package org.eclipse.emf.cdo.server.internal.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Consumer;
import org.eclipse.emf.cdo.common.branch.CDOBranchPoint;
import org.eclipse.emf.cdo.common.commit.CDOCommitInfo;
import org.eclipse.emf.cdo.common.id.CDOID;
import org.eclipse.emf.cdo.common.model.CDOModelUtil;
import org.eclipse.emf.cdo.common.model.CDOPackageUnit;
import org.eclipse.emf.cdo.common.revision.CDORevision;
import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
import org.eclipse.emf.cdo.common.revision.CDORevisionUtil;
import org.eclipse.emf.cdo.common.revision.delta.CDORevisionDelta;
import org.eclipse.emf.cdo.common.security.CDOPermission;
import org.eclipse.emf.cdo.eresource.EresourcePackage;
import org.eclipse.emf.cdo.internal.security.PermissionUtil;
import org.eclipse.emf.cdo.internal.security.ViewCreator;
import org.eclipse.emf.cdo.net4j.CDONet4jSession;
import org.eclipse.emf.cdo.net4j.CDONet4jSessionConfiguration;
import org.eclipse.emf.cdo.net4j.CDONet4jUtil;
import org.eclipse.emf.cdo.security.Access;
import org.eclipse.emf.cdo.security.Directory;
import org.eclipse.emf.cdo.security.Group;
import org.eclipse.emf.cdo.security.PatternStyle;
import org.eclipse.emf.cdo.security.Permission;
import org.eclipse.emf.cdo.security.PermissionFilter;
import org.eclipse.emf.cdo.security.Realm;
import org.eclipse.emf.cdo.security.Role;
import org.eclipse.emf.cdo.security.SecurityFactory;
import org.eclipse.emf.cdo.security.SecurityPackage;
import org.eclipse.emf.cdo.security.User;
import org.eclipse.emf.cdo.security.UserPassword;
import org.eclipse.emf.cdo.security.impl.PermissionImpl;
import org.eclipse.emf.cdo.server.CDOServerUtil;
import org.eclipse.emf.cdo.server.IPermissionManager;
import org.eclipse.emf.cdo.server.IRepository;
import org.eclipse.emf.cdo.server.ISession;
import org.eclipse.emf.cdo.server.IStoreAccessor;
import org.eclipse.emf.cdo.server.ITransaction;
import org.eclipse.emf.cdo.server.StoreThreadLocal;
import org.eclipse.emf.cdo.server.internal.security.bundle.OM;
import org.eclipse.emf.cdo.server.security.ISecurityManager;
import org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager;
import org.eclipse.emf.cdo.spi.common.model.InternalCDOPackageRegistry;
import org.eclipse.emf.cdo.spi.common.model.InternalCDOPackageUnit;
import org.eclipse.emf.cdo.spi.common.revision.InternalCDORevisionDelta;
import org.eclipse.emf.cdo.spi.common.revision.ManagedRevisionProvider;
import org.eclipse.emf.cdo.spi.server.InternalCommitContext;
import org.eclipse.emf.cdo.spi.server.InternalRepository;
import org.eclipse.emf.cdo.spi.server.InternalSessionManager;
import org.eclipse.emf.cdo.spi.server.ObjectWriteAccessHandler;
import org.eclipse.emf.cdo.transaction.CDOTransaction;
import org.eclipse.emf.cdo.util.CommitException;
import org.eclipse.emf.cdo.view.CDOView;
import org.eclipse.emf.cdo.view.CDOViewInvalidationEvent;
import org.eclipse.emf.common.util.BasicDiagnostic;
import org.eclipse.emf.common.util.Diagnostic;
import org.eclipse.emf.common.util.DiagnosticChain;
import org.eclipse.emf.common.util.EList;
import org.eclipse.emf.ecore.EObject;
import org.eclipse.emf.ecore.EValidator;
import org.eclipse.emf.spi.cdo.InternalCDOSessionInvalidationEvent;
import org.eclipse.net4j.Net4jUtil;
import org.eclipse.net4j.acceptor.IAcceptor;
import org.eclipse.net4j.connector.IConnector;
import org.eclipse.net4j.util.ArrayUtil;
import org.eclipse.net4j.util.RunnableWithException;
import org.eclipse.net4j.util.StringUtil;
import org.eclipse.net4j.util.WrappedException;
import org.eclipse.net4j.util.collection.HashBag;
import org.eclipse.net4j.util.concurrent.TimeoutRuntimeException;
import org.eclipse.net4j.util.container.ContainerEventAdapter;
import org.eclipse.net4j.util.container.IContainer;
import org.eclipse.net4j.util.container.IManagedContainer;
import org.eclipse.net4j.util.event.IEvent;
import org.eclipse.net4j.util.event.IListener;
import org.eclipse.net4j.util.lifecycle.ILifecycle;
import org.eclipse.net4j.util.lifecycle.Lifecycle;
import org.eclipse.net4j.util.lifecycle.LifecycleEventAdapter;
import org.eclipse.net4j.util.lifecycle.LifecycleUtil;
import org.eclipse.net4j.util.om.OMPlatform;
import org.eclipse.net4j.util.om.monitor.Monitor;
import org.eclipse.net4j.util.om.monitor.OMMonitor;
import org.eclipse.net4j.util.security.IAuthenticator;
import org.eclipse.net4j.util.security.IAuthenticator2;
import org.eclipse.net4j.util.security.IPasswordCredentials;
import org.eclipse.net4j.util.security.SecurityUtil;

/* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/SecurityManager.class */
public class SecurityManager extends Lifecycle implements InternalSecurityManager {
    private static final Map<IRepository, InternalSecurityManager> SECURITY_MANAGERS = Collections.synchronizedMap(new HashMap());
    private static final long REALM_UPDATE_TIMEOUT = OMPlatform.INSTANCE.getProperty("org.eclipse.emf.cdo.server.security.REALM_UPDATE_TIMEOUT", 8000);
    private static final boolean DISABLE_DETACH_CHECKS = OMPlatform.INSTANCE.isProperty("org.eclipse.emf.cdo.server.security.DISABLE_DETACH_CHECKS");
    private static final boolean ALLOW_EMPTY_PASSWORDS = OMPlatform.INSTANCE.isProperty("org.eclipse.emf.cdo.server.security.ALLOW_EMPTY_PASSWORDS");
    private static final Consumer<String> EMPTY_PASSWORD_PREVENTER = str -> {
        if (StringUtil.isEmpty(str)) {
            throw new SecurityException("Password is empty");
        }
    };
    private static final SecurityFactory SF = SecurityFactory.eINSTANCE;
    private final String realmPath;
    private final IManagedContainer container;
    private Consumer<String> passwordValidator;
    private InternalRepository repository;
    private IAcceptor acceptor;
    private IConnector connector;
    private CDONet4jSession realmSession;
    private CDOView realmView;
    private Realm realm;
    private CDOID realmID;
    private volatile Long lastRealmModification;
    private Object lastRealmModificationLock;
    private static volatile /* synthetic */ int[] $SWITCH_TABLE$org$eclipse$emf$cdo$security$Access;
    private final IListener repositoryListener = new LifecycleEventAdapter() { // from class: org.eclipse.emf.cdo.server.internal.security.SecurityManager.1
        protected void onActivated(ILifecycle iLifecycle) {
            SecurityManager.this.init();
        }

        protected void onDeactivated(ILifecycle iLifecycle) {
            SecurityManager.this.unregister(SecurityManager.this.repository);
            SecurityManager.this.deactivate();
        }
    };
    private final IListener sessionManagerListener = new ContainerEventAdapter<ISession>() { // from class: org.eclipse.emf.cdo.server.internal.security.SecurityManager.2
        protected void onAdded(IContainer<ISession> iContainer, ISession iSession) {
            SecurityManager.this.sessionAdded(iSession);
        }

        protected void onRemoved(IContainer<ISession> iContainer, ISession iSession) {
            SecurityManager.this.sessionRemoved(iSession);
        }

        protected /* bridge */ /* synthetic */ void onAdded(IContainer iContainer, Object obj) {
            onAdded((IContainer<ISession>) iContainer, (ISession) obj);
        }

        protected /* bridge */ /* synthetic */ void onRemoved(IContainer iContainer, Object obj) {
            onRemoved((IContainer<ISession>) iContainer, (ISession) obj);
        }
    };
    private final IListener realmInvalidationListener = new IListener() { // from class: org.eclipse.emf.cdo.server.internal.security.SecurityManager.3
        private boolean clearUserInfos;

        public void notifyEvent(IEvent iEvent) {
            if (iEvent instanceof InternalCDOSessionInvalidationEvent) {
                if (((InternalCDOSessionInvalidationEvent) iEvent).getSecurityImpact() == 2) {
                    this.clearUserInfos = true;
                }
            } else if ((iEvent instanceof CDOViewInvalidationEvent) && this.clearUserInfos) {
                SecurityManager.this.clearUserInfos(true);
                this.clearUserInfos = false;
            }
        }
    };
    private final IAuthenticator authenticator = new Authenticator();
    private final IPermissionManager permissionManager = new PermissionManager();
    private final IRepository.WriteAccessHandler writeAccessHandler = new WriteAccessHandler();
    private final ConcurrentMap<InternalRepository, SecondaryRepository> secondaryRepositories = new ConcurrentHashMap();
    private final ConcurrentMap<String, UserInfo> userInfos = new ConcurrentHashMap();
    private final HashBag<PermissionImpl> permissionBag = new HashBag<>();
    private final Object commitHandlerLock = new Object();
    private InternalSecurityManager.CommitHandler[] commitHandlers = new InternalSecurityManager.CommitHandler[0];
    private InternalSecurityManager.CommitHandler2[] commitHandlers2 = new InternalSecurityManager.CommitHandler2[0];
    private PermissionImpl[] permissionArray = new PermissionImpl[0];

    /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/SecurityManager$Authenticator.class */
    private final class Authenticator implements IAuthenticator2 {
        public Authenticator() {
        }

        public void authenticate(String str, char[] cArr) throws SecurityException {
            User user = SecurityManager.this.getUser(str);
            if (!user.isLocked()) {
                UserPassword password = user.getPassword();
                if (Arrays.equals(cArr, SecurityUtil.toCharArray(password == null ? null : password.getEncrypted()))) {
                    return;
                }
            }
            throw new SecurityException("Access denied");
        }

        public void updatePassword(String str, char[] cArr, char[] cArr2) {
            authenticate(str, cArr);
            SecurityManager.this.setPassword(str, SecurityUtil.toString(cArr2));
        }

        public void resetPassword(String str, char[] cArr, String str2, char[] cArr2) {
            authenticate(str, cArr);
            if (!SecurityManager.this.isAdministrator(SecurityManager.this.getUser(str))) {
                throw new SecurityException("Password reset requires administrator privilege");
            }
            SecurityManager.this.setPassword(str2, SecurityUtil.toString(cArr2));
        }

        public boolean isAdministrator(String str) {
            User user;
            Realm realm = SecurityManager.this.getRealm();
            return (realm == null || (user = realm.getUser(str)) == null || !SecurityManager.this.isAdministrator(user)) ? false : true;
        }
    }

    /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/SecurityManager$PermissionManager.class */
    private final class PermissionManager implements IPermissionManager {
        public PermissionManager() {
        }

        @Deprecated
        public CDOPermission getPermission(CDORevision cDORevision, CDOBranchPoint cDOBranchPoint, String str) {
            throw new UnsupportedOperationException();
        }

        public CDOPermission getPermission(CDORevision cDORevision, final CDOBranchPoint cDOBranchPoint, final ISession iSession) {
            if (ISecurityManager.SYSTEM_USER_ID.equals(iSession.getUserID())) {
                return CDOPermission.WRITE;
            }
            if (cDORevision.getEClass() == SecurityPackage.Literals.USER_PASSWORD) {
                return CDOPermission.NONE;
            }
            CDORevisionProvider managedRevisionProvider = new ManagedRevisionProvider(SecurityManager.this.repository.getRevisionManager(), cDOBranchPoint);
            PermissionUtil.initViewCreation(new ViewCreator() { // from class: org.eclipse.emf.cdo.server.internal.security.SecurityManager.PermissionManager.1
                public CDOView createView(CDORevisionProvider cDORevisionProvider) {
                    CDOView openView = CDOServerUtil.openView(iSession, cDOBranchPoint, cDORevisionProvider);
                    openView.getSession().options().setGeneratedPackageEmulationEnabled(true);
                    return openView;
                }
            });
            try {
                CDOPermission authorize = SecurityManager.this.authorize(cDORevision, managedRevisionProvider, cDOBranchPoint, iSession, null, null);
                PermissionUtil.doneViewCreation();
                return authorize;
            } catch (Throwable th) {
                PermissionUtil.doneViewCreation();
                throw th;
            }
        }

        public boolean hasAnyRule(ISession iSession, Set<? extends Object> set) {
            if (ISecurityManager.SYSTEM_USER_ID.equals(iSession.getUserID())) {
                return false;
            }
            for (Permission permission : SecurityManager.this.getUserInfo(iSession).getPermissions()) {
                if (set.contains(permission)) {
                    return true;
                }
            }
            return false;
        }
    }

    /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/SecurityManager$RealmValidationHandler.class */
    private final class RealmValidationHandler extends ObjectWriteAccessHandler {
        private final EValidator realmValidator = EValidator.Registry.INSTANCE.getEValidator(SecurityPackage.eINSTANCE);

        public RealmValidationHandler() {
        }

        protected void handleTransactionBeforeCommitting(OMMonitor oMMonitor) throws RuntimeException {
            BasicDiagnostic basicDiagnostic = new BasicDiagnostic();
            Map<Object, Object> createValidationContext = createValidationContext();
            boolean z = false;
            for (EObject eObject : getDirtyObjects()) {
                if (eObject.eClass().getEPackage() == SecurityPackage.eINSTANCE) {
                    validate(eObject, basicDiagnostic, createValidationContext);
                    z |= eObject instanceof Realm;
                }
            }
            for (EObject eObject2 : getNewObjects()) {
                if (eObject2.eClass().getEPackage() == SecurityPackage.eINSTANCE) {
                    validate(eObject2, basicDiagnostic, createValidationContext);
                }
            }
            if (z) {
                return;
            }
            validate(getView().getObject(SecurityManager.this.realmID), basicDiagnostic, createValidationContext);
        }

        protected Map<Object, Object> createValidationContext() {
            HashMap hashMap = new HashMap();
            IStoreAccessor.CommitContext commitContext = getCommitContext();
            hashMap.put(CDORevisionProvider.class, commitContext);
            hashMap.put(CDOBranchPoint.class, commitContext.getBranchPoint());
            return hashMap;
        }

        protected void validate(EObject eObject, DiagnosticChain diagnosticChain, Map<Object, Object> map) {
            this.realmValidator.validate(eObject, diagnosticChain, map);
            Diagnostic error = getError(diagnosticChain);
            if (error != null) {
                throw new IRepository.WriteAccessHandler.TransactionValidationException("Security realm integrity violation: " + error.getMessage());
            }
        }

        protected Diagnostic getError(DiagnosticChain diagnosticChain) {
            Diagnostic diagnostic = (Diagnostic) diagnosticChain;
            if (diagnostic.getSeverity() < 4) {
                return null;
            }
            for (Diagnostic diagnostic2 : diagnostic.getChildren()) {
                if (diagnostic2.getSeverity() >= 4) {
                    return diagnostic2;
                }
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/SecurityManager$SecondaryRepository.class */
    public final class SecondaryRepository extends LifecycleEventAdapter implements IRepository.WriteAccessHandler {
        private final InternalRepository delegate;

        public SecondaryRepository(InternalRepository internalRepository) {
            this.delegate = internalRepository;
            InternalSessionManager sessionManager = internalRepository.getSessionManager();
            sessionManager.setAuthenticator(SecurityManager.this.authenticator);
            sessionManager.setPermissionManager(SecurityManager.this.permissionManager);
            sessionManager.addListener(SecurityManager.this.sessionManagerListener);
            internalRepository.addListener(this);
            internalRepository.addHandler(this);
            SecurityManager.this.register(internalRepository);
        }

        public void handleTransactionBeforeCommitting(ITransaction iTransaction, IStoreAccessor.CommitContext commitContext, OMMonitor oMMonitor) throws RuntimeException {
            handleNewPackageUnits(commitContext);
            SecurityManager.this.authorizeCommit(commitContext, SecurityManager.this.getUserInfo(iTransaction.getSession()));
        }

        public void handleTransactionAfterCommitted(ITransaction iTransaction, IStoreAccessor.CommitContext commitContext, OMMonitor oMMonitor) {
        }

        public void dispose() {
            SecurityManager.this.unregister(this.delegate);
        }

        protected void onDeactivated(ILifecycle iLifecycle) {
            SecurityManager.this.removeSecondaryRepository(this.delegate);
        }

        private void handleNewPackageUnits(IStoreAccessor.CommitContext commitContext) {
            InternalCDOPackageUnit[] newPackageUnits = commitContext.getNewPackageUnits();
            if (newPackageUnits == null || newPackageUnits.length == 0) {
                return;
            }
            InternalCDOPackageRegistry packageRegistry = SecurityManager.this.mo2getRepository().getPackageRegistry();
            ArrayList arrayList = new ArrayList();
            for (InternalCDOPackageUnit internalCDOPackageUnit : newPackageUnits) {
                if (!packageRegistry.containsKey(internalCDOPackageUnit.getID())) {
                    arrayList.add(CDOModelUtil.copyPackageUnit(internalCDOPackageUnit));
                }
            }
            if (arrayList.isEmpty()) {
                return;
            }
            InternalCDOPackageUnit[] internalCDOPackageUnitArr = (InternalCDOPackageUnit[]) arrayList.toArray(new InternalCDOPackageUnit[arrayList.size()]);
            try {
                RunnableWithException.forkAndWait(() -> {
                    InternalCDOPackageRegistry internalCDOPackageRegistry = packageRegistry;
                    synchronized (internalCDOPackageRegistry) {
                        packageRegistry.putPackageUnits(internalCDOPackageUnitArr, CDOPackageUnit.State.LOADED);
                        internalCDOPackageRegistry = internalCDOPackageRegistry;
                        commitRealmPackageUnits(internalCDOPackageUnitArr);
                    }
                });
            } catch (Exception e) {
                throw WrappedException.wrap(e);
            }
        }

        private void commitRealmPackageUnits(InternalCDOPackageUnit[] internalCDOPackageUnitArr) {
            IStoreAccessor writer = SecurityManager.this.mo2getRepository().getStore().getWriter((ITransaction) null);
            StoreThreadLocal.setAccessor(writer);
            try {
                writer.writePackageUnits(internalCDOPackageUnitArr, new Monitor());
                writer.commit(new Monitor());
            } finally {
                StoreThreadLocal.release();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/SecurityManager$UserInfo.class */
    public static final class UserInfo extends AtomicInteger {
        private static final long serialVersionUID = 1;
        private final User user;
        private Permission[] permissions;

        public UserInfo(User user) {
            this.user = user;
            rebuildPermissions();
        }

        public User getUser() {
            return this.user;
        }

        public String getUserId() {
            return this.user.getId();
        }

        public Access getDefaultAccess() {
            return this.user.getDefaultAccess();
        }

        public Permission[] getPermissions() {
            return this.permissions;
        }

        public void rebuildPermissions() {
            EList allPermissions = this.user.getAllPermissions();
            this.permissions = (Permission[]) allPermissions.toArray(new Permission[allPermissions.size()]);
        }

        public synchronized void addSessionRef() {
            incrementAndGet();
        }

        public synchronized boolean removeSessionRef() {
            return decrementAndGet() == 0;
        }

        @Override // java.util.concurrent.atomic.AtomicInteger
        public String toString() {
            return "UserInfo[user=" + getUserId() + ", refs=" + super.toString() + "]";
        }
    }

    /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/SecurityManager$WriteAccessHandler.class */
    private final class WriteAccessHandler implements IRepository.WriteAccessHandler {
        private final IRepository.WriteAccessHandler realmValidationHandler;

        public WriteAccessHandler() {
            this.realmValidationHandler = new RealmValidationHandler();
        }

        public void handleTransactionBeforeCommitting(ITransaction iTransaction, IStoreAccessor.CommitContext commitContext, OMMonitor oMMonitor) throws RuntimeException {
            if (iTransaction.getSessionID() == SecurityManager.this.realmSession.getSessionID()) {
                SecurityManager.this.handleCommit(commitContext, null);
                ((InternalCommitContext) commitContext).setSecurityImpact((byte) 2, (Set) null);
                return;
            }
            UserInfo userInfo = SecurityManager.this.getUserInfo(iTransaction.getSession());
            SecurityManager.this.handleCommit(commitContext, userInfo.getUser());
            SecurityManager.this.authorizeCommit(commitContext, userInfo);
            if (commitContext.getSecurityImpact() == 2) {
                this.realmValidationHandler.handleTransactionBeforeCommitting(iTransaction, commitContext, oMMonitor);
            }
        }

        public void handleTransactionAfterCommitted(ITransaction iTransaction, IStoreAccessor.CommitContext commitContext, OMMonitor oMMonitor) {
            if (commitContext.getSecurityImpact() == 2) {
                SecurityManager.this.rememberRealmCommit(commitContext.getBranchPoint());
            }
            SecurityManager.this.handleCommitted(commitContext);
        }
    }

    public SecurityManager(String str, IManagedContainer iManagedContainer) {
        this.passwordValidator = ALLOW_EMPTY_PASSWORDS ? null : EMPTY_PASSWORD_PREVENTER;
        this.lastRealmModificationLock = new Object();
        this.realmPath = str;
        this.container = iManagedContainer;
    }

    public final IManagedContainer getContainer() {
        return this.container;
    }

    @Override // org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager
    public final String getRealmPath() {
        return this.realmPath;
    }

    @Override // org.eclipse.emf.cdo.server.security.ISecurityManager
    /* renamed from: getRepository, reason: merged with bridge method [inline-methods] */
    public final InternalRepository mo2getRepository() {
        return this.repository;
    }

    @Override // org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager
    public void setRepository(InternalRepository internalRepository) {
        this.repository = internalRepository;
        if (isActive()) {
            init();
        }
    }

    @Override // org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager, org.eclipse.emf.cdo.server.security.ISecurityManager
    /* renamed from: getSecondaryRepositories */
    public InternalRepository[] mo3getSecondaryRepositories() {
        return (InternalRepository[]) this.secondaryRepositories.keySet().toArray(new InternalRepository[0]);
    }

    @Override // org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager
    public void addSecondaryRepository(InternalRepository internalRepository) {
        this.secondaryRepositories.computeIfAbsent(internalRepository, internalRepository2 -> {
            return new SecondaryRepository(internalRepository2);
        });
    }

    @Override // org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager
    public void removeSecondaryRepository(InternalRepository internalRepository) {
        SecondaryRepository remove = this.secondaryRepositories.remove(internalRepository);
        if (remove != null) {
            remove.dispose();
        }
    }

    public Consumer<String> getPasswordValidator() {
        return this.passwordValidator;
    }

    public void setPasswordValidator(Consumer<String> consumer) {
        checkInactive();
        this.passwordValidator = consumer;
    }

    @Override // org.eclipse.emf.cdo.server.security.ISecurityManager
    public Realm getRealm() {
        return this.realm;
    }

    public Role getRole(String str) {
        Role role = this.realm.getRole(str);
        if (role == null) {
            throw new SecurityException("Role " + str + " not found");
        }
        return role;
    }

    public Group getGroup(String str) {
        Group group = this.realm.getGroup(str);
        if (group == null) {
            throw new SecurityException("Group " + str + " not found");
        }
        return group;
    }

    public User getUser(String str) {
        User user = this.realm.getUser(str);
        if (user == null) {
            throw new SecurityException("User " + str + " not found");
        }
        return user;
    }

    public Role addRole(String str) {
        Role[] roleArr = new Role[1];
        modify(realm -> {
            roleArr[0] = realm.addRole(str);
        });
        return roleArr[0];
    }

    public Group addGroup(String str) {
        Group[] groupArr = new Group[1];
        modify(realm -> {
            groupArr[0] = realm.addGroup(str);
        });
        return groupArr[0];
    }

    public User addUser(String str) {
        User[] userArr = new User[1];
        modify(realm -> {
            userArr[0] = realm.addUser(str);
        });
        return userArr[0];
    }

    public User addUser(String str, String str2) {
        User[] userArr = new User[1];
        modify(realm -> {
            userArr[0] = realm.addUser(str);
            if (StringUtil.isEmpty(str2)) {
                return;
            }
            UserPassword createUserPassword = SF.createUserPassword();
            createUserPassword.setEncrypted(new String(str2));
            userArr[0].setPassword(createUserPassword);
        });
        return userArr[0];
    }

    public User addUser(IPasswordCredentials iPasswordCredentials) {
        return addUser(iPasswordCredentials.getUserID(), SecurityUtil.toString(iPasswordCredentials.getPassword()));
    }

    public User setPassword(String str, String str2) {
        if (this.passwordValidator != null) {
            this.passwordValidator.accept(str2);
        }
        User[] userArr = new User[1];
        modify(realm -> {
            userArr[0] = realm.setPassword(str, str2);
        });
        return userArr[0];
    }

    public Role removeRole(String str) {
        Role[] roleArr = new Role[1];
        modify(realm -> {
            roleArr[0] = realm.removeRole(str);
        });
        return roleArr[0];
    }

    public Group removeGroup(String str) {
        Group[] groupArr = new Group[1];
        modify(realm -> {
            groupArr[0] = realm.removeGroup(str);
        });
        return groupArr[0];
    }

    public User removeUser(String str) {
        User[] userArr = new User[1];
        modify(realm -> {
            userArr[0] = realm.removeUser(str);
        });
        return userArr[0];
    }

    @Override // org.eclipse.emf.cdo.server.security.ISecurityManager
    public void read(ISecurityManager.RealmOperation realmOperation) {
        checkReady();
        realmOperation.execute(this.realm);
    }

    @Override // org.eclipse.emf.cdo.server.security.ISecurityManager
    public void modify(ISecurityManager.RealmOperation realmOperation) {
        modify(realmOperation, false);
    }

    @Override // org.eclipse.emf.cdo.server.security.ISecurityManager
    public void modify(ISecurityManager.RealmOperation realmOperation, boolean z) {
        modifyWithInfo(realmOperation, z);
    }

    @Override // org.eclipse.emf.cdo.server.security.ISecurityManager
    public CDOCommitInfo modifyWithInfo(ISecurityManager.RealmOperation realmOperation, boolean z) {
        checkReady();
        CDOTransaction openTransaction = this.realmSession.openTransaction();
        try {
            try {
                realmOperation.execute((Realm) openTransaction.getObject(this.realm));
                CDOCommitInfo commit = openTransaction.commit();
                if (!z || this.realmView.waitForUpdate(commit.getTimeStamp(), REALM_UPDATE_TIMEOUT)) {
                    return commit;
                }
                throw new TimeoutRuntimeException();
            } catch (CommitException e) {
                throw WrappedException.wrap(e);
            }
        } finally {
            openTransaction.close();
        }
    }

    @Override // org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager
    public InternalSecurityManager.CommitHandler[] getCommitHandlers() {
        return this.commitHandlers;
    }

    @Override // org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager
    public InternalSecurityManager.CommitHandler2[] getCommitHandlers2() {
        return this.commitHandlers2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    @Override // org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager
    public void addCommitHandler(InternalSecurityManager.CommitHandler commitHandler) {
        checkInactive();
        ?? r0 = this.commitHandlerLock;
        synchronized (r0) {
            this.commitHandlers = (InternalSecurityManager.CommitHandler[]) ArrayUtil.add(this.commitHandlers, commitHandler);
            if (commitHandler instanceof InternalSecurityManager.CommitHandler2) {
                this.commitHandlers2 = (InternalSecurityManager.CommitHandler2[]) ArrayUtil.add(this.commitHandlers2, (InternalSecurityManager.CommitHandler2) commitHandler);
            }
            r0 = r0;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    @Override // org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager
    public void removeCommitHandler(InternalSecurityManager.CommitHandler commitHandler) {
        checkInactive();
        ?? r0 = this.commitHandlerLock;
        synchronized (r0) {
            this.commitHandlers = (InternalSecurityManager.CommitHandler[]) ArrayUtil.remove(this.commitHandlers, commitHandler);
            if (commitHandler instanceof InternalSecurityManager.CommitHandler2) {
                this.commitHandlers2 = (InternalSecurityManager.CommitHandler2[]) ArrayUtil.remove(this.commitHandlers2, (InternalSecurityManager.CommitHandler2) commitHandler);
            }
            r0 = r0;
        }
    }

    protected void initCommitHandlers(boolean z) {
        for (InternalSecurityManager.CommitHandler commitHandler : getCommitHandlers()) {
            try {
                commitHandler.init(this, z);
                OM.LOG.info("Security realm handled by " + commitHandler);
            } catch (Exception e) {
                OM.LOG.error(e);
            }
        }
    }

    protected void handleCommit(IStoreAccessor.CommitContext commitContext, User user) {
        for (InternalSecurityManager.CommitHandler commitHandler : getCommitHandlers()) {
            try {
                commitHandler.handleCommit(this, commitContext, user);
            } catch (Exception e) {
                OM.LOG.error(e);
            }
        }
    }

    protected void handleCommitted(IStoreAccessor.CommitContext commitContext) {
        for (InternalSecurityManager.CommitHandler2 commitHandler2 : getCommitHandlers2()) {
            try {
                commitHandler2.handleCommitted(this, commitContext);
            } catch (Exception e) {
                OM.LOG.error(e);
            }
        }
    }

    protected void checkReady() {
        if (this.realm == null || this.realmSession == null) {
            checkActive();
        }
    }

    protected void init() {
        if (this.realm == null && this.repository != null) {
            this.repository.addListener(this.repositoryListener);
            if (LifecycleUtil.isActive(this.repository)) {
                String name = this.repository.getName();
                String str = String.valueOf(name) + "_security";
                this.acceptor = Net4jUtil.getAcceptor(this.container, "jvm", str);
                this.connector = Net4jUtil.getConnector(this.container, "jvm", str);
                CDONet4jSessionConfiguration createNet4jSessionConfiguration = CDONet4jUtil.createNet4jSessionConfiguration();
                createNet4jSessionConfiguration.setConnector(this.connector);
                createNet4jSessionConfiguration.setRepositoryName(name);
                createNet4jSessionConfiguration.setUserID(ISecurityManager.SYSTEM_USER_ID);
                this.realmSession = createNet4jSessionConfiguration.openNet4jSession();
                this.realmSession.options().setGeneratedPackageEmulationEnabled(true);
                this.realmSession.addListener(this.realmInvalidationListener);
                CDOTransaction openTransaction = this.realmSession.openTransaction();
                boolean z = !openTransaction.hasResource(this.realmPath);
                if (z) {
                    this.realm = createRealm();
                    openTransaction.createResource(this.realmPath).getContents().add(this.realm);
                    OM.LOG.info("Security realm created in " + this.realmPath);
                } else {
                    this.realm = (Realm) openTransaction.getResource(this.realmPath).getContents().get(0);
                    OM.LOG.info("Security realm loaded from " + this.realmPath);
                }
                try {
                    try {
                        openTransaction.commit();
                        openTransaction.close();
                        this.realmView = this.realmSession.openView();
                        this.realmView.addListener(this.realmInvalidationListener);
                        this.realm = this.realmView.getObject(this.realm);
                        this.realmID = this.realm.cdoID();
                        InternalSessionManager sessionManager = this.repository.getSessionManager();
                        sessionManager.setAuthenticator(this.authenticator);
                        sessionManager.setPermissionManager(this.permissionManager);
                        sessionManager.addListener(this.sessionManagerListener);
                        this.repository.addHandler(this.writeAccessHandler);
                        register(this.repository);
                        initCommitHandlers(z);
                    } catch (Exception e) {
                        throw WrappedException.wrap(e);
                    }
                } catch (Throwable th) {
                    openTransaction.close();
                    throw th;
                }
            }
        }
    }

    protected Realm createRealm() {
        Realm createRealm = SF.createRealm("Security Realm");
        createRealm.setDefaultRoleDirectory(addDirectory(createRealm, "Roles"));
        createRealm.setDefaultGroupDirectory(addDirectory(createRealm, "Groups"));
        createRealm.setDefaultUserDirectory(addDirectory(createRealm, "Users"));
        createRealm.addRole("All Objects Reader").getPermissions().add(SF.createFilterPermission(Access.READ, new PermissionFilter[]{SF.createResourceFilter(".*", PatternStyle.REGEX)}));
        createRealm.addRole("All Objects Writer").getPermissions().add(SF.createFilterPermission(Access.WRITE, new PermissionFilter[]{SF.createResourceFilter(".*", PatternStyle.REGEX)}));
        createRealm.addRole("Normal Objects Reader").getPermissions().add(SF.createFilterPermission(Access.READ, new PermissionFilter[]{SF.createNotFilter(SF.createResourceFilter(this.realmPath, PatternStyle.EXACT, false))}));
        createRealm.addRole("Normal Objects Writer").getPermissions().add(SF.createFilterPermission(Access.WRITE, new PermissionFilter[]{SF.createNotFilter(SF.createResourceFilter(this.realmPath, PatternStyle.EXACT, false))}));
        createRealm.addRole("Resource Tree Reader").getPermissions().add(SF.createFilterPermission(Access.READ, new PermissionFilter[]{SF.createPackageFilter(EresourcePackage.eINSTANCE)}));
        createRealm.addRole("Resource Tree Writer").getPermissions().add(SF.createFilterPermission(Access.WRITE, new PermissionFilter[]{SF.createPackageFilter(EresourcePackage.eINSTANCE)}));
        Role addRole = createRealm.addRole("Administration");
        addRole.getPermissions().add(SF.createFilterPermission(Access.WRITE, new PermissionFilter[]{SF.createResourceFilter(this.realmPath, PatternStyle.EXACT, false)}));
        addRole.getPermissions().add(SF.createFilterPermission(Access.READ, new PermissionFilter[]{SF.createResourceFilter(this.realmPath, PatternStyle.EXACT, true)}));
        Group addGroup = createRealm.addGroup("Administrators");
        addGroup.getRoles().add(addRole);
        createRealm.addGroup("Users");
        createRealm.addUser("Administrator", "0000").getGroups().add(addGroup);
        return createRealm;
    }

    protected Directory addDirectory(Realm realm, String str) {
        Directory createDirectory = SF.createDirectory(str);
        realm.getItems().add(createDirectory);
        return createDirectory;
    }

    protected CDOPermission convertPermission(Access access) {
        if (access != null) {
            switch ($SWITCH_TABLE$org$eclipse$emf$cdo$security$Access()[access.ordinal()]) {
                case 1:
                    return CDOPermission.READ;
                case 2:
                    return CDOPermission.WRITE;
            }
        }
        return CDOPermission.NONE;
    }

    protected CDOPermission authorize(CDORevision cDORevision, CDORevisionProvider cDORevisionProvider, CDOBranchPoint cDOBranchPoint, ISession iSession, Access access, Permission[] permissionArr) {
        waitForRealmUpdate(cDOBranchPoint);
        boolean z = access == null;
        if (z) {
            UserInfo userInfo = getUserInfo(iSession);
            User user = userInfo.getUser();
            access = user.getDefaultAccess();
            permissionArr = userInfo.getPermissions();
            PermissionUtil.setUser(user.getId());
        }
        try {
            CDOPermission convertPermission = convertPermission(access);
            if (convertPermission == CDOPermission.WRITE) {
                return convertPermission;
            }
            for (Permission permission : permissionArr) {
                CDOPermission convertPermission2 = convertPermission(permission.getAccess());
                if (convertPermission2.ordinal() > convertPermission.ordinal() && permission.isApplicable(cDORevision, cDORevisionProvider, cDOBranchPoint)) {
                    convertPermission = convertPermission2;
                    if (convertPermission == CDOPermission.WRITE) {
                        if (z) {
                            PermissionUtil.setUser((String) null);
                        }
                        return convertPermission;
                    }
                }
            }
            CDOPermission cDOPermission = convertPermission;
            if (z) {
                PermissionUtil.setUser((String) null);
            }
            return cDOPermission;
        } finally {
            if (z) {
                PermissionUtil.setUser((String) null);
            }
        }
    }

    protected void authorizeCommit(final IStoreAccessor.CommitContext commitContext, UserInfo userInfo) {
        CDOID[] detachedObjects;
        PermissionUtil.setUser(userInfo.getUserId());
        PermissionUtil.initViewCreation(cDORevisionProvider -> {
            return CDOServerUtil.openView(commitContext);
        });
        try {
            CDOBranchPoint branchPoint = commitContext.getBranchPoint();
            ITransaction transaction = commitContext.getTransaction();
            ISession session = transaction.getSession();
            Access defaultAccess = userInfo.getDefaultAccess();
            Permission[] permissions = userInfo.getPermissions();
            if (!DISABLE_DETACH_CHECKS && (detachedObjects = commitContext.getDetachedObjects()) != null && detachedObjects.length != 0) {
                for (CDOID cdoid : detachedObjects) {
                    CDORevision revision = transaction.getRevision(cdoid);
                    if (authorize(revision, transaction, branchPoint, session, defaultAccess, permissions) != CDOPermission.WRITE) {
                        throw new SecurityException("User " + commitContext.getUserID() + " is not allowed to detach " + revision);
                    }
                }
            }
            final CDORevision[] dirtyObjects = commitContext.getDirtyObjects();
            final InternalCDORevisionDelta[] dirtyObjectDeltas = commitContext.getDirtyObjectDeltas();
            byte b = 0;
            for (int i = 0; i < dirtyObjects.length; i++) {
                CDORevision cDORevision = dirtyObjects[i];
                if (authorize(cDORevision, commitContext, branchPoint, session, defaultAccess, permissions) != CDOPermission.WRITE) {
                    throw new SecurityException("User " + commitContext.getUserID() + " is not allowed to write to " + cDORevision);
                }
                if (b != 2 && CDORevisionUtil.isContained(dirtyObjectDeltas[i].getID(), this.realmID, transaction)) {
                    b = 2;
                }
            }
            HashSet hashSet = null;
            if (b != 2) {
                PermissionImpl[] permissionImplArr = this.permissionArray;
                if (permissionImplArr.length != 0) {
                    PermissionImpl.CommitImpactContext commitImpactContext = new PermissionImpl.CommitImpactContext() { // from class: org.eclipse.emf.cdo.server.internal.security.SecurityManager.4
                        public CDORevision[] getNewObjects() {
                            return commitContext.getNewObjects();
                        }

                        public CDORevision[] getDirtyObjects() {
                            return dirtyObjects;
                        }

                        public CDORevisionDelta[] getDirtyObjectDeltas() {
                            return dirtyObjectDeltas;
                        }

                        public CDOID[] getDetachedObjects() {
                            return commitContext.getDetachedObjects();
                        }
                    };
                    for (PermissionImpl permissionImpl : permissionImplArr) {
                        if (permissionImpl.isImpacted(commitImpactContext)) {
                            if (hashSet == null) {
                                hashSet = new HashSet();
                            }
                            hashSet.add(permissionImpl);
                        }
                    }
                    if (hashSet != null) {
                        b = 1;
                    }
                }
            }
            ((InternalCommitContext) commitContext).setSecurityImpact(b, hashSet);
        } finally {
            PermissionUtil.setUser((String) null);
            PermissionUtil.doneViewCreation();
        }
    }

    protected void sessionAdded(ISession iSession) {
        String userID = iSession.getUserID();
        if (userID != null) {
            this.userInfos.computeIfAbsent(userID, str -> {
                UserInfo userInfo = new UserInfo(getUser(str));
                updatePermissions(userInfo, true);
                return userInfo;
            }).addSessionRef();
        }
    }

    protected void sessionRemoved(ISession iSession) {
        String userID = iSession.getUserID();
        if (userID != null) {
            this.userInfos.computeIfPresent(userID, (str, userInfo) -> {
                if (userInfo.removeSessionRef()) {
                    return null;
                }
                return userInfo;
            });
        }
    }

    protected UserInfo getUserInfo(ISession iSession) {
        String userID = iSession.getUserID();
        UserInfo userInfo = this.userInfos.get(userID);
        if (userInfo == null) {
            throw new IllegalStateException("No user info for " + userID);
        }
        return userInfo;
    }

    protected void clearUserInfos(boolean z) {
        Throwable th = this.permissionBag;
        synchronized (th) {
            this.permissionBag.clear();
            this.permissionArray = null;
            if (z) {
                for (UserInfo userInfo : this.userInfos.values()) {
                    userInfo.rebuildPermissions();
                    updatePermissions(userInfo, false);
                }
                updatePermissions(null, true);
            } else {
                this.userInfos.clear();
            }
            th = th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected void updatePermissions(UserInfo userInfo, boolean z) {
        Throwable th;
        Permission[] permissions = userInfo == null ? null : userInfo.getPermissions();
        Throwable th2 = this.permissionBag;
        synchronized (th2) {
            if (permissions != null) {
                th = null;
                int i = 0;
                while (i < permissions.length) {
                    Permission permission = permissions[i];
                    i++;
                    th = this.permissionBag.add((PermissionImpl) permission);
                }
            }
            if (z) {
                this.permissionArray = (PermissionImpl[]) this.permissionBag.toArray(new PermissionImpl[this.permissionBag.size()]);
            }
            th = th2;
        }
    }

    protected final boolean isAdministrator(User user) {
        Realm realm = getRealm();
        if (realm == null) {
            return false;
        }
        CDORevision cdoRevision = realm.cdoRevision();
        CDOView cdoView = realm.cdoView();
        CDOView cdoView2 = realm.cdoView();
        for (Permission permission : user.getAllPermissions()) {
            if (permission.getAccess() == Access.WRITE && permission.isApplicable(cdoRevision, cdoView, cdoView2)) {
                return true;
            }
        }
        return false;
    }

    protected void doActivate() throws Exception {
        super.doActivate();
        init();
    }

    protected void doDeactivate() throws Exception {
        clearUserInfos(false);
        this.realm = null;
        this.realmID = null;
        this.realmSession.close();
        this.realmSession = null;
        this.realmView = null;
        this.connector.close();
        this.connector = null;
        this.acceptor.close();
        this.acceptor = null;
        super.doDeactivate();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v4 */
    public void rememberRealmCommit(CDOBranchPoint cDOBranchPoint) {
        ?? r0 = this.lastRealmModificationLock;
        synchronized (r0) {
            this.lastRealmModification = Long.valueOf(cDOBranchPoint.getTimeStamp());
            r0 = r0;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8 */
    private void waitForRealmUpdate(CDOBranchPoint cDOBranchPoint) {
        long j;
        if (this.lastRealmModification != null) {
            ?? r0 = this.lastRealmModificationLock;
            synchronized (r0) {
                if (this.lastRealmModification != null) {
                    j = this.lastRealmModification.longValue();
                    this.lastRealmModification = null;
                } else {
                    j = 0;
                }
                r0 = r0;
                if (j != 0) {
                    long timeStamp = cDOBranchPoint.getTimeStamp();
                    if ((timeStamp == 0 || timeStamp < j) && !this.realmView.waitForUpdate(j, REALM_UPDATE_TIMEOUT)) {
                        throw new TimeoutRuntimeException();
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void register(InternalRepository internalRepository) {
        if (SECURITY_MANAGERS.putIfAbsent(internalRepository, this) != null) {
            throw new IllegalStateException("A security manager is already associated with repository " + internalRepository);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void unregister(InternalRepository internalRepository) {
        SECURITY_MANAGERS.remove(internalRepository);
    }

    public static InternalSecurityManager get(IRepository iRepository) {
        return SECURITY_MANAGERS.get(iRepository);
    }

    static /* synthetic */ int[] $SWITCH_TABLE$org$eclipse$emf$cdo$security$Access() {
        int[] iArr = $SWITCH_TABLE$org$eclipse$emf$cdo$security$Access;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[Access.values().length];
        try {
            iArr2[Access.READ.ordinal()] = 1;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[Access.WRITE.ordinal()] = 2;
        } catch (NoSuchFieldError unused2) {
        }
        $SWITCH_TABLE$org$eclipse$emf$cdo$security$Access = iArr2;
        return iArr2;
    }
}
