package org.fcrepo.http.api;

import io.micrometer.core.annotation.Timed;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import javax.inject.Inject;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.jena.rdf.model.Model;
import org.apache.jena.rdf.model.ModelFactory;
import org.apache.jena.rdf.model.ResourceFactory;
import org.apache.jena.riot.Lang;
import org.apache.jena.riot.RDFDataMgr;
import org.apache.jena.riot.RDFLanguages;
import org.apache.jena.shared.JenaException;
import org.fcrepo.config.AuthPropsConfig;
import org.fcrepo.http.commons.domain.PATCH;
import org.fcrepo.http.commons.domain.RDFMediaType;
import org.fcrepo.http.commons.responses.RdfNamespacedStream;
import org.fcrepo.kernel.api.exception.AccessDeniedException;
import org.fcrepo.kernel.api.exception.ItemNotFoundException;
import org.fcrepo.kernel.api.exception.PathNotFoundException;
import org.fcrepo.kernel.api.exception.PathNotFoundRuntimeException;
import org.fcrepo.kernel.api.identifiers.FedoraId;
import org.fcrepo.kernel.api.models.FedoraResource;
import org.fcrepo.kernel.api.models.WebacAcl;
import org.fcrepo.kernel.api.rdf.DefaultRdfStream;
import org.fcrepo.kernel.api.services.WebacAclService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Scope;

@Timed
@Scope("request")
@Path("/{path: (.+/)?}fcr:acl")
/* loaded from: input_file:org/fcrepo/http/api/FedoraAcl.class */
public class FedoraAcl extends ContentExposingResource {
    private static final Logger LOGGER = LoggerFactory.getLogger(FedoraAcl.class);
    private static final String ROOT_AUTHORIZATION_LOCATION = "/root-authorization.ttl";

    @Context
    protected Request request;

    @Context
    protected HttpServletResponse servletResponse;

    @Context
    protected UriInfo uriInfo;

    @PathParam("path")
    protected String externalPath;

    @Inject
    private AuthPropsConfig authPropsConfig;

    @Inject
    private WebacAclService webacAclService;

    @PUT
    public Response createFedoraWebacAcl(@HeaderParam("Content-Type") MediaType mediaType, InputStream inputStream) {
        if (resource().isAcl() || resource().isMemento()) {
            throw new BadRequestException("ACL resource creation is not allowed for resource " + resource().getId());
        }
        LOGGER.info("PUT acl resource '{}'", externalPath());
        FedoraId asAcl = identifierConverter().pathToInternalId(externalPath()).asAcl();
        boolean doesResourceExist = doesResourceExist(transaction(), asAcl, false);
        try {
            MediaType valueOf = mediaType == null ? RDFMediaType.TURTLE_TYPE : MediaType.valueOf(getSimpleContentType(mediaType));
            if (!isRdfContentType(valueOf.toString())) {
                throw new BadRequestException("Content-Type (" + mediaType + ") is invalid. Try text/turtle or other RDF compatible type.");
            }
            Model bodyToInternalModel = this.httpRdfService.bodyToInternalModel(asAcl, inputStream, valueOf, identifierConverter(), hasLenientPreferHeader());
            doInDbTxWithRetry(() -> {
                if (doesResourceExist) {
                    this.replacePropertiesService.perform(transaction(), getUserPrincipal(), asAcl, bodyToInternalModel);
                } else {
                    this.webacAclService.create(transaction(), asAcl, getUserPrincipal(), bodyToInternalModel);
                }
                transaction().commitIfShortLived();
            });
            try {
                FedoraResource fedoraResource = getFedoraResource(transaction(), asAcl);
                addCacheControlHeaders(this.servletResponse, fedoraResource, transaction());
                URI uri = getUri(fedoraResource);
                if (doesResourceExist) {
                    Response build = Response.noContent().location(uri).build();
                    transaction().releaseResourceLocksIfShortLived();
                    return build;
                }
                Response build2 = Response.created(uri).build();
                transaction().releaseResourceLocksIfShortLived();
                return build2;
            } catch (PathNotFoundException e) {
                throw new PathNotFoundRuntimeException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            transaction().releaseResourceLocksIfShortLived();
            throw th;
        }
    }

    @PATCH
    @Consumes({"application/sparql-update"})
    public Response updateSparql(InputStream inputStream) throws IOException, ItemNotFoundException {
        hasRestrictedPath(this.externalPath);
        if (null == inputStream) {
            throw new BadRequestException("SPARQL-UPDATE requests must have content!");
        }
        FedoraId pathToInternalId = identifierConverter().pathToInternalId(externalPath());
        try {
            try {
                FedoraResource fedoraResource = getFedoraResource(transaction(), pathToInternalId.asAcl());
                try {
                    try {
                        String iOUtils = IOUtils.toString(inputStream, StandardCharsets.UTF_8);
                        if (StringUtils.isBlank(iOUtils)) {
                            throw new BadRequestException("SPARQL-UPDATE requests must have content!");
                        }
                        evaluateRequestPreconditions(this.request, this.servletResponse, fedoraResource, transaction());
                        LOGGER.info("PATCH for '{}'", this.externalPath);
                        String patchRequestToInternalString = this.httpRdfService.patchRequestToInternalString(fedoraResource.getFedoraId(), iOUtils, identifierConverter());
                        LOGGER.debug("PATCH request translated to '{}'", patchRequestToInternalString);
                        doInDbTxWithRetry(() -> {
                            patchResourcewithSparql(fedoraResource, patchRequestToInternalString);
                            transaction().commitIfShortLived();
                        });
                        addCacheControlHeaders(this.servletResponse, fedoraResource, transaction());
                        Response build = Response.noContent().build();
                        transaction().releaseResourceLocksIfShortLived();
                        return build;
                    } catch (AccessDeniedException e) {
                        throw e;
                    }
                } catch (IllegalArgumentException e2) {
                    throw new BadRequestException(e2.getMessage());
                } catch (RuntimeException e3) {
                    Throwable cause = e3.getCause();
                    if (cause instanceof PathNotFoundRuntimeException) {
                        throw new BadRequestException(cause.getMessage());
                    }
                    throw e3;
                }
            } catch (PathNotFoundException e4) {
                if (pathToInternalId.isRepositoryRoot()) {
                    throw new ClientErrorException("The default root ACL is system generated and cannot be modified. To override the default root ACL you must PUT a user-defined ACL to this endpoint.", Response.Status.CONFLICT);
                }
                throw new ItemNotFoundException("not found");
            }
        } catch (Throwable th) {
            transaction().releaseResourceLocksIfShortLived();
            throw th;
        }
    }

    @Override // org.fcrepo.http.api.ContentExposingResource
    protected String externalPath() {
        return this.externalPath;
    }

    @GET
    @Produces({"text/turtle;charset=utf-8;qs=1.0", "application/ld+json;qs=0.8", "text/rdf+n3;charset=utf-8", "text/n3;charset=utf-8", "application/rdf+xml", "application/n-triples", "text/plain;charset=utf-8", "text/html;charset=utf-8"})
    public Response getResource() throws IOException, ItemNotFoundException {
        LOGGER.info("GET resource '{}'", externalPath());
        FedoraId pathToInternalId = identifierConverter().pathToInternalId(externalPath());
        FedoraId asAcl = pathToInternalId.asAcl();
        if (!doesResourceExist(transaction(), asAcl, false)) {
            if (!pathToInternalId.isRepositoryRoot()) {
                throw new ItemNotFoundException(String.format("No ACL found at %s", this.externalPath));
            }
            String externalId = identifierConverter().toExternalId(asAcl.getFullId());
            return Response.ok(new RdfNamespacedStream(this.httpRdfService.bodyToExternalStream(externalId, DefaultRdfStream.fromModel(ResourceFactory.createResource(externalId).asNode(), getDefaultAcl(externalId, this.authPropsConfig.getRootAuthAclPath())), identifierConverter()), this.namespaceRegistry.getNamespaces())).build();
        }
        WebacAcl find = this.webacAclService.find(transaction(), asAcl);
        checkCacheControlHeaders(this.request, this.servletResponse, find, transaction());
        LOGGER.info("GET resource '{}'", this.externalPath);
        addResourceHttpHeaders(find);
        return getContent(getChildrenLimit(), find);
    }

    @DELETE
    public Response deleteObject() throws ItemNotFoundException {
        hasRestrictedPath(this.externalPath);
        LOGGER.info("Delete resource '{}'", this.externalPath);
        FedoraId pathToInternalId = identifierConverter().pathToInternalId(externalPath());
        try {
            try {
                FedoraResource fedoraResource = getFedoraResource(transaction(), pathToInternalId.asAcl());
                doInDbTxWithRetry(() -> {
                    this.deleteResourceService.perform(transaction(), fedoraResource, getUserPrincipal());
                    transaction().commitIfShortLived();
                });
                transaction().releaseResourceLocksIfShortLived();
                return Response.noContent().build();
            } catch (PathNotFoundException e) {
                if (pathToInternalId.isRepositoryRoot()) {
                    throw new ClientErrorException("The default root ACL is system generated and cannot be deleted. To override the default root ACL you must PUT a user-defined ACL to this endpoint.", Response.Status.CONFLICT);
                }
                throw new PathNotFoundRuntimeException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            transaction().releaseResourceLocksIfShortLived();
            throw th;
        }
    }

    public static Model getDefaultAcl(String str, java.nio.file.Path path) {
        Model createDefaultModel = ModelFactory.createDefaultModel();
        if (path != null && Files.isRegularFile(path, new LinkOption[0])) {
            try {
                LOGGER.debug("Getting root authorization from file: {}", path);
                BufferedInputStream bufferedInputStream = new BufferedInputStream(Files.newInputStream(path, new OpenOption[0]));
                try {
                    RDFDataMgr.read(createDefaultModel, bufferedInputStream, str, RDFLanguages.pathnameToLang(path.toString()));
                    bufferedInputStream.close();
                    return createDefaultModel;
                } finally {
                }
            } catch (JenaException | IOException e) {
                throw new RuntimeException("Error parsing the default root ACL " + path + ".", e);
            }
        }
        try {
            InputStream resourceAsStream = FedoraAcl.class.getResourceAsStream(ROOT_AUTHORIZATION_LOCATION);
            try {
                LOGGER.debug("Getting root ACL from classpath: {}", ROOT_AUTHORIZATION_LOCATION);
                Model read = createDefaultModel.read(resourceAsStream, str, Lang.TTL.getName());
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                return read;
            } catch (Throwable th) {
                if (resourceAsStream != null) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (JenaException e2) {
            throw new RuntimeException("Error parsing the default root ACL /root-authorization.ttl.", e2);
        } catch (IOException e3) {
            throw new RuntimeException("Error reading the default root Acl /root-authorization.ttl.", e3);
        }
    }
}
