package org.geoserver.security.decorators;

import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.logging.Level;
import org.geoserver.security.Response;
import org.geoserver.security.SecureCatalogImpl;
import org.geoserver.security.WrapperPolicy;
import org.geotools.data.FeatureReader;
import org.geotools.data.FeatureStore;
import org.geotools.data.Query;
import org.geotools.data.Transaction;
import org.geotools.data.simple.SimpleFeatureCollection;
import org.geotools.data.simple.SimpleFeatureStore;
import org.geotools.data.store.FilteringFeatureCollection;
import org.geotools.feature.FeatureCollection;
import org.opengis.feature.Feature;
import org.opengis.feature.simple.SimpleFeatureType;
import org.opengis.feature.type.AttributeDescriptor;
import org.opengis.feature.type.FeatureType;
import org.opengis.feature.type.Name;
import org.opengis.filter.Filter;
import org.opengis.filter.identity.FeatureId;

/* loaded from: input_file:org/geoserver/security/decorators/SecuredFeatureStore.class */
public class SecuredFeatureStore<T extends FeatureType, F extends Feature> extends SecuredFeatureSource<T, F> implements FeatureStore<T, F> {
    Transaction transaction;
    FeatureStore<T, F> storeDelegate;

    public SecuredFeatureStore(FeatureStore featureStore, WrapperPolicy wrapperPolicy) {
        super(featureStore, wrapperPolicy);
        this.storeDelegate = featureStore;
    }

    public List<FeatureId> addFeatures(FeatureCollection<T, F> featureCollection) throws IOException {
        Query writeQuery = SecurityUtils.getWriteQuery(this.policy);
        if (writeQuery.getFilter() == Filter.EXCLUDE || writeQuery.getPropertyNames() == Query.NO_NAMES) {
            throw unsupportedOperation();
        }
        if (writeQuery == Query.ALL) {
            return this.storeDelegate.addFeatures(featureCollection);
        }
        if (writeQuery.getFilter() != null && writeQuery.getFilter() != Filter.INCLUDE && new FilteringFeatureCollection(featureCollection, writeQuery.getFilter()).size() < featureCollection.size()) {
            String localPart = getSchema().getName().getLocalPart();
            if (this.policy.response == Response.CHALLENGE) {
                throw SecureCatalogImpl.unauthorizedAccess(localPart);
            }
            throw new UnsupportedOperationException("At least one of the features inserted does not satisfy your write restrictions");
        }
        if (writeQuery.getPropertyNames() == Query.ALL_NAMES) {
            return this.storeDelegate.addFeatures(featureCollection);
        }
        if ((featureCollection.getSchema() instanceof SimpleFeatureType) && (this.storeDelegate instanceof SimpleFeatureStore)) {
            return this.storeDelegate.addFeatures(new CheckAttributesFeatureCollection((SimpleFeatureCollection) featureCollection, Arrays.asList(writeQuery.getPropertyNames()), this.policy.getResponse()));
        }
        LOGGER.log(Level.SEVERE, "Unfinished implementation, we need to shave off the attributes one cannot write off complex features. However at this time there is no writable complex feature!");
        return this.storeDelegate.addFeatures(featureCollection);
    }

    public void modifyFeatures(AttributeDescriptor[] attributeDescriptorArr, Object[] objArr, Filter filter) throws IOException {
        Name[] nameArr = new Name[attributeDescriptorArr.length];
        for (int i = 0; i < attributeDescriptorArr.length; i++) {
            nameArr[i] = attributeDescriptorArr[i].getName();
        }
        modifyFeatures(nameArr, objArr, filter);
    }

    public void modifyFeatures(AttributeDescriptor attributeDescriptor, Object obj, Filter filter) throws IOException {
        modifyFeatures(new AttributeDescriptor[]{attributeDescriptor}, new Object[]{obj}, filter);
    }

    public void modifyFeatures(Name[] nameArr, Object[] objArr, Filter filter) throws IOException {
        Query writeQuery = SecurityUtils.getWriteQuery(this.policy);
        if (writeQuery == Query.ALL) {
            this.storeDelegate.modifyFeatures(nameArr, objArr, filter);
        } else if (writeQuery.getFilter() == Filter.EXCLUDE || writeQuery.getPropertyNames() == Query.NO_NAMES) {
            throw unsupportedOperation();
        }
        Query mixQueries = mixQueries(new Query((String) null, filter), writeQuery);
        if (writeQuery.getPropertyNames() == Query.ALL_NAMES) {
            this.storeDelegate.modifyFeatures(nameArr, objArr, mixQueries.getFilter());
            return;
        }
        HashSet hashSet = new HashSet(Arrays.asList(writeQuery.getPropertyNames()));
        for (int i = 0; i < nameArr.length; i++) {
            if (hashSet.contains(nameArr[i].getLocalPart())) {
                String localPart = getSchema().getName().getLocalPart();
                if (this.policy.getResponse() != Response.CHALLENGE) {
                    throw new UnsupportedOperationException("Trying to write on the write protected attribute " + nameArr[i]);
                }
                throw SecureCatalogImpl.unauthorizedAccess(localPart);
            }
        }
        this.storeDelegate.modifyFeatures(nameArr, objArr, mixQueries.getFilter());
    }

    public void modifyFeatures(Name name, Object obj, Filter filter) throws IOException {
        modifyFeatures(new Name[]{name}, new Object[]{obj}, filter);
    }

    public void removeFeatures(Filter filter) throws IOException {
        Query writeQuery = SecurityUtils.getWriteQuery(this.policy);
        if (writeQuery == Query.ALL) {
            this.storeDelegate.removeFeatures(filter);
        } else if (writeQuery.getFilter() == Filter.EXCLUDE || writeQuery.getPropertyNames() == Query.NO_NAMES) {
            throw unsupportedOperation();
        }
        this.storeDelegate.removeFeatures(mixQueries(new Query((String) null, filter), writeQuery).getFilter());
    }

    public void setFeatures(FeatureReader<T, F> featureReader) throws IOException {
        throw new UnsupportedOperationException("Unaware of any GS api using this, so it has not been implemented");
    }

    public Transaction getTransaction() {
        return this.storeDelegate.getTransaction();
    }

    public void setTransaction(Transaction transaction) {
        this.storeDelegate.setTransaction(transaction);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RuntimeException unsupportedOperation() {
        String localPart = getSchema().getName().getLocalPart();
        return this.policy.response == Response.CHALLENGE ? SecureCatalogImpl.unauthorizedAccess(localPart) : new UnsupportedOperationException(String.valueOf(localPart) + " is read only");
    }
}
