package org.dspace.sword;

import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.dspace.authenticate.AuthenticationManager;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager;
import org.dspace.content.Collection;
import org.dspace.content.Community;
import org.dspace.content.DSpaceObject;
import org.dspace.content.Item;
import org.dspace.content.ItemIterator;
import org.dspace.core.ConfigurationManager;
import org.dspace.core.Context;
import org.dspace.core.LogManager;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.purl.sword.base.AtomDocumentRequest;
import org.purl.sword.base.Deposit;
import org.purl.sword.base.ErrorCodes;
import org.purl.sword.base.SWORDAuthenticationException;
import org.purl.sword.base.SWORDErrorException;
import org.purl.sword.base.SWORDException;
import org.purl.sword.base.ServiceDocumentRequest;

/* loaded from: input_file:org/dspace/sword/SWORDAuthenticator.class */
public class SWORDAuthenticator {
    private static Logger log = Logger.getLogger(SWORDAuthenticator.class);

    public boolean authenticates(Context context, String str, String str2) {
        return AuthenticationManager.authenticate(context, str, str2, (String) null, (HttpServletRequest) null) == 1;
    }

    private Context constructContext(String str) throws SWORDException {
        try {
            Context context = new Context();
            context.setExtraLogInfo("session_id=0:ip_addr=" + str);
            return context;
        } catch (SQLException e) {
            log.error("caught exception: ", e);
            throw new SWORDException("There was a problem with the database", e);
        }
    }

    public SWORDContext authenticate(ServiceDocumentRequest serviceDocumentRequest) throws SWORDException, SWORDErrorException, SWORDAuthenticationException {
        Context constructContext = constructContext(serviceDocumentRequest.getIPAddress());
        try {
            return authenticate(constructContext, serviceDocumentRequest);
        } catch (RuntimeException e) {
            if (constructContext != null && constructContext.isValid()) {
                constructContext.abort();
            }
            throw e;
        } catch (SWORDAuthenticationException e2) {
            if (constructContext != null && constructContext.isValid()) {
                constructContext.abort();
            }
            throw e2;
        } catch (SWORDErrorException e3) {
            if (constructContext != null && constructContext.isValid()) {
                constructContext.abort();
            }
            throw e3;
        } catch (SWORDException e4) {
            if (constructContext != null && constructContext.isValid()) {
                constructContext.abort();
            }
            throw e4;
        }
    }

    public SWORDContext authenticate(AtomDocumentRequest atomDocumentRequest) throws SWORDException, SWORDErrorException, SWORDAuthenticationException {
        Context constructContext = constructContext(atomDocumentRequest.getIPAddress());
        try {
            return authenticate(constructContext, atomDocumentRequest);
        } catch (RuntimeException e) {
            if (constructContext != null && constructContext.isValid()) {
                constructContext.abort();
            }
            throw e;
        } catch (SWORDAuthenticationException e2) {
            if (constructContext != null && constructContext.isValid()) {
                constructContext.abort();
            }
            throw e2;
        } catch (SWORDErrorException e3) {
            if (constructContext != null && constructContext.isValid()) {
                constructContext.abort();
            }
            throw e3;
        } catch (SWORDException e4) {
            if (constructContext != null && constructContext.isValid()) {
                constructContext.abort();
            }
            throw e4;
        }
    }

    private SWORDContext authenticate(Context context, AtomDocumentRequest atomDocumentRequest) throws SWORDAuthenticationException, SWORDException, SWORDErrorException {
        return authenticate(context, atomDocumentRequest.getUsername(), atomDocumentRequest.getPassword(), null, atomDocumentRequest.getIPAddress());
    }

    private SWORDContext authenticate(Context context, ServiceDocumentRequest serviceDocumentRequest) throws SWORDAuthenticationException, SWORDException, SWORDErrorException {
        return authenticate(context, serviceDocumentRequest.getUsername(), serviceDocumentRequest.getPassword(), serviceDocumentRequest.getOnBehalfOf(), serviceDocumentRequest.getIPAddress());
    }

    public SWORDContext authenticate(Deposit deposit) throws SWORDException, SWORDErrorException, SWORDAuthenticationException {
        Context constructContext = constructContext(deposit.getIPAddress());
        try {
            return authenticate(constructContext, deposit);
        } catch (RuntimeException e) {
            if (constructContext != null && constructContext.isValid()) {
                constructContext.abort();
            }
            throw e;
        } catch (SWORDAuthenticationException e2) {
            if (constructContext != null && constructContext.isValid()) {
                constructContext.abort();
            }
            throw e2;
        } catch (SWORDErrorException e3) {
            if (constructContext != null && constructContext.isValid()) {
                constructContext.abort();
            }
            throw e3;
        } catch (SWORDException e4) {
            if (constructContext != null && constructContext.isValid()) {
                constructContext.abort();
            }
            throw e4;
        }
    }

    private SWORDContext authenticate(Context context, Deposit deposit) throws SWORDAuthenticationException, SWORDException, SWORDErrorException {
        return authenticate(context, deposit.getUsername(), deposit.getPassword(), deposit.getOnBehalfOf(), deposit.getIPAddress());
    }

    private SWORDContext authenticate(Context context, String str, String str2, String str3, String str4) throws SWORDAuthenticationException, SWORDException, SWORDErrorException {
        if ("".equals(str3)) {
            str3 = null;
        }
        if (!ConfigurationManager.getBooleanProperty("sword-server", "on-behalf-of.enable") && str3 != null) {
            log.error("Attempted mediated deposit on service not configured to do so");
            throw new SWORDErrorException(ErrorCodes.MEDIATION_NOT_ALLOWED, "Mediated deposit to this service is not permitted");
        }
        log.info(LogManager.getHeader(context, "sword_authenticate", "username=" + str + ",on_behalf_of=" + str3));
        try {
            SWORDContext sWORDContext = new SWORDContext();
            EPerson ePerson = null;
            boolean z = false;
            if (authenticates(context, str, str2)) {
                ePerson = context.getCurrentUser();
                if (ePerson != null) {
                    z = true;
                    sWORDContext.setAuthenticated(ePerson);
                    int[] specialGroups = AuthenticationManager.getSpecialGroups(context, (HttpServletRequest) null);
                    for (int i = 0; i < specialGroups.length; i++) {
                        context.setSpecialGroup(specialGroups[i]);
                        log.debug("Adding Special Group id=" + String.valueOf(specialGroups[i]));
                    }
                    sWORDContext.setAuthenticatorContext(context);
                    sWORDContext.setContext(context);
                }
                if (str3 != null) {
                    EPerson findByEmail = EPerson.findByEmail(context, str3);
                    if (findByEmail == null) {
                        findByEmail = EPerson.findByNetid(context, str3);
                    }
                    if (findByEmail == null) {
                        throw new SWORDErrorException(ErrorCodes.TARGET_OWNER_UKNOWN, "unable to identify on-behalf-of user: " + str3);
                    }
                    sWORDContext.setOnBehalfOf(findByEmail);
                    Context constructContext = constructContext(str4);
                    constructContext.setCurrentUser(findByEmail);
                    int[] specialGroups2 = AuthenticationManager.getSpecialGroups(constructContext, (HttpServletRequest) null);
                    for (int i2 = 0; i2 < specialGroups2.length; i2++) {
                        constructContext.setSpecialGroup(specialGroups2[i2]);
                        log.debug("Adding Special Group id=" + String.valueOf(specialGroups2[i2]));
                    }
                    sWORDContext.setContext(constructContext);
                }
            }
            if (z) {
                return sWORDContext;
            }
            if (ePerson != null) {
                log.info(LogManager.getHeader(context, "sword_unable_to_set_user", "username=" + str));
                throw new SWORDAuthenticationException("Unable to authenticate the supplied used");
            }
            log.info(LogManager.getHeader(context, "sword_unable_to_set_on_behalf_of", "username=" + str + ",on_behalf_of=" + str3));
            throw new SWORDAuthenticationException("Unable to authenticate the onBehalfOf account");
        } catch (AuthorizeException e) {
            log.error("caught exception: ", e);
            throw new SWORDAuthenticationException("There was a problem authenticating or authorising the user", e);
        } catch (SQLException e2) {
            log.error("caught exception: ", e2);
            throw new SWORDException("There was a problem accessing the repository user database", e2);
        }
    }

    public boolean canSubmit(SWORDService sWORDService, Deposit deposit, DSpaceObject dSpaceObject) throws DSpaceSWORDException, SWORDErrorException {
        boolean canSubmitTo = canSubmitTo(sWORDService.getSwordContext(), dSpaceObject);
        if (canSubmitTo) {
            sWORDService.message("User is authorised to submit to collection");
        } else {
            sWORDService.message("User is not authorised to submit to collection");
        }
        return canSubmitTo;
    }

    public boolean isUserAdmin(SWORDContext sWORDContext) throws DSpaceSWORDException {
        try {
            if (sWORDContext.getAuthenticated() != null) {
                return AuthorizeManager.isAdmin(sWORDContext.getAuthenticatorContext());
            }
            return false;
        } catch (SQLException e) {
            log.error("Caught exception: ", e);
            throw new DSpaceSWORDException(e);
        }
    }

    public boolean isOnBehalfOfAdmin(SWORDContext sWORDContext) throws DSpaceSWORDException {
        if (sWORDContext.getOnBehalfOf() == null) {
            return false;
        }
        try {
            return AuthorizeManager.isAdmin(sWORDContext.getOnBehalfOfContext());
        } catch (SQLException e) {
            log.error("Caught exception: ", e);
            throw new DSpaceSWORDException(e);
        }
    }

    public boolean isUserInGroup(SWORDContext sWORDContext, Group group) {
        EPerson authenticated = sWORDContext.getAuthenticated();
        if (authenticated != null) {
            return isInGroup(group, authenticated);
        }
        return false;
    }

    public boolean isOnBehalfOfInGroup(SWORDContext sWORDContext, Group group) {
        EPerson onBehalfOf = sWORDContext.getOnBehalfOf();
        if (onBehalfOf != null) {
            return isInGroup(group, onBehalfOf);
        }
        return false;
    }

    public boolean isInGroup(Group group, EPerson ePerson) {
        EPerson[] members = group.getMembers();
        Group[] memberGroups = group.getMemberGroups();
        for (EPerson ePerson2 : members) {
            if (ePerson.getID() == ePerson2.getID()) {
                return true;
            }
        }
        if (memberGroups == null || memberGroups.length <= 0) {
            return false;
        }
        for (Group group2 : memberGroups) {
            if (isInGroup(group2, ePerson)) {
                return true;
            }
        }
        return false;
    }

    public List<Community> getAllowedCommunities(SWORDContext sWORDContext) throws DSpaceSWORDException {
        try {
            Context context = sWORDContext.getContext();
            ArrayList arrayList = new ArrayList();
            DSpaceObject[] findAllTop = Community.findAllTop(context);
            for (int i = 0; i < findAllTop.length; i++) {
                boolean z = sWORDContext.getOnBehalfOf() == null;
                boolean authorizeActionBoolean = 0 == 0 ? AuthorizeManager.authorizeActionBoolean(sWORDContext.getAuthenticatorContext(), findAllTop[i], 0) : false;
                if (!z) {
                    z = AuthorizeManager.authorizeActionBoolean(sWORDContext.getOnBehalfOfContext(), findAllTop[i], 0);
                }
                if (authorizeActionBoolean && z) {
                    arrayList.add(findAllTop[i]);
                }
            }
            return arrayList;
        } catch (SQLException e) {
            log.error("Caught exception: ", e);
            throw new DSpaceSWORDException(e);
        }
    }

    public List<Community> getCommunities(SWORDContext sWORDContext, Community community) throws DSpaceSWORDException {
        try {
            DSpaceObject[] subcommunities = community.getSubcommunities();
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < subcommunities.length; i++) {
                boolean z = sWORDContext.getOnBehalfOf() == null;
                boolean authorizeActionBoolean = 0 == 0 ? AuthorizeManager.authorizeActionBoolean(sWORDContext.getAuthenticatorContext(), subcommunities[i], 0) : false;
                if (!z) {
                    z = AuthorizeManager.authorizeActionBoolean(sWORDContext.getOnBehalfOfContext(), subcommunities[i], 0);
                }
                if (authorizeActionBoolean && z) {
                    arrayList.add(subcommunities[i]);
                }
            }
            return arrayList;
        } catch (SQLException e) {
            log.error("Caught exception: ", e);
            throw new DSpaceSWORDException(e);
        }
    }

    public List<Collection> getAllowedCollections(SWORDContext sWORDContext) throws DSpaceSWORDException {
        return getAllowedCollections(sWORDContext, null);
    }

    public List<Collection> getAllowedCollections(SWORDContext sWORDContext, Community community) throws DSpaceSWORDException {
        try {
            DSpaceObject[] findAuthorized = Collection.findAuthorized(sWORDContext.getAuthenticatorContext(), community, 3);
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < findAuthorized.length; i++) {
                boolean z = sWORDContext.getOnBehalfOf() == null;
                if (!z) {
                    z = AuthorizeManager.authorizeActionBoolean(sWORDContext.getOnBehalfOfContext(), findAuthorized[i], 3);
                }
                if (z) {
                    arrayList.add(findAuthorized[i]);
                }
            }
            return arrayList;
        } catch (SQLException e) {
            log.error("Caught exception: ", e);
            throw new DSpaceSWORDException(e);
        }
    }

    public List<Item> getAllowedItems(SWORDContext sWORDContext, Collection collection) throws DSpaceSWORDException {
        try {
            ArrayList arrayList = new ArrayList();
            ItemIterator items = collection.getItems();
            while (items.hasNext()) {
                Item next = items.next();
                boolean z = false;
                boolean z2 = sWORDContext.getOnBehalfOf() == null;
                DSpaceObject[] bundles = next.getBundles("ORIGINAL");
                if (0 == 0) {
                    boolean authorizeActionBoolean = AuthorizeManager.authorizeActionBoolean(sWORDContext.getAuthenticatorContext(), next, 1);
                    boolean z3 = false;
                    for (DSpaceObject dSpaceObject : bundles) {
                        z3 = AuthorizeManager.authorizeActionBoolean(sWORDContext.getAuthenticatorContext(), dSpaceObject, 3);
                        if (!z3) {
                            break;
                        }
                    }
                    z = authorizeActionBoolean && z3;
                }
                if (!z2) {
                    boolean authorizeActionBoolean2 = AuthorizeManager.authorizeActionBoolean(sWORDContext.getOnBehalfOfContext(), next, 1);
                    boolean z4 = false;
                    for (DSpaceObject dSpaceObject2 : bundles) {
                        z4 = AuthorizeManager.authorizeActionBoolean(sWORDContext.getOnBehalfOfContext(), dSpaceObject2, 3);
                        if (!z4) {
                            break;
                        }
                    }
                    z2 = authorizeActionBoolean2 && z4;
                }
                if (z && z2) {
                    arrayList.add(next);
                }
            }
            return arrayList;
        } catch (SQLException e) {
            throw new DSpaceSWORDException(e);
        }
    }

    public boolean canSubmitTo(SWORDContext sWORDContext, Collection collection) throws DSpaceSWORDException {
        try {
            boolean z = false;
            boolean z2 = false;
            if (sWORDContext.getOnBehalfOf() == null) {
                z2 = true;
            }
            if (0 == 0) {
                z = AuthorizeManager.authorizeActionBoolean(sWORDContext.getAuthenticatorContext(), collection, 3);
            }
            if (!z2) {
                z2 = AuthorizeManager.authorizeActionBoolean(sWORDContext.getOnBehalfOfContext(), collection, 3);
            }
            return z && z2;
        } catch (SQLException e) {
            log.error("Caught exception: ", e);
            throw new DSpaceSWORDException(e);
        }
    }

    public boolean canSubmitTo(SWORDContext sWORDContext, Item item) throws DSpaceSWORDException {
        try {
            boolean z = false;
            boolean z2 = sWORDContext.getOnBehalfOf() == null;
            DSpaceObject[] bundles = item.getBundles("ORIGINAL");
            if (0 == 0) {
                boolean authorizeActionBoolean = AuthorizeManager.authorizeActionBoolean(sWORDContext.getAuthenticatorContext(), item, 1);
                boolean z3 = false;
                for (DSpaceObject dSpaceObject : bundles) {
                    z3 = AuthorizeManager.authorizeActionBoolean(sWORDContext.getAuthenticatorContext(), dSpaceObject, 3);
                    if (!z3) {
                        break;
                    }
                }
                z = authorizeActionBoolean && z3;
            }
            if (!z2) {
                boolean authorizeActionBoolean2 = AuthorizeManager.authorizeActionBoolean(sWORDContext.getOnBehalfOfContext(), item, 1);
                boolean z4 = false;
                for (DSpaceObject dSpaceObject2 : bundles) {
                    z4 = AuthorizeManager.authorizeActionBoolean(sWORDContext.getOnBehalfOfContext(), dSpaceObject2, 3);
                    if (!z4) {
                        break;
                    }
                }
                z2 = authorizeActionBoolean2 && z4;
            }
            return z && z2;
        } catch (SQLException e) {
            log.error("Caught exception: ", e);
            throw new DSpaceSWORDException(e);
        }
    }

    public boolean canSubmitTo(SWORDContext sWORDContext, DSpaceObject dSpaceObject) throws DSpaceSWORDException {
        if (dSpaceObject instanceof Collection) {
            return canSubmitTo(sWORDContext, (Collection) dSpaceObject);
        }
        if (dSpaceObject instanceof Item) {
            return canSubmitTo(sWORDContext, (Item) dSpaceObject);
        }
        return false;
    }
}
