package org.craftercms.studio.impl.v2.service.policy.internal;

import java.beans.ConstructorProperties;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.apache.commons.lang3.StringUtils;
import org.apache.tika.io.FilenameUtils;
import org.craftercms.studio.api.v1.repository.ContentRepository;
import org.craftercms.studio.api.v1.repository.RepositoryItem;
import org.craftercms.studio.api.v2.exception.configuration.ConfigurationException;
import org.craftercms.studio.api.v2.service.config.ConfigurationService;
import org.craftercms.studio.api.v2.service.policy.internal.PolicyServiceInternal;
import org.craftercms.studio.impl.v1.web.security.access.StudioAbstractAccessDecisionVoter;
import org.craftercms.studio.impl.v2.service.policy.PolicyValidator;
import org.craftercms.studio.model.policy.Action;
import org.craftercms.studio.model.policy.Type;
import org.craftercms.studio.model.policy.ValidationResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/craftercms/studio/impl/v2/service/policy/internal/PolicyServiceInternalImpl.class */
public class PolicyServiceInternalImpl implements PolicyServiceInternal {
    private static final Logger logger = LoggerFactory.getLogger(PolicyServiceInternalImpl.class);
    public static final String CONFIG_KEY_STATEMENT = "statement";
    public static final String CONFIG_KEY_PATTERN = "target-path-pattern";
    public static final String CONFIG_KEY_PERMITTED = "permitted";
    public static final String CONFIG_KEY_DENIED = "denied";
    protected ContentRepository contentRepository;
    protected org.craftercms.studio.api.v2.repository.ContentRepository contentRepositoryV2;
    protected ConfigurationService configurationService;
    protected PolicyValidator systemValidator;
    protected List<PolicyValidator> policyValidators;
    protected String configPath;

    @ConstructorProperties({"contentRepository", "contentRepositoryV2", "configurationService", "systemValidator", "policyValidators", "configPath"})
    public PolicyServiceInternalImpl(ContentRepository contentRepository, org.craftercms.studio.api.v2.repository.ContentRepository contentRepository2, ConfigurationService configurationService, PolicyValidator policyValidator, List<PolicyValidator> list, String str) {
        this.contentRepository = contentRepository;
        this.contentRepositoryV2 = contentRepository2;
        this.configurationService = configurationService;
        this.systemValidator = policyValidator;
        this.policyValidators = list;
        this.configPath = str;
    }

    @Override // org.craftercms.studio.api.v2.service.policy.internal.PolicyServiceInternal
    public List<ValidationResult> validate(String str, List<Action> list) throws ConfigurationException {
        HierarchicalConfiguration<?> xmlConfiguration = this.configurationService.getXmlConfiguration(str, this.configPath);
        list.forEach(this::validateAction);
        LinkedList linkedList = new LinkedList();
        list.forEach(action -> {
            if (action.isRecursive()) {
                evaluateRecursiveAction(xmlConfiguration, str, action, linkedList, true);
            } else {
                evaluateAction(xmlConfiguration, str, action, linkedList, true);
            }
        });
        return linkedList;
    }

    protected void validateAction(Action action) {
        if (action.isRecursive() && StringUtils.isEmpty(action.getSource())) {
            throw new IllegalArgumentException("All recursive actions need to include a source");
        }
        if (action.getType() == Type.CREATE && action.isRecursive()) {
            throw new IllegalArgumentException("CREATE actions can't be recursive");
        }
    }

    protected void evaluateAction(HierarchicalConfiguration<?> hierarchicalConfiguration, String str, Action action, List<ValidationResult> list, boolean z) {
        ValidationResult allowed = ValidationResult.allowed(action);
        this.systemValidator.validate(null, null, action, allowed);
        if (!allowed.isAllowed()) {
            list.add(allowed);
            return;
        }
        if (hierarchicalConfiguration == null) {
            logger.debug("No policy configuration found, skip the action '{}'", action);
            if (z) {
                list.add(ValidationResult.allowed(action));
                return;
            }
            return;
        }
        List<? extends HierarchicalConfiguration<?>> list2 = (List) hierarchicalConfiguration.configurationsAt(CONFIG_KEY_STATEMENT).stream().filter(hierarchicalConfiguration2 -> {
            return action.getTarget().matches(hierarchicalConfiguration2.getString(CONFIG_KEY_PATTERN));
        }).collect(Collectors.toList());
        if (list2.size() == 0) {
            logger.debug("No statement matches found, skip the action '{}'", action);
        }
        ValidationResult validateStatements = validateStatements(action, list2, str);
        if (validateStatements.isAllowed() && validateStatements.getModifiedValue() == null && !z) {
            return;
        }
        list.add(validateStatements);
    }

    private ValidationResult validateStatements(Action action, List<? extends HierarchicalConfiguration<?>> list, String str) {
        ValidationResult allowed = ValidationResult.allowed(action);
        for (HierarchicalConfiguration<?> hierarchicalConfiguration : list) {
            if (action.createOrRenameType()) {
                action.setNewPath(getNewPath(str, allowed.getModifiedValue() != null ? allowed.getModifiedValue() : action.getTarget()));
            }
            for (PolicyValidator policyValidator : this.policyValidators) {
                logger.debug("Evaluate the action '{}' using the validator '{}'", action, policyValidator.getClass().getSimpleName());
                policyValidator.validate(getSubConfig(hierarchicalConfiguration, CONFIG_KEY_PERMITTED), getSubConfig(hierarchicalConfiguration, CONFIG_KEY_DENIED), action, allowed);
                if (allowed.getModifiedValue() != null) {
                    logger.debug("Allowed with modifications the action '{}'", action);
                } else {
                    if (!allowed.isAllowed()) {
                        logger.error("Validation failed for action '{}'", action);
                        return allowed;
                    }
                    logger.debug("Allowed action '{}'", action);
                }
            }
        }
        return allowed;
    }

    protected HierarchicalConfiguration<?> getSubConfig(HierarchicalConfiguration<?> hierarchicalConfiguration, String str) {
        try {
            return hierarchicalConfiguration.configurationAt(str);
        } catch (Exception e) {
            logger.debug("Failed to load configuration value for key '{}'. Returning null.", str);
            return null;
        }
    }

    protected void evaluateRecursiveAction(HierarchicalConfiguration<?> hierarchicalConfiguration, String str, Action action, List<ValidationResult> list, boolean z) {
        evaluateAction(hierarchicalConfiguration, str, action, list, z);
        RepositoryItem[] contentChildren = this.contentRepository.getContentChildren(str, action.getSource());
        String name = FilenameUtils.getName(action.getSource());
        for (RepositoryItem repositoryItem : contentChildren) {
            Path path = Paths.get(repositoryItem.path, repositoryItem.name);
            String path2 = Paths.get(action.getTarget(), name).resolve(Paths.get(action.getSource(), new String[0]).relativize(path)).toString();
            Action action2 = new Action();
            action2.setType(action.getType());
            action2.setSource(path.toString());
            action2.setTarget(path2);
            if (repositoryItem.isFolder) {
                evaluateRecursiveAction(hierarchicalConfiguration, str, action2, list, false);
            } else {
                action2.setContentMetadata(Map.of(Action.METADATA_FILE_SIZE, Long.valueOf(this.contentRepositoryV2.getContentSize(str, path.toString()))));
                evaluateAction(hierarchicalConfiguration, str, action2, list, false);
            }
        }
    }

    protected String getNewPath(String str, String str2) {
        String[] split = str2.split("/");
        String str3 = StudioAbstractAccessDecisionVoter.DEFAULT_PERMISSION_VOTER_PATH;
        for (String str4 : split) {
            if (!StringUtils.isEmpty(str4)) {
                String str5 = str3 + "/" + str4;
                if (!this.contentRepository.contentExists(str, str5)) {
                    String replace = str2.replace(str3, StudioAbstractAccessDecisionVoter.DEFAULT_PERMISSION_VOTER_PATH);
                    if (replace.startsWith("/")) {
                        replace = replace.substring(1);
                    }
                    return replace;
                }
                str3 = str5;
            }
        }
        return org.apache.commons.io.FilenameUtils.getName(str2);
    }
}
