package org.uberfire.backend.server.authz;

import java.io.StringReader;
import java.io.StringWriter;
import java.util.Date;
import java.util.HashMap;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.inject.Named;
import org.jboss.errai.security.shared.api.Group;
import org.kie.soup.commons.validation.PortablePreconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.uberfire.backend.authz.AuthorizationPolicyStorage;
import org.uberfire.io.IOService;
import org.uberfire.java.nio.IOException;
import org.uberfire.java.nio.base.options.CommentedOption;
import org.uberfire.java.nio.file.FileSystem;
import org.uberfire.java.nio.file.FileSystemAlreadyExistsException;
import org.uberfire.java.nio.file.FileVisitResult;
import org.uberfire.java.nio.file.Files;
import org.uberfire.java.nio.file.OpenOption;
import org.uberfire.java.nio.file.Path;
import org.uberfire.java.nio.file.SimpleFileVisitor;
import org.uberfire.java.nio.file.attribute.BasicFileAttributes;
import org.uberfire.security.authz.AuthorizationPolicy;
import org.uberfire.security.authz.PermissionManager;
import org.uberfire.security.impl.authz.AuthorizationPolicyBuilder;
import org.uberfire.spaces.SpacesAPI;

@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/uberfire-backend-server-7.64.0-SNAPSHOT.jar:org/uberfire/backend/server/authz/AuthorizationPolicyVfsStorage.class */
public class AuthorizationPolicyVfsStorage implements AuthorizationPolicyStorage {
    private Logger logger = LoggerFactory.getLogger((Class<?>) AuthorizationPolicyVfsStorage.class);
    private PermissionManager permissionManager;
    private SpacesAPI spaces;
    private IOService ioService;
    private FileSystem fileSystem;
    private Path root;
    public static final String POLICY_FILE = "security-policy.properties";

    public AuthorizationPolicyVfsStorage() {
    }

    @Inject
    public AuthorizationPolicyVfsStorage(@Named("configIO") IOService iOService, PermissionManager permissionManager, SpacesAPI spacesAPI) {
        this.ioService = iOService;
        this.permissionManager = permissionManager;
        this.spaces = spacesAPI;
    }

    @PostConstruct
    private synchronized void init() {
        initFileSystem();
    }

    @Override // org.uberfire.backend.authz.AuthorizationPolicyStorage
    public synchronized AuthorizationPolicy loadPolicy() {
        return loadPolicyFromVfs();
    }

    @Override // org.uberfire.backend.authz.AuthorizationPolicyStorage
    public synchronized void savePolicy(AuthorizationPolicy authorizationPolicy) {
        AuthorizationPolicyMarshaller authorizationPolicyMarshaller = new AuthorizationPolicyMarshaller();
        NonEscapedProperties nonEscapedProperties = new NonEscapedProperties();
        authorizationPolicyMarshaller.write(authorizationPolicy, nonEscapedProperties);
        savePolicyIntoVfs(nonEscapedProperties, SpacesAPI.DEFAULT_SPACE_NAME, "Save policy");
    }

    public void initFileSystem() {
        try {
            this.fileSystem = this.ioService.newFileSystem(this.spaces.resolveFileSystemURI(SpacesAPI.Scheme.DEFAULT, SpacesAPI.DEFAULT_SPACE, "security"), new HashMap<String, Object>() { // from class: org.uberfire.backend.server.authz.AuthorizationPolicyVfsStorage.1
                {
                    put("init", Boolean.TRUE);
                    put("internal", Boolean.TRUE);
                }
            });
        } catch (FileSystemAlreadyExistsException e) {
            this.fileSystem = this.ioService.getFileSystem(this.spaces.resolveFileSystemURI(SpacesAPI.Scheme.DEFAULT, SpacesAPI.DEFAULT_SPACE, "security"));
        }
        this.root = this.fileSystem.getRootDirectories().iterator().next();
    }

    public AuthorizationPolicy loadPolicyFromVfs() {
        Path authzPath = getAuthzPath();
        if (!this.ioService.exists(authzPath)) {
            return null;
        }
        final AuthorizationPolicyBuilder newAuthorizationPolicy = this.permissionManager.newAuthorizationPolicy();
        final AuthorizationPolicyMarshaller authorizationPolicyMarshaller = new AuthorizationPolicyMarshaller();
        Files.walkFileTree(authzPath, new SimpleFileVisitor<Path>() { // from class: org.uberfire.backend.server.authz.AuthorizationPolicyVfsStorage.2
            @Override // org.uberfire.java.nio.file.SimpleFileVisitor, org.uberfire.java.nio.file.FileVisitor
            public FileVisitResult visitFile(Path path, BasicFileAttributes basicFileAttributes) throws IOException {
                try {
                    PortablePreconditions.checkNotNull("file", path);
                    PortablePreconditions.checkNotNull("attrs", basicFileAttributes);
                    if (AuthorizationPolicyVfsStorage.this.isPolicyFile(path)) {
                        String readAllString = AuthorizationPolicyVfsStorage.this.ioService.readAllString(path);
                        NonEscapedProperties nonEscapedProperties = new NonEscapedProperties();
                        nonEscapedProperties.load(new StringReader(readAllString));
                        authorizationPolicyMarshaller.read(newAuthorizationPolicy, nonEscapedProperties);
                    }
                    return FileVisitResult.CONTINUE;
                } catch (Exception e) {
                    AuthorizationPolicyVfsStorage.this.logger.error("Authz policy file VFS read error: " + path.getFileName(), (Throwable) e);
                    return FileVisitResult.TERMINATE;
                }
            }
        });
        return newAuthorizationPolicy.build();
    }

    public boolean isPolicyFile(Path path) {
        String obj = path.getName(path.getNameCount() - 1).toString();
        return obj.equals(POLICY_FILE) || obj.startsWith("security-module-");
    }

    @Override // org.uberfire.backend.authz.AuthorizationPolicyStorage
    public void deletePolicyByGroup(Group group, AuthorizationPolicy authorizationPolicy) {
        AuthorizationPolicyMarshaller authorizationPolicyMarshaller = new AuthorizationPolicyMarshaller();
        NonEscapedProperties nonEscapedProperties = new NonEscapedProperties();
        authorizationPolicyMarshaller.remove(group, authorizationPolicy, nonEscapedProperties);
        savePolicyIntoVfs(nonEscapedProperties, SpacesAPI.DEFAULT_SPACE_NAME, "Delete Policy");
    }

    public void savePolicyIntoVfs(NonEscapedProperties nonEscapedProperties, String str, String str2) {
        if (str == null || str2 == null) {
            this.ioService.startBatch(this.fileSystem);
        } else {
            this.ioService.startBatch(this.fileSystem, new CommentedOption(str, str2));
        }
        try {
            try {
                StringWriter stringWriter = new StringWriter();
                try {
                    nonEscapedProperties.store(stringWriter, "Authorization Policy", "Last update: " + new Date().toString());
                    this.ioService.write(getAuthzPath().resolve(POLICY_FILE), stringWriter.toString(), new OpenOption[0]);
                    stringWriter.close();
                    this.ioService.endBatch();
                } catch (Throwable th) {
                    try {
                        stringWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (Exception e) {
                this.logger.error("Authz policy write error.", (Throwable) e);
                this.ioService.endBatch();
            }
        } catch (Throwable th3) {
            this.ioService.endBatch();
            throw th3;
        }
    }

    public Path getAuthzPath() {
        PortablePreconditions.checkNotNull("root", this.root);
        return this.root.resolve("authz");
    }
}
