package org.gorpipe.gor.auth;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Strings;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.util.concurrent.UncheckedExecutionException;
import java.io.File;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.gorpipe.exceptions.GorException;
import org.gorpipe.exceptions.GorSystemException;
import org.gorpipe.gor.auth.utils.OAuthHandler;
import org.gorpipe.security.cred.CsaApiService;
import org.gorpipe.security.cred.CsaSecurityModule;
import org.gorpipe.util.db.Db;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gorpipe/gor/auth/GorAuthFactory.class */
public class GorAuthFactory {
    private static final Logger log = LoggerFactory.getLogger(GorAuthFactory.class);
    private Cache<String, GorAuth> authCache;
    private AuthConfig config;
    private List<String> policesCache;
    private CsaApiService csaApiService;
    private OAuthHandler oAuthHandler;

    public GorAuthFactory(AuthConfig authConfig) {
        this(authConfig, null);
    }

    public GorAuthFactory(AuthConfig authConfig, CsaApiService csaApiService) {
        this.config = authConfig;
        this.authCache = CacheBuilder.newBuilder().concurrencyLevel(4).expireAfterWrite(2L, TimeUnit.HOURS).build();
        this.csaApiService = csaApiService;
        if (Strings.isNullOrEmpty(authConfig.publicAuthorizationKey())) {
            return;
        }
        this.oAuthHandler = new OAuthHandler(authConfig.publicAuthorizationKey());
    }

    public synchronized List<String> getAndValidatePolices() {
        if (this.policesCache == null) {
            String[] securityPolicies = this.config.securityPolicies();
            if (securityPolicies == null) {
                throw new GorSystemException("Error: Security policy config must be set.", null);
            }
            this.policesCache = (List) Arrays.stream(securityPolicies.length == 1 ? securityPolicies[0].split(";") : securityPolicies).map((v0) -> {
                return v0.trim();
            }).map(str -> {
                return str.replaceAll("^[\"']|[\"']$", "");
            }).filter(str2 -> {
                return !str2.isEmpty();
            }).collect(Collectors.toList());
            if (this.policesCache.size() == 0) {
                throw new GorSystemException("Error: Security policy must not be empty.", null);
            }
            log.info("Valid security policies: {} (from {})", this.policesCache, securityPolicies);
        }
        return this.policesCache;
    }

    public String getUpdateAuthInfoPolicy() {
        return this.config.updateAuthInfoPolicy();
    }

    public boolean getUserRolesFromToken() {
        return this.config.userRolesFromToken();
    }

    public boolean isNoneSecurityPolicy() {
        List<String> andValidatePolices = getAndValidatePolices();
        return andValidatePolices.size() == 1 && andValidatePolices.get(0).equals("NONE");
    }

    public GorAuth getGorAuth(String str) {
        try {
            String str2 = Strings.isNullOrEmpty(str) ? "NO_SESSION" : str;
            return (GorAuth) this.authCache.get(str2, () -> {
                return getGorAuthFromPolicy(getPolicyFromSessionKey(str2));
            });
        } catch (UncheckedExecutionException | ExecutionException e) {
            throw new GorSystemException("Error getting gorauth from sessionKey!", e.getCause());
        } catch (GorException e2) {
            throw e2;
        }
    }

    public GorAuthInfo getGorAuthInfo(String str) {
        return getGorAuth(str).getGorAuthInfo(str);
    }

    public GorAuthInfo getGorAuthInfo(String str, JsonWebToken jsonWebToken) {
        return getGorAuth(jsonWebToken.getRawToken()).getGorAuthInfo(str, jsonWebToken);
    }

    public void closeAll() {
        this.authCache.asMap().values().stream().distinct().forEach(gorAuth -> {
            gorAuth.close();
        });
        this.authCache.invalidateAll();
    }

    private String getPolicyFromSessionKey(String str) {
        List<String> andValidatePolices = getAndValidatePolices();
        String inferPolicyFromSessionKey = andValidatePolices.size() == 1 ? andValidatePolices.get(0) : inferPolicyFromSessionKey(str);
        if (Strings.isNullOrEmpty(inferPolicyFromSessionKey) || !andValidatePolices.contains(inferPolicyFromSessionKey)) {
            throw new GorSystemException("Error:  Session key (" + str + ") contains invalid security policy (" + inferPolicyFromSessionKey + ").", null);
        }
        return inferPolicyFromSessionKey;
    }

    private GorAuth getGorAuthFromPolicy(String str) {
        if (SecurityPolicy.NONE.toString().equalsIgnoreCase(str)) {
            return getNoAuth();
        }
        if (SecurityPolicy.CSA.toString().equalsIgnoreCase(str)) {
            if (this.csaApiService == null) {
                this.csaApiService = CsaSecurityModule.get().apiService();
            }
            return new CsaAuth(this.config, this.csaApiService);
        }
        if (SecurityPolicy.PLATFORM.toString().equalsIgnoreCase(str)) {
            if (this.oAuthHandler == null) {
                throw new GorSystemException("Error: OAuthHandler not initialized for setting up PlatformAuth", null);
            }
            return new PlatformAuth(this.config, this.csaApiService, this.oAuthHandler);
        }
        if (SecurityPolicy.JWT.toString().equalsIgnoreCase(str)) {
            return new PlatformJWTAuth(this.config, this.csaApiService);
        }
        if (SecurityPolicy.PLAIN.toString().equalsIgnoreCase(str)) {
            return new PlainAuth(this.config, this.csaApiService);
        }
        throw new GorSystemException("Error: Unknown security policy " + str, null);
    }

    private String inferPolicyFromSessionKey(String str) {
        String securityPolicy;
        if (str == null || str.length() == 0 || "NO_SESSION".equals(str)) {
            securityPolicy = SecurityPolicy.PLAIN.toString();
        } else {
            try {
                Map map = (Map) new ObjectMapper().readValue(str.getBytes(), HashMap.class);
                securityPolicy = map.containsKey("security-policy") ? (String) map.get("security-policy") : SecurityPolicy.PLAIN.toString();
            } catch (IOException e) {
                securityPolicy = str.split("\\.").length == 3 ? SecurityPolicy.JWT.toString() : SecurityPolicy.CSA.toString();
            }
        }
        return securityPolicy;
    }

    private GorAuth getNoAuth() {
        return new NoAuth(this.config, this.config.sessioncheckerUsername(), "", 0, "", Arrays.asList(Strings.nullToEmpty(this.config.sessioncheckerUserrole())), 0);
    }

    public String getSystemAppSession(String str) {
        try {
            Connection connection = Db.getPool(this.config.sessioncheckerDbUrl(), this.config.sessioncheckerUsername(), this.config.sessioncheckerPassword()).getConnection();
            try {
                if (connection == null) {
                    throw new SQLException("Unable to get a proper connection to database at " + this.config.sessioncheckerDbUrl() + " with user " + this.config.sessioncheckerUsername());
                }
                String systemAppSession = getSystemAppSession(connection, str);
                if (connection != null) {
                    connection.close();
                }
                return systemAppSession;
            } finally {
            }
        } catch (SQLException e) {
            throw new GorSystemException("Error reading project id from the db!", e);
        }
    }

    public static String getSystemAppSession(Connection connection, String str) throws SQLException {
        String str2;
        str2 = "select session_key from rda.app_sessions where session_key like 'SYS%' and user_id in (select user_id from rda.user_roles where role = 'system_admin') ";
        PreparedStatement prepareStatement = connection.prepareStatement(str != null ? str2 + " and project_id in (select id from rda.projects where internal_project_name = ?)" : "select session_key from rda.app_sessions where session_key like 'SYS%' and user_id in (select user_id from rda.user_roles where role = 'system_admin') ");
        if (str != null) {
            try {
                prepareStatement.setString(1, str);
            } catch (Throwable th) {
                if (prepareStatement != null) {
                    try {
                        prepareStatement.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        ResultSet executeQuery = prepareStatement.executeQuery();
        try {
            if (executeQuery.next()) {
                String string = executeQuery.getString(1);
                if (executeQuery != null) {
                    executeQuery.close();
                }
                if (prepareStatement != null) {
                    prepareStatement.close();
                }
                return string;
            }
            if (executeQuery != null) {
                executeQuery.close();
            }
            if (prepareStatement != null) {
                prepareStatement.close();
            }
            log.warn("No valid session key found in database with system_admin role");
            return null;
        } finally {
        }
    }

    public String getProjectRoot(String str) {
        return new File(getProjectRoot(), str).getAbsolutePath();
    }

    public String getProjectRoot() {
        return this.config.projectRoot();
    }

    public boolean hasBasicAccess(String str, String str2, String str3) {
        GorAuth gorAuth = getGorAuth(str);
        return gorAuth.hasBasicAccess(gorAuth.getGorAuthInfo(str), str2, str3);
    }

    public boolean hasReadAccess(JsonWebToken jsonWebToken, String str) {
        GorAuth gorAuth = getGorAuth(jsonWebToken.getRawToken());
        return gorAuth.hasReadAccess(gorAuth.getGorAuthInfo(str, jsonWebToken), str);
    }

    public boolean hasQueryAccess(JsonWebToken jsonWebToken, String str) {
        GorAuth gorAuth = getGorAuth(jsonWebToken.getRawToken());
        return gorAuth.hasQueryAccess(gorAuth.getGorAuthInfo(str, jsonWebToken), str);
    }

    public boolean hasQueryAccess(String str, String str2, String str3) {
        GorAuth gorAuth = getGorAuth(str);
        return gorAuth.hasQueryAccess(gorAuth.getGorAuthInfo(str), str2, str3);
    }

    public boolean hasWriteAccess(String str, JsonWebToken jsonWebToken, String str2) {
        GorAuth gorAuth = getGorAuth(jsonWebToken.getRawToken());
        return gorAuth.hasWriteAccess(str, gorAuth.getGorAuthInfo(str2, jsonWebToken), str2);
    }

    public boolean hasWriteAccess(String str, String str2, String str3, String str4) {
        GorAuth gorAuth = getGorAuth(str2);
        return gorAuth.hasWriteAccess(str, gorAuth.getGorAuthInfo(str2), str3, str4);
    }

    public boolean hasLordSubmitAccess(String str, String str2, String str3) {
        GorAuth gorAuth = getGorAuth(str);
        return gorAuth.hasLordSubmitAccess(gorAuth.getGorAuthInfo(str), str2, str3);
    }
}
