package be.iminds.ilabt.jfed.fedmon.webapi.service;

import be.iminds.ilabt.jfed.fedmon.rrd.RrdConfig;
import be.iminds.ilabt.jfed.fedmon.webapi.service.json.Testbed;
import be.iminds.ilabt.jfed.fedmon.webapi.service.resource.SearchUriGenerator;
import be.iminds.ilabt.jfed.fedmon.webapi.service.util.EmailSender;
import be.iminds.ilabt.jfed.util.GeniUrn;
import be.iminds.ilabt.jfed.util.KeyUtil;
import be.iminds.ilabt.util.jsonld.JsonLdObjectsMetaData;
import be.iminds.ilabt.util.jsonld.UriTool;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import io.dropwizard.Configuration;
import io.dropwizard.db.DataSourceFactory;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumSet;
import java.util.List;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.postgresql.jdbc2.EscapedFunctions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/iminds/ilabt/jfed/fedmon/webapi/service/FedmonWebApiServiceConfiguration.class */
public class FedmonWebApiServiceConfiguration extends Configuration implements RrdConfig {
    private static final Logger LOG;
    private String baseUrl;

    @JsonIgnore
    private UriTool uriTool;

    @NotNull
    @Valid
    private DataSourceFactory database = new DataSourceFactory();
    private List<String> adminUsers;
    private List<String> createTaskAndResultUsers;
    private List<String> restartUsers;

    @JsonIgnore
    private List<GeniUrn> adminUsersUrns;

    @JsonIgnore
    private List<GeniUrn> createTaskAndResultUsersUrns;

    @JsonIgnore
    private List<GeniUrn> restartUsersUrns;
    private List<String> adminHosts;
    private List<String> createTaskAndResultHosts;
    private List<String> restartHosts;

    @JsonIgnore
    private List<InetAddress> adminHostsAddresses;

    @JsonIgnore
    private List<InetAddress> createTaskAndResultHostsAddresses;

    @JsonIgnore
    private List<InetAddress> restartHostsAddresses;
    private Boolean disableAuthentication;
    private Boolean disableAdminAuthentication;
    private Boolean disableLocalhostAuthentication;
    private Boolean disableLocalhostAdminAuthentication;
    private String rrdDbDir;
    private EmailSender.EmailSenderConfig adminEmail;
    private static JsonLdObjectsMetaData instance;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:be/iminds/ilabt/jfed/fedmon/webapi/service/FedmonWebApiServiceConfiguration$Access.class */
    public enum Access {
        READ,
        CREATE_TASK_AND_RESULT,
        ADMIN,
        RESTART
    }

    @JsonProperty
    @Nullable
    public EmailSender.EmailSenderConfig getAdminEmail() {
        return this.adminEmail;
    }

    @JsonProperty
    public void setAdminEmail(@Nullable EmailSender.EmailSenderConfig emailSenderConfig) {
        this.adminEmail = emailSenderConfig;
    }

    @Override // be.iminds.ilabt.jfed.fedmon.rrd.RrdConfig
    @JsonProperty
    public String getRrdDbDir() {
        return this.rrdDbDir;
    }

    @JsonProperty
    public void setRrdDbDir(String str) {
        this.rrdDbDir = str;
    }

    @JsonProperty
    public String getBaseUrl() {
        return this.baseUrl;
    }

    @JsonProperty
    public void setBaseUrl(String str) {
        this.baseUrl = str;
    }

    @JsonProperty
    public Boolean getDisableAuthentication() {
        return this.disableAuthentication;
    }

    @JsonProperty
    public void setDisableAuthentication(Boolean bool) {
        this.disableAuthentication = bool;
    }

    @JsonProperty
    public Boolean getDisableLocalhostAuthentication() {
        return this.disableLocalhostAuthentication;
    }

    @JsonProperty
    public void setDisableLocalhostAuthentication(Boolean bool) {
        this.disableLocalhostAuthentication = bool;
    }

    @JsonProperty
    public Boolean getDisableLocalhostAdminAuthentication() {
        return this.disableLocalhostAdminAuthentication;
    }

    @JsonProperty
    public void setDisableLocalhostAdminAuthentication(Boolean bool) {
        this.disableLocalhostAdminAuthentication = bool;
    }

    @JsonProperty
    public Boolean getDisableAdminAuthentication() {
        return this.disableAdminAuthentication;
    }

    @JsonProperty
    public void setDisableAdminAuthentication(Boolean bool) {
        this.disableAdminAuthentication = bool;
    }

    @JsonProperty(EscapedFunctions.DATABASE)
    public void setDataSourceFactory(DataSourceFactory dataSourceFactory) {
        this.database = dataSourceFactory;
    }

    @JsonProperty(EscapedFunctions.DATABASE)
    public DataSourceFactory getDataSourceFactory() {
        return this.database;
    }

    @JsonProperty
    public List<String> getAdminUsers() {
        return this.adminUsers;
    }

    @JsonProperty
    public void setAdminUsers(List<String> list) {
        this.adminUsers = list;
    }

    @JsonProperty
    public List<String> getCreateTaskAndResultUsers() {
        return this.createTaskAndResultUsers;
    }

    @JsonProperty
    public void setCreateTaskAndResultUsers(List<String> list) {
        this.createTaskAndResultUsers = list;
    }

    @JsonProperty
    public List<String> getRestartUsers() {
        return this.restartUsers;
    }

    @JsonProperty
    public void setRestartUsers(List<String> list) {
        this.restartUsers = list;
    }

    @JsonProperty
    public List<String> getAdminHosts() {
        return this.adminHosts;
    }

    @JsonProperty
    public void setAdminHosts(List<String> list) {
        this.adminHosts = list;
    }

    @JsonProperty
    public List<String> getCreateTaskAndResultHosts() {
        return this.createTaskAndResultHosts;
    }

    @JsonProperty
    public void setCreateTaskAndResultHosts(List<String> list) {
        this.createTaskAndResultHosts = list;
    }

    @JsonProperty
    public List<String> getRestartHosts() {
        return this.restartHosts;
    }

    @JsonProperty
    public void setRestartHosts(List<String> list) {
        this.restartHosts = list;
    }

    @JsonIgnore
    public JsonLdObjectsMetaData getJsonLdObjectsMetaData() {
        if (instance == null) {
            instance = JsonLdObjectsMetaData.getInstance(Testbed.class.getPackage().getName());
        }
        return instance;
    }

    @JsonIgnore
    public UriTool getUriTool() {
        if (!$assertionsDisabled && this.baseUrl == null) {
            throw new AssertionError();
        }
        if (this.uriTool == null) {
            this.uriTool = getJsonLdObjectsMetaData().makeUriTool(this.baseUrl, new SearchUriGenerator());
        }
        return this.uriTool;
    }

    public void assureAccessAllowed(Access access, HttpServletRequest httpServletRequest) throws WebApplicationException {
        Set<Access> access2 = getAccess(httpServletRequest);
        if (!access2.contains(Access.ADMIN) && !access2.contains(access)) {
            throw new WebApplicationException("Permission denied. You do not have " + access + " access.", Response.Status.FORBIDDEN);
        }
    }

    public boolean hasAnyAccess(HttpServletRequest httpServletRequest, Access... accessArr) throws WebApplicationException {
        Set<Access> access = getAccess(httpServletRequest);
        if (access.contains(Access.ADMIN)) {
            return true;
        }
        for (Access access2 : accessArr) {
            if (access.contains(access2)) {
                return true;
            }
        }
        return false;
    }

    @Nonnull
    public Set<Access> getAccess(HttpServletRequest httpServletRequest) {
        if (this.disableAdminAuthentication != null && this.disableAdminAuthentication.booleanValue()) {
            LOG.debug("getAccess() -> disableAdminAuthentication -> granting all access");
            return EnumSet.allOf(Access.class);
        }
        if (this.disableAuthentication != null && this.disableAuthentication.booleanValue()) {
            LOG.debug("getAccess() -> disableAuthentication -> granting all but ADMIN access");
            return EnumSet.complementOf(EnumSet.of(Access.ADMIN));
        }
        EnumSet noneOf = EnumSet.noneOf(Access.class);
        noneOf.add(Access.READ);
        if (httpServletRequest != null) {
            String remoteAddr = httpServletRequest.getRemoteAddr();
            boolean z = remoteAddr != null && (remoteAddr.equals("0:0:0:0:0:0:0:1") || remoteAddr.equals("::1") || remoteAddr.startsWith("127.0.0.1") || remoteAddr.equals("localhost"));
            LOG.debug("getAccess() -> Got request from \"" + remoteAddr + "\". isLocalhost=" + z);
            if (z && this.disableLocalhostAdminAuthentication.booleanValue()) {
                LOG.debug("getAccess() -> disableLocalhostAdminAuthentication -> granting all access");
                return EnumSet.allOf(Access.class);
            }
            if (z && this.disableLocalhostAuthentication.booleanValue()) {
                LOG.debug("getAccess() -> disableLocalhostAuthentication -> granting all but ADMIN access");
                return EnumSet.complementOf(EnumSet.of(Access.ADMIN));
            }
            if (remoteAddr != null) {
                noneOf.addAll(getHostBasedAccess(remoteAddr));
            }
            GeniUrn authenticatedUserUrn = getAuthenticatedUserUrn(httpServletRequest);
            if (authenticatedUserUrn != null) {
                noneOf.addAll(getUserBasedAccess(authenticatedUserUrn));
            }
        } else {
            LOG.warn("@Context HttpServletRequest request == null. (Are you testing?)");
        }
        return noneOf;
    }

    @Nullable
    public static GeniUrn getAuthenticatedUserUrn(@Nonnull HttpServletRequest httpServletRequest) {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return null;
        }
        List<GeniUrn> findUrnsInCertAltNames = KeyUtil.findUrnsInCertAltNames(x509CertificateArr[0], KeyUtil.AltNamesSource.SUBJECT_ALT_NAMES, true);
        if (findUrnsInCertAltNames.isEmpty()) {
            return null;
        }
        GeniUrn geniUrn = findUrnsInCertAltNames.get(0);
        LOG.debug("getAccess() -> request client cert processed -> Successfully Authenticated as " + geniUrn);
        if (findUrnsInCertAltNames.size() > 1) {
            LOG.debug("getAccess() -> request client cert note: there were additional user URNs in subject alt names. All user urns: " + findUrnsInCertAltNames);
        }
        return geniUrn;
    }

    @Nonnull
    private Set<Access> getUserBasedAccess(@Nonnull GeniUrn geniUrn) {
        initAccessUrns();
        EnumSet noneOf = EnumSet.noneOf(Access.class);
        if (this.adminUsersUrns.contains(geniUrn)) {
            noneOf.add(Access.ADMIN);
        }
        if (this.createTaskAndResultUsersUrns.contains(geniUrn)) {
            noneOf.add(Access.CREATE_TASK_AND_RESULT);
        }
        if (this.restartUsersUrns.contains(geniUrn)) {
            noneOf.add(Access.RESTART);
        }
        LOG.debug("   access=" + noneOf + " for user=\"" + geniUrn + "\"");
        return noneOf;
    }

    @Nonnull
    private Set<Access> getHostBasedAccess(@Nonnull String str) {
        initAccessAddresses();
        try {
            InetAddress byName = InetAddress.getByName(str);
            if (byName == null) {
                LOG.warn("remote address is null");
            }
            EnumSet noneOf = EnumSet.noneOf(Access.class);
            if (this.adminHostsAddresses.contains(byName)) {
                noneOf.add(Access.ADMIN);
            }
            if (this.createTaskAndResultHostsAddresses.contains(byName)) {
                noneOf.add(Access.ADMIN);
            }
            if (this.restartHostsAddresses.contains(byName)) {
                noneOf.add(Access.ADMIN);
            }
            LOG.debug("   access=" + noneOf + " for remoteAddress=\"" + str + "\"");
            return noneOf;
        } catch (UnknownHostException e) {
            LOG.error("Unknown host: \"" + str + "\"", (Throwable) e);
            return Collections.emptySet();
        }
    }

    private void initAccessAddresses() {
        if (this.adminHostsAddresses == null) {
            this.adminHostsAddresses = new ArrayList();
            this.createTaskAndResultHostsAddresses = new ArrayList();
            this.restartHostsAddresses = new ArrayList();
            if (this.adminHosts != null) {
                for (String str : this.adminHosts) {
                    try {
                        InetAddress byName = InetAddress.getByName(str);
                        if (byName != null) {
                            this.adminHostsAddresses.add(byName);
                        } else {
                            LOG.error("Config error: Invalid Internet address in adminHosts: " + str);
                        }
                    } catch (UnknownHostException e) {
                        LOG.error("UnknownHostException calling InetAddress.getByName(\"" + str + "\")", (Throwable) e);
                    }
                }
            }
            if (this.createTaskAndResultHosts != null) {
                for (String str2 : this.createTaskAndResultHosts) {
                    try {
                        InetAddress byName2 = InetAddress.getByName(str2);
                        if (byName2 != null) {
                            this.createTaskAndResultHostsAddresses.add(byName2);
                        } else {
                            LOG.error("Config error: Invalid Internet address in createTaskAndResultHosts: " + str2);
                        }
                    } catch (UnknownHostException e2) {
                        LOG.error("UnknownHostException calling InetAddress.getByName(\"" + str2 + "\")", (Throwable) e2);
                    }
                }
            }
            if (this.restartHosts != null) {
                for (String str3 : this.restartHosts) {
                    try {
                        InetAddress byName3 = InetAddress.getByName(str3);
                        if (byName3 != null) {
                            this.restartHostsAddresses.add(byName3);
                        } else {
                            LOG.error("Config error: Invalid Internet address in restartHosts: " + str3);
                        }
                    } catch (UnknownHostException e3) {
                        LOG.error("UnknownHostException calling InetAddress.getByName(\"" + str3 + "\")", (Throwable) e3);
                    }
                }
            }
        }
        if (!$assertionsDisabled && this.adminHostsAddresses == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && this.createTaskAndResultHostsAddresses == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && this.restartHostsAddresses == null) {
            throw new AssertionError();
        }
    }

    private void initAccessUrns() {
        if (this.adminUsersUrns == null) {
            this.adminUsersUrns = new ArrayList();
            this.createTaskAndResultUsersUrns = new ArrayList();
            this.restartUsersUrns = new ArrayList();
            if (this.createTaskAndResultUsers != null) {
                for (String str : this.createTaskAndResultUsers) {
                    GeniUrn parse = GeniUrn.parse(str.trim());
                    if (parse != null) {
                        this.createTaskAndResultUsersUrns.add(parse);
                    } else {
                        LOG.error("Config error: Invalid user URN in createTaskAndResultUsers: " + str);
                    }
                }
            }
            if (this.adminUsers != null) {
                for (String str2 : this.adminUsers) {
                    GeniUrn parse2 = GeniUrn.parse(str2.trim());
                    if (parse2 != null) {
                        this.adminUsersUrns.add(parse2);
                    } else {
                        LOG.error("Config error: Invalid user URN in adminUsers: " + str2);
                    }
                }
            }
            if (this.restartUsers != null) {
                for (String str3 : this.restartUsers) {
                    GeniUrn parse3 = GeniUrn.parse(str3.trim());
                    if (parse3 != null) {
                        this.restartUsersUrns.add(parse3);
                    } else {
                        LOG.error("Config error: Invalid user URN in restartUsers: " + str3);
                    }
                }
            }
        }
        if (!$assertionsDisabled && this.adminUsersUrns == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && this.createTaskAndResultUsersUrns == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && this.restartUsersUrns == null) {
            throw new AssertionError();
        }
    }

    static {
        $assertionsDisabled = !FedmonWebApiServiceConfiguration.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger((Class<?>) FedmonWebApiServiceConfiguration.class);
        instance = null;
    }
}
