package org.eaglei.repository;

import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.naming.NamingException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;
import org.eaglei.repository.auth.AuthUser;
import org.eaglei.repository.auth.Authentication;
import org.eaglei.repository.rid.RIDGenerator;
import org.eaglei.repository.servlet.ImportExport;
import org.eaglei.repository.servlet.WithRepositoryConnection;
import org.eaglei.repository.status.BadRequestException;
import org.eaglei.repository.status.ForbiddenException;
import org.eaglei.repository.status.InternalServerErrorException;
import org.eaglei.repository.util.HandlerBadRequest;
import org.eaglei.repository.util.SPARQL;
import org.eaglei.repository.util.Utils;
import org.eaglei.repository.vocabulary.FOAF;
import org.eaglei.repository.vocabulary.REPO;
import org.openrdf.OpenRDFException;
import org.openrdf.model.BNode;
import org.openrdf.model.Literal;
import org.openrdf.model.Resource;
import org.openrdf.model.Statement;
import org.openrdf.model.URI;
import org.openrdf.model.Value;
import org.openrdf.model.ValueFactory;
import org.openrdf.model.impl.ContextStatementImpl;
import org.openrdf.model.impl.LiteralImpl;
import org.openrdf.model.impl.URIImpl;
import org.openrdf.model.vocabulary.RDF;
import org.openrdf.model.vocabulary.RDFS;
import org.openrdf.model.vocabulary.XMLSchema;
import org.openrdf.query.BindingSet;
import org.openrdf.query.Dataset;
import org.openrdf.query.MalformedQueryException;
import org.openrdf.query.QueryLanguage;
import org.openrdf.query.TupleQuery;
import org.openrdf.query.TupleQueryResultHandlerBase;
import org.openrdf.query.TupleQueryResultHandlerException;
import org.openrdf.query.impl.DatasetImpl;
import org.openrdf.repository.RepositoryConnection;
import org.openrdf.repository.RepositoryException;
import org.openrdf.repository.RepositoryResult;
import org.openrdf.rio.RDFFormat;
import org.openrdf.rio.RDFHandler;
import org.openrdf.rio.RDFWriter;
import org.openrdf.rio.Rio;
import org.openrdf.rio.helpers.RDFHandlerWrapper;

/* loaded from: input_file:WEB-INF/classes/org/eaglei/repository/User.class */
public class User {
    private static Logger log = LogManager.getLogger(User.class);
    private static final URI USER_GRAPH = REPO.NG_USERS;
    private static DatasetImpl userDataset = SPARQL.copyDataset(SPARQL.InternalGraphs);
    private final URI uri;
    private final String username;
    private String firstName;
    private String lastName;
    private String mbox;
    private Set<URI> roles;
    private Boolean newIsSuperuser;
    private boolean dirty;
    private static final URI EXPORT_AUTH_PASSWORD;
    private static final URI EXPORT_AUTH_TYPE;
    private static final URI EXPORT_AUTH_TYPE_BUILTIN;
    private static final String importUserGetAuthUsers;
    private static final String importUserGetStatements;
    private static final URI[] implicitRoles;
    private static final String userForURIQuery;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/org/eaglei/repository/User$allUserHandler.class */
    public static class allUserHandler extends oneUserHandler {
        private List<User> result;
        private User curUser;
        private URI lastURI;

        public allUserHandler(HttpServletRequest httpServletRequest, List<User> list) {
            super(httpServletRequest);
            this.result = null;
            this.curUser = null;
            this.lastURI = null;
            this.result = list;
        }

        @Override // org.eaglei.repository.User.oneUserHandler, org.openrdf.query.TupleQueryResultHandlerBase, org.openrdf.query.TupleQueryResultHandler
        public void endQueryResult() {
            finishCurrent();
        }

        @Override // org.eaglei.repository.User.oneUserHandler, org.openrdf.query.TupleQueryResultHandlerBase, org.openrdf.query.TupleQueryResultHandler
        public void handleSolution(BindingSet bindingSet) throws TupleQueryResultHandlerException {
            Value value = bindingSet.getValue("uri");
            if (value == null || !(value instanceof URI)) {
                User.log.error("Should not get null or non-URI result in allUserHandler: " + value);
                return;
            }
            if (this.lastURI != null && value.equals(this.lastURI)) {
                populateUser(this.request, bindingSet, this.curUser);
                return;
            }
            finishCurrent();
            this.lastURI = (URI) value;
            this.curUser = populateUser(this.request, bindingSet, null);
            new User(this.lastURI, null);
        }

        private void finishCurrent() {
            if (this.curUser != null) {
                this.result.add(this.curUser);
                this.curUser = null;
            }
        }
    }

    /* loaded from: input_file:WEB-INF/classes/org/eaglei/repository/User$authUserPass1Handler.class */
    private static class authUserPass1Handler extends TupleQueryResultHandlerBase {
        private RepositoryConnection rc;
        private Connection rdbms;
        private boolean transform;
        private ImportExport.DuplicateArg duplicate;
        private Set<String> includes;
        private Set<String> excludes;
        private int count = 0;
        private Set<String> allow = new HashSet();

        public authUserPass1Handler(Connection connection, RepositoryConnection repositoryConnection, boolean z, ImportExport.DuplicateArg duplicateArg, Set<String> set, Set<String> set2) {
            this.rdbms = connection;
            this.rc = repositoryConnection;
            this.transform = z;
            this.duplicate = duplicateArg;
            this.includes = set;
            this.excludes = set2;
        }

        @Override // org.openrdf.query.TupleQueryResultHandlerBase, org.openrdf.query.TupleQueryResultHandler
        public void handleSolution(BindingSet bindingSet) throws TupleQueryResultHandlerException {
            Value value = bindingSet.getValue("authUser");
            Value value2 = bindingSet.getValue("username");
            Value value3 = bindingSet.getValue("password");
            boolean z = bindingSet.getValue("su") != null;
            if (User.log.isDebugEnabled()) {
                User.log.debug("authUserPass1Handler: Got subj=" + value + ", username=" + value2 + ", password=" + (value3 == null ? null : "[password]") + ", su=" + z);
            }
            if (value == null || value2 == null || value3 == null) {
                throw new HandlerBadRequest("Bad export file content: missing one of the required data: subject=" + value + ", username=" + value2 + ", password=" + (value3 == null ? null : "[password]"));
            }
            try {
                String stringValue = value2.stringValue();
                URI uri = value instanceof URI ? (URI) value : null;
                String stringValue2 = value.stringValue();
                if (this.excludes.contains(stringValue) || this.excludes.contains(stringValue2)) {
                    User.log.debug("PASS1: SKIP USER import because of exclude: username=" + stringValue + ", or subject=" + stringValue2);
                    return;
                }
                if (!this.includes.isEmpty() && !this.includes.contains(stringValue) && !this.includes.contains(stringValue2)) {
                    User.log.debug("PASS1: SKIP USER import because of include: username=" + stringValue + ", or subject=" + stringValue2);
                    return;
                }
                AuthUser find = AuthUser.find(stringValue);
                if (find != null) {
                    User.log.debug("PASS1: FOUND DUPLICATE PRINCIPAL, user principal=" + stringValue);
                    if (this.duplicate == ImportExport.DuplicateArg.ignore) {
                        return;
                    }
                    if (this.duplicate == ImportExport.DuplicateArg.abort) {
                        throw new HandlerBadRequest("Import contains a duplicate user for username=" + stringValue);
                    }
                }
                if (uri != null && this.rc.hasStatement(uri, REPO.HAS_PRINCIPAL_NAME, null, false, REPO.NG_INTERNAL)) {
                    User.log.debug("PASS1: FOUND DUPLICATE SUBJECT, user subject=" + uri);
                    if (this.duplicate == ImportExport.DuplicateArg.ignore) {
                        return;
                    }
                    if (this.duplicate == ImportExport.DuplicateArg.abort) {
                        throw new HandlerBadRequest("Import contains a duplicate user for URI=" + uri);
                    }
                }
                if (find != null) {
                    find.setPassword(value3.stringValue());
                    find.setIsSuperuser(z);
                    find.update(this.rdbms);
                } else {
                    AuthUser.create(this.rdbms, stringValue, value3.stringValue(), z);
                }
                this.allow.add(stringValue);
                this.count++;
                User.log.debug("Added new user in PASS1: username=" + stringValue + ", URI=" + uri);
            } catch (RepositoryException e) {
                User.log.error("Failed in PASS1: ", e);
                throw new TupleQueryResultHandlerException(e);
            } catch (NamingException e2) {
                User.log.error("Failed in PASS1: ", e2);
                throw new TupleQueryResultHandlerException(e2);
            } catch (SQLException e3) {
                User.log.error("Failed in PASS1: ", e3);
                throw new TupleQueryResultHandlerException(e3);
            }
        }
    }

    /* loaded from: input_file:WEB-INF/classes/org/eaglei/repository/User$authUserPass2Handler.class */
    private static class authUserPass2Handler extends TupleQueryResultHandlerBase {
        private authUserPass1Handler pass1;
        private Map<URI, URI> subject2uri = new HashMap();

        public authUserPass2Handler(authUserPass1Handler authuserpass1handler) {
            this.pass1 = authuserpass1handler;
        }

        /* JADX WARN: Finally extract failed */
        @Override // org.openrdf.query.TupleQueryResultHandlerBase, org.openrdf.query.TupleQueryResultHandler
        public void handleSolution(BindingSet bindingSet) throws TupleQueryResultHandlerException {
            Value value = bindingSet.getValue("g");
            Value value2 = bindingSet.getValue("s");
            Value value3 = bindingSet.getValue("p");
            Value value4 = bindingSet.getValue("v");
            Value value5 = bindingSet.getValue("username");
            ValueFactory valueFactory = this.pass1.rc.getValueFactory();
            if (value2 == null || value == null || value3 == null || value4 == null) {
                throw new HandlerBadRequest("Bad export file content: missing one of the required data: subj=" + value2 + ", pred=" + value3 + ", obj=" + value4 + ", graph=" + value);
            }
            if (User.log.isDebugEnabled()) {
                User.log.debug("authUserPass2Handler: Got subj=" + value2 + ", pred=" + value3 + ", obj=" + value4.stringValue() + ", graph=" + value);
            }
            try {
                URI uri = value2 instanceof URI ? (URI) value2 : null;
                String stringValue = value5 == null ? null : value5.stringValue();
                if (stringValue == null || this.pass1.allow.contains(stringValue)) {
                    if (!this.subject2uri.containsKey(uri)) {
                        String stringValue2 = value2.stringValue();
                        if (this.pass1.excludes.contains(stringValue) || this.pass1.excludes.contains(stringValue2)) {
                            User.log.debug("PASS2: SKIP USER import because of exclude: username=" + stringValue + ", or subject=" + stringValue2);
                            return;
                        }
                        if (!this.pass1.includes.isEmpty() && !this.pass1.includes.contains(stringValue) && !this.pass1.includes.contains(stringValue2)) {
                            User.log.debug("PASS2: SKIP USER import because of include: username=" + stringValue + ", or subject=" + stringValue2);
                            return;
                        }
                        if (uri != null && this.pass1.rc.hasStatement(uri, REPO.HAS_PRINCIPAL_NAME, null, false, REPO.NG_INTERNAL)) {
                            User.log.debug("PASS2: FOUND DUPLICATE SUBJECT, user subject=" + uri);
                            if (this.pass1.duplicate == ImportExport.DuplicateArg.ignore) {
                                return;
                            }
                            if (this.pass1.duplicate == ImportExport.DuplicateArg.abort) {
                                throw new HandlerBadRequest("Import contains a duplicate user for URI=" + uri);
                            }
                            if (this.pass1.duplicate != ImportExport.DuplicateArg.replace) {
                                throw new HandlerBadRequest("Unknown state of 'duplicate' arg, duplicate=" + this.pass1.duplicate);
                            }
                            if (!this.pass1.transform) {
                                this.pass1.rc.remove(uri, null, null, REPO.NG_INTERNAL, REPO.NG_USERS);
                                User.log.debug("Removing all statements about user URI=" + uri + " in NG_Users");
                            }
                        }
                        RepositoryResult<Statement> statements = this.pass1.rc.getStatements(null, REPO.HAS_PRINCIPAL_NAME, value5, false, REPO.NG_INTERNAL);
                        while (statements.hasNext()) {
                            try {
                                Resource subject = statements.next().getSubject();
                                User.log.debug("PASS2: Clearing out existing Person with principal=" + stringValue + ", subject=" + subject);
                                this.pass1.rc.remove(subject, null, null, REPO.NG_INTERNAL, REPO.NG_USERS);
                            } catch (Throwable th) {
                                statements.close();
                                throw th;
                            }
                        }
                        statements.close();
                        if (this.pass1.transform) {
                            this.subject2uri.put(uri, valueFactory.createURI(DataRepository.getInstance().getDefaultNamespace(), RIDGenerator.getInstance().newID().toString()));
                        } else {
                            this.subject2uri.put(uri, uri);
                        }
                    }
                    URI uri2 = this.subject2uri.get(uri);
                    this.pass1.rc.add(uri2, (URI) value3, value4, (URI) value);
                    User.log.debug("PASS2: Added statement (" + uri2 + ", " + value3 + ", " + value4.stringValue() + ", " + value + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
            } catch (RepositoryException e) {
                User.log.error("Failed in PASS1: ", e);
                throw new TupleQueryResultHandlerException(e);
            }
        }

        @Override // org.openrdf.query.TupleQueryResultHandlerBase, org.openrdf.query.TupleQueryResultHandler
        public void endQueryResult() throws TupleQueryResultHandlerException {
            try {
                for (URI uri : this.subject2uri.values()) {
                    for (URI uri2 : User.implicitRoles) {
                        this.pass1.rc.add(uri, REPO.HAS_ROLE, uri2, REPO.NG_INTERNAL);
                    }
                }
                User.log.info("SUMMARY: Added and/or replaced: " + this.pass1.count + " RDBMS entries, and " + this.subject2uri.size() + " User Descriptions.");
            } catch (RepositoryException e) {
                User.log.error("Failed import Pass2, adding implicit roes: ", e);
                throw new TupleQueryResultHandlerException(e);
            }
        }
    }

    /* loaded from: input_file:WEB-INF/classes/org/eaglei/repository/User$mergeHandler.class */
    private static class mergeHandler extends RDFHandlerWrapper {
        private mergeHandler(RDFHandler rDFHandler) {
            super(rDFHandler);
        }

        @Override // org.openrdf.rio.helpers.RDFHandlerWrapper, org.openrdf.rio.RDFHandler
        public void startRDF() {
        }

        @Override // org.openrdf.rio.helpers.RDFHandlerWrapper, org.openrdf.rio.RDFHandler
        public void endRDF() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/org/eaglei/repository/User$oneUserHandler.class */
    public static class oneUserHandler extends TupleQueryResultHandlerBase {
        private User result = null;
        protected HttpServletRequest request;

        public oneUserHandler(HttpServletRequest httpServletRequest) {
            this.request = null;
            this.request = httpServletRequest;
        }

        @Override // org.openrdf.query.TupleQueryResultHandlerBase, org.openrdf.query.TupleQueryResultHandler
        public void endQueryResult() {
            if (this.result == null) {
                User.log.debug("Failed to get any query results, ");
            }
        }

        @Override // org.openrdf.query.TupleQueryResultHandlerBase, org.openrdf.query.TupleQueryResultHandler
        public void handleSolution(BindingSet bindingSet) throws TupleQueryResultHandlerException {
            if (this.result == null) {
                this.result = populateUser(this.request, bindingSet, null);
            } else {
                populateUser(this.request, bindingSet, this.result);
            }
        }

        protected User populateUser(HttpServletRequest httpServletRequest, BindingSet bindingSet, User user) throws TupleQueryResultHandlerException {
            User user2 = user;
            if (user2 == null) {
                Value value = bindingSet.getValue("uri");
                if (value == null || !(value instanceof URI)) {
                    throw new TupleQueryResultHandlerException("Missing valid result for required column 'uri'");
                }
                Value value2 = bindingSet.getValue("hasPrincipalName");
                if (value2 == null) {
                    throw new TupleQueryResultHandlerException("Missing valid result for required column 'hasPrincipalName'");
                }
                user2 = new User((URI) value, value2 instanceof Literal ? ((Literal) value2).getLabel() : value2.stringValue());
                Value value3 = bindingSet.getValue("firstName");
                if (value3 != null && (value3 instanceof Literal)) {
                    user2.firstName = ((Literal) value3).getLabel();
                }
                Value value4 = bindingSet.getValue("surname");
                if (value4 != null && (value4 instanceof Literal)) {
                    user2.lastName = ((Literal) value4).getLabel();
                }
                Value value5 = bindingSet.getValue("mbox");
                if (value5 != null && (value5 instanceof Literal)) {
                    user2.mbox = ((Literal) value5).getLabel();
                }
            }
            Value value6 = bindingSet.getValue("hasRole");
            if (value6 != null) {
                User.log.debug("Adding role to single User, username=" + user2.username + ", role=" + value6.stringValue());
                user2.roles.add((URI) value6);
            }
            return user2;
        }
    }

    public static Dataset getUserDataset() {
        return userDataset;
    }

    private User(URI uri, String str) {
        this.firstName = null;
        this.lastName = null;
        this.mbox = null;
        this.roles = new HashSet();
        this.newIsSuperuser = null;
        this.dirty = false;
        this.uri = uri;
        this.username = str;
        for (URI uri2 : implicitRoles) {
            this.roles.add(uri2);
        }
    }

    public static User findByUsername(HttpServletRequest httpServletRequest, String str) throws ServletException {
        return findOneUserInternal(httpServletRequest, str, null);
    }

    public static User find(HttpServletRequest httpServletRequest, URI uri) throws ServletException {
        return findOneUserInternal(httpServletRequest, null, uri);
    }

    private static User findOneUserInternal(HttpServletRequest httpServletRequest, String str, URI uri) throws ServletException {
        AuthUser find;
        RepositoryConnection repositoryConnection = WithRepositoryConnection.get(httpServletRequest);
        try {
            log.debug("Single user SPARQL query = " + userForURIQuery);
            TupleQuery prepareTupleQuery = repositoryConnection.prepareTupleQuery(QueryLanguage.SPARQL, userForURIQuery);
            prepareTupleQuery.setDataset(userDataset);
            prepareTupleQuery.clearBindings();
            if (str != null) {
                prepareTupleQuery.setBinding("hasPrincipalName", new LiteralImpl(str));
            } else {
                if (uri == null) {
                    throw new ServletException("sanity check: findOneUserInternal called without either username OR uri");
                }
                prepareTupleQuery.setBinding("uri", uri);
            }
            prepareTupleQuery.setIncludeInferred(false);
            oneUserHandler oneuserhandler = new oneUserHandler(httpServletRequest);
            prepareTupleQuery.evaluate(oneuserhandler);
            log.debug("User.findByUsername(" + str + ") => " + oneuserhandler.result);
            if (oneuserhandler.result != null && (find = AuthUser.find(str)) != null && find.isSuperuser()) {
                oneuserhandler.result.roles.add(REPO.ROLE_SUPERUSER);
            }
            return oneuserhandler.result;
        } catch (SQLException e) {
            log.error(e);
            throw new ServletException(e);
        } catch (MalformedQueryException e2) {
            log.error("Rejecting malformed query:" + e2);
            throw new ServletException(e2);
        } catch (NamingException e3) {
            log.error(e3);
            throw new ServletException(e3);
        } catch (OpenRDFException e4) {
            log.error(e4);
            throw new ServletException(e4);
        }
    }

    public static Iterable<User> findAll(HttpServletRequest httpServletRequest) throws ServletException {
        RepositoryConnection repositoryConnection = WithRepositoryConnection.get(httpServletRequest);
        ArrayList<User> arrayList = new ArrayList();
        try {
            log.debug("All user SPARQL query = " + userForURIQuery);
            TupleQuery prepareTupleQuery = repositoryConnection.prepareTupleQuery(QueryLanguage.SPARQL, userForURIQuery);
            prepareTupleQuery.setDataset(userDataset);
            prepareTupleQuery.setIncludeInferred(false);
            prepareTupleQuery.evaluate(new allUserHandler(httpServletRequest, arrayList));
            Map<String, AuthUser> findAllAsMap = AuthUser.findAllAsMap();
            for (User user : arrayList) {
                AuthUser authUser = findAllAsMap.get(user.username);
                if (authUser != null && authUser.isSuperuser()) {
                    user.roles.add(REPO.ROLE_SUPERUSER);
                }
            }
            return arrayList;
        } catch (SQLException e) {
            log.error(e);
            throw new ServletException(e);
        } catch (MalformedQueryException e2) {
            log.error("Rejecting malformed query:" + e2);
            throw new ServletException(e2);
        } catch (OpenRDFException e3) {
            log.error(e3);
            throw new ServletException(e3);
        } catch (NamingException e4) {
            log.error(e4);
            throw new ServletException(e4);
        }
    }

    public URI getURI() {
        return this.uri;
    }

    public String getUsername() {
        return this.username;
    }

    public String getFirstName() {
        return this.firstName;
    }

    public String getLastName() {
        return this.lastName;
    }

    public String getMbox() {
        return this.mbox;
    }

    public String getTitle() {
        if (this.username == null) {
            return this.uri.getLocalName();
        }
        String personalName = getPersonalName();
        return personalName.length() > 0 ? this.username + " (" + personalName + DefaultExpressionEngine.DEFAULT_INDEX_END : this.username;
    }

    public String getPersonalName() {
        return this.firstName == null ? this.lastName == null ? "" : this.lastName : this.lastName == null ? this.firstName : this.firstName + " " + this.lastName;
    }

    private Role[] getRoles(HttpServletRequest httpServletRequest) throws ServletException {
        Role[] roleArr = new Role[this.roles.size()];
        int i = 0;
        Iterator<URI> it = this.roles.iterator();
        while (it.hasNext()) {
            roleArr[i] = Role.find(httpServletRequest, it.next());
            i++;
        }
        return roleArr;
    }

    public boolean hasRoleP(Role role) {
        return this.roles.contains(role.getURI());
    }

    public boolean hasRoleP(URI uri) {
        return this.roles.contains(uri);
    }

    public boolean isSuperuser() {
        return hasRoleP(REPO.ROLE_SUPERUSER);
    }

    public void setIsSuperuser(boolean z) {
        if (z) {
            this.roles.add(REPO.ROLE_SUPERUSER);
        } else {
            this.roles.remove(REPO.ROLE_SUPERUSER);
        }
    }

    public void checkImplicitRoles(HttpServletRequest httpServletRequest) throws ServletException {
        for (URI uri : implicitRoles) {
            if (!hasRoleP(uri)) {
                addRoleAsAdministrator(httpServletRequest, Role.find(httpServletRequest, uri));
            }
        }
    }

    public static User create(HttpServletRequest httpServletRequest, String str) throws ServletException {
        return createInternal(httpServletRequest, str, false);
    }

    public static User createAsAdministrator(HttpServletRequest httpServletRequest, String str) throws ServletException {
        return createInternal(httpServletRequest, str, true);
    }

    private static User createInternal(HttpServletRequest httpServletRequest, String str, boolean z) throws ServletException {
        if (!z && !Access.hasPermissionOnUser(httpServletRequest, str)) {
            throw new ForbiddenException("Not allowed to create user: " + str);
        }
        RepositoryConnection repositoryConnection = WithRepositoryConnection.get(httpServletRequest);
        ValueFactory valueFactory = repositoryConnection.getValueFactory();
        try {
            Literal createLiteral = valueFactory.createLiteral(str);
            if (repositoryConnection.hasStatement(null, REPO.HAS_PRINCIPAL_NAME, createLiteral, false, REPO.NG_INTERNAL)) {
                throw new BadRequestException("Cannot create user: there is already a repository user with the login principal name (username) \"" + str + "\"");
            }
            User user = new User(valueFactory.createURI(DataRepository.getInstance().getDefaultNamespace(), RIDGenerator.getInstance().newID().toString()), str);
            repositoryConnection.add(user.uri, RDF.TYPE, REPO.PERSON, USER_GRAPH);
            repositoryConnection.add(user.uri, RDFS.LABEL, createLiteral, USER_GRAPH);
            repositoryConnection.add(user.uri, REPO.HAS_PRINCIPAL_NAME, createLiteral, REPO.NG_INTERNAL);
            for (URI uri : implicitRoles) {
                repositoryConnection.add(user.uri, REPO.HAS_ROLE, uri, REPO.NG_INTERNAL);
            }
            log.debug("create: created new User instance, username=" + str + ", uri=" + user.uri);
            user.dirty = true;
            return user;
        } catch (RepositoryException e) {
            log.error("Failed creating user URI: ", e);
            throw new ServletException("Failed creating user URI: ", e);
        }
    }

    public void setFirstName(HttpServletRequest httpServletRequest, String str) throws ServletException {
        this.firstName = str;
        setMetadataInternal(httpServletRequest, FOAF.FIRST_NAME, str);
    }

    public void setLastName(HttpServletRequest httpServletRequest, String str) throws ServletException {
        this.lastName = str;
        setMetadataInternal(httpServletRequest, FOAF.SURNAME, str);
    }

    public void setMbox(HttpServletRequest httpServletRequest, String str) throws ServletException {
        this.mbox = str;
        setMetadataInternal(httpServletRequest, FOAF.MBOX, str);
    }

    private void setMetadataInternal(HttpServletRequest httpServletRequest, URI uri, String str) throws ServletException {
        if (!Access.hasPermissionOnUser(httpServletRequest, this.username)) {
            throw new ForbiddenException("Not allowed to modify user: " + this.username);
        }
        try {
            RepositoryConnection repositoryConnection = WithRepositoryConnection.get(httpServletRequest);
            boolean hasStatement = repositoryConnection.hasStatement(this.uri, uri, null, false, USER_GRAPH);
            boolean hasStatement2 = repositoryConnection.hasStatement(this.uri, RDFS.LABEL, null, false, USER_GRAPH);
            ValueFactory valueFactory = repositoryConnection.getValueFactory();
            if (hasStatement) {
                repositoryConnection.remove(this.uri, uri, null, USER_GRAPH);
            }
            if (str != null) {
                repositoryConnection.add(this.uri, uri, valueFactory.createLiteral(str), USER_GRAPH);
            }
            String title = getTitle();
            log.debug("Setting User label, uri=" + this.uri + ", label=" + title);
            if (hasStatement2) {
                repositoryConnection.remove(this.uri, RDFS.LABEL, null, USER_GRAPH);
            }
            repositoryConnection.add(this.uri, RDFS.LABEL, valueFactory.createLiteral(title), USER_GRAPH);
            this.dirty = true;
        } catch (RepositoryException e) {
            throw new ServletException(e);
        }
    }

    public void addRole(HttpServletRequest httpServletRequest, URI uri) throws ServletException {
        addRole(httpServletRequest, Role.find(httpServletRequest, uri));
    }

    public void addRole(HttpServletRequest httpServletRequest, Role role) throws ServletException {
        addRoleInternal(httpServletRequest, role, false);
    }

    public void addRoleAsAdministrator(HttpServletRequest httpServletRequest, Role role) throws ServletException {
        addRoleInternal(httpServletRequest, role, true);
    }

    private void addRoleInternal(HttpServletRequest httpServletRequest, Role role, boolean z) throws ServletException {
        if (!z && !Authentication.isSuperuser(httpServletRequest)) {
            throw new ForbiddenException("Only the administrator is allowed to modify user roles.");
        }
        if (hasRoleP(role)) {
            return;
        }
        RepositoryConnection repositoryConnection = WithRepositoryConnection.get(httpServletRequest);
        try {
            if (this.roles.add(role.getURI())) {
                repositoryConnection.add(this.uri, REPO.HAS_ROLE, role.getURI(), REPO.NG_INTERNAL);
                if (role.isSuperuser()) {
                    this.newIsSuperuser = Boolean.TRUE;
                }
                this.dirty = true;
                log.debug("Added role: " + role);
            }
        } catch (RepositoryException e) {
            log.error("Failed adding role ", e);
            throw new ServletException("Failed adding role ", e);
        }
    }

    public void removeRole(HttpServletRequest httpServletRequest, URI uri) throws ServletException {
        removeRole(httpServletRequest, Role.find(httpServletRequest, uri));
    }

    public void removeRole(HttpServletRequest httpServletRequest, Role role) throws ServletException {
        if (!Authentication.isSuperuser(httpServletRequest)) {
            throw new ForbiddenException("Only the administrator is allowed to modify user roles.");
        }
        if (hasRoleP(role)) {
            try {
                WithRepositoryConnection.get(httpServletRequest).remove(this.uri, REPO.HAS_ROLE, role.getURI(), new Resource[0]);
                this.roles.remove(role.getURI());
                if (role.isSuperuser()) {
                    this.newIsSuperuser = Boolean.FALSE;
                }
                this.dirty = true;
                log.debug("Removed role: " + role);
            } catch (RepositoryException e) {
                log.error("Failed adding role ", e);
                throw new ServletException("Failed removing role ", e);
            }
        }
    }

    public boolean setRoles(HttpServletRequest httpServletRequest, Role[] roleArr) throws ServletException {
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        for (Role role : getRoles(httpServletRequest)) {
            if (!role.isImplicit()) {
                hashSet.add(role);
            }
        }
        for (Role role2 : roleArr) {
            if (hashSet.contains(role2)) {
                hashSet.remove(role2);
            } else {
                arrayList.add(role2);
            }
        }
        if (hashSet.isEmpty() && arrayList.isEmpty()) {
            return false;
        }
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            removeRole(httpServletRequest, (Role) it.next());
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            addRole(httpServletRequest, (Role) it2.next());
        }
        return true;
    }

    public void update(HttpServletRequest httpServletRequest) throws ServletException {
        AuthUser find;
        RepositoryConnection repositoryConnection = WithRepositoryConnection.get(httpServletRequest);
        try {
            if (this.dirty) {
                Authentication.decacheAuthentication(httpServletRequest, this);
                repositoryConnection.commit();
                if (this.newIsSuperuser != null && (find = AuthUser.find(this.username)) != null) {
                    find.setIsSuperuser(this.newIsSuperuser.booleanValue());
                    log.debug("update(): Setting AuthUser isSuperuser = " + this.newIsSuperuser);
                    find.update();
                }
            }
            this.dirty = false;
        } catch (SQLException e) {
            log.error("Failed updating user, URI=" + this.uri, e);
            throw new ServletException("Failed updating user, URI=" + this.uri, e);
        } catch (RepositoryException e2) {
            log.error("Failed updating user, URI=" + this.uri, e2);
            throw new ServletException("Failed updating user, URI=" + this.uri, e2);
        } catch (NamingException e3) {
            log.error("Failed updating user, URI=" + this.uri, e3);
            throw new ServletException("Failed updating user, URI=" + this.uri, e3);
        }
    }

    protected void finalize() throws Throwable {
        if (this.dirty) {
            log.error("finalize: about to destroy a User with dirty flag set, CHANGES WILL BE LOST.  Current state: " + toString());
        }
        super.finalize();
    }

    public String toString() {
        return "<#User: uri=" + (this.uri == null ? "(not set)" : this.uri.toString()) + ", username=" + this.username + ", firstName=" + this.firstName + ", lastName=" + this.lastName + ", mbox=" + this.mbox + ", roles=" + (this.roles == null ? "{null}" : Arrays.deepToString(this.roles.toArray(new URI[this.roles.size()]))) + ">";
    }

    public boolean equals(Object obj) {
        return (obj instanceof User) && this.uri != null && this.uri.equals(((User) obj).uri);
    }

    public int hashCode() {
        return this.uri.hashCode();
    }

    public static void doImportUsers(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RepositoryConnection repositoryConnection, Set<String> set, Set<String> set2, ImportExport.DuplicateArg duplicateArg, boolean z) throws ServletException, IOException {
        try {
            RepositoryConnection repositoryConnection2 = WithRepositoryConnection.get(httpServletRequest);
            try {
                try {
                    TupleQuery prepareTupleQuery = repositoryConnection.prepareTupleQuery(QueryLanguage.SPARQL, importUserGetAuthUsers);
                    if (log.isDebugEnabled()) {
                        log.debug("SPARQL query PASS1 against internal memory repo = " + importUserGetAuthUsers);
                    }
                    prepareTupleQuery.setDataset(getUserDataset());
                    prepareTupleQuery.setIncludeInferred(false);
                    Connection startTransaction = AuthUser.startTransaction();
                    authUserPass1Handler authuserpass1handler = new authUserPass1Handler(startTransaction, repositoryConnection2, z, duplicateArg, set, set2);
                    try {
                        prepareTupleQuery.evaluate(authuserpass1handler);
                        TupleQuery prepareTupleQuery2 = repositoryConnection.prepareTupleQuery(QueryLanguage.SPARQL, importUserGetStatements);
                        if (log.isDebugEnabled()) {
                            log.debug("SPARQL query PASS2 against internal memory repo = " + importUserGetStatements);
                        }
                        prepareTupleQuery2.setDataset(getUserDataset());
                        prepareTupleQuery2.setIncludeInferred(false);
                        prepareTupleQuery2.evaluate(new authUserPass2Handler(authuserpass1handler));
                        AuthUser.commitTransaction(startTransaction);
                        repositoryConnection2.commit();
                        startTransaction = null;
                        if (0 != 0) {
                            AuthUser.abortTransaction(null);
                        }
                    } catch (Throwable th) {
                        if (startTransaction != null) {
                            AuthUser.abortTransaction(startTransaction);
                        }
                        throw th;
                    }
                } catch (NamingException e) {
                    log.error("Failed in IMPORT USER: ", e);
                    throw new InternalServerErrorException(e);
                }
            } catch (SQLException e2) {
                log.error("Failed in IMPORT USER: ", e2);
                throw new InternalServerErrorException(e2);
            } catch (HandlerBadRequest e3) {
                throw new BadRequestException(e3.getMessage(), e3);
            }
        } catch (OpenRDFException e4) {
            throw new InternalServerErrorException(e4);
        }
    }

    public static void doExportUsers(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RDFFormat rDFFormat, Set<String> set, Set<String> set2) throws ServletException, IOException {
        try {
            RDFWriter createWriter = Rio.createWriter(rDFFormat, new OutputStreamWriter((OutputStream) httpServletResponse.getOutputStream(), "UTF-8"));
            mergeHandler mergehandler = new mergeHandler(createWriter);
            createWriter.startRDF();
            RepositoryConnection repositoryConnection = WithRepositoryConnection.get(httpServletRequest);
            ValueFactory valueFactory = repositoryConnection.getValueFactory();
            Map<String, AuthUser> findAllAsMap = AuthUser.findAllAsMap();
            for (User user : findAll(httpServletRequest)) {
                URI uri = user.getURI();
                String obj = uri.toString();
                String username = user.getUsername();
                AuthUser remove = findAllAsMap.remove(username);
                if (set2.contains(username) || set2.contains(obj)) {
                    log.debug("SKIP USER because of exclude: " + user);
                } else if (set.isEmpty() || set.contains(username) || set.contains(obj)) {
                    log.debug("EXPORT USER: " + uri);
                    repositoryConnection.exportStatements(uri, null, null, false, mergehandler, REPO.NG_USERS, REPO.NG_INTERNAL);
                    if (remove == null) {
                        log.warn("User is NOT IN RDBMS, so no password: username=" + username);
                    } else {
                        mergehandler.handleStatement(new ContextStatementImpl(uri, EXPORT_AUTH_TYPE, EXPORT_AUTH_TYPE_BUILTIN, REPO.NG_INTERNAL));
                        mergehandler.handleStatement(new ContextStatementImpl(uri, EXPORT_AUTH_PASSWORD, new LiteralImpl(remove.getPassword(), XMLSchema.STRING), REPO.NG_INTERNAL));
                    }
                } else {
                    log.debug("SKIP USER because of include: " + user);
                }
            }
            for (AuthUser authUser : findAllAsMap.values()) {
                String username2 = authUser.getUsername();
                if (set2.contains(username2)) {
                    log.debug("SKIP UNDOCUMENTED USER because of exclude: \"" + username2 + "\"");
                } else if (set.isEmpty() || set.contains(username2)) {
                    log.debug("EXPORT UNDOCUMENTED USER: \"" + username2 + "\"");
                    BNode createBNode = valueFactory.createBNode();
                    mergehandler.handleStatement(new ContextStatementImpl(createBNode, EXPORT_AUTH_TYPE, EXPORT_AUTH_TYPE_BUILTIN, REPO.NG_INTERNAL));
                    mergehandler.handleStatement(new ContextStatementImpl(createBNode, REPO.HAS_PRINCIPAL_NAME, new LiteralImpl(authUser.getUsername(), XMLSchema.STRING), REPO.NG_INTERNAL));
                    mergehandler.handleStatement(new ContextStatementImpl(createBNode, EXPORT_AUTH_PASSWORD, new LiteralImpl(authUser.getPassword(), XMLSchema.STRING), REPO.NG_INTERNAL));
                } else {
                    log.debug("SKIP UNDOCUMENTED USER because of include: \"" + username2 + "\"");
                }
            }
            createWriter.endRDF();
        } catch (SQLException e) {
            throw new InternalServerErrorException(e);
        } catch (OpenRDFException e2) {
            throw new InternalServerErrorException(e2);
        } catch (NamingException e3) {
            throw new InternalServerErrorException((Throwable) e3);
        }
    }

    static {
        SPARQL.addGraph(userDataset, USER_GRAPH);
        if (log.isDebugEnabled()) {
            log.debug("User Dataset = " + Utils.prettyPrint(userDataset));
        }
        EXPORT_AUTH_PASSWORD = new URIImpl("http://eagle-i.org/ont/repo/1.0/exportAuthPassword");
        EXPORT_AUTH_TYPE = new URIImpl("http://eagle-i.org/ont/repo/1.0/exportAuthType");
        EXPORT_AUTH_TYPE_BUILTIN = new URIImpl("http://eagle-i.org/ont/repo/1.0/exportAuthType_Builtin");
        importUserGetAuthUsers = "SELECT * WHERE { \nGRAPH <" + REPO.NG_INTERNAL + "> {  ?authUser <" + EXPORT_AUTH_TYPE + "> <" + EXPORT_AUTH_TYPE_BUILTIN + ">;  <" + REPO.HAS_PRINCIPAL_NAME + "> ?username;  <" + EXPORT_AUTH_PASSWORD + "> ?password  OPTIONAL { ?authUser <" + REPO.HAS_ROLE + "> ?su    FILTER(?su = <" + REPO.ROLE_SUPERUSER + ">)}}}";
        importUserGetStatements = "SELECT ?g ?s ?p ?v ?username WHERE { \nGRAPH <" + REPO.NG_USERS + "> { ?s a <" + REPO.PERSON + "> }\nOPTIONAL { GRAPH <" + REPO.NG_INTERNAL + "> {     ?s <" + REPO.HAS_PRINCIPAL_NAME + "> ?username}}\nGRAPH ?g {?s ?p ?v \n  FILTER((?g = <" + REPO.NG_INTERNAL + "> && isURI(?s) &&\n         (?p = <" + REPO.HAS_ROLE + "> || ?p = <" + REPO.HAS_PRINCIPAL_NAME + ">)) ||\n        (?g = <" + REPO.NG_USERS + ">))}}";
        implicitRoles = new URI[]{REPO.ROLE_AUTHENTICATED, REPO.ROLE_ANONYMOUS};
        userForURIQuery = "SELECT * WHERE { ?uri a <" + REPO.PERSON + "> ; \n<" + REPO.HAS_PRINCIPAL_NAME + "> ?hasPrincipalName .\n  OPTIONAL { ?uri <" + FOAF.FIRST_NAME + "> ?firstName }\n  OPTIONAL { ?uri <" + FOAF.SURNAME + "> ?surname }\n  OPTIONAL { ?uri <" + FOAF.MBOX + "> ?mbox }\n  OPTIONAL { ?uri <" + REPO.HAS_ROLE + "> ?hasRole . ?hasRole <" + RDFS.LABEL + "> ?roleLabel }\n } ORDER BY ?hasPrincipalName";
    }
}
