package org.gcube.informationsystem.resourceregistry.context;

import com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx;
import com.orientechnologies.orient.core.metadata.security.ORestrictedOperation;
import com.orientechnologies.orient.core.metadata.security.ORole;
import com.orientechnologies.orient.core.metadata.security.OSecurity;
import com.orientechnologies.orient.core.metadata.security.OSecurityRole;
import com.orientechnologies.orient.core.metadata.security.OUser;
import com.orientechnologies.orient.core.record.impl.ODocument;
import com.tinkerpop.blueprints.Direction;
import com.tinkerpop.blueprints.Edge;
import com.tinkerpop.blueprints.Vertex;
import com.tinkerpop.blueprints.impls.orient.OrientEdge;
import com.tinkerpop.blueprints.impls.orient.OrientGraph;
import com.tinkerpop.blueprints.impls.orient.OrientVertex;
import java.util.Iterator;
import java.util.UUID;
import org.gcube.informationsystem.resourceregistry.context.SecurityContextMapper;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/org/gcube/informationsystem/resourceregistry/context/SecurityContext.class */
public class SecurityContext {
    private static Logger logger = LoggerFactory.getLogger(SecurityContext.class);
    public static final String DEFAULT_WRITER_ROLE = "writer";
    public static final String DEFAULT_READER_ROLE = "reader";

    public static void addToSecurityContext(OrientGraph orientGraph, Vertex vertex, UUID uuid) {
        addToSecurityContext(orientGraph.getRawGraph().getMetadata().getSecurity(), vertex, uuid);
    }

    public static void addToSecurityContext(OSecurity oSecurity, Vertex vertex, UUID uuid) {
        OrientVertex orientVertex = (OrientVertex) vertex;
        allowSecurityContextRoles(oSecurity, orientVertex.getRecord(), uuid);
        orientVertex.save();
        Iterator<Edge> it = vertex.getEdges(Direction.BOTH, new String[0]).iterator();
        while (it.hasNext()) {
            OrientEdge orientEdge = (OrientEdge) it.next();
            allowSecurityContextRoles(oSecurity, orientEdge.getRecord(), uuid);
            orientEdge.save();
        }
    }

    public static void addToSecurityContext(OrientGraph orientGraph, Edge edge, UUID uuid) {
        addToSecurityContext(orientGraph.getRawGraph().getMetadata().getSecurity(), edge, uuid);
    }

    public static void addToSecurityContext(OSecurity oSecurity, Edge edge, UUID uuid) {
        allowSecurityContextRoles(oSecurity, ((OrientEdge) edge).getRecord(), uuid);
    }

    protected static void allowSecurityContextRoles(OSecurity oSecurity, ODocument oDocument, UUID uuid) {
        oSecurity.allowRole(oDocument, ORestrictedOperation.ALLOW_ALL, SecurityContextMapper.getSecurityRoleOrUserName(SecurityContextMapper.PermissionMode.WRITER, SecurityContextMapper.SecurityType.ROLE, uuid));
        oSecurity.allowRole(oDocument, ORestrictedOperation.ALLOW_READ, SecurityContextMapper.getSecurityRoleOrUserName(SecurityContextMapper.PermissionMode.READER, SecurityContextMapper.SecurityType.ROLE, uuid));
        oDocument.save();
    }

    public static void createSecurityContext(OrientGraph orientGraph, UUID uuid) {
        ODatabaseDocumentTx rawGraph = orientGraph.getRawGraph();
        OSecurity security = rawGraph.getMetadata().getSecurity();
        ORole role = security.getRole(DEFAULT_WRITER_ROLE);
        ORole role2 = security.getRole(DEFAULT_READER_ROLE);
        ORole createRole = security.createRole(SecurityContextMapper.getSecurityRoleOrUserName(SecurityContextMapper.PermissionMode.WRITER, SecurityContextMapper.SecurityType.ROLE, uuid), role, OSecurityRole.ALLOW_MODES.DENY_ALL_BUT);
        createRole.save();
        logger.trace("{} created", createRole);
        ORole createRole2 = security.createRole(SecurityContextMapper.getSecurityRoleOrUserName(SecurityContextMapper.PermissionMode.READER, SecurityContextMapper.SecurityType.ROLE, uuid), role2, OSecurityRole.ALLOW_MODES.DENY_ALL_BUT);
        createRole2.save();
        logger.trace("{} created", createRole2);
        OUser createUser = security.createUser(SecurityContextMapper.getSecurityRoleOrUserName(SecurityContextMapper.PermissionMode.WRITER, SecurityContextMapper.SecurityType.USER, uuid), DatabaseEnvironment.DEFAULT_PASSWORDS.get(SecurityContextMapper.PermissionMode.WRITER), createRole);
        createUser.save();
        logger.trace("{} created", createUser);
        OUser createUser2 = security.createUser(SecurityContextMapper.getSecurityRoleOrUserName(SecurityContextMapper.PermissionMode.READER, SecurityContextMapper.SecurityType.USER, uuid), DatabaseEnvironment.DEFAULT_PASSWORDS.get(SecurityContextMapper.PermissionMode.READER), createRole2);
        createUser2.save();
        logger.trace("{} created", createUser2);
        rawGraph.commit();
        logger.trace("Security Context (roles and users) with UUID {} successfully created", uuid.toString());
    }

    public static void deleteSecurityContext(OrientGraph orientGraph, UUID uuid, boolean z) {
        logger.trace("Going to remove Security Context (roles and users) with UUID {}", uuid.toString());
        ODatabaseDocumentTx rawGraph = orientGraph.getRawGraph();
        OSecurity security = rawGraph.getMetadata().getSecurity();
        String securityRoleOrUserName = SecurityContextMapper.getSecurityRoleOrUserName(SecurityContextMapper.PermissionMode.READER, SecurityContextMapper.SecurityType.USER, uuid);
        if (security.dropUser(securityRoleOrUserName)) {
            logger.trace("{} successfully dropped", securityRoleOrUserName);
        } else {
            logger.error("{} was not dropped successfully", securityRoleOrUserName);
        }
        String securityRoleOrUserName2 = SecurityContextMapper.getSecurityRoleOrUserName(SecurityContextMapper.PermissionMode.WRITER, SecurityContextMapper.SecurityType.USER, uuid);
        if (security.dropUser(securityRoleOrUserName2)) {
            logger.trace("{} successfully dropped", securityRoleOrUserName2);
        } else {
            logger.error("{} was not dropped successfully", securityRoleOrUserName2);
        }
        String securityRoleOrUserName3 = SecurityContextMapper.getSecurityRoleOrUserName(SecurityContextMapper.PermissionMode.READER, SecurityContextMapper.SecurityType.ROLE, uuid);
        if (security.dropRole(securityRoleOrUserName3)) {
            logger.trace("{} successfully dropped", securityRoleOrUserName3);
        } else {
            logger.error("{} was not dropped successfully", securityRoleOrUserName3);
        }
        String securityRoleOrUserName4 = SecurityContextMapper.getSecurityRoleOrUserName(SecurityContextMapper.PermissionMode.WRITER, SecurityContextMapper.SecurityType.ROLE, uuid);
        if (security.dropRole(securityRoleOrUserName4)) {
            logger.trace("{} successfully dropped", securityRoleOrUserName4);
        } else {
            logger.error("{} was not dropped successfully", securityRoleOrUserName4);
        }
        if (z) {
            rawGraph.commit();
        }
        logger.trace("Security Context (roles and users) with UUID {} successfully removed", uuid.toString());
    }
}
