package org.eaglei.repository.model;

import ch.qos.logback.classic.ClassicGlobal;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;
import org.eaglei.repository.auth.Authentication;
import org.eaglei.repository.servlet.WithRepositoryConnection;
import org.eaglei.repository.status.BadRequestException;
import org.eaglei.repository.status.ForbiddenException;
import org.eaglei.repository.status.InternalServerErrorException;
import org.eaglei.repository.util.Utils;
import org.eaglei.repository.vocabulary.REPO;
import org.mindswap.pellet.dig.DIGConstants;
import org.openrdf.OpenRDFException;
import org.openrdf.model.Literal;
import org.openrdf.model.Statement;
import org.openrdf.model.URI;
import org.openrdf.model.Value;
import org.openrdf.model.impl.ContextStatementImpl;
import org.openrdf.model.vocabulary.RDF;
import org.openrdf.model.vocabulary.RDFS;
import org.openrdf.query.BindingSet;
import org.openrdf.query.QueryLanguage;
import org.openrdf.query.TupleQuery;
import org.openrdf.query.TupleQueryResult;
import org.openrdf.query.TupleQueryResultHandlerBase;
import org.openrdf.query.TupleQueryResultHandlerException;
import org.openrdf.repository.RepositoryConnection;

/* loaded from: input_file:WEB-INF/classes/org/eaglei/repository/model/AccessGrant.class */
public class AccessGrant {
    private static Logger log = LogManager.getLogger(Access.class);
    private static String importGrantQuery = null;
    private static final String getGrantsQueryPrefix = "SELECT DISTINCT * WHERE { \nGRAPH <" + REPO.NG_INTERNAL + "> { ?instance ?access ?agent } . \n?access <" + RDFS.SUBPROPERTYOF + "> <" + REPO.HAS_ANY_ACCESS + "> \nOPTIONAL { ?access <" + RDFS.LABEL + "> ?accessLabel }\nOPTIONAL { ?agent <" + RDFS.LABEL + "> ?agentLabel }\nOPTIONAL { {{?agent <" + RDF.TYPE + "> ?agentType} UNION {?agent <" + RDFS.SUBCLASSOF + "> ?agentType}}\n  FILTER (?agentType = <" + REPO.ROLE + "> || ?agentType = <" + REPO.PERSON + ">) \n  OPTIONAL { ?agentType <" + RDFS.LABEL + "> ?agentTypeLabel }}\n";
    private static final String getGrantsQuery = getGrantsQueryPrefix + "}";
    private static final String getMyGrantsQuery = getGrantsQueryPrefix + "{{?user <" + REPO.HAS_ROLE + "> ?agent} UNION {?instance ?access ?user}}}";
    private Term access;
    private Term agent;
    private Term agentType;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/org/eaglei/repository/model/AccessGrant$Term.class */
    public static class Term {
        private URI uri;
        private String label;

        private Term(URI uri, String str) {
            this.uri = null;
            this.label = null;
            this.uri = uri;
            this.label = str == null ? uri.getLocalName() : str;
        }

        private Term(URI uri) {
            this.uri = null;
            this.label = null;
            this.uri = uri;
            this.label = uri.getLocalName();
        }

        public String toString() {
            return this.uri.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/org/eaglei/repository/model/AccessGrant$grantHandler.class */
    public static class grantHandler extends TupleQueryResultHandlerBase {
        private List<AccessGrant> result = new ArrayList();

        protected grantHandler() {
        }

        @Override // org.openrdf.query.TupleQueryResultHandlerBase, org.openrdf.query.TupleQueryResultHandler
        public void handleSolution(BindingSet bindingSet) throws TupleQueryResultHandlerException {
            Value value = bindingSet.getValue("agent");
            Value value2 = bindingSet.getValue("agentLabel");
            Value value3 = bindingSet.getValue("agentType");
            Value value4 = bindingSet.getValue("agentTypeLabel");
            Value value5 = bindingSet.getValue("access");
            Value value6 = bindingSet.getValue("accessLabel");
            if (value == null || !(value instanceof URI)) {
                throw new TupleQueryResultHandlerException("The value for 'agent' was null or not a URI type in grantHandler: " + value);
            }
            if (value5 == null || !(value5 instanceof URI)) {
                throw new TupleQueryResultHandlerException("The value for 'access' was null or not a URI type in grantHandler: " + value5);
            }
            if (value3 == null) {
                value3 = REPO.AGENT;
            }
            if (AccessGrant.log.isDebugEnabled()) {
                AccessGrant.log.debug("getGrants: Adding Grant(agent=" + value + ", agentLabel=" + value2 + ", agentType=" + value3 + ", agentTypeLabel=" + value4 + ", access=" + value5 + ", accessLabel=" + value6);
            }
            this.result.add(new AccessGrant((URI) value, (value2 == null || !(value2 instanceof Literal)) ? null : ((Literal) value2).getLabel(), (URI) value3, (value4 == null || !(value4 instanceof Literal)) ? null : ((Literal) value4).getLabel(), (URI) value5, (value6 == null || !(value6 instanceof Literal)) ? null : ((Literal) value6).getLabel()));
        }
    }

    private AccessGrant(URI uri, String str, URI uri2, String str2, URI uri3, String str3) {
        this.access = null;
        this.agent = null;
        this.agentType = null;
        this.agent = new Term(uri, str);
        this.agentType = new Term(uri2, str2);
        this.access = new Term(uri3, str3);
    }

    public URI getAccessURI() {
        if (this.access == null) {
            return null;
        }
        return this.access.uri;
    }

    public String getAccessLabel() {
        if (this.access == null) {
            return null;
        }
        return this.access.label;
    }

    public URI getAgentURI() {
        if (this.agent == null) {
            return null;
        }
        return this.agent.uri;
    }

    public String getAgentLabel() {
        if (this.agent == null) {
            return null;
        }
        return this.agent.label;
    }

    public URI getAgentTypeURI() {
        if (this.agentType == null) {
            return null;
        }
        return this.agentType.uri;
    }

    public String getAgentTypeLabel() {
        if (this.agentType == null) {
            return null;
        }
        return this.agentType.label;
    }

    public static boolean removeGrant(HttpServletRequest httpServletRequest, URI uri, URI uri2, URI uri3) {
        if (Access.hasPermission(httpServletRequest, uri, Access.ADMIN)) {
            return removeGrantAsAdministrator(httpServletRequest, uri, uri2, uri3);
        }
        throw new ForbiddenException("You are not allowed to change access controls on " + uri);
    }

    public static boolean removeGrantAsAdministrator(HttpServletRequest httpServletRequest, URI uri, URI uri2, URI uri3) {
        if (uri == null || uri3 == null || uri2 == null) {
            throw new BadRequestException("removeGrant called with an illegal null URI.");
        }
        if (!Access.isAccessPredicate(uri3)) {
            throw new IllegalArgumentException("Access URI is not a valid access predicate: " + uri3.stringValue());
        }
        RepositoryConnection repositoryConnection = WithRepositoryConnection.get(httpServletRequest);
        try {
            if (!repositoryConnection.hasStatement(uri, uri3, uri2, false, REPO.NG_INTERNAL)) {
                return false;
            }
            repositoryConnection.remove(uri, uri3, uri2, REPO.NG_INTERNAL);
            return true;
        } catch (OpenRDFException e) {
            log.error(e);
            throw new InternalServerErrorException("Failed in remove ACL: ", e);
        }
    }

    public static void addGrant(HttpServletRequest httpServletRequest, URI uri, URI uri2, URI uri3) {
        if (!Access.hasPermission(httpServletRequest, uri, Access.ADMIN)) {
            throw new ForbiddenException("You are not allowed to change access controls on " + uri);
        }
        addGrantAsAdministrator(httpServletRequest, uri, uri2, uri3);
    }

    public static void addGrantAsAdministrator(HttpServletRequest httpServletRequest, URI uri, URI uri2, URI uri3) {
        if (!Access.isAccessPredicate(uri3)) {
            throw new IllegalArgumentException("Access URI is not a valid access predicate: " + uri3.stringValue());
        }
        RepositoryConnection repositoryConnection = WithRepositoryConnection.get(httpServletRequest);
        try {
            if (!repositoryConnection.hasStatement(uri, uri3, uri2, false, REPO.NG_INTERNAL)) {
                repositoryConnection.add(uri, uri3, uri2, REPO.NG_INTERNAL);
            }
        } catch (OpenRDFException e) {
            log.error(e);
            throw new InternalServerErrorException("Failed in add ACL: ", e);
        }
    }

    public static Iterable<AccessGrant> getGrants(HttpServletRequest httpServletRequest, URI uri) {
        return getGrantsInternal(httpServletRequest, WithRepositoryConnection.get(httpServletRequest), uri, false);
    }

    public static Iterable<AccessGrant> getMyGrants(HttpServletRequest httpServletRequest, URI uri) {
        return getGrantsInternal(httpServletRequest, WithRepositoryConnection.get(httpServletRequest), uri, true);
    }

    private static Iterable<AccessGrant> getGrantsInternal(HttpServletRequest httpServletRequest, RepositoryConnection repositoryConnection, URI uri, boolean z) {
        try {
            String str = z ? getMyGrantsQuery : getGrantsQuery;
            if (log.isDebugEnabled()) {
                log.debug("SPARQL query to get " + (z ? "MY (" + Authentication.getPrincipalURI(httpServletRequest).stringValue() + DefaultExpressionEngine.DEFAULT_INDEX_END : "") + "grants, instance=" + uri.stringValue() + ", query=\n" + str);
            }
            TupleQuery prepareTupleQuery = repositoryConnection.prepareTupleQuery(QueryLanguage.SPARQL, str);
            prepareTupleQuery.setBinding(DIGConstants.INSTANCE, uri);
            if (z) {
                if (httpServletRequest == null) {
                    throw new IllegalArgumentException("Cannot get grants for current user when request is null.");
                }
                prepareTupleQuery.setBinding(ClassicGlobal.USER_MDC_KEY, Authentication.getPrincipalURI(httpServletRequest));
            }
            prepareTupleQuery.setDataset(Access.ACCESS_DATASET);
            grantHandler granthandler = new grantHandler();
            prepareTupleQuery.evaluate(granthandler);
            return granthandler.result;
        } catch (OpenRDFException e) {
            log.error(e);
            throw new InternalServerErrorException("Failed in query: " + e, e);
        }
    }

    public static Iterable<Statement> exportGrants(URI uri, Iterable<AccessGrant> iterable) {
        ArrayList arrayList = new ArrayList();
        for (AccessGrant accessGrant : iterable) {
            arrayList.add(new ContextStatementImpl(uri, accessGrant.access.uri, accessGrant.agent.uri, REPO.NG_INTERNAL));
        }
        return arrayList;
    }

    public static Iterable<Statement> importGrants(HttpServletRequest httpServletRequest, RepositoryConnection repositoryConnection, URI uri, URI uri2) {
        try {
            if (importGrantQuery == null) {
                StringBuilder sb = new StringBuilder("SELECT ?p ?o WHERE {?s ?p ?o FILTER(");
                TupleQuery prepareTupleQuery = WithRepositoryConnection.get(httpServletRequest).prepareTupleQuery(QueryLanguage.SPARQL, "SELECT * WHERE { ?accessPred <" + RDFS.SUBPROPERTYOF + "> <" + REPO.HAS_ANY_ACCESS + ">}");
                prepareTupleQuery.setDataset(Access.ACCESS_DATASET);
                TupleQueryResult tupleQueryResult = null;
                try {
                    tupleQueryResult = prepareTupleQuery.evaluate();
                    boolean z = true;
                    while (tupleQueryResult.hasNext()) {
                        String valueAsString = Utils.valueAsString(tupleQueryResult.next().getValue("accessPred"));
                        if (z) {
                            z = false;
                        } else {
                            sb.append(" || ");
                        }
                        sb.append("?p = <").append(valueAsString).append(">");
                    }
                    sb.append(")}");
                    importGrantQuery = sb.toString();
                    log.debug("Generating fixed Access Import query: \"" + importGrantQuery + "\"");
                    if (tupleQueryResult != null) {
                        tupleQueryResult.close();
                    }
                } finally {
                }
            }
            TupleQuery prepareTupleQuery2 = repositoryConnection.prepareTupleQuery(QueryLanguage.SPARQL, importGrantQuery);
            prepareTupleQuery2.setDataset(Access.ACCESS_DATASET);
            prepareTupleQuery2.setBinding("s", uri);
            TupleQueryResult tupleQueryResult2 = null;
            ArrayList arrayList = new ArrayList();
            try {
                tupleQueryResult2 = prepareTupleQuery2.evaluate();
                while (tupleQueryResult2.hasNext()) {
                    BindingSet next = tupleQueryResult2.next();
                    arrayList.add(new ContextStatementImpl(uri2, (URI) next.getValue("p"), next.getValue("o"), REPO.NG_INTERNAL));
                }
                if (tupleQueryResult2 != null) {
                    tupleQueryResult2.close();
                }
                log.debug("importGrants(" + uri.stringValue() + "): returning " + arrayList.size() + " grant statements.");
                return arrayList;
            } finally {
            }
        } catch (OpenRDFException e) {
            log.error("Failed in one of the Import Grant queries: ", e);
            throw new InternalServerErrorException(e);
        }
    }
}
