package org.gcube.informationsystem.resourceregistry.environments;

import com.orientechnologies.orient.core.db.ODatabasePool;
import com.orientechnologies.orient.core.db.ODatabaseSession;
import com.orientechnologies.orient.core.db.document.ODatabaseDocument;
import com.orientechnologies.orient.core.id.ORID;
import com.orientechnologies.orient.core.metadata.security.ORestrictedOperation;
import com.orientechnologies.orient.core.metadata.security.ORole;
import com.orientechnologies.orient.core.metadata.security.OSecurity;
import com.orientechnologies.orient.core.metadata.security.OSecurityRole;
import com.orientechnologies.orient.core.metadata.security.OUser;
import com.orientechnologies.orient.core.record.OElement;
import com.orientechnologies.orient.core.record.impl.ODocument;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
import org.gcube.informationsystem.resourceregistry.api.exceptions.ResourceRegistryException;
import org.gcube.informationsystem.resourceregistry.base.ElementManagement;
import org.gcube.informationsystem.resourceregistry.contexts.ContextUtility;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.gcube.informationsystem.resourceregistry.environments.administration.AdminEnvironment;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/org/gcube/informationsystem/resourceregistry/environments/Environment.class */
public abstract class Environment {
    protected static final String DEFAULT_WRITER_ROLE = "writer";
    protected static final String DEFAULT_READER_ROLE = "reader";
    protected final UUID environmentUUID;
    protected final Map<PermissionMode, ODatabasePool> poolMap = new HashMap();
    protected Set<String> allowedRoles = new HashSet(allOperationAllowedRoles);
    public static final String INFRASTRUCTURE_MANAGER = "Infrastructure-Manager";
    public static final String IS_MANAGER = "IS-Manager";
    public static final String CONTEXT_MANAGER = "Context-Manager";
    private static Logger logger = LoggerFactory.getLogger(Environment.class);
    protected static Set<String> allOperationAllowedRoles = new HashSet();

    /* loaded from: input_file:WEB-INF/classes/org/gcube/informationsystem/resourceregistry/environments/Environment$PermissionMode.class */
    public enum PermissionMode {
        READER("Reader"),
        WRITER("Writer");

        private final String name;

        PermissionMode(String str) {
            this.name = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.name;
        }
    }

    /* loaded from: input_file:WEB-INF/classes/org/gcube/informationsystem/resourceregistry/environments/Environment$SecurityType.class */
    public enum SecurityType {
        ROLE("Role"),
        USER("User");

        private final String name;

        SecurityType(String str) {
            this.name = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.name;
        }
    }

    public static Set<String> getAllOperationsAllowedRoles() {
        return new HashSet(allOperationAllowedRoles);
    }

    public Set<String> getAllowedRoles() {
        return new HashSet(this.allowedRoles);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Environment(UUID uuid) throws ResourceRegistryException {
        this.environmentUUID = uuid;
        this.allowedRoles.add(CONTEXT_MANAGER);
    }

    protected synchronized ODatabasePool getPool(PermissionMode permissionMode, boolean z) {
        ODatabasePool oDatabasePool;
        if (z && (oDatabasePool = this.poolMap.get(permissionMode)) != null) {
            oDatabasePool.close();
            this.poolMap.remove(permissionMode);
        }
        ODatabasePool oDatabasePool2 = this.poolMap.get(permissionMode);
        if (oDatabasePool2 == null) {
            oDatabasePool2 = new ODatabasePool(DatabaseEnvironment.DB_URI, getSecurityRoleOrUserName(permissionMode, SecurityType.USER), DatabaseEnvironment.DEFAULT_PASSWORDS.get(permissionMode));
            this.poolMap.put(permissionMode, oDatabasePool2);
        }
        return oDatabasePool2;
    }

    public UUID getUUID() {
        return this.environmentUUID;
    }

    public static String getRoleOrUserName(PermissionMode permissionMode, SecurityType securityType) {
        StringBuilder sb = new StringBuilder();
        sb.append(permissionMode);
        sb.append(securityType);
        return sb.toString();
    }

    public String getSecurityRoleOrUserName(PermissionMode permissionMode, SecurityType securityType) {
        return getRoleOrUserName(permissionMode, securityType) + ElementManagement.UNDERSCORE + this.environmentUUID.toString();
    }

    private OSecurity getOSecurity(ODatabaseDocument oDatabaseDocument) {
        return oDatabaseDocument.getMetadata().getSecurity();
    }

    public void addElement(OElement oElement) throws ResourceRegistryException {
        ODatabaseDocument currentODatabaseDocumentFromThreadLocal = ContextUtility.getCurrentODatabaseDocumentFromThreadLocal();
        ODatabaseDocument oDatabaseDocument = null;
        try {
            oDatabaseDocument = AdminEnvironment.getInstance().getDatabaseDocument(PermissionMode.WRITER);
            addElement(oElement, oDatabaseDocument);
            if (oDatabaseDocument != null) {
                oDatabaseDocument.close();
            }
            if (currentODatabaseDocumentFromThreadLocal != null) {
                currentODatabaseDocumentFromThreadLocal.activateOnCurrentThread();
            }
        } catch (Throwable th) {
            if (oDatabaseDocument != null) {
                oDatabaseDocument.close();
            }
            if (currentODatabaseDocumentFromThreadLocal != null) {
                currentODatabaseDocumentFromThreadLocal.activateOnCurrentThread();
            }
            throw th;
        }
    }

    protected void allow(OSecurity oSecurity, ODocument oDocument) {
        oSecurity.allowRole(oDocument, ORestrictedOperation.ALLOW_ALL, getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.ROLE));
        oSecurity.allowRole(oDocument, ORestrictedOperation.ALLOW_READ, getSecurityRoleOrUserName(PermissionMode.READER, SecurityType.ROLE));
    }

    public boolean isElementInContext(OElement oElement) throws ResourceRegistryException {
        ORID identity = oElement.getIdentity();
        ODatabaseDocument currentODatabaseDocumentFromThreadLocal = ContextUtility.getCurrentODatabaseDocumentFromThreadLocal();
        ODatabaseDocument oDatabaseDocument = null;
        try {
            oDatabaseDocument = getDatabaseDocument(PermissionMode.READER);
            if (oDatabaseDocument.getRecord(identity) == null) {
                if (oDatabaseDocument != null) {
                    oDatabaseDocument.close();
                }
                if (currentODatabaseDocumentFromThreadLocal != null) {
                    currentODatabaseDocumentFromThreadLocal.activateOnCurrentThread();
                }
                return false;
            }
            if (oDatabaseDocument != null) {
                oDatabaseDocument.close();
            }
            if (currentODatabaseDocumentFromThreadLocal != null) {
                currentODatabaseDocumentFromThreadLocal.activateOnCurrentThread();
            }
            return true;
        } catch (Throwable th) {
            if (oDatabaseDocument != null) {
                oDatabaseDocument.close();
            }
            if (currentODatabaseDocumentFromThreadLocal != null) {
                currentODatabaseDocumentFromThreadLocal.activateOnCurrentThread();
            }
            throw th;
        }
    }

    public void addElement(OElement oElement, ODatabaseDocument oDatabaseDocument) {
        ODocument oDocument = (ODocument) oElement.getRecord();
        allow(getOSecurity(oDatabaseDocument), oDocument);
        oDocument.save();
        oElement.save();
    }

    public void removeElement(OElement oElement) throws ResourceRegistryException {
        ODatabaseDocument currentODatabaseDocumentFromThreadLocal = ContextUtility.getCurrentODatabaseDocumentFromThreadLocal();
        ODatabaseDocument oDatabaseDocument = null;
        try {
            oDatabaseDocument = AdminEnvironment.getInstance().getDatabaseDocument(PermissionMode.WRITER);
            removeElement(oElement, oDatabaseDocument);
            if (oDatabaseDocument != null) {
                oDatabaseDocument.close();
            }
            if (currentODatabaseDocumentFromThreadLocal != null) {
                currentODatabaseDocumentFromThreadLocal.activateOnCurrentThread();
            }
        } catch (Throwable th) {
            if (oDatabaseDocument != null) {
                oDatabaseDocument.close();
            }
            if (currentODatabaseDocumentFromThreadLocal != null) {
                currentODatabaseDocumentFromThreadLocal.activateOnCurrentThread();
            }
            throw th;
        }
    }

    protected void deny(OSecurity oSecurity, ODocument oDocument) {
        oSecurity.denyUser(oDocument, ORestrictedOperation.ALLOW_ALL, getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER));
        oSecurity.denyUser(oDocument, ORestrictedOperation.ALLOW_READ, getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.USER));
        oSecurity.denyRole(oDocument, ORestrictedOperation.ALLOW_ALL, getSecurityRoleOrUserName(PermissionMode.WRITER, SecurityType.ROLE));
        oSecurity.denyRole(oDocument, ORestrictedOperation.ALLOW_READ, getSecurityRoleOrUserName(PermissionMode.READER, SecurityType.ROLE));
    }

    public void removeElement(OElement oElement, ODatabaseDocument oDatabaseDocument) {
        ODocument oDocument = (ODocument) oElement.getRecord();
        deny(getOSecurity(oDatabaseDocument), oDocument);
        oDocument.save();
        oElement.save();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean allowed(ORole oRole, ODocument oDocument) {
        ODatabaseDocument currentODatabaseDocumentFromThreadLocal = ContextUtility.getCurrentODatabaseDocumentFromThreadLocal();
        ODatabaseDocument oDatabaseDocument = null;
        try {
            oDatabaseDocument = getDatabaseDocument(PermissionMode.READER);
            oDatabaseDocument.activateOnCurrentThread();
            if (oDatabaseDocument.getRecord(oDocument.getIdentity()) == null) {
                if (oDatabaseDocument != null) {
                    oDatabaseDocument.close();
                }
                if (currentODatabaseDocumentFromThreadLocal != null) {
                    currentODatabaseDocumentFromThreadLocal.activateOnCurrentThread();
                }
                return false;
            }
            if (oDatabaseDocument != null) {
                oDatabaseDocument.close();
            }
            if (currentODatabaseDocumentFromThreadLocal != null) {
                currentODatabaseDocumentFromThreadLocal.activateOnCurrentThread();
            }
            return true;
        } catch (Exception e) {
            if (oDatabaseDocument != null) {
                oDatabaseDocument.close();
            }
            if (currentODatabaseDocumentFromThreadLocal != null) {
                currentODatabaseDocumentFromThreadLocal.activateOnCurrentThread();
            }
            return false;
        } catch (Throwable th) {
            if (oDatabaseDocument != null) {
                oDatabaseDocument.close();
            }
            if (currentODatabaseDocumentFromThreadLocal != null) {
                currentODatabaseDocumentFromThreadLocal.activateOnCurrentThread();
            }
            throw th;
        }
    }

    public boolean isUserAllowed(Collection<String> collection) {
        boolean z = false;
        HashSet hashSet = new HashSet(SecretManagerProvider.instance.get().getUser().getRoles());
        hashSet.retainAll(collection);
        if (hashSet.size() > 0) {
            z = true;
        }
        return z;
    }

    public void create() throws ResourceRegistryException {
        ODatabaseDocument currentODatabaseDocumentFromThreadLocal = ContextUtility.getCurrentODatabaseDocumentFromThreadLocal();
        ODatabaseDocument oDatabaseDocument = null;
        try {
            oDatabaseDocument = AdminEnvironment.getInstance().getDatabaseDocument(PermissionMode.WRITER);
            create(oDatabaseDocument);
            oDatabaseDocument.commit();
            if (oDatabaseDocument != null) {
                oDatabaseDocument.close();
            }
            if (currentODatabaseDocumentFromThreadLocal != null) {
                currentODatabaseDocumentFromThreadLocal.activateOnCurrentThread();
            }
        } catch (Throwable th) {
            if (oDatabaseDocument != null) {
                oDatabaseDocument.close();
            }
            if (currentODatabaseDocumentFromThreadLocal != null) {
                currentODatabaseDocumentFromThreadLocal.activateOnCurrentThread();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ORole addExtraRules(ORole oRole, PermissionMode permissionMode) {
        return oRole;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ORole getSuperRole(OSecurity oSecurity, PermissionMode permissionMode) {
        return oSecurity.getRole(permissionMode.name().toLowerCase());
    }

    protected void createRolesAndUsers(OSecurity oSecurity) {
        for (PermissionMode permissionMode : PermissionMode.values()) {
            ORole createRole = oSecurity.createRole(getSecurityRoleOrUserName(permissionMode, SecurityType.ROLE), getSuperRole(oSecurity, permissionMode), OSecurityRole.ALLOW_MODES.DENY_ALL_BUT);
            addExtraRules(createRole, permissionMode);
            createRole.save();
            logger.trace("{} created", createRole);
            OUser createUser = oSecurity.createUser(getSecurityRoleOrUserName(permissionMode, SecurityType.USER), DatabaseEnvironment.DEFAULT_PASSWORDS.get(permissionMode), createRole);
            createUser.save();
            logger.trace("{} created", createUser);
        }
    }

    public void create(ODatabaseDocument oDatabaseDocument) {
        createRolesAndUsers(getOSecurity(oDatabaseDocument));
        logger.trace("Security Context (roles and users) with UUID {} successfully created", this.environmentUUID.toString());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void drop(OSecurity oSecurity, String str, SecurityType securityType) {
        boolean z = false;
        switch (securityType) {
            case ROLE:
                z = oSecurity.dropRole(str);
                break;
            case USER:
                z = oSecurity.dropUser(str);
                break;
        }
        if (z) {
            logger.trace("{} successfully dropped", str);
        } else {
            logger.error("{} was not dropped successfully", str);
        }
    }

    public void delete() throws ResourceRegistryException {
        ODatabaseDocument currentODatabaseDocumentFromThreadLocal = ContextUtility.getCurrentODatabaseDocumentFromThreadLocal();
        ODatabaseDocument oDatabaseDocument = null;
        try {
            oDatabaseDocument = AdminEnvironment.getInstance().getDatabaseDocument(PermissionMode.WRITER);
            delete(oDatabaseDocument);
            oDatabaseDocument.commit();
            if (oDatabaseDocument != null) {
                oDatabaseDocument.close();
            }
            if (currentODatabaseDocumentFromThreadLocal != null) {
                currentODatabaseDocumentFromThreadLocal.activateOnCurrentThread();
            }
        } catch (Throwable th) {
            if (oDatabaseDocument != null) {
                oDatabaseDocument.close();
            }
            if (currentODatabaseDocumentFromThreadLocal != null) {
                currentODatabaseDocumentFromThreadLocal.activateOnCurrentThread();
            }
            throw th;
        }
    }

    protected void deleteRolesAndUsers(OSecurity oSecurity) {
        for (PermissionMode permissionMode : PermissionMode.values()) {
            for (SecurityType securityType : SecurityType.values()) {
                drop(oSecurity, getSecurityRoleOrUserName(permissionMode, securityType), securityType);
            }
        }
    }

    public void delete(ODatabaseDocument oDatabaseDocument) {
        delete(getOSecurity(oDatabaseDocument));
    }

    private void delete(OSecurity oSecurity) {
        logger.trace("Going to remove Security Context (roles and users) with UUID {}", this.environmentUUID.toString());
        deleteRolesAndUsers(oSecurity);
        logger.trace("Security Context (roles and users) with UUID {} successfully removed", this.environmentUUID.toString());
    }

    public ODatabaseDocument getDatabaseDocument(PermissionMode permissionMode) throws ResourceRegistryException {
        ODatabaseSession acquire;
        try {
            try {
                acquire = getPool(permissionMode, false).acquire();
            } catch (Exception e) {
                acquire = getPool(permissionMode, true).acquire();
            }
            if (acquire.isClosed()) {
                throw new Exception();
            }
            acquire.activateOnCurrentThread();
            return acquire;
        } catch (Exception e2) {
            throw new ResourceRegistryException(e2);
        }
    }

    public String toString() {
        return String.format("%s %s", getClass().getSimpleName(), getUUID().toString());
    }

    static {
        allOperationAllowedRoles.add(INFRASTRUCTURE_MANAGER);
        allOperationAllowedRoles.add(IS_MANAGER);
    }
}
