package org.deegree.security.owsrequestvalidator.csw;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.deegree.datatypes.QualifiedName;
import org.deegree.framework.log.ILogger;
import org.deegree.framework.log.LoggerFactory;
import org.deegree.model.feature.FeatureFactory;
import org.deegree.model.feature.schema.FeatureType;
import org.deegree.model.feature.schema.PropertyType;
import org.deegree.model.filterencoding.ComplexFilter;
import org.deegree.model.filterencoding.FeatureFilter;
import org.deegree.model.filterencoding.Filter;
import org.deegree.model.filterencoding.FilterConstructionException;
import org.deegree.model.filterencoding.LogicalOperation;
import org.deegree.model.filterencoding.OperationDefines;
import org.deegree.ogcbase.SortProperty;
import org.deegree.ogcwebservices.InvalidParameterValueException;
import org.deegree.ogcwebservices.OGCServiceTypes;
import org.deegree.ogcwebservices.OGCWebServiceRequest;
import org.deegree.ogcwebservices.csw.capabilities.CatalogueOperationsMetadata;
import org.deegree.ogcwebservices.csw.discovery.GetRecords;
import org.deegree.ogcwebservices.csw.discovery.Query;
import org.deegree.ogcwebservices.csw.discovery.XMLFactory;
import org.deegree.portal.standard.security.control.ClientHelper;
import org.deegree.security.GeneralSecurityException;
import org.deegree.security.UnauthorizedException;
import org.deegree.security.drm.SecurityAccess;
import org.deegree.security.drm.SecurityAccessManager;
import org.deegree.security.drm.model.Right;
import org.deegree.security.drm.model.RightType;
import org.deegree.security.drm.model.SecuredObject;
import org.deegree.security.drm.model.User;
import org.deegree.security.owsproxy.Condition;
import org.deegree.security.owsproxy.OperationParameter;
import org.deegree.security.owsproxy.Request;
import org.deegree.security.owsrequestvalidator.Messages;
import org.deegree.security.owsrequestvalidator.Policy;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/deegree/security/owsrequestvalidator/csw/GetRecordsRequestValidator.class */
public class GetRecordsRequestValidator extends AbstractCSWRequestValidator {
    private static final String ELEMENTSETNAME = "elementSetName";
    private static final String MAXRECORDS = "maxRecords";
    private static final String OUTPUTFORMAT = "outputFormat";
    private static final String RESULTTYPE = "resultType";
    private static final String SORTBY = "sortBy";
    private static final String TYPENAMES = "typeNames";
    private static FeatureType grFT;
    private static final ILogger LOG = LoggerFactory.getLogger(GetRecordsRequestValidator.class);
    private static Map<String, Filter> filterMap = new HashMap();

    static {
        grFT = null;
        if (grFT == null) {
            grFT = createFeatureType();
        }
    }

    public GetRecordsRequestValidator(Policy policy) {
        super(policy);
    }

    @Override // org.deegree.security.owsrequestvalidator.RequestValidator
    public void validateRequest(OGCWebServiceRequest oGCWebServiceRequest, User user) throws InvalidParameterValueException, UnauthorizedException {
        this.userCoupled = false;
        Request request = this.policy.getRequest(OGCServiceTypes.CSW_SERVICE_NAME, CatalogueOperationsMetadata.GET_RECORDS_NAME);
        if (request.isAny()) {
            return;
        }
        Condition preConditions = request.getPreConditions();
        GetRecords getRecords = (GetRecords) oGCWebServiceRequest;
        validateVersion(preConditions, getRecords.getVersion());
        validateMaxRecords(preConditions, getRecords.getMaxRecords());
        validateOutputFormat(preConditions, getRecords.getOutputFormat());
        validateResultType(preConditions, getRecords.getResultTypeAsString());
        validateElementSetName(preConditions, getRecords.getQuery().getElementSetName());
        validateSortBy(preConditions, getRecords.getQuery().getSortProperties());
        validateTypeNames(preConditions, getRecords.getQuery().getTypeNamesAsList());
        if (this.userCoupled) {
            validateAgainstRightsDB(getRecords, user);
        }
        if (request.getPostConditions() != null) {
            addFilter(getRecords, request.getPostConditions(), user);
        }
    }

    private void addFilter(GetRecords getRecords, Condition condition, User user) throws InvalidParameterValueException, UnauthorizedException {
        Map<String, Filter> map;
        if (condition.getOperationParameter("instanceFilter") != null) {
            if (condition.getOperationParameter("instanceFilter").isUserCoupled()) {
                map = readFilterFromDRM(getRecords, user);
            } else {
                fillFilterMap(condition);
                map = filterMap;
            }
            Query query = getRecords.getQuery();
            Filter filter = null;
            if (query.getContraint() == null) {
                filter = map.get(getRecords.getOutputSchema());
            } else if (query.getContraint() instanceof ComplexFilter) {
                ComplexFilter complexFilter = (ComplexFilter) query.getContraint();
                Filter filter2 = map.get(getRecords.getOutputSchema());
                filter = filter2 == null ? complexFilter : new ComplexFilter(complexFilter, (ComplexFilter) filter2, OperationDefines.AND);
            } else if (query.getContraint() instanceof FeatureFilter) {
                filter = query.getContraint();
            }
            getRecords.setQuery(new Query(query.getElementSetName(), query.getElementSetNameTypeNamesList(), query.getElementSetNameVariables(), query.getElementNamesAsPropertyPaths(), filter, query.getSortProperties(), query.getTypeNamesAsList(), query.getDeclaredTypeNameVariables()));
        }
        if (LOG.getLevel() != 0) {
            try {
                XMLFactory.export(getRecords).prettyPrint(System.out);
            } catch (Exception e) {
            }
        }
    }

    private void fillFilterMap(Condition condition) throws InvalidParameterValueException {
        condition.getOperationParameter("instanceFilter").getComplexValues();
    }

    private Map<String, Filter> readFilterFromDRM(GetRecords getRecords, User user) throws UnauthorizedException, InvalidParameterValueException {
        HashMap hashMap = new HashMap();
        try {
            SecurityAccess acquireAccess = SecurityAccessManager.getInstance().acquireAccess(user);
            String outputSchema = getRecords.getOutputSchema();
            SecuredObject securedObjectByName = acquireAccess.getSecuredObjectByName(outputSchema, ClientHelper.TYPE_METADATASCHEMA);
            Right right = user.getRights(acquireAccess, securedObjectByName).getRight(securedObjectByName, RightType.GETRECORDS_RESPONSE);
            if (right != null) {
                ComplexFilter complexFilter = (ComplexFilter) right.getConstraints();
                if (complexFilter != null) {
                    ArrayList arrayList = new ArrayList();
                    extractInstanceFilter(complexFilter.getOperation(), arrayList);
                    if (arrayList.size() == 1) {
                        complexFilter = arrayList.get(0);
                    } else if (arrayList.size() > 1) {
                        ArrayList arrayList2 = new ArrayList();
                        Iterator<ComplexFilter> it = arrayList.iterator();
                        while (it.hasNext()) {
                            arrayList2.add(it.next().getOperation());
                        }
                        complexFilter = new ComplexFilter(new LogicalOperation(OperationDefines.OR, arrayList2));
                    }
                    hashMap.put(outputSchema, complexFilter);
                }
            }
            return hashMap;
        } catch (IOException e) {
            LOG.logError(e.getMessage(), e);
            throw new InvalidParameterValueException(e.getMessage(), e);
        } catch (FilterConstructionException e2) {
            LOG.logError(e2.getMessage(), e2);
            throw new InvalidParameterValueException(e2.getMessage(), e2);
        } catch (GeneralSecurityException e3) {
            LOG.logError(e3.getMessage(), e3);
            throw new UnauthorizedException(e3.getMessage(), e3);
        } catch (SAXException e4) {
            LOG.logError(e4.getMessage(), e4);
            throw new InvalidParameterValueException(e4.getMessage(), e4);
        }
    }

    private void validateAgainstRightsDB(GetRecords getRecords, User user) throws InvalidParameterValueException, UnauthorizedException {
        if (user == null) {
            throw new UnauthorizedException(Messages.getString("RequestValidator.NOACCESS"));
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(FeatureFactory.createFeatureProperty(new QualifiedName("version"), getRecords.getVersion()));
        arrayList.add(FeatureFactory.createFeatureProperty(new QualifiedName(MAXRECORDS), Integer.valueOf(getRecords.getMaxRecords())));
        arrayList.add(FeatureFactory.createFeatureProperty(new QualifiedName(OUTPUTFORMAT), getRecords.getOutputFormat()));
        arrayList.add(FeatureFactory.createFeatureProperty(new QualifiedName(RESULTTYPE), getRecords.getResultTypeAsString()));
        SortProperty[] sortProperties = getRecords.getQuery().getSortProperties();
        if (sortProperties != null) {
            for (SortProperty sortProperty : sortProperties) {
                arrayList.add(FeatureFactory.createFeatureProperty(new QualifiedName(SORTBY), sortProperty.getSortProperty().getAsString()));
            }
        }
        List<QualifiedName> typeNamesAsList = getRecords.getQuery().getTypeNamesAsList();
        for (int i = 0; i < typeNamesAsList.size(); i++) {
            arrayList.add(FeatureFactory.createFeatureProperty(new QualifiedName(TYPENAMES), typeNamesAsList.get(i).getPrefixedName()));
        }
        arrayList.add(FeatureFactory.createFeatureProperty(new QualifiedName(ELEMENTSETNAME), getRecords.getQuery().getElementSetName()));
        handleUserCoupledRules(user, FeatureFactory.createFeature("id", grFT, arrayList), getRecords.getOutputSchema(), ClientHelper.TYPE_METADATASCHEMA, RightType.GETRECORDS);
    }

    private void validateMaxRecords(Condition condition, int i) throws InvalidParameterValueException {
        OperationParameter operationParameter = condition.getOperationParameter(MAXRECORDS);
        if (operationParameter.isAny()) {
            return;
        }
        int firstAsInt = operationParameter.getFirstAsInt();
        if (operationParameter.isUserCoupled()) {
            this.userCoupled = true;
        } else if (i > firstAsInt || i < 0) {
            throw new InvalidParameterValueException(Messages.format("GetRecordsRequestValidator.INVALIDMAXRECORDS", MAXRECORDS));
        }
    }

    private void validateElementSetName(Condition condition, String str) throws InvalidParameterValueException {
        OperationParameter operationParameter = condition.getOperationParameter(ELEMENTSETNAME);
        if (operationParameter.isAny()) {
            return;
        }
        List<String> values = operationParameter.getValues();
        if (operationParameter.isUserCoupled()) {
            this.userCoupled = true;
        } else if (!values.contains(str)) {
            throw new InvalidParameterValueException(Messages.format("GetRecordsRequestValidator.INVALIDELEMENTSETNAME", str));
        }
    }

    private void validateOutputFormat(Condition condition, String str) throws InvalidParameterValueException {
        OperationParameter operationParameter = condition.getOperationParameter(OUTPUTFORMAT);
        if (operationParameter.isAny()) {
            return;
        }
        List<String> values = operationParameter.getValues();
        if (operationParameter.isUserCoupled()) {
            this.userCoupled = true;
        } else if (!values.contains(str)) {
            throw new InvalidParameterValueException(Messages.format("GetRecordsRequestValidator.INVALIDOUTPUTFORMAT", str));
        }
    }

    private void validateResultType(Condition condition, String str) throws InvalidParameterValueException {
        OperationParameter operationParameter = condition.getOperationParameter(RESULTTYPE);
        if (operationParameter.isAny()) {
            return;
        }
        List<String> values = operationParameter.getValues();
        if (operationParameter.isUserCoupled()) {
            this.userCoupled = true;
        } else if (!values.contains(str)) {
            throw new InvalidParameterValueException(Messages.format("GetRecordsRequestValidator.INVALIDRESULTTYPE", str));
        }
    }

    private void validateSortBy(Condition condition, SortProperty[] sortPropertyArr) throws InvalidParameterValueException {
        OperationParameter operationParameter = condition.getOperationParameter(SORTBY);
        if (operationParameter.isAny() || sortPropertyArr == null) {
            return;
        }
        List<String> values = operationParameter.getValues();
        if (operationParameter.isUserCoupled()) {
            this.userCoupled = true;
            return;
        }
        for (int i = 0; i < sortPropertyArr.length; i++) {
            if (!values.contains(sortPropertyArr[i].getSortProperty().getAsString())) {
                throw new InvalidParameterValueException(Messages.format("GetRecordsRequestValidator.INVALIDSORTBY", sortPropertyArr[i]));
            }
        }
    }

    private void validateTypeNames(Condition condition, List<QualifiedName> list) throws InvalidParameterValueException {
        OperationParameter operationParameter = condition.getOperationParameter(TYPENAMES);
        if (operationParameter.isAny()) {
            return;
        }
        List<String> values = operationParameter.getValues();
        if (operationParameter.isUserCoupled()) {
            this.userCoupled = true;
            return;
        }
        for (int i = 0; i < list.size(); i++) {
            if (!values.contains(list.get(i).getPrefixedName())) {
                throw new InvalidParameterValueException(Messages.format("GetRecordsRequestValidator.INVALIDTYPENAMES", list.get(i)));
            }
        }
    }

    private static FeatureType createFeatureType() {
        return FeatureFactory.createFeatureType(CatalogueOperationsMetadata.GET_RECORDS_NAME, false, new PropertyType[]{FeatureFactory.createSimplePropertyType(new QualifiedName("version"), 12, false), FeatureFactory.createSimplePropertyType(new QualifiedName(MAXRECORDS), 4, false), FeatureFactory.createSimplePropertyType(new QualifiedName(OUTPUTFORMAT), 12, false), FeatureFactory.createSimplePropertyType(new QualifiedName(RESULTTYPE), 12, false), FeatureFactory.createSimplePropertyType(new QualifiedName(SORTBY), 12, 0, Integer.MAX_VALUE), FeatureFactory.createSimplePropertyType(new QualifiedName(TYPENAMES), 12, 0, Integer.MAX_VALUE), FeatureFactory.createSimplePropertyType(new QualifiedName(ELEMENTSETNAME), 12, false)});
    }
}
