package org.deegree.security.owsrequestvalidator.wfs;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.deegree.datatypes.QualifiedName;
import org.deegree.framework.log.ILogger;
import org.deegree.framework.log.LoggerFactory;
import org.deegree.framework.util.StringTools;
import org.deegree.framework.xml.XMLParsingException;
import org.deegree.i18n.Messages;
import org.deegree.model.feature.FeatureFactory;
import org.deegree.model.feature.schema.FeatureType;
import org.deegree.model.feature.schema.PropertyType;
import org.deegree.model.filterencoding.ComplexFilter;
import org.deegree.model.filterencoding.FeatureFilter;
import org.deegree.model.filterencoding.Filter;
import org.deegree.model.filterencoding.FilterConstructionException;
import org.deegree.model.filterencoding.OperationDefines;
import org.deegree.ogcwebservices.InvalidParameterValueException;
import org.deegree.ogcwebservices.OGCWebServiceRequest;
import org.deegree.ogcwebservices.wfs.XMLFactory;
import org.deegree.ogcwebservices.wfs.operation.Query;
import org.deegree.ogcwebservices.wfs.operation.transaction.Delete;
import org.deegree.ogcwebservices.wfs.operation.transaction.Insert;
import org.deegree.ogcwebservices.wfs.operation.transaction.Transaction;
import org.deegree.ogcwebservices.wfs.operation.transaction.TransactionOperation;
import org.deegree.ogcwebservices.wfs.operation.transaction.Update;
import org.deegree.portal.standard.security.control.ClientHelper;
import org.deegree.security.GeneralSecurityException;
import org.deegree.security.UnauthorizedException;
import org.deegree.security.drm.SecurityAccess;
import org.deegree.security.drm.SecurityAccessManager;
import org.deegree.security.drm.model.Right;
import org.deegree.security.drm.model.RightSet;
import org.deegree.security.drm.model.RightType;
import org.deegree.security.drm.model.SecuredObject;
import org.deegree.security.drm.model.User;
import org.deegree.security.owsproxy.Condition;
import org.deegree.security.owsproxy.OperationParameter;
import org.deegree.security.owsproxy.Request;
import org.deegree.security.owsrequestvalidator.Policy;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/deegree/security/owsrequestvalidator/wfs/TransactionValidator.class */
public class TransactionValidator extends AbstractWFSRequestValidator {
    private static final String TYPENAME = "typeName";
    private static FeatureType insertFT;
    private static FeatureType updateFT;
    private static FeatureType deleteFT;
    private static final ILogger LOG = LoggerFactory.getLogger(TransactionValidator.class);
    private static Map<QualifiedName, Filter> filterMap = new HashMap();

    public TransactionValidator(Policy policy) {
        super(policy);
    }

    @Override // org.deegree.security.owsrequestvalidator.RequestValidator
    public void validateRequest(OGCWebServiceRequest oGCWebServiceRequest, User user) throws InvalidParameterValueException, UnauthorizedException {
        this.userCoupled = false;
        Transaction transaction = (Transaction) oGCWebServiceRequest;
        List<TransactionOperation> operations = transaction.getOperations();
        for (int i = 0; i < operations.size(); i++) {
            this.userCoupled = false;
            if (operations.get(i) instanceof Insert) {
                Request request = this.policy.getRequest("WFS", "WFS_Insert");
                if (!request.isAny()) {
                    validateOperation(request.getPreConditions(), (Insert) operations.get(i));
                }
                if (this.userCoupled) {
                    validateAgainstRightsDB((Insert) operations.get(i), user);
                }
            } else if (operations.get(i) instanceof Update) {
                Request request2 = this.policy.getRequest("WFS", "WFS_Update");
                if (!request2.isAny()) {
                    validateOperation(request2.getPreConditions(), (Update) operations.get(i));
                }
                if (this.userCoupled) {
                    validateAgainstRightsDB((Update) operations.get(i), user);
                }
                if (request2.getPostConditions() != null) {
                    addFilter(operations.get(i), request2.getPostConditions(), user);
                }
            } else if (operations.get(i) instanceof Delete) {
                Request request3 = this.policy.getRequest("WFS", "WFS_Delete");
                if (!request3.isAny()) {
                    validateOperation(request3.getPreConditions(), (Delete) operations.get(i));
                }
                if (this.userCoupled) {
                    validateAgainstRightsDB((Delete) operations.get(i), user);
                }
                if (request3.getPostConditions() != null) {
                    addFilter(operations.get(i), request3.getPostConditions(), user);
                }
            }
        }
        if (LOG.getLevel() == 0) {
            try {
                XMLFactory.export(transaction).prettyPrint(System.out);
            } catch (Exception e) {
            }
        }
    }

    private void addFilter(TransactionOperation transactionOperation, Condition condition, User user) throws InvalidParameterValueException, UnauthorizedException {
        Filter filter;
        if (condition.getOperationParameter("instanceFilter") != null) {
            Filter filter2 = transactionOperation instanceof Update ? ((Update) transactionOperation).getFilter() : ((Delete) transactionOperation).getFilter();
            if (condition.getOperationParameter("instanceFilter").isUserCoupled()) {
                filter = readFilterFromDRM(transactionOperation, user);
            } else {
                fillFilterMap(condition);
                filter = filterMap.get(transactionOperation.getAffectedFeatureTypes().get(0));
            }
            if (filter2 instanceof ComplexFilter) {
                ComplexFilter complexFilter = (ComplexFilter) filter2;
                filter = filter == null ? complexFilter : new ComplexFilter(complexFilter, (ComplexFilter) filter, OperationDefines.AND);
            } else if (filter2 instanceof FeatureFilter) {
                filter = filter2;
            }
            if (transactionOperation instanceof Update) {
                ((Update) transactionOperation).setFilter(filter);
            } else {
                ((Delete) transactionOperation).setFilter(filter);
            }
        }
    }

    private Filter readFilterFromDRM(TransactionOperation transactionOperation, User user) throws UnauthorizedException, InvalidParameterValueException {
        ComplexFilter complexFilter;
        ComplexFilter complexFilter2 = null;
        try {
            SecurityAccess acquireAccess = SecurityAccessManager.getInstance().acquireAccess(user);
            SecuredObject securedObjectByName = acquireAccess.getSecuredObjectByName(transactionOperation.getAffectedFeatureTypes().get(0).getFormattedString(), ClientHelper.TYPE_FEATURETYPE);
            RightSet rights = user.getRights(acquireAccess, securedObjectByName);
            Right right = transactionOperation instanceof Update ? rights.getRight(securedObjectByName, RightType.UPDATE_RESPONSE) : rights.getRight(securedObjectByName, RightType.DELETE_RESPONSE);
            if (right != null && (complexFilter = (ComplexFilter) right.getConstraints()) != null) {
                ComplexFilter extractInstanceFilter = extractInstanceFilter(complexFilter.getOperation());
                if (extractInstanceFilter != null) {
                    complexFilter2 = extractInstanceFilter;
                }
            }
            return complexFilter2;
        } catch (IOException e) {
            LOG.logError(e.getMessage(), e);
            throw new InvalidParameterValueException(e.getMessage(), e);
        } catch (FilterConstructionException e2) {
            LOG.logError(e2.getMessage(), e2);
            throw new InvalidParameterValueException(e2.getMessage(), e2);
        } catch (GeneralSecurityException e3) {
            LOG.logError(e3.getMessage(), e3);
            throw new UnauthorizedException(e3.getMessage(), e3);
        } catch (SAXException e4) {
            LOG.logError(e4.getMessage(), e4);
            throw new InvalidParameterValueException(e4.getMessage(), e4);
        }
    }

    private void fillFilterMap(Condition condition) throws InvalidParameterValueException {
        List<Element> complexValues = condition.getOperationParameter("instanceFilter").getComplexValues();
        try {
            if (filterMap.size() == 0) {
                for (int i = 0; i < complexValues.size(); i++) {
                    Query create = Query.create(complexValues.get(0));
                    filterMap.put(create.getTypeNames()[0], create.getFilter());
                }
            }
        } catch (XMLParsingException e) {
            LOG.logError(e.getMessage(), e);
            throw new InvalidParameterValueException(getClass().getName(), e.getMessage());
        }
    }

    private void validateOperation(Condition condition, Insert insert) throws InvalidParameterValueException {
        OperationParameter operationParameter = condition.getOperationParameter(TYPENAME);
        if (operationParameter.isAny()) {
            return;
        }
        if (operationParameter.isUserCoupled()) {
            this.userCoupled = true;
            return;
        }
        List<String> values = operationParameter.getValues();
        List<QualifiedName> affectedFeatureTypes = insert.getAffectedFeatureTypes();
        for (int i = 0; i < affectedFeatureTypes.size(); i++) {
            String formattedString = affectedFeatureTypes.get(i).getFormattedString();
            if (!values.contains(formattedString)) {
                throw new InvalidParameterValueException(Messages.getMessage("OWSPROXY_NOT_ALLOWED_FEATURETYPE", "insert", formattedString));
            }
        }
    }

    private void validateOperation(Condition condition, Delete delete) throws InvalidParameterValueException {
        OperationParameter operationParameter = condition.getOperationParameter(TYPENAME);
        if (operationParameter.isAny()) {
            return;
        }
        if (operationParameter.isUserCoupled()) {
            this.userCoupled = true;
            return;
        }
        List<String> values = operationParameter.getValues();
        List<QualifiedName> affectedFeatureTypes = delete.getAffectedFeatureTypes();
        for (int i = 0; i < affectedFeatureTypes.size(); i++) {
            String formattedString = affectedFeatureTypes.get(i).getFormattedString();
            if (!values.contains(formattedString)) {
                throw new InvalidParameterValueException(Messages.getMessage("OWSPROXY_NOT_ALLOWED_FEATURETYPE", "delete", formattedString));
            }
        }
    }

    private void validateOperation(Condition condition, Update update) throws InvalidParameterValueException {
        OperationParameter operationParameter = condition.getOperationParameter(TYPENAME);
        if (operationParameter.isAny()) {
            return;
        }
        if (operationParameter.isUserCoupled()) {
            this.userCoupled = true;
            return;
        }
        List<String> values = operationParameter.getValues();
        List<QualifiedName> affectedFeatureTypes = update.getAffectedFeatureTypes();
        for (int i = 0; i < affectedFeatureTypes.size(); i++) {
            String formattedString = affectedFeatureTypes.get(i).getFormattedString();
            if (!values.contains(formattedString)) {
                throw new InvalidParameterValueException(Messages.getMessage("OWSPROXY_NOT_ALLOWED_FEATURETYPE", "update", formattedString));
            }
        }
    }

    private void validateAgainstRightsDB(Delete delete, User user) throws InvalidParameterValueException, UnauthorizedException {
        if (user == null) {
            throw new UnauthorizedException(Messages.getMessage("OWSPROXY_NO_ANONYMOUS_ACCESS", new Object[0]));
        }
        List<QualifiedName> affectedFeatureTypes = delete.getAffectedFeatureTypes();
        for (int i = 0; i < affectedFeatureTypes.size(); i++) {
            String concat = StringTools.concat(OperationDefines.AND, '{', affectedFeatureTypes.get(i).getNamespace().toASCIIString(), "}:", affectedFeatureTypes.get(i).getLocalName());
            ArrayList arrayList = new ArrayList();
            arrayList.add(FeatureFactory.createFeatureProperty(new QualifiedName(TYPENAME), concat));
            handleUserCoupledRules(user, FeatureFactory.createFeature("id", deleteFT, arrayList), concat, ClientHelper.TYPE_FEATURETYPE, RightType.DELETE);
        }
    }

    private void validateAgainstRightsDB(Update update, User user) throws InvalidParameterValueException, UnauthorizedException {
        if (user == null) {
            throw new UnauthorizedException(Messages.getMessage("OWSPROXY_NO_ANONYMOUS_ACCESS", new Object[0]));
        }
        List<QualifiedName> affectedFeatureTypes = update.getAffectedFeatureTypes();
        for (int i = 0; i < affectedFeatureTypes.size(); i++) {
            String concat = StringTools.concat(OperationDefines.AND, '{', affectedFeatureTypes.get(i).getNamespace().toASCIIString(), "}:", affectedFeatureTypes.get(i).getLocalName());
            ArrayList arrayList = new ArrayList();
            arrayList.add(FeatureFactory.createFeatureProperty(new QualifiedName(TYPENAME), concat));
            handleUserCoupledRules(user, FeatureFactory.createFeature("id", updateFT, arrayList), concat, ClientHelper.TYPE_FEATURETYPE, RightType.UPDATE);
        }
    }

    private void validateAgainstRightsDB(Insert insert, User user) throws InvalidParameterValueException, UnauthorizedException {
        if (user == null) {
            throw new UnauthorizedException(Messages.getMessage("OWSPROXY_NO_ANONYMOUS_ACCESS", new Object[0]));
        }
        List<QualifiedName> affectedFeatureTypes = insert.getAffectedFeatureTypes();
        for (int i = 0; i < affectedFeatureTypes.size(); i++) {
            String concat = StringTools.concat(OperationDefines.AND, '{', affectedFeatureTypes.get(i).getNamespace().toASCIIString(), "}:", affectedFeatureTypes.get(i).getLocalName());
            ArrayList arrayList = new ArrayList();
            arrayList.add(FeatureFactory.createFeatureProperty(new QualifiedName(TYPENAME), concat));
            handleUserCoupledRules(user, FeatureFactory.createFeature("id", insertFT, arrayList), concat, ClientHelper.TYPE_FEATURETYPE, RightType.INSERT);
        }
    }

    private static FeatureType createInsertFeatureType() {
        return FeatureFactory.createFeatureType("WFS_Insert", false, new PropertyType[]{FeatureFactory.createSimplePropertyType(new QualifiedName(TYPENAME), 12, false)});
    }

    private static FeatureType createUpdateFeatureType() {
        PropertyType[] propertyTypeArr = new PropertyType[2];
        propertyTypeArr[0] = FeatureFactory.createSimplePropertyType(new QualifiedName(TYPENAME), 12, false);
        return FeatureFactory.createFeatureType("WFS_Update", false, propertyTypeArr);
    }

    private static FeatureType createDeleteFeatureType() {
        return FeatureFactory.createFeatureType("WFS_Delete", false, new PropertyType[]{FeatureFactory.createSimplePropertyType(new QualifiedName(TYPENAME), 12, false)});
    }

    static {
        insertFT = null;
        updateFT = null;
        deleteFT = null;
        if (insertFT == null) {
            insertFT = createInsertFeatureType();
        }
        if (updateFT == null) {
            updateFT = createUpdateFeatureType();
        }
        if (deleteFT == null) {
            deleteFT = createDeleteFeatureType();
        }
    }
}
