package org.fcrepo.server.security.xacml.pdp.data;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import org.apache.commons.io.IOUtils;
import org.apache.derby.impl.sql.execute.xplain.XPLAINUtil;
import org.fcrepo.common.Constants;
import org.fcrepo.common.MalformedPIDException;
import org.fcrepo.common.PID;
import org.fcrepo.server.Context;
import org.fcrepo.server.ReadOnlyContext;
import org.fcrepo.server.Server;
import org.fcrepo.server.access.Access;
import org.fcrepo.server.access.ObjectProfile;
import org.fcrepo.server.errors.ObjectNotInLowlevelStorageException;
import org.fcrepo.server.errors.ServerException;
import org.fcrepo.server.management.Management;
import org.fcrepo.server.security.PolicyParser;
import org.fcrepo.server.security.xacml.pdp.MelcoePDPException;
import org.fcrepo.server.storage.types.Datastream;
import org.fcrepo.server.utilities.StreamUtility;
import org.fcrepo.server.validation.ValidationUtility;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/fcrepo-security-pdp-3.6.1.jar:org/fcrepo/server/security/xacml/pdp/data/FedoraPolicyStore.class */
public class FedoraPolicyStore extends AbstractPolicyStore implements PolicyStore {
    private static final String XACML20_POLICY_NS = "urn:oasis:names:tc:xacml:2.0:policy:schema:os";
    public static final String FESL_POLICY_DATASTREAM = "FESLPOLICY";
    private static final String PID_SEPARATOR_ESCAPED = "%3A";
    private String pidNamespace = "";
    private String contentModel = "";
    private String datastreamControlGroup = "";
    private String collection = "";
    private String collectionRelationship = "";
    private boolean validateSchema = false;
    private Map<String, String> schemaLocations = null;
    private final PolicyUtils utils = new PolicyUtils();
    protected Server fedoraServer;
    protected Management apiMService;
    protected Access apiAService;
    private static final Logger log = LoggerFactory.getLogger(FedoraPolicyStore.class.getName());
    public static String FESL_BOOTSTRAP_POLICY_NAMESPACE = "fedora-policy";
    private static final char[] hexChar = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};

    public FedoraPolicyStore(Server server) throws PolicyStoreException {
        this.fedoraServer = server;
        this.apiMService = (Management) server.getBean("org.fcrepo.server.management.Management");
        this.apiAService = (Access) server.getBean("org.fcrepo.server.access.Access");
    }

    @Override // org.fcrepo.server.security.xacml.pdp.data.AbstractPolicyStore, org.fcrepo.server.security.xacml.pdp.data.PolicyStore
    public void init() throws PolicyStoreException, FileNotFoundException {
        if (log.isDebugEnabled()) {
            Runtime runtime = Runtime.getRuntime();
            log.debug("Total memory: " + (runtime.totalMemory() / 1024));
            log.debug("Free memory: " + (runtime.freeMemory() / 1024));
            log.debug("Max memory: " + (runtime.maxMemory() / 1024));
        }
        super.init();
        if (this.pidNamespace.equals("")) {
            this.pidNamespace = this.fedoraServer.getModule("org.fcrepo.server.storage.DOManager").getParameter("pidNamespace");
        }
        if (this.datastreamControlGroup.equals("")) {
            throw new PolicyStoreException("No control group for policy datastreams was specified in FedoraPolicyStore configuration");
        }
        if (this.validateSchema) {
            String str = this.schemaLocations.get("urn:oasis:names:tc:xacml:2.0:policy:schema:os");
            if (str == null) {
                throw new PolicyStoreException("Configuration error - no policy schema specified");
            }
            try {
                ValidationUtility.setFeslPolicyParser(new PolicyParser(new FileInputStream((str.startsWith(File.separator) ? "" : this.fedoraServer.getHomeDir().getCanonicalPath() + File.separator) + str)));
            } catch (IOException e) {
                throw new PolicyStoreException(e.getMessage(), e);
            } catch (SAXException e2) {
                throw new PolicyStoreException(e2.getMessage(), e2);
            }
        }
    }

    public void setPidNamespace(String str) {
        this.pidNamespace = str;
    }

    public void setContentModel(String str) {
        this.contentModel = str;
    }

    public void setDatastreamControlGroup(String str) {
        this.datastreamControlGroup = str;
    }

    public void setCollection(String str) {
        this.collection = str;
    }

    public void setCollectionRelationship(String str) {
        this.collectionRelationship = str;
    }

    public void setSchemaValidation(boolean z) {
        this.validateSchema = z;
        log.info("Initialising validation " + Boolean.toString(z));
        ValidationUtility.setValidateFeslPolicy(z);
    }

    public void setSchemaLocations(Map<String, String> map) throws IOException, SAXException {
        this.schemaLocations = map;
    }

    @Override // org.fcrepo.server.security.xacml.pdp.data.PolicyStore
    public String addPolicy(File file) throws PolicyStoreException {
        return addPolicy(file, (String) null);
    }

    @Override // org.fcrepo.server.security.xacml.pdp.data.PolicyStore
    public String addPolicy(File file, String str) throws PolicyStoreException {
        try {
            return addPolicy(this.utils.fileToString(file), str);
        } catch (MelcoePDPException e) {
            throw new PolicyStoreException(e);
        }
    }

    @Override // org.fcrepo.server.security.xacml.pdp.data.PolicyStore
    public String addPolicy(String str) throws PolicyStoreException {
        return addPolicy(str, (String) null);
    }

    @Override // org.fcrepo.server.security.xacml.pdp.data.PolicyStore
    public String addPolicy(String str, String str2) throws PolicyStoreException {
        String policyName;
        String putTempStream;
        if (str2 == null || str2.equals("")) {
            try {
                policyName = this.utils.getPolicyName(str);
                if (str2.contains(":")) {
                    str2.replace(":", PID_SEPARATOR_ESCAPED);
                }
            } catch (MelcoePDPException e) {
                throw new PolicyStoreException("Could not get policy name from policy", e);
            }
        } else {
            policyName = str2;
        }
        String pid = getPID(policyName);
        ObjectProfile objectProfile = null;
        try {
            objectProfile = this.apiAService.getObjectProfile(getContext(), pid, null);
        } catch (ObjectNotInLowlevelStorageException e2) {
        } catch (ServerException e3) {
            throw new PolicyStoreException("Add: error getting object profile for " + pid + " - " + e3.getMessage(), e3);
        }
        if (objectProfile != null) {
            if (objectProfile.objectState != XPLAINUtil.DELETE_STMT_TYPE) {
                throw new PolicyStoreException("Add:  attempting to add policy " + pid + " but it already exists");
            }
            try {
                this.apiMService.modifyObject(getContext(), pid, "A", objectProfile.objectLabel, objectProfile.objectOwnerId, "Fedora policy manager:  Adding policy by activating deleted object", null);
                updatePolicy(policyName, str);
                return pid;
            } catch (ServerException e4) {
                throw new PolicyStoreException("Add: " + e4.getMessage(), e4);
            }
        }
        if (this.datastreamControlGroup.equals("M")) {
            try {
                putTempStream = this.apiMService.putTempStream(getContext(), new ByteArrayInputStream(str.getBytes("UTF-8")));
            } catch (Exception e5) {
                throw new PolicyStoreException("Add: error generating temp datastream location - " + e5.getMessage(), e5);
            }
        } else {
            putTempStream = str;
        }
        try {
            return this.apiMService.ingest(getContext(), new ByteArrayInputStream(getFOXMLPolicyTemplate(pid, "XACML policy " + policyName, this.contentModel, this.collection, this.collectionRelationship, putTempStream, this.datastreamControlGroup).getBytes("UTF-8")), "Fedora Policy Manager creating policy", Constants.FOXML1_1.uri, "UTF-8", "");
        } catch (Exception e6) {
            throw new PolicyStoreException("Add: error ingesting " + pid + " - " + e6.getMessage(), e6);
        }
    }

    @Override // org.fcrepo.server.security.xacml.pdp.data.PolicyStore
    public boolean deletePolicy(String str) throws PolicyStoreException {
        String pid = getPID(str);
        if (!contains(str)) {
            throw new PolicyStoreException("Delete: object " + pid + " not found.");
        }
        try {
            this.apiMService.modifyObject(getContext(), pid, XPLAINUtil.DELETE_STMT_TYPE, null, null, "Deleting policy " + pid, null);
            return true;
        } catch (ServerException e) {
            throw new PolicyStoreException("Delete: error deleting policy " + pid + " - " + e.getMessage(), e);
        }
    }

    @Override // org.fcrepo.server.security.xacml.pdp.data.PolicyStore
    public boolean updatePolicy(String str, String str2) throws PolicyStoreException {
        String pid = getPID(str);
        if (!contains(str)) {
            throw new PolicyStoreException("Update:  policy " + pid + " not found");
        }
        if (this.datastreamControlGroup.equals("X")) {
            try {
                this.apiMService.modifyDatastreamByValue(getContext(), pid, "FESLPOLICY", null, null, null, null, new ByteArrayInputStream(str2.getBytes("UTF-8")), Datastream.CHECKSUMTYPE_DISABLED, null, "Modifying policy " + pid, null);
                return true;
            } catch (Exception e) {
                throw new PolicyStoreException("Update:  error modifying datastream by value for " + pid + " - " + e.getMessage(), e);
            }
        }
        if (!this.datastreamControlGroup.equals("M")) {
            throw new PolicyStoreException("Update:  Invalid datastream control group " + this.datastreamControlGroup + " - use M or X");
        }
        try {
            try {
                this.apiMService.modifyDatastreamByReference(getContext(), pid, "FESLPOLICY", null, null, null, null, this.apiMService.putTempStream(getContext(), new ByteArrayInputStream(str2.getBytes("UTF-8"))), Datastream.CHECKSUMTYPE_DISABLED, null, "Modifying policy " + pid, null);
                return true;
            } catch (ServerException e2) {
                throw new PolicyStoreException("Update:  error modifying datastream by reference for " + pid + " - " + e2.getMessage(), e2);
            }
        } catch (Exception e3) {
            throw new PolicyStoreException("Update: error generating temp datastream location - " + e3.getMessage(), e3);
        }
    }

    @Override // org.fcrepo.server.security.xacml.pdp.data.PolicyStore
    public byte[] getPolicy(String str) throws PolicyStoreException {
        String pid = getPID(str);
        if (!contains(str)) {
            throw new PolicyStoreException("Get: policy " + pid + " does not exist.");
        }
        try {
            return IOUtils.toByteArray(this.apiAService.getDatastreamDissemination(getContext(), pid, "FESLPOLICY", null).getStream());
        } catch (Exception e) {
            throw new PolicyStoreException("Get: error reading policy " + pid + " - " + e.getMessage(), e);
        }
    }

    @Override // org.fcrepo.server.security.xacml.pdp.data.PolicyStore
    public boolean contains(String str) throws PolicyStoreException {
        String pid = getPID(str);
        ObjectProfile objectProfile = null;
        try {
            objectProfile = this.apiAService.getObjectProfile(getContext(), pid, null);
        } catch (ObjectNotInLowlevelStorageException e) {
        } catch (ServerException e2) {
            throw new PolicyStoreException("Add: error getting object profile for " + pid + " - " + e2.getMessage(), e2);
        }
        if (objectProfile == null) {
            return false;
        }
        return objectProfile.objectState.equals("A") || objectProfile.objectState.equals(XPLAINUtil.INSERT_STMT_TYPE);
    }

    @Override // org.fcrepo.server.security.xacml.pdp.data.PolicyStore
    public boolean contains(File file) throws PolicyStoreException {
        try {
            return contains(this.utils.getPolicyName(file));
        } catch (MelcoePDPException e) {
            throw new PolicyStoreException(e);
        }
    }

    @Override // org.fcrepo.server.security.xacml.pdp.data.PolicyStore
    public List<String> listPolicies() throws PolicyStoreException {
        return null;
    }

    private String getPID(String str) throws PolicyStoreException {
        String str2;
        if (str.startsWith(FESL_BOOTSTRAP_POLICY_NAMESPACE + ":")) {
            str2 = str;
        } else {
            StringBuffer stringBuffer = new StringBuffer();
            for (int i = 0; i < str.length(); i++) {
                char charAt = str.charAt(i);
                if (isAlphaNum(charAt) || charAt == '-' || charAt == '.' || charAt == '~' || charAt == '_') {
                    stringBuffer.append(charAt);
                } else {
                    stringBuffer.append("_");
                }
            }
            str2 = this.pidNamespace + ":" + stringBuffer.toString();
        }
        try {
            return PID.normalize(str2);
        } catch (MalformedPIDException e) {
            throw new PolicyStoreException("Invalid policy name '" + str + "'.  Could not create a valid PID from this name: " + e.getMessage(), e);
        }
    }

    private Context getContext() throws PolicyStoreException {
        try {
            return ReadOnlyContext.getContext(null, "fedoraBootstrap", null, false);
        } catch (Exception e) {
            throw new PolicyStoreException(e.getMessage(), e);
        }
    }

    private static String getFOXMLPolicyTemplate(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws PolicyStoreException {
        StringBuilder sb = new StringBuilder();
        sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
        sb.append("<foxml:digitalObject VERSION=\"1.1\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n");
        sb.append("    xmlns:foxml=\"info:fedora/fedora-system:def/foxml#\"\n");
        sb.append("           xsi:schemaLocation=\"" + Constants.FOXML.uri + " " + Constants.FOXML1_1.xsdLocation + "\"");
        sb.append("\n           PID=\"" + StreamUtility.enc(str) + "\">\n");
        sb.append("  <foxml:objectProperties>\n");
        sb.append("    <foxml:property NAME=\"info:fedora/fedora-system:def/model#state\" VALUE=\"A\"/>\n");
        sb.append("    <foxml:property NAME=\"info:fedora/fedora-system:def/model#label\" VALUE=\"" + StreamUtility.enc(str2) + "\"/>\n");
        sb.append("  </foxml:objectProperties>\n");
        if (!str.startsWith(FESL_BOOTSTRAP_POLICY_NAMESPACE + ":") && (!str3.equals("") || !str4.equals(""))) {
            sb.append("<foxml:datastream ID=\"RELS-EXT\" CONTROL_GROUP=\"X\">");
            sb.append("<foxml:datastreamVersion FORMAT_URI=\"info:fedora/fedora-system:FedoraRELSExt-1.0\" ID=\"RELS-EXT.0\" MIMETYPE=\"application/rdf+xml\" LABEL=\"RDF Statements about this object\">");
            sb.append("  <foxml:xmlContent>");
            sb.append("   <rdf:RDF xmlns:rdf=\"http://www.w3.org/1999/02/22-rdf-syntax-ns#\" xmlns:rdfs=\"http://www.w3.org/2000/01/rdf-schema#\" xmlns:fedora-model=\"info:fedora/fedora-system:def/model#\" xmlns:rel=\"info:fedora/fedora-system:def/relations-external#\">");
            sb.append("      <rdf:Description rdf:about=\"info:fedora/" + StreamUtility.enc(str) + "\">");
            if (!str3.equals("")) {
                sb.append("        <fedora-model:hasModel rdf:resource=\"" + StreamUtility.enc(str3) + "\"/>");
            }
            if (!str4.equals("")) {
                sb.append("        <rel:" + StreamUtility.enc(str5) + " rdf:resource=\"" + StreamUtility.enc(str4) + "\"/>");
            }
            sb.append("       </rdf:Description>");
            sb.append("      </rdf:RDF>");
            sb.append("    </foxml:xmlContent>");
            sb.append("  </foxml:datastreamVersion>");
            sb.append("</foxml:datastream>");
        }
        sb.append("<foxml:datastream ID=\"FESLPOLICY\" CONTROL_GROUP=\"" + str7 + "\">");
        sb.append("<foxml:datastreamVersion ID=\"POLICY.0\" MIMETYPE=\"text/xml\" LABEL=\"XACML policy datastream\">");
        if (str7.equals("M")) {
            sb.append("  <foxml:contentLocation REF=\"" + str6 + "\" TYPE=\"" + Datastream.DS_LOCATION_TYPE_URL + "\"/>");
        } else {
            if (!str7.equals("X")) {
                throw new PolicyStoreException("Generating new object XML:  Invalid control group: " + str7 + " - use X or M.");
            }
            sb.append("  <foxml:xmlContent>");
            sb.append(str6);
            sb.append("    </foxml:xmlContent>");
        }
        sb.append("  </foxml:datastreamVersion>");
        sb.append("</foxml:datastream>");
        sb.append("</foxml:digitalObject>");
        return sb.toString();
    }

    private static boolean isAlphaNum(char c) {
        return (c >= '0' && c <= '9') || (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z');
    }
}
