package org.eclipse.dirigible.core.security.synchronizer;

import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.sql.Connection;
import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.sql.DataSource;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.io.IOUtils;
import org.eclipse.dirigible.commons.api.module.StaticInjector;
import org.eclipse.dirigible.core.scheduler.api.AbstractSynchronizer;
import org.eclipse.dirigible.core.scheduler.api.SynchronizationException;
import org.eclipse.dirigible.core.security.api.AccessException;
import org.eclipse.dirigible.core.security.api.ISecurityCoreService;
import org.eclipse.dirigible.core.security.definition.AccessDefinition;
import org.eclipse.dirigible.core.security.definition.RoleDefinition;
import org.eclipse.dirigible.core.security.service.SecurityCoreService;
import org.eclipse.dirigible.database.persistence.PersistenceManager;
import org.eclipse.dirigible.repository.api.IResource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:WEB-INF/lib/dirigible-core-security-3.5.2.jar:org/eclipse/dirigible/core/security/synchronizer/SecuritySynchronizer.class */
public class SecuritySynchronizer extends AbstractSynchronizer {
    private static final Logger logger = LoggerFactory.getLogger(SecuritySynchronizer.class);
    private static final Map<String, RoleDefinition[]> ROLES_PREDELIVERED = Collections.synchronizedMap(new HashMap());
    private static final Map<String, List<AccessDefinition>> ACCESS_PREDELIVERED = Collections.synchronizedMap(new HashMap());
    private static final Set<String> ROLES_SYNCHRONIZED = Collections.synchronizedSet(new HashSet());
    private static final Set<String> ACCESS_SYNCHRONIZED = Collections.synchronizedSet(new HashSet());

    @Inject
    private SecurityCoreService securityCoreService;

    @Inject
    private DataSource dataSource;

    @Inject
    private PersistenceManager<AccessDefinition> accessPersistenceManager;
    private volatile boolean upgradePassed;

    public static final void forceSynchronization() {
        ((SecuritySynchronizer) StaticInjector.getInjector().getInstance(SecuritySynchronizer.class)).synchronize();
    }

    public void registerPredeliveredRoles(String str) throws IOException {
        InputStream resourceAsStream = SecuritySynchronizer.class.getResourceAsStream(str);
        try {
            RoleDefinition[] parseRoles = this.securityCoreService.parseRoles(IOUtils.toString(resourceAsStream, StandardCharsets.UTF_8));
            for (RoleDefinition roleDefinition : parseRoles) {
                roleDefinition.setLocation(str);
            }
            ROLES_PREDELIVERED.put(str, parseRoles);
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
            throw th;
        }
    }

    public void registerPredeliveredAccess(String str) throws IOException {
        InputStream resourceAsStream = SecuritySynchronizer.class.getResourceAsStream(str);
        try {
            List<AccessDefinition> parseAccessDefinitions = this.securityCoreService.parseAccessDefinitions(IOUtils.toString(resourceAsStream, StandardCharsets.UTF_8));
            Iterator<AccessDefinition> it = parseAccessDefinitions.iterator();
            while (it.hasNext()) {
                it.next().setLocation(str);
            }
            ACCESS_PREDELIVERED.put(str, parseAccessDefinitions);
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
            throw th;
        }
    }

    @Override // org.eclipse.dirigible.core.scheduler.api.ISynchronizer
    public void synchronize() {
        synchronized (SecuritySynchronizer.class) {
            logger.trace("Synchronizing Roles and Access artifacts...");
            try {
                if (!this.upgradePassed) {
                    this.upgradePassed = checkUpgrade();
                }
                clearCache();
                synchronizePredelivered();
                synchronizeRegistry();
                cleanup();
                clearCache();
            } catch (Exception e) {
                logger.error("Synchronizing process for Roles and Access artifacts failed.", (Throwable) e);
            }
            logger.trace("Done synchronizing Roles and Access artifacts.");
        }
    }

    private boolean checkUpgrade() throws SQLException {
        Connection connection = this.dataSource.getConnection();
        Throwable th = null;
        try {
            try {
                ResultSetMetaData metaData = connection.createStatement().executeQuery("SELECT * FROM DIRIGIBLE_SECURITY_ACCESS").getMetaData();
                int columnCount = metaData.getColumnCount();
                ArrayList arrayList = new ArrayList();
                for (int i = 1; i <= columnCount; i++) {
                    String columnName = metaData.getColumnName(i);
                    arrayList.add(columnName);
                    if ("ACCESS_URI".equals(columnName)) {
                        logger.warn("Upgrading Security Access Synchronizer from 3.1.x version to 3.2.x ...");
                        this.accessPersistenceManager.tableDrop(connection, AccessDefinition.class);
                        logger.warn("Upgrade of Security Access Synchronizer from 3.1.x version to 3.2.x passed successfully.");
                    }
                }
                if (!arrayList.contains("ACCESS_HASH")) {
                    logger.warn("Upgrading Security Access Synchronizer from 3.2.1 version to 3.2.2 ...");
                    this.accessPersistenceManager.tableDrop(connection, AccessDefinition.class);
                    logger.warn("Upgrade of Security Access Synchronizer from 3.2.1 version to 3.2.2 passed successfully.");
                }
                if (connection == null) {
                    return true;
                }
                if (0 == 0) {
                    connection.close();
                    return true;
                }
                try {
                    connection.close();
                    return true;
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                    return true;
                }
            } catch (Exception e) {
                logger.warn(e.getMessage());
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        connection.close();
                    }
                }
                return false;
            }
        } catch (Throwable th4) {
            if (connection != null) {
                if (0 != 0) {
                    try {
                        connection.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    connection.close();
                }
            }
            throw th4;
        }
    }

    private void clearCache() {
        ROLES_SYNCHRONIZED.clear();
        ACCESS_SYNCHRONIZED.clear();
        this.securityCoreService.clearCache();
    }

    private void synchronizePredelivered() throws SynchronizationException {
        logger.trace("Synchronizing predelivered Roles and Access artifacts...");
        for (RoleDefinition[] roleDefinitionArr : ROLES_PREDELIVERED.values()) {
            for (RoleDefinition roleDefinition : roleDefinitionArr) {
                synchronizeRole(roleDefinition);
            }
        }
        Iterator<List<AccessDefinition>> it = ACCESS_PREDELIVERED.values().iterator();
        while (it.hasNext()) {
            for (AccessDefinition accessDefinition : it.next()) {
                accessDefinition.setHash("" + accessDefinition.hashCode());
                synchronizeAccess(accessDefinition);
            }
        }
        logger.trace("Done synchronizing predelivered Roles and Access artifacts.");
    }

    private void synchronizeRole(RoleDefinition roleDefinition) throws SynchronizationException {
        try {
            if (this.securityCoreService.existsRole(roleDefinition.getName())) {
                RoleDefinition role = this.securityCoreService.getRole(roleDefinition.getName());
                if (!roleDefinition.equals(role)) {
                    if (!roleDefinition.getLocation().equals(role.getLocation())) {
                        throw new SynchronizationException(MessageFormat.format("Trying to update the Role [{0}] already set from location [{1}] with a location [{2}]", roleDefinition.getName(), role.getLocation(), roleDefinition.getLocation()));
                    }
                    this.securityCoreService.updateRole(roleDefinition.getName(), roleDefinition.getLocation(), roleDefinition.getDescription());
                    logger.info("Synchronized a modified Role [{}] from location: {}", roleDefinition.getName(), roleDefinition.getLocation());
                }
            } else {
                this.securityCoreService.createRole(roleDefinition.getName(), roleDefinition.getLocation(), roleDefinition.getDescription());
                logger.info("Synchronized a new Role [{}] from location: {}", roleDefinition.getName(), roleDefinition.getLocation());
            }
            ACCESS_SYNCHRONIZED.add(roleDefinition.getLocation());
        } catch (AccessException e) {
            throw new SynchronizationException(e);
        }
    }

    private void synchronizeAccess(AccessDefinition accessDefinition) throws SynchronizationException {
        try {
            if (this.securityCoreService.existsAccessDefinition(accessDefinition.getScope(), accessDefinition.getPath(), accessDefinition.getMethod(), accessDefinition.getRole())) {
                AccessDefinition accessDefinition2 = this.securityCoreService.getAccessDefinition(accessDefinition.getScope(), accessDefinition.getPath(), accessDefinition.getMethod(), accessDefinition.getRole());
                if (!accessDefinition.equals(accessDefinition2)) {
                    if (!accessDefinition.getLocation().equals(accessDefinition2.getLocation())) {
                        throw new SynchronizationException(MessageFormat.format("Trying to update the Access definition for [{0}-{1}-{2}] already set from location [{3}] with a location [{4}]", accessDefinition.getPath(), accessDefinition.getMethod(), accessDefinition.getRole(), accessDefinition2.getLocation(), accessDefinition.getLocation()));
                    }
                    this.securityCoreService.updateAccessDefinition(accessDefinition2.getId(), accessDefinition.getLocation(), accessDefinition.getScope(), accessDefinition.getPath(), accessDefinition.getMethod(), accessDefinition.getRole(), accessDefinition.getDescription(), accessDefinition.getHash());
                    logger.info("Synchronized a modified Access definition [[{}]-[{}]-[{}]] from location: {}", accessDefinition.getPath(), accessDefinition.getMethod(), accessDefinition.getRole(), accessDefinition.getLocation());
                }
            } else {
                this.securityCoreService.createAccessDefinition(accessDefinition.getLocation(), accessDefinition.getScope(), accessDefinition.getPath(), accessDefinition.getMethod(), accessDefinition.getRole(), accessDefinition.getDescription(), accessDefinition.getHash());
                logger.info("Synchronized a new Access definition [[{}]-[{}]-[{}]] from location: {}", accessDefinition.getPath(), accessDefinition.getMethod(), accessDefinition.getRole(), accessDefinition.getLocation());
            }
            ACCESS_SYNCHRONIZED.add(accessDefinition.getLocation());
        } catch (AccessException e) {
            throw new SynchronizationException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.dirigible.core.scheduler.api.AbstractSynchronizer
    public void synchronizeRegistry() throws SynchronizationException {
        logger.trace("Synchronizing Extension Points and Extensions from Registry...");
        super.synchronizeRegistry();
        logger.trace("Done synchronizing Extension Points and Extensions from Registry.");
    }

    @Override // org.eclipse.dirigible.core.scheduler.api.AbstractSynchronizer
    protected void synchronizeResource(IResource iResource) throws SynchronizationException {
        String name = iResource.getName();
        if (name.endsWith(ISecurityCoreService.FILE_EXTENSION_ROLES)) {
            for (RoleDefinition roleDefinition : this.securityCoreService.parseRoles(iResource.getContent())) {
                roleDefinition.setLocation(getRegistryPath(iResource));
                synchronizeRole(roleDefinition);
            }
        }
        if (name.endsWith(ISecurityCoreService.FILE_EXTENSION_ACCESS)) {
            List<AccessDefinition> parseAccessDefinitions = this.securityCoreService.parseAccessDefinitions(iResource.getContent());
            String md5Hex = DigestUtils.md5Hex(iResource.getContent());
            try {
                this.securityCoreService.dropModifiedAccessDefinitions(getRegistryPath(iResource), md5Hex);
            } catch (AccessException e) {
                logger.error("Error deleting the modified Access Definitions", (Throwable) e);
            }
            for (AccessDefinition accessDefinition : parseAccessDefinitions) {
                accessDefinition.setLocation(getRegistryPath(iResource));
                accessDefinition.setHash(md5Hex);
                synchronizeAccess(accessDefinition);
            }
        }
    }

    @Override // org.eclipse.dirigible.core.scheduler.api.AbstractSynchronizer
    protected void cleanup() throws SynchronizationException {
        logger.trace("Cleaning up Roles and Access artifacts...");
        try {
            for (RoleDefinition roleDefinition : this.securityCoreService.getRoles()) {
                if (!ACCESS_SYNCHRONIZED.contains(roleDefinition.getLocation())) {
                    this.securityCoreService.removeRole(roleDefinition.getName());
                    logger.warn("Cleaned up Role [{}] from location: {}", roleDefinition.getName(), roleDefinition.getLocation());
                }
            }
            for (AccessDefinition accessDefinition : this.securityCoreService.getAccessDefinitions()) {
                if (!ACCESS_SYNCHRONIZED.contains(accessDefinition.getLocation())) {
                    this.securityCoreService.removeAccessDefinition(accessDefinition.getId());
                    logger.warn("Cleaned up Access definition [[{}]-[{}]-[{}]] from location: {}", accessDefinition.getPath(), accessDefinition.getMethod(), accessDefinition.getRole(), accessDefinition.getLocation());
                }
            }
            logger.trace("Done cleaning up Roles and Access artifacts.");
        } catch (AccessException e) {
            throw new SynchronizationException(e);
        }
    }
}
