package org.n52.security.enforcement.interceptors.sos.simplepermission;

import java.awt.geom.Point2D;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import org.n52.security.common.xml.DOMParser;
import org.n52.security.common.xml.DOMParserException;
import org.n52.security.common.xml.DOMSerializer;
import org.n52.security.common.xml.XMLPathCtx;
import org.n52.security.decision.Obligation;
import org.n52.security.decision.PDPRequest;
import org.n52.security.decision.PDPRequestCollection;
import org.n52.security.decision.PDPResponse;
import org.n52.security.decision.Target;
import org.n52.security.enforcement.artifact.Payload;
import org.n52.security.enforcement.artifact.QueryStringPayload;
import org.n52.security.enforcement.artifact.TextualPayload;
import org.n52.security.enforcement.artifact.TransferAttribute;
import org.n52.security.enforcement.artifact.Transferable;
import org.n52.security.enforcement.chain.AuthzInterceptor;
import org.n52.security.enforcement.chain.InterceptorException;
import org.n52.security.enforcement.chain.InterceptorRequest;
import org.n52.security.enforcement.chain.InterceptorResponse;
import org.n52.security.enforcement.chain.SecuredServiceRequest;
import org.n52.security.enforcement.exception.EnforcementServiceException;
import org.n52.security.enforcement.interceptors.TargetItem;
import org.n52.security.enforcement.interceptors.TargetItemCollection;
import org.n52.security.enforcement.interceptors.sos.utils.SOSInterceptorGlobals;
import org.n52.security.enforcement.interceptors.sos.utils.SOSInterceptorUtilities;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;

/* loaded from: input_file:org/n52/security/enforcement/interceptors/sos/simplepermission/SOSFilterCapabilitiesInterceptor.class */
public class SOSFilterCapabilitiesInterceptor extends AuthzInterceptor {
    private static Logger LOGGER = Logger.getLogger(SOSFilterCapabilitiesInterceptor.class);

    public SOSFilterCapabilitiesInterceptor(Map<String, Object> map) {
        super(map);
        LOGGER.info("Initialized SOS GetCapabilities Interceptor");
    }

    @Override // org.n52.security.enforcement.chain.Interceptor
    public SecuredServiceRequest doRequest(Subject subject, InterceptorRequest interceptorRequest) throws InterceptorException, EnforcementServiceException {
        return interceptorRequest.getRequest();
    }

    @Override // org.n52.security.enforcement.chain.Interceptor
    public Transferable doResponse(Subject subject, InterceptorResponse interceptorResponse) throws InterceptorException, EnforcementServiceException {
        String localName;
        Payload payload = interceptorResponse.getRequest().getPayload();
        if (payload instanceof QueryStringPayload) {
            localName = ((QueryStringPayload) payload).getParameterValue("REQUEST");
        } else {
            if (!(payload instanceof TextualPayload)) {
                throw new EnforcementServiceException("Unsupported request type");
            }
            localName = DOMParser.createNew().parse(new InputSource(payload.getAsStream())).getDocumentElement().getLocalName();
        }
        if (localName == null || localName.length() == 0) {
            throw new InterceptorException("Could not identify request!");
        }
        if (!localName.equalsIgnoreCase("GetCapabilities")) {
            return interceptorResponse.getResponse();
        }
        String str = (String) interceptorResponse.getRequest().getAttributeValue(TransferAttribute.SERVICE_BASE_URL);
        String str2 = str.endsWith("/") ? str : str + "/";
        Transferable response = interceptorResponse.getResponse();
        LOGGER.debug("Intercepting GetCapabilites response");
        try {
            response.setPayload(new TextualPayload(tranformCapabilitiesDocument(subject, DOMParser.createNew().parse(new InputSource(response.getPayload().getAsStream())), str2), (String) response.getAttributeValue("Content-Charset")));
            return response;
        } catch (DOMParserException e) {
            throw new EnforcementServiceException("Could not parse response document as xml", e);
        }
    }

    private Document filterDocument(Subject subject, Document document, String str, String str2, String str3) {
        String stringBuffer = new StringBuffer(str3).append("operations/GetCapabilities").toString();
        XMLPathCtx addNamespace = XMLPathCtx.createNew().addNamespace("ows", "http://www.opengis.net/ows/1.1").addNamespace("sos", "http://www.opengis.net/sos/1.0");
        TargetItemCollection targetItemCollection = new TargetItemCollection();
        NodeList nodeList = addNamespace.findIn(document).all("//*/ows:Parameter[@name='" + str + "']/ows:AllowedValues/ows:Value").get();
        for (int i = 0; i < nodeList.getLength(); i++) {
            if (targetItemCollection.getItem(nodeList.item(i).getTextContent()) == null) {
                String textContent = nodeList.item(i).getTextContent();
                targetItemCollection.addItem(new TargetItem(textContent, new StringBuffer(str3).append(str2 + "/").append(textContent).toString()));
            }
        }
        PDPRequestCollection pDPRequestCollection = new PDPRequestCollection();
        Iterator<TargetItem> it = targetItemCollection.getItems().iterator();
        while (it.hasNext()) {
            pDPRequestCollection.add(new PDPRequest(new Target(subject, it.next().getTargetId(), stringBuffer)));
        }
        Iterator it2 = getDecisionService().request(pDPRequestCollection).iterator();
        HashSet<String> hashSet = new HashSet();
        while (it2.hasNext()) {
            PDPResponse pDPResponse = (PDPResponse) it2.next();
            PDPRequest request = pDPResponse.getRequest();
            if (!pDPResponse.isPermit()) {
                hashSet.add((String) targetItemCollection.getItem(request.getTarget().getResourceId()).getAppItem());
            }
        }
        for (String str4 : hashSet) {
            for (int i2 = 0; i2 < nodeList.getLength(); i2++) {
                if (nodeList.item(i2).getTextContent().equalsIgnoreCase(str4)) {
                    nodeList.item(i2).getParentNode().removeChild(nodeList.item(i2));
                }
            }
        }
        TargetItemCollection targetItemCollection2 = new TargetItemCollection();
        NodeList nodeList2 = addNamespace.findIn(document).all("//*/sos:" + str).get();
        for (int i3 = 0; i3 < nodeList2.getLength(); i3++) {
            String nodeValue = nodeList2.item(i3).getAttributes().getNamedItem("xlink:href").getNodeValue();
            if (targetItemCollection2.getItem(nodeValue) == null) {
                targetItemCollection2.addItem(new TargetItem(nodeValue, new StringBuffer(str3).append(str2 + "/").append(nodeValue).toString()));
            }
        }
        PDPRequestCollection pDPRequestCollection2 = new PDPRequestCollection();
        Iterator<TargetItem> it3 = targetItemCollection2.getItems().iterator();
        while (it3.hasNext()) {
            pDPRequestCollection2.add(new PDPRequest(new Target(subject, it3.next().getTargetId(), stringBuffer)));
        }
        Iterator it4 = getDecisionService().request(pDPRequestCollection2).iterator();
        HashSet<String> hashSet2 = new HashSet();
        while (it4.hasNext()) {
            PDPResponse pDPResponse2 = (PDPResponse) it4.next();
            PDPRequest request2 = pDPResponse2.getRequest();
            if (!pDPResponse2.isPermit()) {
                hashSet2.add((String) targetItemCollection2.getItem(request2.getTarget().getResourceId()).getAppItem());
            }
        }
        for (String str5 : hashSet2) {
            for (int i4 = 0; i4 < nodeList2.getLength(); i4++) {
                if (nodeList2.item(i4).getAttributes().getNamedItem("xlink:href").getNodeValue().equalsIgnoreCase(str5)) {
                    nodeList2.item(i4).getParentNode().removeChild(nodeList2.item(i4));
                }
            }
        }
        return document;
    }

    private Document restrictBBox(Subject subject, Document document, String str) {
        String stringBuffer = new StringBuffer(str).append("operations/GetCapabilities").toString();
        XMLPathCtx addNamespace = XMLPathCtx.createNew().addNamespace("ows", "http://www.opengis.net/ows/1.1").addNamespace("sos", "http://www.opengis.net/sos/1.0").addNamespace("gml", "http://www.opengis.net/gml");
        TargetItemCollection targetItemCollection = new TargetItemCollection();
        NodeList nodeList = addNamespace.findIn(document).all("//*/ows:Parameter[@name='" + SOSInterceptorGlobals.OFFERING + "']/ows:AllowedValues/ows:Value").get();
        for (int i = 0; i < nodeList.getLength(); i++) {
            if (targetItemCollection.getItem(nodeList.item(i).getTextContent()) == null) {
                String textContent = nodeList.item(i).getTextContent();
                targetItemCollection.addItem(new TargetItem(textContent, new StringBuffer(str).append("offerings/").append(textContent).toString()));
            }
        }
        PDPRequestCollection pDPRequestCollection = new PDPRequestCollection();
        Iterator<TargetItem> it = targetItemCollection.getItems().iterator();
        while (it.hasNext()) {
            pDPRequestCollection.add(new PDPRequest(new Target(subject, it.next().getTargetId(), stringBuffer)));
        }
        Iterator it2 = getDecisionService().request(pDPRequestCollection).iterator();
        String str2 = "";
        String str3 = "";
        String str4 = "";
        while (it2.hasNext()) {
            PDPResponse pDPResponse = (PDPResponse) it2.next();
            String resourceId = pDPResponse.getRequest().getTarget().getResourceId();
            if (pDPResponse.hasObligations()) {
                for (Obligation obligation : pDPResponse.getObligations()) {
                    if (obligation.getId().equals("obligation:sos:extent:boundingbox")) {
                        str4 = obligation.getAttribute("srs").getValue().getUnspecifiedValue().toString();
                        str2 = obligation.getAttribute("lowerCorner").getValue().getUnspecifiedValue().toString();
                        str3 = obligation.getAttribute("upperCorner").getValue().getUnspecifiedValue().toString();
                    }
                }
                if (str2 != null && str3 != null && str4 != null && str2.length() > 0 && str3.length() > 0 && str4.length() > 0) {
                    Point2D create2DPointFromString = SOSInterceptorUtilities.create2DPointFromString(str2);
                    Point2D create2DPointFromString2 = SOSInterceptorUtilities.create2DPointFromString(str3);
                    Node node = addNamespace.findIn(document).node("//*/sos:Contents/sos:ObservationOfferingList/sos:ObservationOffering[@gml:id='" + ((String) targetItemCollection.getItem(resourceId).getAppItem()) + "']/gml:boundedBy/gml:Envelope[@srsName='" + str4 + "']").get();
                    if (node != null) {
                        SOSInterceptorUtilities.restrictBoundindBox(node, create2DPointFromString2, create2DPointFromString);
                    }
                }
            }
        }
        return document;
    }

    private Document restrictTime(Subject subject, Document document, String str) throws EnforcementServiceException, InterceptorException {
        String stringBuffer = new StringBuffer(str).append("operations/GetCapabilities").toString();
        XMLPathCtx addNamespace = XMLPathCtx.createNew().addNamespace("ows", "http://www.opengis.net/ows/1.1").addNamespace("sos", "http://www.opengis.net/sos/1.0").addNamespace("gml", "http://www.opengis.net/gml");
        TargetItemCollection targetItemCollection = new TargetItemCollection();
        NodeList nodeList = addNamespace.findIn(document).all("//*/ows:Parameter[@name='" + SOSInterceptorGlobals.OFFERING + "']/ows:AllowedValues/ows:Value").get();
        for (int i = 0; i < nodeList.getLength(); i++) {
            if (targetItemCollection.getItem(nodeList.item(i).getTextContent()) == null) {
                String textContent = nodeList.item(i).getTextContent();
                targetItemCollection.addItem(new TargetItem(textContent, new StringBuffer(str).append("offerings/").append(textContent).toString()));
            }
        }
        PDPRequestCollection pDPRequestCollection = new PDPRequestCollection();
        Iterator<TargetItem> it = targetItemCollection.getItems().iterator();
        while (it.hasNext()) {
            pDPRequestCollection.add(new PDPRequest(new Target(subject, it.next().getTargetId(), stringBuffer)));
        }
        Iterator it2 = getDecisionService().request(pDPRequestCollection).iterator();
        String str2 = "";
        String str3 = "";
        while (it2.hasNext()) {
            PDPResponse pDPResponse = (PDPResponse) it2.next();
            String str4 = (String) targetItemCollection.getItem(pDPResponse.getRequest().getTarget().getResourceId()).getAppItem();
            if (pDPResponse.hasObligations()) {
                Iterator it3 = pDPResponse.getObligations().iterator();
                while (true) {
                    if (!it3.hasNext()) {
                        break;
                    }
                    Obligation obligation = (Obligation) it3.next();
                    if (obligation.getId().equals("obligation:sos:time")) {
                        str2 = obligation.getAttribute("beginTime").getValue().getUnspecifiedValue().toString();
                        str3 = obligation.getAttribute("endTime").getValue().getUnspecifiedValue().toString();
                        break;
                    }
                }
                if (str2 != null && str3 != null && str2.length() > 0 && str3.length() > 0) {
                    try {
                        Date parseISODate = SOSInterceptorUtilities.parseISODate(str2);
                        Date parseISODate2 = SOSInterceptorUtilities.parseISODate(str3);
                        Node node = addNamespace.findIn(document).node("//*/sos:Contents/sos:ObservationOfferingList/sos:ObservationOffering[@gml:id='" + str4 + "']/sos:time/gml:TimePeriod").get();
                        if (node != null) {
                            try {
                                SOSInterceptorUtilities.restrictTime(node, parseISODate, parseISODate2);
                            } catch (ParseException e) {
                                throw new InterceptorException("Capabilities state invalid date format in TimePeriod for offering <" + str4 + ">.", e);
                            }
                        } else {
                            continue;
                        }
                    } catch (ParseException e2) {
                        throw new InterceptorException("Dates of obligation invalid", e2);
                    }
                }
            }
        }
        return document;
    }

    private Date[] findMinMaxDateForOfferings(Document document) throws EnforcementServiceException {
        Date[] dateArr = new Date[2];
        XMLPathCtx addNamespace = XMLPathCtx.createNew().addNamespace("ows", "http://www.opengis.net/ows/1.1").addNamespace("sos", "http://www.opengis.net/sos/1.0").addNamespace("gml", "http://www.opengis.net/gml");
        NodeList nodeList = addNamespace.findIn(document).all("//*/sos:Contents/sos:ObservationOfferingList/sos:ObservationOffering").get();
        if (nodeList.getLength() == 0) {
            throw new EnforcementServiceException("You are not allowed to access at least one offering!");
        }
        for (int i = 0; i < nodeList.getLength(); i++) {
            String nodeValue = nodeList.item(i).getAttributes().getNamedItem("gml:id").getNodeValue();
            Node node = addNamespace.findIn(document).node("//*/sos:Contents/sos:ObservationOfferingList/sos:ObservationOffering[@gml:id='" + nodeValue + "']/sos:time/gml:TimePeriod/gml:beginPosition").get();
            Node node2 = addNamespace.findIn(document).node("//*/sos:Contents/sos:ObservationOfferingList/sos:ObservationOffering[@gml:id='" + nodeValue + "']/sos:time/gml:TimePeriod/gml:endPosition").get();
            try {
                Date parseISODate = SOSInterceptorUtilities.parseISODate(node.getTextContent());
                Date parseISODate2 = SOSInterceptorUtilities.parseISODate(node2.getTextContent());
                if (dateArr[0] == null) {
                    dateArr[0] = parseISODate;
                } else if (parseISODate.before(dateArr[0])) {
                    dateArr[0] = parseISODate;
                }
                if (dateArr[1] == null) {
                    dateArr[1] = parseISODate2;
                } else if (parseISODate2.after(dateArr[1])) {
                    dateArr[1] = parseISODate2;
                }
            } catch (ParseException e) {
                throw new EnforcementServiceException("Capabilities document states invalid TimePeriod dates for offering <" + nodeValue + ">.", e);
            }
        }
        return dateArr;
    }

    private Document checkObservationOffering(Document document) throws EnforcementServiceException {
        XMLPathCtx addNamespace = XMLPathCtx.createNew().addNamespace("ows", "http://www.opengis.net/ows/1.1").addNamespace("sos", "http://www.opengis.net/sos/1.0").addNamespace("gml", "http://www.opengis.net/gml");
        NodeList nodeList = addNamespace.findIn(document).all("//*/sos:ObservationOfferingList/sos:ObservationOffering").get();
        ArrayList<Node> arrayList = new ArrayList();
        if (nodeList != null) {
            for (int i = 0; i < nodeList.getLength(); i++) {
                Node item = nodeList.item(i);
                String nodeValue = item.getAttributes().getNamedItem("gml:id").getNodeValue();
                NodeList nodeList2 = addNamespace.findIn(document).all("//*/sos:ObservationOfferingList/sos:ObservationOffering[@gml:id='" + nodeValue + "']/sos:procedure").get();
                NodeList nodeList3 = addNamespace.findIn(document).all("//*/sos:ObservationOfferingList/sos:ObservationOffering[@gml:id='" + nodeValue + "']/sos:observedProperty").get();
                NodeList nodeList4 = addNamespace.findIn(document).all("//*/sos:ObservationOfferingList/sos:ObservationOffering[@gml:id='" + nodeValue + "']/sos:featureOfInterest").get();
                if (nodeList2 == null || nodeList2.getLength() == 0 || nodeList3 == null || nodeList3.getLength() == 0 || nodeList4 == null || nodeList4.getLength() == 0) {
                    arrayList.add(item);
                }
            }
        }
        for (Node node : arrayList) {
            node.getParentNode().removeChild(node);
        }
        Node node2 = addNamespace.findIn(document).node("//*/ows:OperationsMetadata/ows:Operation/ows:Parameter[@name='eventTime']/ows:AllowedValues/ows:Range/ows:MinimumValue").get();
        Node node3 = addNamespace.findIn(document).node("//*/ows:OperationsMetadata/ows:Operation/ows:Parameter[@name='eventTime']/ows:AllowedValues/ows:Range/ows:MaximumValue").get();
        Date[] findMinMaxDateForOfferings = findMinMaxDateForOfferings(document);
        node2.setTextContent(SOSInterceptorUtilities.formatISODate(findMinMaxDateForOfferings[0]));
        node3.setTextContent(SOSInterceptorUtilities.formatISODate(findMinMaxDateForOfferings[1]));
        return document;
    }

    private String tranformCapabilitiesDocument(Subject subject, Document document, String str) throws EnforcementServiceException, InterceptorException {
        return DOMSerializer.createNew().serializeToString(checkObservationOffering(restrictBBox(subject, restrictTime(subject, filterDocument(subject, filterDocument(subject, filterDocument(subject, filterDocument(subject, filterDocument(subject, document, SOSInterceptorGlobals.OFFERING, "offerings", str), SOSInterceptorGlobals.PROCEDURE, "procedures", str), SOSInterceptorGlobals.OBSERVED_PROPERTY, "observedProperties", str), SOSInterceptorGlobals.FEATURE_OF_INTEREST, "featureOfInterests", str), SOSInterceptorGlobals.FEATURE_OF_INTEREST_ID, "featureOfInterestIDs", str), str), str)));
    }
}
