package org.yamcs.security;

import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.http.HttpRequest;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.concurrent.CompletableFuture;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.yamcs.ConfigurationException;
import org.yamcs.YConfiguration;
import org.yamcs.utils.YObjectLoader;
import org.yamcs.xtce.MdbMappings;
import org.yamcs.xtce.SequenceContainer;
import org.yamcs.xtce.XtceDb;
import org.yamcs.xtceproc.XtceDbFactory;

/* loaded from: input_file:org/yamcs/security/Privilege.class */
public class Privilege {
    private static String authModuleName;
    public static boolean usePrivileges;
    private static String defaultUser;
    private static AuthModule authModule;
    public static int maxNoSessions;
    public static Privilege instance;
    static final Hashtable<String, String> contextEnv = new Hashtable<>();
    static Logger log = LoggerFactory.getLogger(Privilege.class);

    /* loaded from: input_file:org/yamcs/security/Privilege$SystemPrivilege.class */
    public enum SystemPrivilege {
        MayControlProcessor,
        MayModifyCommandHistory,
        MayControlCommandQueue,
        MayCommand,
        MayGetMissionDatabase,
        MayControlArchiving,
        MayControlServices,
        MayReadTables,
        MayWriteTables
    }

    /* loaded from: input_file:org/yamcs/security/Privilege$Type.class */
    public enum Type {
        SYSTEM,
        TC,
        TM_PACKET,
        TM_PARAMETER,
        TM_PARAMETER_SET
    }

    public String[] getRoles(AuthenticationToken authenticationToken) throws InvalidAuthenticationToken {
        if (usePrivileges) {
            return authModule.getRoles(authenticationToken);
        }
        return null;
    }

    protected Privilege() throws ConfigurationException {
    }

    public static synchronized Privilege getInstance() {
        if (instance == null) {
            instance = new Privilege() { // from class: org.yamcs.security.Privilege.1
            };
        }
        return instance;
    }

    public boolean isEnabled() {
        return usePrivileges;
    }

    public boolean hasRole(AuthenticationToken authenticationToken, String str) throws InvalidAuthenticationToken {
        if (!usePrivileges || authenticationToken == null || authenticationToken.getPrincipal() == null) {
            return false;
        }
        if (isSystemToken(authenticationToken)) {
            return true;
        }
        return authModule.hasRole(authenticationToken, str);
    }

    private boolean isSystemToken(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof SystemToken;
    }

    public boolean hasPrivilege(AuthenticationToken authenticationToken, Type type, String str) throws InvalidAuthenticationToken {
        if (!usePrivileges) {
            return true;
        }
        if (authenticationToken == null || authenticationToken.getPrincipal() == null) {
            return false;
        }
        if (isSystemToken(authenticationToken)) {
            return true;
        }
        return authModule.hasPrivilege(authenticationToken, type, str);
    }

    public boolean hasPrivilege1(AuthenticationToken authenticationToken, Type type, String str) {
        try {
            return hasPrivilege(authenticationToken, type, str);
        } catch (InvalidAuthenticationToken e) {
            return false;
        }
    }

    public boolean hasPrivilege(AuthenticationToken authenticationToken, SystemPrivilege systemPrivilege) throws InvalidAuthenticationToken {
        if (!usePrivileges) {
            return true;
        }
        if (authenticationToken == null || authenticationToken.getPrincipal() == null) {
            return false;
        }
        if (isSystemToken(authenticationToken)) {
            return true;
        }
        return hasPrivilege(authenticationToken, Type.SYSTEM, systemPrivilege.name());
    }

    public boolean hasPrivilege1(AuthenticationToken authenticationToken, SystemPrivilege systemPrivilege) {
        try {
            return hasPrivilege(authenticationToken, systemPrivilege);
        } catch (InvalidAuthenticationToken e) {
            return false;
        }
    }

    public static String getAuthModuleName() {
        return authModuleName;
    }

    public static String getDefaultUser() {
        return defaultUser;
    }

    public Collection<String> getTmPacketNames(String str, AuthenticationToken authenticationToken, String str2) throws ConfigurationException, InvalidAuthenticationToken {
        if (str2 == null) {
            str2 = MdbMappings.MDB_OPSNAME;
        }
        Collection<String> tmPacketNames = getTmPacketNames(XtceDbFactory.getInstance(str), str2);
        ArrayList arrayList = new ArrayList();
        for (String str3 : tmPacketNames) {
            if (hasPrivilege(authenticationToken, Type.TM_PACKET, str3)) {
                arrayList.add(str3);
            }
        }
        return arrayList;
    }

    private Collection<String> getTmPacketNames(XtceDb xtceDb, String str) {
        ArrayList arrayList = new ArrayList();
        Iterator it = xtceDb.getSequenceContainers().iterator();
        while (it.hasNext()) {
            String alias = ((SequenceContainer) it.next()).getAlias(str);
            if (alias != null) {
                arrayList.add(alias);
            }
        }
        return arrayList;
    }

    public Collection<String> getTmParameterNames(String str, AuthenticationToken authenticationToken, String str2) throws ConfigurationException, InvalidAuthenticationToken {
        if (str2 == null) {
            str2 = MdbMappings.MDB_OPSNAME;
        }
        XtceDb xtceDbFactory = XtceDbFactory.getInstance(str);
        ArrayList arrayList = new ArrayList();
        for (String str3 : xtceDbFactory.getParameterNames()) {
            if (hasPrivilege(authenticationToken, Type.TM_PARAMETER, str3)) {
                arrayList.add(xtceDbFactory.getParameter(str3).getAlias(str2));
            } else {
                log.trace("User '{}' does not have privilege '{}' for parameter '{}'", new Object[]{authenticationToken, Type.TM_PARAMETER, str3});
            }
        }
        return arrayList;
    }

    public int getMaxNoSessions() {
        return maxNoSessions;
    }

    public static String getUsername(AuthenticationToken authenticationToken) {
        if (!usePrivileges) {
            return defaultUser;
        }
        User user = authModule.getUser(authenticationToken);
        if (user == null) {
            return null;
        }
        return user.getPrincipalName();
    }

    public User getUser(AuthenticationToken authenticationToken) {
        if (usePrivileges) {
            return authModule.getUser(authenticationToken);
        }
        return null;
    }

    public AuthModule getAuthModule() {
        return authModule;
    }

    public CompletableFuture<AuthenticationToken> authenticateHttp(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) {
        return authModule.authenticateHttp(channelHandlerContext, httpRequest);
    }

    static {
        usePrivileges = true;
        defaultUser = "admin";
        maxNoSessions = 10;
        usePrivileges = false;
        if (YConfiguration.isDefined("privileges")) {
            try {
                YConfiguration configuration = YConfiguration.getConfiguration("privileges");
                if (configuration.containsKey("maxNoSessions")) {
                    maxNoSessions = configuration.getInt("maxNoSessions");
                }
                usePrivileges = configuration.getBoolean("enabled");
                if (usePrivileges) {
                    authModule = (AuthModule) YObjectLoader.loadObject(configuration.getMap("authModule"));
                    authModuleName = authModule.getClass().getName();
                } else if (configuration.containsKey("defaultUser")) {
                    String string = configuration.getString("defaultUser");
                    if (string.isEmpty() || string.contains(":")) {
                        throw new ConfigurationException("Invalid name '" + string + "' for default user");
                    }
                    defaultUser = string;
                }
            } catch (IOException | ConfigurationException e) {
                throw new ConfigurationException("Failed to load 'privileges' configuration", e);
            }
        }
        if (usePrivileges) {
            log.info("Privileges enabled, authenticating and authorising by module {}", authModule);
        } else {
            log.warn("Privileges disabled, all connections are allowed and have full permissions");
        }
    }
}
