package org.nakedobjects.nof.reflect.security;

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import net.sf.ehcache.distribution.PayloadUtil;
import org.apache.log4j.Logger;
import org.hibernate.hql.classic.ParserHelper;
import org.nakedobjects.noa.NakedObjectRuntimeException;
import org.nakedobjects.nof.core.context.NakedObjectsContext;
import org.nakedobjects.nof.core.util.Assert;
import org.nakedobjects.nof.reflect.peer.MemberIdentifier;
import org.nakedobjects.nof.reflect.peer.MemberIdentifierImpl;

/* loaded from: input_file:WEB-INF/lib/nof-reflector-core-3.0.2.jar:org/nakedobjects/nof/reflect/security/FileAuthorisor.class */
public class FileAuthorisor implements Authorisor {
    private static final Logger LOG = Logger.getLogger(FileAuthorisor.class);
    private File whiteListFile;
    private File blackListFile;
    private Map whiteListMap = new HashMap();
    private Map blackListMap = new HashMap();
    private final boolean learn = NakedObjectsContext.getConfiguration().getBoolean("nakedobjects.security.learn", false);
    private static final String AUTH_WHITE_FILE = "security.whitelist.file";
    private static final String AUTH_BLACK_FILE = "security.blacklist.file";
    private static final String AUTH_LEARN = "security.learn";
    private static final String NONE = "";
    private static final String RO = "-ro";
    private static final String RW = "-rw";

    public FileAuthorisor() {
        String string = NakedObjectsContext.getConfiguration().getString("nakedobjects.security.whitelist.file", "config/allow");
        Assert.assertTrue(string.length() > 0);
        this.whiteListFile = new File(string);
        if (!this.learn && !this.whiteListFile.canRead()) {
            throw new NakedObjectRuntimeException("Cannot read white list security file: " + string);
        }
        String string2 = NakedObjectsContext.getConfiguration().getString("nakedobjects.security.blacklist.file", "");
        if (string2.length() > 0) {
            this.blackListFile = new File(string2);
            if (!this.blackListFile.canRead()) {
                throw new NakedObjectRuntimeException("Cannot read black list security file: " + string2);
            }
        }
    }

    private void tokenizeLine(Map map, String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ParserHelper.HQL_VARIABLE_PREFIX, false);
        Assert.assertTrue(stringTokenizer.countTokens() == 2);
        String nextToken = stringTokenizer.nextToken();
        String nextToken2 = stringTokenizer.nextToken();
        map.put(memberFromString(nextToken.trim()).toIdentityString(2), tokenizeRoles(nextToken2));
    }

    public void buildMap(Map map, File file) {
        try {
            LOG.info("loading authorisation details from " + file.getAbsolutePath());
            FileReader fileReader = new FileReader(file);
            BufferedReader bufferedReader = new BufferedReader(fileReader);
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    fileReader.close();
                    bufferedReader.close();
                    return;
                }
                tokenizeLine(map, readLine);
            }
        } catch (Exception e) {
            throw new NakedObjectRuntimeException(e);
        }
    }

    @Override // org.nakedobjects.nof.reflect.security.Authorisor
    public void init() {
        if (this.learn) {
            return;
        }
        buildMap(this.whiteListMap, this.whiteListFile);
        if (this.blackListFile != null) {
            buildMap(this.blackListMap, this.blackListFile);
        }
    }

    private List tokenizeRoles(String str) {
        ArrayList arrayList = new ArrayList();
        StringTokenizer stringTokenizer = new StringTokenizer(str, PayloadUtil.URL_DELIMITER, false);
        while (stringTokenizer.hasMoreTokens()) {
            arrayList.add(stringTokenizer.nextToken().trim());
        }
        return arrayList;
    }

    private MemberIdentifier memberFromString(String str) {
        return MemberIdentifierImpl.fromIdentityString(str);
    }

    private boolean isQualifiedMatch(Map map, String str, String str2, String[] strArr) {
        if (!map.containsKey(str2)) {
            return false;
        }
        List list = (List) map.get(str2);
        for (String str3 : strArr) {
            if (list.contains(str + str3)) {
                return true;
            }
        }
        return false;
    }

    private boolean isListed(Map map, String str, MemberIdentifier memberIdentifier, String[] strArr) {
        if (map.isEmpty()) {
            return false;
        }
        for (int i = 0; i <= 2; i++) {
            if (isQualifiedMatch(map, str, memberIdentifier.toIdentityString(i), strArr)) {
                return true;
            }
        }
        return false;
    }

    private boolean isWhiteListed(String str, MemberIdentifier memberIdentifier, String[] strArr) {
        return isListed(this.whiteListMap, str, memberIdentifier, strArr);
    }

    private boolean isBlackListed(String str, MemberIdentifier memberIdentifier, String[] strArr) {
        return isListed(this.blackListMap, str, memberIdentifier, strArr);
    }

    private boolean isAuthorised(String str, MemberIdentifier memberIdentifier, String[] strArr) {
        return this.learn ? learn(str, memberIdentifier) : isWhiteListed(str, memberIdentifier, strArr) && !isBlackListed(str, memberIdentifier, strArr);
    }

    @Override // org.nakedobjects.nof.reflect.security.Authorisor
    public void shutdown() {
        if (this.learn) {
            writeMap();
        }
    }

    private void writeMap() {
        try {
            LOG.info("writing authorisation details to " + this.whiteListFile.getAbsolutePath());
            BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(this.whiteListFile));
            for (int i = 0; i < this.whiteListMap.entrySet().size(); i++) {
                Map.Entry entry = (Map.Entry) this.whiteListMap.entrySet().toArray()[i];
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append(entry.getKey()).append(ParserHelper.HQL_VARIABLE_PREFIX);
                List list = (List) entry.getValue();
                for (int i2 = 0; i2 < list.size(); i2++) {
                    stringBuffer.append(list.get(i2));
                    if (i2 < list.size() - 1) {
                        stringBuffer.append(PayloadUtil.URL_DELIMITER);
                    }
                }
                bufferedWriter.write(stringBuffer.toString());
                bufferedWriter.newLine();
            }
            bufferedWriter.flush();
            bufferedWriter.close();
        } catch (IOException e) {
            throw new NakedObjectRuntimeException(e);
        }
    }

    private boolean learn(String str, MemberIdentifier memberIdentifier) {
        if (!this.whiteListMap.containsKey(memberIdentifier.toIdentityString(2))) {
            this.whiteListMap.put(memberIdentifier.toIdentityString(2), Arrays.asList(str));
            return true;
        }
        List list = (List) this.whiteListMap.get(memberIdentifier.toIdentityString(2));
        if (list.contains(str)) {
            return true;
        }
        list.add(str);
        return true;
    }

    @Override // org.nakedobjects.nof.reflect.security.Authorisor
    public boolean isUsable(String str, MemberIdentifier memberIdentifier) {
        return isAuthorised(str, memberIdentifier, new String[]{"", RW});
    }

    @Override // org.nakedobjects.nof.reflect.security.Authorisor
    public boolean isVisible(String str, MemberIdentifier memberIdentifier) {
        return isAuthorised(str, memberIdentifier, new String[]{"", RO, RW});
    }
}
