package org.eclipse.emf.emfstore.server.accesscontrol;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.eclipse.emf.ecore.EObject;
import org.eclipse.emf.emfstore.common.extensionpoint.ExtensionElement;
import org.eclipse.emf.emfstore.common.extensionpoint.ExtensionPoint;
import org.eclipse.emf.emfstore.common.model.util.ModelUtil;
import org.eclipse.emf.emfstore.server.ServerConfiguration;
import org.eclipse.emf.emfstore.server.accesscontrol.authentication.AbstractAuthenticationControl;
import org.eclipse.emf.emfstore.server.accesscontrol.authentication.factory.AuthenticationControlFactory;
import org.eclipse.emf.emfstore.server.accesscontrol.authentication.factory.AuthenticationControlFactoryImpl;
import org.eclipse.emf.emfstore.server.core.MonitorProvider;
import org.eclipse.emf.emfstore.server.exceptions.AccessControlException;
import org.eclipse.emf.emfstore.server.exceptions.FatalEmfStoreException;
import org.eclipse.emf.emfstore.server.exceptions.SessionTimedOutException;
import org.eclipse.emf.emfstore.server.model.ClientVersionInfo;
import org.eclipse.emf.emfstore.server.model.ProjectId;
import org.eclipse.emf.emfstore.server.model.ServerSpace;
import org.eclipse.emf.emfstore.server.model.SessionId;
import org.eclipse.emf.emfstore.server.model.accesscontrol.ACGroup;
import org.eclipse.emf.emfstore.server.model.accesscontrol.ACOrgUnit;
import org.eclipse.emf.emfstore.server.model.accesscontrol.ACOrgUnitId;
import org.eclipse.emf.emfstore.server.model.accesscontrol.ACUser;
import org.eclipse.emf.emfstore.server.model.accesscontrol.roles.Role;
import org.eclipse.emf.emfstore.server.model.accesscontrol.roles.ServerAdmin;

/* loaded from: input_file:org/eclipse/emf/emfstore/server/accesscontrol/AccessControlImpl.class */
public class AccessControlImpl implements AuthenticationControl, AuthorizationControl {
    private ServerSpace serverSpace;
    private Map<SessionId, ACUserContainer> sessionUserMap = new HashMap();
    private AbstractAuthenticationControl authenticationControl = getAuthenticationFactory().createAuthenticationControl();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/emf/emfstore/server/accesscontrol/AccessControlImpl$ACUserContainer.class */
    public class ACUserContainer {
        private ACUser acUser;
        private long lastActive;

        public ACUserContainer(ACUser aCUser) {
            this.acUser = aCUser;
            active();
        }

        public ACUser getUser() throws AccessControlException {
            checkLastActive();
            active();
            return getRawUser();
        }

        public ACUser getRawUser() {
            return this.acUser;
        }

        public void checkLastActive() throws AccessControlException {
            if (System.currentTimeMillis() - this.lastActive > Integer.parseInt(ServerConfiguration.getProperties().getProperty(ServerConfiguration.SESSION_TIMEOUT, ServerConfiguration.SESSION_TIMEOUT_DEFAULT))) {
                throw new SessionTimedOutException("Usersession timed out.");
            }
        }

        private void active() {
            this.lastActive = System.currentTimeMillis();
        }
    }

    public AccessControlImpl(ServerSpace serverSpace) throws FatalEmfStoreException {
        this.serverSpace = serverSpace;
    }

    private AuthenticationControlFactory getAuthenticationFactory() {
        Iterator it = new ExtensionPoint("org.eclipse.emf.emfstore.server.authenticationfactory").getExtensionElements().iterator();
        while (it.hasNext()) {
            AuthenticationControlFactory authenticationControlFactory = (AuthenticationControlFactory) ((ExtensionElement) it.next()).getClass("class", AuthenticationControlFactory.class);
            if (authenticationControlFactory != null) {
                return authenticationControlFactory;
            }
        }
        return new AuthenticationControlFactoryImpl();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v11, types: [org.eclipse.emf.emfstore.server.model.SessionId] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    @Override // org.eclipse.emf.emfstore.server.accesscontrol.AuthenticationControl
    public SessionId logIn(String str, String str2, ClientVersionInfo clientVersionInfo) throws AccessControlException {
        ?? monitor = MonitorProvider.getInstance().getMonitor("authentication");
        synchronized (monitor) {
            ACUser resolveUser = resolveUser(str);
            SessionId logIn = this.authenticationControl.logIn(resolveUser.getName(), str2, clientVersionInfo);
            this.sessionUserMap.put(logIn, new ACUserContainer(resolveUser));
            monitor = logIn;
        }
        return monitor;
    }

    @Override // org.eclipse.emf.emfstore.server.accesscontrol.AuthenticationControl
    public void logout(SessionId sessionId) throws AccessControlException {
        synchronized (MonitorProvider.getInstance().getMonitor("authentication")) {
            if (sessionId == null) {
                throw new AccessControlException("SessionId is null.");
            }
            this.sessionUserMap.remove(sessionId);
        }
    }

    /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable, java.lang.Object] */
    private ACUser resolveUser(String str) throws AccessControlException {
        Boolean valueOf = Boolean.valueOf(Boolean.parseBoolean(ServerConfiguration.getProperties().getProperty(ServerConfiguration.AUTHENTICATION_MATCH_USERS_IGNORE_CASE, ServerConfiguration.FALSE)));
        synchronized (MonitorProvider.getInstance().getMonitor()) {
            for (ACUser aCUser : this.serverSpace.getUsers()) {
                if (valueOf.booleanValue()) {
                    if (aCUser.getName().equalsIgnoreCase(str)) {
                        return aCUser;
                    }
                } else if (aCUser.getName().equals(str)) {
                    return aCUser;
                }
            }
            throw new AccessControlException();
        }
    }

    @Override // org.eclipse.emf.emfstore.server.accesscontrol.AuthorizationControl
    public void checkSession(SessionId sessionId) throws AccessControlException {
        if (!this.sessionUserMap.containsKey(sessionId)) {
            throw new SessionTimedOutException("Session ID unkown.");
        }
    }

    @Override // org.eclipse.emf.emfstore.server.accesscontrol.AuthorizationControl
    public void checkWriteAccess(SessionId sessionId, ProjectId projectId, Set<EObject> set) throws AccessControlException {
        checkSession(sessionId);
        ACUser user = getUser(sessionId);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(user.getRoles());
        arrayList.addAll(getRolesFromGroups(user));
        if (!canWrite(arrayList, projectId, null)) {
            throw new AccessControlException();
        }
    }

    private boolean canWrite(List<Role> list, ProjectId projectId, EObject eObject) throws AccessControlException {
        for (Role role : list) {
            if (role.canModify(projectId, eObject) || role.canCreate(projectId, eObject) || role.canDelete(projectId, eObject)) {
                return true;
            }
        }
        return false;
    }

    private boolean canRead(List<Role> list, ProjectId projectId, EObject eObject) throws AccessControlException {
        Iterator<Role> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().canRead(projectId, eObject)) {
                return true;
            }
        }
        return false;
    }

    private List<Role> getRolesFromGroups(ACOrgUnit aCOrgUnit) {
        ArrayList arrayList = new ArrayList();
        Iterator<ACGroup> it = getGroups(aCOrgUnit).iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().getRoles());
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v10, types: [java.util.List<org.eclipse.emf.emfstore.server.model.accesscontrol.ACGroup>] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    private List<ACGroup> getGroups(ACOrgUnit aCOrgUnit) {
        ?? monitor = MonitorProvider.getInstance().getMonitor();
        synchronized (monitor) {
            ArrayList arrayList = new ArrayList();
            for (ACGroup aCGroup : this.serverSpace.getGroups()) {
                if (aCGroup.getMembers().contains(aCOrgUnit)) {
                    arrayList.add(aCGroup);
                    for (ACGroup aCGroup2 : getGroups(aCGroup)) {
                        if (!arrayList.contains(aCGroup2)) {
                            arrayList.add(aCGroup2);
                        }
                    }
                }
            }
            monitor = arrayList;
        }
        return monitor;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable, java.lang.Object] */
    private ACUser getUser(ACOrgUnitId aCOrgUnitId) throws AccessControlException {
        synchronized (MonitorProvider.getInstance().getMonitor()) {
            for (ACUser aCUser : this.serverSpace.getUsers()) {
                if (aCUser.getId().equals(aCOrgUnitId)) {
                }
            }
            throw new AccessControlException("Given User doesn't exist.");
        }
        return aCUser;
    }

    @Override // org.eclipse.emf.emfstore.server.accesscontrol.AuthorizationControl
    public void checkReadAccess(SessionId sessionId, ProjectId projectId, Set<EObject> set) throws AccessControlException {
        checkSession(sessionId);
        ACUser user = getUser(sessionId);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(user.getRoles());
        arrayList.addAll(getRolesFromGroups(user));
        if (!canRead(arrayList, projectId, null)) {
            throw new AccessControlException();
        }
    }

    @Override // org.eclipse.emf.emfstore.server.accesscontrol.AuthorizationControl
    public void checkProjectAdminAccess(SessionId sessionId, ProjectId projectId) throws AccessControlException {
        checkSession(sessionId);
        ACUser user = getUser(sessionId);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(user.getRoles());
        arrayList.addAll(getRolesFromGroups(user));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            if (((Role) it.next()).canAdministrate(projectId)) {
                return;
            }
        }
        throw new AccessControlException();
    }

    @Override // org.eclipse.emf.emfstore.server.accesscontrol.AuthorizationControl
    public void checkServerAdminAccess(SessionId sessionId) throws AccessControlException {
        checkSession(sessionId);
        ACUser user = getUser(sessionId);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(user.getRoles());
        arrayList.addAll(getRolesFromGroups(user));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            if (((Role) it.next()) instanceof ServerAdmin) {
                return;
            }
        }
        throw new AccessControlException();
    }

    @Override // org.eclipse.emf.emfstore.server.accesscontrol.AuthorizationControl
    public ACUser resolveUser(SessionId sessionId) throws AccessControlException {
        checkSession(sessionId);
        return copyAndResolveUser(this.sessionUserMap.get(sessionId).getRawUser());
    }

    @Override // org.eclipse.emf.emfstore.server.accesscontrol.AuthorizationControl
    public ACUser resolveUser(ACOrgUnitId aCOrgUnitId) throws AccessControlException {
        return copyAndResolveUser(getUser(aCOrgUnitId));
    }

    private ACUser copyAndResolveUser(ACUser aCUser) {
        ACUser clone = ModelUtil.clone(aCUser);
        Iterator<Role> it = getRolesFromGroups(aCUser).iterator();
        while (it.hasNext()) {
            clone.getRoles().add(ModelUtil.clone(it.next()));
        }
        for (ACGroup aCGroup : getGroups(aCUser)) {
            if (!clone.getEffectiveGroups().contains(aCGroup)) {
                ACGroup clone2 = ModelUtil.clone(aCGroup);
                clone.getEffectiveGroups().add(clone2);
                clone2.getMembers().clear();
            }
        }
        return clone;
    }

    private ACUser getUser(SessionId sessionId) throws AccessControlException {
        try {
            return this.sessionUserMap.get(sessionId).getUser();
        } catch (AccessControlException e) {
            this.sessionUserMap.remove(sessionId);
            throw e;
        }
    }
}
