package fr.ird.observe.services.topia;

import com.google.common.collect.Iterables;
import com.google.common.collect.Sets;
import fr.ird.observe.entities.Entities;
import fr.ird.observe.services.dto.ObserveDbUserDto;
import fr.ird.observe.services.dto.ObserveDbUserHelper;
import fr.ird.observe.services.dto.constants.ObserveDbRole;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuiton.config.ApplicationConfig;
import org.nuiton.topia.persistence.TopiaEntityEnum;
import org.nuiton.topia.persistence.jdbc.JdbcConfiguration;
import org.nuiton.util.StringUtil;

/* loaded from: input_file:WEB-INF/lib/services-topia-5.1.1.jar:fr/ird/observe/services/topia/ObserveSecurityHelper.class */
public class ObserveSecurityHelper {
    protected static final String DROP_TABLE_PATTERN = "DROP TABLE IF EXISTS %s.%s CASCADE;\n";
    protected static final String DROP_SCHEMA_PATTERN = "DROP SCHEMA IF EXISTS %s CASCADE;\n";
    protected static final String REVOKE_ON_TABLE_ALL_PATTERN = "REVOKE ALL ON %s.%s FROM %s CASCADE;\n";
    protected static final String SET_ON_TABLE_OWNER_PATTERN = "ALTER TABLE %s.%s OWNER TO %s;\n";
    protected static final String GRANT_ON_TABLE_READ_PATTERN = "GRANT SELECT ON %s.%s TO %s;\n";
    protected static final String GRANT_ON_TABLE_ALL_PATTERN = "GRANT ALL ON %s.%s TO %s;\n";
    protected static final String GRANT_ON_FUNCTION_PATTERN = "GRANT EXECUTE ON FUNCTION %s TO %s;\n";
    protected static final String REVOKE_ON_SCHEMA_ALL_PATTERN = "REVOKE ALL ON SCHEMA %s FROM %s CASCADE;\n";
    protected static final String REVOKE_ON_FUNCTIONS_PATTERN = "REVOKE EXECUTE ON FUNCTION %s FROM %s CASCADE;\n";
    protected static final String GRANT_ON_SCHEMA_ALL_PATTERN = "GRANT USAGE ON SCHEMA %s TO %s;\n";
    protected final ObserveJdbcHelper jdbcHelper;
    protected final JdbcConfiguration jdbcConfiguration;
    public static final Function<String, String> ESCAPE_STRING = str -> {
        return "\"" + str + "\"";
    };
    protected static final Set<String> EXTRA_TABLES = Sets.newHashSet("tms_version", "tmsVersion");
    protected static final Set<String> FUNCTION_NAMES_PREFIXS = Sets.newHashSet("ST_MakePoint", "ST_SetSRID", "sync_", "tr_sync", "ot_enhanced_school_type", "observe_");
    protected static final String SCHEMA_PUBLIC = "public";
    public static final String OBSERVE_COMMON_SCHEMA_NAME = "observe_common";
    public static final String OBSERVE_SEINE_SCHEMA_NAME = "observe_seine";
    public static final String OBSERVE_LONGLINE_SCHEMA_NAME = "observe_longline";
    protected static final Set<String> SCHEMAS = Sets.newHashSet(SCHEMA_PUBLIC, OBSERVE_COMMON_SCHEMA_NAME, OBSERVE_SEINE_SCHEMA_NAME, OBSERVE_LONGLINE_SCHEMA_NAME);
    private static final Log log = LogFactory.getLog(ObserveSecurityHelper.class);

    public ObserveSecurityHelper(JdbcConfiguration jdbcConfiguration) {
        this.jdbcConfiguration = jdbcConfiguration;
        this.jdbcHelper = new ObserveJdbcHelper(jdbcConfiguration);
    }

    public void applySecurity(Set<ObserveDbUserDto> set, boolean z) {
        if (set == null) {
            throw new NullPointerException("users can not be null");
        }
        String createSecurityScript = createSecurityScript(set);
        if (z && log.isInfoEnabled()) {
            log.info("SQL to execute :\n" + createSecurityScript);
        }
        this.jdbcHelper.loadScript(createSecurityScript);
    }

    protected String createSecurityScript(Set<ObserveDbUserDto> set) {
        List<Pair<String, String>> tables = this.jdbcHelper.getTables(SCHEMAS, EXTRA_TABLES);
        if (tables.isEmpty()) {
            return "";
        }
        String str = (String) Iterables.get(getUserNamesByRole(set, ObserveDbRole.ADMINISTRATOR), 0);
        List<String> userNamesByRole = getUserNamesByRole(set, ObserveDbRole.TECHNICAL);
        List<String> userNamesByRole2 = getUserNamesByRole(set, ObserveDbRole.USER);
        List<String> userNamesByRole3 = getUserNamesByRole(set, ObserveDbRole.REFERENTIAL);
        List<String> userNamesByRole4 = getUserNamesByRole(set, ObserveDbRole.UNUSED);
        if (log.isInfoEnabled()) {
            log.info("Will apply security on " + tables.size() + " table(s).");
            log.info(" - administrateur : " + str);
            log.info(" - techniciens    : " + userNamesByRole);
            log.info(" - utilisateurs   : " + userNamesByRole2);
            log.info(" - referentiels   : " + userNamesByRole3);
        }
        List<Pair<String, String>> referentielTables = getReferentielTables(tables);
        getDataTables(tables, referentielTables);
        Set<String> linkedHashSet = new LinkedHashSet<>();
        Iterator<String> it = FUNCTION_NAMES_PREFIXS.iterator();
        while (it.hasNext()) {
            linkedHashSet.addAll(this.jdbcHelper.getPostgisFunctions(it.next()));
        }
        StringBuilder sb = new StringBuilder();
        String apply = ESCAPE_STRING.apply(str);
        Set<String> escapedNames = escapedNames(userNamesByRole);
        Set<String> escapedNames2 = escapedNames(userNamesByRole2);
        Set<String> escapedNames3 = escapedNames(userNamesByRole3);
        Set<String> escapedNames4 = escapedNames(userNamesByRole4);
        HashSet hashSet = new HashSet();
        hashSet.add(SCHEMA_PUBLIC);
        hashSet.addAll(escapedNames3);
        hashSet.addAll(escapedNames2);
        hashSet.addAll(escapedNames4);
        String join = StringUtil.join(hashSet, ApplicationConfig.LIST_SEPARATOR, true);
        addOnTablesForRole(REVOKE_ON_TABLE_ALL_PATTERN, sb, tables, join);
        addOnSchemaForRole(REVOKE_ON_SCHEMA_ALL_PATTERN, sb, SCHEMAS, join);
        addOnFunctionForRole(REVOKE_ON_FUNCTIONS_PATTERN, sb, linkedHashSet, join);
        addOnTablesForRole(SET_ON_TABLE_OWNER_PATTERN, sb, tables, apply);
        addOnSchemaForRole(GRANT_ON_SCHEMA_ALL_PATTERN, sb, SCHEMAS, apply);
        addOnSchemaForRole(GRANT_ON_FUNCTION_PATTERN, sb, linkedHashSet, apply);
        if (!escapedNames.isEmpty()) {
            String join2 = StringUtil.join(escapedNames, ApplicationConfig.LIST_SEPARATOR, true);
            addOnTablesForRole(GRANT_ON_TABLE_ALL_PATTERN, sb, tables, join2);
            addOnSchemaForRole(GRANT_ON_SCHEMA_ALL_PATTERN, sb, SCHEMAS, join2);
            addOnSchemaForRole(GRANT_ON_FUNCTION_PATTERN, sb, linkedHashSet, join2);
        }
        if (!escapedNames2.isEmpty()) {
            String join3 = StringUtil.join(escapedNames2, ApplicationConfig.LIST_SEPARATOR, true);
            addOnTablesForRole(GRANT_ON_TABLE_READ_PATTERN, sb, tables, join3);
            addOnSchemaForRole(GRANT_ON_SCHEMA_ALL_PATTERN, sb, SCHEMAS, join3);
            addOnSchemaForRole(GRANT_ON_FUNCTION_PATTERN, sb, linkedHashSet, join3);
        }
        if (!escapedNames3.isEmpty()) {
            String join4 = StringUtil.join(escapedNames3, ApplicationConfig.LIST_SEPARATOR, true);
            addOnTablesForRole(GRANT_ON_TABLE_READ_PATTERN, sb, referentielTables, join4);
            addOnSchemaForRole(GRANT_ON_SCHEMA_ALL_PATTERN, sb, SCHEMAS, join4);
            addOnSchemaForRole(GRANT_ON_FUNCTION_PATTERN, sb, linkedHashSet, join4);
        }
        String sb2 = sb.toString();
        if (log.isInfoEnabled()) {
            log.info("Security script :\n" + sb2);
        }
        return sb2;
    }

    protected List<String> getUserNamesByRole(Set<ObserveDbUserDto> set, ObserveDbRole observeDbRole) {
        return (List) set.stream().filter(ObserveDbUserHelper.newRolePredicate(observeDbRole)).map(ObserveDbUserHelper.NAME_FUNCTION).collect(Collectors.toList());
    }

    protected Set<String> escapedNames(List<String> list) {
        return (Set) list.stream().map(ESCAPE_STRING).collect(Collectors.toSet());
    }

    protected List<Pair<String, String>> getReferentielTables(Iterable<Pair<String, String>> iterable) {
        HashSet hashSet = new HashSet();
        hashSet.addAll(Arrays.asList(Entities.REFERENCE_ENTITIES));
        List<Pair<String, String>> tables = getTables(iterable, hashSet, EXTRA_TABLES);
        if (log.isInfoEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("Detected ").append(tables.size()).append(" referentiel tables :");
            Iterator<Pair<String, String>> it = tables.iterator();
            while (it.hasNext()) {
                sb.append("\n - ").append(it.next());
            }
            log.info(sb.toString());
        }
        return tables;
    }

    protected List<Pair<String, String>> getDataTables(Collection<Pair<String, String>> collection, Collection<Pair<String, String>> collection2) {
        ArrayList arrayList = new ArrayList(collection);
        arrayList.removeAll(collection2);
        if (log.isInfoEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("Detected ").append(arrayList.size()).append(" data tables :");
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                sb.append("\n - ").append((Pair) it.next());
            }
            log.info(sb.toString());
        }
        return arrayList;
    }

    protected List<Pair<String, String>> getTables(Iterable<Pair<String, String>> iterable, Set<TopiaEntityEnum> set, Set<String> set2) {
        ArrayList arrayList = new ArrayList();
        for (Pair<String, String> pair : iterable) {
            String right = pair.getRight();
            String str = null;
            Iterator<TopiaEntityEnum> it = set.iterator();
            while (it.hasNext()) {
                String dbTableName = it.next().dbTableName();
                if (right.equalsIgnoreCase(dbTableName) || right.startsWith(dbTableName + "_")) {
                    str = dbTableName;
                    break;
                }
            }
            if (str == null) {
                Iterator<String> it2 = set2.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    String next = it2.next();
                    if (right.equalsIgnoreCase(next)) {
                        str = next;
                        break;
                    }
                }
            }
            if (str != null && !arrayList.contains(pair)) {
                arrayList.add(pair);
            }
        }
        Collections.sort(arrayList);
        return arrayList;
    }

    protected void addOnTablesForRole(String str, StringBuilder sb, Iterable<Pair<String, String>> iterable, String str2) {
        for (Pair<String, String> pair : iterable) {
            sb.append(String.format(str, pair.getLeft(), pair.getRight(), str2));
        }
    }

    protected void addOnSchemaForRole(String str, StringBuilder sb, Set<String> set, String str2) {
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            sb.append(String.format(str, it.next(), str2));
        }
    }

    protected void addOnFunctionForRole(String str, StringBuilder sb, Set<String> set, String str2) {
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            sb.append(String.format(str, it.next(), str2));
        }
    }
}
