package com.orientechnologies.orient.core.metadata.security;

import com.orientechnologies.common.concur.resource.OCloseable;
import com.orientechnologies.orient.core.collate.OCaseInsensitiveCollate;
import com.orientechnologies.orient.core.config.OGlobalConfiguration;
import com.orientechnologies.orient.core.db.ODatabaseDocumentInternal;
import com.orientechnologies.orient.core.db.ODatabaseRecordThreadLocal;
import com.orientechnologies.orient.core.db.document.ODatabaseDocument;
import com.orientechnologies.orient.core.db.record.OClassTrigger;
import com.orientechnologies.orient.core.db.record.OIdentifiable;
import com.orientechnologies.orient.core.db.record.ORecordLazySet;
import com.orientechnologies.orient.core.exception.OSecurityAccessException;
import com.orientechnologies.orient.core.id.ORID;
import com.orientechnologies.orient.core.index.ONullOutputListener;
import com.orientechnologies.orient.core.metadata.OMetadataDefault;
import com.orientechnologies.orient.core.metadata.schema.OClass;
import com.orientechnologies.orient.core.metadata.schema.OClassImpl;
import com.orientechnologies.orient.core.metadata.schema.OProperty;
import com.orientechnologies.orient.core.metadata.schema.OType;
import com.orientechnologies.orient.core.metadata.security.ORule;
import com.orientechnologies.orient.core.metadata.security.OSecurityRole;
import com.orientechnologies.orient.core.metadata.security.OSecurityUser;
import com.orientechnologies.orient.core.record.impl.ODocument;
import com.orientechnologies.orient.core.schedule.OScheduledEvent;
import com.orientechnologies.orient.core.sql.OCommandExecutorSQLAbstract;
import com.orientechnologies.orient.core.sql.OCommandSQL;
import com.orientechnologies.orient.core.sql.functions.stat.OSQLFunctionMode;
import com.orientechnologies.orient.core.sql.query.OSQLSynchQuery;
import com.orientechnologies.orient.core.storage.OStorageProxy;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;

/* loaded from: input_file:WEB-INF/lib/orientdb-core-2.2.21.jar:com/orientechnologies/orient/core/metadata/security/OSecurityShared.class */
public class OSecurityShared implements OSecurity, OCloseable {
    private final AtomicLong version = new AtomicLong();
    public static final String RESTRICTED_CLASSNAME = "ORestricted";
    public static final String IDENTITY_CLASSNAME = "OIdentity";
    public static final String ONCREATE_IDENTITY_TYPE = "onCreate.identityType";
    public static final String ONCREATE_FIELD = "onCreate.fields";

    @Deprecated
    public static final String ALLOW_ALL_FIELD = ORestrictedOperation.ALLOW_ALL.getFieldName();

    @Deprecated
    public static final String ALLOW_READ_FIELD = ORestrictedOperation.ALLOW_READ.getFieldName();

    @Deprecated
    public static final String ALLOW_UPDATE_FIELD = ORestrictedOperation.ALLOW_UPDATE.getFieldName();

    @Deprecated
    public static final String ALLOW_DELETE_FIELD = ORestrictedOperation.ALLOW_DELETE.getFieldName();
    public static final Set<String> ALLOW_FIELDS = Collections.unmodifiableSet(new HashSet<String>() { // from class: com.orientechnologies.orient.core.metadata.security.OSecurityShared.1
        {
            add(ORestrictedOperation.ALLOW_ALL.getFieldName());
            add(ORestrictedOperation.ALLOW_READ.getFieldName());
            add(ORestrictedOperation.ALLOW_UPDATE.getFieldName());
            add(ORestrictedOperation.ALLOW_DELETE.getFieldName());
        }
    });

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OIdentifiable allowRole(ODocument oDocument, ORestrictedOperation oRestrictedOperation, String str) {
        ORID roleRID = getRoleRID(str);
        if (roleRID == null) {
            throw new IllegalArgumentException("Role '" + str + "' not found");
        }
        return allowIdentity(oDocument, oRestrictedOperation.getFieldName(), roleRID);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OIdentifiable allowUser(ODocument oDocument, ORestrictedOperation oRestrictedOperation, String str) {
        ORID userRID = getUserRID(str);
        if (userRID == null) {
            throw new IllegalArgumentException("User '" + str + "' not found");
        }
        return allowIdentity(oDocument, oRestrictedOperation.getFieldName(), userRID);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OIdentifiable allowUser(ODocument oDocument, String str, String str2) {
        ORID userRID = getUserRID(str2);
        if (userRID == null) {
            throw new IllegalArgumentException("User '" + str2 + "' not found");
        }
        return allowIdentity(oDocument, str, userRID);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OIdentifiable allowRole(ODocument oDocument, String str, String str2) {
        ORID roleRID = getRoleRID(str2);
        if (roleRID == null) {
            throw new IllegalArgumentException("Role '" + str2 + "' not found");
        }
        return allowIdentity(oDocument, str, roleRID);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OIdentifiable allowIdentity(ODocument oDocument, String str, OIdentifiable oIdentifiable) {
        Set set = (Set) oDocument.field(str);
        if (set == null) {
            set = new ORecordLazySet(oDocument);
            oDocument.field(str, (Object) set);
        }
        set.add(oIdentifiable);
        return oIdentifiable;
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OIdentifiable denyUser(ODocument oDocument, ORestrictedOperation oRestrictedOperation, String str) {
        ORID userRID = getUserRID(str);
        if (userRID == null) {
            throw new IllegalArgumentException("User '" + str + "' not found");
        }
        return disallowIdentity(oDocument, oRestrictedOperation.getFieldName(), userRID);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OIdentifiable denyRole(ODocument oDocument, ORestrictedOperation oRestrictedOperation, String str) {
        ORID roleRID = getRoleRID(str);
        if (roleRID == null) {
            throw new IllegalArgumentException("Role '" + str + "' not found");
        }
        return disallowIdentity(oDocument, oRestrictedOperation.getFieldName(), roleRID);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OIdentifiable disallowUser(ODocument oDocument, String str, String str2) {
        ORID userRID = getUserRID(str2);
        if (userRID == null) {
            throw new IllegalArgumentException("User '" + str2 + "' not found");
        }
        return disallowIdentity(oDocument, str, userRID);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OIdentifiable disallowRole(ODocument oDocument, String str, String str2) {
        ORID roleRID = getRoleRID(str2);
        if (roleRID == null) {
            throw new IllegalArgumentException("Role '" + str2 + "' not found");
        }
        return disallowIdentity(oDocument, str, roleRID);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OIdentifiable disallowIdentity(ODocument oDocument, String str, OIdentifiable oIdentifiable) {
        Set set = (Set) oDocument.field(str);
        if (set != null) {
            set.remove(oIdentifiable);
        }
        return oIdentifiable;
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public boolean isAllowed(Set<OIdentifiable> set, Set<OIdentifiable> set2) {
        if ((set == null || set.isEmpty()) && (set2 == null || set2.isEmpty())) {
            return false;
        }
        OSecurityUser user = ODatabaseRecordThreadLocal.INSTANCE.get().getUser();
        if (user == null) {
            return true;
        }
        if (set != null && (set == null || set.contains(user.getIdentity()))) {
            return true;
        }
        if (set2 != null && set2.contains(user.getIdentity())) {
            return true;
        }
        for (OSecurityRole oSecurityRole : user.getRoles()) {
            if (set != null && set.contains(oSecurityRole.getIdentity())) {
                return true;
            }
            if (set2 != null && set2.contains(oSecurityRole.getIdentity())) {
                return true;
            }
            OSecurityRole parentRole = oSecurityRole.getParentRole();
            while (true) {
                OSecurityRole oSecurityRole2 = parentRole;
                if (oSecurityRole2 != null) {
                    if (set != null && set.contains(oSecurityRole2.getIdentity())) {
                        return true;
                    }
                    if (set2 != null && set2.contains(oSecurityRole2.getIdentity())) {
                        return true;
                    }
                    parentRole = oSecurityRole2.getParentRole();
                }
            }
        }
        return false;
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OUser authenticate(String str, String str2) {
        String name = getDatabase().getName();
        OUser user = getUser(str);
        if (user == null) {
            throw new OSecurityAccessException(name, "User or password not valid for database: '" + name + "'");
        }
        if (user.getAccountStatus() != OSecurityUser.STATUSES.ACTIVE) {
            throw new OSecurityAccessException(name, "User '" + str + "' is not active");
        }
        if ((getDatabase().getStorage() instanceof OStorageProxy) || user.checkPassword(str2)) {
            return user;
        }
        try {
            Thread.sleep(200L);
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
        }
        throw new OSecurityAccessException(name, "User or password not valid for database: '" + name + "'");
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OUser authenticate(OToken oToken) {
        String name = getDatabase().getName();
        if (!oToken.getIsValid()) {
            throw new OSecurityAccessException(name, "Token not valid");
        }
        OUser user = oToken.getUser(getDatabase());
        if (user == null && oToken.getUserName() != null) {
            user = getUser(oToken.getUserName());
        }
        if (user == null) {
            throw new OSecurityAccessException(name, "Authentication failed, could not load user from token");
        }
        if (user.getAccountStatus() != OSecurityUser.STATUSES.ACTIVE) {
            throw new OSecurityAccessException(name, "User '" + user.getName() + "' is not active");
        }
        return user;
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OUser getUser(ORID orid) {
        if (orid == null) {
            return null;
        }
        ODocument oDocument = (ODocument) getDatabase().load(orid, "roles:1");
        if (!oDocument.getClassName().equals(OUser.CLASS_NAME)) {
            oDocument = null;
        }
        return new OUser(oDocument);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OUser createUser(String str, String str2, String... strArr) {
        OUser oUser = new OUser(str, str2);
        if (strArr != null) {
            for (String str3 : strArr) {
                oUser.addRole(str3);
            }
        }
        return oUser.save();
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OUser createUser(String str, String str2, ORole... oRoleArr) {
        OUser oUser = new OUser(str, str2);
        if (oRoleArr != null) {
            for (ORole oRole : oRoleArr) {
                oUser.addRole((OSecurityRole) oRole);
            }
        }
        return oUser.save();
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public boolean dropUser(String str) {
        Number number = (Number) getDatabase().command(new OCommandSQL("delete from OUser where name = ?")).execute(str);
        return number != null && number.intValue() > 0;
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public ORole getRole(OIdentifiable oIdentifiable) {
        ODocument oDocument = (ODocument) oIdentifiable.getRecord();
        if (oDocument == null || !ORole.CLASS_NAME.equals(oDocument.getClassName())) {
            return null;
        }
        return new ORole(oDocument);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public ORole getRole(String str) {
        List list;
        if (str == null || (list = (List) getDatabase().command(new OSQLSynchQuery("select from ORole where name = ? limit 1")).execute(str)) == null || list.isEmpty()) {
            return null;
        }
        return new ORole((ODocument) list.get(0));
    }

    public ORID getRoleRID(String str) {
        List list;
        if (str == null || (list = (List) getDatabase().command(new OSQLSynchQuery("select rid from index:ORole.name where key = ? limit 1")).execute(str)) == null || list.isEmpty()) {
            return null;
        }
        return (ORID) ((ODocument) list.get(0)).rawField(OCommandExecutorSQLAbstract.KEYWORD_RID);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public ORole createRole(String str, OSecurityRole.ALLOW_MODES allow_modes) {
        return createRole(str, null, allow_modes);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public ORole createRole(String str, ORole oRole, OSecurityRole.ALLOW_MODES allow_modes) {
        return new ORole(str, oRole, allow_modes).save();
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public boolean dropRole(String str) {
        Number number = (Number) getDatabase().command(new OCommandSQL("delete from ORole where name = '" + str + "'")).execute(new Object[0]);
        return number != null && number.intValue() > 0;
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public List<ODocument> getAllUsers() {
        return (List) getDatabase().command(new OSQLSynchQuery("select from OUser")).execute(new Object[0]);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public List<ODocument> getAllRoles() {
        return (List) getDatabase().command(new OSQLSynchQuery("select from ORole")).execute(new Object[0]);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OUser create() {
        if (!getDatabase().getMetadata().getSchema().getClasses().isEmpty()) {
            return null;
        }
        OUser createMetadata = createMetadata();
        ORole createRole = createRole("reader", OSecurityRole.ALLOW_MODES.DENY_ALL_BUT);
        createRole.addRule(ORule.ResourceGeneric.DATABASE, (String) null, ORole.PERMISSION_READ);
        createRole.addRule(ORule.ResourceGeneric.SCHEMA, (String) null, ORole.PERMISSION_READ);
        createRole.addRule(ORule.ResourceGeneric.CLUSTER, OMetadataDefault.CLUSTER_INTERNAL_NAME, ORole.PERMISSION_READ);
        createRole.addRule(ORule.ResourceGeneric.CLUSTER, "orole", 0);
        createRole.addRule(ORule.ResourceGeneric.CLUSTER, "ouser", 0);
        createRole.addRule(ORule.ResourceGeneric.CLASS, (String) null, ORole.PERMISSION_READ);
        createRole.addRule(ORule.ResourceGeneric.CLASS, OUser.CLASS_NAME, 0);
        createRole.addRule(ORule.ResourceGeneric.CLUSTER, (String) null, ORole.PERMISSION_READ);
        createRole.addRule(ORule.ResourceGeneric.COMMAND, (String) null, ORole.PERMISSION_READ);
        createRole.addRule(ORule.ResourceGeneric.RECORD_HOOK, (String) null, ORole.PERMISSION_READ);
        createRole.addRule(ORule.ResourceGeneric.FUNCTION, (String) null, ORole.PERMISSION_READ);
        createRole.addRule(ORule.ResourceGeneric.SYSTEM_CLUSTERS, (String) null, 0);
        createRole.save();
        boolean valueAsBoolean = getDatabase().getStorage().getConfiguration().getContextConfiguration().getValueAsBoolean(OGlobalConfiguration.CREATE_DEFAULT_USERS);
        if (valueAsBoolean) {
            createUser("reader", "reader", createRole.getName());
        }
        ORole createRole2 = createRole("writer", OSecurityRole.ALLOW_MODES.DENY_ALL_BUT);
        createRole2.addRule(ORule.ResourceGeneric.DATABASE, (String) null, ORole.PERMISSION_READ);
        createRole2.addRule(ORule.ResourceGeneric.SCHEMA, (String) null, ORole.PERMISSION_READ);
        createRole2.addRule(ORule.ResourceGeneric.CLUSTER, OMetadataDefault.CLUSTER_INTERNAL_NAME, ORole.PERMISSION_READ);
        createRole.addRule(ORule.ResourceGeneric.CLUSTER, "orole", 0);
        createRole.addRule(ORule.ResourceGeneric.CLUSTER, "ouser", 0);
        createRole2.addRule(ORule.ResourceGeneric.CLASS, (String) null, ORole.PERMISSION_ALL);
        createRole2.addRule(ORule.ResourceGeneric.CLASS, OUser.CLASS_NAME, 0);
        createRole2.addRule(ORule.ResourceGeneric.CLUSTER, (String) null, ORole.PERMISSION_ALL);
        createRole2.addRule(ORule.ResourceGeneric.COMMAND, (String) null, ORole.PERMISSION_ALL);
        createRole2.addRule(ORule.ResourceGeneric.RECORD_HOOK, (String) null, ORole.PERMISSION_ALL);
        createRole2.addRule(ORule.ResourceGeneric.FUNCTION, (String) null, ORole.PERMISSION_READ);
        createRole2.addRule(ORule.ResourceGeneric.SYSTEM_CLUSTERS, (String) null, 0);
        createRole2.save();
        if (valueAsBoolean) {
            createUser("writer", "writer", createRole2.getName());
        }
        return createMetadata;
    }

    public OUser createMetadata() {
        ODatabaseDocumentInternal database = getDatabase();
        OClass oClass = database.getMetadata().getSchema().getClass("OIdentity");
        if (oClass == null) {
            oClass = database.getMetadata().getSchema().createAbstractClass("OIdentity");
        }
        createOrUpdateOUserClass(database, oClass, createOrUpdateORoleClass(database, oClass));
        ORole role = getRole("admin");
        if (role == null) {
            role = createRole("admin", OSecurityRole.ALLOW_MODES.ALLOW_ALL_BUT);
            role.addRule(ORule.ResourceGeneric.BYPASS_RESTRICTED, (String) null, ORole.PERMISSION_ALL).save();
        }
        OUser user = getUser("admin");
        if (user == null && getDatabase().getStorage().getConfiguration().getContextConfiguration().getValueAsBoolean(OGlobalConfiguration.CREATE_DEFAULT_USERS)) {
            user = createUser("admin", "admin", role);
        }
        createOrUpdateORestrictedClass(database);
        return user;
    }

    private void createOrUpdateORestrictedClass(ODatabaseDocument oDatabaseDocument) {
        OClass oClass = oDatabaseDocument.getMetadata().getSchema().getClass("ORestricted");
        boolean z = false;
        if (oClass == null) {
            oClass = oDatabaseDocument.getMetadata().getSchema().createAbstractClass("ORestricted");
            z = true;
        }
        if (!oClass.existsProperty(ALLOW_ALL_FIELD)) {
            oClass.createProperty(ALLOW_ALL_FIELD, OType.LINKSET, oDatabaseDocument.getMetadata().getSchema().getClass("OIdentity"), z);
        }
        if (!oClass.existsProperty(ALLOW_READ_FIELD)) {
            oClass.createProperty(ALLOW_READ_FIELD, OType.LINKSET, oDatabaseDocument.getMetadata().getSchema().getClass("OIdentity"), z);
        }
        if (!oClass.existsProperty(ALLOW_UPDATE_FIELD)) {
            oClass.createProperty(ALLOW_UPDATE_FIELD, OType.LINKSET, oDatabaseDocument.getMetadata().getSchema().getClass("OIdentity"), z);
        }
        if (oClass.existsProperty(ALLOW_DELETE_FIELD)) {
            return;
        }
        oClass.createProperty(ALLOW_DELETE_FIELD, OType.LINKSET, oDatabaseDocument.getMetadata().getSchema().getClass("OIdentity"), z);
    }

    private void createOrUpdateOUserClass(ODatabaseDocument oDatabaseDocument, OClass oClass, OClass oClass2) {
        boolean z = false;
        OClass oClass3 = oDatabaseDocument.getMetadata().getSchema().getClass(OUser.CLASS_NAME);
        if (oClass3 == null) {
            oClass3 = oDatabaseDocument.getMetadata().getSchema().createClass(OUser.CLASS_NAME, oClass);
            z = true;
        } else if (!oClass3.getSuperClasses().contains(oClass)) {
            oClass3.setSuperClasses(Arrays.asList(oClass));
        }
        if (!oClass3.existsProperty("name")) {
            ((OClassImpl) oClass3).createProperty("name", OType.STRING, (OType) null, z).setMandatory(true).setNotNull(true).setCollate(OCaseInsensitiveCollate.NAME).setMin("1").setRegexp("\\S+(.*\\S+)*");
            oClass3.createIndex("OUser.name", OClass.INDEX_TYPE.UNIQUE, ONullOutputListener.INSTANCE, "name");
        } else if (oClass3.getProperty("name").getAllIndexes().isEmpty()) {
            oClass3.createIndex("OUser.name", OClass.INDEX_TYPE.UNIQUE, ONullOutputListener.INSTANCE, "name");
        }
        if (!oClass3.existsProperty("password")) {
            oClass3.createProperty("password", OType.STRING, (OType) null, z).setMandatory(true).setNotNull(true);
        }
        if (!oClass3.existsProperty("roles")) {
            oClass3.createProperty("roles", OType.LINKSET, oClass2, z);
        }
        if (oClass3.existsProperty(OScheduledEvent.PROP_STATUS)) {
            return;
        }
        oClass3.createProperty(OScheduledEvent.PROP_STATUS, OType.STRING, (OType) null, z).setMandatory(true).setNotNull(true);
    }

    private OClass createOrUpdateORoleClass(ODatabaseDocument oDatabaseDocument, OClass oClass) {
        OClass oClass2 = oDatabaseDocument.getMetadata().getSchema().getClass(ORole.CLASS_NAME);
        boolean z = false;
        if (oClass2 == null) {
            oClass2 = oDatabaseDocument.getMetadata().getSchema().createClass(ORole.CLASS_NAME, oClass);
            z = true;
        } else if (!oClass2.getSuperClasses().contains(oClass)) {
            oClass2.setSuperClasses(Arrays.asList(oClass));
        }
        if (!oClass2.existsProperty("name")) {
            oClass2.createProperty("name", OType.STRING, (OType) null, z).setMandatory(true).setNotNull(true).setCollate(OCaseInsensitiveCollate.NAME);
            oClass2.createIndex("ORole.name", OClass.INDEX_TYPE.UNIQUE, ONullOutputListener.INSTANCE, "name");
        } else if (oClass2.getProperty("name").getAllIndexes().isEmpty()) {
            oClass2.createIndex("ORole.name", OClass.INDEX_TYPE.UNIQUE, ONullOutputListener.INSTANCE, "name");
        }
        if (!oClass2.existsProperty(OSQLFunctionMode.NAME)) {
            oClass2.createProperty(OSQLFunctionMode.NAME, OType.BYTE, (OType) null, z);
        }
        if (!oClass2.existsProperty("rules")) {
            oClass2.createProperty("rules", OType.EMBEDDEDMAP, OType.BYTE, z);
        }
        if (!oClass2.existsProperty("inheritedRole")) {
            oClass2.createProperty("inheritedRole", OType.LINK, oClass2, z);
        }
        return oClass2;
    }

    @Override // com.orientechnologies.common.concur.resource.OCloseable
    public void close() {
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public void close(boolean z) {
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public void load() {
        OClass oClass = getDatabase().getMetadata().getSchema().getClass(OUser.CLASS_NAME);
        if (oClass != null) {
            if (!oClass.existsProperty(OScheduledEvent.PROP_STATUS)) {
                oClass.createProperty(OScheduledEvent.PROP_STATUS, OType.STRING).setMandatory(true).setNotNull(true);
            }
            OProperty property = oClass.getProperty("name");
            if (property == null) {
                property = oClass.createProperty("name", OType.STRING).setMandatory(true).setNotNull(true).setMin("1").setRegexp("\\S+(.*\\S+)*");
            }
            if (oClass.getInvolvedIndexes("name") == null) {
                property.createIndex(OClass.INDEX_TYPE.UNIQUE);
            }
            OClass oClass2 = getDatabase().getMetadata().getSchema().getClass(ORole.CLASS_NAME);
            OProperty property2 = oClass2.getProperty("rules");
            if (property2 != null && !OType.EMBEDDEDMAP.equals(property2.getType())) {
                oClass2.dropProperty("rules");
            }
            if (!oClass2.existsProperty("inheritedRole")) {
                oClass2.createProperty("inheritedRole", OType.LINK, oClass2);
            }
            OProperty property3 = oClass2.getProperty("name");
            if (property3 == null) {
                property3 = oClass2.createProperty("name", OType.STRING).setMandatory(true).setNotNull(true);
            }
            if (oClass2.getInvolvedIndexes("name") == null) {
                property3.createIndex(OClass.INDEX_TYPE.UNIQUE);
            }
        }
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public void createClassTrigger() {
        ODatabaseDocumentInternal oDatabaseDocumentInternal = ODatabaseRecordThreadLocal.INSTANCE.get();
        if (oDatabaseDocumentInternal.getMetadata().getSchema().getClass(OClassTrigger.CLASSNAME) == null) {
            oDatabaseDocumentInternal.getMetadata().getSchema().createAbstractClass(OClassTrigger.CLASSNAME);
        }
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OSecurity getUnderlying() {
        return this;
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public OUser getUser(String str) {
        List list = (List) getDatabase().command(new OSQLSynchQuery("select from OUser where name = ? limit 1").setFetchPlan("roles:1")).execute(str);
        if (list == null || list.isEmpty()) {
            return null;
        }
        return new OUser((ODocument) list.get(0));
    }

    public ORID getUserRID(String str) {
        List list = (List) getDatabase().command(new OSQLSynchQuery("select rid from index:OUser.name where key = ? limit 1")).execute(str);
        if (list == null || list.isEmpty()) {
            return null;
        }
        return (ORID) ((ODocument) list.get(0)).rawField(OCommandExecutorSQLAbstract.KEYWORD_RID);
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public long getVersion() {
        return this.version.get();
    }

    @Override // com.orientechnologies.orient.core.metadata.security.OSecurity
    public void incrementVersion() {
        this.version.incrementAndGet();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ODatabaseDocumentInternal getDatabase() {
        return ODatabaseRecordThreadLocal.INSTANCE.get();
    }
}
