package com.supermap.services.rest.resources.impl;

import com.supermap.services.rest.HttpException;
import com.supermap.services.rest.PostResult;
import com.supermap.services.rest.commontypes.RequestEntityParamInfo;
import com.supermap.services.rest.resources.ResourceBase;
import com.supermap.services.rest.resources.SecurityResource;
import com.supermap.services.rest.util.JsonConverter;
import com.supermap.services.security.CasRealm;
import com.supermap.services.security.Manager;
import com.supermap.services.security.Role;
import com.supermap.services.security.SecurityConstants;
import com.supermap.services.security.ShiroUtil;
import com.supermap.services.security.SubjectType;
import com.supermap.services.security.UrlRule;
import com.supermap.services.security.User;
import com.supermap.services.security.UserGroup;
import com.supermap.services.util.LogUtil;
import com.supermap.services.util.OperationResourceManager;
import com.supermap.services.util.ResourceManager;
import com.supermap.services.util.log.OperationLogBasicInfo;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.restlet.Context;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.data.CharacterSet;
import org.restlet.data.Method;
import org.restlet.data.Reference;
import org.restlet.data.Status;
import org.slf4j.cal10n.LocLogger;

/* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/services/rest/resources/impl/SecurityResourceBase.class */
public abstract class SecurityResourceBase extends ResourceBase {
    protected Manager securityManager;
    protected static final String USERPARAMNAME = "userName";
    protected static final String USERGROUPPARAMNAME = "userGroupName";
    protected static final String ROLEPARAMNAME = "roleName";
    protected static final String URLRULEPARAMNAME = "urlRuleName";
    private static final String c = "instance";
    private static final String d = "notInstance";
    private OperationLogBasicInfo e;
    private static ResourceManager a = new ResourceManager("com.supermap.services.rest.SecurityResource");
    protected static final OperationResourceManager operationResource = new OperationResourceManager("com.supermap.services.rest.SecurityResource");
    private static LocLogger b = LogUtil.getOperationLocLogger(SecurityResourceBase.class, operationResource);

    public SecurityResourceBase(Context context, Request request, Response response) {
        super(context, request, response);
        this.securityManager = Manager.getInstance();
        this.e = new OperationLogBasicInfo();
        this.e.userName = SecurityUtils.getSubject().getPrincipal().toString();
        this.e.clientAddress = request.getClientInfo().getAddress();
        this.e.requestURL = request.getResourceRef().toString();
    }

    @Override // com.supermap.services.rest.resources.ResourceBase
    public boolean isResourceExist() {
        return getSecurityManager() != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    public Object processRequest(Method method, boolean z) {
        List<UserGroup> list = null;
        Manager securityManager = getSecurityManager();
        SubjectType a2 = a();
        Object requestEntityObject = getRequestEntityObject();
        if (SubjectType.USER.equals(a2)) {
            String subjectName = getSubjectName(USERPARAMNAME);
            User user = (User) requestEntityObject;
            if (Method.GET.equals(method)) {
                if (!z) {
                    return securityManager.getUser(subjectName);
                }
                List<User> allUsers = securityManager.getAllUsers();
                ArrayList arrayList = new ArrayList();
                for (User user2 : allUsers) {
                    String[] strArr = {user2.name, "", "", String.valueOf(user2.isLocked), String.valueOf(user2.expirationTime)};
                    if (ArrayUtils.isNotEmpty(user2.userGroups)) {
                        strArr[1] = StringUtils.join((String[]) ArrayUtils.removeElement(user2.userGroups, SecurityConstants.GROUP_LDAP_AUTHORIZED), ",");
                    }
                    if (ArrayUtils.isNotEmpty(user2.roles)) {
                        strArr[2] = StringUtils.join((String[]) ArrayUtils.removeElement(user2.roles, "SYSTEM"), ",");
                    }
                    arrayList.add(strArr);
                }
                list = arrayList;
            } else if (Method.PUT.equals(method)) {
                User user3 = securityManager.getUser(subjectName);
                securityManager.alterUser(subjectName, user);
                recordUserChanged(user, user3);
            } else if (Method.DELETE.equals(method)) {
                securityManager.removeUser(subjectName);
            } else if (Method.POST.equals(method)) {
                securityManager.addUser(user);
                PostResult postResult = new PostResult();
                postResult.childID = user.name;
                postResult.childUrl = getRemainingURL() + "/" + user.name;
                list = postResult;
                b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_USER_POST_SUCCEED, user.name) + this.e);
            }
        } else if (SubjectType.USERGROUP.equals(a2)) {
            String subjectName2 = getSubjectName(USERGROUPPARAMNAME);
            UserGroup userGroup = (UserGroup) requestEntityObject;
            if (Method.GET.equals(method)) {
                list = z ? securityManager.getAllUserGroup() : securityManager.getUserGroup(subjectName2);
            } else if (Method.PUT.equals(method)) {
                UserGroup userGroup2 = securityManager.getUserGroup(subjectName2);
                securityManager.alterUserGroup(subjectName2, userGroup);
                recordUserGroupChanged(userGroup, userGroup2);
            } else if (Method.DELETE.equals(method)) {
                securityManager.removeUserGroup(subjectName2);
                b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_USERGROUP_DELETE_SUCCEED, subjectName2) + this.e);
            } else if (Method.POST.equals(method)) {
                securityManager.addUserGroup(userGroup);
                PostResult postResult2 = new PostResult();
                postResult2.childID = userGroup.name;
                postResult2.childUrl = getRemainingURL() + "/" + userGroup.name;
                list = postResult2;
                b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_USERGROUP_POST_SUCCEED, userGroup.name) + this.e);
            }
        } else if (SubjectType.ROLE.equals(a2)) {
            String subjectName3 = getSubjectName(ROLEPARAMNAME);
            Role role = (Role) requestEntityObject;
            if (Method.GET.equals(method)) {
                if (z) {
                    String str = getURLParameter().get("instance");
                    String str2 = getURLParameter().get(d);
                    list = null != str ? securityManager.listRolesByInstance(str) : null != str2 ? securityManager.listRolesByNotInstance(str2) : securityManager.getAllRoles();
                } else {
                    list = securityManager.getRole(subjectName3);
                }
            } else if (Method.PUT.equals(method)) {
                Role role2 = securityManager.getRole(subjectName3);
                securityManager.alterRole(subjectName3, role);
                recordRolesChanged(role, role2);
            } else if (Method.DELETE.equals(method)) {
                securityManager.removeRole(subjectName3);
            } else if (Method.POST.equals(method)) {
                securityManager.addRole(role);
                PostResult postResult3 = new PostResult();
                postResult3.childID = role.name;
                postResult3.childUrl = getRemainingURL() + "/" + role.name;
                list = postResult3;
                b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_ROLE_POST_SUCCEED, role.name) + this.e);
            }
        } else {
            if (!SubjectType.URLRULE.equals(a2)) {
                throw new HttpException(500, "subject " + a2 + " does not exist");
            }
            String subjectName4 = getSubjectName(URLRULEPARAMNAME);
            UrlRule urlRule = (UrlRule) requestEntityObject;
            if (Method.GET.equals(method)) {
                list = z ? securityManager.listUrlRules() : securityManager.getUrlRule(subjectName4);
            } else if (Method.PUT.equals(method)) {
                urlRule.id = subjectName4;
                securityManager.alterUrlRule(subjectName4, urlRule);
            } else if (Method.DELETE.equals(method)) {
                securityManager.removeUrlRule(subjectName4);
            } else if (Method.POST.equals(method)) {
                securityManager.addUrlRule(urlRule);
                PostResult postResult4 = new PostResult();
                postResult4.childID = urlRule.id;
                postResult4.childUrl = getRemainingURL() + "/" + urlRule.id;
                list = postResult4;
            }
        }
        return list;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeResource(Object obj) {
        List<String> list = (List) obj;
        Manager securityManager = getSecurityManager();
        SubjectType a2 = a();
        try {
            if (SubjectType.USER.equals(a2)) {
                for (String str : list) {
                    securityManager.removeUser(str);
                    b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_REMOVE_USER_SUCCEED, str) + this.e);
                }
            } else if (SubjectType.USERGROUP.equals(a2)) {
                for (String str2 : list) {
                    securityManager.removeUserGroup(str2);
                    b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_USERGROUP_DELETE_SUCCEED, str2) + this.e);
                }
            } else if (SubjectType.ROLE.equals(a2)) {
                for (String str3 : list) {
                    securityManager.removeRole(str3);
                    b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_REMOVE_ROLE_SUCCEED, str3) + this.e);
                }
            } else {
                if (!SubjectType.URLRULE.equals(a2)) {
                    throw new HttpException(Status.CLIENT_ERROR_BAD_REQUEST, "subject " + a2 + " does not exist");
                }
                for (String str4 : list) {
                    securityManager.removeUrlRule(str4);
                    b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_REMOVE_URLRULE_SUCCEED, str4) + this.e);
                }
            }
        } catch (IllegalArgumentException e) {
            throw new HttpException(Status.CLIENT_ERROR_BAD_REQUEST, e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getSubjectName(String str) {
        Object obj = getRequest().getAttributes().get(str);
        if (!(obj instanceof String)) {
            return null;
        }
        String str2 = (String) obj;
        if (str2.indexOf(46) != -1) {
            str2 = str2.substring(0, str2.lastIndexOf(46));
        }
        return Reference.decode(str2, CharacterSet.UTF_8);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Class<?> resolveSubjectClass(SubjectType subjectType) {
        if (SubjectType.USER.equals(subjectType)) {
            return User.class;
        }
        if (SubjectType.ROLE.equals(subjectType)) {
            return Role.class;
        }
        if (SubjectType.USERGROUP.equals(subjectType)) {
            return UserGroup.class;
        }
        if (SubjectType.URLRULE.equals(subjectType)) {
            return UrlRule.class;
        }
        throw new HttpException(500, "subject " + subjectType + " does not exist");
    }

    @Override // com.supermap.services.rest.resources.ResourceBase
    public Object getResourceContent() {
        return null;
    }

    @Override // com.supermap.services.rest.resources.ResourceBase
    public boolean isUpdate() {
        return false;
    }

    @Override // com.supermap.services.rest.resources.ResourceBase
    public void update(Object obj) throws HttpException {
    }

    @Override // com.supermap.services.rest.resources.ResourceBase
    public void doDelete() throws HttpException {
    }

    @Override // com.supermap.services.rest.resources.ResourceBase
    public void create(Object obj) throws HttpException {
    }

    @Override // com.supermap.services.rest.resources.ResourceBase
    public PostResult createChild(Object obj) throws HttpException {
        return null;
    }

    @Override // com.supermap.services.rest.resources.ResourceBase
    public void addResourceContent(Object obj) {
    }

    @Override // com.supermap.services.rest.resources.ResourceBase
    public Object getChildResourceStatus(String str) {
        return null;
    }

    @Override // com.supermap.services.rest.resources.ResourceBase
    public boolean isAddContent() {
        return false;
    }

    @Override // com.supermap.services.rest.resources.ResourceBase
    public RequestEntityParamInfo getRequestEntityParamInfo(Method method) {
        return null;
    }

    @Override // com.supermap.services.rest.resources.ResourceBase
    public Map<String, Object> getCustomVariableMap() {
        Map<String, Object> createRootURLAndContextNameMapping = super.createRootURLAndContextNameMapping();
        CasRealm casRealm = ShiroUtil.getCasRealm();
        if (casRealm != null) {
            createRootURLAndContextNameMapping.put("casRealmEnabled", String.valueOf(casRealm.isEnabled()));
        } else {
            createRootURLAndContextNameMapping.put("casRealmEnabled", "false");
        }
        return createRootURLAndContextNameMapping;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Manager getSecurityManager() {
        return this.securityManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract SubjectType a();

    /* JADX INFO: Access modifiers changed from: protected */
    public void supportedOperations(String[] strArr) {
        setSupportedOperations(Arrays.asList(strArr));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getJsonValue(Object obj) {
        Object obj2 = null;
        JsonConverter jsonConverter = new JsonConverter();
        if (obj != null) {
            obj2 = jsonConverter.toFormatedObject(obj);
        }
        if (obj2 != null) {
            return obj2.toString();
        }
        return null;
    }

    protected void recordUserGroupChanged(UserGroup userGroup, UserGroup userGroup2) {
        boolean equals = Arrays.equals(userGroup.roles, userGroup2.roles);
        boolean equals2 = Arrays.equals(userGroup.users, userGroup2.users);
        if (equals && !equals2) {
            b.info(operationResource.getMessage((OperationResourceManager) SecurityResource.SECURITYRESOURCEBASE_USERGROUP_USERS_PUT_SUCCEED, userGroup2.name) + this.e);
            return;
        }
        if (!equals && equals2) {
            b.info(operationResource.getMessage((OperationResourceManager) SecurityResource.SECURITYRESOURCEBASE_USERGROUP_ROLES_PUT_SUCCEED, userGroup2.name) + this.e);
        } else if (equals2 || equals) {
            b.info(operationResource.getMessage((OperationResourceManager) SecurityResource.SECURITYRESOURCEBASE_USERGROUP_PUT_SUCCEED, userGroup2.name) + this.e);
        } else {
            b.info(operationResource.getMessage((OperationResourceManager) SecurityResource.SECURITYRESOURCEBASE_USERGROUP_ROLES_USERS_PUT_SUCCEED, userGroup2.name) + this.e);
        }
    }

    protected void recordUserChanged(User user, User user2) {
        boolean equals = user2.password.equals(user.password);
        boolean equals2 = Arrays.equals(user.userGroups, user2.userGroups);
        boolean equals3 = Arrays.equals(user.roles, user2.roles);
        if (!equals && equals2 && equals3) {
            b.info(operationResource.getMessage((OperationResourceManager) SecurityResource.SECURITYRESOURCEBASE_USER_PASSWORD_PUT_SUCCEED, user2.name) + this.e);
            return;
        }
        if (equals && !equals2 && equals3) {
            b.info(operationResource.getMessage((OperationResourceManager) SecurityResource.SECURITYRESOURCEBASE_USER_GROUPS_PUT_SUCCEED, user2.name) + this.e);
            return;
        }
        if (equals && equals2 && !equals3) {
            b.info(operationResource.getMessage((OperationResourceManager) SecurityResource.SECURITYRESOURCEBASE_USER_ROLES_PUT_SUCCEED, user2.name) + this.e);
            return;
        }
        if (!equals && !equals2 && equals3) {
            b.info(operationResource.getMessage((OperationResourceManager) SecurityResource.SECURITYRESOURCEBASE_USER_PASSWORD_GROUPS_PUT_SUCCEED, user2.name) + this.e);
            return;
        }
        if (!equals && equals2 && !equals3) {
            b.info(operationResource.getMessage((OperationResourceManager) SecurityResource.SECURITYRESOURCEBASE_USER_PASSWORD_ROLES_PUT_SUCCEED, user2.name) + this.e);
            return;
        }
        if (equals && !equals2 && !equals3) {
            b.info(operationResource.getMessage((OperationResourceManager) SecurityResource.SECURITYRESOURCEBASE_USER_GROUPS_ROLES_PUT_SUCCEED, user2.name) + this.e);
        } else if (equals || equals2 || equals3) {
            b.info(operationResource.getMessage((OperationResourceManager) SecurityResource.SECURITYRESOURCEBASE_USER_PUT_SUCCEED, user2.name) + this.e);
        } else {
            b.info(operationResource.getMessage((OperationResourceManager) SecurityResource.SECURITYRESOURCEBASE_USER_PASSWORD_GROUPS_ROLES_PUT_SUCCEED, user2.name) + this.e);
        }
    }

    protected void recordRolesChanged(Role role, Role role2) {
        boolean equals = Arrays.equals(role.userGroups, role2.userGroups);
        boolean equals2 = Arrays.equals(role.users, role2.users);
        boolean z = false;
        if (role.permissions == null && role2.permissions == null) {
            z = true;
        } else if (role.permissions != null) {
            z = role.permissions.equals(role2.permissions);
        }
        if (!equals && equals2 && z) {
            b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_ROLES_USERGROUPS_PUT_SUCCEED, role2.name) + this.e);
            return;
        }
        if (equals && !equals2 && z) {
            b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_ROLES_USER_PUT_SUCCEED, role2.name) + this.e);
            return;
        }
        if (equals && equals2 && !z) {
            b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_ROLES_PERMISSIONS_PUT_SUCCEED, role2.name) + this.e);
            return;
        }
        if (!equals && !equals2 && z) {
            b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_ROLES_USERS_AND_USERGROUPS_PUT_SUCCEED, role2.name) + this.e);
            return;
        }
        if (!equals && equals2 && !z) {
            b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_ROLES_USERGROUPS_AND_PERMISSIONS_PUT_SUCCEED, role2.name) + this.e);
            return;
        }
        if (equals && !equals2 && !z) {
            b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_ROLES_USERS_AND_PERMISSIONS_PUT_SUCCEED, role2.name) + this.e);
        } else if (equals || equals2 || z) {
            b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_ROLE_PUT_SUCCEED, role2.name) + this.e);
        } else {
            b.info(a.getMessage((ResourceManager) SecurityResource.SECURITYRESOURCEBASE_ROLES_USERS_AND_PERMISSIONS_AND_USERGROUPS_PUT_SUCCEED, role2.name) + this.e);
        }
    }
}
