package org.apache.rocketmq.auth.migration;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.function.Function;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.rocketmq.acl.plain.PlainPermissionManager;
import org.apache.rocketmq.auth.authentication.enums.UserType;
import org.apache.rocketmq.auth.authentication.factory.AuthenticationFactory;
import org.apache.rocketmq.auth.authentication.manager.AuthenticationMetadataManager;
import org.apache.rocketmq.auth.authentication.model.User;
import org.apache.rocketmq.auth.authorization.enums.Decision;
import org.apache.rocketmq.auth.authorization.enums.PolicyType;
import org.apache.rocketmq.auth.authorization.factory.AuthorizationFactory;
import org.apache.rocketmq.auth.authorization.manager.AuthorizationMetadataManager;
import org.apache.rocketmq.auth.authorization.model.Acl;
import org.apache.rocketmq.auth.authorization.model.Policy;
import org.apache.rocketmq.auth.authorization.model.PolicyEntry;
import org.apache.rocketmq.auth.authorization.model.Resource;
import org.apache.rocketmq.auth.config.AuthConfig;
import org.apache.rocketmq.common.PlainAccessConfig;
import org.apache.rocketmq.common.action.Action;
import org.apache.rocketmq.common.resource.ResourcePattern;
import org.apache.rocketmq.common.resource.ResourceType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/rocketmq/auth/migration/AuthMigrator.class */
public class AuthMigrator {
    protected static final Logger LOG = LoggerFactory.getLogger("RocketmqBroker");
    private final AuthConfig authConfig;
    private final PlainPermissionManager plainPermissionManager = new PlainPermissionManager();
    private final AuthenticationMetadataManager authenticationMetadataManager;
    private final AuthorizationMetadataManager authorizationMetadataManager;

    public AuthMigrator(AuthConfig authConfig) {
        this.authConfig = authConfig;
        this.authenticationMetadataManager = AuthenticationFactory.getMetadataManager(authConfig);
        this.authorizationMetadataManager = AuthorizationFactory.getMetadataManager(authConfig);
    }

    public void migrate() {
        if (this.authConfig.isMigrateAuthFromV1Enabled()) {
            List plainAccessConfigs = this.plainPermissionManager.getAllAclConfig().getPlainAccessConfigs();
            if (CollectionUtils.isEmpty(plainAccessConfigs)) {
                return;
            }
            Iterator it = plainAccessConfigs.iterator();
            while (it.hasNext()) {
                doMigrate((PlainAccessConfig) it.next());
            }
        }
    }

    private void doMigrate(PlainAccessConfig plainAccessConfig) {
        isUserExisted(plainAccessConfig.getAccessKey()).thenCompose(bool -> {
            return bool.booleanValue() ? CompletableFuture.completedFuture(null) : createUserAndAcl(plainAccessConfig);
        }).exceptionally((Function<Throwable, ? extends U>) th -> {
            LOG.error("[ACL MIGRATE] An error occurred while migrating ACL configurations for AccessKey:{}.", plainAccessConfig.getAccessKey(), th);
            return null;
        }).join();
    }

    private CompletableFuture<Void> createUserAndAcl(PlainAccessConfig plainAccessConfig) {
        return createUser(plainAccessConfig).thenCompose(r5 -> {
            return createAcl(plainAccessConfig);
        });
    }

    private CompletableFuture<Void> createUser(PlainAccessConfig plainAccessConfig) {
        User user = new User();
        user.setUsername(plainAccessConfig.getAccessKey());
        user.setPassword(plainAccessConfig.getSecretKey());
        if (plainAccessConfig.isAdmin()) {
            user.setUserType(UserType.SUPER);
        } else {
            user.setUserType(UserType.NORMAL);
        }
        return this.authenticationMetadataManager.createUser(user);
    }

    private CompletableFuture<Void> createAcl(PlainAccessConfig plainAccessConfig) {
        User of = User.of(plainAccessConfig.getAccessKey());
        ArrayList arrayList = new ArrayList();
        Policy policy = null;
        if (CollectionUtils.isNotEmpty(plainAccessConfig.getTopicPerms())) {
            Iterator it = plainAccessConfig.getTopicPerms().iterator();
            while (it.hasNext()) {
                String[] split = StringUtils.split((String) it.next(), "=");
                if (split.length == 2) {
                    String trim = StringUtils.trim(split[0]);
                    String trim2 = StringUtils.trim(split[1]);
                    PolicyEntry of2 = PolicyEntry.of(Resource.ofTopic(trim), parseActions(trim2), null, parseDecision(trim2));
                    if (policy == null) {
                        policy = Policy.of(PolicyType.CUSTOM, new ArrayList());
                    }
                    policy.getEntries().add(of2);
                }
            }
        }
        if (CollectionUtils.isNotEmpty(plainAccessConfig.getGroupPerms())) {
            Iterator it2 = plainAccessConfig.getGroupPerms().iterator();
            while (it2.hasNext()) {
                String[] split2 = StringUtils.split((String) it2.next(), "=");
                if (split2.length == 2) {
                    String trim3 = StringUtils.trim(split2[0]);
                    String trim4 = StringUtils.trim(split2[1]);
                    PolicyEntry of3 = PolicyEntry.of(Resource.ofGroup(trim3), parseActions(trim4), null, parseDecision(trim4));
                    if (policy == null) {
                        policy = Policy.of(PolicyType.CUSTOM, new ArrayList());
                    }
                    policy.getEntries().add(of3);
                }
            }
        }
        if (policy != null) {
            arrayList.add(policy);
        }
        Policy policy2 = null;
        if (StringUtils.isNotBlank(plainAccessConfig.getDefaultTopicPerm())) {
            String trim5 = StringUtils.trim(plainAccessConfig.getDefaultTopicPerm());
            PolicyEntry of4 = PolicyEntry.of(Resource.of(ResourceType.TOPIC, null, ResourcePattern.ANY), parseActions(trim5), null, parseDecision(trim5));
            policy2 = Policy.of(PolicyType.DEFAULT, new ArrayList());
            policy2.getEntries().add(of4);
        }
        if (StringUtils.isNotBlank(plainAccessConfig.getDefaultGroupPerm())) {
            String trim6 = StringUtils.trim(plainAccessConfig.getDefaultGroupPerm());
            PolicyEntry of5 = PolicyEntry.of(Resource.of(ResourceType.GROUP, null, ResourcePattern.ANY), parseActions(trim6), null, parseDecision(trim6));
            if (policy2 == null) {
                policy2 = Policy.of(PolicyType.DEFAULT, new ArrayList());
            }
            policy2.getEntries().add(of5);
        }
        if (policy2 != null) {
            arrayList.add(policy2);
        }
        if (CollectionUtils.isEmpty(arrayList)) {
            return CompletableFuture.completedFuture(null);
        }
        return this.authorizationMetadataManager.createAcl(Acl.of(of, arrayList));
    }

    private Decision parseDecision(String str) {
        if (!StringUtils.isBlank(str) && !StringUtils.equals(str, "DENY")) {
            return Decision.ALLOW;
        }
        return Decision.DENY;
    }

    private List<Action> parseActions(String str) {
        ArrayList arrayList = new ArrayList();
        if (StringUtils.isBlank(str)) {
            arrayList.add(Action.ALL);
        }
        String trim = StringUtils.trim(str);
        boolean z = -1;
        switch (trim.hashCode()) {
            case -1148401919:
                if (trim.equals("SUB|PUB")) {
                    z = 3;
                    break;
                }
                break;
            case 79581:
                if (trim.equals("PUB")) {
                    z = false;
                    break;
                }
                break;
            case 82464:
                if (trim.equals("SUB")) {
                    z = true;
                    break;
                }
                break;
            case 2094604:
                if (trim.equals("DENY")) {
                    z = 4;
                    break;
                }
                break;
            case 484057217:
                if (trim.equals("PUB|SUB")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                arrayList.add(Action.PUB);
                break;
            case true:
                arrayList.add(Action.SUB);
                break;
            case true:
            case true:
                arrayList.add(Action.PUB);
                arrayList.add(Action.SUB);
                break;
            case true:
                arrayList.add(Action.ALL);
                break;
            default:
                arrayList.add(Action.ALL);
                break;
        }
        return arrayList;
    }

    private CompletableFuture<Boolean> isUserExisted(String str) {
        return this.authenticationMetadataManager.getUser(str).thenApply((v0) -> {
            return Objects.nonNull(v0);
        });
    }
}
