package pl.edu.icm.yadda.aas.proxy;

import java.io.Serializable;
import java.util.Arrays;
import java.util.BitSet;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import java.util.Set;
import org.apache.log4j.Logger;
import org.opensaml.lite.xacml.policy.ObligationType;
import org.springframework.beans.factory.annotation.Required;
import pl.edu.icm.yadda.aas.client.IClientSecurityService;
import pl.edu.icm.yadda.aas.proxy.browse.ExternalStringBasedCookie;
import pl.edu.icm.yadda.aas.proxy.criterion.ILicenseCriterionCreator;
import pl.edu.icm.yadda.aas.proxy.criterion.bitset.BitSetCriterionCreatorHelper;
import pl.edu.icm.yadda.aas.proxy.token.CacheEntry;
import pl.edu.icm.yadda.aas.proxy.token.TokenAwareSecuredService;
import pl.edu.icm.yadda.aas.proxy.token.TokenSecurityException;
import pl.edu.icm.yadda.service2.GenericRequest;
import pl.edu.icm.yadda.service2.GetFeaturesRequest;
import pl.edu.icm.yadda.service2.GetFeaturesResponse;
import pl.edu.icm.yadda.service2.GetVersionResponse;
import pl.edu.icm.yadda.service2.VersionHelper;
import pl.edu.icm.yadda.service2.YaddaError;
import pl.edu.icm.yadda.service2.browse.AggregateRequest;
import pl.edu.icm.yadda.service2.browse.ControlRequest;
import pl.edu.icm.yadda.service2.browse.ControlResponse;
import pl.edu.icm.yadda.service2.browse.Cookie;
import pl.edu.icm.yadda.service2.browse.CountRequest;
import pl.edu.icm.yadda.service2.browse.CountResponse;
import pl.edu.icm.yadda.service2.browse.DataResponse;
import pl.edu.icm.yadda.service2.browse.EditDataRequest;
import pl.edu.icm.yadda.service2.browse.EditDataResponse;
import pl.edu.icm.yadda.service2.browse.EditStructureRequest;
import pl.edu.icm.yadda.service2.browse.EditStructureResponse;
import pl.edu.icm.yadda.service2.browse.FetchRequest;
import pl.edu.icm.yadda.service2.browse.IBrowser;
import pl.edu.icm.yadda.service2.browse.RelationsInfoRequest;
import pl.edu.icm.yadda.service2.browse.RelationsInfoResponse;
import pl.edu.icm.yadda.service2.browse.SelectRequest;
import pl.edu.icm.yadda.service2.browse.query.AggregateQuery;
import pl.edu.icm.yadda.service2.browse.query.ComplexClause;
import pl.edu.icm.yadda.service2.browse.query.Condition;
import pl.edu.icm.yadda.service2.browse.query.Query;
import pl.edu.icm.yadda.service2.browse.query.SelectQuery;
import pl.edu.icm.yadda.service2.browse.relation.Field;

/* loaded from: input_file:pl/edu/icm/yadda/aas/proxy/SecuredBrowser.class */
public class SecuredBrowser extends TokenAwareSecuredService<Cookie, BitSet> implements IBrowser {
    private List<ILicenseCriterionCreator<BitSet>> bitSetCreators;
    private IClientSecurityService secClient;
    private IBrowser browser;
    protected final Logger log = Logger.getLogger(getClass());
    protected Random rand = new Random();

    public GetVersionResponse getVersionResponse(GenericRequest genericRequest) {
        return new GetVersionResponse(VersionHelper.currentAPIVersion());
    }

    public GetFeaturesResponse getFeatures(GetFeaturesRequest getFeaturesRequest) {
        GetFeaturesResponse features = this.browser.getFeatures(getFeaturesRequest);
        features.getFeatures().add(SecurityConstants.FEATURE_REQUIRES_AUTHORIZATION);
        return features;
    }

    protected Field getSecurityField(String str) {
        if (str == null) {
            return null;
        }
        for (Field field : this.browser.getRelationsInfo(new RelationsInfoRequest(new String[]{str})).getInfo(str).getFields()) {
            if (field.getType() == Field.Type.LICENSE) {
                return field;
            }
        }
        return null;
    }

    public CountResponse count(CountRequest countRequest) {
        String relationName = (countRequest == null || countRequest.getQuery() == null) ? null : countRequest.getQuery().getRelationName();
        Field securityField = getSecurityField(relationName);
        if (securityField == null) {
            this.log.warn("no security field for relation " + relationName);
            return this.browser.count(countRequest);
        }
        Set<ObligationType> retrieveLicenseObligations = this.secClient.retrieveLicenseObligations(countRequest.getAuthHeaders());
        BitSet bitSet = null;
        Iterator<ILicenseCriterionCreator<BitSet>> it = this.bitSetCreators.iterator();
        while (it.hasNext()) {
            bitSet = BitSetCriterionCreatorHelper.merge(bitSet, it.next().createCriterion(retrieveLicenseObligations));
        }
        if (bitSet != null) {
            Condition permitted = Condition.permitted(securityField.getName(), bitSet);
            return this.browser.count(new CountRequest(countRequest.getQuery().getCondition() != null ? Query.count(countRequest.getQuery().getRelationName()).where(new ComplexClause(ComplexClause.Operator.AND, Arrays.asList(countRequest.getQuery().getCondition(), permitted))) : Query.count(countRequest.getQuery().getRelationName()).where(permitted)));
        }
        this.log.debug("no permission to read browser");
        return new CountResponse(new YaddaError(SecurityConstants.ERROR_AUTH, "no permission to read browser"));
    }

    public DataResponse select(SelectRequest selectRequest) {
        SelectQuery selectQuery;
        String relationName = (selectRequest == null || selectRequest.getQuery() == null) ? null : selectRequest.getQuery().getRelationName();
        Field securityField = getSecurityField(relationName);
        if (securityField == null) {
            this.log.warn("no security field for relation " + relationName);
            return this.browser.select(selectRequest);
        }
        Set<ObligationType> retrieveLicenseObligations = this.secClient.retrieveLicenseObligations(selectRequest.getAuthHeaders());
        BitSet bitSet = null;
        Iterator<ILicenseCriterionCreator<BitSet>> it = this.bitSetCreators.iterator();
        while (it.hasNext()) {
            bitSet = BitSetCriterionCreatorHelper.merge(bitSet, it.next().createCriterion(retrieveLicenseObligations));
        }
        if (bitSet == null) {
            this.log.debug("no permission to read browser");
            return new DataResponse(new YaddaError(SecurityConstants.ERROR_AUTH, "no permission to read browser"));
        }
        Condition permitted = Condition.permitted(securityField.getName(), bitSet);
        if (selectRequest.getQuery().getSelection() != null && selectRequest.getQuery().getSelection().getCondition() != null) {
            selectQuery = new SelectQuery(selectRequest.getQuery().getRelationName(), selectRequest.getQuery().getSelection().where(new ComplexClause(ComplexClause.Operator.AND, Arrays.asList(selectRequest.getQuery().getSelection().getCondition(), permitted))));
        } else {
            if (selectRequest.getQuery().getSelection() == null) {
                this.log.warn("no selection in query, returning 0 results");
                return new DataResponse(new Serializable[0][0]);
            }
            selectQuery = new SelectQuery(selectRequest.getQuery().getRelationName(), selectRequest.getQuery().getSelection().where(permitted));
        }
        DataResponse select = this.browser.select(new SelectRequest(selectQuery, selectRequest.getPageLimit()));
        select.setCookie(storeEntry(select.getCookie(), bitSet));
        return select;
    }

    public DataResponse aggregate(AggregateRequest aggregateRequest) {
        AggregateQuery aggregateQuery;
        String relationName = (aggregateRequest == null || aggregateRequest.getQuery() == null) ? null : aggregateRequest.getQuery().getRelationName();
        Field securityField = getSecurityField(relationName);
        if (securityField == null) {
            this.log.warn("no security field for relation " + relationName);
            return this.browser.aggregate(aggregateRequest);
        }
        Set<ObligationType> retrieveLicenseObligations = this.secClient.retrieveLicenseObligations(aggregateRequest.getAuthHeaders());
        BitSet bitSet = null;
        Iterator<ILicenseCriterionCreator<BitSet>> it = this.bitSetCreators.iterator();
        while (it.hasNext()) {
            bitSet = BitSetCriterionCreatorHelper.merge(bitSet, it.next().createCriterion(retrieveLicenseObligations));
        }
        if (bitSet == null) {
            this.log.debug("no permission to read browser");
            return new DataResponse(new YaddaError(SecurityConstants.ERROR_AUTH, "no permission to read browser"));
        }
        Condition permitted = Condition.permitted(securityField.getName(), bitSet);
        if (aggregateRequest.getQuery().getSelection() != null && aggregateRequest.getQuery().getSelection().getCondition() != null) {
            aggregateQuery = new AggregateQuery(aggregateRequest.getQuery().getUuid(), aggregateRequest.getQuery().getSelection().where(new ComplexClause(ComplexClause.Operator.AND, Arrays.asList(aggregateRequest.getQuery().getSelection().getCondition(), permitted))), aggregateRequest.getQuery().isBlocking());
        } else {
            if (aggregateRequest.getQuery().getSelection() == null) {
                this.log.warn("no selection in query, returning 0 results");
                return new DataResponse(new Serializable[0][0]);
            }
            aggregateQuery = new AggregateQuery(aggregateRequest.getQuery().getUuid(), aggregateRequest.getQuery().getSelection().where(permitted), aggregateRequest.getQuery().isBlocking());
        }
        DataResponse aggregate = this.browser.aggregate(new AggregateRequest(aggregateQuery, aggregateRequest.getPageLimit(), aggregateRequest.isBlocking()));
        aggregate.setCookie(storeEntry(aggregate.getCookie(), bitSet));
        return aggregate;
    }

    public DataResponse fetch(FetchRequest fetchRequest) {
        if (fetchRequest.getCookie() == null) {
            this.log.debug("no cookie found in request");
            return new DataResponse(new YaddaError(SecurityConstants.ERROR_AUTH, "no cookie found in request"));
        }
        if (!isExternalToken(fetchRequest.getCookie())) {
            return this.browser.fetch(fetchRequest);
        }
        Set<ObligationType> retrieveLicenseObligations = this.secClient.retrieveLicenseObligations(fetchRequest.getAuthHeaders());
        BitSet bitSet = null;
        Iterator<ILicenseCriterionCreator<BitSet>> it = this.bitSetCreators.iterator();
        while (it.hasNext()) {
            bitSet = BitSetCriterionCreatorHelper.merge(bitSet, it.next().createCriterion(retrieveLicenseObligations));
        }
        if (bitSet == null) {
            this.log.debug("no permission to read browser");
            return new DataResponse(new YaddaError(SecurityConstants.ERROR_AUTH, "no permission to read browser"));
        }
        try {
            CacheEntry<Cookie, BitSet> cachedEntryWithSecurityCriterionCheckAndRemoval = getCachedEntryWithSecurityCriterionCheckAndRemoval(fetchRequest.getCookie(), bitSet);
            if (cachedEntryWithSecurityCriterionCheckAndRemoval == null) {
                String str = "invalid resumption token: " + fetchRequest.getCookie();
                this.log.debug(str);
                return new DataResponse(new YaddaError(SecurityConstants.ERROR_AUTH, str));
            }
            fetchRequest.setCookie(cachedEntryWithSecurityCriterionCheckAndRemoval.getInternalToken());
            DataResponse fetch = this.browser.fetch(fetchRequest);
            fetch.setCookie(storeEntry(fetch.getCookie(), bitSet));
            return fetch;
        } catch (TokenSecurityException e) {
            this.log.debug("Security constraints were violated: security criteria have changed!");
            return new DataResponse(new YaddaError(SecurityConstants.ERROR_AUTH, "Security constraints were violated: security criteria have changed!"));
        }
    }

    public EditStructureResponse editStructure(EditStructureRequest editStructureRequest) {
        return this.browser.editStructure(editStructureRequest);
    }

    public EditDataResponse editData(EditDataRequest editDataRequest) {
        return this.browser.editData(editDataRequest);
    }

    public RelationsInfoResponse getRelationsInfo(RelationsInfoRequest relationsInfoRequest) {
        return this.browser.getRelationsInfo(relationsInfoRequest);
    }

    public ControlResponse control(ControlRequest controlRequest) {
        return this.browser.control(controlRequest);
    }

    @Override // pl.edu.icm.yadda.aas.proxy.token.TokenAwareSecuredService
    public boolean equals(BitSet bitSet, BitSet bitSet2) {
        return SecurityCriterionComparatorHelper.equals(bitSet, bitSet2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // pl.edu.icm.yadda.aas.proxy.token.TokenAwareSecuredService
    public Cookie generateExternalToken(Cookie cookie) {
        return new ExternalStringBasedCookie(generateExternalTokenId());
    }

    protected boolean isExternalToken(Cookie cookie) {
        return cookie != null && (cookie instanceof ExternalStringBasedCookie);
    }

    protected String generateExternalTokenId() {
        return System.currentTimeMillis() + "-" + this.rand.nextInt(100);
    }

    @Required
    public void setBrowser(IBrowser iBrowser) {
        this.browser = iBrowser;
    }

    @Required
    public void setSecClient(IClientSecurityService iClientSecurityService) {
        this.secClient = iClientSecurityService;
    }

    @Required
    public void setBitSetCreators(List<ILicenseCriterionCreator<BitSet>> list) {
        this.bitSetCreators = list;
    }
}
