package org.deegree.security.owsrequestvalidator.wfs;

import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.deegree.datatypes.QualifiedName;
import org.deegree.framework.log.ILogger;
import org.deegree.framework.log.LoggerFactory;
import org.deegree.framework.xml.XMLParsingException;
import org.deegree.i18n.Messages;
import org.deegree.model.feature.Feature;
import org.deegree.model.feature.FeatureFactory;
import org.deegree.model.feature.FeatureProperty;
import org.deegree.model.feature.schema.FeatureType;
import org.deegree.model.feature.schema.PropertyType;
import org.deegree.model.filterencoding.ComplexFilter;
import org.deegree.model.filterencoding.FeatureFilter;
import org.deegree.model.filterencoding.Filter;
import org.deegree.model.filterencoding.FilterConstructionException;
import org.deegree.model.filterencoding.OperationDefines;
import org.deegree.ogcwebservices.InvalidParameterValueException;
import org.deegree.ogcwebservices.OGCWebServiceRequest;
import org.deegree.ogcwebservices.wfs.XMLFactory;
import org.deegree.ogcwebservices.wfs.capabilities.WFSOperationsMetadata;
import org.deegree.ogcwebservices.wfs.operation.GetFeature;
import org.deegree.ogcwebservices.wfs.operation.Query;
import org.deegree.portal.standard.security.control.ClientHelper;
import org.deegree.security.GeneralSecurityException;
import org.deegree.security.UnauthorizedException;
import org.deegree.security.drm.SecurityAccess;
import org.deegree.security.drm.SecurityAccessManager;
import org.deegree.security.drm.model.Right;
import org.deegree.security.drm.model.RightType;
import org.deegree.security.drm.model.SecuredObject;
import org.deegree.security.drm.model.User;
import org.deegree.security.owsproxy.Condition;
import org.deegree.security.owsproxy.OperationParameter;
import org.deegree.security.owsproxy.Request;
import org.deegree.security.owsrequestvalidator.Policy;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/deegree/security/owsrequestvalidator/wfs/GetFeatureRequestValidator.class */
class GetFeatureRequestValidator extends AbstractWFSRequestValidator {
    private static final String FORMAT = "format";
    private static final String MAXFEATURES = "maxFeatures";
    private static FeatureType gfFT;
    private static final ILogger LOG = LoggerFactory.getLogger(GetFeatureRequestValidator.class);
    private static Map<QualifiedName, Filter> filterMap = new HashMap();

    static {
        gfFT = null;
        if (gfFT == null) {
            gfFT = createFeatureType();
        }
    }

    public GetFeatureRequestValidator(Policy policy) {
        super(policy);
    }

    @Override // org.deegree.security.owsrequestvalidator.RequestValidator
    public void validateRequest(OGCWebServiceRequest oGCWebServiceRequest, User user) throws InvalidParameterValueException, UnauthorizedException {
        this.userCoupled = false;
        Request request = this.policy.getRequest("WFS", WFSOperationsMetadata.GET_FEATURE_NAME);
        if (request.isAny()) {
            return;
        }
        Condition preConditions = request.getPreConditions();
        GetFeature getFeature = (GetFeature) oGCWebServiceRequest;
        validateVersion(preConditions, getFeature.getVersion());
        Query[] query = getFeature.getQuery();
        String[] strArr = new String[query.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = query[i].getTypeNames()[0].getFormattedString();
        }
        validateFeatureTypes(preConditions, strArr);
        validateFormat(preConditions, getFeature.getOutputFormat());
        validateMaxFeatures(preConditions, getFeature.getMaxFeatures());
        if (this.userCoupled) {
            validateAgainstRightsDB(getFeature, user);
        }
        if (request.getPostConditions() != null) {
            addFilter(getFeature, request.getPostConditions(), user);
        }
    }

    private void addFilter(GetFeature getFeature, Condition condition, User user) throws InvalidParameterValueException, UnauthorizedException {
        Map<QualifiedName, Filter> map;
        if (condition.getOperationParameter("instanceFilter") != null) {
            if (condition.getOperationParameter("instanceFilter").isUserCoupled()) {
                map = readFilterFromDRM(getFeature, user);
            } else {
                fillFilterMap(condition);
                map = filterMap;
            }
            Query[] query = getFeature.getQuery();
            for (int i = 0; i < query.length; i++) {
                Filter filter = null;
                if (query[i].getFilter() == null) {
                    filter = map.get(query[i].getTypeNames()[0]);
                } else if (query[i].getFilter() instanceof ComplexFilter) {
                    ComplexFilter complexFilter = (ComplexFilter) query[i].getFilter();
                    Filter filter2 = map.get(query[i].getTypeNames()[0]);
                    filter = filter2 == null ? complexFilter : new ComplexFilter(complexFilter, (ComplexFilter) filter2, OperationDefines.AND);
                } else if (query[i].getFilter() instanceof FeatureFilter) {
                    filter = query[i].getFilter();
                }
                query[i] = Query.create(query[i].getPropertyNames(), query[i].getFunctions(), query[i].getSortProperties(), query[i].getHandle(), query[i].getFeatureVersion(), query[i].getTypeNames(), query[i].getAliases(), query[i].getSrsName(), filter, query[i].getMaxFeatures(), query[i].getStartPosition(), query[i].getResultType());
            }
            getFeature.setQueries(query);
        }
        if (LOG.getLevel() == 0) {
            try {
                XMLFactory.export(getFeature).prettyPrint(System.out);
            } catch (Exception e) {
            }
        }
    }

    private Map<QualifiedName, Filter> readFilterFromDRM(GetFeature getFeature, User user) throws UnauthorizedException, InvalidParameterValueException {
        ComplexFilter complexFilter;
        ComplexFilter extractInstanceFilter;
        HashMap hashMap = new HashMap();
        try {
            SecurityAccess acquireAccess = SecurityAccessManager.getInstance().acquireAccess(user);
            for (Query query : getFeature.getQuery()) {
                QualifiedName qualifiedName = query.getTypeNames()[0];
                SecuredObject securedObjectByName = acquireAccess.getSecuredObjectByName(qualifiedName.getFormattedString(), ClientHelper.TYPE_FEATURETYPE);
                Right right = user.getRights(acquireAccess, securedObjectByName).getRight(securedObjectByName, RightType.GETFEATURE_RESPONSE);
                if (right != null && (complexFilter = (ComplexFilter) right.getConstraints()) != null && (extractInstanceFilter = extractInstanceFilter(complexFilter.getOperation())) != null) {
                    hashMap.put(qualifiedName, extractInstanceFilter);
                }
            }
            return hashMap;
        } catch (IOException e) {
            LOG.logError(e.getMessage(), e);
            throw new InvalidParameterValueException(e.getMessage(), e);
        } catch (FilterConstructionException e2) {
            LOG.logError(e2.getMessage(), e2);
            throw new InvalidParameterValueException(e2.getMessage(), e2);
        } catch (GeneralSecurityException e3) {
            LOG.logError(e3.getMessage(), e3);
            throw new UnauthorizedException(e3.getMessage(), e3);
        } catch (SAXException e4) {
            LOG.logError(e4.getMessage(), e4);
            throw new InvalidParameterValueException(e4.getMessage(), e4);
        }
    }

    private void fillFilterMap(Condition condition) throws InvalidParameterValueException {
        List<Element> complexValues = condition.getOperationParameter("instanceFilter").getComplexValues();
        try {
            if (filterMap.size() == 0) {
                for (int i = 0; i < complexValues.size(); i++) {
                    Query create = Query.create(complexValues.get(0));
                    filterMap.put(create.getTypeNames()[0], create.getFilter());
                }
            }
        } catch (XMLParsingException e) {
            LOG.logError(e.getMessage(), e);
            throw new InvalidParameterValueException(getClass().getName(), e.getMessage());
        }
    }

    private void validateFormat(Condition condition, String str) throws InvalidParameterValueException {
        OperationParameter operationParameter = condition.getOperationParameter(FORMAT);
        if (operationParameter.isAny()) {
            return;
        }
        List<String> values = operationParameter.getValues();
        if (operationParameter.isUserCoupled()) {
            this.userCoupled = true;
        } else if (!values.contains(str)) {
            throw new InvalidParameterValueException(Messages.getMessage("OWSPROXY_DESCRIBEFEATURETYPE_FORMAT", str));
        }
    }

    private void validateMaxFeatures(Condition condition, int i) throws InvalidParameterValueException {
        OperationParameter operationParameter = condition.getOperationParameter(MAXFEATURES);
        if (operationParameter.isAny()) {
            return;
        }
        int parseInt = Integer.parseInt(operationParameter.getValues().get(0));
        if (operationParameter.isUserCoupled()) {
            this.userCoupled = true;
        } else if (i > parseInt || i < 0) {
            throw new InvalidParameterValueException(Messages.getMessage("OWSPROXY_GETFEATURE_MAXFEATURE", Integer.valueOf(i)));
        }
    }

    private void validateAgainstRightsDB(GetFeature getFeature, User user) throws InvalidParameterValueException, UnauthorizedException {
        if (user == null) {
            throw new UnauthorizedException("no access to anonymous user");
        }
        Feature createFeature = FeatureFactory.createFeature("id", gfFT, new FeatureProperty[]{FeatureFactory.createFeatureProperty(new QualifiedName("version"), getFeature.getVersion()), FeatureFactory.createFeatureProperty(new QualifiedName("maxfeatures"), new Integer(getFeature.getMaxFeatures())), FeatureFactory.createFeatureProperty(new QualifiedName("outputformat"), getFeature.getOutputFormat())});
        Query[] query = getFeature.getQuery();
        for (int i = 0; i < query.length; i++) {
            StringBuffer stringBuffer = new StringBuffer(OperationDefines.AND);
            stringBuffer.append('{').append(query[i].getTypeNames()[0].getNamespace().toASCIIString());
            stringBuffer.append("}:").append(query[i].getTypeNames()[0].getLocalName());
            handleUserCoupledRules(user, createFeature, stringBuffer.toString(), ClientHelper.TYPE_FEATURETYPE, RightType.GETFEATURE);
        }
    }

    private static FeatureType createFeatureType() {
        return FeatureFactory.createFeatureType(WFSOperationsMetadata.GET_FEATURE_NAME, false, new PropertyType[]{FeatureFactory.createSimplePropertyType(new QualifiedName("version"), 12, false), FeatureFactory.createSimplePropertyType(new QualifiedName("maxfeatures"), 4, false), FeatureFactory.createSimplePropertyType(new QualifiedName("outputformat"), 12, false)});
    }
}
