package org.geoserver.security.impl;

import java.io.IOException;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.logging.Logger;
import org.apache.batik.util.XMLConstants;
import org.geoserver.catalog.Catalog;
import org.geoserver.config.GeoServerDataDirectory;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.platform.resource.Resource;
import org.geotools.util.logging.Logging;

/* loaded from: input_file:WEB-INF/lib/gs-main-2.15.1.jar:org/geoserver/security/impl/ServiceAccessRuleDAO.class */
public class ServiceAccessRuleDAO extends AbstractAccessRuleDAO<ServiceAccessRule> {
    private static final Logger LOGGER = Logging.getLogger((Class<?>) ServiceAccessRuleDAO.class);
    static final String SERVICES = "services.properties";
    Catalog rawCatalog;

    public static ServiceAccessRuleDAO get() {
        return (ServiceAccessRuleDAO) GeoServerExtensions.bean(ServiceAccessRuleDAO.class);
    }

    public ServiceAccessRuleDAO(GeoServerDataDirectory geoServerDataDirectory, Catalog catalog) throws IOException {
        super(geoServerDataDirectory, SERVICES);
        this.rawCatalog = catalog;
    }

    public ServiceAccessRuleDAO() throws IOException {
        super((GeoServerDataDirectory) GeoServerExtensions.bean(GeoServerDataDirectory.class), SERVICES);
    }

    ServiceAccessRuleDAO(Catalog catalog, Resource resource) {
        super(resource, SERVICES);
    }

    @Override // org.geoserver.security.impl.AbstractAccessRuleDAO
    protected void loadRules(Properties properties) {
        TreeSet treeSet = new TreeSet();
        for (Map.Entry entry : properties.entrySet()) {
            String str = (String) entry.getKey();
            String str2 = (String) entry.getValue();
            ServiceAccessRule parseServiceAccessRule = parseServiceAccessRule(str, str2);
            if (parseServiceAccessRule != null) {
                if (treeSet.contains(parseServiceAccessRule)) {
                    LOGGER.warning("Rule " + str + "." + str2 + " overwrites another rule on the same path");
                }
                treeSet.add(parseServiceAccessRule);
            }
        }
        if (treeSet.size() == 0) {
            treeSet.add(new ServiceAccessRule(new ServiceAccessRule()));
        }
        this.rules = treeSet;
    }

    ServiceAccessRule parseServiceAccessRule(String str, String str2) {
        String str3 = str + XMLConstants.XML_EQUAL_SIGN + str2;
        String[] parseElements = parseElements(str);
        if (parseElements.length != 2) {
            LOGGER.warning("Invalid rule " + str3 + ", the expected format is service.method=role1,role2,...");
            return null;
        }
        String str4 = parseElements[0];
        String str5 = parseElements[1];
        Set<String> parseRoles = parseRoles(str2);
        if (!"*".equals(str4) || "*".equals(str5)) {
            return new ServiceAccessRule(str4, str5, parseRoles);
        }
        LOGGER.warning("Invalid rule " + str3 + ", when namespace is * then also layer must be *. Skipping rule " + str3);
        return null;
    }

    @Override // org.geoserver.security.impl.AbstractAccessRuleDAO
    protected Properties toProperties() {
        Properties properties = new Properties();
        for (R r : this.rules) {
            properties.put(r.getKey(), r.getValue());
        }
        return properties;
    }

    private String[] parseElements(String str) {
        return str.split("\\s*\\.\\s*");
    }

    public SortedSet<ServiceAccessRule> getRulesAssociatedWithRole(String str) {
        TreeSet treeSet = new TreeSet();
        for (ServiceAccessRule serviceAccessRule : getRules()) {
            if (serviceAccessRule.getRoles().contains(str)) {
                treeSet.add(serviceAccessRule);
            }
        }
        return treeSet;
    }
}
