package org.eclipse.emf.emfstore.internal.server.accesscontrol;

import java.util.ArrayList;
import java.util.EnumMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.eclipse.emf.ecore.EObject;
import org.eclipse.emf.emfstore.internal.common.model.util.ModelUtil;
import org.eclipse.emf.emfstore.internal.server.ServerConfiguration;
import org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.ACUserContainer;
import org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.AuthenticationControlType;
import org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.factory.AuthenticationControlFactory;
import org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.AbstractAuthenticationControl;
import org.eclipse.emf.emfstore.internal.server.core.MethodInvocation;
import org.eclipse.emf.emfstore.internal.server.core.MonitorProvider;
import org.eclipse.emf.emfstore.internal.server.core.helper.EmfStoreMethod;
import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
import org.eclipse.emf.emfstore.internal.server.exceptions.FatalESException;
import org.eclipse.emf.emfstore.internal.server.exceptions.SessionTimedOutException;
import org.eclipse.emf.emfstore.internal.server.model.AuthenticationInformation;
import org.eclipse.emf.emfstore.internal.server.model.ClientVersionInfo;
import org.eclipse.emf.emfstore.internal.server.model.ProjectId;
import org.eclipse.emf.emfstore.internal.server.model.SessionId;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACGroup;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACOrgUnit;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACOrgUnitId;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.ProjectAdminRole;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.Role;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.ServerAdmin;
import org.eclipse.emf.emfstore.internal.server.model.dao.ACDAOFacade;
import org.eclipse.emf.emfstore.internal.server.startup.EmfStoreValidator;

/* loaded from: input_file:org/eclipse/emf/emfstore/internal/server/accesscontrol/AccessControlImpl.class */
public class AccessControlImpl implements AccessControl {
    private static final String MONITOR_NAME = "authentication";
    private final Map<SessionId, ACUserContainer> sessionUserMap = new LinkedHashMap();
    private EnumMap<EmfStoreMethod.MethodId, AccessLevel> accessMap;
    private AbstractAuthenticationControl authenticationControl;
    private final ACDAOFacade daoFacade;
    private static /* synthetic */ int[] $SWITCH_TABLE$org$eclipse$emf$emfstore$internal$server$accesscontrol$AccessControlImpl$AccessLevel;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/emf/emfstore/internal/server/accesscontrol/AccessControlImpl$AccessLevel.class */
    public enum AccessLevel {
        PROJECT_READ,
        PROJECT_WRITE,
        PROJECT_ADMIN,
        SERVER_ADMIN,
        NONE;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static AccessLevel[] valuesCustom() {
            AccessLevel[] valuesCustom = values();
            int length = valuesCustom.length;
            AccessLevel[] accessLevelArr = new AccessLevel[length];
            System.arraycopy(valuesCustom, 0, accessLevelArr, 0, length);
            return accessLevelArr;
        }
    }

    public AccessControlImpl(ACDAOFacade aCDAOFacade) throws FatalESException {
        this.daoFacade = aCDAOFacade;
        AuthenticationControlType authenticationControlType = ServerConfiguration.AUTHENTICATION_POLICY_DEFAULT;
        String property = ServerConfiguration.getProperties().getProperty(ServerConfiguration.AUTHENTICATION_POLICY);
        this.authenticationControl = AuthenticationControlFactory.INSTANCE.createAuthenticationControl(property != null ? AuthenticationControlType.valueOf(property) : authenticationControlType);
    }

    private void initAccessMap() {
        if (this.accessMap != null) {
            return;
        }
        this.accessMap = new EnumMap<>(EmfStoreMethod.MethodId.class);
        addAccessMapping(AccessLevel.PROJECT_READ, EmfStoreMethod.MethodId.GETPROJECT, EmfStoreMethod.MethodId.GETEMFPROPERTIES, EmfStoreMethod.MethodId.GETHISTORYINFO, EmfStoreMethod.MethodId.GETCHANGES, EmfStoreMethod.MethodId.RESOLVEVERSIONSPEC, EmfStoreMethod.MethodId.DOWNLOADFILECHUNK);
        addAccessMapping(AccessLevel.PROJECT_WRITE, EmfStoreMethod.MethodId.SETEMFPROPERTIES, EmfStoreMethod.MethodId.TRANSMITPROPERTY, EmfStoreMethod.MethodId.UPLOADFILECHUNK, EmfStoreMethod.MethodId.CREATEVERSION, EmfStoreMethod.MethodId.GETBRANCHES);
        addAccessMapping(AccessLevel.PROJECT_ADMIN, EmfStoreMethod.MethodId.DELETEPROJECT, EmfStoreMethod.MethodId.REMOVETAG, EmfStoreMethod.MethodId.ADDTAG);
        addAccessMapping(AccessLevel.SERVER_ADMIN, EmfStoreMethod.MethodId.IMPORTPROJECTHISTORYTOSERVER, EmfStoreMethod.MethodId.EXPORTPROJECTHISTORYFROMSERVER, EmfStoreMethod.MethodId.REGISTEREPACKAGE);
        if (ServerConfiguration.isProjectAdminPrivileg(PAPrivileges.ShareProject)) {
            addAccessMapping(AccessLevel.PROJECT_ADMIN, EmfStoreMethod.MethodId.CREATEPROJECT, EmfStoreMethod.MethodId.CREATEEMPTYPROJECT);
        } else {
            addAccessMapping(AccessLevel.SERVER_ADMIN, EmfStoreMethod.MethodId.CREATEPROJECT, EmfStoreMethod.MethodId.CREATEEMPTYPROJECT);
        }
        addAccessMapping(AccessLevel.NONE, EmfStoreMethod.MethodId.GETPROJECTLIST, EmfStoreMethod.MethodId.RESOLVEUSER);
    }

    private void addAccessMapping(AccessLevel accessLevel, EmfStoreMethod.MethodId... methodIdArr) {
        for (EmfStoreMethod.MethodId methodId : methodIdArr) {
            this.accessMap.put((EnumMap<EmfStoreMethod.MethodId, AccessLevel>) methodId, (EmfStoreMethod.MethodId) accessLevel);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v14, types: [org.eclipse.emf.emfstore.internal.server.model.AuthenticationInformation] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    @Override // org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControl
    public AuthenticationInformation logIn(String str, String str2, ClientVersionInfo clientVersionInfo) throws AccessControlException {
        ?? monitor = MonitorProvider.getInstance().getMonitor(MONITOR_NAME);
        synchronized (monitor) {
            ACUser resolveUser = resolveUser(str);
            AuthenticationInformation logIn = this.authenticationControl.logIn(resolveUser, resolveUser.getName(), str2, clientVersionInfo);
            this.sessionUserMap.put(logIn.getSessionId(), new ACUserContainer(resolveUser));
            logIn.setResolvedACUser(resolveUser(logIn.getSessionId()));
            monitor = logIn;
        }
        return monitor;
    }

    @Override // org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControl
    public void logout(SessionId sessionId) throws AccessControlException {
        synchronized (MonitorProvider.getInstance().getMonitor(MONITOR_NAME)) {
            if (sessionId == null) {
                throw new AccessControlException(Messages.AccessControlImpl_SessionID_Is_Null);
            }
            this.sessionUserMap.remove(sessionId);
        }
    }

    /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable, java.lang.Object] */
    private ACUser resolveUser(String str) throws AccessControlException {
        Boolean valueOf = Boolean.valueOf(Boolean.parseBoolean(ServerConfiguration.getProperties().getProperty(ServerConfiguration.AUTHENTICATION_MATCH_USERS_IGNORE_CASE, Boolean.FALSE.toString())));
        synchronized (MonitorProvider.getInstance().getMonitor()) {
            for (ACUser aCUser : this.daoFacade.getUsers()) {
                if (valueOf.booleanValue()) {
                    if (aCUser.getName().equalsIgnoreCase(str)) {
                        return aCUser;
                    }
                } else if (aCUser.getName().equals(str)) {
                    return aCUser;
                }
            }
            throw new AccessControlException();
        }
    }

    @Override // org.eclipse.emf.emfstore.internal.server.accesscontrol.AuthorizationControl
    public void checkSession(SessionId sessionId) throws AccessControlException {
        if (!this.sessionUserMap.containsKey(sessionId)) {
            throw new SessionTimedOutException(Messages.AccessControlImpl_SessionID_Unknown);
        }
    }

    @Override // org.eclipse.emf.emfstore.internal.server.accesscontrol.AuthorizationControl
    public void checkWriteAccess(SessionId sessionId, ProjectId projectId, Set<EObject> set) throws AccessControlException {
        checkSession(sessionId);
        ACUser user = getUser(sessionId);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(user.getRoles());
        arrayList.addAll(getRolesFromGroups(user));
        if (!canWrite(arrayList, projectId, null)) {
            throw new AccessControlException(Messages.AccessControlImpl_Insufficient_Rights);
        }
    }

    private boolean canWrite(List<Role> list, ProjectId projectId, EObject eObject) throws AccessControlException {
        for (Role role : list) {
            if (role.canModify(projectId, eObject) || role.canCreate(projectId, eObject) || role.canDelete(projectId, eObject)) {
                return true;
            }
        }
        return false;
    }

    private boolean canRead(List<Role> list, ProjectId projectId, EObject eObject) throws AccessControlException {
        Iterator<Role> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().canRead(projectId, eObject)) {
                return true;
            }
        }
        return false;
    }

    private List<Role> getRolesFromGroups(ACOrgUnit aCOrgUnit) {
        ArrayList arrayList = new ArrayList();
        Iterator<ACGroup> it = getGroups(aCOrgUnit).iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().getRoles());
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v10, types: [java.util.List<org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACGroup>] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    private List<ACGroup> getGroups(ACOrgUnit aCOrgUnit) {
        ?? monitor = MonitorProvider.getInstance().getMonitor();
        synchronized (monitor) {
            ArrayList arrayList = new ArrayList();
            for (ACGroup aCGroup : this.daoFacade.getGroups()) {
                if (aCGroup.getMembers().contains(aCOrgUnit)) {
                    arrayList.add(aCGroup);
                    for (ACGroup aCGroup2 : getGroups(aCGroup)) {
                        if (!arrayList.contains(aCGroup2)) {
                            arrayList.add(aCGroup2);
                        }
                    }
                }
            }
            monitor = arrayList;
        }
        return monitor;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable, java.lang.Object] */
    private ACOrgUnit getOrgUnit(ACOrgUnitId aCOrgUnitId) throws AccessControlException {
        synchronized (MonitorProvider.getInstance().getMonitor()) {
            for (ACUser aCUser : this.daoFacade.getUsers()) {
                if (aCUser.getId().equals(aCOrgUnitId)) {
                    return aCUser;
                }
            }
            for (ACGroup aCGroup : this.daoFacade.getGroups()) {
                if (aCGroup.getId().equals(aCOrgUnitId)) {
                    return aCGroup;
                }
            }
            throw new AccessControlException(Messages.AccessControlImpl_Given_OrgUnit_Does_Not_Exist);
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable, java.lang.Object] */
    private ACUser getUser(ACOrgUnitId aCOrgUnitId) throws AccessControlException {
        synchronized (MonitorProvider.getInstance().getMonitor()) {
            for (ACUser aCUser : this.daoFacade.getUsers()) {
                if (aCUser.getId().equals(aCOrgUnitId)) {
                }
            }
            throw new AccessControlException(Messages.AccessControlImpl_Given_User_Does_Not_Exist);
        }
        return aCUser;
    }

    @Override // org.eclipse.emf.emfstore.internal.server.accesscontrol.AuthorizationControl
    public void checkReadAccess(SessionId sessionId, ProjectId projectId, Set<EObject> set) throws AccessControlException {
        checkSession(sessionId);
        ACUser user = getUser(sessionId);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(user.getRoles());
        arrayList.addAll(getRolesFromGroups(user));
        if (!canRead(arrayList, projectId, null)) {
            throw new AccessControlException(Messages.AccessControlImpl_Insufficient_Rights);
        }
    }

    @Override // org.eclipse.emf.emfstore.internal.server.accesscontrol.AuthorizationControl
    public boolean checkProjectAdminAccess(SessionId sessionId, ProjectId projectId, PAPrivileges pAPrivileges) throws AccessControlException {
        checkSession(sessionId);
        ACUser user = getUser(sessionId);
        ArrayList<Role> arrayList = new ArrayList();
        arrayList.addAll(user.getRoles());
        arrayList.addAll(getRolesFromGroups(user));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            if (isServerAdminRole((Role) it.next())) {
                return true;
            }
        }
        for (Role role : arrayList) {
            if (isProjectAdminRole(role)) {
                if (!ServerConfiguration.isProjectAdminPrivileg(pAPrivileges)) {
                    throw new AccessControlException(Messages.AccessControlImpl_PARole_Missing_Privilege);
                }
                if (projectId == null || ((ProjectAdminRole) ProjectAdminRole.class.cast(role)).canAdministrate(projectId)) {
                    return false;
                }
                throw new AccessControlException(Messages.AccessControlImpl_PARole_Missing_Privilege);
            }
        }
        throw new AccessControlException(Messages.AccessControlImpl_Insufficient_Rights);
    }

    @Override // org.eclipse.emf.emfstore.internal.server.accesscontrol.AuthorizationControl
    public boolean checkProjectAdminAccessForOrgUnit(SessionId sessionId, ACOrgUnitId aCOrgUnitId) throws AccessControlException {
        List<Role> allRoles = getAllRoles(aCOrgUnitId);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        ACUser user = getUser(sessionId);
        boolean hasServerAdminRole = hasServerAdminRole(user);
        for (Role role : allRoles) {
            if ((isServerAdminRole(role) || isProjectAdminRole(role)) && !hasServerAdminRole) {
                throw new AccessControlException(Messages.AccessControlImpl_Not_Allowed_To_Remove_Other_Admin);
            }
            linkedHashSet.addAll(role.getProjects());
        }
        if (hasServerAdminRole) {
            return true;
        }
        ProjectAdminRole projectAdminRole = null;
        Iterator it = user.getRoles().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Role role2 = (Role) it.next();
            if (isProjectAdminRole(role2)) {
                projectAdminRole = (ProjectAdminRole) role2;
                break;
            }
        }
        if (projectAdminRole.getProjects().containsAll(linkedHashSet)) {
            return false;
        }
        throw new AccessControlException(Messages.AccessControlImpl_Insufficient_Rights);
    }

    private boolean hasServerAdminRole(ACOrgUnit aCOrgUnit) {
        Iterator it = aCOrgUnit.getRoles().iterator();
        while (it.hasNext()) {
            if (isServerAdminRole((Role) it.next())) {
                return true;
            }
        }
        return false;
    }

    private List<Role> getAllRoles(ACOrgUnitId aCOrgUnitId) throws AccessControlException {
        ACOrgUnit orgUnit = getOrgUnit(aCOrgUnitId);
        List<ACGroup> groups = getGroups(orgUnit);
        ArrayList arrayList = new ArrayList();
        Iterator<ACGroup> it = groups.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().getRoles());
        }
        arrayList.addAll(orgUnit.getRoles());
        return arrayList;
    }

    @Override // org.eclipse.emf.emfstore.internal.server.accesscontrol.AuthorizationControl
    public boolean checkProjectAdminAccess(SessionId sessionId, ProjectId projectId) throws AccessControlException {
        checkSession(sessionId);
        ACUser user = getUser(sessionId);
        ArrayList<Role> arrayList = new ArrayList();
        arrayList.addAll(user.getRoles());
        arrayList.addAll(getRolesFromGroups(user));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            if (isServerAdminRole((Role) it.next())) {
                return true;
            }
        }
        for (Role role : arrayList) {
            if ((projectId == null && isProjectAdminRole(role)) || role.canAdministrate(projectId)) {
                return false;
            }
        }
        throw new AccessControlException(Messages.AccessControlImpl_Insufficient_Rights);
    }

    private boolean isServerAdminRole(Role role) {
        return ServerAdmin.class.isInstance(role);
    }

    private boolean isProjectAdminRole(Role role) {
        return ProjectAdminRole.class.isInstance(role);
    }

    @Override // org.eclipse.emf.emfstore.internal.server.accesscontrol.AuthorizationControl
    public void checkServerAdminAccess(SessionId sessionId) throws AccessControlException {
        checkSession(sessionId);
        ACUser user = getUser(sessionId);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(user.getRoles());
        arrayList.addAll(getRolesFromGroups(user));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            if (((Role) it.next()) instanceof ServerAdmin) {
                return;
            }
        }
        throw new AccessControlException(Messages.AccessControlImpl_Insufficient_Rights);
    }

    @Override // org.eclipse.emf.emfstore.internal.server.accesscontrol.AuthorizationControl
    public ACUser resolveUser(SessionId sessionId) throws AccessControlException {
        checkSession(sessionId);
        return copyAndResolveUser(this.sessionUserMap.get(sessionId).getRawUser());
    }

    @Override // org.eclipse.emf.emfstore.internal.server.accesscontrol.AuthorizationControl
    public ACUser resolveUser(ACOrgUnitId aCOrgUnitId) throws AccessControlException {
        return copyAndResolveUser(getUser(aCOrgUnitId));
    }

    private ACUser copyAndResolveUser(ACUser aCUser) {
        ACUser clone = ModelUtil.clone(aCUser);
        Iterator<Role> it = getRolesFromGroups(aCUser).iterator();
        while (it.hasNext()) {
            clone.getRoles().add(ModelUtil.clone(it.next()));
        }
        for (ACGroup aCGroup : getGroups(aCUser)) {
            if (!clone.getEffectiveGroups().contains(aCGroup)) {
                ACGroup clone2 = ModelUtil.clone(aCGroup);
                clone.getEffectiveGroups().add(clone2);
                clone2.getMembers().clear();
            }
        }
        return clone;
    }

    private ACUser getUser(SessionId sessionId) throws AccessControlException {
        try {
            return this.sessionUserMap.get(sessionId).getUser();
        } catch (AccessControlException e) {
            this.sessionUserMap.remove(sessionId);
            throw e;
        }
    }

    @Override // org.eclipse.emf.emfstore.internal.server.accesscontrol.AuthorizationControl
    public void checkAccess(MethodInvocation methodInvocation) throws AccessControlException {
        initAccessMap();
        AccessLevel accessLevel = this.accessMap.get(methodInvocation.getType());
        if (accessLevel == null) {
            throw new AccessControlException(Messages.AccessControlImpl_No_Access);
        }
        switch ($SWITCH_TABLE$org$eclipse$emf$emfstore$internal$server$accesscontrol$AccessControlImpl$AccessLevel()[accessLevel.ordinal()]) {
            case EmfStoreValidator.RESOLVEALL /* 1 */:
                checkReadAccess(methodInvocation.getSessionId(), getProjectIdFromParameters(methodInvocation), null);
                return;
            case EmfStoreValidator.MODELELEMENTID /* 2 */:
                checkWriteAccess(methodInvocation.getSessionId(), getProjectIdFromParameters(methodInvocation), null);
                return;
            case 3:
                checkProjectAdminAccess(methodInvocation.getSessionId(), getProjectIdFromParameters(methodInvocation));
                return;
            case EmfStoreValidator.PROJECTGENERATION /* 4 */:
                checkServerAdminAccess(methodInvocation.getSessionId());
                return;
            case 5:
                return;
            default:
                throw new AccessControlException(Messages.AccessControlImpl_Unknown_Access_Type);
        }
    }

    private ProjectId getProjectIdFromParameters(MethodInvocation methodInvocation) {
        for (Object obj : methodInvocation.getParameters()) {
            if (obj instanceof ProjectId) {
                return (ProjectId) obj;
            }
        }
        return null;
    }

    public AbstractAuthenticationControl getAuthenticationControl() {
        return this.authenticationControl;
    }

    @Override // org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControl
    public void setAuthenticationControl(AbstractAuthenticationControl abstractAuthenticationControl) {
        this.authenticationControl = abstractAuthenticationControl;
    }

    static /* synthetic */ int[] $SWITCH_TABLE$org$eclipse$emf$emfstore$internal$server$accesscontrol$AccessControlImpl$AccessLevel() {
        int[] iArr = $SWITCH_TABLE$org$eclipse$emf$emfstore$internal$server$accesscontrol$AccessControlImpl$AccessLevel;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[AccessLevel.valuesCustom().length];
        try {
            iArr2[AccessLevel.NONE.ordinal()] = 5;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[AccessLevel.PROJECT_ADMIN.ordinal()] = 3;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[AccessLevel.PROJECT_READ.ordinal()] = 1;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[AccessLevel.PROJECT_WRITE.ordinal()] = 2;
        } catch (NoSuchFieldError unused4) {
        }
        try {
            iArr2[AccessLevel.SERVER_ADMIN.ordinal()] = 4;
        } catch (NoSuchFieldError unused5) {
        }
        $SWITCH_TABLE$org$eclipse$emf$emfstore$internal$server$accesscontrol$AccessControlImpl$AccessLevel = iArr2;
        return iArr2;
    }
}
