package be.iminds.ilabt.jfed.fedmon.webapi.service;

import be.iminds.ilabt.jfed.fedmon.rrd.RrdConfig;
import be.iminds.ilabt.jfed.fedmon.webapi.service.json.Testbed;
import be.iminds.ilabt.jfed.fedmon.webapi.service.resource.SearchUriGenerator;
import be.iminds.ilabt.jfed.fedmon.webapi.service.util.EmailSender;
import be.iminds.ilabt.jfed.util.GeniUrn;
import be.iminds.ilabt.jfed.util.KeyUtil;
import be.iminds.ilabt.util.jsonld.JsonLdObjectsMetaData;
import be.iminds.ilabt.util.jsonld.UriTool;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import io.dropwizard.Configuration;
import io.dropwizard.db.DataSourceFactory;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.postgresql.jdbc2.EscapedFunctions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/iminds/ilabt/jfed/fedmon/webapi/service/FedmonWebApiServiceConfiguration.class */
public class FedmonWebApiServiceConfiguration extends Configuration implements RrdConfig {
    private static final Logger LOG;
    private String baseUrl;

    @JsonIgnore
    private UriTool uriTool;

    @NotNull
    @Valid
    private DataSourceFactory database = new DataSourceFactory();
    private List<String> adminUsers;
    private List<String> createTaskAndResultUsers;
    private List<String> restartUsers;
    private List<String> adminHosts;
    private List<String> createTaskAndResultHosts;
    private List<String> restartHosts;
    private Boolean disableAuthentication;
    private Boolean disableAdminAuthentication;
    private Boolean disableLocalhostAuthentication;
    private Boolean disableLocalhostAdminAuthentication;
    private String rrdDbDir;
    private EmailSender.EmailSenderConfig adminEmail;
    private static JsonLdObjectsMetaData instance;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:be/iminds/ilabt/jfed/fedmon/webapi/service/FedmonWebApiServiceConfiguration$Access.class */
    public enum Access {
        CREATE_TASK_AND_RESULT,
        ADMIN,
        RESTART
    }

    @JsonProperty
    @Nullable
    public EmailSender.EmailSenderConfig getAdminEmail() {
        return this.adminEmail;
    }

    @JsonProperty
    public void setAdminEmail(@Nullable EmailSender.EmailSenderConfig emailSenderConfig) {
        this.adminEmail = emailSenderConfig;
    }

    @Override // be.iminds.ilabt.jfed.fedmon.rrd.RrdConfig
    @JsonProperty
    public String getRrdDbDir() {
        return this.rrdDbDir;
    }

    @JsonProperty
    public void setRrdDbDir(String str) {
        this.rrdDbDir = str;
    }

    @JsonProperty
    public String getBaseUrl() {
        return this.baseUrl;
    }

    @JsonProperty
    public void setBaseUrl(String str) {
        this.baseUrl = str;
    }

    @JsonProperty
    public Boolean getDisableAuthentication() {
        return this.disableAuthentication;
    }

    @JsonProperty
    public void setDisableAuthentication(Boolean bool) {
        this.disableAuthentication = bool;
    }

    @JsonProperty
    public Boolean getDisableLocalhostAuthentication() {
        return this.disableLocalhostAuthentication;
    }

    @JsonProperty
    public void setDisableLocalhostAuthentication(Boolean bool) {
        this.disableLocalhostAuthentication = bool;
    }

    @JsonProperty
    public Boolean getDisableLocalhostAdminAuthentication() {
        return this.disableLocalhostAdminAuthentication;
    }

    @JsonProperty
    public void setDisableLocalhostAdminAuthentication(Boolean bool) {
        this.disableLocalhostAdminAuthentication = bool;
    }

    @JsonProperty
    public Boolean getDisableAdminAuthentication() {
        return this.disableAdminAuthentication;
    }

    @JsonProperty
    public void setDisableAdminAuthentication(Boolean bool) {
        this.disableAdminAuthentication = bool;
    }

    @JsonProperty(EscapedFunctions.DATABASE)
    public void setDataSourceFactory(DataSourceFactory dataSourceFactory) {
        this.database = dataSourceFactory;
    }

    @JsonProperty(EscapedFunctions.DATABASE)
    public DataSourceFactory getDataSourceFactory() {
        return this.database;
    }

    @JsonProperty
    public List<String> getAdminUsers() {
        return this.adminUsers;
    }

    @JsonProperty
    public void setAdminUsers(List<String> list) {
        this.adminUsers = list;
    }

    @JsonProperty
    public List<String> getCreateTaskAndResultUsers() {
        return this.createTaskAndResultUsers;
    }

    @JsonProperty
    public void setCreateTaskAndResultUsers(List<String> list) {
        this.createTaskAndResultUsers = list;
    }

    @JsonProperty
    public List<String> getRestartUsers() {
        return this.restartUsers;
    }

    @JsonProperty
    public void setRestartUsers(List<String> list) {
        this.restartUsers = list;
    }

    @JsonProperty
    public List<String> getAdminHosts() {
        return this.adminHosts;
    }

    @JsonProperty
    public void setAdminHosts(List<String> list) {
        this.adminHosts = list;
    }

    @JsonProperty
    public List<String> getCreateTaskAndResultHosts() {
        return this.createTaskAndResultHosts;
    }

    @JsonProperty
    public void setCreateTaskAndResultHosts(List<String> list) {
        this.createTaskAndResultHosts = list;
    }

    @JsonProperty
    public List<String> getRestartHosts() {
        return this.restartHosts;
    }

    @JsonProperty
    public void setRestartHosts(List<String> list) {
        this.restartHosts = list;
    }

    @JsonIgnore
    public JsonLdObjectsMetaData getJsonLdObjectsMetaData() {
        if (instance == null) {
            instance = JsonLdObjectsMetaData.getInstance(Testbed.class.getPackage().getName());
        }
        return instance;
    }

    @JsonIgnore
    public UriTool getUriTool() {
        if (!$assertionsDisabled && this.baseUrl == null) {
            throw new AssertionError();
        }
        if (this.uriTool == null) {
            this.uriTool = getJsonLdObjectsMetaData().makeUriTool(this.baseUrl, new SearchUriGenerator());
        }
        return this.uriTool;
    }

    public void assureAccessAllowed(Access access, HttpServletRequest httpServletRequest) throws WebApplicationException {
        if (!hasAccess(access, httpServletRequest)) {
            throw new WebApplicationException("Permission denied", Response.Status.FORBIDDEN);
        }
    }

    public boolean hasAccess(Access access, GeniUrn geniUrn) {
        if (access != Access.ADMIN && this.disableAuthentication != null && this.disableAuthentication.booleanValue()) {
            return true;
        }
        if (access == Access.ADMIN && this.disableAdminAuthentication != null && this.disableAdminAuthentication.booleanValue()) {
            return true;
        }
        if (geniUrn == null) {
            return false;
        }
        if (access == Access.ADMIN || access == Access.CREATE_TASK_AND_RESULT || access == Access.RESTART) {
            LOG.debug("Checking if " + geniUrn + " is in admin list " + this.adminUsers);
            if (this.adminUsers != null && !this.adminUsers.isEmpty()) {
                Iterator<String> it = this.adminUsers.iterator();
                while (it.hasNext()) {
                    GeniUrn parse = GeniUrn.parse(it.next().trim());
                    if (parse != null && geniUrn.equals(parse)) {
                        return true;
                    }
                }
            }
        }
        if (access == Access.CREATE_TASK_AND_RESULT && this.createTaskAndResultUsers != null && !this.createTaskAndResultUsers.isEmpty()) {
            Iterator<String> it2 = this.createTaskAndResultUsers.iterator();
            while (it2.hasNext()) {
                GeniUrn parse2 = GeniUrn.parse(it2.next().trim());
                if (parse2 != null && geniUrn.equals(parse2)) {
                    return true;
                }
            }
        }
        if (access != Access.RESTART || this.restartUsers == null || this.restartUsers.isEmpty()) {
            return false;
        }
        Iterator<String> it3 = this.restartUsers.iterator();
        while (it3.hasNext()) {
            GeniUrn parse3 = GeniUrn.parse(it3.next().trim());
            if (parse3 != null && geniUrn.equals(parse3)) {
                return true;
            }
        }
        return false;
    }

    public boolean hasHostAccess(Access access, String str) {
        try {
            InetAddress byName = InetAddress.getByName(str);
            if (byName == null) {
                LOG.warn("remote address is null");
            }
            if (this.adminHosts != null && (access == Access.ADMIN || access == Access.CREATE_TASK_AND_RESULT || access == Access.RESTART)) {
                Iterator<String> it = this.adminHosts.iterator();
                while (it.hasNext()) {
                    InetAddress byName2 = InetAddress.getByName(it.next());
                    if (byName2 != null && byName2.equals(byName)) {
                        return true;
                    }
                }
            }
            if (this.createTaskAndResultHosts != null && access == Access.CREATE_TASK_AND_RESULT) {
                Iterator<String> it2 = this.createTaskAndResultHosts.iterator();
                while (it2.hasNext()) {
                    InetAddress byName3 = InetAddress.getByName(it2.next());
                    if (byName3 != null && byName3.equals(byName)) {
                        return true;
                    }
                }
            }
            if (this.restartHosts != null && access == Access.RESTART) {
                Iterator<String> it3 = this.restartHosts.iterator();
                while (it3.hasNext()) {
                    InetAddress byName4 = InetAddress.getByName(it3.next());
                    if (byName4 != null && byName4.equals(byName)) {
                        return true;
                    }
                }
            }
            LOG.error("hasHostAccess=false for remoteAddress=\"" + str + "\"");
            return false;
        } catch (UnknownHostException e) {
            LOG.error("Unknown host", (Throwable) e);
            return false;
        }
    }

    public boolean hasAccess(Access access, HttpServletRequest httpServletRequest) {
        if (access != Access.ADMIN && this.disableAuthentication != null && this.disableAuthentication.booleanValue()) {
            return true;
        }
        if (access == Access.ADMIN && this.disableAdminAuthentication != null && this.disableAdminAuthentication.booleanValue()) {
            return true;
        }
        if (httpServletRequest == null) {
            LOG.warn("@Context HttpServletRequest request == null. (Are you testing?)");
            return false;
        }
        String remoteAddr = httpServletRequest.getRemoteAddr();
        boolean z = remoteAddr != null && (remoteAddr.equals("0:0:0:0:0:0:0:1") || remoteAddr.equals("::1") || remoteAddr.startsWith("127.0.0.1") || remoteAddr.equals("localhost"));
        LOG.debug("Got request from \"" + remoteAddr + "\". isLocalhost=" + z);
        if (access != Access.ADMIN && z && this.disableLocalhostAuthentication != null && this.disableLocalhostAuthentication.booleanValue()) {
            return true;
        }
        if ((access == Access.ADMIN && z && this.disableLocalhostAdminAuthentication != null && this.disableLocalhostAdminAuthentication.booleanValue()) || hasHostAccess(access, remoteAddr)) {
            return true;
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr == null) {
            LOG.debug("request client cert = null");
            return false;
        }
        if (x509CertificateArr.length == 0) {
            LOG.debug("request client cert = empty");
            return false;
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        List<GeniUrn> findUrnsInCertAltNames = KeyUtil.findUrnsInCertAltNames(x509Certificate, KeyUtil.AltNamesSource.SUBJECT_ALT_NAMES, true);
        if (findUrnsInCertAltNames.isEmpty()) {
            LOG.debug("request client cert contains no user URNs in the subject al names. (principal name=" + x509Certificate.getSubjectX500Principal().getName() + DefaultExpressionEngine.DEFAULT_INDEX_END);
            return false;
        }
        GeniUrn geniUrn = findUrnsInCertAltNames.get(0);
        LOG.debug("request client cert processed -> Successfully Authenticated as " + geniUrn);
        if (findUrnsInCertAltNames.size() > 1) {
            LOG.debug("request client cert note: there were additional user URNs in subject alt names. All user urns: " + findUrnsInCertAltNames);
        }
        return hasAccess(access, geniUrn);
    }

    static {
        $assertionsDisabled = !FedmonWebApiServiceConfiguration.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger((Class<?>) FedmonWebApiServiceConfiguration.class);
        instance = null;
    }
}
