package org.mycontroller.standalone.auth;

import java.util.Iterator;
import java.util.Map;
import javax.ws.rs.core.SecurityContext;
import org.eclipse.paho.client.mqttv3.MqttTopic;
import org.mycontroller.standalone.AppProperties;
import org.mycontroller.standalone.api.jaxrs.model.AllowedResources;
import org.mycontroller.standalone.db.DaoUtils;
import org.mycontroller.standalone.db.tables.User;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/mycontroller/standalone/auth/AuthUtils.class */
public class AuthUtils {
    private static final Logger _logger = LoggerFactory.getLogger((Class<?>) AuthUtils.class);

    /* loaded from: input_file:org/mycontroller/standalone/auth/AuthUtils$PERMISSION_TYPE.class */
    public enum PERMISSION_TYPE {
        SUPER_ADMIN("Super admin"),
        USER("User"),
        MQTT_USER("MQTT user");

        private final String name;

        PERMISSION_TYPE(String str) {
            this.name = str;
        }

        public String getText() {
            return this.name;
        }

        public static PERMISSION_TYPE get(int i) {
            for (PERMISSION_TYPE permission_type : values()) {
                if (permission_type.ordinal() == i) {
                    return permission_type;
                }
            }
            throw new IllegalArgumentException(String.valueOf(i));
        }

        public static PERMISSION_TYPE fromString(String str) {
            if (str == null) {
                return null;
            }
            for (PERMISSION_TYPE permission_type : values()) {
                if (str.equalsIgnoreCase(permission_type.getText())) {
                    return permission_type;
                }
            }
            return null;
        }
    }

    public static void updateQueryFilter(Map<String, Object> map, AppProperties.RESOURCE_TYPE resource_type, AllowedResources allowedResources) {
        if (allowedResources != null) {
            map.put(AllowedResources.KEY_ALLOWED_RESOURCES, allowedResources);
            map.put(AllowedResources.KEY_ALLOWED_RESOURCE_TYPE, resource_type);
        }
    }

    public static void updateQueryFilter(SecurityContext securityContext, Map<String, Object> map, AppProperties.RESOURCE_TYPE resource_type) {
        if (isSuperAdmin(securityContext)) {
            return;
        }
        updateQueryFilter(map, resource_type, getUser(securityContext).getAllowedResources());
        map.put(AllowedResources.KEY_ALLOWED_RESOURCE_TYPE, resource_type);
    }

    public static User getUser(SecurityContext securityContext) {
        return (User) securityContext.getUserPrincipal();
    }

    public static boolean isSuperAdmin(SecurityContext securityContext) {
        return isSuperAdmin(getUser(securityContext));
    }

    public static boolean isSuperAdmin(User user) {
        _logger.debug("User:{}", user);
        return user.getPermissions().contains(PERMISSION_TYPE.SUPER_ADMIN.getText());
    }

    public static boolean hasAccess(SecurityContext securityContext, AppProperties.RESOURCE_TYPE resource_type, Integer num) {
        return hasAccess(getUser(securityContext), resource_type, num);
    }

    public static boolean hasAccess(User user, AppProperties.RESOURCE_TYPE resource_type, Integer num) {
        switch (resource_type) {
            case GATEWAY:
                return user.getAllowedResources().getGatewayIds().contains(num);
            case NODE:
                return user.getAllowedResources().getNodeIds().contains(num);
            case SENSOR:
                return user.getAllowedResources().getSensorIds().contains(num);
            case SENSOR_VARIABLE:
                return user.getAllowedResources().getSensorVariableIds().contains(num);
            default:
                return false;
        }
    }

    public static boolean hasPermission(User user, PERMISSION_TYPE permission_type) {
        return user.getPermission().equalsIgnoreCase(permission_type.getText());
    }

    public static boolean canReadMqttPermission(String str, String str2) {
        return checkMqttPermission(str, str2, true);
    }

    public static boolean canWriteMqttPermission(String str, String str2) {
        return checkMqttPermission(str, str2, false);
    }

    public static boolean checkMqttPermission(String str, String str2, boolean z) {
        User byUsername = DaoUtils.getUserDao().getByUsername(str);
        if (!byUsername.getEnabled().booleanValue()) {
            return false;
        }
        if (isSuperAdmin(byUsername)) {
            return true;
        }
        if (!hasPermission(byUsername, PERMISSION_TYPE.MQTT_USER)) {
            return false;
        }
        Iterator<String> it = (z ? byUsername.getAllowedResources().getMqttReadTopics() : byUsername.getAllowedResources().getMqttWriteTopics()).iterator();
        while (it.hasNext()) {
            if (str2.matches(it.next().replaceAll("\\+", "\\\\w+").replaceAll(MqttTopic.MULTI_LEVEL_WILDCARD, "\\.*"))) {
                return true;
            }
        }
        return false;
    }

    public static boolean authenticateMqttUser(String str, String str2) {
        _logger.debug("MQTT authentication: User:{}", str);
        User byUsername = DaoUtils.getUserDao().getByUsername(str);
        if (byUsername == null) {
            _logger.debug("user[{}] not found!", str);
            return false;
        }
        _logger.debug("User Found...User:{}", byUsername);
        if (!byUsername.getEnabled().booleanValue() || !McCrypt.decrypt(byUsername.getPassword()).equals(str2)) {
            _logger.debug("Invalid password for the user: {}", byUsername.getUsername());
            return false;
        }
        byUsername.setPassword(null);
        if (isSuperAdmin(byUsername) || hasPermission(byUsername, PERMISSION_TYPE.MQTT_USER)) {
            return true;
        }
        _logger.warn("User[{}] does not have MQTT access permission!", byUsername.getUsername());
        return false;
    }

    private AuthUtils() {
    }
}
