package org.eclipse.hono.authorization.impl;

import io.vertx.core.Future;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.EnumSet;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.stream.Collectors;
import org.eclipse.hono.authorization.AccessControlList;
import org.eclipse.hono.authorization.AclEntry;
import org.eclipse.hono.authorization.Permission;
import org.eclipse.hono.util.ResourceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/eclipse/hono/authorization/impl/InMemoryAuthorizationService.class */
public final class InMemoryAuthorizationService extends BaseAuthorizationService {
    static final Resource DEFAULT_PERMISSIONS_RESOURCE = new ClassPathResource("/permissions.json");
    private static final Logger LOGGER = LoggerFactory.getLogger(InMemoryAuthorizationService.class);
    private static final ConcurrentMap<ResourceIdentifier, AccessControlList> resources = new ConcurrentHashMap();
    private Resource permissionsResource = DEFAULT_PERMISSIONS_RESOURCE;

    @Value("${hono.permissions.path:classpath:/permissions.json}")
    public void setPermissionsResource(Resource resource) {
        this.permissionsResource = (Resource) Objects.requireNonNull(resource);
    }

    @Override // org.eclipse.hono.authorization.impl.BaseAuthorizationService
    protected void doStart(Future<Void> future) {
        try {
            loadPermissions();
            future.complete();
        } catch (IOException e) {
            LOGGER.error("cannot load permissions from resource {}", this.permissionsResource, e);
            future.fail(e);
        }
    }

    @Override // org.eclipse.hono.authorization.AuthorizationService
    public boolean hasPermission(String str, ResourceIdentifier resourceIdentifier, Permission permission) {
        Objects.requireNonNull(str, "subject is required");
        Objects.requireNonNull(resourceIdentifier, "resources is required");
        Objects.requireNonNull(permission, "permission is required");
        return hasPermissionForTenant(str, resourceIdentifier, permission) || hasPermissionInternal(str, resourceIdentifier, permission);
    }

    private boolean hasPermissionForTenant(String str, ResourceIdentifier resourceIdentifier, Permission permission) {
        if (resourceIdentifier.getResourceId() != null) {
            return hasPermissionInternal(str, ResourceIdentifier.from(resourceIdentifier.getEndpoint(), resourceIdentifier.getTenantId(), (String) null), permission);
        }
        return false;
    }

    private boolean hasPermissionInternal(String str, ResourceIdentifier resourceIdentifier, Permission permission) {
        return ((Boolean) Optional.ofNullable(resources.get(resourceIdentifier)).map(accessControlList -> {
            return Boolean.valueOf(accessControlList.hasPermission(str, permission));
        }).orElse(false)).booleanValue();
    }

    @Override // org.eclipse.hono.authorization.AuthorizationService
    public void addPermission(String str, ResourceIdentifier resourceIdentifier, Permission permission, Permission... permissionArr) {
        Objects.requireNonNull(permission, "permission is required");
        addPermission(str, resourceIdentifier, EnumSet.of(permission, permissionArr));
    }

    @Override // org.eclipse.hono.authorization.AuthorizationService
    public void addPermission(String str, ResourceIdentifier resourceIdentifier, Set<Permission> set) {
        Objects.requireNonNull(str, "subject is required");
        Objects.requireNonNull(resourceIdentifier, "resource is required");
        Objects.requireNonNull(set, "permission is required");
        LOGGER.trace("adding permission {} for subject {} on resource {}.", new Object[]{set, str, resourceIdentifier});
        resources.computeIfAbsent(resourceIdentifier, resourceIdentifier2 -> {
            return new AccessControlList(new AclEntry[0]);
        }).setAclEntry(new AclEntry(str, set));
    }

    @Override // org.eclipse.hono.authorization.AuthorizationService
    public void removePermission(String str, ResourceIdentifier resourceIdentifier, Permission permission, Permission... permissionArr) {
        Objects.requireNonNull(str, "subject is required");
        Objects.requireNonNull(resourceIdentifier, "resource is required");
        Objects.requireNonNull(permission, "permission is required");
        EnumSet of = EnumSet.of(permission, permissionArr);
        LOGGER.trace("removing permission {} for subject {} on resource {}.", new Object[]{permission, str, resourceIdentifier});
        resources.computeIfPresent(resourceIdentifier, (resourceIdentifier2, accessControlList) -> {
            Optional.ofNullable(accessControlList.getAclEntry(str)).map((v0) -> {
                return v0.getPermissions();
            }).ifPresent(set -> {
                set.removeAll(of);
            });
            return accessControlList;
        });
    }

    private void loadPermissions() throws IOException {
        if (this.permissionsResource == null) {
            throw new IllegalStateException("permissions resource is not set");
        }
        if (!this.permissionsResource.isReadable()) {
            throw new FileNotFoundException("permissions resource does not exist");
        }
        LOGGER.info("loading permissions from resource {}", this.permissionsResource.getURI().toString());
        StringBuilder sb = new StringBuilder();
        load(this.permissionsResource, sb);
        parsePermissions(new JsonObject(sb.toString()));
    }

    private void load(Resource resource, StringBuilder sb) throws IOException {
        char[] cArr = new char[4096];
        InputStreamReader inputStreamReader = new InputStreamReader(resource.getInputStream(), StandardCharsets.UTF_8);
        Throwable th = null;
        while (true) {
            try {
                try {
                    int read = inputStreamReader.read(cArr);
                    if (read <= 0) {
                        break;
                    } else {
                        sb.append(cArr, 0, read);
                    }
                } catch (Throwable th2) {
                    th = th2;
                    throw th2;
                }
            } catch (Throwable th3) {
                if (inputStreamReader != null) {
                    if (th != null) {
                        try {
                            inputStreamReader.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        inputStreamReader.close();
                    }
                }
                throw th3;
            }
        }
        if (inputStreamReader != null) {
            if (0 == 0) {
                inputStreamReader.close();
                return;
            }
            try {
                inputStreamReader.close();
            } catch (Throwable th5) {
                th.addSuppressed(th5);
            }
        }
    }

    private void parsePermissions(JsonObject jsonObject) {
        jsonObject.stream().filter(entry -> {
            return entry.getValue() instanceof JsonObject;
        }).forEach(entry2 -> {
            ResourceIdentifier resourceIdentifier = getResourceIdentifier(entry2);
            ((JsonObject) entry2.getValue()).stream().filter(entry2 -> {
                return entry2.getValue() instanceof JsonArray;
            }).forEach(entry3 -> {
                addPermission((String) entry3.getKey(), resourceIdentifier, toSet((JsonArray) entry3.getValue()));
            });
        });
    }

    private ResourceIdentifier getResourceIdentifier(Map.Entry<String, Object> entry) {
        return this.honoConfig.isSingleTenant() ? ResourceIdentifier.fromStringAssumingDefaultTenant(entry.getKey()) : ResourceIdentifier.fromString(entry.getKey());
    }

    private Set<Permission> toSet(JsonArray jsonArray) {
        return (Set) jsonArray.stream().filter(obj -> {
            return obj instanceof String;
        }).map(obj2 -> {
            return (String) obj2;
        }).map(Permission::valueOf).collect(Collectors.toSet());
    }
}
