package org.opencastproject.authorization.xacml.manager.impl;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.xml.bind.JAXBException;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.io.IOUtils;
import org.apache.felix.fileinstall.ArtifactInstaller;
import org.opencastproject.authorization.xacml.XACMLParsingException;
import org.opencastproject.authorization.xacml.XACMLUtils;
import org.opencastproject.authorization.xacml.manager.api.AclService;
import org.opencastproject.authorization.xacml.manager.api.AclServiceException;
import org.opencastproject.authorization.xacml.manager.api.AclServiceFactory;
import org.opencastproject.authorization.xacml.manager.api.ManagedAcl;
import org.opencastproject.security.api.AccessControlList;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.OrganizationDirectoryService;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.util.NotFoundException;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(immediate = true, service = {ArtifactInstaller.class, AclScanner.class}, property = {"service.description=Acl Scanner"})
/* loaded from: input_file:org/opencastproject/authorization/xacml/manager/impl/AclScanner.class */
public class AclScanner implements ArtifactInstaller {
    public static final String ACL_DIRECTORY = "acl";
    private static final Logger logger = LoggerFactory.getLogger(AclScanner.class);
    private OrganizationDirectoryService organizationDirectoryService;
    private AclServiceFactory aclServiceFactory;
    private SecurityService securityService;
    private Map<String, Long> managedAcls = new HashMap();

    @Activate
    void activate(BundleContext bundleContext) {
        logger.info("Activated Acl scanner");
    }

    @Deactivate
    void deactivate(BundleContext bundleContext) {
        logger.info("Deactivated Acl scanner");
    }

    @Reference
    void setOrganizationDirectoryService(OrganizationDirectoryService organizationDirectoryService) {
        this.organizationDirectoryService = organizationDirectoryService;
    }

    @Reference
    void setAclServiceFactory(AclServiceFactory aclServiceFactory) {
        this.aclServiceFactory = aclServiceFactory;
    }

    @Reference
    void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    public boolean canHandle(File file) {
        return "acl".equals(file.getParentFile().getName()) && file.getName().endsWith(".xml");
    }

    private void addAcl(File file) throws IOException, XACMLParsingException {
        List<Organization> organizations = this.organizationDirectoryService.getOrganizations();
        logger.debug("Adding Acl {}", file.getAbsolutePath());
        String removeExtension = FilenameUtils.removeExtension(file.getName());
        AccessControlList parseToAcl = parseToAcl(file);
        for (Organization organization : organizations) {
            this.securityService.setOrganization(organization);
            boolean z = false;
            Iterator<ManagedAcl> it = getAclService(organization).getAcls().iterator();
            while (it.hasNext()) {
                if (this.managedAcls.get(generateAclId(it.next().getName(), organization)) == null) {
                    logger.debug("The Acl {} will be not added to the organisation {} as it already contains other not-default Acls.", removeExtension, organization.getName());
                    z = true;
                }
            }
            if (!z) {
                Optional<ManagedAcl> createAcl = getAclService(organization).createAcl(parseToAcl, removeExtension);
                if (createAcl.isPresent()) {
                    this.managedAcls.put(generateAclId(removeExtension, organization), createAcl.get().getId());
                    logger.debug("Acl from '{}' has been added for the organisation {}", removeExtension, organization.getName());
                } else {
                    logger.debug("Acl from '{}' has already been added to the organisation {}.", removeExtension, organization.getName());
                }
            }
        }
    }

    private void updateAcl(File file) throws IOException, XACMLParsingException {
        List<Organization> organizations = this.organizationDirectoryService.getOrganizations();
        logger.debug("Updating Acl {}", file.getAbsolutePath());
        String removeExtension = FilenameUtils.removeExtension(file.getName());
        AccessControlList parseToAcl = parseToAcl(file);
        for (Organization organization : organizations) {
            this.securityService.setOrganization(organization);
            Long l = this.managedAcls.get(generateAclId(removeExtension, organization));
            if (l == null) {
                logger.info("The XACML file {} has not been added to the organisation {} and will therefore not be updated", removeExtension, organization.getName());
            } else if (getAclService(organization).updateAcl(new ManagedAclImpl(l, removeExtension, organization.getId(), parseToAcl))) {
                logger.debug("Acl from XACML file {} has been updated for the organisation {}", removeExtension, organization.getName());
            } else {
                logger.warn("No Acl found with the id {} for the organisation {}.", l, organization.getName());
            }
        }
    }

    private void removeAcl(File file) throws IOException, JAXBException {
        List<Organization> organizations = this.organizationDirectoryService.getOrganizations();
        logger.debug("Removing Acl {}", file.getAbsolutePath());
        String removeExtension = FilenameUtils.removeExtension(file.getName());
        for (Organization organization : organizations) {
            this.securityService.setOrganization(organization);
            Long l = this.managedAcls.get(generateAclId(removeExtension, organization));
            if (l != null) {
                try {
                    getAclService(organization).deleteAcl(l.longValue());
                } catch (NotFoundException e) {
                    logger.warn("Unable to delete managec acl {}: Managed acl already deleted!", l);
                } catch (AclServiceException e2) {
                    logger.error("Unable to delete managed acl {}", l, e2);
                }
            } else {
                logger.debug("No Acl found with the id {}.", l);
            }
        }
    }

    private String generateAclId(String str, Organization organization) {
        return str + "_" + organization.getId();
    }

    private AccessControlList parseToAcl(File file) throws FileNotFoundException, XACMLParsingException {
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(file);
            AccessControlList parseXacml = XACMLUtils.parseXacml(fileInputStream);
            IOUtils.closeQuietly(fileInputStream);
            return parseXacml;
        } catch (Throwable th) {
            IOUtils.closeQuietly(fileInputStream);
            throw th;
        }
    }

    private AclService getAclService(Organization organization) {
        return this.aclServiceFactory.serviceFor(organization);
    }

    public void install(File file) throws Exception {
        logger.info("Installing Acl {}", file.getAbsolutePath());
        addAcl(file);
    }

    public void update(File file) throws Exception {
        logger.info("Updating Acl {}", file.getAbsolutePath());
        updateAcl(file);
    }

    public void uninstall(File file) throws Exception {
        logger.info("Removing Acl {}", file.getAbsolutePath());
        removeAcl(file);
    }
}
