package org.eclipse.emf.cdo.server.internal.security;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.eclipse.emf.cdo.common.branch.CDOBranchPoint;
import org.eclipse.emf.cdo.common.revision.CDORevision;
import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
import org.eclipse.emf.cdo.common.security.CDOPermission;
import org.eclipse.emf.cdo.eresource.CDOResource;
import org.eclipse.emf.cdo.eresource.EresourcePackage;
import org.eclipse.emf.cdo.net4j.CDONet4jSessionConfiguration;
import org.eclipse.emf.cdo.net4j.CDONet4jUtil;
import org.eclipse.emf.cdo.security.Access;
import org.eclipse.emf.cdo.security.ClassPermission;
import org.eclipse.emf.cdo.security.Directory;
import org.eclipse.emf.cdo.security.Group;
import org.eclipse.emf.cdo.security.PackagePermission;
import org.eclipse.emf.cdo.security.Permission;
import org.eclipse.emf.cdo.security.Realm;
import org.eclipse.emf.cdo.security.RealmUtil;
import org.eclipse.emf.cdo.security.Role;
import org.eclipse.emf.cdo.security.SecurityFactory;
import org.eclipse.emf.cdo.security.SecurityItem;
import org.eclipse.emf.cdo.security.SecurityPackage;
import org.eclipse.emf.cdo.security.User;
import org.eclipse.emf.cdo.security.UserPassword;
import org.eclipse.emf.cdo.server.IPermissionManager;
import org.eclipse.emf.cdo.server.IRepository;
import org.eclipse.emf.cdo.server.IStoreAccessor;
import org.eclipse.emf.cdo.server.ITransaction;
import org.eclipse.emf.cdo.server.internal.security.bundle.OM;
import org.eclipse.emf.cdo.server.security.ISecurityManager;
import org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager;
import org.eclipse.emf.cdo.spi.common.revision.InternalCDORevision;
import org.eclipse.emf.cdo.spi.common.revision.ManagedRevisionProvider;
import org.eclipse.emf.cdo.spi.server.InternalRepository;
import org.eclipse.emf.cdo.spi.server.InternalSessionManager;
import org.eclipse.emf.cdo.transaction.CDOTransaction;
import org.eclipse.emf.cdo.util.CommitException;
import org.eclipse.emf.common.util.EList;
import org.eclipse.emf.ecore.EClass;
import org.eclipse.emf.ecore.util.EcoreUtil;
import org.eclipse.net4j.Net4jUtil;
import org.eclipse.net4j.acceptor.IAcceptor;
import org.eclipse.net4j.connector.IConnector;
import org.eclipse.net4j.util.WrappedException;
import org.eclipse.net4j.util.container.IManagedContainer;
import org.eclipse.net4j.util.event.IListener;
import org.eclipse.net4j.util.lifecycle.ILifecycle;
import org.eclipse.net4j.util.lifecycle.Lifecycle;
import org.eclipse.net4j.util.lifecycle.LifecycleEventAdapter;
import org.eclipse.net4j.util.lifecycle.LifecycleUtil;
import org.eclipse.net4j.util.om.monitor.OMMonitor;
import org.eclipse.net4j.util.security.IUserManager;
import org.eclipse.net4j.util.security.SecurityUtil;

/* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/SecurityManager.class */
public class SecurityManager extends Lifecycle implements InternalSecurityManager {
    private final String realmPath;
    private final IManagedContainer container;
    private InternalRepository repository;
    private IAcceptor acceptor;
    private IConnector connector;
    private CDOTransaction transaction;
    private Realm realm;
    private EList<SecurityItem> newUsers;
    private EList<SecurityItem> newGroups;
    private EList<SecurityItem> newRoles;
    private static /* synthetic */ int[] $SWITCH_TABLE$org$eclipse$emf$cdo$security$Access;
    private IListener repositoryListener = new LifecycleEventAdapter() { // from class: org.eclipse.emf.cdo.server.internal.security.SecurityManager.1
        protected void onActivated(ILifecycle iLifecycle) {
            SecurityManager.this.init();
        }

        protected void onDeactivated(ILifecycle iLifecycle) {
            SecurityManager.this.deactivate();
        }
    };
    private final IUserManager userManager = new UserManager(this, null);
    private final IPermissionManager permissionManager = new PermissionManager(this, null);
    private final IRepository.WriteAccessHandler writeAccessHandler = new WriteAccessHandler(this, null);
    private final List<InternalSecurityManager.CommitHandler> commitHandlers = new ArrayList();
    private final Map<String, User> users = new HashMap();

    /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/SecurityManager$PermissionManager.class */
    private final class PermissionManager implements IPermissionManager {
        private PermissionManager() {
        }

        public CDOPermission getPermission(CDORevision cDORevision, CDOBranchPoint cDOBranchPoint, String str) {
            User user = SecurityManager.this.getUser(str);
            return SecurityManager.this.getPermission(cDORevision, new ManagedRevisionProvider(SecurityManager.this.repository.getRevisionManager(), cDOBranchPoint), cDOBranchPoint, user);
        }

        /* synthetic */ PermissionManager(SecurityManager securityManager, PermissionManager permissionManager) {
            this();
        }
    }

    /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/SecurityManager$UserManager.class */
    private final class UserManager implements IUserManager {
        private UserManager() {
        }

        public void addUser(final String str, final char[] cArr) {
            SecurityManager.this.modify(new ISecurityManager.RealmOperation() { // from class: org.eclipse.emf.cdo.server.internal.security.SecurityManager.UserManager.1
                @Override // org.eclipse.emf.cdo.server.security.ISecurityManager.RealmOperation
                public void execute(Realm realm) {
                    UserPassword createUserPassword = SecurityFactory.eINSTANCE.createUserPassword();
                    createUserPassword.setEncrypted(new String(cArr));
                    User createUser = SecurityFactory.eINSTANCE.createUser();
                    createUser.setId(str);
                    createUser.setPassword(createUserPassword);
                    realm.getItems().add(createUser);
                }
            });
        }

        public void removeUser(final String str) {
            SecurityManager.this.modify(new ISecurityManager.RealmOperation() { // from class: org.eclipse.emf.cdo.server.internal.security.SecurityManager.UserManager.2
                @Override // org.eclipse.emf.cdo.server.security.ISecurityManager.RealmOperation
                public void execute(Realm realm) {
                    EcoreUtil.remove(SecurityManager.this.getUser(str));
                }
            });
        }

        public byte[] encrypt(String str, byte[] bArr, String str2, byte[] bArr2, int i) throws SecurityException {
            UserPassword password = SecurityManager.this.getUser(str).getPassword();
            String encrypted = password == null ? null : password.getEncrypted();
            char[] charArray = encrypted == null ? null : encrypted.toCharArray();
            if (charArray == null) {
                throw new SecurityException("No password: " + str);
            }
            try {
                return SecurityUtil.encrypt(bArr, charArray, str2, bArr2, i);
            } catch (RuntimeException e) {
                throw e;
            } catch (Exception e2) {
                throw new SecurityException(e2);
            }
        }

        /* synthetic */ UserManager(SecurityManager securityManager, UserManager userManager) {
            this();
        }
    }

    /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/SecurityManager$WriteAccessHandler.class */
    private final class WriteAccessHandler implements IRepository.WriteAccessHandler {
        private WriteAccessHandler() {
        }

        public void handleTransactionBeforeCommitting(ITransaction iTransaction, IStoreAccessor.CommitContext commitContext, OMMonitor oMMonitor) throws RuntimeException {
            CDOBranchPoint branchPoint = commitContext.getBranchPoint();
            User user = SecurityManager.this.getUser(commitContext.getUserID());
            SecurityManager.this.handleCommit(commitContext, user);
            permissionRevisionsBeforeCommitting(commitContext, branchPoint, user, commitContext.getNewObjects());
            permissionRevisionsBeforeCommitting(commitContext, branchPoint, user, commitContext.getDirtyObjects());
        }

        private void permissionRevisionsBeforeCommitting(IStoreAccessor.CommitContext commitContext, CDOBranchPoint cDOBranchPoint, User user, InternalCDORevision[] internalCDORevisionArr) {
            for (InternalCDORevision internalCDORevision : internalCDORevisionArr) {
                if (SecurityManager.this.getPermission(internalCDORevision, commitContext, cDOBranchPoint, user) != CDOPermission.WRITE) {
                    throw new SecurityException("User " + user + " is not allowed to write to " + internalCDORevision);
                }
            }
        }

        @Deprecated
        public void handleTransactionAfterCommitted(ITransaction iTransaction, IStoreAccessor.CommitContext commitContext, OMMonitor oMMonitor) {
        }

        /* synthetic */ WriteAccessHandler(SecurityManager securityManager, WriteAccessHandler writeAccessHandler) {
            this();
        }
    }

    public SecurityManager(String str, IManagedContainer iManagedContainer) {
        this.realmPath = str;
        this.container = iManagedContainer;
    }

    @Override // org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager
    public final IManagedContainer getContainer() {
        return this.container;
    }

    @Override // org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager
    public final String getRealmPath() {
        return this.realmPath;
    }

    @Override // org.eclipse.emf.cdo.server.security.ISecurityManager
    public final IRepository getRepository() {
        return this.repository;
    }

    @Override // org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager
    public void setRepository(InternalRepository internalRepository) {
        this.repository = internalRepository;
        init();
    }

    @Override // org.eclipse.emf.cdo.server.security.ISecurityManager
    public Realm getRealm() {
        return this.realm;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable, java.util.Map<java.lang.String, org.eclipse.emf.cdo.security.User>] */
    @Override // org.eclipse.emf.cdo.server.security.ISecurityManager
    public User getUser(String str) {
        User user;
        synchronized (this.users) {
            User user2 = this.users.get(str);
            if (user2 == null) {
                user2 = RealmUtil.findUser(this.realm.getItems(), str);
                if (user2 == null) {
                    throw new SecurityException("User " + str + " not found");
                }
                this.users.put(str, user2);
            }
            user = user2;
        }
        return user;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [org.eclipse.emf.cdo.transaction.CDOTransaction] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v3, types: [org.eclipse.emf.cdo.server.security.ISecurityManager$RealmOperation] */
    /* JADX WARN: Type inference failed for: r0v8, types: [org.eclipse.emf.cdo.common.commit.CDOCommitInfo] */
    @Override // org.eclipse.emf.cdo.server.security.ISecurityManager
    public void modify(ISecurityManager.RealmOperation realmOperation) {
        ?? r0 = this.transaction;
        synchronized (r0) {
            r0 = realmOperation;
            r0.execute(this.realm);
            try {
                r0 = this.transaction.commit();
            } catch (CommitException e) {
                throw WrappedException.wrap(e);
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.List<org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager$CommitHandler>] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v6, types: [org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager$CommitHandler[]] */
    @Override // org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager
    public InternalSecurityManager.CommitHandler[] getCommitHandlers() {
        ?? r0 = this.commitHandlers;
        synchronized (r0) {
            r0 = (InternalSecurityManager.CommitHandler[]) this.commitHandlers.toArray(new InternalSecurityManager.CommitHandler[this.commitHandlers.size()]);
        }
        return r0;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.util.List<org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager$CommitHandler>] */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    @Override // org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager
    public void addCommitHandler(InternalSecurityManager.CommitHandler commitHandler) {
        checkInactive();
        ?? r0 = this.commitHandlers;
        synchronized (r0) {
            if (!this.commitHandlers.contains(commitHandler)) {
                this.commitHandlers.add(commitHandler);
            }
            r0 = r0;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.util.List<org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager$CommitHandler>] */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    @Override // org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager
    public void removeCommitHandler(InternalSecurityManager.CommitHandler commitHandler) {
        checkInactive();
        ?? r0 = this.commitHandlers;
        synchronized (r0) {
            this.commitHandlers.remove(commitHandler);
            r0 = r0;
        }
    }

    protected void initCommitHandlers(boolean z) {
        for (InternalSecurityManager.CommitHandler commitHandler : getCommitHandlers()) {
            try {
                commitHandler.init(this, z);
            } catch (Exception e) {
                OM.LOG.error(e);
            }
        }
    }

    protected void handleCommit(IStoreAccessor.CommitContext commitContext, User user) {
        for (InternalSecurityManager.CommitHandler commitHandler : getCommitHandlers()) {
            try {
                commitHandler.handleCommit(this, commitContext, user);
            } catch (Exception e) {
                OM.LOG.error(e);
            }
        }
    }

    protected void init() {
        if (!isActive() || this.repository == null) {
            return;
        }
        this.repository.addListener(this.repositoryListener);
        if (LifecycleUtil.isActive(this.repository)) {
            String name = this.repository.getName();
            String str = String.valueOf(name) + "_security";
            this.acceptor = Net4jUtil.getAcceptor(this.container, "jvm", str);
            this.connector = Net4jUtil.getConnector(this.container, "jvm", str);
            CDONet4jSessionConfiguration createNet4jSessionConfiguration = CDONet4jUtil.createNet4jSessionConfiguration();
            createNet4jSessionConfiguration.setConnector(this.connector);
            createNet4jSessionConfiguration.setRepositoryName(name);
            this.transaction = createNet4jSessionConfiguration.openNet4jSession().openTransaction();
            boolean z = !this.transaction.hasResource(this.realmPath);
            if (z) {
                CDOResource createResource = this.transaction.createResource(this.realmPath);
                this.realm = createRealm();
                createResource.getContents().add(this.realm);
            } else {
                this.realm = (Realm) this.transaction.getResource(this.realmPath).getContents().get(0);
            }
            initCommitHandlers(z);
            try {
                this.transaction.commit();
                InternalSessionManager sessionManager = this.repository.getSessionManager();
                sessionManager.setUserManager(this.userManager);
                sessionManager.setPermissionManager(this.permissionManager);
                this.repository.addHandler(this.writeAccessHandler);
            } catch (Exception e) {
                throw WrappedException.wrap(e);
            }
        }
    }

    protected Realm createRealm() {
        Realm createRealm = SecurityFactory.eINSTANCE.createRealm();
        createRealm.setName("Security Realm");
        Directory createDirectory = SecurityFactory.eINSTANCE.createDirectory();
        createDirectory.setName("Users");
        createRealm.getItems().add(createDirectory);
        this.newUsers = createDirectory.getItems();
        Directory createDirectory2 = SecurityFactory.eINSTANCE.createDirectory();
        createDirectory2.setName("Groups");
        createRealm.getItems().add(createDirectory2);
        this.newGroups = createDirectory2.getItems();
        Directory createDirectory3 = SecurityFactory.eINSTANCE.createDirectory();
        createDirectory3.setName("Roles");
        createRealm.getItems().add(createDirectory3);
        this.newRoles = createDirectory3.getItems();
        User createUser = SecurityFactory.eINSTANCE.createUser();
        createUser.setId("Administrator");
        this.newUsers.add(createUser);
        UserPassword createUserPassword = SecurityFactory.eINSTANCE.createUserPassword();
        createUserPassword.setEncrypted("0000");
        createUser.setPassword(createUserPassword);
        Group createGroup = SecurityFactory.eINSTANCE.createGroup();
        createGroup.setId("Administrators");
        createGroup.getUsers().add(createUser);
        this.newGroups.add(createGroup);
        Role createRole = SecurityFactory.eINSTANCE.createRole();
        createRole.setId("Administration");
        createRole.getAssignees().add(createGroup);
        this.newRoles.add(createRole);
        PackagePermission createPackagePermission = SecurityFactory.eINSTANCE.createPackagePermission();
        createPackagePermission.setAccess(Access.READ);
        createRole.getPermissions().add(createPackagePermission);
        createPackagePermission.setApplicablePackage(EresourcePackage.eINSTANCE);
        for (EClass eClass : SecurityPackage.eINSTANCE.getEClassifiers()) {
            if (eClass instanceof EClass) {
                EClass eClass2 = eClass;
                if (!eClass2.isInterface() && !eClass2.isAbstract() && eClass2 != SecurityPackage.Literals.USER_PASSWORD) {
                    ClassPermission createClassPermission = SecurityFactory.eINSTANCE.createClassPermission();
                    createClassPermission.setAccess(Access.WRITE);
                    createRole.getPermissions().add(createClassPermission);
                    createClassPermission.setApplicableClass(eClass2);
                }
            }
        }
        return createRealm;
    }

    protected CDOPermission convertPermission(Access access) {
        if (access != null) {
            switch ($SWITCH_TABLE$org$eclipse$emf$cdo$security$Access()[access.ordinal()]) {
                case 1:
                    return CDOPermission.READ;
                case 2:
                    return CDOPermission.WRITE;
            }
        }
        return CDOPermission.NONE;
    }

    protected CDOPermission getPermission(CDORevision cDORevision, CDORevisionProvider cDORevisionProvider, CDOBranchPoint cDOBranchPoint, User user) {
        CDOPermission convertPermission = convertPermission(user.getDefaultAccess());
        if (convertPermission == CDOPermission.WRITE) {
            return convertPermission;
        }
        for (Permission permission : user.getAllPermissions()) {
            CDOPermission convertPermission2 = convertPermission(permission.getAccess());
            if (convertPermission2.ordinal() > convertPermission.ordinal() && permission.isApplicable(cDORevision, cDORevisionProvider, cDOBranchPoint)) {
                convertPermission = convertPermission2;
                if (convertPermission == CDOPermission.WRITE) {
                    return convertPermission;
                }
            }
        }
        return convertPermission;
    }

    protected void doActivate() throws Exception {
        super.doActivate();
        init();
    }

    protected void doDeactivate() throws Exception {
        this.users.clear();
        this.realm = null;
        this.transaction.getSession().close();
        this.transaction = null;
        this.connector.close();
        this.connector = null;
        this.acceptor.close();
        this.acceptor = null;
        super.doDeactivate();
    }

    static /* synthetic */ int[] $SWITCH_TABLE$org$eclipse$emf$cdo$security$Access() {
        int[] iArr = $SWITCH_TABLE$org$eclipse$emf$cdo$security$Access;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[Access.values().length];
        try {
            iArr2[Access.READ.ordinal()] = 1;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[Access.WRITE.ordinal()] = 2;
        } catch (NoSuchFieldError unused2) {
        }
        $SWITCH_TABLE$org$eclipse$emf$cdo$security$Access = iArr2;
        return iArr2;
    }
}
