package org.mycore.access.mcrimpl;

import java.net.UnknownHostException;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Objects;
import java.util.stream.Stream;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.jdom2.Element;
import org.mycore.access.MCRAccessBaseImpl;
import org.mycore.access.MCRAccessInterface;
import org.mycore.common.MCRException;
import org.mycore.common.MCRSession;
import org.mycore.common.MCRSessionMgr;
import org.mycore.common.MCRSystemUserInformation;
import org.mycore.common.MCRUserInformation;
import org.mycore.common.config.MCRConfiguration2;

/* loaded from: input_file:org/mycore/access/mcrimpl/MCRAccessControlSystem.class */
public class MCRAccessControlSystem extends MCRAccessBaseImpl {
    public static final String SYSTEM_RULE_PREFIX = "SYSTEMRULE";
    public static final String POOL_PRIVILEGE_ID = "POOLPRIVILEGE";
    public static final String LEXICOGRAPHICAL_PATTERN = "0000000000";
    MCRAccessStore accessStore;
    MCRRuleStore ruleStore;
    MCRAccessRule dummyRule;
    boolean disabled;
    static Hashtable<String, String> ruleIDTable = new Hashtable<>();
    private static final Logger LOGGER = LogManager.getLogger(MCRAccessControlSystem.class);
    private static MCRAccessControlSystem singleton;
    private static HashMap<String, Integer> nextFreeRuleID;

    private MCRAccessControlSystem() {
        this.disabled = false;
        if (MCRConfiguration2.getString("MCR.Access.AccessPermissions").orElse("read,write,delete").trim().length() == 0) {
            this.disabled = true;
        }
        this.accessStore = MCRAccessStore.getInstance();
        this.ruleStore = MCRRuleStore.getInstance();
        nextFreeRuleID = new HashMap<>();
        this.dummyRule = new MCRAccessRule(null, null, null, null, "dummy rule, always true");
    }

    public static synchronized MCRAccessInterface instance() {
        if (singleton == null) {
            singleton = new MCRAccessControlSystem();
        }
        return singleton;
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public void createRule(String str, String str2, String str3) {
        this.ruleStore.createRule(new MCRAccessRule(getNextFreeRuleID(SYSTEM_RULE_PREFIX), str2, new Date(), str, str3));
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public void createRule(Element element, String str, String str2) {
        createRule(getNormalizedRuleString(element), str, str2);
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public void addRule(String str, String str2, Element element, String str3) throws MCRException {
        MCRRuleMapping autoGeneratedRuleMapping = getAutoGeneratedRuleMapping(element, "System", str2, str, str3);
        String ruleID = this.accessStore.getRuleID(str, str2);
        if (ruleID == null || ruleID.equals("")) {
            this.accessStore.createAccessDefinition(autoGeneratedRuleMapping);
        } else {
            this.accessStore.updateAccessDefinition(autoGeneratedRuleMapping);
        }
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public void addRule(String str, Element element, String str2) {
        addRule(POOL_PRIVILEGE_ID, str, element, str2);
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public void removeRule(String str, String str2) throws MCRException {
        this.accessStore.deleteAccessDefinition(this.accessStore.getAccessDefinition(str2, str));
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public void removeRule(String str) throws MCRException {
        removeRule(POOL_PRIVILEGE_ID, str);
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public void removeAllRules(String str) throws MCRException {
        Iterator<String> it = this.accessStore.getPoolsForObject(str).iterator();
        while (it.hasNext()) {
            removeRule(str, it.next());
        }
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public void updateRule(String str, String str2, Element element, String str3) throws MCRException {
        MCRRuleMapping autoGeneratedRuleMapping = getAutoGeneratedRuleMapping(element, "System", str2, str, str3);
        String ruleID = this.accessStore.getRuleID(str, str2);
        if (ruleID != null && !ruleID.equals("")) {
            this.accessStore.updateAccessDefinition(autoGeneratedRuleMapping);
        } else {
            LOGGER.debug("updateRule called for id <{}> and pool <{}>, but no rule is existing, so new rule was created", str, str2);
            this.accessStore.createAccessDefinition(autoGeneratedRuleMapping);
        }
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public void updateRule(String str, Element element, String str2) throws MCRException {
        updateRule(POOL_PRIVILEGE_ID, str, element, str2);
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    @Deprecated
    public boolean checkPermission(String str, String str2, String str3) {
        return checkAccess(str, str2, str3, (MCRIPAddress) null);
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public boolean checkPermission(String str, String str2, MCRUserInformation mCRUserInformation) {
        return checkAccess(str, str2, mCRUserInformation, (MCRIPAddress) null);
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public boolean checkPermission(String str) {
        LOGGER.debug("Execute MCRAccessControlSystem checkPermission for permission {}", str);
        boolean checkPermission = checkPermission(POOL_PRIVILEGE_ID, str);
        LOGGER.debug("Execute MCRAccessControlSystem checkPermission result: {}", String.valueOf(checkPermission));
        return checkPermission;
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    @Deprecated
    public boolean checkPermissionForUser(String str, String str2) {
        return checkAccess(POOL_PRIVILEGE_ID, str, str2, (MCRIPAddress) null);
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public boolean checkPermissionForUser(String str, MCRUserInformation mCRUserInformation) {
        return checkAccess(POOL_PRIVILEGE_ID, str, mCRUserInformation, (MCRIPAddress) null);
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public boolean checkPermission(Element element) {
        MCRSession currentSession = MCRSessionMgr.getCurrentSession();
        try {
            return new MCRAccessRule(null, "System", new Date(), getNormalizedRuleString(element), "").checkAccess(currentSession.getUserInformation(), new Date(), new MCRIPAddress(currentSession.getCurrentIP()));
        } catch (UnknownHostException | MCRException e) {
            LOGGER.debug("Error while checking rule.", e);
            return false;
        }
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public Element getRule(String str, String str2) {
        Element xml = new MCRRuleParser().parse(getAccessRule(str, str2).rule).toXML();
        Element element = new Element("condition");
        element.setAttribute("format", "xml");
        if (xml != null) {
            element.addContent(xml);
        }
        return element;
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public Element getRule(String str) {
        return getRule(POOL_PRIVILEGE_ID, str);
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public String getRuleDescription(String str) {
        return getRuleDescription(POOL_PRIVILEGE_ID, str);
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public String getRuleDescription(String str, String str2) {
        MCRAccessRule accessRule = getAccessRule(str, str2);
        return (accessRule == null || accessRule.getDescription() == null) ? "" : accessRule.getDescription();
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public Collection<String> getPermissionsForID(String str) {
        return this.accessStore.getPoolsForObject(str);
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public Collection<String> getPermissions() {
        return this.accessStore.getPoolsForObject(POOL_PRIVILEGE_ID);
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public boolean hasRule(String str, String str2) {
        return this.accessStore.existsRule(str, str2);
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public boolean hasRule(String str) {
        return hasRule(str, null);
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public Collection<String> getAllControlledIDs() {
        return this.accessStore.getDistinctStringIDs();
    }

    public boolean isDisabled() {
        return this.disabled;
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public MCRAccessRule getAccessRule(String str, String str2) {
        if (this.disabled) {
            return this.dummyRule;
        }
        LOGGER.debug("accessStore.getRuleID()");
        String ruleID = this.accessStore.getRuleID(str, str2);
        if (ruleID == null) {
            LOGGER.debug("accessStore.getRuleID() done with null");
            return null;
        }
        LOGGER.debug("accessStore.getRuleID() done with {}", ruleID);
        return this.ruleStore.getRule(ruleID);
    }

    @Deprecated
    public boolean checkAccess(String str, String str2, String str3, MCRIPAddress mCRIPAddress) {
        Date date = new Date();
        LOGGER.debug("getAccess()");
        MCRAccessRule accessRule = getAccessRule(str, str2);
        LOGGER.debug("getAccess() is done");
        return accessRule == null ? str3.equals(MCRSystemUserInformation.getSuperUserInstance().getUserID()) : accessRule.checkAccess(str3, date, mCRIPAddress);
    }

    public boolean checkAccess(String str, String str2, MCRUserInformation mCRUserInformation, MCRIPAddress mCRIPAddress) {
        Date date = new Date();
        LOGGER.debug("getAccess()");
        MCRAccessRule accessRule = getAccessRule(str, str2);
        LOGGER.debug("getAccess() is done");
        return accessRule == null ? mCRUserInformation.getUserID().equals(MCRSystemUserInformation.getSuperUserInstance().getUserID()) : accessRule.checkAccess(mCRUserInformation, date, mCRIPAddress);
    }

    public synchronized String getNextFreeRuleID(String str) {
        int intValue = nextFreeRuleID.containsKey(str) ? nextFreeRuleID.get(str).intValue() : this.ruleStore.getNextFreeRuleID(str);
        String str2 = "0000000000" + intValue;
        String substring = str2.substring(str2.length() - LEXICOGRAPHICAL_PATTERN.length());
        nextFreeRuleID.put(str, Integer.valueOf(intValue + 1));
        return str + substring;
    }

    @Override // org.mycore.access.MCRAccessBaseImpl, org.mycore.access.MCRAccessInterface
    public String getNormalizedRuleString(Element element) {
        if (element.getChildren() == null || element.getChildren().size() == 0) {
            return "false";
        }
        return new MCRRuleParser().parse(normalize((Element) element.getChildren().get(0))).toString();
    }

    public MCRRuleMapping getAutoGeneratedRuleMapping(Element element, String str, String str2, String str3, String str4) {
        String normalizedRuleString = getNormalizedRuleString(element);
        String str5 = ruleIDTable.get(normalizedRuleString);
        if (str5 == null || str5.length() == 0) {
            Collection<String> retrieveRuleIDs = this.ruleStore.retrieveRuleIDs(normalizedRuleString, str4);
            if (retrieveRuleIDs == null || retrieveRuleIDs.size() <= 0) {
                str5 = getNextFreeRuleID(SYSTEM_RULE_PREFIX);
                this.ruleStore.createRule(new MCRAccessRule(str5, str, new Date(), normalizedRuleString, str4));
            } else {
                str5 = retrieveRuleIDs.iterator().next();
            }
            ruleIDTable.put(normalizedRuleString, str5);
        }
        MCRRuleMapping mCRRuleMapping = new MCRRuleMapping();
        mCRRuleMapping.setCreator(str);
        mCRRuleMapping.setCreationdate(new Date());
        mCRRuleMapping.setPool(str2);
        mCRRuleMapping.setRuleId(str5);
        mCRRuleMapping.setObjId(str3);
        return mCRRuleMapping;
    }

    public Element normalize(Element element) {
        Element element2 = new Element(element.getName());
        Stream map = element.getAttributes().stream().map((v0) -> {
            return v0.clone();
        });
        Objects.requireNonNull(element2);
        map.forEach(element2::setAttribute);
        Stream sorted = element.getChildren().stream().map((v0) -> {
            return v0.clone();
        }).map(this::normalize).sorted(MCRAccessControlSystem::compareAccessConditions);
        Objects.requireNonNull(element2);
        sorted.forEachOrdered((v1) -> {
            r1.addContent(v1);
        });
        return element2;
    }

    private static int compareAccessConditions(Element element, Element element2) {
        String name = element.getName();
        int compareTo = name.compareTo(element2.getName());
        if (compareTo != 0) {
            return compareTo;
        }
        if (name.equals("boolean")) {
            return element.getAttributeValue("operator").compareToIgnoreCase(element.getAttributeValue("operator"));
        }
        if (!name.equals("condition")) {
            return 0;
        }
        int compareToIgnoreCase = element.getAttributeValue("field").compareToIgnoreCase(element2.getAttributeValue("field"));
        return compareToIgnoreCase != 0 ? compareToIgnoreCase : element.getAttributeValue("value").compareTo(element2.getAttributeValue("value"));
    }
}
