(property2) || "".equals(property)) {
            return property;
        }
        throw new AuthenticationFailedException("ExampleSecurityManager: wrong username/password");
    }

    boolean initializeFromJson(String str) {
        try {
            JsonNode readTree = new ObjectMapper().readTree(str);
            this.userNameToUser = new HashMap();
            readUsers(this.userNameToUser, readTree, readRoles(readTree));
            return true;
        } catch (IOException e) {
            return false;
        }
    }

    public boolean initializeFromJsonResource(String str) {
        try {
            InputStream systemResourceAsStream = ClassLoader.getSystemResourceAsStream(str);
            if (systemResourceAsStream == null) {
                return false;
            }
            initializeFromJson(readJsonFromInputStream(systemResourceAsStream));
            return true;
        } catch (IOException e) {
            return false;
        }
    }

    public User getUser(String str) {
        return this.userNameToUser.get(str);
    }

    private String readJsonFromInputStream(InputStream inputStream) throws IOException {
        StringWriter stringWriter = new StringWriter();
        IOUtils.copy(inputStream, stringWriter, "UTF-8");
        return stringWriter.toString();
    }

    private void readUsers(Map<String, User> map, JsonNode jsonNode, Map<String, Role> map2) {
        Iterator it = jsonNode.get("users").iterator();
        while (it.hasNext()) {
            JsonNode jsonNode2 = (JsonNode) it.next();
            User user = new User();
            user.name = jsonNode2.get("name").asText();
            if (jsonNode2.has("password")) {
                user.password = jsonNode2.get("password").asText();
            } else {
                user.password = user.name;
            }
            Iterator it2 = jsonNode2.get("roles").iterator();
            while (it2.hasNext()) {
                user.roles.add(map2.get(((JsonNode) it2.next()).asText()));
            }
            map.put(user.name, user);
        }
    }

    private Map<String, Role> readRoles(JsonNode jsonNode) {
        if (jsonNode.get("roles") == null) {
            return Collections.EMPTY_MAP;
        }
        HashMap hashMap = new HashMap();
        Iterator it = jsonNode.get("roles").iterator();
        while (it.hasNext()) {
            JsonNode jsonNode2 = (JsonNode) it.next();
            Role role = new Role();
            role.name = jsonNode2.get("name").asText();
            String str = null;
            String str2 = null;
            JsonNode jsonNode3 = jsonNode2.get(StatsKey.REGIONS);
            if (jsonNode3 != null) {
                str = jsonNode3.isArray() ? (String) StreamSupport.stream(jsonNode3.spliterator(), false).map((v0) -> {
                    return v0.asText();
                }).collect(Collectors.joining(ManagementConstants.KEYVAL_SEPARATOR)) : jsonNode3.asText();
            }
            Iterator it2 = jsonNode2.get("operationsAllowed").iterator();
            while (it2.hasNext()) {
                String[] split = ((JsonNode) it2.next()).asText().split(":");
                String str3 = split.length > 0 ? split[0] : null;
                String str4 = split.length > 1 ? split[1] : null;
                if (split.length > 2) {
                    str = split[2];
                }
                if (split.length > 3) {
                    str2 = split[3];
                }
                role.permissions.add(new ResourcePermission(ResourcePermission.Resource.valueOf(str3), ResourcePermission.Operation.valueOf(str4), str != null ? str : "*", str2 != null ? str2 : "*"));
            }
            hashMap.put(role.name, role);
            if (jsonNode2.has("serverGroup")) {
                role.serverGroup = jsonNode2.get("serverGroup").asText();
            }
        }
        return hashMap;
    }
}
