package org.openanzo.datasource.services;

import java.io.IOException;
import java.io.Writer;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import java.util.concurrent.locks.Condition;
import java.util.concurrent.locks.ReentrantLock;
import java.util.stream.Collectors;
import org.apache.velocity.app.FieldMethodizer;
import org.apache.velocity.tools.generic.EscapeTool;
import org.openanzo.exceptions.AnzoException;
import org.openanzo.exceptions.AnzoRuntimeException;
import org.openanzo.exceptions.ExceptionConstants;
import org.openanzo.exceptions.IThrowingFunction1;
import org.openanzo.exceptions.IThrowingSupplier;
import org.openanzo.exceptions.LogUtils;
import org.openanzo.exceptions.Messages;
import org.openanzo.ontologies.foaf.Person;
import org.openanzo.ontologies.openanzo.Group;
import org.openanzo.ontologies.permission.Permission;
import org.openanzo.ontologies.permission.PermissionFactory;
import org.openanzo.ontologies.system.Credentials;
import org.openanzo.rdf.Constants;
import org.openanzo.rdf.Dataset;
import org.openanzo.rdf.IDataset;
import org.openanzo.rdf.MemURI;
import org.openanzo.rdf.Statement;
import org.openanzo.rdf.URI;
import org.openanzo.rdf.utils.Pair;
import org.openanzo.rdf.utils.ResourceNamedGraphPair;
import org.openanzo.rdf.utils.TemplateUtils;
import org.openanzo.rdf.vocabulary.RDF;
import org.openanzo.services.AnzoPrincipal;
import org.openanzo.services.DynamicServiceStats;
import org.openanzo.services.IAuthenticationService;
import org.openanzo.services.IClientEntitlementService;
import org.openanzo.services.IOperationContext;
import org.openanzo.services.ITokenAuthenticator;
import org.openanzo.services.IUserRolesExtender;
import org.openanzo.services.SecurityConstants;
import org.openanzo.services.impl.BaseOperationContext;
import org.openanzo.services.serialization.CommonSerializationUtils;
import org.openanzo.services.serialization.WriterURIValueSetHandler;
import org.pac4j.core.authorization.generator.FromAttributesAuthorizationGenerator;
import org.pac4j.core.profile.BasicUserProfile;
import org.pac4j.core.profile.UserProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.backoff.ExponentialBackOff;
import org.springframework.web.context.request.RequestContextHolder;

/* loaded from: input_file:org/openanzo/datasource/services/BaseAuthenticationService.class */
public abstract class BaseAuthenticationService implements IAuthenticationService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) BaseAuthenticationService.class);
    private static final String VELOCITY_USER_NAME = "userName";
    private static final String VELOCITY_USER_URI = "userURI";
    private static final String VELOCITY_USER_PROFILE = "userProfile";
    private static final String VELOCITY_OPERATION_CONTEXT = "operationContext";
    private static final String VELOCITY_AUTH_SERVICE = "authService";
    private static final String VELOCITY_AUTH_GENERATOR = "authGenerator";
    private static final String VELOCITY_PROPERTY_MAP = "propertiesToSave";
    protected AuthenticationCache cache;
    private final ITokenAuthenticator tokenAuthenticator;
    private IClientEntitlementService clientEntitlementService;
    private IDataset permissionRegistryDataset;
    private final DynamicServiceStats stats = new DynamicServiceStats("AuthenitcationService", new String[]{IAuthenticationService.AUTHENTICATE_USER, IAuthenticationService.GET_USER_PRINCIPAL, IAuthenticationService.GET_ROLES_FOR_USER});
    protected CopyOnWriteArraySet<IUserRolesExtender> roleExtenders = new CopyOnWriteArraySet<>();
    private ReentrantLock lock = new ReentrantLock();
    private Condition condition = this.lock.newCondition();
    private Set<String> waitingUsers = new HashSet();
    private Set<URI> waitingRoles = new HashSet();

    public BaseAuthenticationService(ITokenAuthenticator iTokenAuthenticator, IClientEntitlementService iClientEntitlementService, AuthenticationCache authenticationCache) {
        this.tokenAuthenticator = iTokenAuthenticator;
        this.clientEntitlementService = iClientEntitlementService;
        this.cache = authenticationCache;
        getStatistics().setEnabled(true);
    }

    public void clearCache() {
        if (this.cache != null) {
            this.cache.clear();
        }
    }

    public void setPermissionRegistryDataset(IDataset iDataset) {
        this.permissionRegistryDataset = iDataset;
        clearCache();
    }

    public IDataset getPermissionRegistryDataset() {
        return this.permissionRegistryDataset;
    }

    @Override // org.openanzo.services.IStatisticsProvider
    public DynamicServiceStats getStatistics() {
        return this.stats;
    }

    public void registerRoleExtender(IUserRolesExtender iUserRolesExtender) {
        this.roleExtenders.add(iUserRolesExtender);
        clearCache();
    }

    public void unregisterRoleExtender(IUserRolesExtender iUserRolesExtender) {
        this.roleExtenders.remove(iUserRolesExtender);
        clearCache();
    }

    @Override // org.openanzo.services.IAuthenticationServiceWithHandling
    public final AnzoPrincipal authenticateUserWithHandling(IOperationContext iOperationContext, String str, String str2) throws AnzoException {
        AnzoPrincipal authenticateUser = authenticateUser(iOperationContext, str, str2);
        if (authenticateUser != null) {
            onAuthenticationSuccess(iOperationContext, authenticateUser);
        }
        return authenticateUser;
    }

    @Override // org.openanzo.services.IAuthenticationServiceWithHandling
    public void onAuthenticationSuccess(IOperationContext iOperationContext, AnzoPrincipal anzoPrincipal) throws AnzoException {
        if (RequestContextHolder.getRequestAttributes() == null) {
            this.clientEntitlementService.onAuthenticationSuccess(iOperationContext, anzoPrincipal);
        }
    }

    @Override // org.openanzo.services.IAuthenticationService, org.openanzo.services.IAuthenticationServiceWithHandling
    public AnzoPrincipal authenticateUser(IOperationContext iOperationContext, String str, String str2) throws AnzoException {
        AnzoPrincipal validateJWTToken;
        long j = 0;
        if (this.stats.isEnabled()) {
            j = System.currentTimeMillis();
        }
        try {
            if (str == null) {
                throw new AnzoException(ExceptionConstants.SERVER.MISSING_ARG, "userId", IAuthenticationService.AUTHENTICATE_USER);
            }
            if (str.equals("@AuthenticationToken")) {
                String[] split = str2.split(":::");
                String str3 = split[0];
                String str4 = null;
                if (split.length > 1) {
                    str4 = split[1];
                }
                validateJWTToken = this.tokenAuthenticator.validateBrowserSession(str3, str4);
            } else {
                validateJWTToken = str.equals("@JWTToken") ? this.tokenAuthenticator.validateJWTToken(str2, str5 -> {
                    try {
                        return getUserPrincipal(iOperationContext, str5);
                    } catch (AnzoException e) {
                        throw new AnzoRuntimeException(e);
                    }
                }) : "@OAuthAccessToken".equals(str2) ? this.tokenAuthenticator.validateOAuthToken(str, str6 -> {
                    try {
                        return getUserPrincipal(iOperationContext, str6);
                    } catch (AnzoException e) {
                        throw new AnzoRuntimeException(e);
                    }
                }) : authenticateUserInternal(iOperationContext, str, str2);
            }
            if (this.cache != null && validateJWTToken != null && this.permissionRegistryDataset != null) {
                this.cache.cacheUser(str, validateJWTToken);
            }
            return validateJWTToken;
        } finally {
            if (this.stats.isEnabled()) {
                this.stats.use(IAuthenticationService.AUTHENTICATE_USER, System.currentTimeMillis() - j);
            }
        }
    }

    @Override // org.openanzo.services.IAuthenticationService
    public void authenticateUser(IOperationContext iOperationContext, String str, String str2, Writer writer, String str3) throws AnzoException {
        CommonSerializationUtils.writeAnzoPrincipal(authenticateUser(iOperationContext, str, str2), writer, str3);
    }

    @Override // org.openanzo.services.IAuthenticationService
    public AnzoPrincipal getUserPrincipal(IOperationContext iOperationContext, String str) throws AnzoException {
        AnzoPrincipal userPrincipalWithSearchCallback;
        long j = 0;
        if (this.stats.isEnabled()) {
            j = System.currentTimeMillis();
        }
        if (str == null) {
            throw new AnzoException(ExceptionConstants.SERVER.MISSING_ARG, "userId", IAuthenticationService.GET_USER_PRINCIPAL);
        }
        AnzoPrincipal ifSysadminUser = getIfSysadminUser(iOperationContext, str);
        if (ifSysadminUser != null) {
            return ifSysadminUser;
        }
        try {
            this.lock.lockInterruptibly();
            while (this.waitingUsers.contains(str)) {
                try {
                    try {
                        this.condition.await();
                    } catch (InterruptedException e) {
                        Thread.currentThread().interrupt();
                        throw new AnzoException(ExceptionConstants.CORE.INTERRUPTED, e, new String[0]);
                    }
                } finally {
                    this.lock.unlock();
                }
            }
            this.waitingUsers.add(str);
            try {
                Pair<Boolean, AnzoPrincipal> userPrincipal = this.cache != null ? this.cache.getUserPrincipal(iOperationContext, str) : null;
                if (userPrincipal != null) {
                    if (userPrincipal.first.booleanValue()) {
                        AnzoPrincipal anzoPrincipal = userPrincipal.second;
                        try {
                            this.lock.lockInterruptibly();
                            try {
                                this.waitingUsers.remove(str);
                                if (this.stats.isEnabled()) {
                                    this.stats.use(IAuthenticationService.GET_USER_PRINCIPAL, System.currentTimeMillis() - j);
                                }
                                return anzoPrincipal;
                            } finally {
                            }
                        } catch (InterruptedException e2) {
                            log.debug(LogUtils.INTERNAL_MARKER, Messages.formatString(ExceptionConstants.COMBUS.INTERRUPTED, new String[0]), (Throwable) e2);
                            Thread.currentThread().interrupt();
                            throw new AnzoException(ExceptionConstants.CORE.INTERRUPTED, e2, new String[0]);
                        }
                    }
                    userPrincipal.second.replaceRoles(getRolesForUser(iOperationContext, userPrincipal.second.getUserURI()));
                    AnzoPrincipal anzoPrincipal2 = userPrincipal.second;
                    try {
                        this.lock.lockInterruptibly();
                        try {
                            this.waitingUsers.remove(str);
                            if (this.stats.isEnabled()) {
                                this.stats.use(IAuthenticationService.GET_USER_PRINCIPAL, System.currentTimeMillis() - j);
                            }
                            return anzoPrincipal2;
                        } finally {
                        }
                    } catch (InterruptedException e3) {
                        log.debug(LogUtils.INTERNAL_MARKER, Messages.formatString(ExceptionConstants.COMBUS.INTERRUPTED, new String[0]), (Throwable) e3);
                        Thread.currentThread().interrupt();
                        throw new AnzoException(ExceptionConstants.CORE.INTERRUPTED, e3, new String[0]);
                    }
                }
                BasicUserProfile basicUserProfile = AnzoPrincipal.userProfileTL.get();
                String str2 = basicUserProfile != null ? (String) basicUserProfile.getAttribute(Constants.USER_PROFILE.USER_TEMPLATE) : null;
                if (str2 == null || basicUserProfile == null) {
                    userPrincipalWithSearchCallback = getUserPrincipalWithSearchCallback(iOperationContext, str, () -> {
                        return getUserURI(iOperationContext, str);
                    }, uri -> {
                        return getRoles(iOperationContext, uri);
                    });
                } else {
                    HashMap hashMap = new HashMap();
                    hashMap.put(VELOCITY_AUTH_SERVICE, this);
                    hashMap.put(VELOCITY_OPERATION_CONTEXT, iOperationContext);
                    hashMap.put(VELOCITY_USER_PROFILE, new CommonProfileWrapper(basicUserProfile));
                    hashMap.put(VELOCITY_USER_NAME, str);
                    hashMap.put(VELOCITY_AUTH_GENERATOR, new FromAttributesAuthorizationGenerator());
                    Dataset dataset = new Dataset();
                    basicUserProfile.addAttribute(AnzoPrincipal.PERSON_DATASET, dataset);
                    hashMap.put(AnzoPrincipal.PERSON_DATASET, dataset);
                    Dataset dataset2 = new Dataset();
                    basicUserProfile.addAttribute(AnzoPrincipal.GROUP_DATASET, dataset2);
                    hashMap.put(AnzoPrincipal.GROUP_DATASET, dataset2);
                    hashMap.put("vf", Constants.valueFactory);
                    hashMap.put("templateUtils", new TemplateUtils());
                    hashMap.put("esc", new EscapeTool());
                    hashMap.put("resourceNamedGraphFactory", new ResourceNamedGraphPair());
                    hashMap.put("person", new FieldMethodizer(Person.class.getName()));
                    hashMap.put("group", new FieldMethodizer(Group.class.getName()));
                    hashMap.put("credentials", new FieldMethodizer(Credentials.class.getName()));
                    URI create = MemURI.create(TemplateUtils.resolveVelocityTemplate(str2, (Map<String, Object>) hashMap));
                    Set set = (Set) basicUserProfile.getRoles().stream().map(str3 -> {
                        return MemURI.create(str3);
                    }).collect(Collectors.toSet());
                    userPrincipalWithSearchCallback = getUserPrincipalWithSearchCallback(iOperationContext, str, () -> {
                        return create;
                    }, uri2 -> {
                        return set;
                    });
                }
                if (userPrincipalWithSearchCallback != null && this.cache != null && this.permissionRegistryDataset != null) {
                    this.cache.cacheUser(str, userPrincipalWithSearchCallback);
                }
                AnzoPrincipal anzoPrincipal3 = userPrincipalWithSearchCallback;
                try {
                    this.lock.lockInterruptibly();
                    try {
                        this.waitingUsers.remove(str);
                        if (this.stats.isEnabled()) {
                            this.stats.use(IAuthenticationService.GET_USER_PRINCIPAL, System.currentTimeMillis() - j);
                        }
                        return anzoPrincipal3;
                    } finally {
                    }
                } catch (InterruptedException e4) {
                    log.debug(LogUtils.INTERNAL_MARKER, Messages.formatString(ExceptionConstants.COMBUS.INTERRUPTED, new String[0]), (Throwable) e4);
                    Thread.currentThread().interrupt();
                    throw new AnzoException(ExceptionConstants.CORE.INTERRUPTED, e4, new String[0]);
                }
            } catch (Throwable th) {
                try {
                    this.lock.lockInterruptibly();
                    try {
                        this.waitingUsers.remove(str);
                        throw th;
                    } finally {
                    }
                } catch (InterruptedException e5) {
                    log.debug(LogUtils.INTERNAL_MARKER, Messages.formatString(ExceptionConstants.COMBUS.INTERRUPTED, new String[0]), (Throwable) e5);
                    Thread.currentThread().interrupt();
                    throw new AnzoException(ExceptionConstants.CORE.INTERRUPTED, e5, new String[0]);
                }
            }
        } catch (InterruptedException e6) {
            log.debug(LogUtils.INTERNAL_MARKER, Messages.formatString(ExceptionConstants.COMBUS.INTERRUPTED, new String[0]), (Throwable) e6);
            Thread.currentThread().interrupt();
            throw new AnzoException(ExceptionConstants.CORE.INTERRUPTED, e6, new String[0]);
        }
        if (this.stats.isEnabled()) {
            this.stats.use(IAuthenticationService.GET_USER_PRINCIPAL, System.currentTimeMillis() - j);
        }
    }

    public abstract String getServiceUsername();

    public abstract boolean isAnonymousUserEnabled();

    public abstract boolean isGlobalAnonymousEnabled();

    public abstract Set<URI> getSysadminRoles();

    private AnzoPrincipal getUserPrincipalWithSearchCallback(IOperationContext iOperationContext, String str, IThrowingSupplier<URI, AnzoException> iThrowingSupplier, IThrowingFunction1<URI, Set<URI>, AnzoException> iThrowingFunction1) throws AnzoException {
        try {
            if (str.equals(getServiceUsername())) {
                return getPrincipal(str, Constants.DEFAULT_SYSADMIN, true, false, anzoPrincipal -> {
                    return getSysadminRoles(iOperationContext, anzoPrincipal);
                });
            }
            if (isAnonymousUserEnabled() && str.equals(Constants.DEFAULT_ANONYMOUS_USER)) {
                return getPrincipal(str, Constants.DEFAULT_ANONYMOUS, false, true, anzoPrincipal2 -> {
                    return getAnonymousRoles(iOperationContext, anzoPrincipal2, isGlobalAnonymousEnabled());
                });
            }
            URI uri = iThrowingSupplier.get();
            return getPrincipal(str, uri, false, false, anzoPrincipal3 -> {
                iOperationContext.setOperationPrincipal(anzoPrincipal3);
                return getRolesForUserWithCallback(iOperationContext, uri, iThrowingFunction1);
            });
        } catch (AnzoException e) {
            log.info(LogUtils.SECURITY_MARKER, "Error getting user pricipal", (Throwable) e);
            throw e;
        }
    }

    private AnzoPrincipal getPrincipal(String str, URI uri, boolean z, boolean z2, IThrowingFunction1<AnzoPrincipal, Set<URI>, AnzoException> iThrowingFunction1) throws AnzoException {
        boolean z3;
        HashSet<URI> hashSet = new HashSet();
        hashSet.addAll(iThrowingFunction1.apply(new AnzoPrincipal(str, uri, hashSet, z, z2)));
        if (z) {
            z3 = true;
        } else if (getSysadminRoles().isEmpty()) {
            z3 = z;
        } else {
            z3 = false;
            for (URI uri2 : hashSet) {
                if (!z3 && getSysadminRoles().contains(uri2)) {
                    z3 = true;
                }
            }
        }
        return new AnzoPrincipal(str, uri, hashSet, z3, z2);
    }

    @Override // org.openanzo.services.IAuthenticationService
    public void getUserPrincipal(IOperationContext iOperationContext, String str, Writer writer, String str2) throws AnzoException {
        AnzoPrincipal userPrincipal = getUserPrincipal(iOperationContext, str);
        if (userPrincipal != null) {
            CommonSerializationUtils.writeAnzoPrincipal(userPrincipal, writer, str2);
        }
    }

    public Set<URI> getRolesForUserWithCallback(IOperationContext iOperationContext, URI uri, IThrowingFunction1<URI, Set<URI>, AnzoException> iThrowingFunction1) throws AnzoException {
        long j = 0;
        if (this.stats.isEnabled()) {
            j = System.currentTimeMillis();
        }
        try {
            if (uri == null) {
                throw new AnzoException(ExceptionConstants.SERVER.MISSING_ARG, "userUri", IAuthenticationService.GET_ROLES_FOR_USER);
            }
            try {
                this.lock.lockInterruptibly();
                while (this.waitingRoles.contains(uri)) {
                    try {
                        try {
                            this.condition.await();
                        } catch (InterruptedException e) {
                            Thread.currentThread().interrupt();
                            throw new AnzoException(ExceptionConstants.CORE.INTERRUPTED, e, new String[0]);
                        }
                    } finally {
                        this.lock.unlock();
                    }
                }
                this.waitingRoles.add(uri);
                try {
                    Set<URI> rolesForUser = this.cache != null ? this.cache.getRolesForUser(uri) : null;
                    if (rolesForUser == null) {
                        rolesForUser = getRolesSetWithCallback(iOperationContext, uri, iThrowingFunction1);
                        extendRolesForUserAndCache(iOperationContext.getOperationPrincipal(), uri, rolesForUser);
                    }
                    Set<URI> set = rolesForUser;
                    try {
                        this.lock.lockInterruptibly();
                        try {
                            this.waitingRoles.remove(uri);
                            return set;
                        } finally {
                        }
                    } catch (InterruptedException e2) {
                        log.debug(LogUtils.INTERNAL_MARKER, Messages.formatString(ExceptionConstants.COMBUS.INTERRUPTED, new String[0]), (Throwable) e2);
                        Thread.currentThread().interrupt();
                        throw new AnzoException(ExceptionConstants.CORE.INTERRUPTED, e2, new String[0]);
                    }
                } catch (Throwable th) {
                    try {
                        this.lock.lockInterruptibly();
                        try {
                            this.waitingRoles.remove(uri);
                            throw th;
                        } finally {
                        }
                    } catch (InterruptedException e3) {
                        log.debug(LogUtils.INTERNAL_MARKER, Messages.formatString(ExceptionConstants.COMBUS.INTERRUPTED, new String[0]), (Throwable) e3);
                        Thread.currentThread().interrupt();
                        throw new AnzoException(ExceptionConstants.CORE.INTERRUPTED, e3, new String[0]);
                    }
                }
            } catch (InterruptedException e4) {
                log.debug(LogUtils.INTERNAL_MARKER, Messages.formatString(ExceptionConstants.COMBUS.INTERRUPTED, new String[0]), (Throwable) e4);
                Thread.currentThread().interrupt();
                throw new AnzoException(ExceptionConstants.CORE.INTERRUPTED, e4, new String[0]);
            }
        } finally {
            if (this.stats.isEnabled()) {
                this.stats.use(IAuthenticationService.GET_ROLES_FOR_USER, System.currentTimeMillis() - j);
            }
        }
    }

    protected Set<URI> getRolesSetWithCallback(IOperationContext iOperationContext, URI uri, IThrowingFunction1<URI, Set<URI>, AnzoException> iThrowingFunction1) throws AnzoException {
        HashSet hashSet = new HashSet();
        hashSet.add(uri);
        hashSet.add(Constants.EVERYONE_ROLE);
        if (!uri.equals(Constants.DEFAULT_ANONYMOUS)) {
            hashSet.add(Constants.AUTHENTICATED_USERS_ROLE);
            hashSet.addAll(iThrowingFunction1.apply(uri));
        }
        return hashSet;
    }

    @Override // org.openanzo.services.IAuthenticationService
    public Set<URI> getRolesForUser(IOperationContext iOperationContext, URI uri) throws AnzoException {
        long j = 0;
        if (this.stats.isEnabled()) {
            j = System.currentTimeMillis();
        }
        try {
            if (uri == null) {
                throw new AnzoException(ExceptionConstants.SERVER.MISSING_ARG, "userUri", IAuthenticationService.GET_ROLES_FOR_USER);
            }
            try {
                this.lock.lockInterruptibly();
                while (this.waitingRoles.contains(uri)) {
                    try {
                        try {
                            this.condition.await();
                        } catch (InterruptedException e) {
                            Thread.currentThread().interrupt();
                            throw new AnzoException(ExceptionConstants.CORE.INTERRUPTED, e, new String[0]);
                        }
                    } finally {
                        this.lock.unlock();
                    }
                }
                this.waitingRoles.add(uri);
                try {
                    Set<URI> rolesForUser = this.cache != null ? this.cache.getRolesForUser(uri) : null;
                    if (rolesForUser == null) {
                        UserProfile userProfile = AnzoPrincipal.userProfileTL.get();
                        String str = userProfile != null ? (String) userProfile.getAttribute(Constants.USER_PROFILE.USER_TEMPLATE) : null;
                        rolesForUser = getRolesSetWithCallback(iOperationContext, uri, (str == null || userProfile == null) ? uri2 -> {
                            return getRoles(iOperationContext, uri2);
                        } : uri3 -> {
                            HashMap hashMap = new HashMap();
                            hashMap.put(VELOCITY_AUTH_SERVICE, this);
                            hashMap.put(VELOCITY_OPERATION_CONTEXT, iOperationContext);
                            hashMap.put(VELOCITY_USER_PROFILE, userProfile);
                            hashMap.put(VELOCITY_USER_URI, uri);
                            TemplateUtils.resolveVelocityTemplate(str, (Map<String, Object>) hashMap);
                            return (Set) userProfile.getRoles().stream().map(str2 -> {
                                return MemURI.create(str2);
                            }).collect(Collectors.toSet());
                        });
                        extendRolesForUserAndCache(iOperationContext.getOperationPrincipal(), uri, rolesForUser);
                    }
                    Set<URI> set = rolesForUser;
                    try {
                        this.lock.lockInterruptibly();
                        try {
                            this.waitingRoles.remove(uri);
                            return set;
                        } finally {
                        }
                    } catch (InterruptedException e2) {
                        log.debug(LogUtils.INTERNAL_MARKER, Messages.formatString(ExceptionConstants.COMBUS.INTERRUPTED, new String[0]), (Throwable) e2);
                        Thread.currentThread().interrupt();
                        throw new AnzoException(ExceptionConstants.CORE.INTERRUPTED, e2, new String[0]);
                    }
                } catch (Throwable th) {
                    try {
                        this.lock.lockInterruptibly();
                        try {
                            this.waitingRoles.remove(uri);
                            throw th;
                        } finally {
                        }
                    } catch (InterruptedException e3) {
                        log.debug(LogUtils.INTERNAL_MARKER, Messages.formatString(ExceptionConstants.COMBUS.INTERRUPTED, new String[0]), (Throwable) e3);
                        Thread.currentThread().interrupt();
                        throw new AnzoException(ExceptionConstants.CORE.INTERRUPTED, e3, new String[0]);
                    }
                }
            } catch (InterruptedException e4) {
                log.debug(LogUtils.INTERNAL_MARKER, Messages.formatString(ExceptionConstants.COMBUS.INTERRUPTED, new String[0]), (Throwable) e4);
                Thread.currentThread().interrupt();
                throw new AnzoException(ExceptionConstants.CORE.INTERRUPTED, e4, new String[0]);
            }
        } finally {
            if (this.stats.isEnabled()) {
                this.stats.use(IAuthenticationService.GET_ROLES_FOR_USER, System.currentTimeMillis() - j);
            }
        }
    }

    private void extendRolesForUserAndCache(AnzoPrincipal anzoPrincipal, URI uri, Set<URI> set) throws AnzoException {
        if (this.permissionRegistryDataset == null) {
            return;
        }
        try {
            if (this.cache != null) {
                this.cache.cacheRolesForUser(uri, set);
            }
            HashSet hashSet = new HashSet();
            BaseOperationContext baseOperationContext = new BaseOperationContext("augmentRoles", BaseOperationContext.generateOperationId(), new AnzoPrincipal("sysadmin", null, new HashSet(), true, false));
            baseOperationContext.setAttribute("timeout", Long.valueOf(ExponentialBackOff.DEFAULT_MAX_INTERVAL));
            Iterator<IUserRolesExtender> it = this.roleExtenders.iterator();
            while (it.hasNext()) {
                Set<URI> rolesForUser = it.next().getRolesForUser(baseOperationContext, uri, set);
                if (rolesForUser != null) {
                    set.addAll(rolesForUser);
                }
            }
            boolean z = true;
            for (URI uri2 : set) {
                Collection<Statement> find = this.permissionRegistryDataset.find(uri2, RDF.TYPE, Permission.TYPE, new URI[0]);
                if (find.isEmpty()) {
                    hashSet.add(uri2);
                } else {
                    Statement next = find.iterator().next();
                    z = z && addIfLicenseAllowed(anzoPrincipal, hashSet, PermissionFactory.getPermission(next.getSubject(), next.getNamedGraphUri(), this.permissionRegistryDataset));
                }
            }
            set.clear();
            set.addAll(hashSet);
            if (!z) {
                this.cache.cacheRolesForUser(uri, null);
            } else {
                if (this.cache == null || set == null) {
                    return;
                }
                this.cache.cacheRolesForUser(uri, set);
            }
        } catch (Throwable th) {
            log.error("Exception encountered but ignoring it and allowing user to proceed with whatever roles they have:", th);
            if (this.cache != null) {
                this.cache.cacheRolesForUser(uri, null);
            }
        }
    }

    @Override // org.openanzo.services.IAuthenticationService
    public void getRolesForUser(IOperationContext iOperationContext, URI uri, Writer writer, String str) throws AnzoException {
        Set<URI> rolesForUser = getRolesForUser(iOperationContext, uri);
        if (rolesForUser != null) {
            try {
                WriterURIValueSetHandler writerURIValueSetHandler = new WriterURIValueSetHandler(writer, str);
                writerURIValueSetHandler.start();
                Iterator<URI> it = rolesForUser.iterator();
                while (it.hasNext()) {
                    writerURIValueSetHandler.handleValue(it.next());
                }
                writerURIValueSetHandler.end();
            } catch (IOException e) {
                throw new AnzoException(ExceptionConstants.IO.WRITE_ERROR, e, new String[0]);
            }
        }
    }

    protected abstract AnzoPrincipal authenticateUserInternal(IOperationContext iOperationContext, String str, String str2) throws AnzoException;

    protected abstract AnzoPrincipal getIfSysadminUser(IOperationContext iOperationContext, String str) throws AnzoException;

    private boolean addIfLicenseAllowed(AnzoPrincipal anzoPrincipal, Set<URI> set, Permission permission) {
        URI uri = (URI) permission.resource();
        if (this.clientEntitlementService == null) {
            return false;
        }
        try {
            if (permission.getIsLicenseFeature() == null || permission.getIsLicenseFeature().booleanValue()) {
                BaseOperationContext baseOperationContext = new BaseOperationContext(IClientEntitlementService.IS_FEATURE_VALID, BaseOperationContext.generateOperationId(), anzoPrincipal);
                try {
                    SecurityConstants.ignoreUserRoles.set(true);
                    this.clientEntitlementService.isFeatureValid(baseOperationContext, uri.getLocalName(), "5.0.0");
                } finally {
                    SecurityConstants.ignoreUserRoles.remove();
                }
            }
            set.add(uri);
            return true;
        } catch (AnzoException unused) {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<URI> getSysadminRoles(IOperationContext iOperationContext, AnzoPrincipal anzoPrincipal) throws AnzoException {
        Set<URI> rolesForUser = this.cache != null ? this.cache.getRolesForUser(Constants.DEFAULT_SYSADMIN) : null;
        if (rolesForUser == null) {
            rolesForUser = new HashSet();
            rolesForUser.add(Constants.DEFAULT_SYSADMIN);
            rolesForUser.add(Constants.AUTHENTICATED_USERS_ROLE);
            rolesForUser.add(Constants.EVERYONE_ROLE);
            extendRolesForUserAndCache(anzoPrincipal, Constants.DEFAULT_SYSADMIN, rolesForUser);
        }
        return rolesForUser;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<URI> getAnonymousRoles(IOperationContext iOperationContext, AnzoPrincipal anzoPrincipal, boolean z) throws AnzoException {
        Set<URI> rolesForUser = this.cache != null ? this.cache.getRolesForUser(Constants.DEFAULT_ANONYMOUS) : null;
        if (rolesForUser == null) {
            rolesForUser = new HashSet();
            rolesForUser.add(Constants.DEFAULT_ANONYMOUS);
            rolesForUser.add(Constants.EVERYONE_ROLE);
            extendRolesForUserAndCache(anzoPrincipal, Constants.DEFAULT_ANONYMOUS, rolesForUser);
        }
        return rolesForUser;
    }

    public void stop() throws AnzoException {
        if (this.permissionRegistryDataset != null) {
            try {
                this.permissionRegistryDataset.close();
            } catch (Exception e) {
                log.debug(LogUtils.LIFECYCLE_MARKER, "Error closing registry", (Throwable) e);
            }
        }
    }

    protected abstract URI getUserURI(IOperationContext iOperationContext, String str) throws AnzoException;

    protected abstract Set<URI> getRoles(IOperationContext iOperationContext, URI uri) throws AnzoException;
}
