package de.deepamehta.core.impl;

import de.deepamehta.core.DeepaMehtaObject;
import de.deepamehta.core.model.AssociationModel;
import de.deepamehta.core.model.RelatedTopicModel;
import de.deepamehta.core.model.SimpleValue;
import de.deepamehta.core.model.TopicModel;
import de.deepamehta.core.model.TopicRoleModel;
import de.deepamehta.core.service.accesscontrol.AccessControl;
import de.deepamehta.core.service.accesscontrol.Credentials;
import de.deepamehta.core.service.accesscontrol.Operation;
import de.deepamehta.core.service.accesscontrol.SharingMode;
import java.util.logging.Logger;
import org.osgi.service.log.LogService;

/* loaded from: input_file:de/deepamehta/core/impl/AccessControlImpl.class */
class AccessControlImpl implements AccessControl {
    private static final String TYPE_MEMBERSHIP = "dm4.accesscontrol.membership";
    private static final String TYPE_USERNAME = "dm4.accesscontrol.username";
    private static final String PROP_OWNER = "dm4.accesscontrol.owner";
    private static final String PROP_WORKSPACE_ID = "dm4.workspaces.workspace_id";
    private static final String SYSTEM_WORKSPACE_URI = "dm4.workspaces.system";
    private EmbeddedService dms;
    private long systemWorkspaceId = -1;
    private Logger logger = Logger.getLogger(getClass().getName());

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: de.deepamehta.core.impl.AccessControlImpl$1, reason: invalid class name */
    /* loaded from: input_file:de/deepamehta/core/impl/AccessControlImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$de$deepamehta$core$service$accesscontrol$Operation;
        static final /* synthetic */ int[] $SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode = new int[SharingMode.values().length];

        static {
            try {
                $SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode[SharingMode.PRIVATE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode[SharingMode.CONFIDENTIAL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode[SharingMode.COLLABORATIVE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode[SharingMode.PUBLIC.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode[SharingMode.COMMON.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            $SwitchMap$de$deepamehta$core$service$accesscontrol$Operation = new int[Operation.values().length];
            try {
                $SwitchMap$de$deepamehta$core$service$accesscontrol$Operation[Operation.READ.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$de$deepamehta$core$service$accesscontrol$Operation[Operation.WRITE.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AccessControlImpl(EmbeddedService embeddedService) {
        this.dms = embeddedService;
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public boolean checkCredentials(Credentials credentials) {
        TopicModel topicModel = null;
        try {
            topicModel = getUsernameTopic(credentials.username);
            if (topicModel == null) {
                return false;
            }
            return matches(topicModel, credentials.password);
        } catch (Exception e) {
            throw new RuntimeException("Checking credentials for user \"" + credentials.username + "\" failed (usernameTopic=" + topicModel + ")", e);
        }
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public boolean hasPermission(String str, Operation operation, long j) {
        long assignedWorkspaceId;
        try {
            String typeUri = getTypeUri(j);
            if (typeUri.equals("dm4.workspaces.workspace")) {
                assignedWorkspaceId = j;
            } else {
                assignedWorkspaceId = getAssignedWorkspaceId(j);
                if (assignedWorkspaceId == -1) {
                    switch (AnonymousClass1.$SwitchMap$de$deepamehta$core$service$accesscontrol$Operation[operation.ordinal()]) {
                        case LogService.LOG_ERROR /* 1 */:
                            this.logger.fine("Object " + j + " (typeUri=\"" + typeUri + "\") is not assigned to any workspace -- READ permission is granted");
                            return true;
                        case LogService.LOG_WARNING /* 2 */:
                            this.logger.warning("Object " + j + " (typeUri=\"" + typeUri + "\") is not assigned to any workspace -- WRITE permission is refused");
                            return false;
                        default:
                            throw new RuntimeException(operation + " is an unsupported operation");
                    }
                }
            }
            return _hasPermission(str, operation, assignedWorkspaceId);
        } catch (Exception e) {
            throw new RuntimeException("Checking permission for object " + j + " (typeUri=\"" + ((String) null) + "\") failed (" + userInfo(str) + ", operation=" + operation + ")", e);
        }
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public boolean isMember(String str, long j) {
        if (str == null) {
            return false;
        }
        try {
            return this.dms.storageDecorator.fetchAssociation(TYPE_MEMBERSHIP, getUsernameTopicOrThrow(str).getId(), j, "dm4.core.default", "dm4.core.default") != null;
        } catch (Exception e) {
            throw new RuntimeException("Checking membership of user \"" + str + "\" and workspace " + j + " failed", e);
        }
    }

    @Override // de.deepamehta.core.service.accesscontrol.AccessControl
    public void assignToWorkspace(DeepaMehtaObject deepaMehtaObject, long j) {
        this.dms.associationFactory(new AssociationModel("dm4.core.aggregation", new TopicRoleModel(deepaMehtaObject.getId(), "dm4.core.parent"), new TopicRoleModel(j, "dm4.core.child")));
        deepaMehtaObject.setProperty(PROP_WORKSPACE_ID, Long.valueOf(j), false);
    }

    private boolean matches(TopicModel topicModel, String str) {
        return getPassword(getUserAccount(topicModel)).equals(str);
    }

    private TopicModel getUserAccount(TopicModel topicModel) {
        RelatedTopicModel fetchTopicRelatedTopic = this.dms.storageDecorator.fetchTopicRelatedTopic(topicModel.getId(), "dm4.core.composition", "dm4.core.child", "dm4.core.parent", "dm4.accesscontrol.user_account");
        if (fetchTopicRelatedTopic == null) {
            throw new RuntimeException("Data inconsistency: there is no User Account topic for username \"" + topicModel.getSimpleValue() + "\" (usernameTopic=" + topicModel + ")");
        }
        return fetchTopicRelatedTopic;
    }

    private String getPassword(TopicModel topicModel) {
        RelatedTopicModel fetchTopicRelatedTopic = this.dms.storageDecorator.fetchTopicRelatedTopic(topicModel.getId(), "dm4.core.composition", "dm4.core.parent", "dm4.core.child", "dm4.accesscontrol.password");
        if (fetchTopicRelatedTopic == null) {
            throw new RuntimeException("Data inconsistency: there is no Password topic for User Account \"" + topicModel.getSimpleValue() + "\" (userAccount=" + topicModel + ")");
        }
        return fetchTopicRelatedTopic.getSimpleValue().toString();
    }

    private boolean _hasPermission(String str, Operation operation, long j) {
        switch (AnonymousClass1.$SwitchMap$de$deepamehta$core$service$accesscontrol$Operation[operation.ordinal()]) {
            case LogService.LOG_ERROR /* 1 */:
                return hasReadPermission(str, j);
            case LogService.LOG_WARNING /* 2 */:
                return hasWritePermission(str, j);
            default:
                throw new RuntimeException(operation + " is an unsupported operation");
        }
    }

    private boolean hasReadPermission(String str, long j) {
        SharingMode sharingMode = getSharingMode(j);
        switch (AnonymousClass1.$SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode[sharingMode.ordinal()]) {
            case LogService.LOG_ERROR /* 1 */:
                return isOwner(str, j);
            case LogService.LOG_WARNING /* 2 */:
                return isOwner(str, j) || isMember(str, j);
            case LogService.LOG_INFO /* 3 */:
                return isOwner(str, j) || isMember(str, j);
            case LogService.LOG_DEBUG /* 4 */:
                return (j == getSystemWorkspaceId() && str == null) ? false : true;
            case 5:
                return true;
            default:
                throw new RuntimeException(sharingMode + " is an unsupported sharing mode");
        }
    }

    private boolean hasWritePermission(String str, long j) {
        SharingMode sharingMode = getSharingMode(j);
        switch (AnonymousClass1.$SwitchMap$de$deepamehta$core$service$accesscontrol$SharingMode[sharingMode.ordinal()]) {
            case LogService.LOG_ERROR /* 1 */:
                return isOwner(str, j);
            case LogService.LOG_WARNING /* 2 */:
                return isOwner(str, j);
            case LogService.LOG_INFO /* 3 */:
                return isOwner(str, j) || isMember(str, j);
            case LogService.LOG_DEBUG /* 4 */:
                return isOwner(str, j) || isMember(str, j);
            case 5:
                return true;
            default:
                throw new RuntimeException(sharingMode + " is an unsupported sharing mode");
        }
    }

    private long getAssignedWorkspaceId(long j) {
        if (this.dms.hasProperty(j, PROP_WORKSPACE_ID)) {
            return ((Long) this.dms.getProperty(j, PROP_WORKSPACE_ID)).longValue();
        }
        return -1L;
    }

    private boolean isOwner(String str, long j) {
        if (str == null) {
            return false;
        }
        try {
            return getOwner(j).equals(str);
        } catch (Exception e) {
            throw new RuntimeException("Checking ownership of workspace " + j + " and user \"" + str + "\" failed", e);
        }
    }

    private SharingMode getSharingMode(long j) {
        RelatedTopicModel fetchTopicRelatedTopic = this.dms.storageDecorator.fetchTopicRelatedTopic(j, "dm4.core.aggregation", "dm4.core.parent", "dm4.core.child", "dm4.workspaces.sharing_mode");
        if (fetchTopicRelatedTopic == null) {
            throw new RuntimeException("No sharing mode is assigned to workspace " + j);
        }
        return SharingMode.fromString(fetchTopicRelatedTopic.getUri());
    }

    private String getOwner(long j) {
        if (this.dms.storageDecorator.hasProperty(j, PROP_OWNER)) {
            return (String) this.dms.storageDecorator.fetchProperty(j, PROP_OWNER);
        }
        throw new RuntimeException("No owner is assigned to workspace " + j);
    }

    private String getTypeUri(long j) {
        return (String) this.dms.storageDecorator.fetchProperty(j, "type_uri");
    }

    private TopicModel getUsernameTopic(String str) {
        return this.dms.storageDecorator.fetchTopic(TYPE_USERNAME, new SimpleValue(str));
    }

    private TopicModel getUsernameTopicOrThrow(String str) {
        TopicModel usernameTopic = getUsernameTopic(str);
        if (usernameTopic == null) {
            throw new RuntimeException("User \"" + str + "\" does not exist");
        }
        return usernameTopic;
    }

    long getSystemWorkspaceId() {
        if (this.systemWorkspaceId != -1) {
            return this.systemWorkspaceId;
        }
        TopicModel fetchTopic = this.dms.storageDecorator.fetchTopic("uri", new SimpleValue(SYSTEM_WORKSPACE_URI));
        if (fetchTopic == null) {
            throw new RuntimeException("The System workspace does not exist");
        }
        this.systemWorkspaceId = fetchTopic.getId();
        return this.systemWorkspaceId;
    }

    private String userInfo(String str) {
        return "user " + (str != null ? "\"" + str + "\"" : "<anonymous>");
    }
}
