package org.openanzo.datasource.update;

import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections15.MultiMap;
import org.openanzo.datasource.IServerQuadStore;
import org.openanzo.datasource.services.BaseAuthorizationService;
import org.openanzo.exceptions.AnzoException;
import org.openanzo.exceptions.AnzoRuntimeException;
import org.openanzo.exceptions.ExceptionConstants;
import org.openanzo.ontologies.openanzo.Dataset;
import org.openanzo.ontologies.openanzo.NamedGraph;
import org.openanzo.rdf.Constants;
import org.openanzo.rdf.Statement;
import org.openanzo.rdf.URI;
import org.openanzo.rdf.datatype.TypeMaps;
import org.openanzo.rdf.utils.AnzoCollections;
import org.openanzo.rdf.utils.UriGenerator;
import org.openanzo.rdf.vocabulary.RDF;
import org.openanzo.services.IAuditLog;
import org.openanzo.services.INamedGraphUpdate;
import org.openanzo.services.Privilege;

/* loaded from: input_file:org/openanzo/datasource/update/ServerQuadStoreUpdateHandler.class */
public class ServerQuadStoreUpdateHandler implements INamedGraphUpdateHandler {
    private final IServerQuadStore quadStore;
    private ServerUpdateTransaction currentTransactionUpdateResults;
    private final boolean isReseting;
    private final Map<URI, Boolean> canAdd;
    private final Map<URI, Boolean> canRemove;
    private Boolean canInsertNamedGraphs;
    private Boolean canRemoveNamedGraphs;
    private final BaseAuthorizationService<?> authorizationService;
    private final Map<URI, URI> namedGraphUUID;
    IAuditLog auditLog;

    public ServerQuadStoreUpdateHandler(IServerQuadStore iServerQuadStore, BaseAuthorizationService<?> baseAuthorizationService, boolean z, IAuditLog iAuditLog) {
        this.canAdd = new HashMap();
        this.canRemove = new HashMap();
        this.canInsertNamedGraphs = null;
        this.canRemoveNamedGraphs = null;
        this.namedGraphUUID = new HashMap();
        this.auditLog = null;
        this.quadStore = iServerQuadStore;
        this.isReseting = z;
        this.authorizationService = baseAuthorizationService;
        this.auditLog = iAuditLog;
    }

    public ServerQuadStoreUpdateHandler(IServerQuadStore iServerQuadStore, BaseAuthorizationService<?> baseAuthorizationService, boolean z) {
        this(iServerQuadStore, baseAuthorizationService, z, null);
    }

    public void abort() {
        this.currentTransactionUpdateResults = null;
        this.canAdd.clear();
        this.canRemove.clear();
        this.canInsertNamedGraphs = null;
        this.canRemoveNamedGraphs = null;
        this.namedGraphUUID.clear();
    }

    public void setCurrentTransactionUpdateResults(ServerUpdateTransaction serverUpdateTransaction) {
        this.currentTransactionUpdateResults = serverUpdateTransaction;
    }

    @Override // org.openanzo.datasource.update.INamedGraphUpdateHandler
    public boolean handleStatements(boolean z, boolean z2, URI uri, Collection<Statement> collection) throws AnzoException {
        if (AnzoCollections.empty(collection)) {
            return true;
        }
        if (this.currentTransactionUpdateResults.hasError()) {
            return false;
        }
        if (z) {
            if (!z2 && !this.isReseting && !this.currentTransactionUpdateResults.getServerPrincipal().isSysadmin() && !checkAddAccess(uri)) {
                throw new AnzoException(ExceptionConstants.DATASOURCE.NO_ADD_TO_GRAPH_ERROR, uri.toString());
            }
            Iterator<Statement> it = collection.iterator();
            while (it.hasNext()) {
                this.quadStore.add(it.next());
            }
            return true;
        }
        if (!z2) {
            try {
                if (!this.isReseting && !this.currentTransactionUpdateResults.getServerPrincipal().isSysadmin() && !checkRemoveAccess(uri)) {
                    URI namedGraphUri = UriGenerator.getNamedGraphUri(uri);
                    for (Statement statement : collection) {
                        if (statement.getPredicate().equals(Dataset.defaultNamedGraphProperty) && (statement.getObject() instanceof URI)) {
                            URI namedGraphUri2 = UriGenerator.getNamedGraphUri((URI) statement.getObject());
                            if (checkRemoveAccess(namedGraphUri2)) {
                                this.quadStore.remove(statement);
                            } else if (getNamedGraphUUID(namedGraphUri2) != null) {
                                throw new AnzoException(ExceptionConstants.DATASOURCE.NO_REMOVE_FROM_DATASET, namedGraphUri2.toString(), namedGraphUri.toString());
                            }
                        } else if (getNamedGraphUUID(namedGraphUri) != null) {
                            throw new AnzoException(ExceptionConstants.DATASOURCE.NO_REMOVE_FROM_GRAPH_ERROR, namedGraphUri.toString());
                        }
                    }
                    return true;
                }
            } catch (AnzoException e) {
                if (e.getErrorCode() == ExceptionConstants.DATASOURCE.NAMEDGRAPH.NOT_FOUND) {
                    return true;
                }
                throw e;
            }
        }
        Iterator<Statement> it2 = collection.iterator();
        while (it2.hasNext()) {
            this.quadStore.remove(it2.next());
        }
        return true;
    }

    @Override // org.openanzo.datasource.update.INamedGraphUpdateHandler
    public boolean handleAddPrivilege(Statement statement) throws AnzoException {
        this.currentTransactionUpdateResults.getAclAdditions().add(statement);
        URI uri = (URI) statement.getSubject();
        URI predicate = statement.getPredicate();
        URI uri2 = (URI) statement.getObject();
        if (!this.isReseting && !this.currentTransactionUpdateResults.getServerPrincipal().isSysadmin() && !checkAddAccess(uri)) {
            throw new AnzoException(ExceptionConstants.DATASOURCE.NO_INSERT_NAMEDGRAPH_ACL_ERROR, uri.toString());
        }
        if (predicate.equals(NamedGraph.canBeAddedToByProperty) && this.currentTransactionUpdateResults.getServerPrincipal().getRoles().contains(uri2)) {
            this.canAdd.put(uri, true);
        } else if (predicate.equals(NamedGraph.canBeRemovedFromByProperty) && this.currentTransactionUpdateResults.getServerPrincipal().getRoles().contains(uri2)) {
            this.canRemove.put(uri, true);
        }
        this.quadStore.addAcl(uri, uri2, Privilege.lookup(predicate));
        if (this.auditLog != null) {
            this.auditLog.aclChange("serverQuadStore", this.quadStore.getInstanceURI(), uri, uri2, predicate, true, this.currentTransactionUpdateResults.getContext());
        }
        if (!statement.getSubject().equals(Constants.GRAPHS.GRAPHS_DATASET)) {
            return true;
        }
        if (predicate.equals(NamedGraph.canBeAddedToByProperty)) {
            this.canInsertNamedGraphs = null;
        }
        if (!predicate.equals(NamedGraph.canBeRemovedFromByProperty)) {
            return true;
        }
        this.canRemoveNamedGraphs = null;
        return true;
    }

    @Override // org.openanzo.datasource.update.INamedGraphUpdateHandler
    public boolean handleRemovePrivilege(Statement statement) throws AnzoException {
        this.currentTransactionUpdateResults.getAclRemovals().add(statement);
        URI uri = (URI) statement.getSubject();
        URI predicate = statement.getPredicate();
        URI uri2 = (URI) statement.getObject();
        if (!this.isReseting && !this.currentTransactionUpdateResults.getServerPrincipal().isSysadmin() && !checkRemoveAccess(uri)) {
            throw new AnzoException(ExceptionConstants.DATASOURCE.NO_REMOVE_NAMEDGRAPH_ACL_ERROR, uri.toString());
        }
        if (predicate.equals(NamedGraph.canBeAddedToByProperty) && this.currentTransactionUpdateResults.getServerPrincipal().getRoles().contains(uri2)) {
            this.canAdd.remove(uri);
        } else if (predicate.equals(NamedGraph.canBeRemovedFromByProperty) && this.currentTransactionUpdateResults.getServerPrincipal().getRoles().contains(uri2)) {
            this.canRemove.remove(uri);
        }
        if (statement.getSubject().equals(Constants.GRAPHS.GRAPHS_DATASET)) {
            if (predicate.equals(NamedGraph.canBeAddedToByProperty)) {
                this.canInsertNamedGraphs = null;
            }
            if (predicate.equals(NamedGraph.canBeRemovedFromByProperty)) {
                this.canRemoveNamedGraphs = null;
            }
        }
        this.quadStore.removeAcl(uri, uri2, Privilege.lookup(predicate));
        if (this.auditLog == null) {
            return true;
        }
        this.auditLog.aclChange("serverQuadStore", this.quadStore.getInstanceURI(), uri, uri2, predicate, false, this.currentTransactionUpdateResults.getContext());
        return true;
    }

    private URI getNamedGraphUUID(URI uri) throws AnzoException {
        URI uri2 = this.namedGraphUUID.get(uri);
        if (uri2 == null) {
            uri2 = this.quadStore.getNamedGraphUUID(uri);
            if (uri2 != null) {
                this.namedGraphUUID.put(uri, uri2);
            }
        }
        return uri2;
    }

    @Override // org.openanzo.datasource.update.INamedGraphUpdateHandler
    public boolean handleNamedGraphMetadata(URI uri, URI uri2, MultiMap<URI, Statement> multiMap, MultiMap<URI, Statement> multiMap2, HashSet<URI> hashSet, HashSet<URI> hashSet2, Collection<Statement> collection) throws AnzoException {
        boolean z;
        if (this.currentTransactionUpdateResults.hasError()) {
            return false;
        }
        if (uri.toString().startsWith("http://openanzo.org/namedGraphs/reserved/")) {
            throw new AnzoException(ExceptionConstants.DATASOURCE.NO_ADD_RESERVED_URI, uri.toString());
        }
        if (getNamedGraphUUID(uri) == null) {
            if (!(this.isReseting || this.currentTransactionUpdateResults.getServerPrincipal().isSysadmin() || checkInsertNamedGraphAccess().booleanValue())) {
                throw new AnzoException(ExceptionConstants.DATASOURCE.NO_INSERT_NAMEDGRAPH_ACL_ERROR, uri.toString());
            }
            if (uri2 == null) {
                uri2 = UriGenerator.generateMetadataGraphUri(uri);
            }
            this.canAdd.put(uri, true);
            this.canAdd.put(uri2, true);
            this.canRemove.put(uri, true);
            this.canRemove.put(uri2, true);
            URI generateNamedGraphUUIDNonRevisioned = UriGenerator.generateNamedGraphUUIDNonRevisioned();
            this.quadStore.addNewNamedGraph(uri, uri2, generateNamedGraphUUIDNonRevisioned);
            if (!uri.equals(Constants.GRAPHS.GRAPHS_DATASET) && !uri.equals(Constants.GRAPHS.METADATA_GRAPHS_DATASET)) {
                handleStatements(true, true, Constants.GRAPHS.GRAPHS_DATASET, Collections.singleton(Constants.valueFactory.createStatement(Constants.GRAPHS.GRAPHS_DATASET, Dataset.namedGraphProperty, uri, Constants.GRAPHS.GRAPHS_DATASET)));
                handleStatements(true, true, Constants.GRAPHS.METADATA_GRAPHS_DATASET, Collections.singleton(Constants.valueFactory.createStatement(Constants.GRAPHS.METADATA_GRAPHS_DATASET, Dataset.namedGraphProperty, uri2, Constants.GRAPHS.METADATA_GRAPHS_DATASET)));
            }
            URI userURI = this.isReseting ? this.currentTransactionUpdateResults.getServerPrincipal() == null ? Constants.DEFAULT_INTERNAL_USER : this.currentTransactionUpdateResults.getServerPrincipal().getUserURI() : this.currentTransactionUpdateResults.getServerPrincipal().getUserURI();
            this.namedGraphUUID.put(uri, generateNamedGraphUUIDNonRevisioned);
            this.quadStore.add(Constants.valueFactory.createStatement(uri, RDF.TYPE, NamedGraph.TYPE, uri2));
            this.quadStore.add(Constants.valueFactory.createStatement(uri, NamedGraph.hasMetadataGraphProperty, uri2, uri2));
            this.quadStore.add(Constants.valueFactory.createStatement(uri, NamedGraph.uuidProperty, generateNamedGraphUUIDNonRevisioned, uri2));
            this.quadStore.add(Constants.valueFactory.createStatement(uri, NamedGraph.createdProperty, Constants.valueFactory.createTypedLiteral(TypeMaps.getXMLCalendar(this.currentTransactionUpdateResults.getTransactionTimestamp())), uri2));
            this.quadStore.add(Constants.valueFactory.createStatement(uri, NamedGraph.createdByProperty, userURI, uri2));
            this.quadStore.add(Constants.valueFactory.createStatement(uri, NamedGraph.datasourceProperty, this.quadStore.getInstanceURI(), uri2));
            boolean notEmpty = AnzoCollections.notEmpty(hashSet2);
            boolean notEmpty2 = AnzoCollections.notEmpty(hashSet);
            HashSet hashSet3 = new HashSet();
            if (!notEmpty2 && !multiMap2.containsKey(NamedGraph.canBeReadByProperty) && !Constants.DEFAULT_SYSADMIN.equals(this.currentTransactionUpdateResults.getServerPrincipal().getUserURI())) {
                hashSet3.add(Constants.valueFactory.createStatement(uri2, NamedGraph.canBeReadByProperty, this.currentTransactionUpdateResults.getServerPrincipal().getUserURI(), uri2));
                this.quadStore.addAcl(uri2, this.currentTransactionUpdateResults.getServerPrincipal().getUserURI(), Privilege.READ);
            }
            if (!notEmpty2 && !multiMap2.containsKey(NamedGraph.canBeAddedToByProperty) && !Constants.DEFAULT_SYSADMIN.equals(this.currentTransactionUpdateResults.getServerPrincipal().getUserURI())) {
                hashSet3.add(Constants.valueFactory.createStatement(uri2, NamedGraph.canBeAddedToByProperty, this.currentTransactionUpdateResults.getServerPrincipal().getUserURI(), uri2));
                this.quadStore.addAcl(uri2, this.currentTransactionUpdateResults.getServerPrincipal().getUserURI(), Privilege.ADD);
            }
            if (!notEmpty2 && !multiMap2.containsKey(NamedGraph.canBeRemovedFromByProperty) && !Constants.DEFAULT_SYSADMIN.equals(this.currentTransactionUpdateResults.getServerPrincipal().getUserURI())) {
                hashSet3.add(Constants.valueFactory.createStatement(uri2, NamedGraph.canBeRemovedFromByProperty, this.currentTransactionUpdateResults.getServerPrincipal().getUserURI(), uri2));
                this.quadStore.addAcl(uri2, this.currentTransactionUpdateResults.getServerPrincipal().getUserURI(), Privilege.REMOVE);
            }
            if (!notEmpty && !multiMap.containsKey(NamedGraph.canBeReadByProperty) && !Constants.DEFAULT_SYSADMIN.equals(this.currentTransactionUpdateResults.getServerPrincipal().getUserURI())) {
                hashSet3.add(Constants.valueFactory.createStatement(uri, NamedGraph.canBeReadByProperty, this.currentTransactionUpdateResults.getServerPrincipal().getUserURI(), uri2));
                this.quadStore.addAcl(uri, this.currentTransactionUpdateResults.getServerPrincipal().getUserURI(), Privilege.READ);
            }
            if (!notEmpty && !multiMap.containsKey(NamedGraph.canBeAddedToByProperty) && !Constants.DEFAULT_SYSADMIN.equals(this.currentTransactionUpdateResults.getServerPrincipal().getUserURI())) {
                hashSet3.add(Constants.valueFactory.createStatement(uri, NamedGraph.canBeAddedToByProperty, this.currentTransactionUpdateResults.getServerPrincipal().getUserURI(), uri2));
                this.quadStore.addAcl(uri, this.currentTransactionUpdateResults.getServerPrincipal().getUserURI(), Privilege.ADD);
            }
            if (!notEmpty && !multiMap.containsKey(NamedGraph.canBeRemovedFromByProperty) && !Constants.DEFAULT_SYSADMIN.equals(this.currentTransactionUpdateResults.getServerPrincipal().getUserURI())) {
                hashSet3.add(Constants.valueFactory.createStatement(uri, NamedGraph.canBeRemovedFromByProperty, this.currentTransactionUpdateResults.getServerPrincipal().getUserURI(), uri2));
                this.quadStore.addAcl(uri, this.currentTransactionUpdateResults.getServerPrincipal().getUserURI(), Privilege.REMOVE);
            }
            for (Statement statement : multiMap.values()) {
                this.quadStore.addAcl((URI) statement.getSubject(), (URI) statement.getObject(), Privilege.lookup(statement.getPredicate()));
            }
            for (Statement statement2 : multiMap2.values()) {
                this.quadStore.addAcl((URI) statement2.getSubject(), (URI) statement2.getObject(), Privilege.lookup(statement2.getPredicate()));
            }
            if (AnzoCollections.notEmpty(hashSet3)) {
                handleStatements(true, true, uri2, hashSet3);
            }
            z = true;
        } else {
            if (uri2 == null) {
                uri2 = UriGenerator.generateMetadataGraphUri(uri);
            }
            if (multiMap.isEmpty() && multiMap2.isEmpty() && collection.isEmpty()) {
                return true;
            }
            z = this.isReseting || this.currentTransactionUpdateResults.getServerPrincipal().isSysadmin() || checkAddAccess(uri2);
            if (!z) {
                throw new AnzoException(ExceptionConstants.DATASOURCE.NO_INSERT_NAMEDGRAPH_ACL_ERROR, uri.toString());
            }
            Iterator<Statement> it = multiMap.values().iterator();
            while (it.hasNext()) {
                handleAddPrivilege(it.next());
            }
            Iterator<Statement> it2 = multiMap2.values().iterator();
            while (it2.hasNext()) {
                handleAddPrivilege(it2.next());
            }
        }
        if (!z || !AnzoCollections.notEmpty(collection)) {
            return true;
        }
        handleStatements(true, true, uri2, collection);
        return true;
    }

    @Override // org.openanzo.datasource.update.INamedGraphUpdateHandler
    public boolean handleRemoveNamedGraph(URI uri) throws AnzoException {
        if (this.currentTransactionUpdateResults.hasError()) {
            return false;
        }
        URI namedGraphUUID = getNamedGraphUUID(uri);
        if (namedGraphUUID == null) {
            removeNamedGraphUUID(uri);
            return false;
        }
        URI generateMetadataGraphUri = UriGenerator.generateMetadataGraphUri(uri);
        if (!this.isReseting && !this.currentTransactionUpdateResults.getServerPrincipal().isSysadmin() && !checkRemoveNamedGraphAccess(generateMetadataGraphUri)) {
            throw new AnzoException(ExceptionConstants.DATASOURCE.NO_REMOVE_NAMEDGRAPH_ACL_ERROR, uri.toString());
        }
        this.currentTransactionUpdateResults.getUpdatedDatasets().addAll(this.quadStore.removeNamedGraph(uri, namedGraphUUID, this.currentTransactionUpdateResults.getTransactionTimestamp()));
        if (!uri.equals(Constants.GRAPHS.GRAPHS_DATASET) && !uri.equals(Constants.GRAPHS.METADATA_GRAPHS_DATASET)) {
            handleStatements(false, true, Constants.GRAPHS.GRAPHS_DATASET, Collections.singleton(Constants.valueFactory.createStatement(Constants.GRAPHS.GRAPHS_DATASET, Dataset.namedGraphProperty, uri, Constants.GRAPHS.GRAPHS_DATASET)));
            handleStatements(false, true, Constants.GRAPHS.METADATA_GRAPHS_DATASET, Collections.singleton(Constants.valueFactory.createStatement(Constants.GRAPHS.METADATA_GRAPHS_DATASET, Dataset.namedGraphProperty, generateMetadataGraphUri, Constants.GRAPHS.METADATA_GRAPHS_DATASET)));
        }
        removeNamedGraphUUID(uri);
        return true;
    }

    public void removeNamedGraphUUID(URI uri) {
        this.namedGraphUUID.remove(uri);
    }

    private boolean checkAddAccess(URI uri) throws AnzoException {
        if (this.isReseting) {
            return true;
        }
        try {
            return this.canAdd.computeIfAbsent(uri, uri2 -> {
                try {
                    return Boolean.valueOf(AnzoCollections.memberOf(this.authorizationService.getRolesForGraph(this.currentTransactionUpdateResults.getContext(), uri2, Privilege.ADD, false), this.currentTransactionUpdateResults.getServerPrincipal().getRoles()));
                } catch (AnzoException e) {
                    throw new AnzoRuntimeException(e);
                }
            }).booleanValue();
        } catch (AnzoRuntimeException e) {
            throw e.getAnzoException();
        }
    }

    private boolean checkRemoveAccess(URI uri) throws AnzoException {
        if (this.isReseting) {
            return true;
        }
        try {
            return this.canRemove.computeIfAbsent(uri, uri2 -> {
                try {
                    return Boolean.valueOf(AnzoCollections.memberOf(this.authorizationService.getRolesForGraph(this.currentTransactionUpdateResults.getContext(), uri2, Privilege.REMOVE, false), this.currentTransactionUpdateResults.getServerPrincipal().getRoles()));
                } catch (AnzoException e) {
                    throw new AnzoRuntimeException(e);
                }
            }).booleanValue();
        } catch (AnzoRuntimeException e) {
            throw e.getAnzoException();
        }
    }

    private Boolean checkInsertNamedGraphAccess() throws AnzoException {
        if (this.isReseting) {
            return true;
        }
        if (this.canInsertNamedGraphs == null) {
            this.canInsertNamedGraphs = Boolean.valueOf(AnzoCollections.memberOf(this.authorizationService.getRolesForGraph(this.currentTransactionUpdateResults.getContext(), Constants.GRAPHS.GRAPHS_DATASET, Privilege.ADD, false), this.currentTransactionUpdateResults.getServerPrincipal().getRoles()));
        }
        return this.canInsertNamedGraphs;
    }

    private boolean checkRemoveNamedGraphAccess(URI uri) throws AnzoException {
        if (this.isReseting || this.currentTransactionUpdateResults.getContext().getOperationPrincipal().isSysadmin()) {
            return true;
        }
        if (this.canRemoveNamedGraphs == null) {
            this.canRemoveNamedGraphs = Boolean.valueOf(AnzoCollections.memberOf(this.authorizationService.getRolesForGraph(this.currentTransactionUpdateResults.getContext(), Constants.GRAPHS.GRAPHS_DATASET, Privilege.REMOVE, false), this.currentTransactionUpdateResults.getServerPrincipal().getRoles()));
        }
        if (!this.canRemoveNamedGraphs.booleanValue()) {
            return false;
        }
        try {
            return this.canRemove.computeIfAbsent(uri, uri2 -> {
                try {
                    return Boolean.valueOf(AnzoCollections.memberOf(this.authorizationService.getRolesForGraph(this.currentTransactionUpdateResults.getContext(), uri2, Privilege.REMOVE, false), this.currentTransactionUpdateResults.getServerPrincipal().getRoles()));
                } catch (AnzoException e) {
                    throw new AnzoRuntimeException(e);
                }
            }).booleanValue();
        } catch (AnzoRuntimeException e) {
            throw e.getAnzoException();
        }
    }

    @Override // org.openanzo.datasource.update.INamedGraphUpdateHandler
    public Collection<INamedGraphUpdate> reorderUpdates(Collection<INamedGraphUpdate> collection, Set<URI> set) throws AnzoException {
        return this.quadStore.reorderUpdates(collection, set);
    }
}
