package org.uberfire.backend.server.authz;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Iterator;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.event.Event;
import javax.inject.Inject;
import org.jboss.errai.security.shared.api.Role;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.uberfire.backend.authz.AuthorizationPolicyStorage;
import org.uberfire.backend.events.AuthorizationPolicyDeployedEvent;
import org.uberfire.backend.server.WebAppListener;
import org.uberfire.backend.server.WebAppSettings;
import org.uberfire.backend.server.security.RoleRegistry;
import org.uberfire.commons.services.cdi.Startup;
import org.uberfire.security.authz.AuthorizationPolicy;
import org.uberfire.security.authz.PermissionManager;
import org.uberfire.security.impl.authz.AuthorizationPolicyBuilder;

@Startup
@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/uberfire-backend-server-2.22.0.Final.jar:org/uberfire/backend/server/authz/AuthorizationPolicyDeployer.class */
public class AuthorizationPolicyDeployer {
    private Logger logger = LoggerFactory.getLogger(AuthorizationPolicyDeployer.class);
    private AuthorizationPolicyStorage authzPolicyStorage;
    private PermissionManager permissionManager;
    private Event<AuthorizationPolicyDeployedEvent> deployedEvent;

    public AuthorizationPolicyDeployer() {
    }

    @Inject
    public AuthorizationPolicyDeployer(AuthorizationPolicyStorage authorizationPolicyStorage, PermissionManager permissionManager, Event<AuthorizationPolicyDeployedEvent> event) {
        this.authzPolicyStorage = authorizationPolicyStorage;
        this.permissionManager = permissionManager;
        this.deployedEvent = event;
    }

    @PostConstruct
    public void init() {
        WebAppListener.registerOnStartupCommand(this::deployPolicy);
    }

    public void deployPolicy() {
        deployPolicy(getPolicyDir());
    }

    public Path getPolicyDir() {
        return Paths.get(WebAppSettings.get().getRootDir(), "WEB-INF", "classes");
    }

    public void deployPolicy(Path path) {
        if (path == null) {
            this.logger.info("Security policy not defined");
            return;
        }
        AuthorizationPolicy loadPolicy = this.authzPolicyStorage.loadPolicy();
        if (loadPolicy == null) {
            loadPolicy = loadPolicy(path);
            this.authzPolicyStorage.savePolicy(loadPolicy);
            this.logger.info("Security policy deployed");
            Iterator<Role> it = loadPolicy.getRoles().iterator();
            while (it.hasNext()) {
                RoleRegistry.get().registerRole(it.next().getName());
            }
            this.deployedEvent.fire(new AuthorizationPolicyDeployedEvent(loadPolicy));
        } else {
            this.logger.info("Security policy active");
        }
        this.permissionManager.setAuthorizationPolicy(loadPolicy);
    }

    public AuthorizationPolicy loadPolicy(Path path) {
        AuthorizationPolicyBuilder newAuthorizationPolicy = this.permissionManager.newAuthorizationPolicy();
        AuthorizationPolicyMarshaller authorizationPolicyMarshaller = new AuthorizationPolicyMarshaller();
        if (path != null) {
            try {
                authorizationPolicyMarshaller.read(newAuthorizationPolicy, readPolicyProperties(path));
            } catch (IOException e) {
                this.logger.warn("Error loading security policy files", e);
            }
        }
        return newAuthorizationPolicy.build();
    }

    public NonEscapedProperties readPolicyProperties(Path path) throws IOException {
        NonEscapedProperties nonEscapedProperties = new NonEscapedProperties();
        Files.list(path).filter(this::isPolicyFile).forEach(path2 -> {
            loadPolicyFile(nonEscapedProperties, path2);
        });
        return nonEscapedProperties;
    }

    public boolean isPolicyFile(Path path) {
        String path2 = path.getName(path.getNameCount() - 1).toString();
        return path2.equals("security-policy.properties") || path2.startsWith("security-module-");
    }

    public void loadPolicyFile(NonEscapedProperties nonEscapedProperties, Path path) {
        try {
            nonEscapedProperties.load(path);
        } catch (IOException e) {
            this.logger.error("Security policy file load error: " + path, e);
        }
    }
}
