package org.apache.clerezza.rdf.core.access.security;

import java.security.AccessControlException;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.Permission;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.concurrent.locks.Lock;
import org.apache.clerezza.commons.rdf.BlankNode;
import org.apache.clerezza.commons.rdf.BlankNodeOrIRI;
import org.apache.clerezza.commons.rdf.Graph;
import org.apache.clerezza.commons.rdf.IRI;
import org.apache.clerezza.commons.rdf.RDFTerm;
import org.apache.clerezza.commons.rdf.Triple;
import org.apache.clerezza.commons.rdf.impl.utils.TripleImpl;
import org.apache.clerezza.rdf.core.LiteralFactory;
import org.apache.clerezza.rdf.core.access.NoSuchEntityException;
import org.apache.clerezza.rdf.core.access.TcManager;
import org.apache.clerezza.utils.security.PermissionParser;

/* loaded from: input_file:org/apache/clerezza/rdf/core/access/security/TcAccessController.class */
public abstract class TcAccessController {
    public static final IRI first = new IRI("http://www.w3.org/1999/02/22-rdf-syntax-ns#first");
    public static final IRI rest = new IRI("http://www.w3.org/1999/02/22-rdf-syntax-ns#rest");
    public static final IRI rdfNil = new IRI("http://www.w3.org/1999/02/22-rdf-syntax-ns#nil");
    private final IRI permissionGraphName = new IRI("urn:x-localinstance:/graph-access.graph");
    private String ontologyNamespace = "http://clerezza.apache.org/2010/07/10/graphpermssions#";
    private final IRI readPermissionListProperty = new IRI(this.ontologyNamespace + "readPermissionList");
    private final IRI readWritePermissionListProperty = new IRI(this.ontologyNamespace + "readWritePermissionList");
    private final Map<IRI, Collection<Permission>> readPermissionCache = Collections.synchronizedMap(new HashMap());
    private final Map<IRI, Collection<Permission>> readWritePermissionCache = Collections.synchronizedMap(new HashMap());
    private final TcManager tcManager = getTcManager();

    public void checkReadPermission(IRI iri) {
        if (iri.equals(this.permissionGraphName) || System.getSecurityManager() == null) {
            return;
        }
        try {
            AccessController.checkPermission(new AllPermission());
        } catch (AccessControlException e) {
            Collection<Permission> requiredReadPermissions = getRequiredReadPermissions(iri);
            if (requiredReadPermissions.size() <= 0) {
                AccessController.checkPermission(new TcPermission(iri.getUnicodeString(), TcPermission.READ));
                return;
            }
            Iterator<Permission> it = requiredReadPermissions.iterator();
            while (it.hasNext()) {
                AccessController.checkPermission(it.next());
            }
        }
    }

    public void checkReadWritePermission(IRI iri) {
        if (System.getSecurityManager() != null) {
            try {
                AccessController.checkPermission(new AllPermission());
            } catch (AccessControlException e) {
                if (iri.equals(this.permissionGraphName)) {
                    AccessController.checkPermission(new TcPermission(iri.getUnicodeString(), TcPermission.READWRITE));
                    return;
                }
                Collection<Permission> requiredReadWritePermissions = getRequiredReadWritePermissions(iri);
                if (requiredReadWritePermissions.size() <= 0) {
                    AccessController.checkPermission(new TcPermission(iri.getUnicodeString(), TcPermission.READWRITE));
                    return;
                }
                Iterator<Permission> it = requiredReadWritePermissions.iterator();
                while (it.hasNext()) {
                    AccessController.checkPermission(it.next());
                }
            }
        }
    }

    public void setRequiredReadPermissionStrings(IRI iri, Collection<String> collection) {
        this.readPermissionCache.remove(iri);
        Graph orCreatePermisionGraph = getOrCreatePermisionGraph();
        Lock writeLock = orCreatePermisionGraph.getLock().writeLock();
        writeLock.lock();
        try {
            removeExistingRequiredReadPermissions(iri, orCreatePermisionGraph);
            orCreatePermisionGraph.add(new TripleImpl(iri, this.readPermissionListProperty, createList(collection.iterator(), orCreatePermisionGraph)));
            writeLock.unlock();
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    public void setRequiredReadPermissions(IRI iri, Collection<Permission> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().toString());
        }
        setRequiredReadPermissionStrings(iri, arrayList);
    }

    public void setRequiredReadWritePermissionStrings(IRI iri, Collection<String> collection) {
        this.readWritePermissionCache.remove(iri);
        Graph orCreatePermisionGraph = getOrCreatePermisionGraph();
        Lock writeLock = orCreatePermisionGraph.getLock().writeLock();
        writeLock.lock();
        try {
            removeExistingRequiredReadPermissions(iri, orCreatePermisionGraph);
            orCreatePermisionGraph.add(new TripleImpl(iri, this.readWritePermissionListProperty, createList(collection.iterator(), orCreatePermisionGraph)));
            writeLock.unlock();
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    public void setRequiredReadWritePermissions(IRI iri, Collection<Permission> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().toString());
        }
        setRequiredReadWritePermissionStrings(iri, arrayList);
    }

    public Collection<Permission> getRequiredReadPermissions(IRI iri) {
        Collection<Permission> collection = this.readPermissionCache.get(iri);
        if (collection == null) {
            collection = new ArrayList();
            Iterator<String> it = getRequiredReadPermissionStrings(iri).iterator();
            while (it.hasNext()) {
                collection.add(PermissionParser.getPermission(it.next(), getClass().getClassLoader()));
            }
            this.readPermissionCache.put(iri, collection);
        }
        return collection;
    }

    public Collection<Permission> getRequiredReadWritePermissions(IRI iri) {
        Collection<Permission> collection = this.readWritePermissionCache.get(iri);
        if (collection == null) {
            collection = new ArrayList();
            Iterator<String> it = getRequiredReadWritePermissionStrings(iri).iterator();
            while (it.hasNext()) {
                collection.add(PermissionParser.getPermission(it.next(), getClass().getClassLoader()));
            }
            this.readWritePermissionCache.put(iri, collection);
        }
        return collection;
    }

    private BlankNodeOrIRI createList(Iterator<String> it, Graph graph) {
        if (!it.hasNext()) {
            return rdfNil;
        }
        BlankNode blankNode = new BlankNode();
        graph.add(new TripleImpl(blankNode, first, LiteralFactory.getInstance().createTypedLiteral(it.next())));
        graph.add(new TripleImpl(blankNode, rest, createList(it, graph)));
        return blankNode;
    }

    private void removeExistingRequiredReadPermissions(IRI iri, Graph graph) {
        try {
            Triple triple = (Triple) graph.filter(iri, this.readPermissionListProperty, (RDFTerm) null).next();
            removeList((BlankNodeOrIRI) triple.getObject(), graph);
            graph.remove(triple);
        } catch (NoSuchElementException e) {
        }
    }

    private void removeList(BlankNodeOrIRI blankNodeOrIRI, Graph graph) {
        try {
            Triple triple = (Triple) graph.filter(blankNodeOrIRI, rest, (RDFTerm) null).next();
            removeList((BlankNodeOrIRI) triple.getObject(), graph);
            graph.remove(triple);
            Iterator filter = graph.filter(blankNodeOrIRI, first, (RDFTerm) null);
            filter.next();
            filter.remove();
        } catch (NoSuchElementException e) {
        }
    }

    private Collection<String> getRequiredReadWritePermissionStrings(IRI iri) {
        return getRequiredPermissionStrings(iri, this.readWritePermissionListProperty);
    }

    private Collection<String> getRequiredReadPermissionStrings(IRI iri) {
        return getRequiredPermissionStrings(iri, this.readPermissionListProperty);
    }

    private Collection<String> getRequiredPermissionStrings(IRI iri, IRI iri2) {
        try {
            Graph mGraph = this.tcManager.getMGraph(this.permissionGraphName);
            Lock readLock = mGraph.getLock().readLock();
            readLock.lock();
            try {
                try {
                    BlankNodeOrIRI blankNodeOrIRI = (BlankNodeOrIRI) ((Triple) mGraph.filter(iri, iri2, (RDFTerm) null).next()).getObject();
                    LinkedList<String> linkedList = new LinkedList<>();
                    readList(blankNodeOrIRI, mGraph, linkedList);
                    readLock.unlock();
                    return linkedList;
                } catch (NoSuchElementException e) {
                    ArrayList arrayList = new ArrayList(0);
                    readLock.unlock();
                    return arrayList;
                }
            } catch (Throwable th) {
                readLock.unlock();
                throw th;
            }
        } catch (NoSuchEntityException e2) {
            return new ArrayList(0);
        }
    }

    private void readList(BlankNodeOrIRI blankNodeOrIRI, Graph graph, LinkedList<String> linkedList) {
        if (blankNodeOrIRI.equals(rdfNil)) {
            return;
        }
        readList((BlankNodeOrIRI) ((Triple) graph.filter(blankNodeOrIRI, rest, (RDFTerm) null).next()).getObject(), graph, linkedList);
        linkedList.addFirst((String) LiteralFactory.getInstance().createObject(String.class, ((Triple) graph.filter(blankNodeOrIRI, first, (RDFTerm) null).next()).getObject()));
    }

    private Graph getOrCreatePermisionGraph() {
        try {
            return this.tcManager.getMGraph(this.permissionGraphName);
        } catch (NoSuchEntityException e) {
            return this.tcManager.createGraph(this.permissionGraphName);
        }
    }

    protected abstract TcManager getTcManager();
}
