package dmg.cells.services.login.user;

import dmg.cells.nucleus.CellAdapter;
import dmg.cells.nucleus.CellMessage;
import dmg.cells.nucleus.CellNucleus;
import dmg.util.Authorizable;
import dmg.util.AuthorizedString;
import dmg.util.CommandPanicException;
import dmg.util.CommandSyntaxException;
import dmg.util.CommandThrowableException;
import java.io.File;
import java.io.Serializable;
import java.util.Enumeration;
import org.dcache.util.Args;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dmg/cells/services/login/user/UserSecurityCell.class */
public class UserSecurityCell extends CellAdapter {
    private static final Logger _log = LoggerFactory.getLogger(UserSecurityCell.class);
    private final String _cellName;
    private final CellNucleus _nucleus;
    private final Args _args;
    private AclDb _aclDb;
    private UserRelationable _userDb;
    private UserMetaDb _userMetaDb;
    public static final String hh_show_all = "<user> exception|null|object|string";
    public static final String hh_check_permission = "<user> <acl>";
    public static final String hh_create_user = "<userName>";
    public static final String hh_create_group = "<groupName>";
    public static final String hh_destroy_principal = "<principalName>";
    public static final String hh_add = "<principalName> to <groupName>";
    public static final String hh_remove = "<principalName> from <groupName>";
    public static final String hh_add_access = "[-allowed|-denied] <acl> <principal>";
    public static final String hh_create_acl = "<aclName>";
    public static final String hh_ls_acl = "<aclName> -resolve";

    public UserSecurityCell(String str, String str2) {
        super(str, str2);
        this._cellName = str;
        this._args = getArgs();
        this._nucleus = getNucleus();
    }

    @Override // dmg.cells.nucleus.CellAdapter
    protected void startUp() {
        if (this._args.argc() < 1) {
            throw new IllegalArgumentException("Usage : ... <dbPath>");
        }
        File file = new File(this._args.argv(0));
        this._aclDb = new AclDb(new File(file, "acls"));
        this._userDb = new InMemoryUserRelation(new FileUserRelation(new File(file, "relations")));
        this._userMetaDb = new UserMetaDb(new File(file, "meta"));
    }

    @Override // dmg.cells.nucleus.CellAdapter
    public void messageArrived(CellMessage cellMessage) {
        Serializable serializable;
        Object messageObject = cellMessage.getMessageObject();
        try {
            _log.info("Message type : " + messageObject.getClass());
            if ((messageObject instanceof Object[]) && ((Object[]) messageObject).length >= 3 && ((Object[]) messageObject)[0].equals("request")) {
                Object[] objArr = (Object[]) messageObject;
                String str = objArr[1] == null ? "unknown" : (String) objArr[1];
                String str2 = (String) objArr[2];
                _log.info(">" + str2 + "< request from " + str);
                try {
                    if (!str2.equals("check-password")) {
                        throw new Exception("Command not found : " + str2);
                    }
                    serializable = acl_check_password(objArr);
                } catch (Exception e) {
                    throw new Exception("Problem : " + e);
                }
            } else {
                if (!(messageObject instanceof AuthorizedString)) {
                    String str3 = "Illegal message object received from : " + cellMessage.getSourcePath();
                    _log.warn(str3);
                    throw new Exception(str3);
                }
                serializable = execAuthorizedString(((Authorizable) messageObject).getAuthorizedPrincipal(), messageObject.toString());
            }
        } catch (Exception e2) {
            serializable = e2;
        }
        if (serializable instanceof Object[]) {
            ((Object[]) serializable)[0] = "response";
        }
        cellMessage.revertDirection();
        cellMessage.setMessageObject(serializable);
        try {
            sendMessage(cellMessage);
        } catch (RuntimeException e3) {
            _log.warn("Can't send acl_response : " + e3, e3);
        }
    }

    private Serializable execAuthorizedString(String str, String str2) throws Exception {
        if (str == null || str.length() == 0) {
            throw new Exception("Not authenticated");
        }
        if (str2.trim().isEmpty()) {
            return "";
        }
        try {
            return command(new Args(str2 + " -auth=" + str));
        } catch (CommandPanicException e) {
            throw ((Exception) e.getTargetException());
        } catch (CommandThrowableException e2) {
            throw ((Exception) e2.getTargetException());
        }
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Object[], java.lang.Object, java.io.Serializable] */
    private Serializable acl_check_password(Object[] objArr) {
        if (objArr.length < 5) {
            throw new IllegalArgumentException("Not enough arguments for 'check-password'");
        }
        ?? r0 = new Object[6];
        System.arraycopy(objArr, 0, r0, 0, 5);
        r0[1] = objArr[3];
        r0[5] = true;
        return r0;
    }

    private void checkPermission(String str, String str2) throws AclPermissionException {
        if (str == null) {
            throw new AclPermissionException("Not authenticated");
        }
        if (!str.equals("admin") && !this._aclDb.check(str2, str, this._userDb)) {
            throw new AclPermissionException("Acl >" + str2 + "< negative for " + str);
        }
    }

    public Object ac_show_all_$_1(Args args) throws Exception {
        if (args.getOpt("auth") == null) {
            throw new Exception("Not authenticated");
        }
        String argv = args.argv(0);
        _log.info("show all : mode=" + argv + ";user=user");
        if (argv.equals("exception")) {
            throw new Exception("hallo otto");
        }
        if (argv.equals("null")) {
            return null;
        }
        return argv.equals("object") ? args : "Done";
    }

    public Object ac_check_permission_$_2(Args args) {
        try {
            checkPermission(args.argv(0), args.argv(1));
            return true;
        } catch (AclPermissionException e) {
            return false;
        }
    }

    public String ac_create_user_$_1(Args args) throws Exception {
        checkPermission(args.getOpt("auth"), "user.*.create");
        this._userMetaDb.createUser(args.argv(0));
        return "";
    }

    public String ac_create_group_$_1(Args args) throws Exception {
        checkPermission(args.getOpt("auth"), "user.*.create");
        String argv = args.argv(0);
        this._userMetaDb.createGroup(argv);
        this._userDb.createContainer(argv);
        this._aclDb.createAclItem("group." + argv + ".access");
        return "";
    }

    public String ac_destroy_principal_$_1(Args args) throws Exception {
        checkPermission(args.getOpt("auth"), "user.*.create");
        String argv = args.argv(0);
        if (this._userDb.getElementsOf(argv).hasMoreElements()) {
            throw new DatabaseException("Not Empty : " + argv);
        }
        if (this._userDb.getParentsOf(argv).hasMoreElements()) {
            throw new DatabaseException("Still in groups : " + argv);
        }
        this._userMetaDb.removePrincipal(argv);
        try {
            this._userDb.removeContainer(argv);
            this._aclDb.removeAclItem("group." + argv + ".access");
            return "";
        } catch (Exception e) {
            _log.warn(args.toString() + " : " + e);
            return "";
        }
    }

    public String ac_add_$_3(Args args) throws Exception {
        if (!args.argv(1).equals("to")) {
            throw new CommandSyntaxException("keyword 'to' missing");
        }
        String argv = args.argv(2);
        String argv2 = args.argv(0);
        checkPermission(args.getOpt("auth"), "group." + argv + ".access");
        this._userDb.addElement(argv, argv2);
        return "";
    }

    public String ac_remove_$_3(Args args) throws Exception {
        if (!args.argv(1).equals("from")) {
            throw new CommandSyntaxException("keyword 'from' missing");
        }
        String argv = args.argv(2);
        String argv2 = args.argv(0);
        checkPermission(args.getOpt("auth"), "group." + argv + ".access");
        this._userDb.removeElement(argv, argv2);
        return "";
    }

    public String ac_add_access_$_2(Args args) throws Exception {
        boolean z = !args.hasOption("denied");
        String argv = args.argv(0);
        String argv2 = args.argv(1);
        checkPermission(args.getOpt("auth"), "acl." + argv + ".access");
        if (z) {
            this._aclDb.addAllowed(argv, argv2);
            return "";
        }
        this._aclDb.addDenied(argv, argv2);
        return "";
    }

    public String ac_create_acl_$_1(Args args) throws Exception {
        checkPermission(args.getOpt("auth"), "super.access");
        this._aclDb.createAclItem(args.argv(0));
        return "";
    }

    public String ac_ls_acl_$_1(Args args) throws Exception {
        if (this._aclDb == null) {
            throw new Exception("AclDb not open");
        }
        AcDictionary permissions = this._aclDb.getPermissions(args.argv(0), args.hasOption("resolve"));
        Enumeration<String> principals = permissions.getPrincipals();
        String inheritance = permissions.getInheritance();
        StringBuilder sb = new StringBuilder();
        if (inheritance == null) {
            sb.append("<resolved>\n");
        } else {
            sb.append("<inherits=").append(inheritance).append(">\n");
        }
        while (principals.hasMoreElements()) {
            String nextElement = principals.nextElement();
            sb.append(nextElement).append(" -> ").append(permissions.getPermission(nextElement)).append("\n");
        }
        return sb.toString();
    }
}
