package severe.security.accessControl;

import edrm.licensing.License;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Vector;
import org.antlr.works.visualization.graphics.primitive.GLiteral;
import org.omg.CORBA.UNKNOWN;
import severe.data.Relationship;
import severe.data.VersionID;
import severe.data.View;
import severe.data.ViewImpl;
import severe.security.GroupID;
import severe.security.InvalidSessionException;
import severe.security.ResourceEvent;
import severe.security.SecurityException;
import severe.security.SecurityKernel;
import severe.security.UserID;
import severe.security.event.EventCreate;
import severe.security.event.EventDelete;
import severe.security.event.EventRead;
import severe.security.event.EventUpdate;
import severe.tools.prolog.GenericPrologConnector;
import severe.tools.util.Config;
import severe.tools.util.Logger;

/* loaded from: input_file:severe/security/accessControl/AccessControllerImpl.class */
public class AccessControllerImpl implements AccessController {
    private Hashtable<UserID, PDP> _pdpList;
    protected SecurityKernel _sk;
    private GenericPrologConnector _pec;
    protected short buildViewDebugMode;
    public static final short NormalView = 0;
    public static final short AccessSetOnly = 1;
    public static final short BaseViewSetOnly = 2;

    public AccessControllerImpl() {
        this._sk = null;
        this._pdpList = new Hashtable<>();
        try {
            this._pec = (GenericPrologConnector) Class.forName(Config.getProperty(".prolog.className")).getConstructor(new Class[0]).newInstance(new Object[0]);
            String property = System.getProperty("file.separator");
            this._pec.loadFile(String.valueOf(String.valueOf(getClass().getPackage().getName().replace('.', property.charAt(0))) + property) + "severe.pl");
            this.buildViewDebugMode = (short) 0;
        } catch (Exception e) {
            throw new UNKNOWN();
        }
    }

    public AccessControllerImpl(SecurityKernel securityKernel) {
        this();
        this._sk = securityKernel;
    }

    private String StringToProlog(String str) {
        return "ac_" + str.replace(' ', '_').replace('.', '_');
    }

    private String PermissionToProlog(Permission permission) {
        return "ac_perm_" + permission.name();
    }

    private Permission PrologToPermission(String str) {
        Permission permission = Permission.undefined;
        try {
            permission = Permission.valueOf(str.substring(8));
        } catch (NumberFormatException e) {
            System.out.println("*** PrologToPermission: cannot resolve permission \"" + str + "\"... using \"undefined\" instead");
        }
        return permission;
    }

    private String PermissionToString(Permission permission) {
        return permission.toString();
    }

    private PDP _createPDP(String str) {
        try {
            return (PDP) Class.forName(str).getConstructor(Class.forName("severe.security.SecurityKernel")).newInstance(this._sk);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // severe.security.Controller
    public void shutdown() {
        Iterator<PDP> it = this._pdpList.values().iterator();
        while (it.hasNext()) {
            it.next().shutdown();
        }
    }

    @Override // severe.security.Controller
    public View filterView(UserID userID, View view) {
        Hashtable hashtable = new Hashtable();
        Hashtable hashtable2 = new Hashtable();
        Hashtable hashtable3 = new Hashtable();
        for (GroupID groupID : this._sk.groups()) {
            this._pec.assertz(this._pec.parse("group(" + StringToProlog(groupID.groupName()) + ")."));
        }
        UserID[] users = this._sk.users();
        for (int i = 0; i < users.length; i++) {
            this._pec.assertz(this._pec.parse("user(" + StringToProlog(users[i].userName()) + ")."));
            for (GroupID groupID2 : users[i].groups()) {
                this._pec.assertz(this._pec.parse("belongsto(" + StringToProlog(users[i].userName()) + GLiteral.OP_COMA + StringToProlog(groupID2.groupName()) + ")."));
            }
        }
        this._pec.assertz(this._pec.parse("right(undefined," + PermissionToProlog(Permission.undefined) + ")."));
        this._pec.assertz(this._pec.parse("right(ownership," + PermissionToProlog(Permission.ownership) + ")."));
        this._pec.assertz(this._pec.parse("right(access," + PermissionToProlog(Permission.access) + ")."));
        this._pec.assertz(this._pec.parse("right(read," + PermissionToProlog(Permission.read) + ")."));
        this._pec.assertz(this._pec.parse("right(update," + PermissionToProlog(Permission.update) + ")."));
        this._pec.assertz(this._pec.parse("right(delete," + PermissionToProlog(Permission.delete) + ")."));
        for (int i2 = 0; i2 < view.versions().length; i2++) {
            VersionID versionID = view.versions()[i2];
            Object parse = this._pec.parse("resource(" + StringToProlog(versionID.objectId().objectName()) + GLiteral.OP_COMA + StringToProlog(versionID.versionName()) + ").");
            this._pec.assertz(parse);
            hashtable.put(this._pec.toKey(parse), versionID);
            for (Permission permission : this._pdpList.get(userID).getPermissions(versionID, userID)) {
                this._pec.assertz(this._pec.parse("permission(" + StringToProlog(userID.groups()[0].groupName()) + GLiteral.OP_COMA + StringToProlog(versionID.objectId().objectName()) + GLiteral.OP_COMA + PermissionToProlog(permission) + ")."));
            }
        }
        for (int i3 = 0; i3 < view.childRelationships().length; i3++) {
            Relationship relationship = view.childRelationships()[i3];
            VersionID vidFrom = relationship.vidFrom();
            VersionID vidTo = relationship.vidTo();
            Object parse2 = this._pec.parse("vrel(" + ("resource(" + StringToProlog(vidFrom.objectId().objectName()) + GLiteral.OP_COMA + StringToProlog(vidFrom.versionName()) + ")") + GLiteral.OP_COMA + ("resource(" + StringToProlog(vidTo.objectId().objectName()) + GLiteral.OP_COMA + StringToProlog(vidTo.versionName()) + ")") + ").");
            this._pec.assertz(parse2);
            hashtable2.put(this._pec.toKey(parse2), relationship);
        }
        for (int i4 = 0; i4 < view.semanticRelationships().length; i4++) {
            Relationship relationship2 = view.semanticRelationships()[i4];
            VersionID vidFrom2 = relationship2.vidFrom();
            VersionID vidTo2 = relationship2.vidTo();
            Object parse3 = this._pec.parse("srel(" + ("resource(" + StringToProlog(vidFrom2.objectId().objectName()) + GLiteral.OP_COMA + StringToProlog(vidFrom2.versionName()) + ")") + GLiteral.OP_COMA + ("resource(" + StringToProlog(vidTo2.objectId().objectName()) + GLiteral.OP_COMA + StringToProlog(vidTo2.versionName()) + ")") + GLiteral.OP_COMA + StringToProlog(relationship2.relName()) + ").");
            this._pec.assertz(parse3);
            hashtable3.put(this._pec.toKey(parse3), relationship2);
        }
        Object obj = null;
        switch (this.buildViewDebugMode) {
            case 0:
                obj = "extendedViewSet";
                break;
            case 1:
                obj = "accessSet";
                break;
            case 2:
                obj = "baseViewSet";
                break;
        }
        Vector[] buildView = this._pec.buildView(String.valueOf(obj) + "(" + StringToProlog(userID.userName()) + ", View).");
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        Vector vector3 = new Vector();
        Iterator it = buildView[0].iterator();
        while (it.hasNext()) {
            Object next = it.next();
            VersionID versionID2 = (VersionID) hashtable.get(next.toString());
            if (versionID2 == null) {
                System.out.println("*** " + next + " --> NOT FOUND !!!");
            }
            vector.addElement(versionID2);
        }
        Iterator it2 = buildView[1].iterator();
        while (it2.hasNext()) {
            Object next2 = it2.next();
            Relationship relationship3 = (Relationship) hashtable2.get(next2.toString());
            if (relationship3 == null) {
                System.out.println("*** " + next2 + " --> NOT FOUND !!!");
            }
            vector2.addElement(relationship3);
        }
        Iterator it3 = buildView[2].iterator();
        while (it3.hasNext()) {
            Object next3 = it3.next();
            Relationship relationship4 = (Relationship) hashtable3.get(next3.toString());
            if (relationship4 == null) {
                System.out.println("*** " + next3 + " --> NOT FOUND !!!");
            }
            vector3.addElement(relationship4);
        }
        ViewImpl viewImpl = new ViewImpl(vector, vector2, vector3);
        Hashtable permissionList = this._pec.getPermissionList(StringToProlog(userID.userName()), buildView[0]);
        Enumeration keys = permissionList.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            VersionID versionID3 = (VersionID) hashtable.get(str);
            Enumeration elements = ((Vector) permissionList.get(str)).elements();
            while (elements.hasMoreElements()) {
                versionID3.getProperties().setProperty(String.valueOf("AC.") + PermissionToString(PrologToPermission(elements.nextElement().toString())), Boolean.toString(true));
            }
        }
        this._pec.abolish(this._pec.parse("user/1"));
        this._pec.abolish(this._pec.parse("group/1"));
        this._pec.abolish(this._pec.parse("belongsto/2"));
        this._pec.abolish(this._pec.parse("right/2"));
        this._pec.abolish(this._pec.parse("resource/2"));
        this._pec.abolish(this._pec.parse("permission/3"));
        this._pec.abolish(this._pec.parse("vrel/2"));
        this._pec.abolish(this._pec.parse("srel/3"));
        return viewImpl;
    }

    @Override // severe.security.Controller
    public void checkEvent(ResourceEvent resourceEvent) throws SecurityException {
        boolean z = false;
        SecurityException securityException = null;
        UserID userID = null;
        try {
            userID = this._sk.UIDbySID(resourceEvent.sid());
        } catch (InvalidSessionException e) {
            z = false;
        }
        PDP pdp = this._pdpList.get(userID);
        if (resourceEvent instanceof EventCreate) {
            z = true;
        } else if (resourceEvent instanceof EventRead) {
            z = pdp.holdPermission(resourceEvent.vid(), userID, Permission.read);
            if (!z && pdp.holdPermission(resourceEvent.vid(), userID, Permission.access)) {
                securityException = new SecurityException("[AccessControllerImpl] restricted resource => checkEvent failed for \"" + resourceEvent + "\"");
            }
        } else if (resourceEvent instanceof EventUpdate) {
            z = resourceEvent.vid() == null ? true : pdp.holdPermission(resourceEvent.vid(), userID, Permission.update);
        } else if (resourceEvent instanceof EventDelete) {
            z = pdp.holdPermission(resourceEvent.vid(), userID, Permission.delete);
        }
        System.out.println("[ AC - check for \"" + resourceEvent + "\" -> " + z + " ]");
        if (z) {
            return;
        }
        if (securityException == null) {
            throw new SecurityException("[AccessControllerImpl] checkEvent failed for \"" + resourceEvent + "\"");
        }
        throw securityException;
    }

    @Override // severe.security.Controller
    public void logEvent(ResourceEvent resourceEvent) {
        System.out.println("[ AC - log \"" + resourceEvent + "\" ]");
        try {
            this._sk.UIDbySID(resourceEvent.sid());
        } catch (InvalidSessionException e) {
        }
    }

    @Override // severe.security.Controller
    public void setBuildViewDebuggingOptions(short s) {
        this.buildViewDebugMode = s;
    }

    @Override // severe.security.Controller
    public void grantFullAccess(VersionID versionID, UserID userID) {
        PDP pdp = this._pdpList.get(userID);
        if (pdp instanceof ACLBasedPDP) {
            ((ACLBasedPDP) pdp).grantFullAccess(versionID, userID);
        }
    }

    @Override // severe.security.Controller
    public void loadLicense(UserID userID, License license) {
        PDP _createPDP = _createPDP(Config.getProperty("severe.security.accessControl.AccessControllerImpl.pdp.className", "severe.security.accessControl.ACLBasedPDP"));
        _createPDP.load(userID, license);
        this._pdpList.put(userID, _createPDP);
    }

    @Override // severe.security.Controller
    public void loadLicense(UserID userID, License license, String str) {
        PDP _createPDP = _createPDP(str);
        if (license != null) {
            _createPDP.load(userID, license);
        } else {
            Logger.print("foo license in \"" + str + "\" for user \"" + userID.userName() + "\" !!!");
        }
        this._pdpList.put(userID, _createPDP);
    }

    @Override // severe.security.Controller
    public void unloadLicense(UserID userID) {
        this._pdpList.remove(userID);
    }
}
