package org.uberfire.backend.server.security;

import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import org.guvnor.structure.repositories.Repository;
import org.guvnor.structure.repositories.RepositoryService;
import org.guvnor.structure.security.RepositoryAction;
import org.jboss.errai.security.shared.service.AuthenticationService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.uberfire.backend.server.security.elytron.ElytronIdentityHelper;
import org.uberfire.backend.server.util.Paths;
import org.uberfire.backend.vfs.Path;
import org.uberfire.commons.services.cdi.Startup;
import org.uberfire.java.nio.file.FileSystemMetadata;
import org.uberfire.java.nio.file.api.FileSystemProviders;
import org.uberfire.java.nio.file.spi.FileSystemProvider;
import org.uberfire.java.nio.security.SecuredFileSystemProvider;
import org.uberfire.security.WorkbenchUserManager;
import org.uberfire.security.authz.AuthorizationManager;
import org.uberfire.spaces.SpacesAPI;
import org.uberfire.ssh.service.backend.auth.SSHKeyAuthenticator;

@ApplicationScoped
@Startup
/* loaded from: input_file:WEB-INF/lib/uberfire-backend-server-7.72.0-SNAPSHOT.jar:org/uberfire/backend/server/security/IOServiceSecuritySetup.class */
public class IOServiceSecuritySetup {
    public static final String AUTH_DOMAIN_KEY = "org.uberfire.domain";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) IOServiceSecuritySetup.class);

    @Inject
    @IOSecurityAuth
    Instance<AuthenticationService> authenticationManagers;

    @Inject
    AuthenticationService httpAuthManager;

    @Inject
    AuthorizationManager authorizationManager;

    @Inject
    RepositoryService repositoryService;

    @Inject
    SpacesAPI spacesAPI;

    @Inject
    SSHKeyAuthenticator sshKeyAuthenticator;

    @Inject
    WorkbenchUserManager workbenchUserManager;

    @Inject
    ElytronIdentityHelper elytronIdentityHelper;

    @PostConstruct
    public void setup() {
        AuthenticationService authenticationService;
        if (this.authenticationManagers.isUnsatisfied()) {
            String property = System.getProperty("org.uberfire.io.auth", null);
            authenticationService = property == null ? new ElytronAuthenticationService(this.elytronIdentityHelper) : (property.toLowerCase().equals("jaas") || property.toLowerCase().equals("container")) ? new JAASAuthenticationService(System.getProperty(AUTH_DOMAIN_KEY, JAASAuthenticationService.DEFAULT_DOMAIN)) : (AuthenticationService) loadClazz(property, AuthenticationService.class);
        } else {
            authenticationService = this.authenticationManagers.get();
        }
        for (FileSystemProvider fileSystemProvider : FileSystemProviders.installedProviders()) {
            if (fileSystemProvider instanceof SecuredFileSystemProvider) {
                SecuredFileSystemProvider securedFileSystemProvider = (SecuredFileSystemProvider) fileSystemProvider;
                securedFileSystemProvider.setJAASAuthenticator(authenticationService);
                securedFileSystemProvider.setHTTPAuthenticator(this.httpAuthManager);
                securedFileSystemProvider.setAuthorizer((fileSystem, user) -> {
                    Path convert = Paths.convert(fileSystem.getPath(fileSystem.getName(), new String[0]));
                    Repository repositoryFromSpace = this.repositoryService.getRepositoryFromSpace(this.spacesAPI.resolveSpace(convert.toURI()).orElseThrow(() -> {
                        return new IllegalArgumentException("Cannot resolve space from given path: " + convert);
                    }), convert.getFileName());
                    return repositoryFromSpace == null ? this.authorizationManager.authorize(new FileSystemResourceAdaptor(new FileSystemMetadata(fileSystem)), user) : this.authorizationManager.authorize(repositoryFromSpace, repositoryFromSpace.getContributors(), RepositoryAction.READ, user);
                });
                securedFileSystemProvider.setSSHAuthenticator((str, publicKey) -> {
                    return this.sshKeyAuthenticator.authenticate(str, publicKey);
                });
            }
        }
    }

    private <T> T loadClazz(String str, Class<T> cls) {
        if (str == null || str.isEmpty()) {
            return null;
        }
        try {
            Class<?> cls2 = Class.forName(str);
            if (cls.isAssignableFrom(cls2)) {
                return cls.cast(cls2.newInstance());
            }
            LOG.error("Class '" + str + "' is not assignable to expected type " + cls + ". Continuing as if no class was specified.");
            return null;
        } catch (Exception e) {
            LOG.error("Failed to load class '" + str + "' as type " + cls + ". Continuing as if none was specified.", (Throwable) e);
            return null;
        }
    }
}
