package org.gcube.informationsystem.resourceregistry.context.security;

import com.orientechnologies.orient.core.db.ODatabasePool;
import com.orientechnologies.orient.core.db.ODatabaseSession;
import com.orientechnologies.orient.core.metadata.security.ORestrictedOperation;
import com.orientechnologies.orient.core.metadata.security.ORole;
import com.orientechnologies.orient.core.metadata.security.OSecurity;
import com.orientechnologies.orient.core.metadata.security.OSecurityRole;
import com.orientechnologies.orient.core.metadata.security.OUser;
import com.orientechnologies.orient.core.record.impl.ODocument;
import com.orientechnologies.orient.core.sql.OCommandExecutorSQLCreateClass;
import com.tinkerpop.blueprints.Element;
import com.tinkerpop.blueprints.impls.orient.OrientElement;
import com.tinkerpop.blueprints.impls.orient.OrientGraph;
import com.tinkerpop.blueprints.impls.orient.OrientGraphFactory;
import com.tinkerpop.blueprints.impls.orient.OrientGraphNoTx;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.Callable;
import java.util.concurrent.Executors;
import org.gcube.informationsystem.model.reference.entities.Context;
import org.gcube.informationsystem.resourceregistry.api.exceptions.ResourceRegistryException;
import org.gcube.informationsystem.resourceregistry.context.ContextUtility;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.gcube.informationsystem.resourceregistry.er.PropertyManagement;
import org.gcube.informationsystem.resourceregistry.utils.Utility;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/org/gcube/informationsystem/resourceregistry/context/security/SecurityContext.class */
public class SecurityContext {
    private static Logger logger = LoggerFactory.getLogger(SecurityContext.class);
    protected static final String DEFAULT_WRITER_ROLE = "writer";
    protected static final String DEFAULT_READER_ROLE = "reader";
    public static final String H = "H";
    protected final boolean hierarchic;
    protected final UUID context;
    protected final Map<Boolean, Map<PermissionMode, OrientGraphFactory>> factoryMap;
    protected final Map<Boolean, Map<PermissionMode, ODatabasePool>> poolMap;
    protected SecurityContext parentSecurityContext;
    protected Set<SecurityContext> children;

    /* loaded from: input_file:WEB-INF/classes/org/gcube/informationsystem/resourceregistry/context/security/SecurityContext$PermissionMode.class */
    public enum PermissionMode {
        READER("Reader"),
        WRITER("Writer");

        private final String name;

        PermissionMode(String str) {
            this.name = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.name;
        }
    }

    /* loaded from: input_file:WEB-INF/classes/org/gcube/informationsystem/resourceregistry/context/security/SecurityContext$SecurityType.class */
    public enum SecurityType {
        ROLE("Role"),
        USER("User");

        private final String name;

        SecurityType(String str) {
            this.name = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.name;
        }
    }

    protected boolean isHierarchicMode() {
        return this.hierarchic && ContextUtility.getHierarchicMode().get().booleanValue();
    }

    public void setParentSecurityContext(SecurityContext securityContext) {
        if (this.parentSecurityContext != null) {
            this.parentSecurityContext.getChildren().remove(this);
        }
        this.parentSecurityContext = securityContext;
        if (securityContext != null) {
            this.parentSecurityContext.addChild(this);
        }
    }

    public SecurityContext getParentSecurityContext() {
        return this.parentSecurityContext;
    }

    private void addChild(SecurityContext securityContext) {
        this.children.add(securityContext);
    }

    public Set<SecurityContext> getChildren() {
        return this.children;
    }

    protected OrientGraph getAdminOrientGraph() throws ResourceRegistryException {
        return ContextUtility.getAdminSecurityContext().getGraph(PermissionMode.WRITER);
    }

    protected ODatabaseSession getAdminDatabaseSession() throws ResourceRegistryException {
        return ContextUtility.getAdminSecurityContext().getDatabaseSession(PermissionMode.WRITER);
    }

    private Set<SecurityContext> getAllChildren() {
        HashSet hashSet = new HashSet();
        hashSet.add(this);
        Iterator<SecurityContext> it = getChildren().iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().getAllChildren());
        }
        return hashSet;
    }

    private Set<SecurityContext> getAllParents() {
        HashSet hashSet = new HashSet();
        SecurityContext parentSecurityContext = getParentSecurityContext();
        while (true) {
            SecurityContext securityContext = parentSecurityContext;
            if (securityContext == null) {
                return hashSet;
            }
            hashSet.add(securityContext);
            parentSecurityContext = securityContext.getParentSecurityContext();
        }
    }

    public void changeParentSecurityContext(SecurityContext securityContext, OrientGraph orientGraph) throws ResourceRegistryException {
        if (!this.hierarchic) {
            String str = "Cannot change parent " + SecurityContext.class.getSimpleName() + " to non hierarchic " + SecurityContext.class.getSimpleName() + ". " + Utility.SHOULD_NOT_OCCUR_ERROR_MESSAGE;
            logger.error(str);
            throw new RuntimeException(str);
        }
        OSecurity oSecurity = getOSecurity(orientGraph);
        Set<SecurityContext> allChildren = getAllChildren();
        Set<SecurityContext> allParents = getAllParents();
        Set<SecurityContext> hashSet = new HashSet();
        if (securityContext != null) {
            hashSet = securityContext.getAllParents();
        }
        allParents.removeAll(hashSet);
        removeChildrenHRolesFromParents(oSecurity, allParents, allChildren);
        setParentSecurityContext(securityContext);
        if (securityContext != null) {
            for (PermissionMode permissionMode : PermissionMode.values()) {
                ArrayList arrayList = new ArrayList();
                Iterator<SecurityContext> it = allChildren.iterator();
                while (it.hasNext()) {
                    arrayList.add(oSecurity.getRole(it.next().getSecurityRoleOrUserName(permissionMode, SecurityType.ROLE, true)));
                }
                securityContext.addHierarchicRoleToParent(oSecurity, permissionMode, (ORole[]) arrayList.toArray(new ORole[allChildren.size()]));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityContext(UUID uuid, boolean z) throws ResourceRegistryException {
        this.context = uuid;
        this.factoryMap = new HashMap();
        this.poolMap = new HashMap();
        this.hierarchic = z;
        this.children = new HashSet();
    }

    public SecurityContext(UUID uuid) throws ResourceRegistryException {
        this(uuid, true);
    }

    private synchronized ODatabasePool getPool(PermissionMode permissionMode, boolean z) {
        ODatabasePool oDatabasePool;
        Boolean valueOf = Boolean.valueOf(isHierarchicMode());
        Map<PermissionMode, ODatabasePool> map = this.poolMap.get(valueOf);
        if (map == null) {
            map = new HashMap();
            this.poolMap.put(valueOf, map);
        } else if (z && (oDatabasePool = map.get(permissionMode)) != null) {
            oDatabasePool.close();
            map.remove(permissionMode);
        }
        ODatabasePool oDatabasePool2 = map.get(permissionMode);
        if (oDatabasePool2 == null) {
            oDatabasePool2 = new ODatabasePool(DatabaseEnvironment.DB_URI, getSecurityRoleOrUserName(permissionMode, SecurityType.USER, valueOf.booleanValue()), DatabaseEnvironment.DEFAULT_PASSWORDS.get(permissionMode));
            map.put(permissionMode, oDatabasePool2);
        }
        return oDatabasePool2;
    }

    private synchronized OrientGraphFactory getFactory(PermissionMode permissionMode, boolean z) {
        OrientGraphFactory orientGraphFactory;
        Boolean valueOf = Boolean.valueOf(isHierarchicMode());
        Map<PermissionMode, OrientGraphFactory> map = this.factoryMap.get(valueOf);
        if (map == null) {
            map = new HashMap();
            this.factoryMap.put(valueOf, map);
        } else if (z && (orientGraphFactory = map.get(permissionMode)) != null) {
            orientGraphFactory.close();
            map.remove(permissionMode);
        }
        OrientGraphFactory orientGraphFactory2 = map.get(permissionMode);
        if (orientGraphFactory2 == null) {
            orientGraphFactory2 = new OrientGraphFactory(DatabaseEnvironment.DB_URI, getSecurityRoleOrUserName(permissionMode, SecurityType.USER, valueOf.booleanValue()), DatabaseEnvironment.DEFAULT_PASSWORDS.get(permissionMode)).setupPool(1, 10);
            orientGraphFactory2.setConnectionStrategy(DatabaseEnvironment.CONNECTION_STRATEGY_PARAMETER.toString());
            map.put(permissionMode, orientGraphFactory2);
        }
        return orientGraphFactory2;
    }

    public UUID getUUID() {
        return this.context;
    }

    public String getSecurityRoleOrUserName(PermissionMode permissionMode, SecurityType securityType, boolean z) {
        StringBuilder sb = new StringBuilder();
        if (z) {
            sb.append(H);
        }
        sb.append(permissionMode);
        sb.append(securityType);
        sb.append(PropertyManagement.UNDERSCORE);
        sb.append(this.context.toString());
        return sb.toString();
    }

    @Deprecated
    private OSecurity getOSecurity(OrientGraph orientGraph) {
        return orientGraph.getRawGraph().getMetadata().getSecurity();
    }

    private OSecurity getOSecurity(ODatabaseSession oDatabaseSession) {
        return oDatabaseSession.getMetadata().getSecurity();
    }

    public void addElement(Element element) throws ResourceRegistryException {
        addElement(element, getAdminOrientGraph());
    }

    protected void allow(OSecurity oSecurity, ODocument oDocument, boolean z) {
        oSecurity.allowRole(oDocument, ORestrictedOperation.ALLOW_ALL, getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.ROLE, z));
        oSecurity.allowRole(oDocument, ORestrictedOperation.ALLOW_READ, getSecurityRoleOrUserName(PermissionMode.READER, SecurityType.ROLE, z));
    }

    public void addElement(Element element, OrientGraph orientGraph) {
        OrientElement orientElement = (OrientElement) element;
        ODocument record = orientElement.getRecord();
        OSecurity oSecurity = getOSecurity(orientGraph);
        allow(oSecurity, record, false);
        if (this.hierarchic) {
            allow(oSecurity, record, true);
        }
        record.save();
        orientElement.save();
    }

    public void removeElement(Element element) throws ResourceRegistryException {
        removeElement(element, getAdminOrientGraph());
    }

    protected void deny(OSecurity oSecurity, ODocument oDocument, boolean z) {
        oSecurity.denyUser(oDocument, ORestrictedOperation.ALLOW_ALL, getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER, z));
        oSecurity.denyUser(oDocument, ORestrictedOperation.ALLOW_READ, getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER, z));
        oSecurity.denyRole(oDocument, ORestrictedOperation.ALLOW_ALL, getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.ROLE, z));
        oSecurity.denyRole(oDocument, ORestrictedOperation.ALLOW_READ, getSecurityRoleOrUserName(PermissionMode.READER, SecurityType.ROLE, z));
    }

    public void removeElement(Element element, OrientGraph orientGraph) {
        OrientElement orientElement = (OrientElement) element;
        ODocument record = orientElement.getRecord();
        OSecurity oSecurity = getOSecurity(orientGraph);
        deny(oSecurity, record, false);
        if (this.hierarchic) {
            deny(oSecurity, record, true);
        }
        record.save();
        orientElement.save();
    }

    protected boolean allowed(ORole oRole, final ODocument oDocument) {
        try {
            return ((Boolean) Executors.newSingleThreadExecutor().submit(new Callable<Boolean>() { // from class: org.gcube.informationsystem.resourceregistry.context.security.SecurityContext.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Boolean call() throws Exception {
                    ContextUtility.getHierarchicMode().set(false);
                    ODatabaseSession databaseSession = SecurityContext.this.getDatabaseSession(PermissionMode.READER);
                    try {
                        try {
                            if (((OrientElement) databaseSession.getRecord(oDocument.getIdentity())) == null) {
                                databaseSession.close();
                                return false;
                            }
                            databaseSession.close();
                            return true;
                        } catch (Exception e) {
                            databaseSession.close();
                            return false;
                        }
                    } catch (Throwable th) {
                        databaseSession.close();
                        throw th;
                    }
                }
            }).get()).booleanValue();
        } catch (Exception e) {
            return false;
        }
    }

    public void create() throws ResourceRegistryException {
        ODatabaseSession adminDatabaseSession = getAdminDatabaseSession();
        create(adminDatabaseSession);
        adminDatabaseSession.commit();
        adminDatabaseSession.close();
    }

    protected ORole addExtraRules(ORole oRole, PermissionMode permissionMode) {
        return oRole;
    }

    protected ORole getSuperRole(OSecurity oSecurity, PermissionMode permissionMode) {
        return oSecurity.getRole(permissionMode.name().toLowerCase());
    }

    protected void addHierarchicRoleToParent(OSecurity oSecurity, PermissionMode permissionMode, ORole... oRoleArr) {
        OUser user = oSecurity.getUser(getSecurityRoleOrUserName(permissionMode, SecurityType.USER, true));
        for (ORole oRole : oRoleArr) {
            user.addRole((OSecurityRole) oRole);
        }
        user.save();
        if (getParentSecurityContext() != null) {
            getParentSecurityContext().addHierarchicRoleToParent(oSecurity, permissionMode, oRoleArr);
        }
    }

    protected void createRolesAndUsers(OSecurity oSecurity) {
        for (boolean z : this.hierarchic ? new boolean[]{false, true} : new boolean[]{false}) {
            for (PermissionMode permissionMode : PermissionMode.values()) {
                ORole createRole = oSecurity.createRole(getSecurityRoleOrUserName(permissionMode, SecurityType.ROLE, z), getSuperRole(oSecurity, permissionMode), OSecurityRole.ALLOW_MODES.DENY_ALL_BUT);
                addExtraRules(createRole, permissionMode);
                createRole.save();
                logger.trace("{} created", createRole);
                if (z && getParentSecurityContext() != null) {
                    getParentSecurityContext().addHierarchicRoleToParent(oSecurity, permissionMode, createRole);
                }
                OUser createUser = oSecurity.createUser(getSecurityRoleOrUserName(permissionMode, SecurityType.USER, z), DatabaseEnvironment.DEFAULT_PASSWORDS.get(permissionMode), createRole);
                createUser.save();
                logger.trace("{} created", createUser);
            }
        }
    }

    public void create(ODatabaseSession oDatabaseSession) {
        createRolesAndUsers(getOSecurity(oDatabaseSession));
        logger.trace("Security Context (roles and users) with UUID {} successfully created", this.context.toString());
    }

    public void create(OrientGraph orientGraph) {
        createRolesAndUsers(getOSecurity(orientGraph));
        logger.trace("Security Context (roles and users) with UUID {} successfully created", this.context.toString());
    }

    private void drop(OSecurity oSecurity, String str, SecurityType securityType) {
        boolean z = false;
        switch (securityType) {
            case ROLE:
                z = oSecurity.dropRole(str);
                break;
            case USER:
                z = oSecurity.dropUser(str);
                break;
        }
        if (z) {
            logger.trace("{} successfully dropped", str);
        } else {
            logger.error("{} was not dropped successfully", str);
        }
    }

    public void delete() throws ResourceRegistryException {
        ODatabaseSession adminDatabaseSession = getAdminDatabaseSession();
        create(adminDatabaseSession);
        adminDatabaseSession.commit();
        adminDatabaseSession.close();
    }

    protected void removeChildrenHRolesFromParents(OSecurity oSecurity) {
        removeChildrenHRolesFromParents(oSecurity, getAllParents(), getAllChildren());
    }

    protected void removeChildrenHRolesFromParents(OSecurity oSecurity, Set<SecurityContext> set, Set<SecurityContext> set2) {
        Iterator<SecurityContext> it = set.iterator();
        while (it.hasNext()) {
            it.next().removeChildrenHRolesFromMyHUsers(oSecurity, set2);
        }
    }

    protected void removeChildrenHRolesFromMyHUsers(OSecurity oSecurity, Set<SecurityContext> set) {
        for (PermissionMode permissionMode : PermissionMode.values()) {
            String securityRoleOrUserName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, true);
            OUser user = oSecurity.getUser(securityRoleOrUserName);
            Iterator<SecurityContext> it = set.iterator();
            while (it.hasNext()) {
                String securityRoleOrUserName2 = it.next().getSecurityRoleOrUserName(permissionMode, SecurityType.ROLE, true);
                logger.debug("Going to remove {} from {}", securityRoleOrUserName2, securityRoleOrUserName);
                boolean removeRole = user.removeRole(securityRoleOrUserName2);
                Logger logger2 = logger;
                Object[] objArr = new Object[3];
                objArr[0] = securityRoleOrUserName2;
                objArr[1] = removeRole ? "successfully" : OCommandExecutorSQLCreateClass.KEYWORD_NOT;
                objArr[2] = securityRoleOrUserName;
                logger2.trace("{} {} removed from {}", objArr);
            }
            user.save();
        }
    }

    protected void removeHierarchicRoleFromMyHUser(OSecurity oSecurity, PermissionMode permissionMode, String str) {
        String securityRoleOrUserName = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, true);
        OUser user = oSecurity.getUser(securityRoleOrUserName);
        logger.debug("Going to remove {} from {}", str, securityRoleOrUserName);
        boolean removeRole = user.removeRole(str);
        Logger logger2 = logger;
        Object[] objArr = new Object[3];
        objArr[0] = str;
        objArr[1] = removeRole ? "successfully" : OCommandExecutorSQLCreateClass.KEYWORD_NOT;
        objArr[2] = securityRoleOrUserName;
        logger2.trace("{} {} removed from {}", objArr);
        user.save();
    }

    protected void deleteRolesAndUsers(OSecurity oSecurity) {
        for (boolean z : this.hierarchic ? new boolean[]{false, true} : new boolean[]{false}) {
            if (z) {
                removeChildrenHRolesFromParents(oSecurity);
            }
            for (PermissionMode permissionMode : PermissionMode.values()) {
                for (SecurityType securityType : SecurityType.values()) {
                    drop(oSecurity, getSecurityRoleOrUserName(permissionMode, securityType, z), securityType);
                }
            }
        }
    }

    public void delete(OrientGraph orientGraph) {
        delete(getOSecurity(orientGraph));
    }

    public void delete(ODatabaseSession oDatabaseSession) {
        delete(getOSecurity(oDatabaseSession));
    }

    private void delete(OSecurity oSecurity) {
        logger.trace("Going to remove Security Context (roles and users) with UUID {}", this.context.toString());
        deleteRolesAndUsers(oSecurity);
        logger.trace("Security Context (roles and users) with UUID {} successfully removed", this.context.toString());
    }

    public OrientGraph getGraph(PermissionMode permissionMode) throws ResourceRegistryException {
        OrientGraph tx;
        try {
            try {
                tx = getFactory(permissionMode, false).getTx();
            } catch (Exception e) {
                tx = getFactory(permissionMode, true).getTx();
            }
            if (tx.isClosed()) {
                throw new Exception();
            }
            return tx;
        } catch (Exception e2) {
            throw new ResourceRegistryException(e2);
        }
    }

    public OrientGraphNoTx getGraphNoTx(PermissionMode permissionMode) throws ResourceRegistryException {
        OrientGraphNoTx noTx;
        try {
            try {
                noTx = getFactory(permissionMode, false).getNoTx();
            } catch (Exception e) {
                noTx = getFactory(permissionMode, true).getNoTx();
            }
            if (noTx.isClosed()) {
                throw new Exception();
            }
            return noTx;
        } catch (Exception e2) {
            throw new ResourceRegistryException(e2);
        }
    }

    public ODatabaseSession getDatabaseSession(PermissionMode permissionMode) throws ResourceRegistryException {
        ODatabaseSession acquire;
        try {
            try {
                acquire = getPool(permissionMode, false).acquire();
            } catch (Exception e) {
                acquire = getPool(permissionMode, true).acquire();
            }
            if (acquire.isClosed()) {
                throw new Exception();
            }
            return acquire;
        } catch (Exception e2) {
            throw new ResourceRegistryException(e2);
        }
    }

    public String toString() {
        return String.format("%s %s", Context.NAME, getUUID().toString());
    }
}
