package edu.ucsb.nceas.metacat.accesscontrol;

import edu.ucsb.nceas.metacat.BasicNode;
import edu.ucsb.nceas.metacat.DBEntityResolver;
import edu.ucsb.nceas.metacat.DocumentImpl;
import edu.ucsb.nceas.metacat.McdbException;
import edu.ucsb.nceas.metacat.clientview.ClientViewHelper;
import edu.ucsb.nceas.metacat.database.DBConnection;
import edu.ucsb.nceas.metacat.database.DBConnectionPool;
import edu.ucsb.nceas.metacat.properties.PropertyService;
import edu.ucsb.nceas.utilities.PropertyNotFoundException;
import edu.ucsb.nceas.utilities.access.AccessControlInterface;
import java.io.IOException;
import java.io.StringReader;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Stack;
import java.util.Vector;
import org.apache.log4j.Logger;
import org.xml.sax.Attributes;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;
import org.xml.sax.ext.LexicalHandler;
import org.xml.sax.helpers.DefaultHandler;
import org.xml.sax.helpers.XMLReaderFactory;

/* loaded from: input_file:edu/ucsb/nceas/metacat/accesscontrol/AccessControlList.class */
public class AccessControlList extends DefaultHandler implements AccessControlInterface, LexicalHandler {
    private DBConnection connection;
    private String parserName;
    private Stack elementStack;
    private String sep;
    private boolean processingDTD;
    private String user;
    private String[] groups;
    private String aclid;
    private int rev;
    private String docname;
    private String doctype;
    private String systemid;
    private String docurl;
    private Vector resourceURL;
    private Vector resourceID;
    private Vector principal;
    private int permission;
    private String permType;
    private String permOrder;
    private String beginTime;
    private String endTime;
    private int ticketCount;
    private int serverCode;
    private Vector aclObjects;
    private boolean instarttag;
    private String tagName;
    private static Logger logMetacat = Logger.getLogger(AccessControlList.class);

    public AccessControlList(DBConnection dBConnection) throws SQLException {
        this.serverCode = 1;
        this.aclObjects = new Vector();
        this.instarttag = true;
        this.tagName = "";
        this.connection = dBConnection;
    }

    public AccessControlList(DBConnection dBConnection, String str, int i, String str2, String[] strArr, int i2) throws SAXException, IOException, McdbException, PropertyNotFoundException {
        this.serverCode = 1;
        this.aclObjects = new Vector();
        this.instarttag = true;
        this.tagName = "";
        String property = PropertyService.getProperty("xml.saxparser");
        this.sep = PropertyService.getProperty("document.accNumSeparator");
        this.connection = dBConnection;
        this.parserName = property;
        this.processingDTD = false;
        this.elementStack = new Stack();
        this.user = str2;
        this.groups = strArr;
        this.aclid = str;
        this.resourceURL = new Vector();
        this.resourceID = new Vector();
        this.principal = new Vector();
        this.permission = 0;
        this.ticketCount = 0;
        this.serverCode = i2;
        DocumentImpl documentImpl = new DocumentImpl(str + this.sep + i);
        String documentImpl2 = documentImpl.toString();
        this.rev = documentImpl.getRev();
        XMLReader initializeParser = initializeParser();
        if (documentImpl2 == null) {
            throw new McdbException("Could not retrieve access control list for:  " + str + this.sep + i);
        }
        initializeParser.parse(new InputSource(new StringReader(documentImpl2)));
    }

    private XMLReader initializeParser() throws SAXException {
        XMLReader createXMLReader = XMLReaderFactory.createXMLReader(this.parserName);
        createXMLReader.setFeature(DocumentImpl.VALIDATIONFEATURE, true);
        createXMLReader.setProperty(DocumentImpl.LEXICALPROPERTY, this);
        createXMLReader.setContentHandler(this);
        createXMLReader.setEntityResolver(new DBEntityResolver(this.connection, this, null));
        createXMLReader.setDTDHandler(this);
        createXMLReader.setErrorHandler(this);
        return createXMLReader;
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void startDocument() throws SAXException {
        try {
            this.aclObjects = getACLObjects(this.aclid);
            if (this.aclid != null) {
                deletePermissionsForRelatedResources(this.aclid);
            }
        } catch (SQLException e) {
            throw new SAXException(e);
        }
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void startElement(String str, String str2, String str3, Attributes attributes) throws SAXException {
        this.instarttag = true;
        if (str2.equals(ClientViewHelper.PERMISSION_TYPE_ALLOW)) {
            this.tagName = ClientViewHelper.PERMISSION_TYPE_ALLOW;
        } else if (str2.equals(ClientViewHelper.PERMISSION_TYPE_DISALLOW)) {
            this.tagName = ClientViewHelper.PERMISSION_TYPE_DISALLOW;
        }
        BasicNode basicNode = new BasicNode(str2);
        if (attributes != null) {
            int length = attributes.getLength();
            for (int i = 0; i < length; i++) {
                basicNode.setAttribute(attributes.getLocalName(i), attributes.getValue(i));
            }
        }
        if (basicNode.getTagName().equals("acl")) {
            this.permOrder = basicNode.getAttribute("order");
        }
        this.elementStack.push(basicNode);
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void characters(char[] cArr, int i, int i2) throws SAXException {
        if (this.instarttag) {
            String trim = new String(cArr, i, i2).trim();
            String tagName = ((BasicNode) this.elementStack.peek()).getTagName();
            if (tagName.equals("principal")) {
                this.principal.addElement(trim);
                return;
            }
            if (tagName.equals("permission")) {
                if (trim.trim().toUpperCase().equals("READ")) {
                    this.permission |= 4;
                    return;
                }
                if (trim.trim().toUpperCase().equals("WRITE")) {
                    this.permission |= 2;
                    return;
                } else if (trim.trim().toUpperCase().equals("CHANGEPERMISSION")) {
                    this.permission |= 1;
                    return;
                } else {
                    if (trim.trim().toUpperCase().equals("ALL")) {
                        this.permission |= 7;
                        return;
                    }
                    return;
                }
            }
            if (tagName.equals("startDate") && this.beginTime == null) {
                this.beginTime = trim.trim();
                return;
            }
            if (tagName.equals("stopDate") && this.endTime == null) {
                this.endTime = trim.trim();
            } else if (tagName.equals("ticketCount") && this.ticketCount == 0) {
                try {
                    this.ticketCount = new Integer(trim.trim()).intValue();
                } catch (NumberFormatException e) {
                    throw new SAXException("Wrong integer format for:" + trim);
                }
            }
        }
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void endElement(String str, String str2, String str3) throws SAXException {
        this.instarttag = false;
        String tagName = ((BasicNode) this.elementStack.pop()).getTagName();
        if (tagName.equals(ClientViewHelper.PERMISSION_TYPE_ALLOW) || tagName.equals(ClientViewHelper.PERMISSION_TYPE_DISALLOW)) {
            if (this.permission > 0) {
                for (int i = 0; i < this.aclObjects.size(); i++) {
                    try {
                        insertPermissions((String) this.aclObjects.elementAt(i), tagName);
                    } catch (SQLException e) {
                        throw new SAXException(e);
                    } catch (Exception e2) {
                        throw new SAXException(e2);
                    }
                }
            }
            this.principal = new Vector();
            this.permission = 0;
            this.beginTime = null;
            this.endTime = null;
            this.ticketCount = 0;
        }
    }

    @Override // org.xml.sax.ext.LexicalHandler
    public void startDTD(String str, String str2, String str3) throws SAXException {
        this.processingDTD = true;
        logMetacat.debug("AccessControlList.startDTD - Setting processingDTD to true");
        logMetacat.debug("AccessControlList.startDTD - start DTD");
        this.docname = str;
        this.doctype = str2;
        this.systemid = str3;
    }

    @Override // org.xml.sax.ext.LexicalHandler
    public void endDTD() throws SAXException {
        this.processingDTD = false;
        logMetacat.debug("AccessControlList.endDTD - Setting processingDTD to false");
        logMetacat.debug("AccessControlList.endDTD - end DTD");
    }

    @Override // org.xml.sax.ext.LexicalHandler
    public void startEntity(String str) throws SAXException {
        logMetacat.debug("AccessControlList.startEntity ");
        if (str.equals("[dtd]")) {
            logMetacat.debug("AccessControlList.startEntity  set processingDTD to true.");
            this.processingDTD = true;
        }
    }

    @Override // org.xml.sax.ext.LexicalHandler
    public void endEntity(String str) throws SAXException {
        logMetacat.debug("AccessControlList.endEntity ");
        if (str.equals("[dtd]")) {
            logMetacat.debug("AccessControlList.endEntity  set processingDTD to false.");
            this.processingDTD = false;
        }
    }

    public String getDocname() {
        return this.docname;
    }

    public boolean processingDTD() {
        return this.processingDTD;
    }

    private Vector getACLObjects(String str) throws SQLException {
        Vector vector = new Vector();
        DBConnection dBConnection = null;
        int i = -1;
        PreparedStatement preparedStatement = null;
        try {
            try {
                dBConnection = DBConnectionPool.getDBConnection("AccessControlList.getACLObject");
                i = dBConnection.getCheckOutSerialNumber();
                preparedStatement = dBConnection.prepareStatement("SELECT object FROM xml_relation WHERE subject = ? ");
                preparedStatement.setString(1, str);
                preparedStatement.execute();
                ResultSet resultSet = preparedStatement.getResultSet();
                for (boolean next = resultSet.next(); next; next = resultSet.next()) {
                    vector.addElement(resultSet.getString(1));
                }
                try {
                    preparedStatement.close();
                    DBConnectionPool.returnDBConnection(dBConnection, i);
                    return vector;
                } catch (Throwable th) {
                    DBConnectionPool.returnDBConnection(dBConnection, i);
                    throw th;
                }
            } catch (SQLException e) {
                throw e;
            }
        } catch (Throwable th2) {
            try {
                preparedStatement.close();
                DBConnectionPool.returnDBConnection(dBConnection, i);
                throw th2;
            } catch (Throwable th3) {
                DBConnectionPool.returnDBConnection(dBConnection, i);
                throw th3;
            }
        }
    }

    private void deletePermissionsForRelatedResources(String str) throws SQLException {
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = this.connection.prepareStatement("DELETE FROM xml_access WHERE accessfileid = ?");
                preparedStatement.setString(1, str);
                this.connection.increaseUsageCount(1);
                logMetacat.debug("running sql: " + preparedStatement.toString());
                preparedStatement.execute();
                preparedStatement.close();
            } catch (SQLException e) {
                throw e;
            }
        } catch (Throwable th) {
            preparedStatement.close();
            throw th;
        }
    }

    private void insertPermissions(String str, String str2) throws SQLException {
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = this.connection.prepareStatement("INSERT INTO xml_access (guid, principal_name, permission, perm_type, perm_order,ticket_count, accessfileid) VALUES (?,?,?,?,?,?,?)");
                this.connection.increaseUsageCount(1);
                preparedStatement.setString(1, str);
                preparedStatement.setInt(3, this.permission);
                preparedStatement.setString(4, str2);
                preparedStatement.setString(5, this.permOrder);
                preparedStatement.setString(7, this.aclid);
                if (this.ticketCount > 0) {
                    preparedStatement.setInt(6, this.ticketCount);
                } else {
                    preparedStatement.setInt(6, 0);
                }
                for (int i = 0; i < this.principal.size(); i++) {
                    preparedStatement.setString(2, (String) this.principal.elementAt(i));
                    logMetacat.debug("running sql: " + preparedStatement.toString());
                    preparedStatement.execute();
                }
                preparedStatement.close();
                preparedStatement.close();
            } catch (SQLException e) {
                throw new SQLException("AccessControlList.insertPermissions(): " + e.getMessage());
            }
        } catch (Throwable th) {
            preparedStatement.close();
            throw th;
        }
    }

    private int getPermissions(int i, String str, String str2, String str3) throws SQLException {
        PreparedStatement preparedStatement = null;
        DBConnection dBConnection = null;
        int i2 = -1;
        try {
            try {
                dBConnection = DBConnectionPool.getDBConnection("AccessControlList.getPermissions");
                i2 = dBConnection.getCheckOutSerialNumber();
                preparedStatement = dBConnection.prepareStatement("SELECT permission FROM xml_access WHERE docid = ? AND principal_name = ? AND perm_order NOT = ?");
                preparedStatement.setString(1, str2);
                preparedStatement.setString(2, str);
                preparedStatement.setString(3, str3);
                logMetacat.debug("running sql: " + preparedStatement.toString());
                preparedStatement.execute();
                ResultSet resultSet = preparedStatement.getResultSet();
                for (boolean next = resultSet.next(); next; next = resultSet.next()) {
                    int i3 = i & resultSet.getInt(1);
                    if (i3 != 0) {
                        preparedStatement.close();
                        try {
                            preparedStatement.close();
                            DBConnectionPool.returnDBConnection(dBConnection, i2);
                            return i3;
                        } finally {
                        }
                    }
                }
                try {
                    preparedStatement.close();
                    DBConnectionPool.returnDBConnection(dBConnection, i2);
                    return 0;
                } finally {
                }
            } catch (SQLException e) {
                throw e;
            }
        } catch (Throwable th) {
            try {
                preparedStatement.close();
                DBConnectionPool.returnDBConnection(dBConnection, i2);
                throw th;
            } catch (Throwable th2) {
                DBConnectionPool.returnDBConnection(dBConnection, i2);
                throw th2;
            }
        }
    }

    public static int intValue(String str) {
        int i = 0;
        try {
            i = new Integer(str).intValue();
        } catch (Exception e) {
        }
        if (i >= 0 && i <= 7) {
            return i;
        }
        i = -1;
        if (str.toUpperCase().contains("CHANGEPERMISSION")) {
            i |= 1;
        }
        if (str.toUpperCase().contains("READ")) {
            i |= 4;
        }
        if (str.toUpperCase().contains("WRITE")) {
            i |= 2;
        }
        if (str.toUpperCase().contains("ALL")) {
            i |= 7;
        }
        return i;
    }

    public static String txtValue(int i) {
        StringBuffer stringBuffer = new StringBuffer();
        if ((i & 7) == 7) {
            return "ALL";
        }
        if ((i & 1) == 1) {
            stringBuffer.append("CHANGEPERMISSION");
        }
        if ((i & 4) == 4) {
            if (stringBuffer.length() > 0) {
                stringBuffer.append(",");
            }
            stringBuffer.append("READ");
        }
        if ((i & 2) == 2) {
            if (stringBuffer.length() > 0) {
                stringBuffer.append(",");
            }
            stringBuffer.append("WRITE");
        }
        return stringBuffer.toString();
    }

    private String getPublicAccess(String str) throws SQLException {
        int i = 0;
        PreparedStatement preparedStatement = null;
        DBConnection dBConnection = null;
        int i2 = -1;
        try {
            dBConnection = DBConnectionPool.getDBConnection("AccessControlList.getPublicAcces");
            i2 = dBConnection.getCheckOutSerialNumber();
            preparedStatement = dBConnection.prepareStatement("SELECT public_access FROM xml_documents WHERE docid = ?");
            preparedStatement.setString(1, str);
            preparedStatement.execute();
            ResultSet resultSet = preparedStatement.getResultSet();
            if (resultSet.next()) {
                i = resultSet.getInt(1);
            }
            String str2 = i == 1 ? "yes" : "no";
            try {
                preparedStatement.close();
                DBConnectionPool.returnDBConnection(dBConnection, i2);
                return str2;
            } catch (Throwable th) {
                DBConnectionPool.returnDBConnection(dBConnection, i2);
                throw th;
            }
        } catch (Throwable th2) {
            try {
                preparedStatement.close();
                DBConnectionPool.returnDBConnection(dBConnection, i2);
                throw th2;
            } catch (Throwable th3) {
                DBConnectionPool.returnDBConnection(dBConnection, i2);
                throw th3;
            }
        }
    }

    @Override // org.xml.sax.ext.LexicalHandler
    public void comment(char[] cArr, int i, int i2) throws SAXException {
        logMetacat.trace("AccessControlList.comment - starting comment");
    }

    @Override // org.xml.sax.ext.LexicalHandler
    public void startCDATA() throws SAXException {
        logMetacat.trace("AccessControlList.startCDATA - starting CDATA");
    }

    @Override // org.xml.sax.ext.LexicalHandler
    public void endCDATA() throws SAXException {
        logMetacat.trace("AccessControlList.endCDATA - end CDATA");
    }

    public static void main(String[] strArr) {
        System.out.println("text value for CHMOD (1): " + txtValue(1));
        System.out.println("text value for READ: (4): " + txtValue(4));
        System.out.println("text value for WRITE: (2): " + txtValue(2));
        System.out.println("text value for ALL: (7): " + txtValue(7));
        System.out.println("text value for CHMOD|READ: (5): " + txtValue(5));
        System.out.println("text value for CHMOD|WRITE: (3): " + txtValue(3));
        System.out.println("text value for CHMOD|ALL: (7): " + txtValue(7));
        System.out.println("text value for READ|WRITE: (6): " + txtValue(6));
        System.out.println("text value for READ|ALL: (7): " + txtValue(7));
        System.out.println("text value for WRITE|ALL: (7): " + txtValue(7));
        System.out.println("text value for CHMOD|READ|WRITE: (7): " + txtValue(7));
        System.out.println("text value for CHMOD|READ|ALL: (7): " + txtValue(7));
        System.out.println("text value for CHMOD|WRITE|ALL: (7): " + txtValue(7));
        System.out.println("text value for READ|WRITE|ALL: (7): " + txtValue(7));
        System.out.println("text value for CHMOD|READ|WRITE|ALL: (7): " + txtValue(7));
        System.out.println();
        System.out.println("int value for GOOBER: " + intValue("GOOBER"));
        System.out.println("int value for CHANGEPERMISSION: " + intValue("CHANGEPERMISSION"));
        System.out.println("int value for READ: " + intValue("READ"));
        System.out.println("int value for WRITE: " + intValue("WRITE"));
        System.out.println("int value for ALL: " + intValue("ALL"));
        System.out.println("int value for CHANGEPERMISSION,READ: " + intValue("CHANGEPERMISSION,READ"));
        System.out.println("int value for CHANGEPERMISSION,WRITE: " + intValue("CHANGEPERMISSION,WRITE"));
        System.out.println("int value for CHANGEPERMISSION,ALL: " + intValue("CHANGEPERMISSION,ALL"));
        System.out.println("int value for READ,WRITE: " + intValue("READ,WRITE"));
        System.out.println("int value for READ,ALL: " + intValue("READ,ALL"));
        System.out.println("int value for WRITE,ALL: " + intValue("WRITE,ALL"));
        System.out.println("int value for CHANGEPERMISSION,READ,WRITE: " + intValue("CHANGEPERMISSION,READ,WRITE"));
        System.out.println("int value for CHANGEPERMISSION,READ,ALL: " + intValue("CHANGEPERMISSION,READ,ALL"));
        System.out.println("int value for CHANGEPERMISSION,READ,ALL: " + intValue("CHANGEPERMISSION,WRITE,ALL"));
        System.out.println("int value for READ,WRITE,ALL: " + intValue("READ,WRITE,ALL"));
        System.out.println("int value for CHANGEPERMISSION,READ,WRITE,ALL: " + intValue("CHANGEPERMISSION,READ,WRITE,ALL"));
    }
}
