package org.structr.common;

import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.structr.common.error.FrameworkException;
import org.structr.core.GraphObject;
import org.structr.core.auth.Authenticator;
import org.structr.core.entity.AbstractNode;
import org.structr.core.entity.Principal;
import org.structr.core.entity.SuperUser;
import org.structr.core.graph.NodeInterface;
import org.structr.schema.SchemaHelper;

/* loaded from: input_file:org/structr/common/SecurityContext.class */
public class SecurityContext {
    private static final Logger logger = Logger.getLogger(SecurityContext.class.getName());
    private static final Map<String, Long> resourceFlags = new LinkedHashMap();
    private static final Pattern customViewPattern = Pattern.compile(".*properties=([a-zA-Z_,]+)");
    private Map<Long, NodeInterface> cache;
    private AccessMode accessMode;
    private Map<String, Object> attrs;
    private Authenticator authenticator;
    private Principal cachedUser;
    private HttpServletRequest request;
    private Set<String> customView;

    /* loaded from: input_file:org/structr/common/SecurityContext$SuperUserSecurityContext.class */
    private static class SuperUserSecurityContext extends SecurityContext {
        public SuperUserSecurityContext(HttpServletRequest httpServletRequest) {
            super(httpServletRequest);
        }

        public SuperUserSecurityContext() {
            super();
        }

        @Override // org.structr.common.SecurityContext
        public HttpSession getSession() {
            throw new IllegalStateException("Trying to access session in SuperUserSecurityContext!");
        }

        @Override // org.structr.common.SecurityContext
        public Principal getUser(boolean z) {
            return new SuperUser();
        }

        @Override // org.structr.common.SecurityContext
        public AccessMode getAccessMode() {
            return AccessMode.Backend;
        }

        @Override // org.structr.common.SecurityContext
        public boolean isReadable(NodeInterface nodeInterface, boolean z, boolean z2) {
            return true;
        }

        @Override // org.structr.common.SecurityContext
        public boolean isAllowed(AccessControllable accessControllable, Permission permission) {
            return true;
        }

        @Override // org.structr.common.SecurityContext
        public boolean isVisible(AccessControllable accessControllable) {
            return true;
        }

        @Override // org.structr.common.SecurityContext
        public boolean isSuperUser() {
            return true;
        }
    }

    private SecurityContext() {
        this.cache = new ConcurrentHashMap();
        this.accessMode = AccessMode.Frontend;
        this.attrs = Collections.synchronizedMap(new LinkedHashMap());
        this.authenticator = null;
        this.cachedUser = null;
        this.request = null;
        this.customView = null;
    }

    private SecurityContext(Principal principal, AccessMode accessMode) {
        this.cache = new ConcurrentHashMap();
        this.accessMode = AccessMode.Frontend;
        this.attrs = Collections.synchronizedMap(new LinkedHashMap());
        this.authenticator = null;
        this.cachedUser = null;
        this.request = null;
        this.customView = null;
        this.cachedUser = principal;
        this.accessMode = accessMode;
    }

    private SecurityContext(Principal principal, HttpServletRequest httpServletRequest, AccessMode accessMode) {
        this.cache = new ConcurrentHashMap();
        this.accessMode = AccessMode.Frontend;
        this.attrs = Collections.synchronizedMap(new LinkedHashMap());
        this.authenticator = null;
        this.cachedUser = null;
        this.request = null;
        this.customView = null;
        this.cachedUser = principal;
        this.accessMode = accessMode;
        this.request = httpServletRequest;
        initRequestBasedCache(httpServletRequest);
        initializeCustomView(httpServletRequest);
    }

    private SecurityContext(HttpServletRequest httpServletRequest) {
        this.cache = new ConcurrentHashMap();
        this.accessMode = AccessMode.Frontend;
        this.attrs = Collections.synchronizedMap(new LinkedHashMap());
        this.authenticator = null;
        this.cachedUser = null;
        this.request = null;
        this.customView = null;
        this.request = httpServletRequest;
        initRequestBasedCache(httpServletRequest);
        initializeCustomView(httpServletRequest);
    }

    private void initRequestBasedCache(HttpServletRequest httpServletRequest) {
        if (httpServletRequest != null && httpServletRequest.getServletContext() != null) {
            this.cache = (Map) httpServletRequest.getServletContext().getAttribute("NODE_CACHE");
        }
        if (this.cache == null) {
            this.cache = new ConcurrentHashMap();
            if (httpServletRequest == null || httpServletRequest.getServletContext() == null) {
                return;
            }
            httpServletRequest.getServletContext().setAttribute("NODE_CACHE", this.cache);
        }
    }

    private void initializeCustomView(HttpServletRequest httpServletRequest) {
        if (httpServletRequest != null) {
            try {
                String header = httpServletRequest.getHeader("Accept");
                if (header != null && header.startsWith("application/json;")) {
                    Matcher matcher = customViewPattern.matcher(header);
                    if (matcher.matches()) {
                        this.customView = new LinkedHashSet();
                        for (String str : matcher.group(1).split("[,]+")) {
                            String trim = str.trim();
                            if (trim.length() > 0) {
                                this.customView.add(trim);
                            }
                        }
                    }
                }
            } catch (Throwable th) {
            }
        }
    }

    public void cleanUp() {
        if (this.cache != null) {
            this.cache.clear();
        }
    }

    public NodeInterface lookup(long j) {
        return this.cache.get(Long.valueOf(j));
    }

    public void store(long j, NodeInterface nodeInterface) {
        if (nodeInterface.getNode() != null) {
            this.cache.put(Long.valueOf(j), nodeInterface);
        }
    }

    public static void clearResourceFlag(String str, long j) {
        String normalizeEntityName = SchemaHelper.normalizeEntityName(str);
        Long l = resourceFlags.get(normalizeEntityName);
        long j2 = 0;
        if (l != null) {
            j2 = l.longValue();
        }
        resourceFlags.put(normalizeEntityName, Long.valueOf(j2 & (j ^ (-1))));
    }

    public void removeForbiddenNodes(List<? extends GraphObject> list, boolean z, boolean z2) {
        Iterator<? extends GraphObject> it = list.iterator();
        while (it.hasNext()) {
            GraphObject next = it.next();
            if (next instanceof AbstractNode) {
                AbstractNode abstractNode = (AbstractNode) next;
                if (!isAllowed(abstractNode, Permission.read) || ((!z && abstractNode.isDeleted()) || (!abstractNode.isVisibleToPublicUsers() && z2))) {
                    it.remove();
                }
            }
        }
    }

    public static SecurityContext getSuperUserInstance(HttpServletRequest httpServletRequest) {
        return new SuperUserSecurityContext(httpServletRequest);
    }

    public static SecurityContext getSuperUserInstance() {
        return new SuperUserSecurityContext();
    }

    public static SecurityContext getInstance(Principal principal, AccessMode accessMode) throws FrameworkException {
        return new SecurityContext(principal, accessMode);
    }

    public static SecurityContext getInstance(Principal principal, HttpServletRequest httpServletRequest, AccessMode accessMode) throws FrameworkException {
        return new SecurityContext(principal, httpServletRequest, accessMode);
    }

    public HttpSession getSession() {
        return this.request.getSession();
    }

    public HttpServletRequest getRequest() {
        return this.request;
    }

    public Principal getUser(boolean z) {
        if (this.cachedUser != null) {
            return this.cachedUser;
        }
        if (this.authenticator == null || this.authenticator.hasExaminedRequest()) {
            return null;
        }
        try {
            this.cachedUser = this.authenticator.getUser(this.request, z);
        } catch (Throwable th) {
            logger.log(Level.WARNING, "No user found");
        }
        return this.cachedUser;
    }

    public AccessMode getAccessMode() {
        return this.accessMode;
    }

    public StringBuilder getBaseURI() {
        StringBuilder sb = new StringBuilder(200);
        sb.append(this.request.getScheme());
        sb.append("://");
        sb.append(this.request.getServerName());
        sb.append(":");
        sb.append(this.request.getServerPort());
        sb.append(this.request.getContextPath());
        sb.append(this.request.getServletPath());
        sb.append(PathHelper.PATH_SEP);
        return sb;
    }

    public Object getAttribute(String str) {
        return this.attrs.get(str);
    }

    public static long getResourceFlags(String str) {
        Long l = resourceFlags.get(SchemaHelper.normalizeEntityName(str));
        long j = 0;
        if (l != null) {
            j = l.longValue();
        } else {
            logger.log(Level.FINE, "No resource flag set for {0}", str);
        }
        return j;
    }

    public static boolean hasFlag(String str, long j) {
        return (getResourceFlags(str) & j) == j;
    }

    public boolean isSuperUser() {
        Principal user = getUser(false);
        return user != null && ((user instanceof SuperUser) || ((Boolean) user.getProperty(Principal.isAdmin)).booleanValue());
    }

    public boolean isAllowed(AccessControllable accessControllable, Permission permission) {
        if (accessControllable == null) {
            return false;
        }
        if (isSuperUser()) {
            return true;
        }
        Principal user = getUser(false);
        if (user == null) {
            return false;
        }
        Principal ownerNode = accessControllable.getOwnerNode();
        if (user.equals(accessControllable) || user.equals(ownerNode) || user.getParents().contains(ownerNode)) {
            return true;
        }
        return accessControllable.isGranted(permission, user);
    }

    public boolean isVisible(AccessControllable accessControllable) {
        switch (this.accessMode) {
            case Backend:
                return isVisibleInBackend(accessControllable);
            case Frontend:
                return isVisibleInFrontend(accessControllable);
            default:
                return false;
        }
    }

    public boolean isReadable(NodeInterface nodeInterface, boolean z, boolean z2) {
        if ((nodeInterface.isDeleted() || nodeInterface.isHidden()) && !z) {
            return false;
        }
        if (nodeInterface.isVisibleToPublicUsers()) {
            return true;
        }
        if (z2) {
            return false;
        }
        if (!nodeInterface.isVisibleToAuthenticatedUsers() || getUser(false) == null) {
            return isAllowed(nodeInterface, Permission.read);
        }
        return true;
    }

    private boolean isVisibleInBackend(AccessControllable accessControllable) {
        Principal user;
        if (isVisibleInFrontend(accessControllable)) {
            return true;
        }
        if (accessControllable == null || (user = getUser(false)) == null) {
            return false;
        }
        if (user instanceof SuperUser) {
            return true;
        }
        return isAllowed(accessControllable, Permission.read);
    }

    private boolean isVisibleInFrontend(AccessControllable accessControllable) {
        if (accessControllable == null || accessControllable.isHidden()) {
            return false;
        }
        Principal user = getUser(false);
        if (user != null) {
            Principal ownerNode = accessControllable.getOwnerNode();
            if (user.equals(accessControllable) || user.equals(ownerNode) || user.getParents().contains(ownerNode)) {
                return true;
            }
        }
        if (accessControllable.isVisibleToPublicUsers() && user == null) {
            return true;
        }
        if (!accessControllable.isVisibleToAuthenticatedUsers() || user == null) {
            return isAllowed(accessControllable, Permission.read);
        }
        return true;
    }

    public void setRequest(HttpServletRequest httpServletRequest) {
        this.request = httpServletRequest;
    }

    public static void setResourceFlag(String str, long j) {
        String normalizeEntityName = SchemaHelper.normalizeEntityName(str);
        Long l = resourceFlags.get(normalizeEntityName);
        long j2 = 0;
        if (l != null) {
            j2 = l.longValue();
        }
        resourceFlags.put(normalizeEntityName, Long.valueOf(j2 | j));
    }

    public void setAttribute(String str, Object obj) {
        this.attrs.put(str, obj);
    }

    public void setAccessMode(AccessMode accessMode) {
        this.accessMode = accessMode;
    }

    public Authenticator getAuthenticator() {
        return this.authenticator;
    }

    public void setAuthenticator(Authenticator authenticator) {
        this.authenticator = authenticator;
    }

    public boolean hasCustomView() {
        return (this.customView == null || this.customView.isEmpty()) ? false : true;
    }

    public Set<String> getCustomView() {
        return this.customView;
    }
}
