package org.deegree.security.owsrequestvalidator;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.io.StringReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import org.apache.log4j.Priority;
import org.deegree.framework.log.ILogger;
import org.deegree.framework.log.LoggerFactory;
import org.deegree.framework.util.MimeTypeMapper;
import org.deegree.framework.util.StringTools;
import org.deegree.framework.xml.XMLFragment;
import org.deegree.framework.xml.XMLParsingException;
import org.deegree.model.metadata.iso19115.Linkage;
import org.deegree.model.metadata.iso19115.OnlineResource;
import org.deegree.ogcwebservices.InvalidParameterValueException;
import org.deegree.ogcwebservices.OGCServiceTypes;
import org.deegree.ogcwebservices.csw.XMLFactory_2_0_0;
import org.deegree.ogcwebservices.csw.capabilities.CatalogueCapabilities;
import org.deegree.ogcwebservices.csw.capabilities.CatalogueCapabilitiesDocument;
import org.deegree.ogcwebservices.getcapabilities.InvalidCapabilitiesException;
import org.deegree.ogcwebservices.wfs.capabilities.FeatureTypeList;
import org.deegree.ogcwebservices.wfs.capabilities.WFSCapabilities;
import org.deegree.ogcwebservices.wfs.capabilities.WFSCapabilitiesDocument;
import org.deegree.ogcwebservices.wfs.capabilities.WFSFeatureType;
import org.deegree.ogcwebservices.wms.XMLFactory;
import org.deegree.ogcwebservices.wms.capabilities.Layer;
import org.deegree.ogcwebservices.wms.capabilities.WMSCapabilities;
import org.deegree.ogcwebservices.wms.capabilities.WMSCapabilitiesDocument;
import org.deegree.ogcwebservices.wms.capabilities.WMSCapabilitiesDocumentFactory;
import org.deegree.owscommon_new.DCP;
import org.deegree.owscommon_new.HTTP;
import org.deegree.owscommon_new.Operation;
import org.deegree.portal.standard.security.control.ClientHelper;
import org.deegree.security.GeneralSecurityException;
import org.deegree.security.UnauthorizedException;
import org.deegree.security.drm.SecurityAccess;
import org.deegree.security.drm.SecurityAccessManager;
import org.deegree.security.drm.model.RightType;
import org.deegree.security.drm.model.SecuredObject;
import org.deegree.security.drm.model.User;
import org.deegree.security.owsproxy.OperationParameter;
import org.deegree.security.owsproxy.Request;
import org.w3c.dom.Document;

/* loaded from: input_file:WEB-INF/lib/deegree2.jar:org/deegree/security/owsrequestvalidator/GetCapabilitiesResponseValidator.class */
public class GetCapabilitiesResponseValidator extends ResponseValidator {
    private static final ILogger LOG = LoggerFactory.getLogger(GetCapabilitiesResponseValidator.class);
    private static final String INVALIDSERVICE = Messages.getString("GetCapabilitiesResponseValidator.INVALIDSERVICE");
    private String proxyURL;

    public GetCapabilitiesResponseValidator(Policy policy, String str) {
        super(policy);
        this.proxyURL = null;
        this.proxyURL = str;
    }

    @Override // org.deegree.security.owsrequestvalidator.ResponseValidator
    public byte[] validateResponse(String str, byte[] bArr, String str2, User user) throws InvalidParameterValueException, UnauthorizedException {
        byte[] validateXML;
        Request request = this.policy.getRequest(str, "GetCapabilities");
        if (request == null) {
            throw new InvalidParameterValueException(INVALIDSERVICE + str);
        }
        if (request.isAny()) {
            return bArr;
        }
        if (MimeTypeMapper.isKnownOGCType(str2)) {
            validateXML = validateXML(str, bArr, user);
        } else {
            if (!str2.equals("text/xml")) {
                throw new InvalidParameterValueException(UNKNOWNMIMETYPE + str2);
            }
            validateXML = validateXML(str, bArr, user);
        }
        return validateXML;
    }

    private String[] clearCapabilities(byte[] bArr) throws InvalidParameterValueException {
        char c;
        InputStreamReader inputStreamReader = new InputStreamReader(new ByteArrayInputStream(bArr));
        StringBuffer stringBuffer = new StringBuffer(Priority.FATAL_INT);
        while (true) {
            try {
                int read = inputStreamReader.read();
                if (read <= -1) {
                    break;
                }
                stringBuffer.append((char) read);
            } catch (IOException e) {
                throw new InvalidParameterValueException(Messages.format("GetCapabilitiesResponseValidator.CAPAREAD", e.getMessage()));
            }
        }
        inputStreamReader.close();
        int indexOf = stringBuffer.indexOf("<WMT_MS_Capabilities");
        if (indexOf < 0) {
            indexOf = stringBuffer.indexOf("WMS_Capabilities");
        }
        if (indexOf < 0) {
            indexOf = stringBuffer.indexOf("WFS_Capabilities");
        }
        if (indexOf < 0) {
            indexOf = stringBuffer.indexOf("Capabilities");
        }
        if (indexOf < 0) {
            indexOf = stringBuffer.indexOf("WCS_Capabilities");
        }
        if (indexOf > -1) {
            indexOf += 4;
            char c2 = '$';
            while (true) {
                c = c2;
                if (c == '<' || indexOf <= 0) {
                    break;
                }
                indexOf--;
                c2 = stringBuffer.charAt(indexOf);
            }
            if (c != '<') {
                indexOf = -1;
            }
        }
        String[] strArr = new String[2];
        if (indexOf > 0) {
            strArr[0] = stringBuffer.substring(0, indexOf);
        } else {
            strArr[0] = "";
        }
        if (indexOf > -1) {
            strArr[1] = stringBuffer.substring(indexOf);
        } else {
            strArr[0] = "ERROR";
            strArr[1] = stringBuffer.toString();
        }
        return strArr;
    }

    private byte[] validateXML(String str, byte[] bArr, User user) throws InvalidParameterValueException, UnauthorizedException {
        String[] clearCapabilities = clearCapabilities(bArr);
        if (clearCapabilities[0].equals("ERROR")) {
            LOG.logError(clearCapabilities[1]);
            throw new InvalidParameterValueException(Messages.format("GetCapabilitiesResponseValidator.NOCAPADOC", clearCapabilities[1]));
        }
        try {
            XMLFragment xMLFragment = new XMLFragment();
            xMLFragment.load(new StringReader(clearCapabilities[1]), XMLFragment.DEFAULT_URL);
            Document ownerDocument = xMLFragment.getRootElement().getOwnerDocument();
            if (!ownerDocument.getDocumentElement().getNodeName().equalsIgnoreCase("Exception")) {
                if (OGCServiceTypes.WMS_SERVICE_NAME.equals(str)) {
                    try {
                        bArr = validateWMSCapabilities(ownerDocument, user);
                    } catch (XMLParsingException e) {
                        LOG.logError(e.getMessage(), e);
                        throw new InvalidParameterValueException("invalid WMS capabilities");
                    }
                } else if ("WFS".equals(str)) {
                    bArr = validateWFSCapabilities(ownerDocument, user);
                } else if ("WCS".equals(str)) {
                    bArr = validateWCSCapabilities(ownerDocument, user);
                } else if (OGCServiceTypes.CSW_SERVICE_NAME.equals(str)) {
                    bArr = validateCSWCapabilities(ownerDocument);
                }
            }
            StringBuffer stringBuffer = new StringBuffer(bArr.length + clearCapabilities[0].length());
            stringBuffer.append(clearCapabilities[0]);
            String str2 = new String(bArr);
            int indexOf = str2.indexOf("?>");
            if (indexOf > -1) {
                stringBuffer.append(str2.substring(indexOf + 2, str2.length()));
            } else {
                stringBuffer.append(str2);
            }
            String stringBuffer2 = stringBuffer.toString();
            if (stringBuffer2.indexOf("<?xml version") > 1) {
                stringBuffer2 = StringTools.replace(StringTools.replace(stringBuffer2, "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>", "", false), "<?xml version=\"1.0\" encoding=\"UTF-8\"?>", "", false);
            }
            return stringBuffer2.getBytes();
        } catch (Exception e2) {
            LOG.logError(e2.getMessage(), e2);
            throw new InvalidParameterValueException(Messages.getString("GetCapabilitiesResponseValidator.ALLCAPAPARSE"));
        }
    }

    private byte[] validateWCSCapabilities(Document document, User user) {
        throw new UnsupportedOperationException();
    }

    private byte[] validateWMSCapabilities(Document document, User user) throws InvalidParameterValueException, UnauthorizedException, XMLParsingException {
        try {
            WMSCapabilities filterWMSLayers = filterWMSLayers((WMSCapabilities) WMSCapabilitiesDocumentFactory.getWMSCapabilitiesDocument(document.getDocumentElement()).parseCapabilities(), user);
            Iterator<Operation> it = filterWMSLayers.getOperationMetadata().getOperations().iterator();
            while (it.hasNext()) {
                setNewOnlineResource(it.next());
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(Priority.FATAL_INT);
            try {
                WMSCapabilitiesDocument export = XMLFactory.export(filterWMSLayers);
                Properties properties = new Properties();
                properties.setProperty("encoding", "UTF-8");
                export.write(byteArrayOutputStream, properties);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                byteArrayOutputStream.close();
                return byteArray;
            } catch (Exception e) {
                LOG.logError(e.getMessage(), e);
                throw new InvalidParameterValueException(Messages.format("GetCapabilitiesResponseValidator.WMSCAPAEXPORT", e.getMessage()));
            }
        } catch (InvalidCapabilitiesException e2) {
            LOG.logError(e2.getMessage(), e2);
            throw new InvalidParameterValueException(Messages.format("GetCapabilitiesResponseValidator.WMSCAPAPARSE", e2.getMessage()));
        }
    }

    private void setNewOnlineResource(Operation operation) {
        if (operation.getDCP() != null) {
            Iterator<DCP> it = operation.getDCP().iterator();
            while (it.hasNext()) {
                List<OnlineResource> links = ((HTTP) it.next()).getLinks();
                try {
                    int size = links.size();
                    links.clear();
                    OnlineResource onlineResource = new OnlineResource(new Linkage(new URL(this.proxyURL)));
                    for (int i = 0; i < size; i++) {
                        links.add(onlineResource);
                    }
                } catch (MalformedURLException e) {
                    LOG.logError(e.getLocalizedMessage(), e);
                }
            }
        }
    }

    private void setNewOnlineResourceInOldOperation(org.deegree.ogcwebservices.getcapabilities.Operation operation) {
        if (operation.getDCPs() != null) {
            for (int i = 0; i < operation.getDCPs().length; i++) {
                org.deegree.ogcwebservices.getcapabilities.HTTP http = (org.deegree.ogcwebservices.getcapabilities.HTTP) operation.getDCPs()[i].getProtocol();
                try {
                    if (http.getGetOnlineResources().length > 0) {
                        URL[] urlArr = new URL[http.getGetOnlineResources().length];
                        for (int i2 = 0; i2 < http.getGetOnlineResources().length; i2++) {
                            urlArr[i2] = new URL(this.proxyURL);
                        }
                        http.setGetOnlineResources(urlArr);
                    }
                    if (http.getPostOnlineResources().length > 0) {
                        URL[] urlArr2 = new URL[http.getPostOnlineResources().length];
                        for (int i3 = 0; i3 < http.getPostOnlineResources().length; i3++) {
                            urlArr2[i3] = new URL(this.proxyURL);
                        }
                        http.setPostOnlineResources(urlArr2);
                    }
                } catch (MalformedURLException e) {
                    e.printStackTrace();
                }
            }
        }
    }

    private byte[] validateWFSCapabilities(Document document, User user) throws InvalidParameterValueException, UnauthorizedException {
        try {
            WFSCapabilitiesDocument wFSCapabilitiesDocument = new WFSCapabilitiesDocument();
            wFSCapabilitiesDocument.setRootElement(document.getDocumentElement());
            WFSCapabilities filterWFSFeatureType = filterWFSFeatureType((WFSCapabilities) wFSCapabilitiesDocument.parseCapabilities(), user);
            for (org.deegree.ogcwebservices.getcapabilities.Operation operation : filterWFSFeatureType.getOperationsMetadata().getOperations()) {
                setNewOnlineResourceInOldOperation(operation);
            }
            try {
                WFSCapabilitiesDocument export = org.deegree.ogcwebservices.wfs.XMLFactory.export(filterWFSFeatureType);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(Priority.INFO_INT);
                export.write(new PrintWriter(byteArrayOutputStream));
                return byteArrayOutputStream.toByteArray();
            } catch (Exception e) {
                throw new InvalidParameterValueException(e);
            }
        } catch (Exception e2) {
            LOG.logError(e2.getMessage(), e2);
            throw new InvalidParameterValueException(Messages.format("GetCapabilitiesResponseValidator.INVALIDWFSCAPA", e2.getMessage()));
        }
    }

    private byte[] validateCSWCapabilities(Document document) throws InvalidParameterValueException {
        try {
            CatalogueCapabilitiesDocument catalogueCapabilitiesDocument = new CatalogueCapabilitiesDocument();
            catalogueCapabilitiesDocument.setRootElement(document.getDocumentElement());
            CatalogueCapabilities catalogueCapabilities = (CatalogueCapabilities) catalogueCapabilitiesDocument.parseCapabilities();
            for (org.deegree.ogcwebservices.getcapabilities.Operation operation : catalogueCapabilities.getOperationsMetadata().getOperations()) {
                setNewOnlineResourceInOldOperation(operation);
            }
            try {
                CatalogueCapabilitiesDocument export = XMLFactory_2_0_0.export(catalogueCapabilities, null);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(Priority.INFO_INT);
                export.write(new PrintWriter(byteArrayOutputStream));
                return byteArrayOutputStream.toByteArray();
            } catch (Exception e) {
                throw new InvalidParameterValueException(e);
            }
        } catch (Exception e2) {
            LOG.logError(e2.getMessage(), e2);
            throw new InvalidParameterValueException(Messages.format("GetCapabilitiesResponseValidator.INVALIDWFSCAPA", e2.getMessage()));
        }
    }

    private WMSCapabilities filterWMSLayers(WMSCapabilities wMSCapabilities, User user) throws UnauthorizedException {
        Layer removeWMSLayer;
        OperationParameter operationParameter = this.policy.getRequest(OGCServiceTypes.WMS_SERVICE_NAME, "GetCapabilities").getPostConditions().getOperationParameter("layers");
        if (operationParameter.isAny()) {
            return wMSCapabilities;
        }
        Layer layer = wMSCapabilities.getLayer();
        if (!operationParameter.isUserCoupled() || user == null) {
            removeWMSLayer = removeWMSLayer(layer, operationParameter.getValues());
        } else {
            try {
                removeWMSLayer = removeWMSLayer(layer, user, SecurityAccessManager.getInstance().acquireAccess(user));
            } catch (Exception e) {
                LOG.logError(e.getMessage(), e);
                throw new UnauthorizedException(Messages.format("GetCapabilitiesResponseValidator.INVALIDUSER", user));
            }
        }
        wMSCapabilities.setLayer(removeWMSLayer);
        return wMSCapabilities;
    }

    private Layer removeWMSLayer(Layer layer, List list) {
        Layer[] layer2 = layer.getLayer();
        for (int i = 0; i < layer2.length; i++) {
            if (layer2[i].getName() == null || list.contains(layer2[i].getName())) {
                removeWMSLayer(layer2[i], list);
                if (layer2[i].getLayer().length == 0 && layer2[i].getName() == null) {
                    layer.removeLayerByTitle(layer2[i].getTitle());
                }
            } else {
                layer.removeLayer(layer2[i].getName());
            }
        }
        return layer;
    }

    private Layer removeWMSLayer(Layer layer, User user, SecurityAccess securityAccess) throws GeneralSecurityException {
        Layer[] layer2 = layer.getLayer();
        for (int i = 0; i < layer2.length; i++) {
            if (layer2[i].getName() != null) {
                SecuredObject securedObject = null;
                try {
                    securedObject = securityAccess.getSecuredObjectByName(layer2[i].getName(), ClientHelper.TYPE_LAYER);
                } catch (Exception e) {
                }
                if (securedObject == null || user.getRights(securityAccess, securedObject).getRight(securedObject, RightType.GETMAP) == null) {
                    layer.removeLayer(layer2[i].getName());
                }
            } else {
                removeWMSLayer(layer2[i], user, securityAccess);
                if (layer2[i].getLayer().length == 0 && layer2[i].getName() == null) {
                    layer.removeLayerByTitle(layer2[i].getTitle());
                }
            }
        }
        return layer;
    }

    private WFSCapabilities filterWFSFeatureType(WFSCapabilities wFSCapabilities, User user) throws UnauthorizedException {
        OperationParameter operationParameter = this.policy.getRequest("WFS", "GetCapabilities").getPostConditions().getOperationParameter("featureTypes");
        if (operationParameter.isAny()) {
            return wFSCapabilities;
        }
        if (!operationParameter.isUserCoupled() || user == null) {
            List<String> values = operationParameter.getValues();
            FeatureTypeList featureTypeList = wFSCapabilities.getFeatureTypeList();
            WFSFeatureType[] featureTypes = featureTypeList.getFeatureTypes();
            StringBuffer stringBuffer = new StringBuffer(200);
            for (int i = 0; i < featureTypes.length; i++) {
                stringBuffer.delete(0, stringBuffer.length());
                stringBuffer.append('{').append(featureTypes[i].getName().getNamespace().toASCIIString());
                stringBuffer.append("}:").append(featureTypes[i].getName().getLocalName());
                if (!values.contains(stringBuffer.toString())) {
                    featureTypeList.removeFeatureType(featureTypes[i]);
                }
            }
        } else {
            try {
                SecurityAccess acquireAccess = SecurityAccessManager.getInstance().acquireAccess(user);
                FeatureTypeList featureTypeList2 = wFSCapabilities.getFeatureTypeList();
                WFSFeatureType[] featureTypes2 = featureTypeList2.getFeatureTypes();
                StringBuffer stringBuffer2 = new StringBuffer(200);
                for (int i2 = 0; i2 < featureTypes2.length; i2++) {
                    SecuredObject securedObject = null;
                    try {
                        stringBuffer2.delete(0, stringBuffer2.length());
                        stringBuffer2.append('{').append(featureTypes2[i2].getName().getNamespace().toASCIIString());
                        stringBuffer2.append("}:").append(featureTypes2[i2].getName().getLocalName());
                        securedObject = acquireAccess.getSecuredObjectByName(stringBuffer2.toString(), ClientHelper.TYPE_FEATURETYPE);
                    } catch (Exception e) {
                    }
                    if (securedObject == null || user.getRights(acquireAccess, securedObject).getRight(securedObject, RightType.GETFEATURE) == null) {
                        featureTypeList2.removeFeatureType(featureTypes2[i2]);
                    }
                }
            } catch (Exception e2) {
                LOG.logError(e2.getMessage(), e2);
                throw new UnauthorizedException(Messages.format("GetCapabilitiesResponseValidator.INVALIDUSER", user));
            }
        }
        return wFSCapabilities;
    }
}
