package org.gcube.informationsystem.resourceregistry.environments;

import com.orientechnologies.orient.core.db.ODatabasePool;
import com.orientechnologies.orient.core.db.document.ODatabaseDocument;
import com.orientechnologies.orient.core.db.record.OIdentifiable;
import com.orientechnologies.orient.core.db.record.ORecordLazySet;
import com.orientechnologies.orient.core.metadata.security.ORestrictedOperation;
import com.orientechnologies.orient.core.metadata.security.ORole;
import com.orientechnologies.orient.core.metadata.security.OSecurity;
import com.orientechnologies.orient.core.metadata.security.OSecurityRole;
import com.orientechnologies.orient.core.metadata.security.OUser;
import com.orientechnologies.orient.core.record.OElement;
import com.orientechnologies.orient.core.record.impl.ODocument;
import com.orientechnologies.orient.core.sql.OCommandExecutorSQLCreateClass;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.apache.commons.lang.StringUtils;
import org.gcube.informationsystem.resourceregistry.api.exceptions.ResourceRegistryException;
import org.gcube.informationsystem.resourceregistry.base.ElementManagement;
import org.gcube.informationsystem.resourceregistry.contexts.ContextUtility;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.gcube.informationsystem.resourceregistry.environments.Environment;
import org.gcube.informationsystem.resourceregistry.rest.requests.RequestUtility;
import org.gcube.informationsystem.resourceregistry.rest.requests.ServerRequestInfo;
import org.gcube.informationsystem.utils.UUIDManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/org/gcube/informationsystem/resourceregistry/environments/HierarchicalEnvironment.class */
public abstract class HierarchicalEnvironment extends Environment {
    private static Logger logger = LoggerFactory.getLogger(HierarchicalEnvironment.class);
    public static final String H = "H";
    protected final boolean hierarchicalMode;
    protected final Map<Environment.PermissionMode, ODatabasePool> hierarchicPoolMap;
    protected HierarchicalEnvironment parentEnvironment;
    protected Set<HierarchicalEnvironment> children;

    public HierarchicalEnvironment(UUID uuid) throws ResourceRegistryException {
        super(uuid);
        this.hierarchicPoolMap = new HashMap();
        boolean isHierarchicalMode = RequestUtility.getRequestInfo().get().isHierarchicalMode();
        logger.trace("HierarchicalMode {}requested", isHierarchicalMode ? StringUtils.EMPTY : "not ");
        boolean isUserAllowed = isUserAllowed(Environment.getAllOperationsAllowedRoles());
        logger.trace("{} is {}allowed to request the HierarchicalMode", ContextUtility.getCurrentUserUsername(), isUserAllowed ? StringUtils.EMPTY : "not ");
        if (isHierarchicalMode && !isUserAllowed) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("The user ");
            stringBuffer.append(ContextUtility.getCurrentUserUsername());
            stringBuffer.append(" requested hierarchical mode but he/she does not have one of the following roles ");
            stringBuffer.append(allOperationAllowedRoles.toString());
            stringBuffer.append(". Instead of complaining, the request will be elaborated not in hierarchical mode.");
            logger.warn(stringBuffer.toString());
        }
        this.hierarchicalMode = isUserAllowed && isHierarchicalMode;
        this.children = new HashSet();
    }

    protected boolean isHierarchicalMode() {
        return this.hierarchicalMode;
    }

    public void setParentEnvironment(HierarchicalEnvironment hierarchicalEnvironment) {
        if (this.parentEnvironment != null) {
            this.parentEnvironment.getChildren().remove(this);
        }
        this.parentEnvironment = hierarchicalEnvironment;
        if (hierarchicalEnvironment != null) {
            this.parentEnvironment.addChild(this);
        }
    }

    public HierarchicalEnvironment getParentEnvironment() {
        return this.parentEnvironment;
    }

    private void addChild(HierarchicalEnvironment hierarchicalEnvironment) {
        this.children.add(hierarchicalEnvironment);
    }

    public Set<HierarchicalEnvironment> getChildren() {
        return this.children;
    }

    private Set<HierarchicalEnvironment> getAllChildren() {
        HashSet hashSet = new HashSet();
        hashSet.add(this);
        Iterator<HierarchicalEnvironment> it = getChildren().iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().getAllChildren());
        }
        return hashSet;
    }

    private Set<HierarchicalEnvironment> getAllParents() {
        HashSet hashSet = new HashSet();
        HierarchicalEnvironment parentEnvironment = getParentEnvironment();
        while (true) {
            HierarchicalEnvironment hierarchicalEnvironment = parentEnvironment;
            if (hierarchicalEnvironment == null) {
                return hashSet;
            }
            hashSet.add(hierarchicalEnvironment);
            parentEnvironment = hierarchicalEnvironment.getParentEnvironment();
        }
    }

    public void changeParentEnvironment(HierarchicalEnvironment hierarchicalEnvironment, ODatabaseDocument oDatabaseDocument) throws ResourceRegistryException {
        OSecurity oSecurity = getOSecurity(oDatabaseDocument);
        Set<HierarchicalEnvironment> allChildren = getAllChildren();
        Set<HierarchicalEnvironment> allParents = getAllParents();
        Set<HierarchicalEnvironment> hashSet = new HashSet();
        if (hierarchicalEnvironment != null) {
            hashSet = hierarchicalEnvironment.getAllParents();
        }
        allParents.removeAll(hashSet);
        removeChildrenHRolesFromParents(oSecurity, allParents, allChildren);
        setParentEnvironment(hierarchicalEnvironment);
        if (hierarchicalEnvironment != null) {
            for (Environment.PermissionMode permissionMode : Environment.PermissionMode.values()) {
                ArrayList arrayList = new ArrayList();
                Iterator<HierarchicalEnvironment> it = allChildren.iterator();
                while (it.hasNext()) {
                    arrayList.add(oSecurity.getRole(it.next().getSecurityRoleOrUserName(permissionMode, Environment.SecurityType.ROLE, true)));
                }
                hierarchicalEnvironment.addHierarchicalRoleToParent(oSecurity, permissionMode, (ORole[]) arrayList.toArray(new ORole[allChildren.size()]));
            }
        }
    }

    @Override // org.gcube.informationsystem.resourceregistry.environments.Environment
    protected synchronized ODatabasePool getPool(Environment.PermissionMode permissionMode, boolean z) {
        ODatabasePool oDatabasePool;
        Boolean valueOf = Boolean.valueOf(this.hierarchicalMode || RequestUtility.getRequestInfo().get().isHierarchicalMode());
        Map<Environment.PermissionMode, ODatabasePool> map = valueOf.booleanValue() ? this.hierarchicPoolMap : this.poolMap;
        if (z && (oDatabasePool = map.get(permissionMode)) != null) {
            oDatabasePool.close();
            map.remove(permissionMode);
        }
        ODatabasePool oDatabasePool2 = map.get(permissionMode);
        if (oDatabasePool2 == null) {
            oDatabasePool2 = new ODatabasePool(DatabaseEnvironment.DB_URI, getSecurityRoleOrUserName(permissionMode, Environment.SecurityType.USER, valueOf.booleanValue()), DatabaseEnvironment.DEFAULT_PASSWORDS.get(permissionMode));
            map.put(permissionMode, oDatabasePool2);
        }
        return oDatabasePool2;
    }

    public static String getRoleOrUserName(Environment.PermissionMode permissionMode, Environment.SecurityType securityType) {
        return getRoleOrUserName(permissionMode, securityType, false);
    }

    public static String getRoleOrUserName(Environment.PermissionMode permissionMode, Environment.SecurityType securityType, boolean z) {
        StringBuilder sb = new StringBuilder();
        if (z) {
            sb.append(H);
        }
        sb.append(permissionMode);
        sb.append(securityType);
        return sb.toString();
    }

    public String getSecurityRoleOrUserName(Environment.PermissionMode permissionMode, Environment.SecurityType securityType, boolean z) {
        return getRoleOrUserName(permissionMode, securityType, z) + ElementManagement.UNDERSCORE + this.environmentUUID.toString();
    }

    private OSecurity getOSecurity(ODatabaseDocument oDatabaseDocument) {
        return oDatabaseDocument.getMetadata().getSecurity();
    }

    public static Set<String> getContexts(OElement oElement) {
        HashSet hashSet = new HashSet();
        Iterator<OIdentifiable> it = ((ORecordLazySet) oElement.getProperty(OSecurity.ALLOW_ALL_FIELD)).iterator();
        while (it.hasNext()) {
            String str = (String) ((ODocument) it.next()).getProperty("name");
            if (str.startsWith(getRoleOrUserName(Environment.PermissionMode.WRITER, Environment.SecurityType.ROLE)) || str.startsWith(getRoleOrUserName(Environment.PermissionMode.READER, Environment.SecurityType.ROLE))) {
                String[] split = str.split(ElementManagement.UNDERSCORE);
                if (split.length == 2) {
                    String str2 = split[1];
                    if (!UUIDManager.getInstance().isReservedUUID(str2)) {
                        hashSet.add(str2);
                    }
                }
            }
        }
        return hashSet;
    }

    protected void allow(OSecurity oSecurity, ODocument oDocument, boolean z) {
        oSecurity.allowRole(oDocument, ORestrictedOperation.ALLOW_ALL, getSecurityRoleOrUserName(Environment.PermissionMode.WRITER, Environment.SecurityType.ROLE, z));
        oSecurity.allowRole(oDocument, ORestrictedOperation.ALLOW_READ, getSecurityRoleOrUserName(Environment.PermissionMode.READER, Environment.SecurityType.ROLE, z));
    }

    @Override // org.gcube.informationsystem.resourceregistry.environments.Environment
    public void addElement(OElement oElement, ODatabaseDocument oDatabaseDocument) {
        ODocument oDocument = (ODocument) oElement.getRecord();
        OSecurity oSecurity = getOSecurity(oDatabaseDocument);
        allow(oSecurity, oDocument, false);
        allow(oSecurity, oDocument, true);
        oDocument.save();
        oElement.save();
    }

    protected void deny(OSecurity oSecurity, ODocument oDocument, boolean z) {
        oSecurity.denyUser(oDocument, ORestrictedOperation.ALLOW_ALL, getSecurityRoleOrUserName(Environment.PermissionMode.WRITER, Environment.SecurityType.USER, z));
        oSecurity.denyUser(oDocument, ORestrictedOperation.ALLOW_READ, getSecurityRoleOrUserName(Environment.PermissionMode.WRITER, Environment.SecurityType.USER, z));
        oSecurity.denyRole(oDocument, ORestrictedOperation.ALLOW_ALL, getSecurityRoleOrUserName(Environment.PermissionMode.WRITER, Environment.SecurityType.ROLE, z));
        oSecurity.denyRole(oDocument, ORestrictedOperation.ALLOW_READ, getSecurityRoleOrUserName(Environment.PermissionMode.READER, Environment.SecurityType.ROLE, z));
    }

    @Override // org.gcube.informationsystem.resourceregistry.environments.Environment
    public void removeElement(OElement oElement, ODatabaseDocument oDatabaseDocument) {
        ODocument oDocument = (ODocument) oElement.getRecord();
        OSecurity oSecurity = getOSecurity(oDatabaseDocument);
        deny(oSecurity, oDocument, false);
        deny(oSecurity, oDocument, true);
        oDocument.save();
        oElement.save();
    }

    @Override // org.gcube.informationsystem.resourceregistry.environments.Environment
    protected boolean allowed(ORole oRole, ODocument oDocument) {
        ServerRequestInfo serverRequestInfo = RequestUtility.getRequestInfo().get();
        Boolean valueOf = Boolean.valueOf(serverRequestInfo.isHierarchicalMode());
        serverRequestInfo.setHierarchicalMode(false);
        try {
            boolean allowed = super.allowed(oRole, oDocument);
            serverRequestInfo.setHierarchicalMode(valueOf.booleanValue());
            return allowed;
        } catch (Throwable th) {
            serverRequestInfo.setHierarchicalMode(valueOf.booleanValue());
            throw th;
        }
    }

    protected void addHierarchicalRoleToParent(OSecurity oSecurity, Environment.PermissionMode permissionMode, ORole... oRoleArr) {
        OUser user = oSecurity.getUser(getSecurityRoleOrUserName(permissionMode, Environment.SecurityType.USER, true));
        for (ORole oRole : oRoleArr) {
            user.addRole((OSecurityRole) oRole);
        }
        user.save();
        if (getParentEnvironment() != null) {
            getParentEnvironment().addHierarchicalRoleToParent(oSecurity, permissionMode, oRoleArr);
        }
    }

    @Override // org.gcube.informationsystem.resourceregistry.environments.Environment
    protected void createRolesAndUsers(OSecurity oSecurity) {
        for (boolean z : new boolean[]{false, true}) {
            for (Environment.PermissionMode permissionMode : Environment.PermissionMode.values()) {
                ORole createRole = oSecurity.createRole(getSecurityRoleOrUserName(permissionMode, Environment.SecurityType.ROLE, z), getSuperRole(oSecurity, permissionMode), OSecurityRole.ALLOW_MODES.DENY_ALL_BUT);
                addExtraRules(createRole, permissionMode);
                createRole.save();
                logger.trace("{} created", createRole);
                if (z && getParentEnvironment() != null) {
                    getParentEnvironment().addHierarchicalRoleToParent(oSecurity, permissionMode, createRole);
                }
                OUser createUser = oSecurity.createUser(getSecurityRoleOrUserName(permissionMode, Environment.SecurityType.USER, z), DatabaseEnvironment.DEFAULT_PASSWORDS.get(permissionMode), createRole);
                createUser.save();
                logger.trace("{} created", createUser);
            }
        }
    }

    protected void removeChildrenHRolesFromParents(OSecurity oSecurity) {
        removeChildrenHRolesFromParents(oSecurity, getAllParents(), getAllChildren());
    }

    protected void removeChildrenHRolesFromParents(OSecurity oSecurity, Set<HierarchicalEnvironment> set, Set<HierarchicalEnvironment> set2) {
        Iterator<HierarchicalEnvironment> it = set.iterator();
        while (it.hasNext()) {
            it.next().removeChildrenHRolesFromMyHUsers(oSecurity, set2);
        }
    }

    protected void removeChildrenHRolesFromMyHUsers(OSecurity oSecurity, Set<HierarchicalEnvironment> set) {
        for (Environment.PermissionMode permissionMode : Environment.PermissionMode.values()) {
            String securityRoleOrUserName = getSecurityRoleOrUserName(permissionMode, Environment.SecurityType.USER, true);
            OUser user = oSecurity.getUser(securityRoleOrUserName);
            Iterator<HierarchicalEnvironment> it = set.iterator();
            while (it.hasNext()) {
                String securityRoleOrUserName2 = it.next().getSecurityRoleOrUserName(permissionMode, Environment.SecurityType.ROLE, true);
                logger.debug("Going to remove {} from {}", securityRoleOrUserName2, securityRoleOrUserName);
                boolean removeRole = user.removeRole(securityRoleOrUserName2);
                Logger logger2 = logger;
                Object[] objArr = new Object[3];
                objArr[0] = securityRoleOrUserName2;
                objArr[1] = removeRole ? "successfully" : OCommandExecutorSQLCreateClass.KEYWORD_NOT;
                objArr[2] = securityRoleOrUserName;
                logger2.trace("{} {} removed from {}", objArr);
            }
            user.save();
        }
    }

    protected void removeHierarchicRoleFromMyHUser(OSecurity oSecurity, Environment.PermissionMode permissionMode, String str) {
        String securityRoleOrUserName = getSecurityRoleOrUserName(permissionMode, Environment.SecurityType.USER, true);
        OUser user = oSecurity.getUser(securityRoleOrUserName);
        logger.debug("Going to remove {} from {}", str, securityRoleOrUserName);
        boolean removeRole = user.removeRole(str);
        Logger logger2 = logger;
        Object[] objArr = new Object[3];
        objArr[0] = str;
        objArr[1] = removeRole ? "successfully" : OCommandExecutorSQLCreateClass.KEYWORD_NOT;
        objArr[2] = securityRoleOrUserName;
        logger2.trace("{} {} removed from {}", objArr);
        user.save();
    }

    @Override // org.gcube.informationsystem.resourceregistry.environments.Environment
    protected void deleteRolesAndUsers(OSecurity oSecurity) {
        for (boolean z : new boolean[]{false, true}) {
            if (z) {
                removeChildrenHRolesFromParents(oSecurity);
            }
            for (Environment.PermissionMode permissionMode : Environment.PermissionMode.values()) {
                for (Environment.SecurityType securityType : Environment.SecurityType.values()) {
                    drop(oSecurity, getSecurityRoleOrUserName(permissionMode, securityType, z), securityType);
                }
            }
        }
    }
}
