package ru.ydn.wicket.wicketorientdb.security;

import com.orientechnologies.orient.core.db.ODatabaseRecordThreadLocal;
import com.orientechnologies.orient.core.metadata.schema.OClass;
import com.orientechnologies.orient.core.metadata.security.ORestrictedAccessHook;
import com.orientechnologies.orient.core.metadata.security.ORule;
import com.orientechnologies.orient.core.record.impl.ODocument;
import java.lang.annotation.Annotation;
import java.util.HashMap;
import java.util.Map;
import org.apache.wicket.Component;
import org.apache.wicket.authorization.Action;
import org.apache.wicket.util.string.Strings;
import ru.ydn.wicket.wicketorientdb.OrientDbWebSession;

/* loaded from: input_file:WEB-INF/lib/wicket-orientdb-1.2.jar:ru/ydn/wicket/wicketorientdb/security/OSecurityHelper.class */
public class OSecurityHelper {
    public static final String FUNCTION = "FUNCTION";
    public static final String CLASS = "CLASS";
    public static final String CLUSTER = "CLUSTER";
    public static final String BYPASS_RESTRICTED = "BYPASS_RESTRICTED";
    public static final String DATABASE = "DATABASE";
    public static final String SCHEMA = "SCHEMA";
    public static final String COMMAND = "COMMAND";
    public static final String COMMAND_GREMLIN = "COMMAND_GREMLIN";
    public static final String RECORD_HOOK = "RECORD_HOOK";
    public static final String SYSTEM_CLUSTERS = "SYSTEM_CLUSTERS";
    private static final Map<OrientPermission, String> MAPPING_FOR_HACK = new HashMap();

    /* loaded from: input_file:WEB-INF/lib/wicket-orientdb-1.2.jar:ru/ydn/wicket/wicketorientdb/security/OSecurityHelper$AccessToIsAllowedInRestrictedAccessHook.class */
    private static class AccessToIsAllowedInRestrictedAccessHook extends ORestrictedAccessHook {
        public static final AccessToIsAllowedInRestrictedAccessHook INSTANCE = new AccessToIsAllowedInRestrictedAccessHook();

        public AccessToIsAllowedInRestrictedAccessHook() {
            super(ODatabaseRecordThreadLocal.INSTANCE.get());
        }

        public boolean isAllowed(ODocument oDocument, String str, boolean z) {
            this.database = ODatabaseRecordThreadLocal.INSTANCE.get();
            return super.isAllowed(oDocument, str, z);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/wicket-orientdb-1.2.jar:ru/ydn/wicket/wicketorientdb/security/OSecurityHelper$RequiredOrientResourceImpl.class */
    public static class RequiredOrientResourceImpl implements RequiredOrientResource {
        private final String value;
        private final String specific;
        private final OrientPermission[] permissions;
        private final String action;

        public RequiredOrientResourceImpl(String str, String str2, Action action, OrientPermission[] orientPermissionArr) {
            this.value = str;
            this.specific = str2;
            this.action = action != null ? action.getName() : Action.RENDER;
            this.permissions = orientPermissionArr;
        }

        @Override // java.lang.annotation.Annotation
        public Class<? extends Annotation> annotationType() {
            return RequiredOrientResource.class;
        }

        @Override // ru.ydn.wicket.wicketorientdb.security.RequiredOrientResource
        public String value() {
            return this.value;
        }

        @Override // ru.ydn.wicket.wicketorientdb.security.RequiredOrientResource
        public String specific() {
            return this.specific;
        }

        @Override // ru.ydn.wicket.wicketorientdb.security.RequiredOrientResource
        public OrientPermission[] permissions() {
            return this.permissions;
        }

        @Override // ru.ydn.wicket.wicketorientdb.security.RequiredOrientResource
        public String action() {
            return this.action;
        }
    }

    private OSecurityHelper() {
    }

    public static RequiredOrientResource[] requireOClass(OClass oClass, OrientPermission... orientPermissionArr) {
        return requireOClass(oClass.getName(), orientPermissionArr);
    }

    public static RequiredOrientResource[] requireOClass(String str, OrientPermission... orientPermissionArr) {
        return requireResource(ORule.ResourceGeneric.CLASS, str, orientPermissionArr);
    }

    public static RequiredOrientResource[] requireResource(ORule.ResourceGeneric resourceGeneric, String str, OrientPermission... orientPermissionArr) {
        return requireResource(resourceGeneric, str, null, orientPermissionArr);
    }

    public static RequiredOrientResource[] requireOClass(OClass oClass, Action action, OrientPermission... orientPermissionArr) {
        return oClass != null ? requireOClass(oClass.getName(), action, orientPermissionArr) : new RequiredOrientResource[0];
    }

    public static RequiredOrientResource[] requireOClass(String str, Action action, OrientPermission... orientPermissionArr) {
        return str != null ? requireResource(ORule.ResourceGeneric.CLASS, str, action, orientPermissionArr) : new RequiredOrientResource[0];
    }

    public static RequiredOrientResource[] requireResource(ORule.ResourceGeneric resourceGeneric, String str, Action action, OrientPermission... orientPermissionArr) {
        return new RequiredOrientResource[]{new RequiredOrientResourceImpl(resourceGeneric.getName(), str, action, orientPermissionArr)};
    }

    public static boolean isAllowed(ODocument oDocument, OrientPermission... orientPermissionArr) {
        if (!isAllowed(oDocument.getSchemaClass(), orientPermissionArr)) {
            return false;
        }
        for (OrientPermission orientPermission : orientPermissionArr) {
            String str = MAPPING_FOR_HACK.get(orientPermission);
            if (str != null && !AccessToIsAllowedInRestrictedAccessHook.INSTANCE.isAllowed(oDocument, str, false)) {
                return false;
            }
        }
        return true;
    }

    public static boolean isAllowed(OClass oClass, OrientPermission... orientPermissionArr) {
        return isAllowed(ORule.ResourceGeneric.CLASS, oClass.getName(), orientPermissionArr);
    }

    public static boolean isAllowed(ORule.ResourceGeneric resourceGeneric, String str, OrientPermission... orientPermissionArr) {
        return OrientDbWebSession.get().getEffectiveUser().checkIfAllowed(resourceGeneric, str, OrientPermission.combinedPermission(orientPermissionArr)) != null;
    }

    public static <T extends Component> T secureComponent(T t, RequiredOrientResource... requiredOrientResourceArr) {
        return (T) secureComponent(t, toSecureMap(requiredOrientResourceArr));
    }

    public static <T extends Component> T secureComponent(T t, HashMap<String, OrientPermission[]> hashMap) {
        t.setMetaData(OrientPermission.REQUIRED_ORIENT_RESOURCES_KEY, hashMap);
        return t;
    }

    public static HashMap<String, OrientPermission[]> toSecureMap(RequiredOrientResource... requiredOrientResourceArr) {
        HashMap<String, OrientPermission[]> hashMap = new HashMap<>();
        for (RequiredOrientResource requiredOrientResource : requiredOrientResourceArr) {
            String value = requiredOrientResource.value();
            String specific = requiredOrientResource.specific();
            String action = requiredOrientResource.action();
            if (!Strings.isEmpty(specific)) {
                value = value + "." + specific;
            }
            if (!Strings.isEmpty(action)) {
                value = value + ":" + action;
            }
            hashMap.put(value, requiredOrientResource.permissions());
        }
        return hashMap;
    }

    public static ORule.ResourceGeneric getResourceGeneric(String str) {
        String beforeFirst = Strings.beforeFirst(str, '.');
        if (Strings.isEmpty(beforeFirst)) {
            beforeFirst = str;
        }
        ORule.ResourceGeneric valueOf = ORule.ResourceGeneric.valueOf(beforeFirst);
        if (valueOf == null) {
            valueOf = ORule.mapLegacyResourceToGenericResource(str);
        }
        return valueOf;
    }

    public static String getResourceSpecific(String str) {
        String afterFirst = getResourceGeneric(str) != null ? Strings.afterFirst(str, '.') : str;
        if (Strings.isEmpty(afterFirst)) {
            return null;
        }
        return afterFirst;
    }

    static {
        MAPPING_FOR_HACK.put(OrientPermission.READ, "_allowRead");
        MAPPING_FOR_HACK.put(OrientPermission.UPDATE, "_allowUpdate");
        MAPPING_FOR_HACK.put(OrientPermission.DELETE, "_allowDelete");
    }
}
