package org.eclipse.sensinact.gateway.core.security.access.impl;

import java.util.Collections;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Stack;
import org.eclipse.sensinact.gateway.core.method.AccessMethod;
import org.eclipse.sensinact.gateway.core.security.AccessLevelOption;
import org.eclipse.sensinact.gateway.core.security.AccessNode;
import org.eclipse.sensinact.gateway.core.security.AccessProfileImpl;
import org.eclipse.sensinact.gateway.core.security.AccessProfileOption;
import org.eclipse.sensinact.gateway.core.security.AccessTree;
import org.eclipse.sensinact.gateway.core.security.AccessTreeImpl;
import org.eclipse.sensinact.gateway.core.security.AuthorizationService;
import org.eclipse.sensinact.gateway.core.security.ImmutableAccessNode;
import org.eclipse.sensinact.gateway.core.security.ImmutableAccessTree;
import org.eclipse.sensinact.gateway.core.security.MethodAccessImpl;
import org.eclipse.sensinact.gateway.core.security.MutableAccessNode;
import org.eclipse.sensinact.gateway.core.security.MutableAccessTree;
import org.eclipse.sensinact.gateway.core.security.SecuredAccess;
import org.eclipse.sensinact.gateway.core.security.SecuredAccessException;
import org.eclipse.sensinact.gateway.core.security.SecurityDataStoreService;
import org.eclipse.sensinact.gateway.core.security.dao.AgentDAO;
import org.eclipse.sensinact.gateway.core.security.dao.ApplicationDAO;
import org.eclipse.sensinact.gateway.core.security.dao.AuthenticatedAccessLevelDAO;
import org.eclipse.sensinact.gateway.core.security.dao.BundleDAO;
import org.eclipse.sensinact.gateway.core.security.dao.DAOException;
import org.eclipse.sensinact.gateway.core.security.dao.ObjectDAO;
import org.eclipse.sensinact.gateway.core.security.dao.ObjectProfileAccessDAO;
import org.eclipse.sensinact.gateway.core.security.entity.AgentEntity;
import org.eclipse.sensinact.gateway.core.security.entity.ApplicationEntity;
import org.eclipse.sensinact.gateway.core.security.entity.AuthenticatedAccessLevelEntity;
import org.eclipse.sensinact.gateway.core.security.entity.BundleEntity;
import org.eclipse.sensinact.gateway.core.security.entity.ObjectEntity;
import org.eclipse.sensinact.gateway.datastore.api.DataStoreException;
import org.eclipse.sensinact.gateway.util.UriUtils;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component
/* loaded from: input_file:org/eclipse/sensinact/gateway/core/security/access/impl/SecuredAccessImpl.class */
public class SecuredAccessImpl implements SecuredAccess {
    private static final Logger LOG = LoggerFactory.getLogger(SecuredAccessImpl.class);
    private final SecurityDataStoreService dataStoreService;
    private BundleDAO bundleDAO;
    private AgentDAO agentDAO;
    private ApplicationDAO applicationDAO;
    private ObjectDAO objectDAO;
    private ObjectProfileAccessDAO objectProfileAccessDAO;
    private AuthenticatedAccessLevelDAO authenticatedAccessLevelDAO;
    private ObjectEntity root;
    private AccessProfileOption rootObjectProfileOption;
    private ServiceRegistration<AuthorizationService> authorizationRegistration;

    @Activate
    public SecuredAccessImpl(BundleContext bundleContext, @Reference SecurityDataStoreService securityDataStoreService) throws SecuredAccessException {
        this.dataStoreService = securityDataStoreService;
        try {
            this.applicationDAO = new ApplicationDAO(this.dataStoreService);
            this.agentDAO = new AgentDAO(this.dataStoreService);
            this.objectDAO = new ObjectDAO(this.dataStoreService);
            this.bundleDAO = new BundleDAO(this.dataStoreService);
            this.objectProfileAccessDAO = new ObjectProfileAccessDAO(this.dataStoreService);
            this.authenticatedAccessLevelDAO = new AuthenticatedAccessLevelDAO(this.dataStoreService);
            this.root = (ObjectEntity) this.objectDAO.select(Collections.singletonMap("OID", 0L)).get(0);
            this.rootObjectProfileOption = this.objectProfileAccessDAO.getAccessProfileOption(this.root.getObjectProfileEntity());
            this.authorizationRegistration = bundleContext.registerService(AuthorizationService.class, new AuthorizationServiceImpl(this.authenticatedAccessLevelDAO), (Dictionary) null);
        } catch (DAOException | DataStoreException e) {
            throw new SecuredAccessException(e);
        }
    }

    @Deactivate
    void stop() {
        if (this.authorizationRegistration != null) {
            this.authorizationRegistration.unregister();
        }
    }

    public void buildAccessNodesHierarchy(String str, String str2, MutableAccessTree<? extends MutableAccessNode> mutableAccessTree) throws SecuredAccessException {
        try {
            if (str2 == null) {
                throw new NullPointerException("The sensiNact resource model's name is missing");
            }
            if (checkIdentifier(str, str2)) {
                if (str != null) {
                    buildNodes(mutableAccessTree, this.objectDAO.find(UriUtils.getUri(new String[]{str2})));
                }
            } else {
                if (str != null) {
                    throw new SecuredAccessException("Invalid bundle identifier");
                }
                throw new SecuredAccessException(String.format("A '%s' sensiNact resource model already exists in the data store", str2));
            }
        } catch (Exception e) {
            throw new SecuredAccessException(e);
        } catch (DAOException e2) {
            throw new SecuredAccessException(e2);
        }
    }

    public MutableAccessTree<? extends MutableAccessNode> getAccessTree(String str) throws SecuredAccessException {
        AccessProfileOption accessProfileOption;
        if (str != null) {
            try {
                BundleEntity find = this.bundleDAO.find(str);
                if (find != null) {
                    accessProfileOption = this.objectProfileAccessDAO.getAccessProfileOption(find.getObjectProfileEntity());
                    return new AccessTreeImpl().withAccessProfile(accessProfileOption);
                }
            } catch (Exception e) {
                throw new SecuredAccessException(e);
            }
        }
        accessProfileOption = this.rootObjectProfileOption;
        return new AccessTreeImpl().withAccessProfile(accessProfileOption);
    }

    public AccessTree<? extends AccessNode> getUserAccessTree(String str) throws SecuredAccessException {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("UOID", 0L);
            hashMap.put("PUBLIC_KEY", str);
            List select = this.authenticatedAccessLevelDAO.select(hashMap);
            AccessLevelOption accessLevelOption = (select == null || select.size() != 1) ? AccessLevelOption.ANONYMOUS : ((AuthenticatedAccessLevelEntity) select.get(0)).getAccessLevelOption();
            AccessMethod.Type[] values = AccessMethod.Type.values();
            int length = values == null ? 0 : values.length;
            HashSet hashSet = new HashSet();
            for (int i = 0; i < length; i++) {
                hashSet.add(new MethodAccessImpl(accessLevelOption.getAccessLevel(), values[i]));
            }
            AccessTreeImpl accessTreeImpl = new AccessTreeImpl();
            accessTreeImpl.getRoot().withAccessProfile(new AccessProfileImpl(hashSet));
            buildTree(accessTreeImpl, str);
            return accessTreeImpl.immutable(ImmutableAccessTree.class, ImmutableAccessNode.class);
        } catch (Exception e) {
            throw new SecuredAccessException(e);
        }
    }

    private void buildTree(MutableAccessTree<? extends MutableAccessNode> mutableAccessTree, String str) throws SecuredAccessException {
        if (str == null || str.startsWith("anonymous")) {
            return;
        }
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("PUBLIC_KEY", str);
            hashMap.clear();
            AccessMethod.Type[] values = AccessMethod.Type.values();
            int length = values == null ? 0 : values.length;
            for (AuthenticatedAccessLevelEntity authenticatedAccessLevelEntity : this.authenticatedAccessLevelDAO.select(hashMap)) {
                AccessLevelOption accessLevelOption = authenticatedAccessLevelEntity.getAccessLevelOption();
                long objectId = authenticatedAccessLevelEntity.getObjectId();
                if (objectId != 0) {
                    hashMap.put("OID", Long.valueOf(objectId));
                    List select = this.objectDAO.select(hashMap);
                    if (select != null && select.size() == 1) {
                        HashSet hashSet = new HashSet();
                        for (int i = 0; i < length; i++) {
                            hashSet.add(new MethodAccessImpl(accessLevelOption.getAccessLevel(), values[i]));
                        }
                        Stack stack = new Stack();
                        ObjectEntity objectEntity = (ObjectEntity) select.get(0);
                        while (objectEntity != null && objectEntity.getIdentifier() != 0) {
                            stack.push(objectEntity);
                            hashMap.clear();
                            hashMap.put("OID", Long.valueOf(objectEntity.getParent()));
                            List select2 = this.objectDAO.select(hashMap);
                            objectEntity = select2.isEmpty() ? null : (ObjectEntity) select2.get(0);
                        }
                        MutableAccessNode mutableAccessNode = null;
                        while (!stack.isEmpty()) {
                            ObjectEntity objectEntity2 = (ObjectEntity) stack.pop();
                            mutableAccessNode = mutableAccessTree.add(objectEntity2.getPath(), objectEntity2.isPattern());
                        }
                        mutableAccessNode.withAccessProfile(new AccessProfileImpl(hashSet));
                    }
                }
            }
        } catch (Exception e) {
            throw new SecuredAccessException(e);
        }
    }

    public AccessTree<? extends AccessNode> getApplicationAccessTree(String str) throws SecuredAccessException {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("UOID", 0L);
            hashMap.put("PUBLIC_KEY", str == null ? "anonymous" : str);
            List select = this.authenticatedAccessLevelDAO.select(hashMap);
            AccessLevelOption accessLevelOption = (select == null || select.size() != 1) ? AccessLevelOption.ANONYMOUS : ((AuthenticatedAccessLevelEntity) select.get(0)).getAccessLevelOption();
            AccessMethod.Type[] values = AccessMethod.Type.values();
            int length = values == null ? 0 : values.length;
            HashSet hashSet = new HashSet();
            for (int i = 0; i < length; i++) {
                hashSet.add(new MethodAccessImpl(accessLevelOption.getAccessLevel(), values[i]));
            }
            AccessTreeImpl accessTreeImpl = new AccessTreeImpl();
            accessTreeImpl.getRoot().withAccessProfile(new AccessProfileImpl(hashSet));
            buildTree(accessTreeImpl, str);
            return accessTreeImpl.immutable(ImmutableAccessTree.class, ImmutableAccessNode.class);
        } catch (Exception e) {
            throw new SecuredAccessException(e);
        }
    }

    private boolean checkIdentifier(String str, String str2) throws SecuredAccessException {
        if (str2 == null) {
            return false;
        }
        try {
            List<ObjectEntity> find = this.objectDAO.find(UriUtils.getUri(new String[]{str2}), true);
            if (find.size() == 0) {
                return true;
            }
            BundleEntity find2 = this.bundleDAO.find(str);
            if (find2 == null) {
                return false;
            }
            while (!find.isEmpty()) {
                if (find2.getIdentifier() == find.remove(0).getBundleEntity()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            throw new SecuredAccessException(e);
        }
    }

    private void buildNodes(MutableAccessTree<? extends MutableAccessNode> mutableAccessTree, List<ObjectEntity> list) throws SecuredAccessException {
        if (list == null || list.isEmpty()) {
            return;
        }
        while (!list.isEmpty()) {
            ObjectEntity remove = list.remove(0);
            if (remove.getPath() != null) {
                try {
                    mutableAccessTree.add(remove.getPath(), remove.isPattern()).withAccessProfile(this.objectProfileAccessDAO.getAccessProfileOption(remove.getObjectProfileEntity()));
                    buildNodes(mutableAccessTree, this.objectDAO.findChildren(remove.getIdentifier()));
                } catch (Exception e) {
                    throw new SecuredAccessException(e);
                }
            }
        }
    }

    public String getAgentPublicKey(String str) throws SecuredAccessException, DataStoreException {
        try {
            String str2 = null;
            AgentEntity findFromBundle = this.agentDAO.findFromBundle(str);
            if (findFromBundle != null) {
                str2 = findFromBundle.getPublicKey();
            }
            return str2;
        } catch (DAOException e) {
            throw new SecuredAccessException(e);
        }
    }

    public String getApplicationPublicKey(String str) throws SecuredAccessException {
        try {
            String str2 = null;
            ApplicationEntity findFromPrivateKey = this.applicationDAO.findFromPrivateKey(str);
            if (findFromPrivateKey != null) {
                str2 = findFromPrivateKey.getPublicKey();
            }
            return str2;
        } catch (DAOException | DataStoreException e) {
            throw new SecuredAccessException(e);
        }
    }

    @Deactivate
    void close() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("closing sensiNact secured access");
        }
        if (this.authorizationRegistration != null) {
            try {
                this.authorizationRegistration.unregister();
            } catch (IllegalStateException e) {
                try {
                    LOG.debug(e.getMessage());
                } catch (IllegalStateException e2) {
                }
            }
        }
    }
}
