package be.iminds.ilabt.jfed.fedmon.webapi.base;

import be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfiguration.AccessEnum;
import be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface;
import be.iminds.ilabt.jfed.fedmon.webapi.service.util.EmailSender;
import be.iminds.ilabt.jfed.util.GeniUrn;
import be.iminds.ilabt.jfed.util.KeyUtil;
import be.iminds.ilabt.util.jsonld.JsonLdObjectsMetaData;
import be.iminds.ilabt.util.jsonld.UriTool;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import io.dropwizard.Configuration;
import io.dropwizard.db.DataSourceFactory;
import java.lang.Enum;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumMap;
import java.util.EnumSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.eclipse.jetty.util.URIUtil;
import org.postgresql.jdbc2.EscapedFunctions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/iminds/ilabt/jfed/fedmon/webapi/base/AbstractWebApiConfiguration.class */
public abstract class AbstractWebApiConfiguration<Access extends Enum<Access> & AccessEnum> extends Configuration implements AbstractWebApiConfigurationIface<Access> {
    private static final Logger LOG;
    protected final Class<Access> accessClass;
    protected final BaseAccessEnumFactory<Access> accessEnumFactory;
    private String defaultBaseUrl;
    private String baseHttpUrl;
    private String baseHttpsUrl;
    private String baseAuthenticatedHttpsUrl;
    private Integer baseAuthenticatedHttpsUrlPort;
    private List<String> adminUsers;

    @JsonIgnore
    private List<GeniUrn> adminUsersUrns;
    private List<String> adminHosts;

    @JsonIgnore
    private List<InetAddress> adminHostsAddresses;
    private Boolean disableAuthentication;
    private Boolean disableAdminAuthentication;
    private Boolean disableLocalhostAuthentication;
    private Boolean disableLocalhostAdminAuthentication;
    private EmailSender.EmailSenderConfig adminEmail;
    protected static JsonLdObjectsMetaData instance;
    static final /* synthetic */ boolean $assertionsDisabled;

    @NotNull
    @Valid
    private DataSourceFactory database = new DataSourceFactory();

    @JsonIgnore
    protected final Map<AbstractWebApiConfigurationIface.UriType, UriTool> uriToolMap = new EnumMap(AbstractWebApiConfigurationIface.UriType.class);

    /* loaded from: input_file:be/iminds/ilabt/jfed/fedmon/webapi/base/AbstractWebApiConfiguration$AccessEnum.class */
    public interface AccessEnum {
        String getName();
    }

    /* loaded from: input_file:be/iminds/ilabt/jfed/fedmon/webapi/base/AbstractWebApiConfiguration$BaseAccessEnumFactory.class */
    public interface BaseAccessEnumFactory<Access extends Enum<Access> & AccessEnum> {
        /* JADX WARN: Incorrect return type in method signature: ()TAccess; */
        Enum getRead();

        /* JADX WARN: Incorrect return type in method signature: ()TAccess; */
        Enum getAdmin();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractWebApiConfiguration(Class<Access> cls, BaseAccessEnumFactory<Access> baseAccessEnumFactory) {
        this.accessClass = cls;
        this.accessEnumFactory = baseAccessEnumFactory;
    }

    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonProperty
    @Nullable
    public EmailSender.EmailSenderConfig getAdminEmail() {
        return this.adminEmail;
    }

    @JsonProperty
    public void setAdminEmail(@Nullable EmailSender.EmailSenderConfig emailSenderConfig) {
        this.adminEmail = emailSenderConfig;
    }

    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonProperty
    public String getBaseUrl() {
        return this.defaultBaseUrl;
    }

    @JsonProperty
    public void setBaseUrl(String str) {
        this.defaultBaseUrl = str;
    }

    @JsonProperty
    public String getBaseHttpUrl() {
        return this.baseHttpUrl;
    }

    @JsonProperty
    public void setBaseHttpUrl(String str) {
        this.baseHttpUrl = str;
    }

    @JsonProperty
    public String getBaseHttpsUrl() {
        return this.baseHttpsUrl;
    }

    @JsonProperty
    public void setBaseHttpsUrl(String str) {
        this.baseHttpsUrl = str;
    }

    @JsonProperty
    public String getBaseAuthenticatedHttpsUrl() {
        return this.baseAuthenticatedHttpsUrl;
    }

    @JsonProperty
    public void setBaseAuthenticatedHttpsUrl(String str) {
        this.baseAuthenticatedHttpsUrl = str;
        if (str != null) {
            try {
                URL url = new URL(str);
                this.baseAuthenticatedHttpsUrlPort = Integer.valueOf(url.getPort() == -1 ? url.getDefaultPort() : url.getPort());
            } catch (MalformedURLException e) {
                this.baseAuthenticatedHttpsUrlPort = null;
                LOG.error("Invalid URI for setBaseAuthenticatedHttpsUrl: \"" + str + "\"", (Throwable) e);
            }
        } else {
            this.baseAuthenticatedHttpsUrlPort = null;
        }
        LOG.debug("baseAuthenticatedHttpsUrlPort=" + this.baseAuthenticatedHttpsUrlPort + "  for baseAuthenticatedHttpsUrl=" + str);
    }

    @JsonIgnore
    protected Integer getBaseAuthenticatedHttpsUrlPort() {
        return this.baseAuthenticatedHttpsUrlPort;
    }

    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonIgnore
    @Nonnull
    public String getBaseUrl(AbstractWebApiConfigurationIface.UriType uriType) {
        switch (uriType) {
            case DEFAULT:
                return (String) coalesce(this.defaultBaseUrl, this.baseHttpsUrl, this.baseHttpUrl, this.baseAuthenticatedHttpsUrl);
            case HTTP:
                return (String) coalesce(this.baseHttpUrl, this.defaultBaseUrl, this.baseHttpsUrl, this.baseAuthenticatedHttpsUrl);
            case HTTPS:
                return (String) coalesce(this.baseHttpsUrl, this.defaultBaseUrl, this.baseAuthenticatedHttpsUrl, this.baseHttpUrl);
            case AUTHENTICATED_HTTPS:
                return (String) coalesce(this.baseAuthenticatedHttpsUrl, this.baseHttpsUrl, this.defaultBaseUrl, this.baseHttpUrl);
            default:
                throw new IllegalArgumentException("Unknown UriType: " + uriType);
        }
    }

    public static <T> T coalesce(T t, T t2) {
        return t == null ? t2 : t;
    }

    public static <T> T coalesce(T t, T t2, T t3) {
        return t != null ? t : t2 != null ? t2 : t3;
    }

    public static <T> T coalesce(T t, T t2, T t3, T t4) {
        return t != null ? t : t2 != null ? t2 : t3 != null ? t3 : t4;
    }

    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonProperty
    public Boolean getDisableAuthentication() {
        return this.disableAuthentication;
    }

    @JsonProperty
    public void setDisableAuthentication(Boolean bool) {
        this.disableAuthentication = bool;
    }

    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonProperty
    public Boolean getDisableLocalhostAuthentication() {
        return this.disableLocalhostAuthentication;
    }

    @JsonProperty
    public void setDisableLocalhostAuthentication(Boolean bool) {
        this.disableLocalhostAuthentication = bool;
    }

    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonProperty
    public Boolean getDisableLocalhostAdminAuthentication() {
        return this.disableLocalhostAdminAuthentication;
    }

    @JsonProperty
    public void setDisableLocalhostAdminAuthentication(Boolean bool) {
        this.disableLocalhostAdminAuthentication = bool;
    }

    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonProperty
    public Boolean getDisableAdminAuthentication() {
        return this.disableAdminAuthentication;
    }

    @JsonProperty
    public void setDisableAdminAuthentication(Boolean bool) {
        this.disableAdminAuthentication = bool;
    }

    @JsonProperty(EscapedFunctions.DATABASE)
    public void setDataSourceFactory(DataSourceFactory dataSourceFactory) {
        this.database = dataSourceFactory;
    }

    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonProperty(EscapedFunctions.DATABASE)
    public DataSourceFactory getDataSourceFactory() {
        return this.database;
    }

    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonProperty
    public List<String> getAdminUsers() {
        return this.adminUsers;
    }

    @JsonProperty
    public void setAdminUsers(List<String> list) {
        this.adminUsers = list;
    }

    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonProperty
    public List<String> getAdminHosts() {
        return this.adminHosts;
    }

    @JsonProperty
    public void setAdminHosts(List<String> list) {
        this.adminHosts = list;
    }

    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonIgnore
    public JsonLdObjectsMetaData getJsonLdObjectsMetaData() {
        if (instance == null) {
            instance = createJsonLdObjectsMetaData();
        }
        return instance;
    }

    protected abstract JsonLdObjectsMetaData createJsonLdObjectsMetaData();

    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonIgnore
    @Nonnull
    public UriTool getUriTool(AbstractWebApiConfigurationIface.UriType uriType) {
        return this.uriToolMap.computeIfAbsent(uriType, uriType2 -> {
            return createUriTool(getBaseUrl(uriType2));
        });
    }

    @JsonIgnore
    @Nonnull
    protected UriTool createUriTool(String str) {
        return getJsonLdObjectsMetaData().makeUriTool(str, (UriTool.DerivedUriGenerator) null);
    }

    /* JADX WARN: Incorrect types in method signature: (TAccess;Ljavax/servlet/http/HttpServletRequest;)Z */
    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonIgnore
    public boolean isAccessAllowed(Enum r4, HttpServletRequest httpServletRequest) {
        Set<Access> access = getAccess(httpServletRequest);
        return access.contains(this.accessEnumFactory.getAdmin()) || access.contains(r4);
    }

    /* JADX WARN: Incorrect types in method signature: (TAccess;Ljavax/servlet/http/HttpServletRequest;)V */
    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonIgnore
    public void assureAccessAllowed(Enum r6, HttpServletRequest httpServletRequest) throws WebApplicationException {
        if (!isAccessAllowed(r6, httpServletRequest)) {
            throw new WebApplicationException("Permission denied. You do not have " + r6 + " access.", Response.Status.FORBIDDEN);
        }
    }

    /* JADX WARN: Incorrect types in method signature: (Ljavax/servlet/http/HttpServletRequest;[TAccess;)Z */
    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonIgnore
    public boolean hasAnyAccess(HttpServletRequest httpServletRequest, Enum... enumArr) throws WebApplicationException {
        Set<Access> access = getAccess(httpServletRequest);
        if (access.contains(this.accessEnumFactory.getAdmin())) {
            return true;
        }
        for (Enum r0 : enumArr) {
            if (access.contains(r0)) {
                return true;
            }
        }
        return false;
    }

    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @Nonnull
    @JsonIgnore
    public Set<Access> getAccess(HttpServletRequest httpServletRequest) {
        if (this.disableAdminAuthentication != null && this.disableAdminAuthentication.booleanValue()) {
            LOG.debug("getAccess() -> disableAdminAuthentication -> granting all access");
            return EnumSet.allOf(this.accessClass);
        }
        if (this.disableAuthentication != null && this.disableAuthentication.booleanValue()) {
            LOG.debug("getAccess() -> disableAuthentication -> granting all but ADMIN access");
            return EnumSet.complementOf(EnumSet.of(this.accessEnumFactory.getAdmin()));
        }
        EnumSet noneOf = EnumSet.noneOf(this.accessClass);
        noneOf.add(this.accessEnumFactory.getRead());
        if (httpServletRequest != null) {
            String remoteAddr = httpServletRequest.getRemoteAddr();
            boolean z = remoteAddr != null && (remoteAddr.equals("0:0:0:0:0:0:0:1") || remoteAddr.equals("::1") || remoteAddr.startsWith("127.0.0.1") || remoteAddr.equals("localhost"));
            LOG.debug("getAccess() -> Got request from \"" + remoteAddr + "\". isLocalhost=" + z);
            if (z && this.disableLocalhostAdminAuthentication.booleanValue()) {
                LOG.debug("getAccess() -> disableLocalhostAdminAuthentication -> granting all access");
                return EnumSet.allOf(this.accessClass);
            }
            if (z && this.disableLocalhostAuthentication.booleanValue()) {
                LOG.debug("getAccess() -> disableLocalhostAuthentication -> granting all but ADMIN access");
                return EnumSet.complementOf(EnumSet.of(this.accessEnumFactory.getAdmin()));
            }
            if (remoteAddr != null) {
                noneOf.addAll(getHostBasedAccess(remoteAddr));
            }
            GeniUrn authenticatedUserUrn = getAuthenticatedUserUrn(httpServletRequest);
            if (authenticatedUserUrn != null) {
                noneOf.addAll(getUserBasedAccess(authenticatedUserUrn));
            }
        } else {
            LOG.warn("@Context HttpServletRequest request == null. (Are you testing?)");
        }
        return noneOf;
    }

    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @JsonIgnore
    @Nullable
    public GeniUrn getAuthenticatedUserUrn(@Nonnull HttpServletRequest httpServletRequest) {
        return getAuthenticatedUserUrnFromRequest(httpServletRequest);
    }

    @Override // be.iminds.ilabt.jfed.fedmon.webapi.base.AbstractWebApiConfigurationIface
    @Nonnull
    public AbstractWebApiConfigurationIface.UriType getCalledUriType(@Nonnull HttpServletRequest httpServletRequest) {
        String scheme = httpServletRequest.getScheme();
        boolean z = -1;
        switch (scheme.hashCode()) {
            case 3213448:
                if (scheme.equals("http")) {
                    z = false;
                    break;
                }
                break;
            case 99617003:
                if (scheme.equals(URIUtil.HTTPS)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return AbstractWebApiConfigurationIface.UriType.HTTP;
            case true:
                return (getBaseAuthenticatedHttpsUrlPort() == null || httpServletRequest.getServerPort() != getBaseAuthenticatedHttpsUrlPort().intValue()) ? AbstractWebApiConfigurationIface.UriType.HTTPS : AbstractWebApiConfigurationIface.UriType.AUTHENTICATED_HTTPS;
            default:
                LOG.error("getCalledUriType-> unknown request.getProtocol()=" + httpServletRequest.getProtocol());
                return AbstractWebApiConfigurationIface.UriType.DEFAULT;
        }
    }

    @JsonIgnore
    @Nullable
    public static GeniUrn getAuthenticatedUserUrnFromRequest(@Nonnull HttpServletRequest httpServletRequest) {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return null;
        }
        List<GeniUrn> findUrnsInCertAltNames = KeyUtil.findUrnsInCertAltNames(x509CertificateArr[0], KeyUtil.AltNamesSource.SUBJECT_ALT_NAMES, true);
        if (findUrnsInCertAltNames.isEmpty()) {
            return null;
        }
        GeniUrn geniUrn = findUrnsInCertAltNames.get(0);
        LOG.debug("getAccess() -> request client cert processed -> Successfully Authenticated as " + geniUrn);
        if (findUrnsInCertAltNames.size() > 1) {
            LOG.debug("getAccess() -> request client cert note: there were additional user URNs in subject alt names. All user urns: " + findUrnsInCertAltNames);
        }
        return geniUrn;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    @JsonIgnore
    public Set<Access> getUserBasedAccess(@Nonnull GeniUrn geniUrn) {
        initAccessUrns();
        EnumSet noneOf = EnumSet.noneOf(this.accessClass);
        if (this.adminUsersUrns.contains(geniUrn)) {
            noneOf.add(this.accessEnumFactory.getAdmin());
        }
        return noneOf;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    @JsonIgnore
    public Set<Access> getHostBasedAccess(@Nonnull String str) {
        initAccessAddresses();
        try {
            InetAddress byName = InetAddress.getByName(str);
            if (byName == null) {
                LOG.warn("remote address is null");
            }
            EnumSet noneOf = EnumSet.noneOf(this.accessClass);
            if (this.adminHostsAddresses.contains(byName)) {
                noneOf.add(this.accessEnumFactory.getAdmin());
            }
            LOG.debug("   access=" + noneOf + " for remoteAddress=\"" + str + "\"");
            return noneOf;
        } catch (UnknownHostException e) {
            LOG.error("Unknown host: \"" + str + "\"", (Throwable) e);
            return Collections.emptySet();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @JsonIgnore
    public void initAccessAddresses() {
        if (this.adminHostsAddresses == null) {
            this.adminHostsAddresses = new ArrayList();
            if (this.adminHosts != null) {
                for (String str : this.adminHosts) {
                    try {
                        InetAddress byName = InetAddress.getByName(str);
                        if (byName != null) {
                            this.adminHostsAddresses.add(byName);
                        } else {
                            LOG.error("Config error: Invalid Internet address in adminHosts: " + str);
                        }
                    } catch (UnknownHostException e) {
                        LOG.error("UnknownHostException calling InetAddress.getByName(\"" + str + "\")", (Throwable) e);
                    }
                }
            }
        }
        if (!$assertionsDisabled && this.adminHostsAddresses == null) {
            throw new AssertionError();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @JsonIgnore
    public void initAccessUrns() {
        if (this.adminUsersUrns == null) {
            this.adminUsersUrns = new ArrayList();
            if (this.adminUsers != null) {
                for (String str : this.adminUsers) {
                    GeniUrn parse = GeniUrn.parse(str.trim());
                    if (parse != null) {
                        this.adminUsersUrns.add(parse);
                    } else {
                        LOG.error("Config error: Invalid user URN in adminUsers: " + str);
                    }
                }
            }
        }
        if (!$assertionsDisabled && this.adminUsersUrns == null) {
            throw new AssertionError();
        }
    }

    static {
        $assertionsDisabled = !AbstractWebApiConfiguration.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger((Class<?>) AbstractWebApiConfiguration.class);
        instance = null;
    }
}
