package org.fcrepo.server.security;

import com.hp.hpl.jena.sparql.sse.Tags;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Hashtable;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import net.sf.saxon.om.StandardNames;
import org.fcrepo.common.Constants;
import org.fcrepo.server.errors.GeneralException;
import org.fcrepo.server.errors.StreamIOException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;

/* loaded from: input_file:WEB-INF/lib/fcrepo-server-3.7.0.jar:org/fcrepo/server/security/BackendSecurityDeserializer.class */
public class BackendSecurityDeserializer extends DefaultHandler implements Constants {
    private static final Logger logger = LoggerFactory.getLogger(BackendSecurityDeserializer.class);
    public static final String CALL_BASIC_AUTH = "callBasicAuth";
    public static final String CALL_SSL = "callSSL";
    public static final String CALL_USERNAME = "callUsername";
    public static final String CALL_PASSWORD = "callPassword";
    public static final String CALLBACK_BASIC_AUTH = "callbackBasicAuth";
    public static final String CALLBACK_SSL = "callbackSSL";
    public static final String IPLIST = "iplist";
    public static final String ROLE = "role";
    private final BackendSecuritySpec beSS;
    private Hashtable<String, String> beProperties;
    private final SAXParser tmp_parser;
    private boolean tmp_rootElementFound;
    private int tmp_level;
    private String tmp_parentRole;
    private Hashtable<String, String> tmp_rootProperties;
    private Hashtable<String, String> tmp_serviceProperties;
    private String tmp_role;

    public BackendSecurityDeserializer(String str, boolean z) throws FactoryConfigurationError, ParserConfigurationException, SAXException, UnsupportedEncodingException {
        this.beProperties = new Hashtable<>();
        new StringBuffer().append(StandardNames.TEST);
        SAXParserFactory newInstance = SAXParserFactory.newInstance();
        newInstance.setValidating(z);
        newInstance.setNamespaceAware(true);
        this.tmp_parser = newInstance.newSAXParser();
        this.beSS = new BackendSecuritySpec();
        this.beProperties = new Hashtable<>();
    }

    public BackendSecuritySpec deserialize(String str) throws GeneralException, StreamIOException, UnsupportedEncodingException {
        logger.debug("Parsing beSecurity file...");
        this.tmp_level = 0;
        try {
            this.tmp_parser.parse(new FileInputStream(new File(str)), this);
            if (!this.tmp_rootElementFound) {
                throw new GeneralException("BackendSecurityDeserializer: Root element not found in backend security config file.");
            }
            logger.debug("Parse successful.");
            return this.beSS;
        } catch (IOException e) {
            throw new StreamIOException("BackendSecurityDeserializer: Stream IO problem while parsing backend security config file.");
        } catch (SAXException e2) {
            throw new GeneralException("BackendSecurityDeserializer: Error parsing backend security config file. " + e2.getMessage());
        }
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void startElement(String str, String str2, String str3, Attributes attributes) throws SAXException {
        if (str.equals(BE_SECURITY.uri) && str2.equals("serviceSecurityDescription")) {
            logger.debug("start element uri=" + str + " localName=" + str2 + " tmp_level=" + this.tmp_level);
            this.tmp_role = grab(attributes, BE_SECURITY.uri, "role");
            this.beProperties = new Hashtable<>();
            setProperty(CALL_BASIC_AUTH, grab(attributes, BE_SECURITY.uri, CALL_BASIC_AUTH));
            setProperty(CALL_SSL, grab(attributes, BE_SECURITY.uri, CALL_SSL));
            setProperty(CALL_USERNAME, grab(attributes, BE_SECURITY.uri, CALL_USERNAME));
            setProperty(CALL_PASSWORD, grab(attributes, BE_SECURITY.uri, CALL_PASSWORD));
            setProperty(CALLBACK_BASIC_AUTH, grab(attributes, BE_SECURITY.uri, CALLBACK_BASIC_AUTH));
            setProperty(CALLBACK_SSL, grab(attributes, BE_SECURITY.uri, CALLBACK_SSL));
            setProperty(IPLIST, grab(attributes, BE_SECURITY.uri, IPLIST));
            try {
                if (this.tmp_level == 0) {
                    this.tmp_rootElementFound = true;
                    this.tmp_rootProperties = new Hashtable<>();
                    this.tmp_rootProperties.putAll(this.beProperties);
                    validateProperties();
                    this.beSS.setSecuritySpec("default", null, this.beProperties);
                } else if (this.tmp_level == 1) {
                    this.tmp_parentRole = this.tmp_role;
                    this.tmp_serviceProperties = new Hashtable<>();
                    this.tmp_serviceProperties.putAll(this.beProperties);
                    inheritProperties(this.tmp_rootProperties);
                    validateProperties();
                    this.beSS.setSecuritySpec(this.tmp_role, null, this.beProperties);
                } else {
                    if (this.tmp_level != 2) {
                        logger.debug("xml element depth exceeded");
                        throw new SAXException("BackendSecurityDeserializer: serviceSecurityDescription elements can only be nested two levels deep from root element!");
                    }
                    inheritProperties(this.tmp_serviceProperties);
                    inheritProperties(this.tmp_rootProperties);
                    validateProperties();
                    this.beSS.setSecuritySpec(this.tmp_parentRole, this.tmp_role, this.beProperties);
                }
                this.tmp_level++;
            } catch (Exception e) {
                throw new SAXException("BackendSecurityDeserializer: Error setting properties for role " + this.tmp_role + ". " + e.getMessage());
            }
        }
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void endElement(String str, String str2, String str3) {
        logger.debug("end element uri=" + str + " localName=" + str2 + " tmp_level=" + this.tmp_level);
        if (str.equals(BE_SECURITY.uri) && str2.equals("serviceSecurityDescription")) {
            this.tmp_level--;
        }
    }

    private static String grab(Attributes attributes, String str, String str2) {
        String value = attributes.getValue(str, str2);
        if (value == null) {
            value = attributes.getValue(str2);
        }
        return value;
    }

    private void setProperty(String str, String str2) {
        if (str == null || str2 == null) {
            return;
        }
        logger.debug("Setting propery.  key=" + str + " value=" + str2);
        this.beProperties.put(str, str2);
    }

    private void inheritProperties(Hashtable hashtable) {
        logger.debug("Setting inherited properties...");
        for (String str : hashtable.keySet()) {
            if (!this.beProperties.containsKey(str)) {
                setProperty(str, (String) hashtable.get(str));
            }
        }
    }

    private void validateProperties() throws GeneralException {
        logger.debug("Validating properties...");
        if (!this.beProperties.containsKey(CALL_BASIC_AUTH)) {
            setProperty(CALL_BASIC_AUTH, "false");
        }
        if (!this.beProperties.containsKey(CALL_SSL)) {
            setProperty(CALL_SSL, "false");
        }
        if (!this.beProperties.containsKey(CALLBACK_BASIC_AUTH)) {
            setProperty(CALLBACK_BASIC_AUTH, "false");
        }
        if (!this.beProperties.containsKey(CALLBACK_SSL)) {
            setProperty(CALLBACK_SSL, "false");
        }
        if (this.beProperties.get(CALL_BASIC_AUTH).equals("true")) {
            if (!this.beProperties.containsKey(CALL_USERNAME)) {
                throw new GeneralException("BackendSecurityDeserializer: callBasicAuth is set to true, but callUsername is missingfor role of " + this.tmp_role);
            }
            if (!this.beProperties.containsKey(CALL_PASSWORD)) {
                throw new GeneralException("BackendSecurityDeserializer: callBasicAuth is set to true, but callPassword is missingfor role of " + this.tmp_role);
            }
        }
    }

    public static void main(String[] strArr) throws Exception {
        logger.debug("BackendSecurityDeserializer start main()...");
        BackendSecuritySpec deserialize = new BackendSecurityDeserializer("UTF-8", false).deserialize(strArr[0]);
        for (String str : deserialize.listRoleKeys()) {
            logger.debug("************ ROLEKEY = " + str);
            Hashtable<String, String> securitySpec = deserialize.getSecuritySpec(str);
            for (String str2 : securitySpec.keySet()) {
                logger.debug(str2 + Tags.symEQ + securitySpec.get(str2));
            }
        }
    }
}
