package de.rcenvironment.core.component.management.internal;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import de.rcenvironment.core.authorization.api.AuthorizationPermissionSet;
import de.rcenvironment.core.authorization.api.AuthorizationService;
import de.rcenvironment.core.component.authorization.api.ComponentAuthorizationSelector;
import de.rcenvironment.core.component.authorization.impl.ComponentAuthorizationSelectorImpl;
import de.rcenvironment.core.configuration.ConfigurationService;
import de.rcenvironment.core.utils.common.JsonUtils;
import de.rcenvironment.core.utils.common.exception.OperationFailureException;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.io.FileUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component
/* loaded from: input_file:de/rcenvironment/core/component/management/internal/JsonFileComponentPermissionStorage.class */
public class JsonFileComponentPermissionStorage implements ComponentPermissionStorage {
    private static final String PROFILE_RELATIVE_FILENAME = "configuration/components.json";
    private static final String BACKUP_FILE_1_SUFFIX = ".1.bak";
    private static final String BACKUP_FILE_2_SUFFIX = ".2.bak";
    private static final String AUTHORIZATION_JSON_NODE_PATH = "authorization";
    private AuthorizationService authorizationService;
    private AuthorizationPermissionSet permissionSetPublicAccess;
    private String permissionSetPublicAccessSignature;
    private ConfigurationService configurationService;
    private boolean initialized;
    private File storageFile;
    private File backupFile1;
    private File backupFile2;
    private JsonNode currentJsonData;
    private final Log log = LogFactory.getLog(getClass());
    private final ObjectMapper jsonMapper = JsonUtils.getDefaultObjectMapper();

    @Activate
    protected void activate() {
        this.storageFile = new File(this.configurationService.getProfileDirectory(), PROFILE_RELATIVE_FILENAME);
        try {
            if (!this.storageFile.exists()) {
                FileUtils.writeStringToFile(this.storageFile, "{}");
            }
            if (!this.storageFile.isFile() || !this.storageFile.canWrite()) {
                this.log.error("Failed to initialize component authorization storage " + this.storageFile.getAbsolutePath() + ": the file could not be created or is not writable");
            }
            this.currentJsonData = this.jsonMapper.readTree(this.storageFile);
            this.backupFile1 = new File(this.storageFile.getParentFile(), String.valueOf(this.storageFile.getName()) + BACKUP_FILE_1_SUFFIX);
            this.backupFile2 = new File(this.storageFile.getParentFile(), String.valueOf(this.storageFile.getName()) + BACKUP_FILE_2_SUFFIX);
            this.initialized = true;
        } catch (IOException e) {
            this.log.error("Failed to initialize component authorization storage " + this.storageFile.getAbsolutePath() + ": " + e.toString());
        }
    }

    @Reference
    protected synchronized void bindConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }

    @Reference
    protected synchronized void bindAuthorizationService(AuthorizationService authorizationService) {
        this.authorizationService = authorizationService;
        this.permissionSetPublicAccess = this.authorizationService.getDefaultAuthorizationObjects().permissionSetPublicInLocalNetwork();
        this.permissionSetPublicAccessSignature = this.permissionSetPublicAccess.getSignature();
    }

    @Override // de.rcenvironment.core.component.management.internal.ComponentPermissionStorage
    public synchronized void persistAssignment(ComponentAuthorizationSelector componentAuthorizationSelector, AuthorizationPermissionSet authorizationPermissionSet) throws OperationFailureException {
        if (!this.initialized) {
            this.log.warn("Authorization storage is disabled - the new data for component-group assignment for selector " + componentAuthorizationSelector.getId() + " will not be saved, and previous settings may return after restarting!");
            return;
        }
        if (this.backupFile2.exists() && !this.backupFile2.delete()) {
            throw new OperationFailureException("Failed to delete backup file " + this.backupFile2.getAbsolutePath());
        }
        if (this.backupFile1.exists() && !this.backupFile1.renameTo(this.backupFile2)) {
            throw new OperationFailureException("Failed to move backup file " + this.backupFile1.getAbsolutePath() + " to " + this.backupFile2.getAbsolutePath());
        }
        if (!this.storageFile.renameTo(this.backupFile1)) {
            throw new OperationFailureException("Failed to move " + this.storageFile.getAbsolutePath() + " to backup location " + this.backupFile1.getAbsolutePath());
        }
        ObjectNode authorizationDataJsonNode = getAuthorizationDataJsonNode();
        if (authorizationPermissionSet.isLocalOnly()) {
            authorizationDataJsonNode.remove(componentAuthorizationSelector.getId());
        } else {
            authorizationDataJsonNode.put(componentAuthorizationSelector.getId(), authorizationPermissionSet.getSignature());
        }
        try {
            FileUtils.writeStringToFile(this.storageFile, this.jsonMapper.writerWithDefaultPrettyPrinter().writeValueAsString(this.currentJsonData));
        } catch (IOException e) {
            throw new OperationFailureException("Failed to save updated component-group assignment data: " + e.toString());
        }
    }

    @Override // de.rcenvironment.core.component.management.internal.ComponentPermissionStorage
    public synchronized Map<ComponentAuthorizationSelector, AuthorizationPermissionSet> restorePersistedAssignments() {
        HashMap hashMap = new HashMap();
        if (!this.initialized) {
            this.log.warn("Error loading access group data from secure storage - not initializing component permissions to avoid erronous deletion");
            return hashMap;
        }
        try {
            Iterator fields = getAuthorizationDataJsonNode().fields();
            int i = 0;
            while (fields.hasNext()) {
                Map.Entry entry = (Map.Entry) fields.next();
                restorePersistedAssignment((String) entry.getKey(), ((JsonNode) entry.getValue()).asText(), hashMap);
                i++;
            }
            this.log.debug("Restored " + i + " persisted component-group assignment(s)");
            return hashMap;
        } catch (OperationFailureException e) {
            this.log.warn("Error loading persisted component permissions from secure storage (disabling further write operations to prevent accidental deletion): " + e.toString());
            this.initialized = false;
            return hashMap;
        }
    }

    private void restorePersistedAssignment(String str, String str2, Map<ComponentAuthorizationSelector, AuthorizationPermissionSet> map) {
        AuthorizationPermissionSet buildPermissionSet;
        if (str2 == null || str2.length() == 0) {
            this.log.error("Ignoring invalid (empty) stored permission data for component selector " + str);
            return;
        }
        if (this.permissionSetPublicAccessSignature.equals(str2)) {
            buildPermissionSet = this.permissionSetPublicAccess;
        } else {
            ArrayList arrayList = new ArrayList();
            for (String str3 : str2.split(",")) {
                try {
                    arrayList.add(this.authorizationService.representRemoteGroupId(str3.trim()));
                } catch (OperationFailureException e) {
                    this.log.error("Ignoring invalid stored group id " + str3 + " for component " + str + "; reason: " + e.getMessage());
                }
            }
            buildPermissionSet = this.authorizationService.buildPermissionSet(arrayList);
        }
        if (buildPermissionSet.isLocalOnly()) {
            return;
        }
        map.put(new ComponentAuthorizationSelectorImpl(str), buildPermissionSet);
        this.log.debug("Restored permission set " + buildPermissionSet.getSignature() + " for component selector " + str);
    }

    private ObjectNode getAuthorizationDataJsonNode() throws OperationFailureException {
        ObjectNode objectNode = this.currentJsonData.get(AUTHORIZATION_JSON_NODE_PATH);
        if (objectNode == null || objectNode.isNull()) {
            objectNode = this.jsonMapper.createObjectNode();
            this.currentJsonData.set(AUTHORIZATION_JSON_NODE_PATH, objectNode);
        }
        if (objectNode instanceof ObjectNode) {
            return objectNode;
        }
        throw new OperationFailureException("Unexpected data node type at path: authorization");
    }
}
