package org.xydra.store.impl.delegate;

import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.xydra.base.Base;
import org.xydra.base.BaseRuntime;
import org.xydra.base.XAddress;
import org.xydra.base.XId;
import org.xydra.base.XType;
import org.xydra.base.change.XCommand;
import org.xydra.base.change.XEvent;
import org.xydra.base.rmof.XReadableModel;
import org.xydra.base.rmof.XReadableObject;
import org.xydra.base.rmof.XWritableModel;
import org.xydra.base.rmof.XWritableObject;
import org.xydra.core.AccessException;
import org.xydra.log.api.Logger;
import org.xydra.log.api.LoggerFactory;
import org.xydra.persistence.GetEventsRequest;
import org.xydra.persistence.GetWithAddressRequest;
import org.xydra.persistence.ModelRevision;
import org.xydra.persistence.XydraPersistence;
import org.xydra.sharedutils.XyAssert;
import org.xydra.store.AuthorisationException;
import org.xydra.store.ConnectionException;
import org.xydra.store.InternalStoreException;
import org.xydra.store.QuotaException;
import org.xydra.store.RequestException;
import org.xydra.store.TimeoutException;
import org.xydra.store.XydraStoreAdmin;
import org.xydra.store.access.XAccessControlManager;

/* loaded from: input_file:org/xydra/store/impl/delegate/DelegateToPersistenceAndAcm.class */
public class DelegateToPersistenceAndAcm implements XydraBlockingStore, XydraStoreAdmin {
    private static final Logger log;
    private final XAccessControlManager acm;
    private final XydraPersistence persistence;
    private transient XId repoIdCached;
    static final /* synthetic */ boolean $assertionsDisabled;

    public DelegateToPersistenceAndAcm(XydraPersistence xydraPersistence, XAccessControlManager xAccessControlManager) {
        this.persistence = xydraPersistence;
        if (xAccessControlManager == null) {
            throw new IllegalArgumentException("Access Control Manager may not be null");
        }
        this.acm = xAccessControlManager;
    }

    private XId getRepoId() {
        if (this.repoIdCached == null) {
            this.repoIdCached = this.persistence.getRepositoryId();
        }
        return this.repoIdCached;
    }

    private void authorise(XId xId, String str) {
        if (!checkLogin(xId, str)) {
            throw new AuthorisationException("Could not authorise '" + xId + "'");
        }
    }

    @Override // org.xydra.store.impl.delegate.XydraBlockingStore
    public boolean checkLogin(XId xId, String str) throws IllegalArgumentException, QuotaException, TimeoutException, ConnectionException, RequestException, InternalStoreException {
        if (str == null) {
            return true;
        }
        XyAssert.xyAssert(xId != null);
        if (!$assertionsDisabled && xId == null) {
            throw new AssertionError();
        }
        boolean isAuthenticated = this.acm.isAuthenticated(xId, str);
        if (this.acm.getAuthenticationDatabase() == null) {
            return isAuthenticated;
        }
        if (this.acm.getAuthenticationDatabase().getFailedLoginAttempts(xId) > 10) {
        }
        if (isAuthenticated) {
            this.acm.getAuthenticationDatabase().resetFailedLoginAttempts(xId);
            return true;
        }
        if (this.acm.getAuthenticationDatabase().incrementFailedLoginAttempts(xId) <= 10) {
            return false;
        }
        try {
            Thread.sleep(1L);
        } catch (InterruptedException e) {
            log.warn("could not sleep while throttling potential hacker", e);
        }
        log.warn("SECURITY: Potential hacking attempt on account '" + xId + "'");
        throw new QuotaException("10 failed login attempts.");
    }

    private void checkRepoId(XAddress xAddress) {
        if (!getRepoId().equals(xAddress.getRepository())) {
            throw new IllegalArgumentException("wrong repository ID: was " + xAddress + " but expected " + getRepoId());
        }
    }

    @Override // org.xydra.store.XydraStoreAdmin
    public void clear() {
        this.persistence.clear();
    }

    @Override // org.xydra.store.impl.delegate.XydraBlockingStore
    public long executeCommand(XId xId, String str, XCommand xCommand) throws AccessException {
        XyAssert.xyAssert(xId != null);
        if (!$assertionsDisabled && xId == null) {
            throw new AssertionError();
        }
        authorise(xId, str);
        checkRepoId(xCommand.getChangedEntity());
        if (!$assertionsDisabled && xCommand.getChangedEntity().getAddressedType() == XType.XREPOSITORY) {
            throw new AssertionError("Nobody can add or remove a repository");
        }
        if (triviallyAllowed(str) || this.acm.getAuthorisationManager().canExecute(xId, xCommand)) {
            return this.persistence.executeCommand(xId, xCommand);
        }
        throw new AccessException(xId + " is not allowed to execute this command.");
    }

    @Override // org.xydra.store.XydraStoreAdmin
    public XAccessControlManager getAccessControlManager() {
        return this.acm;
    }

    @Override // org.xydra.store.impl.delegate.XydraBlockingStore
    public XEvent[] getEvents(XId xId, String str, GetEventsRequest getEventsRequest) {
        if (getEventsRequest == null) {
            throw new RequestException("getEventsRequest must not be null");
        }
        XyAssert.xyAssert(xId != null);
        if (!$assertionsDisabled && xId == null) {
            throw new AssertionError();
        }
        authorise(xId, str);
        XAddress xAddress = getEventsRequest.address;
        long j = getEventsRequest.beginRevision;
        long j2 = getEventsRequest.endRevision;
        checkRepoId(xAddress);
        if (j2 < j) {
            throw new RequestException("invalid revision range for getEvents: [" + j + "," + j2 + "]");
        }
        if (!triviallyAllowed(str) && !this.acm.getAuthorisationManager().canKnowAboutModel(xId, getRepositoryAddress(), xAddress.getModel())) {
            return new XEvent[0];
        }
        List<XEvent> events = this.persistence.getEvents(xAddress, j, j2);
        if (events == null) {
            return null;
        }
        if (!triviallyAllowed(str)) {
            XyAssert.xyAssert(this.acm.getAuthorisationManager() != null);
            if (!$assertionsDisabled && this.acm.getAuthorisationManager() == null) {
                throw new AssertionError();
            }
            Iterator<XEvent> it = events.iterator();
            while (it.hasNext()) {
                XEvent next = it.next();
                switch (next.getChangedEntity().getAddressedType()) {
                    case XMODEL:
                        if (!this.acm.getAuthorisationManager().canKnowAboutObject(xId, Base.resolveModel(next.getChangedEntity()), next.getChangedEntity().getObject())) {
                            it.remove();
                            break;
                        } else {
                            break;
                        }
                    case XOBJECT:
                    case XFIELD:
                        if (!this.acm.getAuthorisationManager().canKnowAboutField(xId, Base.resolveObject(next.getChangedEntity()), next.getChangedEntity().getField())) {
                            it.remove();
                            break;
                        } else {
                            break;
                        }
                }
            }
        }
        return (XEvent[]) events.toArray(new XEvent[events.size()]);
    }

    @Override // org.xydra.store.impl.delegate.XydraBlockingStore
    public Set<XId> getModelIds(XId xId, String str) {
        XyAssert.xyAssert(xId != null);
        if (!$assertionsDisabled && xId == null) {
            throw new AssertionError();
        }
        authorise(xId, str);
        HashSet hashSet = new HashSet();
        synchronized (this.persistence) {
            for (XId xId2 : this.persistence.getManagedModelIds()) {
                ModelRevision modelRevision = this.persistence.getModelRevision(new GetWithAddressRequest(Base.resolveModel(getRepoId(), xId2), false));
                if (triviallyAllowed(str) || this.acm.getAuthorisationManager().canKnowAboutModel(xId, getRepositoryAddress(), xId2)) {
                    if (modelRevision.modelExists()) {
                        hashSet.add(xId2);
                    }
                } else if (log.isTraceEnabled()) {
                    log.trace("actor '" + xId + "' not allowed to see model " + xId2);
                }
            }
        }
        return hashSet;
    }

    @Override // org.xydra.store.impl.delegate.XydraBlockingStore
    public ModelRevision getModelRevision(XId xId, String str, GetWithAddressRequest getWithAddressRequest) {
        XyAssert.xyAssert(xId != null);
        if (!$assertionsDisabled && xId == null) {
            throw new AssertionError();
        }
        XAddress xAddress = getWithAddressRequest.address;
        authorise(xId, str);
        if (xAddress.getAddressedType() != XType.XMODEL) {
            throw new RequestException("must use a model address to get a model revison, was " + xAddress);
        }
        checkRepoId(xAddress);
        return (triviallyAllowed(str) || this.acm.getAuthorisationManager().canRead(xId, xAddress)) ? this.persistence.getModelRevision(getWithAddressRequest) : new ModelRevision(-1L, false);
    }

    @Override // org.xydra.store.impl.delegate.XydraBlockingStore
    public XReadableModel getModelSnapshot(XId xId, String str, GetWithAddressRequest getWithAddressRequest) {
        XyAssert.xyAssert(xId != null);
        if (!$assertionsDisabled && xId == null) {
            throw new AssertionError();
        }
        authorise(xId, str);
        XAddress xAddress = getWithAddressRequest.address;
        if (xAddress.getAddressedType() != XType.XMODEL) {
            throw new RequestException("must use a model address to get a model snapshot, was " + xAddress);
        }
        checkRepoId(xAddress);
        if (!triviallyAllowed(str) && !this.acm.getAuthorisationManager().canRead(xId, xAddress)) {
            log.warn("Hiding model '" + xAddress.getModel() + "' from '" + xId + "' (authorised, but not allowed to read)");
            return null;
        }
        XWritableModel modelSnapshot = this.persistence.getModelSnapshot(getWithAddressRequest);
        if (!triviallyAllowed(str)) {
            LinkedList linkedList = new LinkedList();
            for (XId xId2 : modelSnapshot) {
                XAddress resolveObject = Base.resolveObject(xAddress, xId2);
                if (this.acm.getAuthorisationManager().canRead(xId, resolveObject)) {
                    LinkedList linkedList2 = new LinkedList();
                    XWritableObject object = modelSnapshot.getObject(xId2);
                    for (XId xId3 : object) {
                        if (!this.acm.getAuthorisationManager().canRead(xId, Base.resolveField(resolveObject, xId3))) {
                            linkedList2.add(xId3);
                        }
                    }
                    Iterator it = linkedList2.iterator();
                    while (it.hasNext()) {
                        object.removeField((XId) it.next());
                    }
                } else {
                    linkedList.add(xId2);
                }
            }
            Iterator it2 = linkedList.iterator();
            while (it2.hasNext()) {
                modelSnapshot.removeObject((XId) it2.next());
            }
        }
        return modelSnapshot;
    }

    @Override // org.xydra.store.impl.delegate.XydraBlockingStore
    public XReadableObject getObjectSnapshot(XId xId, String str, GetWithAddressRequest getWithAddressRequest) {
        XyAssert.xyAssert(xId != null);
        if (!$assertionsDisabled && xId == null) {
            throw new AssertionError();
        }
        authorise(xId, str);
        XAddress xAddress = getWithAddressRequest.address;
        if (xAddress.getAddressedType() != XType.XOBJECT) {
            throw new RequestException("must use an object address to get an object snapshot, was " + xAddress);
        }
        checkRepoId(xAddress);
        if (!triviallyAllowed(str) && !this.acm.getAuthorisationManager().canRead(xId, xAddress)) {
            return null;
        }
        XWritableObject objectSnapshot = this.persistence.getObjectSnapshot(getWithAddressRequest);
        if (str != null) {
            LinkedList linkedList = new LinkedList();
            for (XId xId2 : objectSnapshot) {
                if (!this.acm.getAuthorisationManager().canRead(xId, Base.resolveField(xAddress, xId2))) {
                    linkedList.add(xId2);
                }
            }
            Iterator it = linkedList.iterator();
            while (it.hasNext()) {
                objectSnapshot.removeField((XId) it.next());
            }
        }
        return objectSnapshot;
    }

    private XAddress getRepositoryAddress() {
        return BaseRuntime.getIDProvider().fromComponents(getRepoId(), null, null, null);
    }

    @Override // org.xydra.store.impl.delegate.XydraBlockingStore
    public XId getRepositoryId(XId xId, String str) {
        XyAssert.xyAssert(xId != null);
        if (!$assertionsDisabled && xId == null) {
            throw new AssertionError();
        }
        authorise(xId, str);
        return getRepoId();
    }

    @Override // org.xydra.store.impl.delegate.XydraBlockingStore
    public XydraStoreAdmin getXydraStoreAdmin() {
        return this;
    }

    private boolean triviallyAllowed(String str) {
        boolean z = str == null || this.acm.getAuthorisationManager() == null;
        if ($assertionsDisabled || z || this.acm.getAuthorisationManager() != null) {
            return z;
        }
        throw new AssertionError("If user is not trivially allowed, there must be an authorisationManager to check the non-trivial case");
    }

    @Override // org.xydra.store.XydraStoreAdmin
    public XId getRepositoryId() {
        return getRepoId();
    }

    static {
        $assertionsDisabled = !DelegateToPersistenceAndAcm.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger((Class<?>) DelegateToPersistenceAndAcm.class);
    }
}
