package org.eaglei.repository.model;

import ch.qos.logback.classic.ClassicGlobal;
import java.security.Principal;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;
import org.eaglei.repository.auth.Authentication;
import org.eaglei.repository.servlet.WithRepositoryConnection;
import org.eaglei.repository.status.InternalServerErrorException;
import org.eaglei.repository.util.SPARQL;
import org.eaglei.repository.vocabulary.REPO;
import org.openrdf.OpenRDFException;
import org.openrdf.model.Resource;
import org.openrdf.model.URI;
import org.openrdf.query.Binding;
import org.openrdf.query.BindingSet;
import org.openrdf.query.BooleanQuery;
import org.openrdf.query.Dataset;
import org.openrdf.query.QueryLanguage;
import org.openrdf.query.TupleQuery;
import org.openrdf.query.TupleQueryResultHandler;
import org.openrdf.query.impl.DatasetImpl;
import org.openrdf.repository.RepositoryConnection;
import org.semanticweb.owlapi.rdf.util.RDFConstants;

/* loaded from: input_file:WEB-INF/classes/org/eaglei/repository/model/Access.class */
public enum Access {
    READ(REPO.HAS_READ_ACCESS),
    ADD(REPO.HAS_ADD_ACCESS),
    REMOVE(REPO.HAS_REMOVE_ACCESS),
    ADMIN(REPO.HAS_ADMIN_ACCESS);

    private URI uri;
    private static final Set<URI> valueURIs = new HashSet();
    private static final String hasPermissionQuery;
    public static final DatasetImpl ACCESS_DATASET;
    private static final Logger log;

    Access(URI uri) {
        this.uri = null;
        this.uri = uri;
    }

    public static boolean isAccessPredicate(URI uri) {
        return valueURIs.contains(uri);
    }

    public URI getURI() {
        return this.uri;
    }

    @Override // java.lang.Enum
    public String toString() {
        return name().toUpperCase();
    }

    public static boolean hasPermission(HttpServletRequest httpServletRequest, Resource resource, Access access) {
        if (Authentication.isSuperuser(httpServletRequest)) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Superuser elides check: hasPermission(" + resource + ", " + access + ") => true");
            return true;
        }
        try {
            URI principalURI = Authentication.getPrincipalURI(httpServletRequest);
            BooleanQuery prepareBooleanQuery = WithRepositoryConnection.get(httpServletRequest).prepareBooleanQuery(QueryLanguage.SPARQL, hasPermissionQuery);
            prepareBooleanQuery.setIncludeInferred(true);
            prepareBooleanQuery.setDataset(ACCESS_DATASET);
            prepareBooleanQuery.clearBindings();
            prepareBooleanQuery.setBinding(ClassicGlobal.USER_MDC_KEY, principalURI);
            prepareBooleanQuery.setBinding("access", access.uri);
            prepareBooleanQuery.setBinding(RDFConstants.ATTR_RESOURCE, resource);
            boolean evaluate = prepareBooleanQuery.evaluate();
            if (log.isDebugEnabled()) {
                log.debug("Access Query: user=" + principalURI + ", access=" + access + ", query=\n" + hasPermissionQuery);
                log.debug("hasPermission(" + resource + ", " + access + ", " + principalURI + ") => " + evaluate);
            }
            return evaluate;
        } catch (OpenRDFException e) {
            log.error(e);
            throw new InternalServerErrorException("Failed in access check: ", e);
        }
    }

    public static boolean hasPermissionOnUser(HttpServletRequest httpServletRequest, String str) {
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        return Authentication.isSuperuser(httpServletRequest) || !(str == null || userPrincipal == null || !str.equals(userPrincipal.getName()));
    }

    public static void filterByPermission(HttpServletRequest httpServletRequest, URI uri, String str, String str2, String str3, Access access, Dataset dataset, BindingSet bindingSet, TupleQueryResultHandler tupleQueryResultHandler) {
        try {
            RepositoryConnection repositoryConnection = WithRepositoryConnection.get(httpServletRequest);
            URI principalURI = uri == null ? Authentication.getPrincipalURI(httpServletRequest) : uri;
            String makeAccessQuery = makeAccessQuery(str, "SELECT " + str2 + " WHERE", str3);
            if (log.isDebugEnabled()) {
                log.debug("SPARQL query in filterByPermission, name=" + str + ", query=\n  " + makeAccessQuery);
            }
            TupleQuery prepareTupleQuery = repositoryConnection.prepareTupleQuery(QueryLanguage.SPARQL, makeAccessQuery);
            prepareTupleQuery.setIncludeInferred(true);
            prepareTupleQuery.setDataset(dataset);
            prepareTupleQuery.clearBindings();
            prepareTupleQuery.setBinding(ClassicGlobal.USER_MDC_KEY, principalURI);
            prepareTupleQuery.setBinding("access", access.uri);
            if (bindingSet != null && bindingSet.size() > 0) {
                for (Binding binding : bindingSet) {
                    prepareTupleQuery.setBinding(binding.getName(), binding.getValue());
                }
            }
            prepareTupleQuery.evaluate(tupleQueryResultHandler);
        } catch (OpenRDFException e) {
            log.error(e);
            throw new InternalServerErrorException("Failed in access check: ", e);
        }
    }

    private static String makeAccessQuery(String str, String str2, String str3) {
        StringBuilder sb = new StringBuilder();
        sb.append(str2).append(" { ");
        if (str3 != null) {
            sb.append(str3);
        }
        sb.append("{ { ?user <").append(REPO.HAS_ROLE).append("> ?r . ?").append(str).append(" ?access ?r }\n");
        sb.append(" UNION { ?").append(str).append(" ?access ?user } } }");
        return sb.toString();
    }

    static {
        for (Access access : values()) {
            valueURIs.add(access.uri);
        }
        hasPermissionQuery = makeAccessQuery(RDFConstants.ATTR_RESOURCE, "ASK", null);
        ACCESS_DATASET = SPARQL.copyDataset(SPARQL.InternalGraphs);
        ACCESS_DATASET.addDefaultGraph(User.USER_GRAPH);
        log = LogManager.getLogger(Access.class);
    }
}
