package org.deegree.security.drm;

import java.util.Properties;
import org.deegree.framework.log.ILogger;
import org.deegree.framework.log.LoggerFactory;
import org.deegree.security.GeneralSecurityException;
import org.deegree.security.UnauthorizedException;
import org.deegree.security.drm.model.Role;
import org.deegree.security.drm.model.User;

/* loaded from: input_file:org/deegree/security/drm/SecurityAccessManager.class */
public class SecurityAccessManager {
    private static final ILogger LOG = LoggerFactory.getLogger(SecurityAccessManager.class);
    private static SecurityAccessManager instance = null;
    private SecurityRegistry registry;
    private SecurityTransaction currentTransaction;
    private long timeout;
    private User adminUser = getUserByName("SEC_ADMIN");
    private Role adminRole;

    public static synchronized void initialize(String str, Properties properties, long j) throws GeneralSecurityException {
        if (instance != null) {
            throw new GeneralSecurityException("SecurityAccessManager may only be initialized once.");
        }
        try {
            SecurityRegistry securityRegistry = (SecurityRegistry) Class.forName(str).newInstance();
            securityRegistry.initialize(properties);
            instance = new SecurityAccessManager(securityRegistry, j);
        } catch (Exception e) {
            throw new GeneralSecurityException("Unable to instantiate RegistryClass for class name '" + str + "': " + e.getMessage());
        }
    }

    public static boolean isInitialized() {
        return instance != null;
    }

    public static synchronized SecurityAccessManager getInstance() throws GeneralSecurityException {
        if (instance == null) {
            throw new GeneralSecurityException("SecurityAccessManager has not been initialized yet.");
        }
        return instance;
    }

    public User getUserByName(String str) throws GeneralSecurityException {
        return this.registry.getUserByName(null, str);
    }

    public SecurityAccess acquireAccess(User user) throws GeneralSecurityException, UnauthorizedException {
        if (user == null) {
            throw new UnauthorizedException("Can't acquire security access for anonymous user");
        }
        if (user.isAuthenticated()) {
            return new SecurityAccess(user, this.registry);
        }
        throw new UnauthorizedException("Can't acquire security access for '" + user.getName() + "'. User has not been authorized to the system.");
    }

    public SecurityTransaction acquireTransaction(User user) throws GeneralSecurityException, UnauthorizedException {
        if (this.currentTransaction != null) {
            if (System.currentTimeMillis() < this.currentTransaction.getTimestamp() + this.timeout) {
                throw new ReadWriteLockInUseException("Can't get ReadWriteLock, because it is currently in use.");
            }
            try {
                this.registry.abortTransaction(this.currentTransaction);
            } catch (GeneralSecurityException e) {
                e.printStackTrace();
            }
        }
        if (!user.isAuthenticated()) {
            throw new UnauthorizedException("Can't acquire ReadWriteLock for '" + user.getName() + "'. User has not been authorized to the system.");
        }
        SecurityAccess securityAccess = new SecurityAccess(user, this.registry);
        if (!user.hasPrivilege(securityAccess, securityAccess.getPrivilegeByName("write"))) {
            throw new UnauthorizedException("Can't acquire transaction: User is not allowed to perform changes.");
        }
        this.currentTransaction = new SecurityTransaction(user, this.registry, this.adminRole);
        this.registry.beginTransaction(this.currentTransaction);
        return this.currentTransaction;
    }

    private SecurityAccessManager(SecurityRegistry securityRegistry, long j) throws GeneralSecurityException {
        this.registry = null;
        this.registry = securityRegistry;
        this.timeout = j;
        this.adminRole = securityRegistry.getRoleByName(new SecurityAccess(this.adminUser, securityRegistry), "SEC_ADMIN");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verify(SecurityTransaction securityTransaction) throws ReadWriteLockInvalidException {
        if (securityTransaction == null || securityTransaction != this.currentTransaction) {
            throw new ReadWriteLockInvalidException("The SecurityTransaction is invalid.");
        }
        if (System.currentTimeMillis() <= this.currentTransaction.getTimestamp() + this.timeout) {
            this.currentTransaction.renew();
            return;
        }
        this.currentTransaction = null;
        try {
            this.registry.abortTransaction(securityTransaction);
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
        }
        LOG.logInfo("timeout: " + this.timeout);
        LOG.logInfo("current: " + System.currentTimeMillis());
        LOG.logInfo("lock ts: " + this.currentTransaction.getTimestamp());
        throw new ReadWriteLockInvalidException("The SecurityTransaction timed out.");
    }

    public void commitTransaction(SecurityTransaction securityTransaction) throws GeneralSecurityException {
        verify(securityTransaction);
        this.currentTransaction = null;
        this.registry.commitTransaction(securityTransaction);
    }

    public void abortTransaction(SecurityTransaction securityTransaction) throws GeneralSecurityException {
        verify(securityTransaction);
        this.currentTransaction = null;
        this.registry.abortTransaction(securityTransaction);
    }
}
