package org.opencms.xml.xml2json;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.dom4j.DocumentException;
import org.dom4j.Element;
import org.dom4j.io.SAXReader;
import org.opencms.file.CmsObject;
import org.opencms.jsp.decorator.CmsDecoratorConfiguration;
import org.opencms.main.CmsException;
import org.opencms.main.CmsLog;

/* loaded from: input_file:org/opencms/xml/xml2json/CmsJsonAccessPolicy.class */
public class CmsJsonAccessPolicy {
    public static final String DEFAULT_CORS_FILTER = "*";
    private String m_accessGroup;
    private List<Pattern> m_exclude;
    private String m_corsAllowOrigin;
    private String m_corsAllowMethods;
    private String m_corsAllowHeaders;
    private List<Pattern> m_include;
    private Boolean m_overrideValue;
    private Pattern m_propertyFilter;
    public static final Pattern DEFAULT_PROP_FILTER = Pattern.compile("(?i)^(?!.*(?:secret|api|password|key)).*$");
    private static final Log LOG = CmsLog.getLog(CmsJsonAccessPolicy.class);

    public CmsJsonAccessPolicy(boolean z) {
        this.m_corsAllowOrigin = "*";
        this.m_corsAllowMethods = "*";
        this.m_corsAllowHeaders = "*";
        this.m_propertyFilter = DEFAULT_PROP_FILTER;
        this.m_overrideValue = Boolean.valueOf(z);
    }

    public CmsJsonAccessPolicy(String str, List<String> list, List<String> list2, String str2, String str3, String str4, String str5) {
        this.m_corsAllowOrigin = "*";
        this.m_corsAllowMethods = "*";
        this.m_corsAllowHeaders = "*";
        this.m_propertyFilter = DEFAULT_PROP_FILTER;
        this.m_accessGroup = str;
        this.m_include = (List) list.stream().map(Pattern::compile).collect(Collectors.toList());
        this.m_exclude = (List) list2.stream().map(Pattern::compile).collect(Collectors.toList());
        if (str2 != null) {
            this.m_propertyFilter = Pattern.compile(str2);
        }
        this.m_corsAllowOrigin = str3;
        this.m_corsAllowMethods = str4;
        this.m_corsAllowHeaders = str5;
    }

    public static CmsJsonAccessPolicy parse(byte[] bArr) throws DocumentException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                CmsJsonAccessPolicy parse = parse(byteArrayInputStream);
                byteArrayInputStream.close();
                return parse;
            } finally {
            }
        } catch (IOException e) {
            return null;
        }
    }

    public static CmsJsonAccessPolicy parse(InputStream inputStream) throws DocumentException {
        Element rootElement = new SAXReader().read(inputStream).getRootElement();
        Element element = rootElement.element("group");
        String str = null;
        if (element != null) {
            str = element.getTextTrim();
        }
        Element element2 = rootElement.element("property-filter");
        String str2 = null;
        if (element2 != null) {
            str2 = element2.getTextTrim();
        }
        List list = (List) rootElement.elements("include").stream().map(element3 -> {
            return element3.getTextTrim();
        }).collect(Collectors.toList());
        List list2 = (List) rootElement.elements(CmsDecoratorConfiguration.XPATH_EXCLUDE).stream().map(element4 -> {
            return element4.getTextTrim();
        }).collect(Collectors.toList());
        Element element5 = rootElement.element("cors");
        String str3 = "*";
        String str4 = "*";
        String str5 = "*";
        if (element5 != null) {
            str3 = element5.elementTextTrim("allow-origin");
            str4 = element5.elementTextTrim("allow-methods");
            str5 = element5.elementTextTrim("allow-headers");
        }
        return new CmsJsonAccessPolicy(str, list, list2, str2, str3, str4, str5);
    }

    public boolean checkAccess(CmsObject cmsObject, String str) {
        if (this.m_overrideValue != null) {
            return this.m_overrideValue.booleanValue();
        }
        if (this.m_accessGroup != null) {
            try {
                if (!cmsObject.getGroupsOfUser(cmsObject.getRequestContext().getCurrentUser().getName(), true, true).stream().anyMatch(cmsGroup -> {
                    return cmsGroup.getName().equals(this.m_accessGroup);
                })) {
                    return false;
                }
            } catch (CmsException e) {
                LOG.error(e.getLocalizedMessage(), e);
                return false;
            }
        }
        return (this.m_include.isEmpty() || this.m_include.stream().anyMatch(pattern -> {
            return pattern.matcher(str).matches();
        })) && !this.m_exclude.stream().anyMatch(pattern2 -> {
            return pattern2.matcher(str).matches();
        });
    }

    public boolean checkPropertyAccess(String str) {
        boolean z = this.m_propertyFilter == null || this.m_propertyFilter.matcher(str).matches();
        if (!z) {
            LOG.info("Filtered property " + str + " because it does not match the JSON property filter.");
        }
        return z;
    }

    public void setCorsHeaders(HttpServletResponse httpServletResponse) {
        if (this.m_corsAllowOrigin != null) {
            httpServletResponse.setHeader("Access-Control-Allow-Origin", this.m_corsAllowOrigin);
        }
        if (this.m_corsAllowMethods != null) {
            httpServletResponse.setHeader("Access-Control-Allow-Methods", this.m_corsAllowMethods);
        }
        if (this.m_corsAllowHeaders != null) {
            httpServletResponse.setHeader("Access-Control-Allow-Headers", this.m_corsAllowHeaders);
        }
    }
}
