package com.googlecode.fascinator.redbox;

import com.googlecode.fascinator.api.PluginDescription;
import com.googlecode.fascinator.api.PluginException;
import com.googlecode.fascinator.api.authentication.AuthenticationException;
import com.googlecode.fascinator.api.indexer.Indexer;
import com.googlecode.fascinator.api.indexer.SearchRequest;
import com.googlecode.fascinator.api.storage.DigitalObject;
import com.googlecode.fascinator.api.storage.Storage;
import com.googlecode.fascinator.api.storage.StorageException;
import com.googlecode.fascinator.common.JsonConfigHelper;
import com.googlecode.fascinator.portal.JsonSessionState;
import com.googlecode.fascinator.portal.services.PortalSecurityManager;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/googlecode/fascinator/redbox/SecureStorage.class */
public class SecureStorage implements Storage {
    private static final long DEFAULT_EXPIRY = 30000;
    private static Map<String, CacheEntry> accessCache = new HashMap();
    private Logger log = LoggerFactory.getLogger(SecureStorage.class);
    private Storage storage;
    private Indexer indexer;
    private PortalSecurityManager securityManager;
    private JsonSessionState state;
    private String username;
    private List<String> rolesList;

    public SecureStorage(Storage storage, Indexer indexer, PortalSecurityManager portalSecurityManager, JsonSessionState jsonSessionState) {
        this.storage = storage;
        this.indexer = indexer;
        this.securityManager = portalSecurityManager;
        this.state = jsonSessionState;
        setGuestAccess();
    }

    public DigitalObject createObject(String str) throws StorageException {
        return this.storage.createObject(str);
    }

    public DigitalObject getObject(String str) throws StorageException {
        DigitalObject object = this.storage.getObject(str);
        if (isAccessAllowed(object)) {
            return object;
        }
        throw new StorageException("Access denied");
    }

    public void removeObject(String str) throws StorageException {
        getObject(str);
        this.storage.removeObject(str);
    }

    public Set<String> getObjectIdList() {
        return this.storage.getObjectIdList();
    }

    public String getId() {
        return this.storage.getId();
    }

    public String getName() {
        return this.storage.getName() + " (secure)";
    }

    public PluginDescription getPluginDetails() {
        return this.storage.getPluginDetails();
    }

    public void init(File file) throws PluginException {
        this.storage.init(file);
    }

    public void init(String str) throws PluginException {
        this.storage.init(str);
    }

    public void shutdown() throws PluginException {
        this.storage.shutdown();
    }

    private void updateCredentials() {
        if (!this.state.containsKey("username")) {
            setGuestAccess();
            return;
        }
        this.username = this.state.get("username").toString();
        try {
            this.rolesList = Arrays.asList(this.securityManager.getRolesList(this.state, this.securityManager.getUser(this.state, this.username, "system")));
        } catch (AuthenticationException e) {
            this.log.error("Failed to get user access, assuming guest access", e);
            setGuestAccess();
        }
    }

    private void setGuestAccess() {
        this.username = "guest";
        this.rolesList = new ArrayList();
        this.rolesList.add("guest");
    }

    private boolean isAccessAllowed(DigitalObject digitalObject) throws StorageException {
        CacheEntry cacheEntry;
        if (digitalObject == null) {
            return false;
        }
        updateCredentials();
        String id = digitalObject.getId();
        try {
            String str = id + ":" + this.username;
            CacheEntry cacheEntry2 = accessCache.get(str);
            if (cacheEntry2 == null) {
                cacheEntry = new CacheEntry();
                accessCache.put(str, cacheEntry);
            } else {
                long lastUpdated = cacheEntry2.getLastUpdated();
                long currentTimeMillis = System.currentTimeMillis();
                this.log.debug("Elapsed time: {}", Long.valueOf(currentTimeMillis - lastUpdated));
                if (currentTimeMillis - lastUpdated <= DEFAULT_EXPIRY) {
                    this.log.debug("Cached entry {}={}", str, Boolean.valueOf(cacheEntry2.isAllowed()));
                    return cacheEntry2.isAllowed();
                }
                this.log.debug("Cache entry {} expired!", str);
                cacheEntry = new CacheEntry();
                accessCache.put(str, cacheEntry);
            }
            SearchRequest searchRequest = new SearchRequest("storage_id:" + id);
            searchRequest.setParam("fl", "id");
            searchRequest.setParam("fq", "owner:" + this.username + " OR security_filter:(" + StringUtils.join(this.rolesList, " OR ") + ")");
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            this.indexer.search(searchRequest, byteArrayOutputStream);
            if (new JsonConfigHelper(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).getJsonList("response/docs").isEmpty()) {
                cacheEntry.setAllowed(false);
                Properties metadata = digitalObject.getMetadata();
                metadata.store(byteArrayOutputStream, "");
                if (metadata.containsKey("fileHash")) {
                    cacheEntry.setAllowed(true);
                } else if (metadata.containsKey("owner") && metadata.getProperty("owner").equals(this.username)) {
                    cacheEntry.setAllowed(true);
                }
                digitalObject.close();
            } else {
                cacheEntry.setAllowed(true);
            }
            return cacheEntry.isAllowed();
        } catch (Exception e) {
            this.log.error("Failed to get access details", e);
            return false;
        } catch (StorageException e2) {
            throw e2;
        }
    }
}
