package org.deegree.security.owsrequestvalidator.csw;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.deegree.datatypes.QualifiedName;
import org.deegree.framework.log.ILogger;
import org.deegree.framework.log.LoggerFactory;
import org.deegree.framework.xml.NamespaceContext;
import org.deegree.framework.xml.XMLFragment;
import org.deegree.framework.xml.XMLParsingException;
import org.deegree.framework.xml.XMLTools;
import org.deegree.i18n.Messages;
import org.deegree.model.filterencoding.ComplexFilter;
import org.deegree.model.filterencoding.Filter;
import org.deegree.model.filterencoding.FilterConstructionException;
import org.deegree.model.filterencoding.Literal;
import org.deegree.model.filterencoding.LogicalOperation;
import org.deegree.model.filterencoding.Operation;
import org.deegree.model.filterencoding.OperationDefines;
import org.deegree.model.filterencoding.PropertyIsCOMPOperation;
import org.deegree.model.filterencoding.PropertyName;
import org.deegree.ogcbase.CommonNamespaces;
import org.deegree.ogcwebservices.InvalidParameterValueException;
import org.deegree.ogcwebservices.OGCServiceTypes;
import org.deegree.ogcwebservices.OGCWebServiceRequest;
import org.deegree.ogcwebservices.csw.capabilities.CatalogueOperationsMetadata;
import org.deegree.ogcwebservices.csw.discovery.GetRepositoryItem;
import org.deegree.portal.standard.security.control.ClientHelper;
import org.deegree.security.GeneralSecurityException;
import org.deegree.security.UnauthorizedException;
import org.deegree.security.drm.SecurityAccess;
import org.deegree.security.drm.SecurityAccessManager;
import org.deegree.security.drm.model.Right;
import org.deegree.security.drm.model.RightType;
import org.deegree.security.drm.model.SecuredObject;
import org.deegree.security.drm.model.User;
import org.deegree.security.owsproxy.Condition;
import org.deegree.security.owsproxy.OperationParameter;
import org.deegree.security.owsproxy.Request;
import org.deegree.security.owsrequestvalidator.Policy;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/deegree/security/owsrequestvalidator/csw/GetRepositoryItemRequestValidator.class */
public class GetRepositoryItemRequestValidator extends AbstractCSWRequestValidator {
    private static ILogger LOG = LoggerFactory.getLogger(GetRepositoryItemRequestValidator.class);
    private static Map<QualifiedName, Filter> filterMap = new HashMap();
    private static String CSW_ADDRESS = "cswAddress";

    public GetRepositoryItemRequestValidator(Policy policy) {
        super(policy);
    }

    @Override // org.deegree.security.owsrequestvalidator.RequestValidator
    public void validateRequest(OGCWebServiceRequest oGCWebServiceRequest, User user) throws InvalidParameterValueException, UnauthorizedException {
        this.userCoupled = false;
        Request request = this.policy.getRequest(OGCServiceTypes.CSW_SERVICE_NAME, CatalogueOperationsMetadata.GET_REPOSITORY_ITEM);
        if (request == null) {
            String message = Messages.getMessage("OWSPROXY_GETREPITEM_NOT_DEFINED", new Object[0]);
            LOG.logDebug(message);
            throw new UnauthorizedException(message);
        }
        if (request.isAny()) {
            return;
        }
        Condition preConditions = request.getPreConditions();
        if (preConditions == null) {
            String message2 = Messages.getMessage("OWSPROXY_GETREPITEM_PRE_NOT_DEFINED", new Object[0]);
            LOG.logDebug(message2);
            throw new UnauthorizedException(message2);
        }
        GetRepositoryItem getRepositoryItem = (GetRepositoryItem) oGCWebServiceRequest;
        validateVersion(preConditions, getRepositoryItem.getVersion());
        try {
            validateReqistryObject(user, getRepositoryItem, preConditions);
        } catch (XMLParsingException e) {
            throw new InvalidParameterValueException(e.getMessage(), e);
        }
    }

    private void validateReqistryObject(User user, GetRepositoryItem getRepositoryItem, Condition condition) throws XMLParsingException, UnauthorizedException, InvalidParameterValueException {
        Map<QualifiedName, Filter> map;
        OperationParameter operationParameter = condition.getOperationParameter("extrinsicObject");
        if (operationParameter.isAny()) {
            return;
        }
        QualifiedName qualifiedName = null;
        try {
            qualifiedName = new QualifiedName(null, "ExtrinsicObject", new URI("urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0"));
        } catch (URISyntaxException e) {
        }
        try {
            XMLFragment readExtrinsicObject = readExtrinsicObject(user, qualifiedName, getRepositoryItem.getRepositoryItemID());
            if (XMLTools.getElement(readExtrinsicObject.getRootElement(), "*", CommonNamespaces.getNamespaceContext()) == null) {
                return;
            }
            NamespaceContext namespaceContext = CommonNamespaces.getNamespaceContext();
            if (operationParameter.isUserCoupled()) {
                map = readFilterFromDRM(user, qualifiedName);
            } else {
                fillFilterMap(condition);
                map = filterMap;
            }
            ComplexFilter complexFilter = (ComplexFilter) map.get(qualifiedName);
            if (complexFilter == null) {
                throw new UnauthorizedException(Messages.getMessage("OWSPROXY_GETREPITEM_PRE_NOT_ALLOWED", new Object[0]));
            }
            Operation operation = complexFilter.getOperation();
            if (!(operation instanceof LogicalOperation)) {
                String value = ((Literal) ((PropertyIsCOMPOperation) operation).getSecondExpression()).getValue();
                LOG.logDebug("evaluated xpath expression: " + value);
                List<Node> nodes = XMLTools.getNodes(readExtrinsicObject.getRootElement(), value, namespaceContext);
                if (nodes == null || nodes.size() == 0) {
                    throw new UnauthorizedException(Messages.getMessage("OWSPROXY_GETREPITEM_PRE_NOT_ALLOWED", new Object[0]));
                }
                return;
            }
            LogicalOperation logicalOperation = (LogicalOperation) operation;
            if (logicalOperation.getOperatorId() == 200) {
                handleAnd(readExtrinsicObject, logicalOperation);
            } else {
                if (logicalOperation.getOperatorId() != 201) {
                    throw new InvalidParameterValueException(Messages.getMessage("OWSPROXY_GETREPITEM_PRE_INVALID_LOGICAL_OPERATOR", new Object[0]));
                }
                handleOr(readExtrinsicObject, logicalOperation);
            }
        } catch (Exception e2) {
            LOG.logError(e2.getMessage(), e2);
            throw new InvalidParameterValueException(e2.getMessage(), e2);
        }
    }

    private void fillFilterMap(Condition condition) {
    }

    private void handleOr(XMLFragment xMLFragment, LogicalOperation logicalOperation) throws UnauthorizedException, XMLParsingException {
        NamespaceContext namespaceContext = CommonNamespaces.getNamespaceContext();
        Iterator<Operation> it = logicalOperation.getArguments().iterator();
        while (it.hasNext()) {
            String value = ((Literal) ((PropertyIsCOMPOperation) it.next()).getSecondExpression()).getValue();
            LOG.logDebug("evaluated xpath expression: " + value);
            List<Node> nodes = XMLTools.getNodes(xMLFragment.getRootElement(), value, namespaceContext);
            if (nodes != null && nodes.size() > 0) {
                return;
            }
        }
        throw new UnauthorizedException(Messages.getMessage("OWSPROXY_GETRECBYID_NOT_ALLOWED", new Object[0]));
    }

    private void handleAnd(XMLFragment xMLFragment, LogicalOperation logicalOperation) throws XMLParsingException, UnauthorizedException {
        NamespaceContext namespaceContext = CommonNamespaces.getNamespaceContext();
        Iterator<Operation> it = logicalOperation.getArguments().iterator();
        while (it.hasNext()) {
            String value = ((Literal) ((PropertyIsCOMPOperation) it.next()).getSecondExpression()).getValue();
            LOG.logDebug("evaluated xpath expression: " + value);
            List<Node> nodes = XMLTools.getNodes(xMLFragment.getRootElement(), value, namespaceContext);
            if (nodes == null || nodes.size() == 0) {
                throw new UnauthorizedException(Messages.getMessage("OWSPROXY_CSW_GETRECBYID_NOT_ALLOWED", new Object[0]));
            }
        }
    }

    private Map<QualifiedName, Filter> readFilterFromDRM(User user, QualifiedName qualifiedName) throws UnauthorizedException, InvalidParameterValueException {
        HashMap hashMap = new HashMap();
        try {
            Right right = getRight(user, qualifiedName);
            if (right != null) {
                ComplexFilter complexFilter = (ComplexFilter) right.getConstraints();
                if (complexFilter != null) {
                    ArrayList arrayList = new ArrayList();
                    extractInstanceFilter(complexFilter.getOperation(), arrayList);
                    if (arrayList.size() == 1) {
                        complexFilter = arrayList.get(0);
                    } else if (arrayList.size() > 1) {
                        ArrayList arrayList2 = new ArrayList();
                        Iterator<ComplexFilter> it = arrayList.iterator();
                        while (it.hasNext()) {
                            arrayList2.add(it.next().getOperation());
                        }
                        complexFilter = new ComplexFilter(new LogicalOperation(OperationDefines.OR, arrayList2));
                    }
                    hashMap.put(qualifiedName, complexFilter);
                }
            }
            return hashMap;
        } catch (IOException e) {
            LOG.logError(e.getMessage(), e);
            throw new InvalidParameterValueException(e.getMessage(), e);
        } catch (FilterConstructionException e2) {
            LOG.logError(e2.getMessage(), e2);
            throw new InvalidParameterValueException(e2.getMessage(), e2);
        } catch (GeneralSecurityException e3) {
            LOG.logError(e3.getMessage(), e3);
            throw new UnauthorizedException(e3.getMessage(), e3);
        } catch (SAXException e4) {
            LOG.logError(e4.getMessage(), e4);
            throw new InvalidParameterValueException(e4.getMessage(), e4);
        }
    }

    private XMLFragment readExtrinsicObject(User user, QualifiedName qualifiedName, URI uri) throws InvalidParameterValueException, UnauthorizedException, IOException, SAXException {
        ComplexFilter complexFilter;
        String str = null;
        try {
            Right right = getRight(user, qualifiedName);
            if (right != null && (complexFilter = (ComplexFilter) right.getConstraints()) != null) {
                str = extractCSWAddress(complexFilter.getOperation());
            }
            return new XMLFragment(new URL(String.valueOf(str) + uri.toASCIIString()));
        } catch (GeneralSecurityException e) {
            LOG.logError(e.getMessage(), e);
            throw new UnauthorizedException(e.getMessage(), e);
        }
    }

    private Right getRight(User user, QualifiedName qualifiedName) throws GeneralSecurityException, UnauthorizedException {
        SecurityAccess acquireAccess = SecurityAccessManager.getInstance().acquireAccess(user);
        SecuredObject securedObjectByName = acquireAccess.getSecuredObjectByName(qualifiedName.getFormattedString(), ClientHelper.TYPE_METADATASCHEMA);
        return user.getRights(acquireAccess, securedObjectByName).getRight(securedObjectByName, RightType.GETREPOSITORYITEM);
    }

    private String extractCSWAddress(Operation operation) throws InvalidParameterValueException {
        if (operation.getOperatorId() == 200) {
            List<Operation> arguments = ((LogicalOperation) operation).getArguments();
            for (int i = 0; i < arguments.size(); i++) {
                Operation operation2 = arguments.get(i);
                if (operation2.getOperatorId() == 100) {
                    if (CSW_ADDRESS.equals(((PropertyName) ((PropertyIsCOMPOperation) operation2).getFirstExpression()).getValue().getAsString())) {
                        return ((Literal) ((PropertyIsCOMPOperation) operation2).getSecondExpression()).getValue();
                    }
                }
            }
        } else if (operation.getOperatorId() == 100) {
            if (CSW_ADDRESS.equals(((PropertyName) ((PropertyIsCOMPOperation) operation).getFirstExpression()).getValue().getAsString())) {
                return ((Literal) ((PropertyIsCOMPOperation) operation).getSecondExpression()).getValue();
            }
        }
        throw new InvalidParameterValueException(Messages.getMessage("OWSPROXY_GETREPITEM_PRE_MISSING_CSWADDRESS", new Object[0]));
    }
}
