package org.fcrepo.server.security;

import java.util.Date;
import java.util.Map;
import org.fcrepo.common.Constants;
import org.fcrepo.server.Context;
import org.fcrepo.server.Module;
import org.fcrepo.server.MultiValueMap;
import org.fcrepo.server.Server;
import org.fcrepo.server.errors.ModuleInitializationException;
import org.fcrepo.server.errors.authorization.AuthzException;
import org.fcrepo.server.errors.authorization.AuthzOperationalException;
import org.fcrepo.server.utilities.status.ServerState;
import org.fcrepo.utilities.DateUtility;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/fcrepo-server-3.6.1.jar:org/fcrepo/server/security/DefaultAuthorization.class */
public class DefaultAuthorization extends Module implements Authorization {
    private static final Logger logger = LoggerFactory.getLogger(DefaultAuthorization.class);
    private static final String REPOSITORY_POLICY_GUITOOL_DIRECTORY_KEY = "REPOSITORY-POLICY-GUITOOL-POLICIES-DIRECTORY";
    private PolicyEnforcementPoint xacmlPep;
    boolean enforceListObjectInFieldSearchResults;
    boolean enforceListObjectInResourceIndexResults;
    private String m_ownerIdSeparator;

    public DefaultAuthorization(Map<String, String> map, Server server, String str) throws ModuleInitializationException {
        super(map, server, str);
        this.enforceListObjectInFieldSearchResults = true;
        this.enforceListObjectInResourceIndexResults = true;
        this.m_ownerIdSeparator = ",";
        if (map.containsKey("OWNER-ID-SEPARATOR")) {
            this.m_ownerIdSeparator = map.get("OWNER-ID-SEPARATOR");
            logger.debug("resourceAttributeFinder just set ownerIdSeparator ==[{}]", this.m_ownerIdSeparator);
        }
    }

    @Override // org.fcrepo.server.Module
    public void initModule() throws ModuleInitializationException {
    }

    @Override // org.fcrepo.server.Module
    public void postInitModule() throws ModuleInitializationException {
        try {
            getServer().getStatusFile().append(ServerState.STARTING, "Initializing XACML Authorization Module");
            this.xacmlPep = (PolicyEnforcementPoint) getServer().getBean(PolicyEnforcementPoint.class.getName(), PolicyEnforcementPoint.class);
            this.xacmlPep.newPdp();
        } catch (Throwable th) {
            throw new ModuleInitializationException(th.getMessage(), getRole(), th);
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void reloadPolicies(Context context) throws Exception {
        enforceReloadPolicies(context);
        this.xacmlPep.newPdp();
    }

    private final String extractNamespace(String str) {
        int indexOf = str.indexOf(58);
        return -1 < indexOf ? str.substring(0, indexOf) : "";
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceAddDatastream(Context context, String str, String str2, String[] strArr, String str3, String str4, String str5, String str6, String str7, String str8, String str9) throws AuthzException {
        try {
            logger.debug("Entered enforceAddDatastream");
            String str10 = Constants.ACTION.ADD_DATASTREAM.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str11 = "";
            try {
                multiValueMap.setReturn(Constants.DATASTREAM.MIME_TYPE.uri, str3);
                multiValueMap.setReturn(Constants.DATASTREAM.FORMAT_URI.uri, str4);
                multiValueMap.setReturn(Constants.DATASTREAM.STATE.uri, str7);
                multiValueMap.setReturn(Constants.DATASTREAM.ID.uri, str2);
                multiValueMap.setReturn(Constants.DATASTREAM.LOCATION.uri, str5);
                multiValueMap.setReturn(Constants.DATASTREAM.CONTROL_GROUP.uri, str6);
                multiValueMap.setReturn(Constants.DATASTREAM.ALT_IDS.uri, strArr);
                multiValueMap.setReturn(Constants.DATASTREAM.CHECKSUM_TYPE.uri, str8);
                str11 = multiValueMap.setReturn(Constants.DATASTREAM.CHECKSUM.uri, str9);
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str10, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceAddDatastream");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str10 + " couldn't set " + str11, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceAddDatastream");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceExport(Context context, String str, String str2, String str3, String str4) throws AuthzException {
        try {
            logger.debug("Entered enforceExport");
            String str5 = Constants.ACTION.EXPORT.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str6 = "";
            try {
                multiValueMap.setReturn(Constants.OBJECT.FORMAT_URI.uri, str2);
                multiValueMap.setReturn(Constants.OBJECT.CONTEXT.uri, str3);
                str6 = multiValueMap.setReturn(Constants.OBJECT.ENCODING.uri, str4);
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str5, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceExport");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str5 + " couldn't set " + str6, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceExport");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    @Deprecated
    public final void enforceExportObject(Context context, String str, String str2, String str3, String str4) throws AuthzException {
        enforceExport(context, str, str2, str3, str4);
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceGetNextPid(Context context, String str, int i) throws AuthzException {
        try {
            logger.debug("Entered enforceGetNextPid");
            String str2 = Constants.ACTION.GET_NEXT_PID.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str3 = "";
            try {
                str3 = multiValueMap.setReturn(Constants.OBJECT.N_PIDS.uri, Integer.toString(i));
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str2, Constants.ACTION.APIM.uri, "", str, context);
                logger.debug("Exiting enforceGetNextPid");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str2 + " couldn't set " + str3, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceGetNextPid");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceGetDatastream(Context context, String str, String str2, Date date) throws AuthzException {
        try {
            logger.debug("Entered enforceGetDatastream");
            String str3 = Constants.ACTION.GET_DATASTREAM.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str4 = "";
            try {
                multiValueMap.setReturn(Constants.DATASTREAM.ID.uri, str2);
                str4 = multiValueMap.setReturn(Constants.DATASTREAM.AS_OF_DATETIME.uri, ensureDate(date, context));
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str3, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceGetDatastream");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str3 + " couldn't set " + str4, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceGetDatastream");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceGetDatastreamHistory(Context context, String str, String str2) throws AuthzException {
        try {
            logger.debug("Entered enforceGetDatastreamHistory");
            String str3 = Constants.ACTION.GET_DATASTREAM_HISTORY.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str4 = "";
            try {
                str4 = multiValueMap.setReturn(Constants.DATASTREAM.ID.uri, str2);
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str3, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceGetDatastreamHistory");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str3 + " couldn't set " + str4, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceGetDatastreamHistory");
            throw th;
        }
    }

    private final String ensureDate(Date date, Context context) throws AuthzOperationalException {
        if (date == null) {
            date = context.now();
        }
        try {
            return dateAsString(date);
        } catch (Throwable th) {
            throw new AuthzOperationalException("couldn't make date a string", th);
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceGetDatastreams(Context context, String str, Date date, String str2) throws AuthzException {
        try {
            logger.debug("Entered enforceGetDatastreams");
            String str3 = Constants.ACTION.GET_DATASTREAMS.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str4 = "";
            try {
                multiValueMap.setReturn(Constants.DATASTREAM.STATE.uri, str2);
                str4 = multiValueMap.setReturn(Constants.RESOURCE.AS_OF_DATETIME.uri, ensureDate(date, context));
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str3, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceGetDatastreams");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str3 + " couldn't set " + str4, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceGetDatastreams");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceGetObjectXML(Context context, String str, String str2) throws AuthzException {
        try {
            logger.debug("Entered enforceGetObjectXML");
            String str3 = Constants.ACTION.GET_OBJECT_XML.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str4 = "";
            try {
                str4 = multiValueMap.setReturn(Constants.OBJECT.ENCODING.uri, str2);
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str3, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceGetObjectXML");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str3 + " couldn't set " + str4, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceGetObjectXML");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceIngest(Context context, String str, String str2, String str3) throws AuthzException {
        try {
            logger.debug("Entered enforceIngest");
            String str4 = Constants.ACTION.INGEST.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str5 = "";
            try {
                multiValueMap.setReturn(Constants.OBJECT.FORMAT_URI.uri, str2);
                str5 = multiValueMap.setReturn(Constants.OBJECT.ENCODING.uri, str3);
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str4, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceIngest");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str4 + " couldn't set " + str5, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceIngest");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    @Deprecated
    public final void enforceIngestObject(Context context, String str, String str2, String str3) throws AuthzException {
        enforceIngest(context, str, str2, str3);
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceListObjectInFieldSearchResults(Context context, String str) throws AuthzException {
        try {
            logger.debug("Entered enforceListObjectInFieldSearchResults");
            String str2 = Constants.ACTION.LIST_OBJECT_IN_FIELD_SEARCH_RESULTS.uri;
            if (this.enforceListObjectInFieldSearchResults) {
                context.setActionAttributes(null);
                context.setResourceAttributes(null);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str2, Constants.ACTION.APIA.uri, str, extractNamespace(str), context);
            }
            logger.debug("Exiting enforceListObjectInFieldSearchResults");
        } catch (Throwable th) {
            logger.debug("Exiting enforceListObjectInFieldSearchResults");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceListObjectInResourceIndexResults(Context context, String str) throws AuthzException {
        try {
            logger.debug("Entered enforceListObjectInResourceIndexResults");
            String str2 = Constants.ACTION.LIST_OBJECT_IN_RESOURCE_INDEX_RESULTS.uri;
            if (this.enforceListObjectInResourceIndexResults) {
                context.setActionAttributes(null);
                context.setResourceAttributes(null);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str2, Constants.ACTION.APIA.uri, str, extractNamespace(str), context);
            }
            logger.debug("Exiting enforceListObjectInResourceIndexResults");
        } catch (Throwable th) {
            logger.debug("Exiting enforceListObjectInResourceIndexResults");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceModifyDatastreamByReference(Context context, String str, String str2, String[] strArr, String str3, String str4, String str5, String str6, String str7) throws AuthzException {
        try {
            logger.debug("Entered enforceModifyDatastreamByReference");
            String str8 = Constants.ACTION.MODIFY_DATASTREAM_BY_REFERENCE.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str9 = "";
            try {
                multiValueMap.setReturn(Constants.DATASTREAM.ID.uri, str2);
                multiValueMap.setReturn(Constants.DATASTREAM.NEW_MIME_TYPE.uri, str3);
                multiValueMap.setReturn(Constants.DATASTREAM.NEW_FORMAT_URI.uri, str4);
                multiValueMap.setReturn(Constants.DATASTREAM.NEW_LOCATION.uri, str5);
                multiValueMap.setReturn(Constants.DATASTREAM.NEW_ALT_IDS.uri, strArr);
                multiValueMap.setReturn(Constants.DATASTREAM.NEW_CHECKSUM_TYPE.uri, str6);
                str9 = multiValueMap.setReturn(Constants.DATASTREAM.NEW_CHECKSUM.uri, str7);
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str8, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceModifyDatastreamByReference");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str8 + " couldn't set " + str9, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceModifyDatastreamByReference");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceModifyDatastreamByValue(Context context, String str, String str2, String[] strArr, String str3, String str4, String str5, String str6) throws AuthzException {
        try {
            logger.debug("Entered enforceModifyDatastreamByValue");
            String str7 = Constants.ACTION.MODIFY_DATASTREAM_BY_VALUE.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str8 = "";
            try {
                multiValueMap.setReturn(Constants.DATASTREAM.ID.uri, str2);
                multiValueMap.setReturn(Constants.DATASTREAM.NEW_MIME_TYPE.uri, str3);
                multiValueMap.setReturn(Constants.DATASTREAM.NEW_FORMAT_URI.uri, str4);
                multiValueMap.setReturn(Constants.DATASTREAM.NEW_ALT_IDS.uri, strArr);
                multiValueMap.setReturn(Constants.DATASTREAM.NEW_CHECKSUM_TYPE.uri, str5);
                str8 = multiValueMap.setReturn(Constants.DATASTREAM.NEW_CHECKSUM.uri, str6);
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str7, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceModifyDatastreamByValue");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str7 + " couldn't set " + str8, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceModifyDatastreamByValue");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceModifyObject(Context context, String str, String str2, String str3) throws AuthzException {
        String str4;
        try {
            logger.debug("Entered enforceModifyObject");
            String str5 = Constants.ACTION.MODIFY_OBJECT.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            try {
                multiValueMap.setReturn(Constants.OBJECT.NEW_STATE.uri, str2);
                str4 = str3 != null ? multiValueMap.setReturn(Constants.OBJECT.OWNER.uri, str3.split(this.m_ownerIdSeparator)) : "";
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str5, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceModifyObject");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str5 + " couldn't set " + str4, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceModifyObject");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforcePurgeDatastream(Context context, String str, String str2, Date date) throws AuthzException {
        try {
            logger.debug("Entered enforcePurgeDatastream");
            String str3 = Constants.ACTION.PURGE_DATASTREAM.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str4 = "";
            try {
                multiValueMap.setReturn(Constants.DATASTREAM.ID.uri, str2);
                str4 = multiValueMap.setReturn(Constants.RESOURCE.AS_OF_DATETIME.uri, ensureDate(date, context));
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str3, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforcePurgeDatastream");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str3 + " couldn't set " + str4, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforcePurgeDatastream");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforcePurgeObject(Context context, String str) throws AuthzException {
        try {
            logger.debug("Entered enforcePurgeObject");
            String str2 = Constants.ACTION.PURGE_OBJECT.uri;
            context.setActionAttributes(null);
            context.setResourceAttributes(null);
            this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str2, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
            logger.debug("Exiting enforcePurgeObject");
        } catch (Throwable th) {
            logger.debug("Exiting enforcePurgeObject");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceSetDatastreamState(Context context, String str, String str2, String str3) throws AuthzException {
        try {
            logger.debug("Entered enforceSetDatastreamState");
            String str4 = Constants.ACTION.SET_DATASTREAM_STATE.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str5 = "";
            try {
                multiValueMap.setReturn(Constants.DATASTREAM.ID.uri, str2);
                str5 = multiValueMap.setReturn(Constants.DATASTREAM.NEW_STATE.uri, str3);
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str4, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceSetDatastreamState");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str4 + " couldn't set " + str5, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceSetDatastreamState");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceSetDatastreamVersionable(Context context, String str, String str2, boolean z) throws AuthzException {
        try {
            logger.debug("Entered enforceSetDatastreamVersionable");
            String str3 = Constants.ACTION.SET_DATASTREAM_VERSIONABLE.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str4 = "";
            try {
                multiValueMap.setReturn(Constants.DATASTREAM.ID.uri, str2);
                str4 = multiValueMap.setReturn(Constants.DATASTREAM.NEW_VERSIONABLE.uri, new Boolean(z).toString());
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str3, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceSetDatastreamVersionable");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str3 + " couldn't set " + str4, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceSetDatastreamVersionable");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public final void enforceCompareDatastreamChecksum(Context context, String str, String str2, Date date) throws AuthzException {
        try {
            logger.debug("Entered enforceCompareDatastreamChecksum");
            String str3 = Constants.ACTION.COMPARE_DATASTREAM_CHECKSUM.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str4 = "";
            try {
                multiValueMap.setReturn(Constants.DATASTREAM.ID.uri, str2);
                str4 = multiValueMap.setReturn(Constants.RESOURCE.AS_OF_DATETIME.uri, ensureDate(date, context));
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str3, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceCompareDatastreamChecksum");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str3 + " couldn't set " + str4, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceCompareDatastreamChecksum");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceDescribeRepository(Context context) throws AuthzException {
        try {
            logger.debug("Entered enforceDescribeRepository");
            String str = Constants.ACTION.DESCRIBE_REPOSITORY.uri;
            context.setActionAttributes(null);
            context.setResourceAttributes(null);
            this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str, Constants.ACTION.APIA.uri, "", "", context);
            logger.debug("Exiting enforceDescribeRepository");
        } catch (Throwable th) {
            logger.debug("Exiting enforceDescribeRepository");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceFindObjects(Context context) throws AuthzException {
        try {
            logger.debug("Entered enforceFindObjects");
            String str = Constants.ACTION.FIND_OBJECTS.uri;
            context.setActionAttributes(null);
            context.setResourceAttributes(null);
            this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str, Constants.ACTION.APIA.uri, "", "", context);
            logger.debug("Exiting enforceFindObjects");
        } catch (Throwable th) {
            logger.debug("Exiting enforceFindObjects");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceRIFindObjects(Context context) throws AuthzException {
        try {
            logger.debug("Entered enforceRIFindObjects");
            String str = Constants.ACTION.RI_FIND_OBJECTS.uri;
            context.setActionAttributes(null);
            context.setResourceAttributes(null);
            this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str, Constants.ACTION.APIA.uri, "", "", context);
            logger.debug("Exiting enforceRIFindObjects");
        } catch (Throwable th) {
            logger.debug("Exiting enforceRIFindObjects");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceGetDatastreamDissemination(Context context, String str, String str2, Date date) throws AuthzException {
        try {
            logger.debug("Entered enforceGetDatastreamDissemination");
            String str3 = Constants.ACTION.GET_DATASTREAM_DISSEMINATION.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str4 = "";
            try {
                multiValueMap.setReturn(Constants.DATASTREAM.ID.uri, str2);
                str4 = multiValueMap.setReturn(Constants.RESOURCE.AS_OF_DATETIME.uri, ensureDate(date, context));
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str3, Constants.ACTION.APIA.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceGetDatastreamDissemination");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str3 + " couldn't set " + str4, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceGetDatastreamDissemination");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceGetDissemination(Context context, String str, String str2, String str3, Date date, String str4, String str5, String str6, String str7, String str8) throws AuthzException {
        try {
            logger.debug("Entered enforceGetDissemination");
            String str9 = Constants.ACTION.GET_DISSEMINATION.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str10 = "";
            try {
                multiValueMap.setReturn(Constants.SDEF.PID.uri, str2);
                multiValueMap.setReturn(Constants.SDEF.NAMESPACE.uri, extractNamespace(str2));
                multiValueMap.setReturn(Constants.DISSEMINATOR.METHOD.uri, str3);
                multiValueMap.setReturn(Constants.SDEP.PID.uri, str6);
                multiValueMap.setReturn(Constants.SDEP.NAMESPACE.uri, extractNamespace(str6));
                multiValueMap.setReturn(Constants.OBJECT.STATE.uri, str4);
                multiValueMap.setReturn(Constants.DISSEMINATOR.STATE.uri, str8);
                multiValueMap.setReturn(Constants.SDEF.STATE.uri, str5);
                multiValueMap.setReturn(Constants.SDEP.STATE.uri, str7);
                str10 = multiValueMap.setReturn(Constants.RESOURCE.AS_OF_DATETIME.uri, ensureDate(date, context));
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str9, Constants.ACTION.APIA.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceGetDissemination");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str9 + " couldn't set " + str10, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceGetDissemination");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceGetObjectHistory(Context context, String str) throws AuthzException {
        try {
            logger.debug("Entered enforceGetObjectHistory");
            String str2 = Constants.ACTION.GET_OBJECT_HISTORY.uri;
            context.setActionAttributes(null);
            context.setResourceAttributes(null);
            this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str2, Constants.ACTION.APIA.uri, str, extractNamespace(str), context);
            logger.debug("Exiting enforceGetObjectHistory");
        } catch (Throwable th) {
            logger.debug("Exiting enforceGetObjectHistory");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceGetObjectProfile(Context context, String str, Date date) throws AuthzException {
        try {
            logger.debug("Entered enforceGetObjectProfile");
            String str2 = Constants.ACTION.GET_OBJECT_PROFILE.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str3 = "";
            try {
                str3 = multiValueMap.setReturn(Constants.RESOURCE.AS_OF_DATETIME.uri, ensureDate(date, context));
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str2, Constants.ACTION.APIA.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceGetObjectProfile");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str2 + " couldn't set " + str3, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceGetObjectProfile");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceListDatastreams(Context context, String str, Date date) throws AuthzException {
        try {
            logger.debug("Entered enforceListDatastreams");
            String str2 = Constants.ACTION.LIST_DATASTREAMS.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str3 = "";
            try {
                str3 = multiValueMap.setReturn(Constants.RESOURCE.AS_OF_DATETIME.uri, ensureDate(date, context));
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str2, Constants.ACTION.APIA.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceListDatastreams");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str2 + " couldn't set " + str3, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceListDatastreams");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceListMethods(Context context, String str, Date date) throws AuthzException {
        try {
            logger.debug("Entered enforceListMethods");
            String str2 = Constants.ACTION.LIST_METHODS.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str3 = "";
            try {
                str3 = multiValueMap.setReturn(Constants.RESOURCE.AS_OF_DATETIME.uri, ensureDate(date, context));
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str2, Constants.ACTION.APIA.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceListMethods");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str2 + " couldn't set " + str3, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceListMethods");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceServerStatus(Context context) throws AuthzException {
        try {
            logger.debug("Entered enforceServerStatus");
            String str = Constants.ACTION.SERVER_STATUS.uri;
            context.setActionAttributes(null);
            context.setResourceAttributes(null);
            this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str, "", "", "", context);
            logger.debug("Exiting enforceServerStatus");
        } catch (Throwable th) {
            logger.debug("Exiting enforceServerStatus");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceOAIRespond(Context context) throws AuthzException {
        try {
            logger.debug("Entered enforceOAIRespond");
            String str = Constants.ACTION.OAI.uri;
            context.setActionAttributes(null);
            context.setResourceAttributes(null);
            this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str, "", "", "", context);
            logger.debug("Exiting enforceOAIRespond");
        } catch (Throwable th) {
            logger.debug("Exiting enforceOAIRespond");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceUpload(Context context) throws AuthzException {
        try {
            logger.debug("Entered enforceUpload");
            String str = Constants.ACTION.UPLOAD.uri;
            context.setActionAttributes(null);
            context.setResourceAttributes(null);
            this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str, "", "", "", context);
            logger.debug("Exiting enforceUpload");
        } catch (Throwable th) {
            logger.debug("Exiting enforceUpload");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforce_Internal_DSState(Context context, String str, String str2) throws AuthzException {
        try {
            logger.debug("Entered enforce_Internal_DSState");
            String str3 = Constants.ACTION.INTERNAL_DSSTATE.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str4 = "";
            try {
                multiValueMap.setReturn(Constants.DATASTREAM.ID.uri, str);
                str4 = multiValueMap.setReturn(Constants.DATASTREAM.STATE.uri, str2);
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str3, Constants.ACTION.APIA.uri, "", "", context);
                logger.debug("Exiting enforce_Internal_DSState");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str3 + " couldn't set " + str4, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforce_Internal_DSState");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceResolveDatastream(Context context, Date date) throws AuthzException {
        try {
            logger.debug("Entered enforceResolveDatastream");
            String str = Constants.ACTION.RESOLVE_DATASTREAM.uri;
            context.setResourceAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str2 = "";
            try {
                str2 = multiValueMap.setReturn(Constants.RESOURCE.TICKET_ISSUED_DATETIME.uri, DateUtility.convertDateToString(date));
                context.setActionAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str, "", "", "", context);
                logger.debug("Exiting enforceResolveDatastream");
            } catch (Exception e) {
                context.setActionAttributes(null);
                throw new AuthzOperationalException(str + " couldn't set " + str2, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceResolveDatastream");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceReloadPolicies(Context context) throws AuthzException {
        try {
            logger.debug("Entered enforceReloadPolicies");
            String str = Constants.ACTION.RELOAD_POLICIES.uri;
            context.setResourceAttributes(null);
            context.setActionAttributes(null);
            this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str, "", "", "", context);
            logger.debug("Exiting enforceReloadPolicies");
        } catch (Throwable th) {
            logger.debug("Exiting enforceReloadPolicies");
            throw th;
        }
    }

    public static final String dateAsString(Date date) throws Exception {
        return DateUtility.convertDateToString(date, false);
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceGetRelationships(Context context, String str, String str2) throws AuthzException {
        try {
            logger.debug("Entered enforceGetRelationships");
            String str3 = Constants.ACTION.GET_RELATIONSHIPS.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str4 = "";
            try {
                str4 = multiValueMap.setReturn(Constants.OBJECT.PID.uri, str);
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str3, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceGetRelationships");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str3 + " couldn't set " + str4, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceGetRelationships");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceAddRelationship(Context context, String str, String str2, String str3, boolean z, String str4) throws AuthzException {
        try {
            logger.debug("Entered enforceAddRelationship");
            String str5 = Constants.ACTION.ADD_RELATIONSHIP.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str6 = "";
            try {
                str6 = multiValueMap.setReturn(Constants.OBJECT.PID.uri, str);
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str5, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceAddRelationship");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str5 + " couldn't set " + str6, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceAddRelationship");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforcePurgeRelationship(Context context, String str, String str2, String str3, boolean z, String str4) throws AuthzException {
        try {
            logger.debug("Entered enforcePurgeRelationship");
            String str5 = Constants.ACTION.PURGE_RELATIONSHIP.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str6 = "";
            try {
                str6 = multiValueMap.setReturn(Constants.OBJECT.PID.uri, str);
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str5, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforcePurgeRelationship");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str5 + " couldn't set " + str6, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforcePurgeRelationship");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceRetrieveFile(Context context, String str) throws AuthzException {
        try {
            logger.debug("Entered enforceRetrieveFile for {}", str);
            String str2 = Constants.ACTION.RETRIEVE_FILE.uri;
            context.setActionAttributes(null);
            context.setResourceAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str3 = "";
            try {
                str3 = multiValueMap.setReturn(Constants.DATASTREAM.FILE_URI.uri, str);
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str2, Constants.ACTION.APIM.uri, "", extractNamespace(str), context);
                logger.debug("Exiting enforceRetrieveFile");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str2 + " couldn't be set " + str3, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceRetrieveFile");
            throw th;
        }
    }

    @Override // org.fcrepo.server.security.Authorization
    public void enforceValidate(Context context, String str, Date date) throws AuthzException {
        try {
            logger.debug("Entered enforceValidate");
            String str2 = Constants.ACTION.VALIDATE.uri;
            context.setActionAttributes(null);
            MultiValueMap multiValueMap = new MultiValueMap();
            String str3 = "";
            try {
                str3 = multiValueMap.setReturn(Constants.RESOURCE.AS_OF_DATETIME.uri, ensureDate(date, context));
                context.setResourceAttributes(multiValueMap);
                this.xacmlPep.enforce(context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), str2, Constants.ACTION.APIM.uri, str, extractNamespace(str), context);
                logger.debug("Exiting enforceGetDatastream");
            } catch (Exception e) {
                context.setResourceAttributes(null);
                throw new AuthzOperationalException(str2 + " couldn't set " + str3, e);
            }
        } catch (Throwable th) {
            logger.debug("Exiting enforceGetDatastream");
            throw th;
        }
    }
}
