package org.geoserver.security.decorators;

import java.io.IOException;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.geoserver.ows.Dispatcher;
import org.geoserver.ows.Request;
import org.geoserver.security.AccessLevel;
import org.geoserver.security.AccessLimits;
import org.geoserver.security.VectorAccessLimits;
import org.geoserver.security.WrapperPolicy;
import org.geotools.api.data.DataAccess;
import org.geotools.api.data.FeatureSource;
import org.geotools.api.data.Query;
import org.geotools.api.feature.Feature;
import org.geotools.api.feature.type.FeatureType;
import org.geotools.api.filter.Filter;
import org.geotools.api.filter.expression.PropertyName;
import org.geotools.data.DataUtilities;
import org.geotools.data.simple.SimpleFeatureCollection;
import org.geotools.data.store.ReTypingFeatureCollection;
import org.geotools.feature.FeatureCollection;
import org.geotools.feature.collection.ClippedFeatureCollection;
import org.geotools.feature.simple.SimpleFeatureTypeBuilder;
import org.geotools.util.factory.Hints;
import org.geotools.util.logging.Logging;
import org.locationtech.jts.geom.Geometry;

/* loaded from: input_file:org/geoserver/security/decorators/SecuredFeatureSource.class */
public class SecuredFeatureSource<T extends FeatureType, F extends Feature> extends DecoratingFeatureSource<T, F> {
    static final Logger LOGGER = Logging.getLogger(SecuredFeatureSource.class);
    WrapperPolicy policy;

    /* JADX INFO: Access modifiers changed from: protected */
    public SecuredFeatureSource(FeatureSource<T, F> featureSource, WrapperPolicy wrapperPolicy) {
        super(featureSource);
        this.policy = wrapperPolicy;
    }

    @Override // org.geoserver.security.decorators.DecoratingFeatureSource
    public DataAccess<T, F> getDataStore() {
        DataAccess dataStore = ((FeatureSource) this.delegate).getDataStore();
        if (dataStore == null) {
            return null;
        }
        return (DataAccess) SecuredObjects.secure(dataStore, this.policy);
    }

    @Override // org.geoserver.security.decorators.DecoratingFeatureSource
    /* renamed from: getFeatures */
    public FeatureCollection<T, F> mo241getFeatures() throws IOException {
        FeatureCollection features = ((FeatureSource) this.delegate).getFeatures(getReadQuery());
        if (features == null) {
            return null;
        }
        return (FeatureCollection) SecuredObjects.secure(features, this.policy);
    }

    @Override // org.geoserver.security.decorators.DecoratingFeatureSource
    /* renamed from: getFeatures */
    public FeatureCollection<T, F> mo243getFeatures(Filter filter) throws IOException {
        return mo242getFeatures(new Query((String) null, filter));
    }

    @Override // org.geoserver.security.decorators.DecoratingFeatureSource
    /* renamed from: getFeatures */
    public FeatureCollection<T, F> mo242getFeatures(Query query) throws IOException {
        Query readQuery = getReadQuery();
        Query mixQueries = mixQueries(query, readQuery);
        int size = mixQueries.getProperties() != null ? mixQueries.getProperties().size() : 0;
        SimpleFeatureCollection features = ((FeatureSource) this.delegate).getFeatures(mixQueries);
        FeatureCollection<T, F> featureCollection = null;
        if (features != null) {
            if (size <= 0 || features.getSchema().getDescriptors().size() <= size) {
                featureCollection = (FeatureCollection) SecuredObjects.secure(features, this.policy);
            } else if (features instanceof SimpleFeatureCollection) {
                SimpleFeatureCollection simpleFeatureCollection = features;
                featureCollection = (FeatureCollection) SecuredObjects.secure(new ReTypingFeatureCollection(simpleFeatureCollection, SimpleFeatureTypeBuilder.retype(simpleFeatureCollection.getSchema(), mixQueries.getPropertyNames())), this.policy);
            } else {
                List properties = readQuery.getProperties();
                List properties2 = query.getProperties();
                if (properties != null && (properties2 == null || !properties.containsAll(properties2))) {
                    LOGGER.log(Level.SEVERE, "Complex store returned more properties than allowed by security (because they are required by the schema). Either the security setup is broken or you have a security breach");
                }
                featureCollection = (FeatureCollection) SecuredObjects.secure(features, this.policy);
            }
        }
        AccessLimits limits = this.policy.getLimits();
        if (limits instanceof VectorAccessLimits) {
            featureCollection = decoratesForClipping((VectorAccessLimits) limits, featureCollection);
        }
        return featureCollection;
    }

    private FeatureCollection<T, F> decoratesForClipping(VectorAccessLimits vectorAccessLimits, FeatureCollection<T, F> featureCollection) {
        if (!(featureCollection instanceof SimpleFeatureCollection)) {
            return featureCollection;
        }
        Geometry clipVectorFilter = vectorAccessLimits.getClipVectorFilter();
        Geometry intersectVectorFilter = vectorAccessLimits.getIntersectVectorFilter();
        if (clipVectorFilter != null) {
            featureCollection = intersectVectorFilter != null ? new ClipIntersectsFeatureCollection((SimpleFeatureCollection) featureCollection, clipVectorFilter, intersectVectorFilter) : new ClippedFeatureCollection<>((SimpleFeatureCollection) featureCollection, clipVectorFilter, false);
        }
        return featureCollection;
    }

    protected Query getReadQuery() {
        if (this.policy.getAccessLevel() == AccessLevel.HIDDEN || this.policy.getAccessLevel() == AccessLevel.METADATA) {
            return new Query((String) null, Filter.EXCLUDE);
        }
        if (this.policy.getLimits() == null) {
            return Query.ALL;
        }
        if (!(this.policy.getLimits() instanceof VectorAccessLimits)) {
            throw new IllegalArgumentException("SecureFeatureSources has been fed with unexpected AccessLimits class " + this.policy.getLimits().getClass());
        }
        VectorAccessLimits vectorAccessLimits = (VectorAccessLimits) this.policy.getLimits();
        Request request = (Request) Dispatcher.REQUEST.get();
        return (request != null && request.getService().equalsIgnoreCase("WFS") && request.getRequest().equalsIgnoreCase("Transaction")) ? vectorAccessLimits.getWriteQuery() : vectorAccessLimits.getReadQuery();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Query mixQueries(Query query, Query query2) {
        Query query3 = new Query(DataUtilities.mixQueries(query, query2, query.getHandle()));
        List properties = query2.getProperties();
        if (properties != null && !properties.isEmpty()) {
            List<PropertyName> properties2 = query.getProperties();
            if (properties2 == null) {
                query3.setProperties(properties);
            } else {
                for (PropertyName propertyName : properties2) {
                    if (!properties.contains(propertyName)) {
                        throw new SecurityException("Attribute " + propertyName.getPropertyName() + " is not available");
                    }
                }
                query3.setProperties(properties2);
            }
        }
        if (query.getHints() == null) {
            query3.setHints(query2.getHints());
        } else if (query2.getHints() == null) {
            query3.setHints(query.getHints());
        } else {
            Hints hints = query.getHints();
            hints.putAll(query2.getHints());
            query3.setHints(hints);
        }
        query3.setCoordinateSystem(query.getCoordinateSystem());
        query3.setCoordinateSystemReproject(query.getCoordinateSystemReproject());
        query3.setStartIndex(query.getStartIndex());
        query3.setSortBy(query.getSortBy());
        return query3;
    }
}
