package org.yamcs.security;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import org.yamcs.InitException;
import org.yamcs.Spec;
import org.yamcs.ValidationException;
import org.yamcs.YConfiguration;
import org.yamcs.commanding.PreparedCommand;
import org.yamcs.logging.Log;
import org.yamcs.utils.YObjectLoader;

/* loaded from: input_file:org/yamcs/security/SecurityStore.class */
public class SecurityStore {
    private static final Log log = new Log(SecurityStore.class);
    private User systemUser;
    private User guestUser;
    private Directory directory;
    private boolean blockUnknownUsers;
    private List<AuthModule> authModules = new ArrayList();
    private Set<SystemPrivilege> systemPrivileges = new CopyOnWriteArraySet();
    private Set<ObjectPrivilegeType> objectPrivilegeTypes = new CopyOnWriteArraySet();

    public SecurityStore() throws InitException {
        try {
            YConfiguration readConfig = readConfig();
            generatePredefinedUsers(readConfig);
            generatePredefinedPrivileges();
            this.directory = new Directory();
            this.blockUnknownUsers = readConfig.getBoolean("blockUnknownUsers", false);
            if (this.directory.getUsers().isEmpty()) {
                try {
                    generateDefaultAdminUser();
                } catch (IOException e) {
                    throw new InitException("Could not create default admin user", e);
                }
            }
            if (readConfig.containsKey("authModules")) {
                Iterator it = readConfig.getConfigList("authModules").iterator();
                while (it.hasNext()) {
                    this.authModules.add(loadAuthModule((YConfiguration) it.next()));
                }
            }
            if (!readConfig.getBoolean("enabled", true) || this.authModules.isEmpty()) {
                log.info("Enabling guest access");
                this.guestUser.setActive(true);
            }
        } catch (ValidationException e2) {
            throw new InitException(e2);
        }
    }

    private void generatePredefinedUsers(YConfiguration yConfiguration) {
        this.systemUser = new User("System", null);
        this.systemUser.setId(1);
        this.systemUser.setDisplayName("System");
        this.systemUser.setSuperuser(true);
        YConfiguration config = yConfiguration.getConfig("guest");
        String string = config.getString(PreparedCommand.CNAME_USERNAME);
        this.guestUser = new User(string, this.systemUser);
        this.guestUser.setId(2);
        this.guestUser.setDisplayName(config.getString("displayName", string));
        this.guestUser.setSuperuser(config.getBoolean("superuser"));
        this.guestUser.setActive(false);
        if (config.containsKey("privileges")) {
            YConfiguration config2 = config.getConfig("privileges");
            for (String str : config2.getKeys()) {
                List list = config2.getList(str);
                if (str.equals("System")) {
                    Iterator it = list.iterator();
                    while (it.hasNext()) {
                        this.guestUser.addSystemPrivilege(new SystemPrivilege((String) it.next()), false);
                    }
                } else {
                    ObjectPrivilegeType objectPrivilegeType = new ObjectPrivilegeType(str);
                    Iterator it2 = list.iterator();
                    while (it2.hasNext()) {
                        this.guestUser.addObjectPrivilege(new ObjectPrivilege(objectPrivilegeType, (String) it2.next()), false);
                    }
                }
            }
        }
    }

    private void generateDefaultAdminUser() throws IOException {
        User user = new User("admin", this.systemUser);
        user.setDisplayName("Administrator");
        user.setSuperuser(true);
        user.setEmail("admin@example.com");
        user.setActive(true);
        user.confirm();
        this.directory.addUser(user);
        this.directory.changePassword(user, "admin".toCharArray());
    }

    private void generatePredefinedPrivileges() {
        this.systemPrivileges.add(SystemPrivilege.ChangeMissionDatabase);
        this.systemPrivileges.add(SystemPrivilege.Command);
        this.systemPrivileges.add(SystemPrivilege.ControlAlarms);
        this.systemPrivileges.add(SystemPrivilege.ControlArchiving);
        this.systemPrivileges.add(SystemPrivilege.ControlCommandClearances);
        this.systemPrivileges.add(SystemPrivilege.ControlCommandQueue);
        this.systemPrivileges.add(SystemPrivilege.ControlLinks);
        this.systemPrivileges.add(SystemPrivilege.ControlProcessor);
        this.systemPrivileges.add(SystemPrivilege.ControlServices);
        this.systemPrivileges.add(SystemPrivilege.CreateInstances);
        this.systemPrivileges.add(SystemPrivilege.GetMissionDatabase);
        this.systemPrivileges.add(SystemPrivilege.ManageAnyBucket);
        this.systemPrivileges.add(SystemPrivilege.ReadCommandHistory);
        this.systemPrivileges.add(SystemPrivilege.ModifyCommandHistory);
        this.systemPrivileges.add(SystemPrivilege.ReadEvents);
        this.systemPrivileges.add(SystemPrivilege.ReadTables);
        this.systemPrivileges.add(SystemPrivilege.WriteEvents);
        this.systemPrivileges.add(SystemPrivilege.WriteTables);
        this.objectPrivilegeTypes.add(ObjectPrivilegeType.Command);
        this.objectPrivilegeTypes.add(ObjectPrivilegeType.CommandHistory);
        this.objectPrivilegeTypes.add(ObjectPrivilegeType.ManageBucket);
        this.objectPrivilegeTypes.add(ObjectPrivilegeType.ReadBucket);
        this.objectPrivilegeTypes.add(ObjectPrivilegeType.ReadPacket);
        this.objectPrivilegeTypes.add(ObjectPrivilegeType.ReadParameter);
        this.objectPrivilegeTypes.add(ObjectPrivilegeType.Stream);
        this.objectPrivilegeTypes.add(ObjectPrivilegeType.WriteParameter);
    }

    public void addSystemPrivilege(SystemPrivilege systemPrivilege) {
        this.systemPrivileges.add(systemPrivilege);
    }

    public void addObjectPrivilegeType(ObjectPrivilegeType objectPrivilegeType) {
        this.objectPrivilegeTypes.add(objectPrivilegeType);
    }

    private AuthModule loadAuthModule(YConfiguration yConfiguration) throws InitException {
        String string = yConfiguration.getString("class");
        YConfiguration emptyConfig = YConfiguration.emptyConfig();
        if (yConfiguration.containsKey("args")) {
            emptyConfig = yConfiguration.getConfig("args");
        }
        log.debug("Loading AuthModule " + string);
        try {
            AuthModule authModule = (AuthModule) YObjectLoader.loadObject(string, new Object[0]);
            Spec spec = authModule.getSpec();
            if (log.isDebugEnabled()) {
                log.debug("Raw args for {}: {}", string, spec.maskSecrets(emptyConfig.getRoot()));
            }
            YConfiguration validate = spec.validate(emptyConfig);
            if (log.isDebugEnabled()) {
                log.debug("Initializing {} with resolved args: {}", string, spec.maskSecrets(validate.getRoot()));
            }
            authModule.init(validate);
            return authModule;
        } catch (IOException e) {
            throw new InitException("Failed to load AuthModule", e);
        } catch (ValidationException e2) {
            throw new InitException(e2);
        }
    }

    private YConfiguration readConfig() throws ValidationException {
        Spec spec = new Spec();
        spec.addOption("class", Spec.OptionType.STRING).withRequired(true);
        spec.addOption("args", Spec.OptionType.ANY);
        Spec spec2 = new Spec();
        spec2.addOption(PreparedCommand.CNAME_USERNAME, Spec.OptionType.STRING).withDefault("guest");
        spec2.addOption("displayName", Spec.OptionType.STRING);
        spec2.addOption("superuser", Spec.OptionType.BOOLEAN).withDefault(true);
        spec2.addOption("privileges", Spec.OptionType.ANY);
        Spec spec3 = new Spec();
        spec3.addOption("enabled", Spec.OptionType.BOOLEAN).withDeprecationMessage("Remove this argument. If you want to allow guest access, remove security.yaml");
        spec3.addOption("blockUnknownUsers", Spec.OptionType.BOOLEAN).withDefault(false);
        spec3.addOption("authModules", Spec.OptionType.LIST).withElementType(Spec.OptionType.MAP).withSpec(spec);
        spec3.addOption("guest", Spec.OptionType.MAP).withSpec(spec2).withAliases("unauthenticatedUser").withApplySpecDefaults(true);
        YConfiguration emptyConfig = YConfiguration.emptyConfig();
        if (YConfiguration.isDefined("security")) {
            emptyConfig = YConfiguration.getConfiguration("security");
        }
        return spec3.validate(emptyConfig);
    }

    public Directory getDirectory() {
        return this.directory;
    }

    public List<AuthModule> getAuthModules() {
        return this.authModules;
    }

    public <T extends AuthModule> T getAuthModule(Class<T> cls) {
        Iterator<AuthModule> it = this.authModules.iterator();
        while (it.hasNext()) {
            T t = (T) it.next();
            if (t.getClass() == cls) {
                return t;
            }
        }
        return null;
    }

    public Set<SystemPrivilege> getSystemPrivileges() {
        return this.systemPrivileges;
    }

    public Set<ObjectPrivilegeType> getObjectPrivilegeTypes() {
        return this.objectPrivilegeTypes;
    }

    public User getSystemUser() {
        return this.systemUser;
    }

    public User getGuestUser() {
        return this.guestUser;
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x0038, code lost:
    
        org.yamcs.security.SecurityStore.log.debug("User successfully authenticated by {}", r0.getClass().getName());
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized java.util.concurrent.CompletableFuture<org.yamcs.security.AuthenticationInfo> login(org.yamcs.security.AuthenticationToken r8) {
        /*
            Method dump skipped, instructions count: 640
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.yamcs.security.SecurityStore.login(org.yamcs.security.AuthenticationToken):java.util.concurrent.CompletableFuture");
    }

    public boolean verifyValidity(AuthenticationInfo authenticationInfo) {
        for (AuthModule authModule : this.authModules) {
            if (authenticationInfo != null && authModule.equals(authenticationInfo.getAuthenticator())) {
                return authModule.verifyValidity(authenticationInfo);
            }
        }
        return true;
    }
}
