package de.deepamehta.core.impl;

import de.deepamehta.core.Association;
import de.deepamehta.core.DeepaMehtaObject;
import de.deepamehta.core.RelatedTopic;
import de.deepamehta.core.Topic;
import de.deepamehta.core.model.SimpleValue;
import de.deepamehta.core.model.TopicModel;
import de.deepamehta.core.service.accesscontrol.AccessControl;
import de.deepamehta.core.service.accesscontrol.Credentials;
import de.deepamehta.core.service.accesscontrol.Operation;
import de.deepamehta.core.service.accesscontrol.SharingMode;
import de.deepamehta.core.util.ContextTracker;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.Callable;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.osgi.service.log.LogService;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:de/deepamehta/core/impl/AccessControlImpl.class */
public class AccessControlImpl implements AccessControl {
    private static final String TYPE_MEMBERSHIP = "dm4.accesscontrol.membership";
    private static final String TYPE_USERNAME = "dm4.accesscontrol.username";
    private static final String TYPE_EMAIL_ADDRESS = "dm4.contacts.email_address";
    private static final String ASSOC_TYPE_USER_MAILBOX = "org.deepamehta.signup.user_mailbox";
    private static final String ASSOC_TYPE_CONFIGURATION = "dm4.config.configuration";
    private static final String ROLE_TYPE_CONFIGURABLE = "dm4.config.configurable";
    private static final String ROLE_TYPE_DEFAULT = "dm4.core.default";
    private static final String PROP_CREATOR = "dm4.accesscontrol.creator";
    private static final String PROP_OWNER = "dm4.accesscontrol.owner";
    private static final String PROP_WORKSPACE_ID = "dm4.workspaces.workspace_id";
    private static final String DEEPAMEHTA_WORKSPACE_URI = "dm4.workspaces.deepamehta";
    private static final String ADMINISTRATION_WORKSPACE_URI = "dm4.workspaces.administration";
    private static final String SYSTEM_WORKSPACE_URI = "dm4.workspaces.system";
    private PersistenceLayer pl;
    private ModelFactoryImpl mf;
    private long systemWorkspaceId = -1;
    private ContextTracker contextTracker = new ContextTracker();
    private Logger logger = Logger.getLogger(getClass().getName());

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: de.deepamehta.core.impl.AccessControlImpl$1, reason: invalid class name */
    /* loaded from: input_file:de/deepamehta/core/impl/AccessControlImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode;
        static final /* synthetic */ int[] $SwitchMap$de$deepamehta$core$service$accesscontrol$Operation = new int[Operation.values().length];

        static {
            try {
                $SwitchMap$de$deepamehta$core$service$accesscontrol$Operation[Operation.READ.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$de$deepamehta$core$service$accesscontrol$Operation[Operation.WRITE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode = new int[SharingMode.values().length];
            try {
                $SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode[SharingMode.PRIVATE.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode[SharingMode.CONFIDENTIAL.ordinal()] = 2;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode[SharingMode.COLLABORATIVE.ordinal()] = 3;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode[SharingMode.PUBLIC.ordinal()] = 4;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode[SharingMode.COMMON.ordinal()] = 5;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AccessControlImpl(PersistenceLayer persistenceLayer) {
        this.pl = persistenceLayer;
        this.mf = persistenceLayer.mf;
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public boolean hasPermission(String str, Operation operation, long j) {
        long assignedWorkspaceId;
        try {
            String typeUri = getTypeUri(j);
            if (typeUri.equals("dm4.topicmaps.topicmap") && isTopicmapPrivate(j)) {
                return isCreator(str, j);
            }
            if (typeUri.equals("dm4.workspaces.workspace")) {
                assignedWorkspaceId = j;
            } else {
                assignedWorkspaceId = getAssignedWorkspaceId(j);
                if (assignedWorkspaceId == -1) {
                    return permissionIfNoWorkspaceIsAssigned(operation, j, typeUri);
                }
            }
            return _hasPermission(str, operation, assignedWorkspaceId);
        } catch (Exception e) {
            throw new RuntimeException("Checking permission for object " + j + " failed (typeUri=\"" + ((String) null) + "\", " + userInfo(str) + ", operation=" + operation + ")", e);
        }
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public boolean hasReadPermission(String str, long j) {
        SharingMode sharingMode = getSharingMode(j);
        switch (AnonymousClass1.$SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode[sharingMode.ordinal()]) {
            case LogService.LOG_ERROR /* 1 */:
                return isOwner(str, j);
            case LogService.LOG_WARNING /* 2 */:
                return isOwner(str, j) || isMember(str, j);
            case LogService.LOG_INFO /* 3 */:
                return isOwner(str, j) || isMember(str, j);
            case LogService.LOG_DEBUG /* 4 */:
                return (j == getSystemWorkspaceId() && str == null) ? false : true;
            case 5:
                return true;
            default:
                throw new RuntimeException(sharingMode + " is an unsupported sharing mode");
        }
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public boolean hasWritePermission(String str, long j) {
        SharingMode sharingMode = getSharingMode(j);
        switch (AnonymousClass1.$SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode[sharingMode.ordinal()]) {
            case LogService.LOG_ERROR /* 1 */:
                return isOwner(str, j);
            case LogService.LOG_WARNING /* 2 */:
                return isOwner(str, j);
            case LogService.LOG_INFO /* 3 */:
                return isOwner(str, j) || isMember(str, j);
            case LogService.LOG_DEBUG /* 4 */:
                return isOwner(str, j) || isMember(str, j);
            case 5:
                return true;
            default:
                throw new RuntimeException(sharingMode + " is an unsupported sharing mode");
        }
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public Topic checkCredentials(Credentials credentials) {
        TopicModelImpl topicModelImpl = null;
        try {
            topicModelImpl = _getUsernameTopic(credentials.username);
            if (topicModelImpl != null && matches(topicModelImpl, credentials.password)) {
                return topicModelImpl.instantiate();
            }
            return null;
        } catch (Exception e) {
            throw new RuntimeException("Checking credentials for user \"" + credentials.username + "\" failed (usernameTopic=" + topicModelImpl + ")", e);
        }
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public void changePassword(Credentials credentials) {
        try {
            this.logger.info("##### Changing password for user \"" + credentials.username + "\"");
            _getUserAccount(_getUsernameTopicOrThrow(credentials.username)).update(this.mf.newTopicModel(this.mf.newChildTopicsModel().put("dm4.accesscontrol.password", credentials.password)));
        } catch (Exception e) {
            throw new RuntimeException("Changing password for user \"" + credentials.username + "\" failed", e);
        }
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public Topic getUsernameTopic(String str) {
        TopicModelImpl _getUsernameTopic = _getUsernameTopic(str);
        if (_getUsernameTopic != null) {
            return _getUsernameTopic.instantiate();
        }
        return null;
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public Topic getPrivateWorkspace(String str) {
        long assignedWorkspaceId = getAssignedWorkspaceId(getPasswordTopic(_getUsernameTopicOrThrow(str)).getId());
        if (assignedWorkspaceId == -1) {
            throw new RuntimeException("User \"" + str + "\" has no private workspace");
        }
        return this.pl.fetchTopic(assignedWorkspaceId).instantiate();
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public boolean isMember(String str, long j) {
        if (str == null) {
            return false;
        }
        try {
            return this.pl.fetchAssociation(TYPE_MEMBERSHIP, _getUsernameTopicOrThrow(str).getId(), j, ROLE_TYPE_DEFAULT, ROLE_TYPE_DEFAULT) != null;
        } catch (Exception e) {
            throw new RuntimeException("Checking membership of user \"" + str + "\" and workspace " + j + " failed", e);
        }
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public String getCreator(long j) {
        if (this.pl.hasProperty(j, PROP_CREATOR)) {
            return (String) this.pl.fetchProperty(j, PROP_CREATOR);
        }
        return null;
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public String getUsername(HttpServletRequest httpServletRequest) {
        try {
            HttpSession session = httpServletRequest.getSession(false);
            if (session == null) {
                return null;
            }
            return username(session);
        } catch (IllegalStateException e) {
            return null;
        }
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public Topic getUsernameTopic(HttpServletRequest httpServletRequest) {
        String username = getUsername(httpServletRequest);
        if (username == null) {
            return null;
        }
        return _getUsernameTopicOrThrow(username).instantiate();
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public String username(HttpSession httpSession) {
        String str = (String) httpSession.getAttribute("username");
        if (str == null) {
            throw new RuntimeException("Session data inconsistency: \"username\" attribute is missing");
        }
        return str;
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public Topic getWorkspace(String str) {
        TopicModelImpl fetchTopic = fetchTopic("uri", str);
        if (fetchTopic == null) {
            throw new RuntimeException("Workspace \"" + str + "\" does not exist");
        }
        return fetchTopic.instantiate();
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public long getDeepaMehtaWorkspaceId() {
        return getWorkspace(DEEPAMEHTA_WORKSPACE_URI).getId();
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public long getAdministrationWorkspaceId() {
        return getWorkspace(ADMINISTRATION_WORKSPACE_URI).getId();
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public long getSystemWorkspaceId() {
        if (this.systemWorkspaceId == -1) {
            TopicModelImpl fetchTopic = fetchTopic("uri", SYSTEM_WORKSPACE_URI);
            if (fetchTopic == null) {
                throw new RuntimeException("The System workspace does not exist");
            }
            this.systemWorkspaceId = fetchTopic.getId();
        }
        return this.systemWorkspaceId;
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public long getAssignedWorkspaceId(long j) {
        try {
            long j2 = -1;
            if (this.pl.hasProperty(j, PROP_WORKSPACE_ID)) {
                j2 = ((Long) this.pl.fetchProperty(j, PROP_WORKSPACE_ID)).longValue();
                checkWorkspaceId(j2);
            }
            return j2;
        } catch (Exception e) {
            throw new RuntimeException("Workspace assignment of object " + j + " can't be determined", e);
        }
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public void assignToWorkspace(DeepaMehtaObject deepaMehtaObject, long j) {
        try {
            this.pl.createAssociation("dm4.core.aggregation", deepaMehtaObject.getModel().createRoleModel("dm4.core.parent"), this.mf.newTopicRoleModel(j, "dm4.core.child"));
            deepaMehtaObject.setProperty(PROP_WORKSPACE_ID, Long.valueOf(j), true);
        } catch (Exception e) {
            throw new RuntimeException("Assigning " + deepaMehtaObject + " to workspace " + j + " failed", e);
        }
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public boolean isWorkspaceAssignment(Association association) {
        DeepaMehtaObjectModelImpl player;
        return association.getTypeUri().equals("dm4.core.aggregation") && (player = ((AssociationImpl) association).getModel().getPlayer("dm4.core.child")) != null && player.getTypeUri().equals("dm4.workspaces.workspace");
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public <V> V runWithoutWorkspaceAssignment(Callable<V> callable) throws Exception {
        return (V) this.contextTracker.run(callable);
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public boolean workspaceAssignmentIsSuppressed() {
        return this.contextTracker.runsInTrackedContext();
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public RelatedTopic getConfigTopic(String str, long j) {
        try {
            RelatedTopicModelImpl fetchTopicRelatedTopic = this.pl.fetchTopicRelatedTopic(j, ASSOC_TYPE_CONFIGURATION, ROLE_TYPE_CONFIGURABLE, ROLE_TYPE_DEFAULT, str);
            if (fetchTopicRelatedTopic == null) {
                throw new RuntimeException("The \"" + str + "\" configuration topic for topic " + j + " is missing");
            }
            return fetchTopicRelatedTopic.instantiate();
        } catch (Exception e) {
            throw new RuntimeException("Getting the \"" + str + "\" configuration topic for topic " + j + " failed", e);
        }
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public String getUsername(String str) {
        try {
            String _getUsername = _getUsername(str);
            if (_getUsername == null) {
                throw new RuntimeException("No username is assigned to email address \"" + str + "\"");
            }
            return _getUsername;
        } catch (Exception e) {
            throw new RuntimeException("Getting the username for email address \"" + str + "\" failed", e);
        }
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public String getEmailAddress(String str) {
        try {
            String _getEmailAddress = _getEmailAddress(str);
            if (_getEmailAddress == null) {
                throw new RuntimeException("No email address is assigned to username \"" + str + "\"");
            }
            return _getEmailAddress;
        } catch (Exception e) {
            throw new RuntimeException("Getting the email address for username \"" + str + "\" failed", e);
        }
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public boolean emailAddressExists(String str) {
        return _getUsername(str) != null;
    }

    private boolean matches(TopicModel topicModel, String str) {
        return getPasswordTopic(topicModel).getSimpleValue().toString().equals(str);
    }

    private TopicModel getPasswordTopic(TopicModel topicModel) {
        return _getPasswordTopic(_getUserAccount(topicModel));
    }

    private TopicModelImpl _getUserAccount(TopicModel topicModel) {
        RelatedTopicModelImpl fetchTopicRelatedTopic = this.pl.fetchTopicRelatedTopic(topicModel.getId(), "dm4.core.composition", "dm4.core.child", "dm4.core.parent", "dm4.accesscontrol.user_account");
        if (fetchTopicRelatedTopic == null) {
            throw new RuntimeException("Data inconsistency: there is no User Account topic for username \"" + topicModel.getSimpleValue() + "\" (usernameTopic=" + topicModel + ")");
        }
        return fetchTopicRelatedTopic;
    }

    private TopicModel _getPasswordTopic(TopicModel topicModel) {
        RelatedTopicModelImpl fetchTopicRelatedTopic = this.pl.fetchTopicRelatedTopic(topicModel.getId(), "dm4.core.composition", "dm4.core.parent", "dm4.core.child", "dm4.accesscontrol.password");
        if (fetchTopicRelatedTopic == null) {
            throw new RuntimeException("Data inconsistency: there is no Password topic for User Account \"" + topicModel.getSimpleValue() + "\" (userAccount=" + topicModel + ")");
        }
        return fetchTopicRelatedTopic;
    }

    private boolean permissionIfNoWorkspaceIsAssigned(Operation operation, long j, String str) {
        switch (AnonymousClass1.$SwitchMap$de$deepamehta$core$service$accesscontrol$Operation[operation.ordinal()]) {
            case LogService.LOG_ERROR /* 1 */:
                this.logger.fine("Object " + j + " (typeUri=\"" + str + "\") is not assigned to any workspace -- READ permission is granted");
                return true;
            case LogService.LOG_WARNING /* 2 */:
                this.logger.warning("Object " + j + " (typeUri=\"" + str + "\") is not assigned to any workspace -- WRITE permission is refused");
                return false;
            default:
                throw new RuntimeException(operation + " is an unsupported operation");
        }
    }

    private boolean _hasPermission(String str, Operation operation, long j) {
        switch (AnonymousClass1.$SwitchMap$de$deepamehta$core$service$accesscontrol$Operation[operation.ordinal()]) {
            case LogService.LOG_ERROR /* 1 */:
                return hasReadPermission(str, j);
            case LogService.LOG_WARNING /* 2 */:
                return hasWritePermission(str, j);
            default:
                throw new RuntimeException(operation + " is an unsupported operation");
        }
    }

    private boolean isOwner(String str, long j) {
        if (str == null) {
            return false;
        }
        try {
            return getOwner(j).equals(str);
        } catch (Exception e) {
            throw new RuntimeException("Checking ownership of workspace " + j + " and user \"" + str + "\" failed", e);
        }
    }

    private SharingMode getSharingMode(long j) {
        RelatedTopicModelImpl fetchTopicRelatedTopic = this.pl.fetchTopicRelatedTopic(j, "dm4.core.aggregation", "dm4.core.parent", "dm4.core.child", "dm4.workspaces.sharing_mode");
        if (fetchTopicRelatedTopic == null) {
            throw new RuntimeException("No sharing mode is assigned to workspace " + j);
        }
        return SharingMode.fromString(fetchTopicRelatedTopic.getUri());
    }

    private void checkWorkspaceId(long j) {
        String typeUri = getTypeUri(j);
        if (!typeUri.equals("dm4.workspaces.workspace")) {
            throw new RuntimeException("Object " + j + " is not a workspace (but of type \"" + typeUri + "\")");
        }
    }

    private boolean isTopicmapPrivate(long j) {
        RelatedTopicModelImpl fetchTopicRelatedTopic = this.pl.fetchTopicRelatedTopic(j, "dm4.core.composition", "dm4.core.parent", "dm4.core.child", "dm4.topicmaps.private");
        if (fetchTopicRelatedTopic == null) {
            return false;
        }
        return fetchTopicRelatedTopic.getSimpleValue().booleanValue();
    }

    private boolean isCreator(String str, long j) {
        if (str != null) {
            return str.equals(getCreator(j));
        }
        return false;
    }

    private String getOwner(long j) {
        if (this.pl.hasProperty(j, PROP_OWNER)) {
            return (String) this.pl.fetchProperty(j, PROP_OWNER);
        }
        throw new RuntimeException("No owner is assigned to workspace " + j);
    }

    private String getTypeUri(long j) {
        return (String) this.pl.fetchProperty(j, "type_uri");
    }

    private TopicModelImpl _getUsernameTopic(String str) {
        return fetchTopic(TYPE_USERNAME, str);
    }

    private TopicModelImpl _getUsernameTopicOrThrow(String str) {
        TopicModelImpl _getUsernameTopic = _getUsernameTopic(str);
        if (_getUsernameTopic == null) {
            throw new RuntimeException("User \"" + str + "\" does not exist");
        }
        return _getUsernameTopic;
    }

    private String _getUsername(String str) {
        String str2 = null;
        Iterator<TopicModelImpl> it = queryTopics(TYPE_EMAIL_ADDRESS, str).iterator();
        while (it.hasNext()) {
            RelatedTopicModelImpl relatedTopic = it.next().getRelatedTopic(ASSOC_TYPE_USER_MAILBOX, "dm4.core.child", "dm4.core.parent", TYPE_USERNAME);
            if (relatedTopic != null) {
                if (str2 != null) {
                    throw new RuntimeException("Ambiguity: the Username assignment for email address \"" + str + "\" is not unique");
                }
                str2 = relatedTopic.getSimpleValue().toString();
            }
        }
        return str2;
    }

    private String _getEmailAddress(String str) {
        RelatedTopicModelImpl relatedTopic = _getUsernameTopicOrThrow(str).getRelatedTopic(ASSOC_TYPE_USER_MAILBOX, "dm4.core.parent", "dm4.core.child", TYPE_EMAIL_ADDRESS);
        if (relatedTopic != null) {
            return relatedTopic.getSimpleValue().toString();
        }
        return null;
    }

    private TopicModelImpl fetchTopic(String str, Object obj) {
        return this.pl.fetchTopic(str, new SimpleValue(obj));
    }

    private List<TopicModelImpl> queryTopics(String str, Object obj) {
        return this.pl.queryTopics(str, new SimpleValue(obj));
    }

    private String userInfo(String str) {
        return "user " + (str != null ? "\"" + str + "\"" : "<anonymous>");
    }
}
