package org.apache.stanbol.commons.security;

import java.security.AccessController;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.clerezza.platform.config.SystemConfig;
import org.apache.clerezza.rdf.core.BNode;
import org.apache.clerezza.rdf.core.MGraph;
import org.apache.clerezza.rdf.core.NonLiteral;
import org.apache.clerezza.rdf.core.Triple;
import org.apache.clerezza.rdf.core.UriRef;
import org.apache.clerezza.rdf.core.impl.PlainLiteralImpl;
import org.apache.clerezza.rdf.ontologies.PERMISSION;
import org.apache.clerezza.rdf.ontologies.PLATFORM;
import org.apache.clerezza.rdf.ontologies.RDF;
import org.apache.clerezza.rdf.ontologies.SIOC;
import org.apache.clerezza.utils.security.PermissionParser;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.felix.scr.annotations.Service;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service({UserAwarePolicy.class})
@Component
@Reference(name = "webIdPermissionProvider", cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC, referenceInterface = WebIdBasedPermissionProvider.class)
/* loaded from: input_file:resources/bundles/25/org.apache.stanbol.commons.security.core-1.0.0.jar:org/apache/stanbol/commons/security/UserAwarePolicy.class */
public class UserAwarePolicy extends Policy {

    @Reference(target = SystemConfig.SYSTEM_GRAPH_FILTER)
    private MGraph systemGraph;
    final Logger logger = LoggerFactory.getLogger(UserAwarePolicy.class);
    private Map<String, Permission> permissionMap = new HashMap();
    private UserPermissionsCache cache = new UserPermissionsCache();
    private final Set<WebIdBasedPermissionProvider> permissionProviders = Collections.synchronizedSet(new HashSet());
    private Policy originalPolicy = Policy.getPolicy();

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        PermissionCollection permissions;
        if (protectionDomain.getPrincipals().length > 0) {
            Principal principal = protectionDomain.getPrincipals()[0];
            PermissionCollection cachedUserPermissions = this.cache.getCachedUserPermissions(principal);
            if (cachedUserPermissions != null) {
                return cachedUserPermissions;
            }
            permissions = getUserPermissionsFromSystemGraph(principal);
            this.cache.cacheUserPermissions(principal, permissions);
        } else {
            permissions = this.originalPolicy.getPermissions(protectionDomain);
        }
        return permissions;
    }

    @Override // java.security.Policy
    public void refresh() {
        this.cache.clear();
    }

    private PermissionCollection getUserPermissionsFromSystemGraph(final Principal principal) throws IllegalArgumentException, SecurityException, UserUnregisteredException {
        final Permissions permissions = new Permissions();
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.apache.stanbol.commons.security.UserAwarePolicy.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                UserAwarePolicy.this.logger.debug("Get permissions for user " + principal.getName());
                for (String str : UserAwarePolicy.this.getAllPermissionsOfAUserByName(principal.getName())) {
                    UserAwarePolicy.this.logger.debug("Add permission {}", str);
                    Permission permission = (Permission) UserAwarePolicy.this.permissionMap.get(str);
                    if (permission == null) {
                        try {
                            permission = PermissionParser.getPermission(str, getClass().getClassLoader());
                        } catch (IllegalArgumentException e) {
                            UserAwarePolicy.this.logger.error("parsing " + str, (Throwable) e);
                        } catch (RuntimeException e2) {
                            UserAwarePolicy.this.logger.error("instantiating " + str, (Throwable) e2);
                        }
                    }
                    permissions.add(permission);
                }
                return null;
            }
        });
        return permissions;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<String> getAllPermissionsOfAUserByName(String str) throws UserUnregisteredException {
        NonLiteral userByName = getUserByName(str);
        List<String> permissionEntriesOfAUser = getPermissionEntriesOfAUser(userByName, str);
        Iterator<Triple> filter = this.systemGraph.filter(userByName, SIOC.has_function, null);
        while (filter.hasNext()) {
            permissionEntriesOfAUser.addAll(getPermissionEntriesOfARole((NonLiteral) filter.next().getObject(), str, userByName));
        }
        Iterator<NonLiteral> resourcesOfType = getResourcesOfType(PERMISSION.BaseRole);
        while (resourcesOfType.hasNext()) {
            permissionEntriesOfAUser.addAll(getPermissionEntriesOfARole(resourcesOfType.next(), str, userByName));
        }
        return permissionEntriesOfAUser;
    }

    private NonLiteral getUserByName(String str) throws UserUnregisteredException {
        Iterator<Triple> filter = this.systemGraph.filter(null, PLATFORM.userName, new PlainLiteralImpl(str));
        if (filter.hasNext()) {
            return filter.next().getSubject();
        }
        throw new UserUnregisteredException(str);
    }

    private List<String> getPermissionEntriesOfAUser(NonLiteral nonLiteral, String str) {
        List<String> permissionEntriesOfARole = getPermissionEntriesOfARole(nonLiteral, str, nonLiteral);
        if (nonLiteral instanceof UriRef) {
            synchronized (this.permissionProviders) {
                Iterator<WebIdBasedPermissionProvider> it = this.permissionProviders.iterator();
                while (it.hasNext()) {
                    permissionEntriesOfARole.addAll(it.next().getPermissions((UriRef) nonLiteral));
                }
            }
        }
        return permissionEntriesOfARole;
    }

    private List<String> getPermissionEntriesOfARole(NonLiteral nonLiteral, String str, NonLiteral nonLiteral2) {
        ArrayList arrayList = new ArrayList();
        Iterator<Triple> filter = this.systemGraph.filter(nonLiteral, PERMISSION.hasPermission, null);
        while (filter.hasNext()) {
            Iterator<Triple> filter2 = this.systemGraph.filter((BNode) filter.next().getObject(), PERMISSION.javaPermissionEntry, null);
            if (filter2.hasNext()) {
                String lexicalForm = ((PlainLiteralImpl) filter2.next().getObject()).getLexicalForm();
                if (lexicalForm.contains("{username}")) {
                    lexicalForm = lexicalForm.replace("{username}", str);
                }
                arrayList.add(lexicalForm);
            }
        }
        return arrayList;
    }

    private Iterator<NonLiteral> getResourcesOfType(UriRef uriRef) {
        final Iterator<Triple> filter = this.systemGraph.filter(null, RDF.type, uriRef);
        return new Iterator<NonLiteral>() { // from class: org.apache.stanbol.commons.security.UserAwarePolicy.2
            @Override // java.util.Iterator
            public boolean hasNext() {
                return filter.hasNext();
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.Iterator
            public NonLiteral next() {
                return ((Triple) filter.next()).getSubject();
            }

            @Override // java.util.Iterator
            public void remove() {
                throw new UnsupportedOperationException("Not supported yet.");
            }
        };
    }

    protected void bindWebIdPermissionProvider(WebIdBasedPermissionProvider webIdBasedPermissionProvider) {
        this.permissionProviders.add(webIdBasedPermissionProvider);
        refresh();
    }

    protected void unbindWebIdPermissionProvider(WebIdBasedPermissionProvider webIdBasedPermissionProvider) {
        this.permissionProviders.remove(webIdBasedPermissionProvider);
        refresh();
    }

    protected void bindSystemGraph(MGraph mGraph) {
        this.systemGraph = mGraph;
    }

    protected void unbindSystemGraph(MGraph mGraph) {
        if (this.systemGraph == mGraph) {
            this.systemGraph = null;
        }
    }
}
