package org.eaglei.repository;

import ch.qos.logback.classic.ClassicGlobal;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;
import org.eaglei.repository.AccessGrant;
import org.eaglei.repository.auth.Authentication;
import org.eaglei.repository.servlet.ImportExport;
import org.eaglei.repository.servlet.WithRepositoryConnection;
import org.eaglei.repository.status.BadRequestException;
import org.eaglei.repository.status.ForbiddenException;
import org.eaglei.repository.status.InternalServerErrorException;
import org.eaglei.repository.util.SPARQL;
import org.eaglei.repository.vocabulary.REPO;
import org.mindswap.pellet.dig.DIGConstants;
import org.openrdf.OpenRDFException;
import org.openrdf.model.Literal;
import org.openrdf.model.Resource;
import org.openrdf.model.Statement;
import org.openrdf.model.URI;
import org.openrdf.model.Value;
import org.openrdf.model.impl.ContextStatementImpl;
import org.openrdf.model.impl.URIImpl;
import org.openrdf.model.vocabulary.RDF;
import org.openrdf.model.vocabulary.RDFS;
import org.openrdf.query.Binding;
import org.openrdf.query.BindingSet;
import org.openrdf.query.BooleanQuery;
import org.openrdf.query.Dataset;
import org.openrdf.query.MalformedQueryException;
import org.openrdf.query.QueryLanguage;
import org.openrdf.query.TupleQuery;
import org.openrdf.query.TupleQueryResult;
import org.openrdf.query.TupleQueryResultHandler;
import org.openrdf.query.TupleQueryResultHandlerBase;
import org.openrdf.query.TupleQueryResultHandlerException;
import org.openrdf.query.impl.DatasetImpl;
import org.openrdf.repository.RepositoryConnection;
import org.openrdf.rio.RDFFormat;
import org.openrdf.rio.RDFWriter;
import org.openrdf.rio.Rio;

/* loaded from: input_file:WEB-INF/classes/org/eaglei/repository/Access.class */
public enum Access {
    READ(REPO.HAS_READ_ACCESS),
    ADD(REPO.HAS_ADD_ACCESS),
    REMOVE(REPO.HAS_REMOVE_ACCESS),
    ADMIN(REPO.HAS_ADMIN_ACCESS);

    private URI uri;
    private static final Set<URI> valueURIs = new HashSet();
    private static String importGrantQuery;
    private static final String getGrantsQueryPrefix;
    private static final String getGrantsQuery;
    private static final String getMyGrantsQuery;
    private static final String getImportGrantsQuery = "SELECT DISTINCT ?subject WHERE { ?subject ?access ?agent }";
    private static final String hasPermissionQuery;
    private static DatasetImpl internalAccessGraphs;
    private static Logger log;
    private static final String allAccessesQuery;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/org/eaglei/repository/Access$grantHandler.class */
    public static class grantHandler extends TupleQueryResultHandlerBase {
        private List<AccessGrant> result = new ArrayList();

        protected grantHandler() {
        }

        @Override // org.openrdf.query.TupleQueryResultHandlerBase, org.openrdf.query.TupleQueryResultHandler
        public void handleSolution(BindingSet bindingSet) throws TupleQueryResultHandlerException {
            Value value = bindingSet.getValue("agent");
            Value value2 = bindingSet.getValue("agentLabel");
            Value value3 = bindingSet.getValue("agentType");
            Value value4 = bindingSet.getValue("agentTypeLabel");
            Value value5 = bindingSet.getValue("access");
            Value value6 = bindingSet.getValue("accessLabel");
            if (value == null || !(value instanceof URI)) {
                throw new TupleQueryResultHandlerException("The value for 'agent' was null or not a URI type in grantHandler: " + value);
            }
            if (value5 == null || !(value5 instanceof URI)) {
                throw new TupleQueryResultHandlerException("The value for 'access' was null or not a URI type in grantHandler: " + value5);
            }
            if (value3 == null) {
                value3 = REPO.AGENT;
            }
            if (Access.log.isDebugEnabled()) {
                Access.log.debug("getGrants: Adding Grant(agent=" + value + ", agentLabel=" + value2 + ", agentType=" + value3 + ", agentTypeLabel=" + value4 + ", access=" + value5 + ", accessLabel=" + value6);
            }
            this.result.add(new AccessGrant((URI) value, (value2 == null || !(value2 instanceof Literal)) ? null : ((Literal) value2).getLabel(), (URI) value3, (value4 == null || !(value4 instanceof Literal)) ? null : ((Literal) value4).getLabel(), (URI) value5, (value6 == null || !(value6 instanceof Literal)) ? null : ((Literal) value6).getLabel()));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/org/eaglei/repository/Access$termHandler.class */
    public static class termHandler extends TupleQueryResultHandlerBase {
        private List<AccessGrant.Term> result;

        private termHandler() {
            this.result = new ArrayList();
        }

        @Override // org.openrdf.query.TupleQueryResultHandlerBase, org.openrdf.query.TupleQueryResultHandler
        public void handleSolution(BindingSet bindingSet) throws TupleQueryResultHandlerException {
            Value value = bindingSet.getValue("uri");
            Value value2 = bindingSet.getValue("label");
            if (value == null || !(value instanceof URI)) {
                throw new TupleQueryResultHandlerException("The value for 'uri' was null or not a URI type in termHandler: " + value);
            }
            this.result.add(new AccessGrant.Term((URI) value, (value2 == null || !(value2 instanceof Literal)) ? null : ((Literal) value2).getLabel()));
        }
    }

    Access(URI uri) {
        this.uri = null;
        this.uri = uri;
    }

    private static boolean isAccessPredicate(URI uri) {
        return valueURIs.contains(uri);
    }

    public URI getURI() {
        return this.uri;
    }

    @Override // java.lang.Enum
    public String toString() {
        return name().toUpperCase();
    }

    public static boolean hasPermission(HttpServletRequest httpServletRequest, Resource resource, Access access) {
        if (Authentication.isSuperuser(httpServletRequest)) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Superuser elides check: hasPermission(" + resource + ", " + access + ") => true");
            return true;
        }
        try {
            URI principalURI = Authentication.getPrincipalURI(httpServletRequest);
            BooleanQuery prepareBooleanQuery = WithRepositoryConnection.get(httpServletRequest).prepareBooleanQuery(QueryLanguage.SPARQL, hasPermissionQuery);
            prepareBooleanQuery.setIncludeInferred(true);
            prepareBooleanQuery.setDataset(internalAccessGraphs);
            prepareBooleanQuery.clearBindings();
            prepareBooleanQuery.setBinding(ClassicGlobal.USER_MDC_KEY, principalURI);
            prepareBooleanQuery.setBinding("access", access.uri);
            prepareBooleanQuery.setBinding("resource", resource);
            boolean evaluate = prepareBooleanQuery.evaluate();
            if (log.isDebugEnabled()) {
                log.debug("Access Query: user=" + principalURI + ", access=" + access + ", query=\n" + hasPermissionQuery);
                log.debug("hasPermission(" + resource + ", " + access + ", " + principalURI + ") => " + evaluate);
            }
            return evaluate;
        } catch (OpenRDFException e) {
            log.error(e);
            throw new InternalServerErrorException("Failed in access check: ", e);
        }
    }

    public static boolean hasPermissionOnUser(HttpServletRequest httpServletRequest, String str) {
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        return Authentication.isSuperuser(httpServletRequest) || !(str == null || userPrincipal == null || !str.equals(userPrincipal.getName()));
    }

    public static void filterByPermission(HttpServletRequest httpServletRequest, URI uri, String str, String str2, String str3, Access access, Dataset dataset, BindingSet bindingSet, TupleQueryResultHandler tupleQueryResultHandler) {
        try {
            RepositoryConnection repositoryConnection = WithRepositoryConnection.get(httpServletRequest);
            URI principalURI = uri == null ? Authentication.getPrincipalURI(httpServletRequest) : uri;
            String makeAccessQuery = makeAccessQuery(str, "SELECT " + str2 + " WHERE", str3);
            if (log.isDebugEnabled()) {
                log.debug("SPARQL query in filterByPermission, name=" + str + ", query=\n  " + makeAccessQuery);
            }
            TupleQuery prepareTupleQuery = repositoryConnection.prepareTupleQuery(QueryLanguage.SPARQL, makeAccessQuery);
            prepareTupleQuery.setIncludeInferred(true);
            prepareTupleQuery.setDataset(dataset);
            prepareTupleQuery.clearBindings();
            prepareTupleQuery.setBinding(ClassicGlobal.USER_MDC_KEY, principalURI);
            prepareTupleQuery.setBinding("access", access.uri);
            if (bindingSet != null && bindingSet.size() > 0) {
                for (Binding binding : bindingSet) {
                    prepareTupleQuery.setBinding(binding.getName(), binding.getValue());
                }
            }
            prepareTupleQuery.evaluate(tupleQueryResultHandler);
        } catch (OpenRDFException e) {
            log.error(e);
            throw new InternalServerErrorException("Failed in access check: ", e);
        }
    }

    private static String makeAccessQuery(String str, String str2, String str3) {
        StringBuilder sb = new StringBuilder();
        sb.append(str2).append(" { ");
        if (str3 != null) {
            sb.append(str3);
        }
        sb.append("{ { ?user <").append(REPO.HAS_ROLE).append("> ?r . ?").append(str).append(" ?access ?r }\n");
        sb.append(" UNION { ?").append(str).append(" ?access ?user } } }");
        return sb.toString();
    }

    public static boolean removeGrant(HttpServletRequest httpServletRequest, URI uri, URI uri2, URI uri3) {
        if (hasPermission(httpServletRequest, uri, ADMIN)) {
            return removeGrantAsAdministrator(httpServletRequest, uri, uri2, uri3);
        }
        throw new ForbiddenException("You are not allowed to change access controls on " + uri);
    }

    public static boolean removeGrantAsAdministrator(HttpServletRequest httpServletRequest, URI uri, URI uri2, URI uri3) {
        if (uri == null || uri3 == null || uri2 == null) {
            throw new BadRequestException("removeGrant called with an illegal null URI.");
        }
        if (!isAccessPredicate(uri3)) {
            throw new IllegalArgumentException("Access URI is not a valid access predicate: " + uri3.stringValue());
        }
        RepositoryConnection repositoryConnection = WithRepositoryConnection.get(httpServletRequest);
        try {
            if (!repositoryConnection.hasStatement(uri, uri3, uri2, false, REPO.NG_INTERNAL)) {
                return false;
            }
            repositoryConnection.remove(uri, uri3, uri2, REPO.NG_INTERNAL);
            return true;
        } catch (OpenRDFException e) {
            log.error(e);
            throw new InternalServerErrorException("Failed in remove ACL: ", e);
        }
    }

    public static void addGrant(HttpServletRequest httpServletRequest, URI uri, URI uri2, URI uri3) {
        if (!hasPermission(httpServletRequest, uri, ADMIN)) {
            throw new ForbiddenException("You are not allowed to change access controls on " + uri);
        }
        addGrantAsAdministrator(httpServletRequest, uri, uri2, uri3);
    }

    public static void addGrantAsAdministrator(HttpServletRequest httpServletRequest, URI uri, URI uri2, URI uri3) {
        if (!isAccessPredicate(uri3)) {
            throw new IllegalArgumentException("Access URI is not a valid access predicate: " + uri3.stringValue());
        }
        RepositoryConnection repositoryConnection = WithRepositoryConnection.get(httpServletRequest);
        try {
            if (!repositoryConnection.hasStatement(uri, uri3, uri2, false, REPO.NG_INTERNAL)) {
                repositoryConnection.add(uri, uri3, uri2, REPO.NG_INTERNAL);
            }
        } catch (OpenRDFException e) {
            log.error(e);
            throw new InternalServerErrorException("Failed in add ACL: ", e);
        }
    }

    public static Iterable<AccessGrant> getGrants(HttpServletRequest httpServletRequest, URI uri) {
        return getGrantsInternal(httpServletRequest, WithRepositoryConnection.get(httpServletRequest), uri, false);
    }

    public static Iterable<AccessGrant> getGrants(RepositoryConnection repositoryConnection, URI uri) {
        return getGrantsInternal(null, repositoryConnection, uri, false);
    }

    public static Iterable<AccessGrant> getMyGrants(HttpServletRequest httpServletRequest, URI uri) {
        return getGrantsInternal(httpServletRequest, WithRepositoryConnection.get(httpServletRequest), uri, true);
    }

    private static Iterable<AccessGrant> getGrantsInternal(HttpServletRequest httpServletRequest, RepositoryConnection repositoryConnection, URI uri, boolean z) {
        try {
            String str = z ? getMyGrantsQuery : getGrantsQuery;
            if (log.isDebugEnabled()) {
                log.debug("SPARQL query to get " + (z ? "MY (" + Authentication.getPrincipalURI(httpServletRequest).stringValue() + DefaultExpressionEngine.DEFAULT_INDEX_END : "") + "grants, instance=" + uri.stringValue() + ", query=\n" + str);
            }
            TupleQuery prepareTupleQuery = repositoryConnection.prepareTupleQuery(QueryLanguage.SPARQL, str);
            prepareTupleQuery.setBinding(DIGConstants.INSTANCE, uri);
            if (z) {
                if (httpServletRequest == null) {
                    throw new IllegalArgumentException("Cannot get grants for current user when request is null.");
                }
                prepareTupleQuery.setBinding(ClassicGlobal.USER_MDC_KEY, Authentication.getPrincipalURI(httpServletRequest));
            }
            prepareTupleQuery.setDataset(internalAccessGraphs);
            grantHandler granthandler = new grantHandler();
            prepareTupleQuery.evaluate(granthandler);
            return granthandler.result;
        } catch (OpenRDFException e) {
            log.error(e);
            throw new InternalServerErrorException("Failed in query: " + e, e);
        }
    }

    public static Iterable<Statement> exportGrants(URI uri, Iterable<AccessGrant> iterable) {
        ArrayList arrayList = new ArrayList();
        for (AccessGrant accessGrant : iterable) {
            arrayList.add(new ContextStatementImpl(uri, accessGrant.access.uri, accessGrant.agent.uri, REPO.NG_INTERNAL));
        }
        return arrayList;
    }

    public static Iterable<Statement> importGrants(HttpServletRequest httpServletRequest, RepositoryConnection repositoryConnection, URI uri, URI uri2) {
        try {
            if (importGrantQuery == null) {
                StringBuilder sb = new StringBuilder("SELECT ?p ?o WHERE {?s ?p ?o FILTER(");
                TupleQuery prepareTupleQuery = WithRepositoryConnection.get(httpServletRequest).prepareTupleQuery(QueryLanguage.SPARQL, "SELECT * WHERE { ?accessPred <" + RDFS.SUBPROPERTYOF + "> <" + REPO.HAS_ANY_ACCESS + ">}");
                prepareTupleQuery.setDataset(internalAccessGraphs);
                TupleQueryResult tupleQueryResult = null;
                try {
                    tupleQueryResult = prepareTupleQuery.evaluate();
                    boolean z = true;
                    while (tupleQueryResult.hasNext()) {
                        String stringValue = tupleQueryResult.next().getValue("accessPred").stringValue();
                        if (z) {
                            z = false;
                        } else {
                            sb.append(" || ");
                        }
                        sb.append("?p = <").append(stringValue).append(">");
                    }
                    sb.append(")}");
                    importGrantQuery = sb.toString();
                    log.debug("Generating fixed Access Import query: \"" + importGrantQuery + "\"");
                    if (tupleQueryResult != null) {
                        tupleQueryResult.close();
                    }
                } finally {
                }
            }
            TupleQuery prepareTupleQuery2 = repositoryConnection.prepareTupleQuery(QueryLanguage.SPARQL, importGrantQuery);
            prepareTupleQuery2.setDataset(internalAccessGraphs);
            prepareTupleQuery2.setBinding("s", uri);
            TupleQueryResult tupleQueryResult2 = null;
            ArrayList arrayList = new ArrayList();
            try {
                tupleQueryResult2 = prepareTupleQuery2.evaluate();
                while (tupleQueryResult2.hasNext()) {
                    BindingSet next = tupleQueryResult2.next();
                    arrayList.add(new ContextStatementImpl(uri2, (URI) next.getValue("p"), next.getValue("o"), REPO.NG_INTERNAL));
                }
                if (tupleQueryResult2 != null) {
                    tupleQueryResult2.close();
                }
                log.debug("importGrants(" + uri.stringValue() + "): returning " + arrayList.size() + " grant statements.");
                return arrayList;
            } finally {
            }
        } catch (OpenRDFException e) {
            log.error("Failed in one of the Import Grant queries: ", e);
            throw new InternalServerErrorException(e);
        }
    }

    public static Iterable<AccessGrant.Term> getAllAccesses(HttpServletRequest httpServletRequest) {
        if (log.isDebugEnabled()) {
            log.debug("getAllAccesses query = " + allAccessesQuery);
        }
        return getAllTermsInternal(httpServletRequest, allAccessesQuery);
    }

    private static Iterable<AccessGrant.Term> getAllTermsInternal(HttpServletRequest httpServletRequest, String str) {
        try {
            TupleQuery prepareTupleQuery = WithRepositoryConnection.get(httpServletRequest).prepareTupleQuery(QueryLanguage.SPARQL, str);
            prepareTupleQuery.setDataset(SPARQL.InternalGraphs);
            termHandler termhandler = new termHandler();
            prepareTupleQuery.evaluate(termhandler);
            return termhandler.result;
        } catch (OpenRDFException e) {
            log.error(e);
            throw new InternalServerErrorException("Failed in query: ", e);
        }
    }

    public static void doExportGrants(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RDFFormat rDFFormat, Set<String> set, Set<String> set2) throws ServletException, IOException {
        try {
            RDFWriter createWriter = Rio.createWriter(rDFFormat, new OutputStreamWriter((OutputStream) httpServletResponse.getOutputStream(), "UTF-8"));
            createWriter.startRDF();
            if (set.isEmpty()) {
                throw new BadRequestException("Export of grants requires an include list of URIs");
            }
            if (!set2.isEmpty()) {
                throw new BadRequestException("Export of grants does not support an exclude list");
            }
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                URIImpl uRIImpl = new URIImpl(it.next());
                Iterator<Statement> it2 = exportGrants(uRIImpl, getGrants(httpServletRequest, uRIImpl)).iterator();
                while (it2.hasNext()) {
                    createWriter.handleStatement(it2.next());
                }
            }
            createWriter.endRDF();
        } catch (OpenRDFException e) {
            throw new InternalServerErrorException(e);
        }
    }

    public static void doImportGrants(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RepositoryConnection repositoryConnection, Set<String> set, Set<String> set2, ImportExport.DuplicateArg duplicateArg, boolean z, boolean z2) throws ServletException, IOException {
        RepositoryConnection repositoryConnection2 = WithRepositoryConnection.get(httpServletRequest);
        try {
            log.debug("SPARQL query on imported GRANT statements: \n  SELECT DISTINCT ?subject WHERE { ?subject ?access ?agent }");
            TupleQuery prepareTupleQuery = repositoryConnection.prepareTupleQuery(QueryLanguage.SPARQL, getImportGrantsQuery);
            prepareTupleQuery.setDataset(SPARQL.InternalGraphs);
            TupleQueryResult tupleQueryResult = null;
            try {
                tupleQueryResult = prepareTupleQuery.evaluate();
                while (tupleQueryResult.hasNext()) {
                    URI uri = (URI) tupleQueryResult.next().getValue("subject");
                    String stringValue = uri.stringValue();
                    if (set2.contains(stringValue)) {
                        log.debug("SKIP IMPORT GRANT because of exclude: uri=" + stringValue);
                    } else if (set.isEmpty() || set.contains(stringValue)) {
                        for (Statement statement : importGrants(httpServletRequest, repositoryConnection, uri, uri)) {
                            log.debug("Adding access grant statement: " + statement);
                            repositoryConnection2.add(statement, REPO.NG_INTERNAL);
                        }
                    } else {
                        log.debug("SKIP IMPORT GRANT because of include: uri=" + stringValue);
                    }
                }
                if (tupleQueryResult != null) {
                    tupleQueryResult.close();
                }
            } catch (Throwable th) {
                if (tupleQueryResult != null) {
                    tupleQueryResult.close();
                }
                throw th;
            }
        } catch (MalformedQueryException e) {
            log.error("Rejecting malformed query:" + e);
            throw new ServletException(e);
        } catch (OpenRDFException e2) {
            log.error(e2);
            throw new ServletException(e2);
        }
    }

    static {
        for (Access access : values()) {
            valueURIs.add(access.uri);
        }
        importGrantQuery = null;
        getGrantsQueryPrefix = "SELECT DISTINCT * WHERE { \nGRAPH <" + REPO.NG_INTERNAL + "> { ?instance ?access ?agent } . \n?access <" + RDFS.SUBPROPERTYOF + "> <" + REPO.HAS_ANY_ACCESS + "> \nOPTIONAL { ?access <" + RDFS.LABEL + "> ?accessLabel }\nOPTIONAL { ?agent <" + RDFS.LABEL + "> ?agentLabel }\nOPTIONAL { {{?agent <" + RDF.TYPE + "> ?agentType} UNION {?agent <" + RDFS.SUBCLASSOF + "> ?agentType}}\n  FILTER (?agentType = <" + REPO.ROLE + "> || ?agentType = <" + REPO.PERSON + ">) \n  OPTIONAL { ?agentType <" + RDFS.LABEL + "> ?agentTypeLabel }}\n";
        getGrantsQuery = getGrantsQueryPrefix + "}";
        getMyGrantsQuery = getGrantsQueryPrefix + "{{?user <" + REPO.HAS_ROLE + "> ?agent} UNION {?instance ?access ?user}}}";
        hasPermissionQuery = makeAccessQuery("resource", "ASK", null);
        internalAccessGraphs = SPARQL.copyDataset(SPARQL.InternalGraphs);
        internalAccessGraphs.addDefaultGraph(REPO.NG_USERS);
        log = LogManager.getLogger(Access.class);
        allAccessesQuery = "SELECT DISTINCT * WHERE { ?uri <" + RDFS.SUBPROPERTYOF + "> <" + REPO.HAS_ANY_ACCESS + "> \n OPTIONAL { ?uri <" + RDFS.LABEL + "> ?label }}";
    }
}
