package org.n52.security.enforcement.interceptors.wfs.simplepermission;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.n52.security.common.artifact.Payload;
import org.n52.security.common.artifact.QueryStringPayload;
import org.n52.security.common.artifact.TextualPayload;
import org.n52.security.common.artifact.Transferable;
import org.n52.security.common.attributes.Attribute;
import org.n52.security.common.xml.DOMParser;
import org.n52.security.common.xml.DOMSerializer;
import org.n52.security.common.xml.XMLPathCtx;
import org.n52.security.decision.Obligation;
import org.n52.security.decision.PDPRequest;
import org.n52.security.decision.PDPRequestCollection;
import org.n52.security.decision.PDPResponse;
import org.n52.security.decision.Target;
import org.n52.security.enforcement.chain.AuthzInterceptor;
import org.n52.security.enforcement.chain.InterceptorException;
import org.n52.security.enforcement.chain.InterceptorRequest;
import org.n52.security.enforcement.chain.InterceptorResponse;
import org.n52.security.enforcement.chain.SecuredServiceRequest;
import org.n52.security.enforcement.chain.impl.SecuredServiceHttpRequest;
import org.n52.security.enforcement.exception.EnforcementServiceException;
import org.n52.security.enforcement.interceptors.TargetItem;
import org.n52.security.enforcement.interceptors.TargetItemCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/n52/security/enforcement/interceptors/wfs/simplepermission/WFSGetFeatureInterceptor.class */
public class WFSGetFeatureInterceptor extends AuthzInterceptor {
    private static final Logger LOGGER = LoggerFactory.getLogger(WFSGetFeatureInterceptor.class);
    private final Map mProps;
    private Document m_requestDocument;
    private XMLPathCtx ctx;

    public WFSGetFeatureInterceptor(Map map) {
        super(map);
        this.mProps = map;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v88, types: [java.util.List] */
    public SecuredServiceRequest doRequest(Subject subject, InterceptorRequest interceptorRequest) throws InterceptorException, EnforcementServiceException {
        SecuredServiceHttpRequest request = interceptorRequest.getRequest();
        ArrayList<String> arrayList = new ArrayList();
        QueryStringPayload queryStringPayload = WFSDescribeFeatureTypeInterceptor.getQueryStringPayload(request);
        boolean z = false;
        if (queryStringPayload != null) {
            String parameterValue = queryStringPayload.getParameterValue("REQUEST");
            if (parameterValue == null || !parameterValue.equalsIgnoreCase("GetFeature")) {
                return request;
            }
            arrayList = Arrays.asList(queryStringPayload.getParameterValues("typeName"));
        } else {
            if (!isXMLGetFeatureRequest(request)) {
                return request;
            }
            z = true;
            this.ctx = XMLPathCtx.createNew().addNamespace("ows", "http://www.opengis.net/ows/1.1").addNamespace("wfs", "http://www.opengis.net/wfs/1.0.0").addNamespace("ogc", "http://www.opengis.net/ogc");
            NodeList nodeList = this.ctx.findIn(this.m_requestDocument).all("/GetFeature/Query/@typeName").get();
            for (int i = 0; i < nodeList.getLength(); i++) {
                arrayList.add(nodeList.item(i).getTextContent());
            }
        }
        PDPRequestCollection pDPRequestCollection = new PDPRequestCollection();
        String str = (String) request.getAttributeValue("request.service.baseurl");
        String str2 = str.endsWith("/") ? str : str + "/";
        String stringBuffer = new StringBuffer(str2).append("operations/GetFeature").toString();
        TargetItemCollection targetItemCollection = new TargetItemCollection();
        for (String str3 : arrayList) {
            String substring = str3.substring(str3.lastIndexOf(":") + 1);
            try {
                substring = URLEncoder.encode(substring, "UTF-8");
                String stringBuffer2 = new StringBuffer(str2).append("featuretype/").append(substring).toString();
                targetItemCollection.addItem(new TargetItem(str3, substring));
                pDPRequestCollection.add(new PDPRequest(new Target(subject, stringBuffer2, stringBuffer)));
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException("Could not encode layer " + substring, e);
            }
        }
        Iterator it = getDecisionService().request(pDPRequestCollection).iterator();
        while (it.hasNext()) {
            PDPResponse pDPResponse = (PDPResponse) it.next();
            if (!pDPResponse.isPermit()) {
                throw new EnforcementServiceException("Not allowed");
            }
            if (pDPResponse.hasObligations()) {
                if (!z) {
                    throw new EnforcementServiceException("Obligations via HTTP-Get are not supported");
                }
                handleObligations(pDPResponse);
                request.setPayload(new TextualPayload(DOMSerializer.createNew().serializeToString(this.m_requestDocument), ""));
            }
        }
        return request;
    }

    public Transferable doResponse(Subject subject, InterceptorResponse interceptorResponse) throws InterceptorException, EnforcementServiceException {
        return interceptorResponse.getResponse();
    }

    private boolean isXMLGetFeatureRequest(SecuredServiceRequest securedServiceRequest) {
        Payload payload = securedServiceRequest.getPayload();
        String str = (String) securedServiceRequest.getAttributeValue("Content-Type");
        if (str == null || !str.contains("text/xml")) {
            return false;
        }
        String obj = payload.toString();
        if (obj == null) {
            throw new IllegalArgumentException("Creation of " + getClass().getName() + "failed. No GetFeature request");
        }
        try {
            this.m_requestDocument = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new ByteArrayInputStream(obj.getBytes("UTF-8")));
            return this.m_requestDocument == null || this.m_requestDocument.getFirstChild().getNodeName() == "GetFeature";
        } catch (IOException e) {
            throw new RuntimeException();
        } catch (ParserConfigurationException e2) {
            throw new RuntimeException();
        } catch (SAXException e3) {
            throw new RuntimeException();
        }
    }

    private void handleObligations(PDPResponse pDPResponse) throws EnforcementServiceException {
        for (Obligation obligation : pDPResponse.getObligations()) {
            if (!obligation.getId().equals("obligation:wfs:filter")) {
                throw new InterceptorException("Obligation type " + obligation.getId() + " not supported.");
            }
            Node firstChild = DOMSerializer.removeIndentTextNodes(DOMParser.createNew().parse(new InputSource(new StringReader(obligation.getAttribute("filter").getValue().getUnspecifiedValue().toString())))).getFirstChild();
            Attribute attribute = obligation.getAttribute("featuretype");
            if (attribute == null) {
                LOGGER.error("Missing obligation attribute with name: featuretype");
                throw new EnforcementServiceException("Access denied");
            }
            String value = attribute.getValue().getValue();
            NodeList nodeList = this.ctx.findIn(this.m_requestDocument).all("/GetFeature/Query").get();
            if (nodeList.getLength() == 0) {
                throw new EnforcementServiceException("Missing query element");
            }
            for (int i = 0; i < nodeList.getLength(); i++) {
                String nodeValue = nodeList.item(i).getAttributes().getNamedItem("typeName").getNodeValue();
                if (nodeValue.substring(nodeValue.lastIndexOf(":") + 1).equalsIgnoreCase(value)) {
                    Node item = nodeList.item(i);
                    Node node = this.ctx.findIn(item).node("Filter/*").get();
                    if (node == null) {
                        item.appendChild(this.m_requestDocument.importNode(firstChild, true));
                    } else {
                        Node cloneNode = node.cloneNode(true);
                        Node parentNode = node.getParentNode();
                        parentNode.removeChild(node);
                        Element createElement = this.m_requestDocument.createElement("ogc:And");
                        parentNode.insertBefore(createElement, parentNode.getFirstChild());
                        createElement.appendChild(cloneNode);
                        createElement.appendChild(this.m_requestDocument.importNode(firstChild.getFirstChild(), true));
                    }
                }
            }
        }
    }
}
