package org.apache.clerezza.rdf.core.access.security;

import java.security.AccessControlException;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.Permission;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.concurrent.locks.Lock;
import org.apache.clerezza.rdf.core.BNode;
import org.apache.clerezza.rdf.core.LiteralFactory;
import org.apache.clerezza.rdf.core.NonLiteral;
import org.apache.clerezza.rdf.core.Triple;
import org.apache.clerezza.rdf.core.TypedLiteral;
import org.apache.clerezza.rdf.core.UriRef;
import org.apache.clerezza.rdf.core.access.LockableMGraph;
import org.apache.clerezza.rdf.core.access.NoSuchEntityException;
import org.apache.clerezza.rdf.core.access.TcManager;
import org.apache.clerezza.rdf.core.impl.TripleImpl;
import org.apache.clerezza.utils.security.PermissionParser;

/* loaded from: input_file:bundles/startlevel-4/org/apache/clerezza/rdf.core/0.12-incubating/rdf.core-0.12-incubating.jar:org/apache/clerezza/rdf/core/access/security/TcAccessController.class */
public class TcAccessController {
    private final TcManager tcManager;
    public static final UriRef first = new UriRef("http://www.w3.org/1999/02/22-rdf-syntax-ns#first");
    public static final UriRef rest = new UriRef("http://www.w3.org/1999/02/22-rdf-syntax-ns#rest");
    public static final UriRef rdfNil = new UriRef("http://www.w3.org/1999/02/22-rdf-syntax-ns#nil");
    private final UriRef permissionGraphName = new UriRef("urn:x-localinstance:/graph-access.graph");
    private String ontologyNamespace = "http://clerezza.apache.org/2010/07/10/graphpermssions#";
    private final UriRef readPermissionListProperty = new UriRef(this.ontologyNamespace + "readPermissionList");
    private final UriRef readWritePermissionListProperty = new UriRef(this.ontologyNamespace + "readWritePermissionList");
    private final Map<UriRef, Collection<Permission>> readPermissionCache = Collections.synchronizedMap(new HashMap());
    private final Map<UriRef, Collection<Permission>> readWritePermissionCache = Collections.synchronizedMap(new HashMap());

    public TcAccessController(TcManager tcManager) {
        this.tcManager = tcManager;
    }

    public void checkReadPermission(UriRef uriRef) {
        if (uriRef.equals(this.permissionGraphName) || System.getSecurityManager() == null) {
            return;
        }
        try {
            AccessController.checkPermission(new AllPermission());
        } catch (AccessControlException e) {
            Collection<Permission> requiredReadPermissions = getRequiredReadPermissions(uriRef);
            if (requiredReadPermissions.size() <= 0) {
                AccessController.checkPermission(new TcPermission(uriRef.getUnicodeString(), "read"));
                return;
            }
            Iterator<Permission> it = requiredReadPermissions.iterator();
            while (it.hasNext()) {
                AccessController.checkPermission(it.next());
            }
        }
    }

    public void checkReadWritePermission(UriRef uriRef) {
        if (System.getSecurityManager() != null) {
            try {
                AccessController.checkPermission(new AllPermission());
            } catch (AccessControlException e) {
                if (uriRef.equals(this.permissionGraphName)) {
                    AccessController.checkPermission(new TcPermission(uriRef.getUnicodeString(), TcPermission.READWRITE));
                    return;
                }
                Collection<Permission> requiredReadWritePermissions = getRequiredReadWritePermissions(uriRef);
                if (requiredReadWritePermissions.size() <= 0) {
                    AccessController.checkPermission(new TcPermission(uriRef.getUnicodeString(), TcPermission.READWRITE));
                    return;
                }
                Iterator<Permission> it = requiredReadWritePermissions.iterator();
                while (it.hasNext()) {
                    AccessController.checkPermission(it.next());
                }
            }
        }
    }

    public void setRequiredReadPermissionStrings(UriRef uriRef, Collection<String> collection) {
        this.readPermissionCache.remove(uriRef);
        LockableMGraph orCreatePermisionGraph = getOrCreatePermisionGraph();
        Lock writeLock = orCreatePermisionGraph.getLock().writeLock();
        writeLock.lock();
        try {
            removeExistingRequiredReadPermissions(uriRef, orCreatePermisionGraph);
            orCreatePermisionGraph.add(new TripleImpl(uriRef, this.readPermissionListProperty, createList(collection.iterator(), orCreatePermisionGraph)));
            writeLock.unlock();
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    public void setRequiredReadPermissions(UriRef uriRef, Collection<Permission> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().toString());
        }
        setRequiredReadPermissionStrings(uriRef, arrayList);
    }

    public void setRequiredReadWritePermissionStrings(UriRef uriRef, Collection<String> collection) {
        this.readWritePermissionCache.remove(uriRef);
        LockableMGraph orCreatePermisionGraph = getOrCreatePermisionGraph();
        Lock writeLock = orCreatePermisionGraph.getLock().writeLock();
        writeLock.lock();
        try {
            removeExistingRequiredReadPermissions(uriRef, orCreatePermisionGraph);
            orCreatePermisionGraph.add(new TripleImpl(uriRef, this.readWritePermissionListProperty, createList(collection.iterator(), orCreatePermisionGraph)));
            writeLock.unlock();
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    public void setRequiredReadWritePermissions(UriRef uriRef, Collection<Permission> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().toString());
        }
        setRequiredReadWritePermissionStrings(uriRef, arrayList);
    }

    public Collection<Permission> getRequiredReadPermissions(UriRef uriRef) {
        Collection<Permission> collection = this.readPermissionCache.get(uriRef);
        if (collection == null) {
            collection = new ArrayList();
            Iterator<String> it = getRequiredReadPermissionStrings(uriRef).iterator();
            while (it.hasNext()) {
                collection.add(PermissionParser.getPermission(it.next(), getClass().getClassLoader()));
            }
            this.readPermissionCache.put(uriRef, collection);
        }
        return collection;
    }

    public Collection<Permission> getRequiredReadWritePermissions(UriRef uriRef) {
        Collection<Permission> collection = this.readWritePermissionCache.get(uriRef);
        if (collection == null) {
            collection = new ArrayList();
            Iterator<String> it = getRequiredReadWritePermissionStrings(uriRef).iterator();
            while (it.hasNext()) {
                collection.add(PermissionParser.getPermission(it.next(), getClass().getClassLoader()));
            }
            this.readWritePermissionCache.put(uriRef, collection);
        }
        return collection;
    }

    private NonLiteral createList(Iterator<String> it, LockableMGraph lockableMGraph) {
        if (!it.hasNext()) {
            return rdfNil;
        }
        BNode bNode = new BNode();
        lockableMGraph.add(new TripleImpl(bNode, first, LiteralFactory.getInstance().createTypedLiteral(it.next())));
        lockableMGraph.add(new TripleImpl(bNode, rest, createList(it, lockableMGraph)));
        return bNode;
    }

    private void removeExistingRequiredReadPermissions(UriRef uriRef, LockableMGraph lockableMGraph) {
        try {
            Triple next = lockableMGraph.filter(uriRef, this.readPermissionListProperty, null).next();
            removeList((NonLiteral) next.getObject(), lockableMGraph);
            lockableMGraph.remove(next);
        } catch (NoSuchElementException e) {
        }
    }

    private void removeList(NonLiteral nonLiteral, LockableMGraph lockableMGraph) {
        try {
            Triple next = lockableMGraph.filter(nonLiteral, rest, null).next();
            removeList((NonLiteral) next.getObject(), lockableMGraph);
            lockableMGraph.remove(next);
            Iterator<Triple> filter = lockableMGraph.filter(nonLiteral, first, null);
            filter.next();
            filter.remove();
        } catch (NoSuchElementException e) {
        }
    }

    private Collection<String> getRequiredReadWritePermissionStrings(UriRef uriRef) {
        return getRequiredPermissionStrings(uriRef, this.readWritePermissionListProperty);
    }

    private Collection<String> getRequiredReadPermissionStrings(UriRef uriRef) {
        return getRequiredPermissionStrings(uriRef, this.readPermissionListProperty);
    }

    private Collection<String> getRequiredPermissionStrings(UriRef uriRef, UriRef uriRef2) {
        try {
            LockableMGraph mGraph = this.tcManager.getMGraph(this.permissionGraphName);
            Lock readLock = mGraph.getLock().readLock();
            readLock.lock();
            try {
                try {
                    NonLiteral nonLiteral = (NonLiteral) mGraph.filter(uriRef, uriRef2, null).next().getObject();
                    LinkedList<String> linkedList = new LinkedList<>();
                    readList(nonLiteral, mGraph, linkedList);
                    readLock.unlock();
                    return linkedList;
                } catch (NoSuchElementException e) {
                    ArrayList arrayList = new ArrayList(0);
                    readLock.unlock();
                    return arrayList;
                }
            } catch (Throwable th) {
                readLock.unlock();
                throw th;
            }
        } catch (NoSuchEntityException e2) {
            return new ArrayList(0);
        }
    }

    private void readList(NonLiteral nonLiteral, LockableMGraph lockableMGraph, LinkedList<String> linkedList) {
        if (nonLiteral.equals(rdfNil)) {
            return;
        }
        readList((NonLiteral) lockableMGraph.filter(nonLiteral, rest, null).next().getObject(), lockableMGraph, linkedList);
        linkedList.addFirst((String) LiteralFactory.getInstance().createObject(String.class, (TypedLiteral) lockableMGraph.filter(nonLiteral, first, null).next().getObject()));
    }

    private LockableMGraph getOrCreatePermisionGraph() {
        try {
            return this.tcManager.getMGraph(this.permissionGraphName);
        } catch (NoSuchEntityException e) {
            return this.tcManager.mo1110createMGraph(this.permissionGraphName);
        }
    }
}
