package org.deegree.security.owsrequestvalidator.csw;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.deegree.datatypes.QualifiedName;
import org.deegree.framework.log.ILogger;
import org.deegree.framework.log.LoggerFactory;
import org.deegree.framework.util.StringTools;
import org.deegree.framework.xml.NamespaceContext;
import org.deegree.framework.xml.XMLParsingException;
import org.deegree.framework.xml.XMLTools;
import org.deegree.i18n.Messages;
import org.deegree.model.feature.Feature;
import org.deegree.model.feature.FeatureFactory;
import org.deegree.model.feature.schema.FeatureType;
import org.deegree.model.feature.schema.PropertyType;
import org.deegree.model.filterencoding.ComplexFilter;
import org.deegree.model.filterencoding.FeatureFilter;
import org.deegree.model.filterencoding.Filter;
import org.deegree.model.filterencoding.FilterConstructionException;
import org.deegree.model.filterencoding.Literal;
import org.deegree.model.filterencoding.LogicalOperation;
import org.deegree.model.filterencoding.OperationDefines;
import org.deegree.model.filterencoding.PropertyIsBetweenOperation;
import org.deegree.model.filterencoding.PropertyIsCOMPOperation;
import org.deegree.model.filterencoding.PropertyIsLikeOperation;
import org.deegree.model.filterencoding.PropertyIsNullOperation;
import org.deegree.model.filterencoding.PropertyName;
import org.deegree.ogcbase.CommonNamespaces;
import org.deegree.ogcwebservices.InvalidParameterValueException;
import org.deegree.ogcwebservices.OGCServiceTypes;
import org.deegree.ogcwebservices.OGCWebServiceRequest;
import org.deegree.ogcwebservices.csw.manager.Delete;
import org.deegree.ogcwebservices.csw.manager.Insert;
import org.deegree.ogcwebservices.csw.manager.Operation;
import org.deegree.ogcwebservices.csw.manager.Transaction;
import org.deegree.ogcwebservices.csw.manager.Update;
import org.deegree.ogcwebservices.wfs.operation.Query;
import org.deegree.portal.standard.security.control.ClientHelper;
import org.deegree.security.GeneralSecurityException;
import org.deegree.security.UnauthorizedException;
import org.deegree.security.drm.SecurityAccess;
import org.deegree.security.drm.SecurityAccessManager;
import org.deegree.security.drm.model.Right;
import org.deegree.security.drm.model.RightSet;
import org.deegree.security.drm.model.RightType;
import org.deegree.security.drm.model.SecuredObject;
import org.deegree.security.drm.model.User;
import org.deegree.security.owsproxy.Condition;
import org.deegree.security.owsproxy.OperationParameter;
import org.deegree.security.owsproxy.Request;
import org.deegree.security.owsrequestvalidator.Policy;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/deegree/security/owsrequestvalidator/csw/TransactionValidator.class */
public class TransactionValidator extends AbstractCSWRequestValidator {
    private static final String METADATAFORMAT = "metadataFormat";
    private static final String TYPENAME = "typeName";
    private static FeatureType insertFT;
    private static FeatureType updateFT;
    private static FeatureType deleteFT;
    private static final ILogger LOG = LoggerFactory.getLogger(TransactionValidator.class);
    private static Map<QualifiedName, Filter> filterMap = new HashMap();
    private static NamespaceContext nsc = CommonNamespaces.getNamespaceContext();

    static {
        insertFT = null;
        updateFT = null;
        deleteFT = null;
        if (insertFT == null) {
            insertFT = createInsertFeatureType();
        }
        if (updateFT == null) {
            updateFT = createUpdateFeatureType();
        }
        if (deleteFT == null) {
            deleteFT = createDeleteFeatureType();
        }
    }

    public TransactionValidator(Policy policy) {
        super(policy);
    }

    @Override // org.deegree.security.owsrequestvalidator.RequestValidator
    public void validateRequest(OGCWebServiceRequest oGCWebServiceRequest, User user) throws InvalidParameterValueException, UnauthorizedException {
        this.userCoupled = false;
        List<Operation> operations = ((Transaction) oGCWebServiceRequest).getOperations();
        for (int i = 0; i < operations.size(); i++) {
            this.userCoupled = false;
            if (operations.get(i) instanceof Insert) {
                Request request = this.policy.getRequest(OGCServiceTypes.CSW_SERVICE_NAME, "CSW_Insert");
                if (request == null) {
                    throw new UnauthorizedException("You are not allowed to Insert items from the repository.");
                }
                if (!request.isAny()) {
                    validateOperation(request.getPreConditions(), (Insert) operations.get(i));
                }
                if (this.userCoupled) {
                    validateAgainstRightsDB((Insert) operations.get(i), user);
                }
                if (request.getPostConditions() != null) {
                    evaluateFilter(operations.get(i), request.getPostConditions(), user);
                }
            } else if (operations.get(i) instanceof Update) {
                Request request2 = this.policy.getRequest(OGCServiceTypes.CSW_SERVICE_NAME, "CSW_Update");
                if (request2 == null) {
                    throw new UnauthorizedException("You are not allowed to update items from the repository.");
                }
                if (!request2.isAny()) {
                    validateOperation(request2.getPreConditions(), (Update) operations.get(i));
                }
                if (this.userCoupled) {
                    validateAgainstRightsDB((Update) operations.get(i), user);
                }
                if (request2.getPostConditions() != null) {
                    evaluateFilter(operations.get(i), request2.getPostConditions(), user);
                }
            } else if (operations.get(i) instanceof Delete) {
                Request request3 = this.policy.getRequest(OGCServiceTypes.CSW_SERVICE_NAME, "CSW_Delete");
                if (request3 == null) {
                    throw new UnauthorizedException("You are not allowed to delete items from the repository.");
                }
                if (!request3.isAny()) {
                    validateOperation(request3.getPreConditions(), (Delete) operations.get(i));
                }
                if (this.userCoupled) {
                    validateAgainstRightsDB((Delete) operations.get(i), user);
                }
                if (request3.getPostConditions() != null) {
                    evaluateFilter(operations.get(i), request3.getPostConditions(), user);
                }
            } else {
                continue;
            }
        }
    }

    private void evaluateFilter(Operation operation, Condition condition, User user) throws InvalidParameterValueException, UnauthorizedException {
        Map<QualifiedName, Filter> map;
        if (condition.getOperationParameter("instanceFilter") == null) {
            if (operation instanceof Insert) {
                throw new UnauthorizedException(Messages.getMessage("OWSPROXY_CSW_INSERT_NOT_ALLOWED", new Object[0]));
            }
            return;
        }
        if (condition.getOperationParameter("instanceFilter").isAny()) {
            return;
        }
        List<QualifiedName> metadataTypes = getMetadataTypes(operation);
        if (condition.getOperationParameter("instanceFilter").isUserCoupled()) {
            map = readFilterFromDRM(metadataTypes, operation, user);
        } else {
            fillFilterMap(condition);
            map = filterMap;
        }
        if ((operation instanceof Update) || (operation instanceof Delete)) {
            handleUpdateDelete(operation, map);
        } else {
            handleInsert((Insert) operation, map);
        }
    }

    private void handleInsert(Insert insert, Map<QualifiedName, Filter> map) throws InvalidParameterValueException, UnauthorizedException {
        List<Element> records = insert.getRecords();
        for (int i = 0; i < records.size(); i++) {
            Element element = records.get(i);
            try {
                ComplexFilter complexFilter = (ComplexFilter) map.get(new QualifiedName("a", element.getLocalName(), new URI(element.getNamespaceURI())));
                if (complexFilter == null) {
                    throw new UnauthorizedException(Messages.getMessage("OWSPROXY_CSW_INSERT_NOT_ALLOWED", new Object[0]));
                }
                boolean z = false;
                LogicalOperation logicalOperation = (LogicalOperation) complexFilter.getOperation();
                if (logicalOperation.getOperatorId() == 200) {
                    z = evaluateLogicalAnd(element, logicalOperation.getArguments());
                } else if (logicalOperation.getOperatorId() == 201) {
                    z = evaluateLogicalOr(element, logicalOperation.getArguments());
                }
                if (!z) {
                    throw new UnauthorizedException(Messages.getMessage("OWSPROXY_CSW_INSERT_NOT_ALLOWED", new Object[0]));
                }
            } catch (URISyntaxException e) {
                LOG.logError(e.getMessage(), e);
                throw new InvalidParameterValueException(e.getMessage(), e);
            }
        }
    }

    private boolean evaluateLogicalOr(Element element, List<org.deegree.model.filterencoding.Operation> list) throws InvalidParameterValueException {
        boolean z = false;
        Iterator<org.deegree.model.filterencoding.Operation> it = list.iterator();
        while (it.hasNext()) {
            try {
                z = evaluate(element, it.next());
                if (z) {
                    return true;
                }
            } catch (XMLParsingException e) {
                LOG.logError(e.getMessage(), e);
                throw new InvalidParameterValueException(e.getMessage(), e);
            }
        }
        return z;
    }

    private boolean evaluateLogicalAnd(Element element, List<org.deegree.model.filterencoding.Operation> list) throws InvalidParameterValueException {
        boolean z = false;
        Iterator<org.deegree.model.filterencoding.Operation> it = list.iterator();
        while (it.hasNext()) {
            try {
                z = evaluate(element, it.next());
                if (!z) {
                    break;
                }
            } catch (XMLParsingException e) {
                LOG.logError(e.getMessage(), e);
                throw new InvalidParameterValueException(e.getMessage(), e);
            }
        }
        return z;
    }

    private boolean evaluate(Element element, org.deegree.model.filterencoding.Operation operation) throws XMLParsingException, InvalidParameterValueException {
        if (operation == null) {
            throw new InvalidParameterValueException("The operation cannot be null");
        }
        boolean z = false;
        if (operation.getOperatorId() == 100 || operation.getOperatorId() == 102 || operation.getOperatorId() == 104 || operation.getOperatorId() == 101 || operation.getOperatorId() == 103) {
            z = evaluateCOMP(element, (PropertyIsCOMPOperation) operation);
        } else if (operation.getOperatorId() == 106) {
            PropertyName propertyName = ((PropertyIsNullOperation) operation).getPropertyName();
            String asString = propertyName.getValue().getAsString();
            nsc.addAll(propertyName.getValue().getNamespaceContext());
            z = XMLTools.getNode(element, asString, nsc) == null;
        } else if (operation.getOperatorId() == 107) {
            PropertyName propertyName2 = ((PropertyIsBetweenOperation) operation).getPropertyName();
            String asString2 = propertyName2.getValue().getAsString();
            nsc.addAll(propertyName2.getValue().getNamespaceContext());
            String value = ((Literal) ((PropertyIsBetweenOperation) operation).getLowerBoundary()).getValue();
            String value2 = ((Literal) ((PropertyIsBetweenOperation) operation).getUpperBoundary()).getValue();
            String nodeAsString = XMLTools.getNodeAsString(element, asString2, nsc, null);
            z = value.compareTo(nodeAsString) < 0 && value2.compareTo(nodeAsString) > 0;
        } else if (operation.getOperatorId() == 105) {
            PropertyName propertyName3 = ((PropertyIsLikeOperation) operation).getPropertyName();
            String asString3 = propertyName3.getValue().getAsString();
            nsc.addAll(propertyName3.getValue().getNamespaceContext());
            String nodeAsString2 = XMLTools.getNodeAsString(element, asString3, nsc, null);
            String value3 = ((PropertyIsLikeOperation) operation).getLiteral().getValue();
            if (value3 == null) {
                throw new InvalidParameterValueException("No literal found resulting from the xpath: " + asString3 + " therefore you're not authorized.");
            }
            z = ((PropertyIsLikeOperation) operation).matches(value3, nodeAsString2);
        } else {
            if (operation.getOperatorId() == 200) {
                return evaluateLogicalAnd(element, ((LogicalOperation) operation).getArguments());
            }
            if (operation.getOperatorId() == 201) {
                return evaluateLogicalOr(element, ((LogicalOperation) operation).getArguments());
            }
        }
        return z;
    }

    private boolean evaluateCOMP(Element element, PropertyIsCOMPOperation propertyIsCOMPOperation) throws XMLParsingException {
        boolean z = false;
        PropertyName propertyName = (PropertyName) propertyIsCOMPOperation.getFirstExpression();
        String asString = propertyName.getValue().getAsString();
        nsc.addAll(propertyName.getValue().getNamespaceContext());
        String nodeAsString = XMLTools.getNodeAsString(element, asString, nsc, null);
        Literal literal = (Literal) propertyIsCOMPOperation.getSecondExpression();
        if (propertyIsCOMPOperation.getOperatorId() == 100) {
            z = literal.getValue().equals(nodeAsString);
        } else if (propertyIsCOMPOperation.getOperatorId() == 102) {
            z = nodeAsString != null && literal.getValue().compareTo(nodeAsString) < 0;
        } else if (propertyIsCOMPOperation.getOperatorId() == 104) {
            z = nodeAsString != null && literal.getValue().compareTo(nodeAsString) <= 0;
        } else if (propertyIsCOMPOperation.getOperatorId() == 101) {
            z = nodeAsString != null && literal.getValue().compareTo(nodeAsString) > 0;
        } else if (propertyIsCOMPOperation.getOperatorId() == 103) {
            z = nodeAsString != null && literal.getValue().compareTo(nodeAsString) >= 0;
        }
        return z;
    }

    private Operation handleUpdateDelete(Operation operation, Map<QualifiedName, Filter> map) {
        Filter filter = null;
        Filter constraint = operation instanceof Update ? ((Update) operation).getConstraint() : ((Delete) operation).getConstraint();
        if (constraint instanceof ComplexFilter) {
            ComplexFilter complexFilter = (ComplexFilter) constraint;
            filter = map == null ? complexFilter : new ComplexFilter(complexFilter, (ComplexFilter) map.values().iterator().next(), OperationDefines.AND);
        } else if (constraint instanceof FeatureFilter) {
            filter = constraint;
        }
        if (operation instanceof Update) {
            ((Update) operation).setConstraint(filter);
        } else {
            ((Delete) operation).setConstraint(filter);
        }
        return operation;
    }

    private Map<QualifiedName, Filter> readFilterFromDRM(List<QualifiedName> list, Operation operation, User user) throws UnauthorizedException, InvalidParameterValueException {
        HashMap hashMap = new HashMap();
        try {
            SecurityAccess acquireAccess = SecurityAccessManager.getInstance().acquireAccess(user);
            for (int i = 0; i < list.size(); i++) {
                ArrayList arrayList = new ArrayList();
                SecuredObject securedObjectByName = acquireAccess.getSecuredObjectByName(list.get(i).getFormattedString(), ClientHelper.TYPE_METADATASCHEMA);
                RightSet rights = user.getRights(acquireAccess, securedObjectByName);
                Right right = operation instanceof Update ? rights.getRight(securedObjectByName, RightType.UPDATE_RESPONSE) : operation instanceof Delete ? rights.getRight(securedObjectByName, RightType.DELETE_RESPONSE) : rights.getRight(securedObjectByName, RightType.INSERT_RESPONSE);
                if (right != null) {
                    ComplexFilter complexFilter = (ComplexFilter) right.getConstraints();
                    if (complexFilter != null) {
                        extractInstanceFilter(complexFilter.getOperation(), arrayList);
                        if (arrayList.size() == 1) {
                            complexFilter = arrayList.get(0);
                        } else if (arrayList.size() > 1) {
                            ArrayList arrayList2 = new ArrayList();
                            Iterator<ComplexFilter> it = arrayList.iterator();
                            while (it.hasNext()) {
                                arrayList2.add(it.next().getOperation());
                            }
                            complexFilter = new ComplexFilter(new LogicalOperation(OperationDefines.OR, arrayList2));
                        }
                        hashMap.put(list.get(i), complexFilter);
                    }
                }
            }
            return hashMap;
        } catch (IOException e) {
            LOG.logError(e.getMessage(), e);
            throw new InvalidParameterValueException(e.getMessage(), e);
        } catch (FilterConstructionException e2) {
            LOG.logError(e2.getMessage(), e2);
            throw new InvalidParameterValueException(e2.getMessage(), e2);
        } catch (GeneralSecurityException e3) {
            LOG.logError(e3.getMessage(), e3);
            throw new UnauthorizedException(e3.getMessage(), e3);
        } catch (SAXException e4) {
            LOG.logError(e4.getMessage(), e4);
            throw new InvalidParameterValueException(e4.getMessage(), e4);
        }
    }

    private List<QualifiedName> getMetadataTypes(Operation operation) throws InvalidParameterValueException {
        ArrayList arrayList = new ArrayList();
        if (!(operation instanceof Update) && !(operation instanceof Delete)) {
            List<Element> records = ((Insert) operation).getRecords();
            for (int i = 0; i < records.size(); i++) {
                try {
                    QualifiedName qualifiedName = new QualifiedName("a", records.get(i).getLocalName(), new URI(records.get(i).getNamespaceURI()));
                    if (!arrayList.contains(qualifiedName)) {
                        arrayList.add(qualifiedName);
                    }
                } catch (URISyntaxException e) {
                    LOG.logError(e.getMessage(), e);
                    throw new InvalidParameterValueException(e.getMessage(), e);
                }
            }
        }
        return arrayList;
    }

    private void fillFilterMap(Condition condition) throws InvalidParameterValueException {
        List<Element> complexValues = condition.getOperationParameter("instanceFilter").getComplexValues();
        try {
            if (filterMap.size() == 0) {
                for (int i = 0; i < complexValues.size(); i++) {
                    Query create = Query.create(complexValues.get(0));
                    filterMap.put(create.getTypeNames()[0], create.getFilter());
                }
            }
        } catch (XMLParsingException e) {
            LOG.logError(e.getMessage(), e);
            throw new InvalidParameterValueException(getClass().getName(), e.getMessage());
        }
    }

    private void validateOperation(Condition condition, Insert insert) throws InvalidParameterValueException {
        OperationParameter operationParameter = condition.getOperationParameter(METADATAFORMAT);
        if (operationParameter.isAny()) {
            return;
        }
        List<String> values = operationParameter.getValues();
        List<Element> records = insert.getRecords();
        for (int i = 0; i < records.size(); i++) {
            String concat = StringTools.concat(OperationDefines.AND, '{', records.get(i).getNamespaceURI(), "}:", records.get(i).getLocalName());
            if (!values.contains(concat)) {
                if (!operationParameter.isUserCoupled()) {
                    throw new InvalidParameterValueException(org.deegree.security.owsrequestvalidator.Messages.format("CSWTransactionValidator.INVALIDMETADATAFORMAT", concat));
                }
                this.userCoupled = true;
                return;
            }
        }
    }

    private void validateOperation(Condition condition, Delete delete) throws InvalidParameterValueException {
        OperationParameter operationParameter = condition.getOperationParameter(TYPENAME);
        if (operationParameter.isAny()) {
            return;
        }
        URI typeName = delete.getTypeName();
        if (typeName == null) {
            throw new InvalidParameterValueException(org.deegree.security.owsrequestvalidator.Messages.getString("CSWTransactionValidator.INVALIDDELETETYPENAME1"));
        }
        if (operationParameter.getValues().contains(typeName.toASCIIString())) {
            return;
        }
        if (!operationParameter.isUserCoupled()) {
            throw new InvalidParameterValueException(org.deegree.security.owsrequestvalidator.Messages.format("CSWTransactionValidator.INVALIDDELETETYPENAME2", typeName));
        }
        this.userCoupled = true;
    }

    private void validateOperation(Condition condition, Update update) throws InvalidParameterValueException {
        URI typeName = update.getTypeName();
        Element record = update.getRecord();
        if (typeName == null && record == null) {
            throw new InvalidParameterValueException(org.deegree.security.owsrequestvalidator.Messages.getString("CSWTransactionValidator.INVALIDUPDATETYPENAME1"));
        }
        OperationParameter operationParameter = condition.getOperationParameter(TYPENAME);
        List<String> values = operationParameter.getValues();
        if (typeName != null && !values.contains(typeName.toASCIIString())) {
            if (operationParameter.isAny()) {
                return;
            }
            if (!operationParameter.isUserCoupled()) {
                throw new InvalidParameterValueException(org.deegree.security.owsrequestvalidator.Messages.format("CSWTransactionValidator.INVALIDUPDATETYPENAME2", typeName));
            }
            this.userCoupled = true;
            return;
        }
        OperationParameter operationParameter2 = condition.getOperationParameter(METADATAFORMAT);
        if (operationParameter2.isAny()) {
            return;
        }
        List<String> values2 = operationParameter2.getValues();
        String concat = StringTools.concat(OperationDefines.AND, '{', record.getNamespaceURI(), "}:", record.getLocalName());
        if (values2.contains(concat)) {
            return;
        }
        if (!operationParameter2.isUserCoupled()) {
            throw new InvalidParameterValueException(org.deegree.security.owsrequestvalidator.Messages.format("CSWTransactionValidator.INVALIDMETADATAFORMAT", concat));
        }
        this.userCoupled = true;
    }

    private void validateAgainstRightsDB(Delete delete, User user) throws InvalidParameterValueException, UnauthorizedException {
        if (user == null) {
            throw new UnauthorizedException(org.deegree.security.owsrequestvalidator.Messages.getString("RequestValidator.NOACCESS"));
        }
        ArrayList arrayList = new ArrayList();
        URI typeName = delete.getTypeName();
        String str = null;
        if (typeName != null) {
            str = typeName.toASCIIString();
        }
        arrayList.add(FeatureFactory.createFeatureProperty(new QualifiedName(TYPENAME), str));
        handleUserCoupledRules(user, FeatureFactory.createFeature("id", insertFT, arrayList), "{http://www.opengis.net/cat/csw}:profil", ClientHelper.TYPE_METADATASCHEMA, RightType.DELETE);
    }

    private void validateAgainstRightsDB(Update update, User user) {
        throw new NoSuchMethodError(String.valueOf(getClass().getName()) + ".validateAgainstRightsDB not implemented yet");
    }

    private void validateAgainstRightsDB(Insert insert, User user) throws InvalidParameterValueException, UnauthorizedException {
        if (user == null) {
            throw new UnauthorizedException(org.deegree.security.owsrequestvalidator.Messages.getString("RequestValidator.NOACCESS"));
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(null);
        Feature createFeature = FeatureFactory.createFeature("id", insertFT, arrayList);
        List<Element> records = insert.getRecords();
        for (int i = 0; i < records.size(); i++) {
            handleUserCoupledRules(user, createFeature, StringTools.concat(OperationDefines.AND, '{', records.get(i).getNamespaceURI(), "}:", records.get(i).getLocalName()), ClientHelper.TYPE_METADATASCHEMA, RightType.INSERT);
        }
    }

    private static FeatureType createInsertFeatureType() {
        return FeatureFactory.createFeatureType("CSW_Insert", false, new PropertyType[]{FeatureFactory.createSimplePropertyType(new QualifiedName(METADATAFORMAT), 12, false)});
    }

    private static FeatureType createUpdateFeatureType() {
        return FeatureFactory.createFeatureType("CSW_Update", false, new PropertyType[]{FeatureFactory.createSimplePropertyType(new QualifiedName(METADATAFORMAT), 12, false), FeatureFactory.createSimplePropertyType(new QualifiedName(TYPENAME), 12, false)});
    }

    private static FeatureType createDeleteFeatureType() {
        return FeatureFactory.createFeatureType("CSW_Delete", false, new PropertyType[]{FeatureFactory.createSimplePropertyType(new QualifiedName(TYPENAME), 12, false)});
    }
}
