package org.eclipse.emf.cdo.server.internal.security;

import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.eclipse.emf.cdo.security.Group;
import org.eclipse.emf.cdo.security.Realm;
import org.eclipse.emf.cdo.security.Role;
import org.eclipse.emf.cdo.security.SecurityItem;
import org.eclipse.emf.cdo.security.User;
import org.eclipse.emf.cdo.server.ISession;
import org.eclipse.emf.cdo.server.security.ISecurityManager;
import org.eclipse.emf.cdo.server.security.SecurityManagerUtil;
import org.eclipse.emf.cdo.spi.server.AbstractOperationAuthorizer;
import org.eclipse.net4j.util.factory.ProductCreationException;

/* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/RealmOperationAuthorizer.class */
public abstract class RealmOperationAuthorizer<T extends SecurityItem> extends AbstractOperationAuthorizer<ISession> {
    private final Set<String> itemIDs;

    /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/RealmOperationAuthorizer$Factory.class */
    public static abstract class Factory<T extends SecurityItem> extends AbstractOperationAuthorizer.Factory<ISession> {
        public Factory(String str) {
            super(str);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: create, reason: merged with bridge method [inline-methods] */
        public RealmOperationAuthorizer<T> m0create(String str, String str2) throws ProductCreationException {
            HashSet hashSet = new HashSet();
            if (str2 != null) {
                for (String str3 : str2.split(",")) {
                    String trim = str3.trim();
                    if (trim.length() != 0) {
                        hashSet.add(trim);
                    }
                }
            }
            return create(str, hashSet);
        }

        protected abstract RealmOperationAuthorizer<T> create(String str, Set<String> set) throws ProductCreationException;
    }

    /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/RealmOperationAuthorizer$RequireGroup.class */
    public static final class RequireGroup extends RealmOperationAuthorizer<Group> {

        /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/RealmOperationAuthorizer$RequireGroup$Factory.class */
        public static final class Factory extends Factory<Group> {
            public static final String TYPE = "requireGroup";

            public Factory() {
                super(TYPE);
            }

            @Override // org.eclipse.emf.cdo.server.internal.security.RealmOperationAuthorizer.Factory
            protected RealmOperationAuthorizer<Group> create(String str, Set<String> set) throws ProductCreationException {
                return new RequireGroup(str, set);
            }

            @Override // org.eclipse.emf.cdo.server.internal.security.RealmOperationAuthorizer.Factory
            /* renamed from: create, reason: avoid collision after fix types in other method */
            protected /* bridge */ /* synthetic */ RealmOperationAuthorizer<Group> create2(String str, Set set) throws ProductCreationException {
                return create(str, (Set<String>) set);
            }
        }

        public RequireGroup(String str, Set<String> set) {
            super(str, set);
        }

        @Override // org.eclipse.emf.cdo.server.internal.security.RealmOperationAuthorizer
        protected Collection<Group> getItemsOfUser(User user) {
            return user.getAllGroups();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.eclipse.emf.cdo.server.internal.security.RealmOperationAuthorizer
        public String getID(Group group) {
            return group.getId();
        }
    }

    /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/RealmOperationAuthorizer$RequireRole.class */
    public static final class RequireRole extends RealmOperationAuthorizer<Role> {

        /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/RealmOperationAuthorizer$RequireRole$Factory.class */
        public static final class Factory extends Factory<Role> {
            public static final String TYPE = "requireRole";

            public Factory() {
                super(TYPE);
            }

            @Override // org.eclipse.emf.cdo.server.internal.security.RealmOperationAuthorizer.Factory
            protected RealmOperationAuthorizer<Role> create(String str, Set<String> set) throws ProductCreationException {
                return new RequireRole(str, set);
            }

            @Override // org.eclipse.emf.cdo.server.internal.security.RealmOperationAuthorizer.Factory
            /* renamed from: create, reason: avoid collision after fix types in other method */
            protected /* bridge */ /* synthetic */ RealmOperationAuthorizer<Role> create2(String str, Set set) throws ProductCreationException {
                return create(str, (Set<String>) set);
            }
        }

        public RequireRole(String str, Set<String> set) {
            super(str, set);
        }

        @Override // org.eclipse.emf.cdo.server.internal.security.RealmOperationAuthorizer
        protected Collection<Role> getItemsOfUser(User user) {
            return user.getAllRoles();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.eclipse.emf.cdo.server.internal.security.RealmOperationAuthorizer
        public String getID(Role role) {
            return role.getId();
        }
    }

    /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/RealmOperationAuthorizer$RequireUser.class */
    public static final class RequireUser extends RealmOperationAuthorizer<User> {

        /* loaded from: input_file:org/eclipse/emf/cdo/server/internal/security/RealmOperationAuthorizer$RequireUser$Factory.class */
        public static final class Factory extends Factory<User> {
            public static final String TYPE = "requireUser";

            public Factory() {
                super(TYPE);
            }

            @Override // org.eclipse.emf.cdo.server.internal.security.RealmOperationAuthorizer.Factory
            protected RealmOperationAuthorizer<User> create(String str, Set<String> set) throws ProductCreationException {
                return new RequireUser(str, set);
            }

            @Override // org.eclipse.emf.cdo.server.internal.security.RealmOperationAuthorizer.Factory
            /* renamed from: create, reason: avoid collision after fix types in other method */
            protected /* bridge */ /* synthetic */ RealmOperationAuthorizer<User> create2(String str, Set set) throws ProductCreationException {
                return create(str, (Set<String>) set);
            }
        }

        public RequireUser(String str, Set<String> set) {
            super(str, set);
        }

        @Override // org.eclipse.emf.cdo.server.internal.security.RealmOperationAuthorizer
        protected Collection<User> getItemsOfUser(User user) {
            return Collections.singleton(user);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.eclipse.emf.cdo.server.internal.security.RealmOperationAuthorizer
        public String getID(User user) {
            return user.getId();
        }
    }

    public RealmOperationAuthorizer(String str, Set<String> set) {
        super(str);
        this.itemIDs = set;
    }

    public final Set<String> getItemIDs() {
        return this.itemIDs;
    }

    protected String authorizeOperation(ISession iSession, Map<String, Object> map) {
        ISecurityManager securityManager = SecurityManagerUtil.getSecurityManager(iSession.getManager().getRepository());
        if (securityManager == null) {
            return "No security manager";
        }
        Realm realm = securityManager.getRealm();
        if (realm == null) {
            return "No realm";
        }
        String userID = iSession.getUserID();
        if (userID == null) {
            return "No user ID";
        }
        User user = realm.getUser(userID);
        if (user == null) {
            return "User " + userID + " is not authenticated";
        }
        Iterator<T> it = getItemsOfUser(user).iterator();
        while (it.hasNext()) {
            if (this.itemIDs.contains(getID(it.next()))) {
                return null;
            }
        }
        return "User " + userID + " is not authorized";
    }

    protected abstract Collection<T> getItemsOfUser(User user);

    protected abstract String getID(T t);

    protected /* bridge */ /* synthetic */ String authorizeOperation(Object obj, Map map) {
        return authorizeOperation((ISession) obj, (Map<String, Object>) map);
    }
}
