package com.mobi.security.policy.rest;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.mobi.exception.MobiException;
import com.mobi.rest.security.annotations.ActionId;
import com.mobi.rest.security.annotations.ResourceId;
import com.mobi.rest.security.annotations.ValueType;
import com.mobi.rest.util.ErrorUtils;
import com.mobi.security.policy.api.exception.PolicySyntaxException;
import com.mobi.security.policy.api.xacml.XACMLPolicy;
import com.mobi.security.policy.api.xacml.XACMLPolicyManager;
import com.mobi.security.policy.api.xacml.jaxb.AllOfType;
import com.mobi.security.policy.api.xacml.jaxb.AnyOfType;
import com.mobi.security.policy.api.xacml.jaxb.ApplyType;
import com.mobi.security.policy.api.xacml.jaxb.AttributeDesignatorType;
import com.mobi.security.policy.api.xacml.jaxb.AttributeValueType;
import com.mobi.security.policy.api.xacml.jaxb.EffectType;
import com.mobi.security.policy.api.xacml.jaxb.FunctionType;
import com.mobi.security.policy.api.xacml.jaxb.MatchType;
import com.mobi.security.policy.api.xacml.jaxb.PolicyType;
import com.mobi.security.policy.api.xacml.jaxb.RuleType;
import com.mobi.security.policy.api.xacml.jaxb.TargetType;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.ExampleObject;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.rdf4j.model.IRI;
import org.eclipse.rdf4j.model.Resource;
import org.eclipse.rdf4j.model.Statement;
import org.eclipse.rdf4j.model.ValueFactory;
import org.eclipse.rdf4j.model.impl.ValidatingValueFactory;
import org.eclipse.rdf4j.repository.RepositoryConnection;
import org.eclipse.rdf4j.repository.RepositoryResult;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.jaxrs.whiteboard.propertytypes.JaxrsResource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/record-permissions")
@JaxrsResource
@Component(service = {RecordPermissionsRest.class}, immediate = true)
/* loaded from: input_file:com/mobi/security/policy/rest/RecordPermissionsRest.class */
public class RecordPermissionsRest {
    private static final ObjectMapper mapper = new ObjectMapper();
    private static final String ONTOLOGIES_CATALOG_MODIFY = "http://mobi.com/ontologies/catalog#Modify";

    @Reference
    XACMLPolicyManager policyManager;
    private final Logger LOGGER = LoggerFactory.getLogger(RecordPermissionsRest.class);
    private final ValueFactory vf = new ValidatingValueFactory();

    @GET
    @Path("{recordId}")
    @Operation(tags = {"record-permissions"}, summary = "Retrieves a specific record security policy by its ID", responses = {@ApiResponse(responseCode = "200", description = "JSON representation of which user can perform each rule", content = {@Content(examples = {@ExampleObject("{\"urn:read\": {\"everyone\": false,\"users\": [\n\"http://mobi.com/users/userIRI1\",\"http://mobi.com/users/userIRI2\"],\"groups\": []  }, ...}")})}), @ApiResponse(responseCode = "400", description = "BAD REQUEST"), @ApiResponse(responseCode = "500", description = "INTERNAL SERVER ERROR")})
    @ActionId("http://mobi.com/ontologies/policy#Update")
    @ResourceId(type = ValueType.PATH, value = "recordId")
    @Produces({"application/json"})
    public Response retrieveRecordPolicy(@Parameter(description = "String representing a resource for which to retrieve a policy ID", required = true) @PathParam("recordId") String str) {
        try {
            RepositoryConnection connection = this.policyManager.getRepository().getConnection();
            try {
                Optional policy = this.policyManager.getPolicy(this.vf.createIRI(getRelatedResourceId(str, connection).orElseThrow(() -> {
                    return ErrorUtils.sendError("Policy for record " + str + " does not exist in repository", Response.Status.BAD_REQUEST);
                })));
                if (policy.isEmpty()) {
                    throw ErrorUtils.sendError("Policy could not be found", Response.Status.BAD_REQUEST);
                }
                Response build = Response.ok(recordPolicyToJson((XACMLPolicy) policy.get())).build();
                if (connection != null) {
                    connection.close();
                }
                return build;
            } finally {
            }
        } catch (IllegalStateException | MobiException e) {
            throw ErrorUtils.sendError(e, "Policy could not be retrieved", Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    @Path("{recordId}")
    @Consumes({"application/json"})
    @Operation(tags = {"record-permissions"}, summary = "Updates an existing record security policy using the provided JSON body", responses = {@ApiResponse(responseCode = "200", description = "Success"), @ApiResponse(responseCode = "400", description = "BAD REQUEST"), @ApiResponse(responseCode = "500", description = "INTERNAL SERVER ERROR")})
    @ResourceId(type = ValueType.PATH, value = "recordId")
    @PUT
    public Response updateRecordPolicy(@Parameter(description = "String representing a recordId whose corresponding policy should be updated", required = true) @PathParam("recordId") String str, @Parameter(description = "JSON representation of the new version of the record policy", required = true) String str2) {
        try {
            RepositoryConnection connection = this.policyManager.getRepository().getConnection();
            try {
                String orElseThrow = getRelatedResourceId(str, connection).orElseThrow(() -> {
                    return ErrorUtils.sendError("Policy for record " + str + " does not exist in repository", Response.Status.BAD_REQUEST);
                });
                IRI createIRI = this.vf.createIRI(orElseThrow);
                Optional policy = this.policyManager.getPolicy(createIRI);
                if (policy.isEmpty()) {
                    throw ErrorUtils.sendError("Record policy to update could not be found", Response.Status.BAD_REQUEST);
                }
                XACMLPolicy recordJsonToPolicy = recordJsonToPolicy(str2, ((XACMLPolicy) policy.get()).getJaxbPolicy());
                if (!recordJsonToPolicy.getId().equals(createIRI)) {
                    throw ErrorUtils.sendError("Policy Id does not match provided record policy", Response.Status.BAD_REQUEST);
                }
                String orElseThrow2 = getRelatedResourceId(orElseThrow, connection).orElseThrow(() -> {
                    return ErrorUtils.sendError("Policy for record policy " + str + " does not exist in repository", Response.Status.BAD_REQUEST);
                });
                if (StringUtils.isEmpty(orElseThrow2)) {
                    throw ErrorUtils.sendError("Policy for policy " + orElseThrow + "does not exist in repository", Response.Status.BAD_REQUEST);
                }
                Optional policy2 = this.policyManager.getPolicy(this.vf.createIRI(orElseThrow2));
                if (policy2.isEmpty()) {
                    throw ErrorUtils.sendError("Policy policy to update could not be found", Response.Status.BAD_REQUEST);
                }
                XACMLPolicy updatePolicyPolicy = updatePolicyPolicy(str2, ((XACMLPolicy) policy2.get()).getJaxbPolicy());
                if (!updatePolicyPolicy.getId().equals(this.vf.createIRI(orElseThrow2))) {
                    throw ErrorUtils.sendError("Policy policy Id does not match provided policy", Response.Status.BAD_REQUEST);
                }
                this.policyManager.updatePolicy(recordJsonToPolicy);
                this.policyManager.updatePolicy(updatePolicyPolicy);
                Response build = Response.ok().build();
                if (connection != null) {
                    connection.close();
                }
                return build;
            } catch (Throwable th) {
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IllegalArgumentException | PolicySyntaxException e) {
            throw ErrorUtils.sendError(e, e.getMessage(), Response.Status.BAD_REQUEST);
        } catch (IllegalStateException | MobiException e2) {
            throw ErrorUtils.sendError(e2, "Policy could not be updated", Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    private Optional<String> getRelatedResourceId(String str, RepositoryConnection repositoryConnection) {
        RepositoryResult statements = repositoryConnection.getStatements((Resource) null, this.vf.createIRI("http://mobi.com/ontologies/policy#relatedResource"), this.vf.createIRI(str), new Resource[0]);
        if (!statements.hasNext()) {
            this.LOGGER.info("Could not find related resource for: " + str);
            return Optional.empty();
        }
        Optional<String> of = Optional.of(((Statement) statements.next()).getSubject().stringValue());
        statements.close();
        return of;
    }

    private XACMLPolicy updatePolicyPolicy(String str, PolicyType policyType) {
        AttributeDesignatorType createSubjectIdAttrDesig = createSubjectIdAttrDesig();
        AttributeDesignatorType createGroupAttrDesig = createGroupAttrDesig();
        try {
            JsonNode jsonNode = ((ObjectNode) mapper.readValue(str, ObjectNode.class)).get("urn:update");
            if (jsonNode == null || !jsonNode.isObject()) {
                throw new IllegalArgumentException("Invalid JSON representation of a Policy. Missing update rule.");
            }
            AnyOfType anyOfType = (AnyOfType) ((RuleType) policyType.getRule().get(0)).getTarget().getAnyOf().get(1);
            AnyOfType anyOfType2 = (AnyOfType) ((RuleType) policyType.getRule().get(1)).getTarget().getAnyOf().get(1);
            anyOfType.getAllOf().clear();
            anyOfType2.getAllOf().clear();
            if (jsonNode.get("everyone") == null) {
                throw new IllegalArgumentException("Invalid JSON representation of a Policy. Missing everyone field.");
            }
            if (jsonNode.get("everyone").asBoolean()) {
                MatchType createUserRoleMatch = createUserRoleMatch();
                AllOfType allOfType = new AllOfType();
                allOfType.getMatch().add(createUserRoleMatch);
                anyOfType.getAllOf().add(allOfType);
                anyOfType2.getAllOf().add(allOfType);
            } else {
                JsonNode jsonNode2 = jsonNode.get("users");
                JsonNode jsonNode3 = jsonNode.get("groups");
                if (jsonNode2 == null || jsonNode3 == null || !jsonNode2.isArray() || !jsonNode3.isArray()) {
                    throw new IllegalArgumentException("Invalid JSON representation of a Policy. Users or groups not set properly for update rule");
                }
                addUsersOrGroupsToAnyOf((ArrayNode) jsonNode2, createSubjectIdAttrDesig, anyOfType, anyOfType2);
                addUsersOrGroupsToAnyOf((ArrayNode) jsonNode3, createGroupAttrDesig, anyOfType, anyOfType2);
            }
            return this.policyManager.createPolicy(policyType);
        } catch (JsonProcessingException e) {
            throw new IllegalArgumentException("Policy JSON is not valid");
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:41:0x01d8  */
    /* JADX WARN: Removed duplicated region for block: B:44:0x0262  */
    /* JADX WARN: Removed duplicated region for block: B:49:0x02ba  */
    /* JADX WARN: Removed duplicated region for block: B:94:0x02c2 A[ADDED_TO_REGION, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:95:0x01e9  */
    /* JADX WARN: Removed duplicated region for block: B:96:0x01fa  */
    /* JADX WARN: Removed duplicated region for block: B:97:0x020b  */
    /* JADX WARN: Removed duplicated region for block: B:98:0x021c A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private com.mobi.security.policy.api.xacml.XACMLPolicy recordJsonToPolicy(java.lang.String r9, com.mobi.security.policy.api.xacml.jaxb.PolicyType r10) {
        /*
            Method dump skipped, instructions count: 1025
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.mobi.security.policy.rest.RecordPermissionsRest.recordJsonToPolicy(java.lang.String, com.mobi.security.policy.api.xacml.jaxb.PolicyType):com.mobi.security.policy.api.xacml.XACMLPolicy");
    }

    private void addUsersOrGroupsToAnyOf(ArrayNode arrayNode, AttributeDesignatorType attributeDesignatorType, AnyOfType... anyOfTypeArr) {
        for (int i = 0; i < arrayNode.size(); i++) {
            String asText = arrayNode.get(i).asText();
            if (StringUtils.isEmpty(asText)) {
                throw new IllegalArgumentException("Invalid JSON representation of a Policy. User or group not set properly.");
            }
            MatchType createMatch = createMatch("urn:oasis:names:tc:xacml:1.0:function:string-equal", attributeDesignatorType, createAttributeValue("http://www.w3.org/2001/XMLSchema#string", asText));
            AllOfType allOfType = new AllOfType();
            allOfType.getMatch().add(createMatch);
            for (AnyOfType anyOfType : anyOfTypeArr) {
                anyOfType.getAllOf().add(allOfType);
            }
        }
    }

    private JAXBElement<?> createMasterBranchExpression(String str) {
        FunctionType functionType = new FunctionType();
        functionType.setFunctionId("urn:oasis:names:tc:xacml:1.0:function:string-equal");
        List asList = Arrays.asList(new JAXBElement(new QName("urn:oasis:names:tc:xacml:3.0:core:schema:wd-17", "Function"), FunctionType.class, functionType), new JAXBElement(new QName("urn:oasis:names:tc:xacml:3.0:core:schema:wd-17", "AttributeValue"), AttributeValueType.class, createAttributeValue("http://www.w3.org/2001/XMLSchema#string", str)), new JAXBElement(new QName("urn:oasis:names:tc:xacml:3.0:core:schema:wd-17", "AttributeDesignator"), AttributeDesignatorType.class, createBranchAttrDesig()));
        ApplyType applyType = new ApplyType();
        applyType.setFunctionId("urn:oasis:names:tc:xacml:1.0:function:any-of");
        applyType.getExpression().addAll(asList);
        JAXBElement jAXBElement = new JAXBElement(new QName("urn:oasis:names:tc:xacml:3.0:core:schema:wd-17", "Apply"), ApplyType.class, applyType);
        ApplyType applyType2 = new ApplyType();
        applyType2.setFunctionId("urn:oasis:names:tc:xacml:1.0:function:not");
        applyType2.getExpression().add(jAXBElement);
        return new JAXBElement<>(new QName("urn:oasis:names:tc:xacml:3.0:core:schema:wd-17", "Apply"), ApplyType.class, applyType2);
    }

    private String recordPolicyToJson(XACMLPolicy xACMLPolicy) {
        List<RuleType> rule = xACMLPolicy.getJaxbPolicy().getRule();
        ObjectNode createObjectNode = mapper.createObjectNode();
        for (RuleType ruleType : rule) {
            ObjectNode createObjectNode2 = mapper.createObjectNode();
            boolean[] zArr = {false};
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            ((AnyOfType) ruleType.getTarget().getAnyOf().get(1)).getAllOf().forEach(allOfType -> {
                String obj = ((MatchType) allOfType.getMatch().get(0)).getAttributeValue().getContent().get(0).toString();
                if (obj.contains("http://mobi.com/users/")) {
                    arrayList.add(obj);
                } else if (obj.contains("http://mobi.com/groups")) {
                    arrayList2.add(obj);
                } else if (obj.contains("http://mobi.com/roles/user")) {
                    zArr[0] = true;
                }
            });
            if (zArr[0]) {
                createObjectNode2.put("everyone", true);
                createObjectNode2.set("users", mapper.createArrayNode());
                createObjectNode2.set("groups", mapper.createArrayNode());
            } else {
                createObjectNode2.put("everyone", false);
                createObjectNode2.set("users", mapper.valueToTree(arrayList));
                createObjectNode2.set("groups", mapper.valueToTree(arrayList2));
            }
            createObjectNode.set(ruleType.getRuleId(), createObjectNode2);
        }
        return createObjectNode.toString();
    }

    private RuleType createRule(EffectType effectType, String str, TargetType targetType) {
        RuleType ruleType = new RuleType();
        ruleType.setEffect(effectType);
        ruleType.setRuleId(str);
        ruleType.setTarget(targetType);
        return ruleType;
    }

    private MatchType createMatch(String str, AttributeDesignatorType attributeDesignatorType, AttributeValueType attributeValueType) {
        MatchType matchType = new MatchType();
        matchType.setMatchId(str);
        matchType.setAttributeDesignator(attributeDesignatorType);
        matchType.setAttributeValue(attributeValueType);
        return matchType;
    }

    private MatchType createUserRoleMatch() {
        return createMatch("urn:oasis:names:tc:xacml:1.0:function:string-equal", createUserAttrDesig(), createUserAttrVal());
    }

    private AttributeDesignatorType createAttributeDesignator(String str, String str2, String str3, boolean z) {
        AttributeDesignatorType attributeDesignatorType = new AttributeDesignatorType();
        attributeDesignatorType.setAttributeId(str);
        attributeDesignatorType.setCategory(str2);
        attributeDesignatorType.setDataType(str3);
        attributeDesignatorType.setMustBePresent(z);
        return attributeDesignatorType;
    }

    private AttributeValueType createAttributeValue(String str, String str2) {
        AttributeValueType attributeValueType = new AttributeValueType();
        attributeValueType.setDataType(str);
        attributeValueType.getContent().add(str2);
        return attributeValueType;
    }

    private AttributeDesignatorType createSubjectIdAttrDesig() {
        return createAttributeDesignator("urn:oasis:names:tc:xacml:1.0:subject:subject-id", "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", "http://www.w3.org/2001/XMLSchema#string", true);
    }

    private AttributeDesignatorType createActionIdAttrDesig() {
        return createAttributeDesignator("urn:oasis:names:tc:xacml:1.0:action:action-id", "urn:oasis:names:tc:xacml:3.0:attribute-category:action", "http://www.w3.org/2001/XMLSchema#string", true);
    }

    private AttributeDesignatorType createGroupAttrDesig() {
        return createAttributeDesignator("http://mobi.com/policy/prop-path(%5E%3Chttp%3A%2F%2Fxmlns.com%2Ffoaf%2F0.1%2Fmember%3E)", "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", "http://www.w3.org/2001/XMLSchema#string", true);
    }

    private AttributeDesignatorType createBranchAttrDesig() {
        return createAttributeDesignator("http://mobi.com/ontologies/catalog#branch", "urn:oasis:names:tc:xacml:3.0:attribute-category:action", "http://www.w3.org/2001/XMLSchema#string", false);
    }

    private AttributeDesignatorType createUserAttrDesig() {
        return createAttributeDesignator("http://mobi.com/ontologies/user/management#hasUserRole", "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", "http://www.w3.org/2001/XMLSchema#string", true);
    }

    private AttributeValueType createUserAttrVal() {
        return createAttributeValue("http://www.w3.org/2001/XMLSchema#string", "http://mobi.com/roles/user");
    }
}
