package org.geoserver.wps.security;

import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.TreeSet;
import java.util.logging.Logger;
import org.geoserver.config.ConfigurationListenerAdapter;
import org.geoserver.config.GeoServer;
import org.geoserver.config.ServiceInfo;
import org.geoserver.security.AccessMode;
import org.geoserver.security.CatalogMode;
import org.geoserver.security.impl.SecureTreeNode;
import org.geoserver.wps.ProcessGroupInfo;
import org.geoserver.wps.ProcessInfo;
import org.geoserver.wps.WPSInfo;
import org.geoserver.wps.process.GeoServerProcessors;
import org.geotools.api.feature.type.Name;
import org.geotools.process.ProcessFactory;
import org.geotools.util.logging.Logging;

/* loaded from: input_file:WEB-INF/lib/gs-wps-core-2.25.3.jar:org/geoserver/wps/security/WpsAccessRuleDAO.class */
public class WpsAccessRuleDAO extends ConfigurationListenerAdapter {
    private static final Logger LOGGER = Logging.getLogger((Class<?>) WpsAccessRuleDAO.class);
    static final String WPS_PROP_FILE = "wps.xml";
    private GeoServer gs;
    CatalogMode catalogMode = CatalogMode.HIDE;
    List<WpsAccessRule> rules;
    private SecureTreeNode root;

    public WpsAccessRuleDAO(GeoServer geoServer) throws IOException {
        this.gs = geoServer;
        geoServer.addListener(this);
    }

    public CatalogMode getMode() {
        if (this.root == null) {
            loadRules();
        }
        return this.catalogMode;
    }

    public SecureTreeNode getSecurityTreeRoot() {
        if (this.root == null) {
            loadRules();
        }
        return this.root;
    }

    protected void loadRules() {
        WPSInfo wPSInfo = (WPSInfo) this.gs.getService(WPSInfo.class);
        TreeSet treeSet = new TreeSet();
        if (wPSInfo != null) {
            this.catalogMode = CatalogMode.HIDE;
            if (wPSInfo.getCatalogMode() != null) {
                this.catalogMode = wPSInfo.getCatalogMode();
            }
            for (ProcessGroupInfo processGroupInfo : wPSInfo.getProcessGroups()) {
                HashSet<String> hashSet = new HashSet();
                ProcessFactory processFactory = GeoServerProcessors.getProcessFactory(processGroupInfo.getFactoryClass(), false);
                if (processFactory != null) {
                    Iterator<Name> it2 = processFactory.getNames().iterator();
                    while (it2.hasNext()) {
                        hashSet.add(it2.next().getNamespaceURI());
                    }
                }
                for (String str : hashSet) {
                    if (processGroupInfo.getRoles() != null && !processGroupInfo.getRoles().isEmpty()) {
                        treeSet.add(new WpsAccessRule(str, "*", new HashSet(processGroupInfo.getRoles())));
                    }
                }
                for (ProcessInfo processInfo : processGroupInfo.getFilteredProcesses()) {
                    if (processInfo.getRoles() != null && !processInfo.getRoles().isEmpty()) {
                        treeSet.add(new WpsAccessRule(processInfo.getName().getNamespaceURI(), processInfo.getName().getLocalPart(), new HashSet(processInfo.getRoles())));
                    }
                }
            }
        }
        if (treeSet.isEmpty()) {
            treeSet.add(new WpsAccessRule(WpsAccessRule.EXECUTE_ALL));
        }
        this.root = buildAuthorizationTree(treeSet);
    }

    private SecureTreeNode buildAuthorizationTree(Collection<WpsAccessRule> collection) {
        SecureTreeNode secureTreeNode;
        SecureTreeNode secureTreeNode2 = new SecureTreeNode();
        for (WpsAccessRule wpsAccessRule : collection) {
            String groupName = wpsAccessRule.getGroupName();
            String wpsName = wpsAccessRule.getWpsName();
            if ("*".equals(groupName)) {
                secureTreeNode = secureTreeNode2;
            } else {
                SecureTreeNode child = secureTreeNode2.getChild(groupName);
                if (child == null) {
                    child = secureTreeNode2.addChild(groupName);
                }
                if ("*".equals(wpsName)) {
                    secureTreeNode = child;
                } else {
                    SecureTreeNode child2 = child.getChild(wpsName);
                    if (child2 == null) {
                        child2 = child.addChild(wpsName);
                    }
                    secureTreeNode = child2;
                }
            }
            if (secureTreeNode != secureTreeNode2) {
                LOGGER.warning("Rule " + wpsAccessRule + " is overriding another rule targetting the same resource");
            }
            secureTreeNode.setAuthorizedRoles(AccessMode.READ, wpsAccessRule.getRoles());
            secureTreeNode.setAuthorizedRoles(AccessMode.WRITE, Collections.singleton("NO_ONE"));
            secureTreeNode.setAuthorizedRoles(AccessMode.ADMIN, Collections.singleton("NO_ONE"));
        }
        secureTreeNode2.setAuthorizedRoles(AccessMode.READ, Collections.singleton("*"));
        secureTreeNode2.setAuthorizedRoles(AccessMode.WRITE, Collections.singleton("NO_ONE"));
        secureTreeNode2.setAuthorizedRoles(AccessMode.ADMIN, Collections.singleton("NO_ONE"));
        return secureTreeNode2;
    }

    @Override // org.geoserver.config.ConfigurationListenerAdapter, org.geoserver.config.ConfigurationListener
    public void reloaded() {
        this.root = null;
    }

    @Override // org.geoserver.config.ConfigurationListenerAdapter, org.geoserver.config.ConfigurationListener
    public void handlePostServiceChange(ServiceInfo serviceInfo) {
        if (serviceInfo instanceof WPSInfo) {
            this.root = null;
        }
    }
}
