package org.codelibs.fess.helper;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.codelibs.core.crypto.CachedCipher;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.core.stream.StreamUtil;
import org.codelibs.fess.app.service.AccessTokenService;
import org.codelibs.fess.entity.SearchRequestParams;
import org.codelibs.fess.exception.InvalidAccessTokenException;
import org.codelibs.fess.mylasta.action.FessUserBean;
import org.codelibs.fess.mylasta.direction.FessConfig;
import org.codelibs.fess.util.ComponentUtil;
import org.lastaflute.web.servlet.request.RequestManager;
import org.lastaflute.web.util.LaRequestUtil;

/* loaded from: input_file:org/codelibs/fess/helper/RoleQueryHelper.class */
public class RoleQueryHelper {
    private static final Logger logger = LogManager.getLogger(RoleQueryHelper.class);
    protected static final String USER_ROLES = "userRoles";
    protected CachedCipher cipher;
    protected String parameterKey;
    protected String headerKey;
    protected String cookieKey;
    protected Map<String, String> cookieNameMap;
    protected String valueSeparator = "\n";
    protected String roleSeparator = ",";
    protected boolean encryptedParameterValue = true;
    protected boolean encryptedHeaderValue = true;
    protected boolean encryptedCookieValue = true;
    protected final List<String> defaultRoleList = new ArrayList();

    @PostConstruct
    public void init() {
        if (logger.isDebugEnabled()) {
            logger.debug("Initialize {}", getClass().getSimpleName());
        }
        StreamUtil.stream(ComponentUtil.getFessConfig().getSearchDefaultPermissionsAsArray()).of(stream -> {
            stream.forEach(str -> {
                this.defaultRoleList.add(str);
            });
        });
    }

    public Set<String> build(SearchRequestParams.SearchRequestType searchRequestType) {
        HashSet hashSet = new HashSet();
        HttpServletRequest httpServletRequest = (HttpServletRequest) LaRequestUtil.getOptionalRequest().orElse((Object) null);
        FessConfig fessConfig = ComponentUtil.getFessConfig();
        boolean z = (SearchRequestParams.SearchRequestType.SEARCH.equals(searchRequestType) || SearchRequestParams.SearchRequestType.ADMIN_SEARCH.equals(searchRequestType)) ? false : true;
        if (httpServletRequest != null) {
            Set<String> set = (Set) httpServletRequest.getAttribute(USER_ROLES);
            if (set != null) {
                return set;
            }
            if (StringUtil.isNotBlank(this.parameterKey)) {
                processParameter(httpServletRequest, hashSet);
            }
            if (StringUtil.isNotBlank(this.headerKey)) {
                processHeader(httpServletRequest, hashSet);
            }
            if (StringUtil.isNotBlank(this.cookieKey)) {
                processCookie(httpServletRequest, hashSet);
            }
            if (this.cookieNameMap != null) {
                buildByCookieNameMapping(httpServletRequest, hashSet);
            }
            boolean processAccessToken = processAccessToken(httpServletRequest, hashSet, z);
            RequestManager requestManager = ComponentUtil.getRequestManager();
            try {
                requestManager.findUserBean(FessUserBean.class).ifPresent(fessUserBean -> {
                    StreamUtil.stream(fessUserBean.getPermissions()).of(stream -> {
                        Objects.requireNonNull(hashSet);
                        stream.forEach((v1) -> {
                            r1.add(v1);
                        });
                    });
                }).orElse(() -> {
                    if (z && ComponentUtil.getFessConfig().getApiAccessTokenRequiredAsBoolean()) {
                        throw new InvalidAccessTokenException("invalid_token", "Access token is requried.");
                    }
                    if (!processAccessToken || hashSet.isEmpty()) {
                        hashSet.addAll(fessConfig.getSearchGuestPermissionList());
                    }
                });
            } catch (RuntimeException e) {
                try {
                    requestManager.findLoginManager(FessUserBean.class).ifPresent(loginManager -> {
                        loginManager.logout();
                    });
                } catch (Exception e2) {
                }
                throw e;
            }
        }
        if (this.defaultRoleList != null) {
            hashSet.addAll(this.defaultRoleList);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("roleSet: {}", hashSet);
        }
        if (httpServletRequest != null) {
            httpServletRequest.setAttribute(USER_ROLES, hashSet);
        }
        return hashSet;
    }

    protected boolean processAccessToken(HttpServletRequest httpServletRequest, Set<String> set, boolean z) {
        if (z) {
            return ((Boolean) ((AccessTokenService) ComponentUtil.getComponent(AccessTokenService.class)).getPermissions(httpServletRequest).map(set2 -> {
                Objects.requireNonNull(set);
                set2.forEach((v1) -> {
                    r1.add(v1);
                });
                return true;
            }).orElse(false)).booleanValue();
        }
        return false;
    }

    protected void processParameter(HttpServletRequest httpServletRequest, Set<String> set) {
        String parameter = httpServletRequest.getParameter(this.parameterKey);
        if (logger.isDebugEnabled()) {
            logger.debug("{}:{}", this.parameterKey, parameter);
        }
        if (StringUtil.isNotEmpty(parameter)) {
            parseRoleSet(parameter, this.encryptedParameterValue, set);
        }
    }

    protected void processHeader(HttpServletRequest httpServletRequest, Set<String> set) {
        String header = httpServletRequest.getHeader(this.headerKey);
        if (logger.isDebugEnabled()) {
            logger.debug("{}:{}", this.headerKey, header);
        }
        if (StringUtil.isNotEmpty(header)) {
            parseRoleSet(header, this.encryptedHeaderValue, set);
        }
    }

    protected void processCookie(HttpServletRequest httpServletRequest, Set<String> set) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (this.cookieKey.equals(cookie.getName())) {
                    String value = cookie.getValue();
                    if (logger.isDebugEnabled()) {
                        logger.debug("{}:{}", this.cookieKey, value);
                    }
                    if (StringUtil.isNotEmpty(value)) {
                        parseRoleSet(value, this.encryptedCookieValue, set);
                    }
                }
            }
        }
    }

    protected void buildByCookieNameMapping(HttpServletRequest httpServletRequest, Set<String> set) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                addRoleFromCookieMapping(set, cookie);
            }
        }
    }

    protected void addRoleFromCookieMapping(Set<String> set, Cookie cookie) {
        String str = this.cookieNameMap.get(cookie.getName());
        if (StringUtil.isNotBlank(str)) {
            set.add(str);
        }
    }

    protected void parseRoleSet(String str, boolean z, Set<String> set) {
        String str2 = str;
        if (z && this.cipher != null) {
            str2 = this.cipher.decryptoText(str2);
        }
        if (this.valueSeparator.length() <= 0) {
            for (String str3 : str2.split(this.roleSeparator)) {
                if (StringUtil.isNotEmpty(str3)) {
                    set.add(str3);
                }
            }
            return;
        }
        String[] split = str2.split(this.valueSeparator);
        if (split.length > 1) {
            for (String str4 : split[1].split(this.roleSeparator)) {
                if (StringUtil.isNotEmpty(str4)) {
                    set.add(str4);
                }
            }
        }
    }

    public void addCookieNameMapping(String str, String str2) {
        if (this.cookieNameMap == null) {
            this.cookieNameMap = new HashMap();
        }
        this.cookieNameMap.put(str, str2);
    }

    public void setCipher(CachedCipher cachedCipher) {
        this.cipher = cachedCipher;
    }

    public void setValueSeparator(String str) {
        this.valueSeparator = str;
    }

    public void setRoleSeparator(String str) {
        this.roleSeparator = str;
    }

    public void setParameterKey(String str) {
        this.parameterKey = str;
    }

    public void setEncryptedParameterValue(boolean z) {
        this.encryptedParameterValue = z;
    }

    public void setHeaderKey(String str) {
        this.headerKey = str;
    }

    public void setEncryptedHeaderValue(boolean z) {
        this.encryptedHeaderValue = z;
    }

    public void setCookieKey(String str) {
        this.cookieKey = str;
    }

    public void setEncryptedCookieValue(boolean z) {
        this.encryptedCookieValue = z;
    }
}
