package org.teiid.dqp.internal.process;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.teiid.adminapi.DataPolicy;
import org.teiid.adminapi.impl.DataPolicyMetadata;
import org.teiid.api.exception.query.QueryMetadataException;
import org.teiid.core.TeiidComponentException;
import org.teiid.core.TeiidProcessingException;
import org.teiid.dqp.internal.process.multisource.MultiSourceElement;
import org.teiid.logging.AuditMessage;
import org.teiid.logging.LogManager;
import org.teiid.query.QueryPlugin;
import org.teiid.query.function.FunctionLibrary;
import org.teiid.query.metadata.TempMetadataID;
import org.teiid.query.resolver.util.ResolverUtil;
import org.teiid.query.sql.LanguageObject;
import org.teiid.query.sql.lang.Create;
import org.teiid.query.sql.lang.Delete;
import org.teiid.query.sql.lang.Drop;
import org.teiid.query.sql.lang.Insert;
import org.teiid.query.sql.lang.Into;
import org.teiid.query.sql.lang.Query;
import org.teiid.query.sql.lang.StoredProcedure;
import org.teiid.query.sql.lang.Update;
import org.teiid.query.sql.symbol.ElementSymbol;
import org.teiid.query.sql.symbol.Function;
import org.teiid.query.sql.symbol.GroupSymbol;
import org.teiid.query.sql.symbol.Symbol;
import org.teiid.query.sql.visitor.ElementCollectorVisitor;
import org.teiid.query.sql.visitor.GroupCollectorVisitor;
import org.teiid.query.validator.AbstractValidationVisitor;

/* loaded from: input_file:org/teiid/dqp/internal/process/AuthorizationValidationVisitor.class */
public class AuthorizationValidationVisitor extends AbstractValidationVisitor {
    private HashMap<String, DataPolicy> allowedPolicies;
    private String userName;
    private boolean allowCreateTemporaryTablesDefault = true;

    /* loaded from: input_file:org/teiid/dqp/internal/process/AuthorizationValidationVisitor$Context.class */
    public enum Context {
        CREATE,
        DROP,
        QUERY,
        INSERT,
        UPDATE,
        DELETE,
        STORED_PROCEDURE
    }

    public AuthorizationValidationVisitor(HashMap<String, DataPolicy> hashMap, String str) {
        this.allowedPolicies = hashMap;
        this.userName = str;
    }

    public void setAllowCreateTemporaryTablesDefault(boolean z) {
        this.allowCreateTemporaryTablesDefault = z;
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(Create create) {
        validateTemp(Collections.singleton(create.getTable().getName()), Arrays.asList(create.getTable()), Context.CREATE);
    }

    private void validateTemp(Set<String> set, Collection<GroupSymbol> collection, Context context) {
        logRequest(set, context);
        boolean z = false;
        Iterator<DataPolicy> it = this.allowedPolicies.values().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            DataPolicyMetadata dataPolicyMetadata = (DataPolicy) it.next();
            if (dataPolicyMetadata.isAllowCreateTemporaryTables() == null) {
                if (this.allowCreateTemporaryTablesDefault) {
                    z = true;
                    break;
                }
            } else if (dataPolicyMetadata.isAllowCreateTemporaryTables().booleanValue()) {
                z = true;
                break;
            }
        }
        logResult(set, context, z);
        if (z) {
            return;
        }
        handleValidationError(QueryPlugin.Util.getString("ERR.018.005.0095", new Object[]{this.userName, "CREATE_TEMPORARY_TABLES"}), collection);
    }

    private void logRequest(Set<String> set, Context context) {
        if (LogManager.isMessageToBeRecorded("org.teiid.AUDIT_LOG", 5)) {
            LogManager.logDetail("org.teiid.AUDIT_LOG", new Object[]{new AuditMessage(context.name(), "getInaccessibleResources-request", this.userName, (String[]) set.toArray(new String[set.size()]))});
        }
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(Drop drop) {
        validateTemp(Collections.singleton(drop.getTable().getName()), Arrays.asList(drop.getTable()), Context.CREATE);
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(Delete delete) {
        validateEntitlements(delete);
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(Insert insert) {
        validateEntitlements(insert);
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(Query query) {
        validateEntitlements(query);
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(Update update) {
        validateEntitlements(update);
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(StoredProcedure storedProcedure) {
        validateEntitlements(storedProcedure);
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(Function function) {
        if (FunctionLibrary.LOOKUP.equalsIgnoreCase(function.getName())) {
            try {
                ResolverUtil.ResolvedLookup resolveLookup = ResolverUtil.resolveLookup(function, getMetadata());
                LinkedList linkedList = new LinkedList();
                linkedList.add(resolveLookup.getGroup());
                linkedList.add(resolveLookup.getKeyElement());
                linkedList.add(resolveLookup.getReturnElement());
                validateEntitlements(linkedList, DataPolicy.PermissionType.READ, Context.QUERY);
            } catch (TeiidComponentException e) {
                handleException(e, function);
            } catch (TeiidProcessingException e2) {
                handleException(e2, function);
            }
        }
    }

    protected void validateEntitlements(Insert insert) {
        validateEntitlements(insert.getVariables(), DataPolicy.PermissionType.CREATE, Context.INSERT);
    }

    protected void validateEntitlements(Update update) {
        if (update.getCriteria() != null) {
            validateEntitlements(ElementCollectorVisitor.getElements((LanguageObject) update.getCriteria(), true), DataPolicy.PermissionType.READ, Context.UPDATE);
        }
        validateEntitlements(update.getChangeList().getClauseMap().keySet(), DataPolicy.PermissionType.UPDATE, Context.UPDATE);
    }

    protected void validateEntitlements(Delete delete) {
        if (delete.getCriteria() != null) {
            validateEntitlements(ElementCollectorVisitor.getElements((LanguageObject) delete.getCriteria(), true), DataPolicy.PermissionType.READ, Context.DELETE);
        }
        validateEntitlements(Arrays.asList(delete.getGroup()), DataPolicy.PermissionType.DELETE, Context.DELETE);
    }

    protected void validateEntitlements(Query query) {
        Into into = query.getInto();
        if (into != null) {
            GroupSymbol group = into.getGroup();
            List<ElementSymbol> list = null;
            try {
                list = ResolverUtil.resolveElementsInGroup(group, getMetadata());
            } catch (QueryMetadataException e) {
                handleException(e, group);
            } catch (TeiidComponentException e2) {
                handleException(e2, group);
            }
            validateEntitlements(list, DataPolicy.PermissionType.CREATE, Context.INSERT);
        }
        Collection<GroupSymbol> groups = GroupCollectorVisitor.getGroups((LanguageObject) query, true);
        if (!isXMLCommand(query)) {
            groups.addAll(ElementCollectorVisitor.getElements((LanguageObject) query, true));
        }
        if (groups.size() == 0) {
            return;
        }
        validateEntitlements(groups, DataPolicy.PermissionType.READ, Context.QUERY);
    }

    protected void validateEntitlements(StoredProcedure storedProcedure) {
        validateEntitlements(Arrays.asList(storedProcedure.getGroup()), DataPolicy.PermissionType.READ, Context.STORED_PROCEDURE);
    }

    protected void validateEntitlements(Collection<? extends Symbol> collection, DataPolicy.PermissionType permissionType, Context context) {
        Object obj;
        HashMap hashMap = new HashMap();
        for (Symbol symbol : collection) {
            try {
                obj = null;
            } catch (QueryMetadataException e) {
                handleException(e);
            } catch (TeiidComponentException e2) {
                handleException(e2);
            }
            if (symbol instanceof ElementSymbol) {
                obj = ((ElementSymbol) symbol).getMetadataID();
                if ((obj instanceof MultiSourceElement) || (obj instanceof TempMetadataID)) {
                }
            } else if (symbol instanceof GroupSymbol) {
                GroupSymbol groupSymbol = (GroupSymbol) symbol;
                obj = groupSymbol.getMetadataID();
                if ((obj instanceof TempMetadataID) && !groupSymbol.isProcedure()) {
                }
            }
            String fullName = getMetadata().getFullName(obj);
            String fullName2 = getMetadata().getFullName(getMetadata().getModelID(obj));
            if (!"SYS".equals(fullName2) && !"pg_catalog".equals(fullName2)) {
                hashMap.put(fullName, symbol);
            }
        }
        if (hashMap.isEmpty()) {
            return;
        }
        Set<String> inaccessibleResources = getInaccessibleResources(permissionType, hashMap.keySet(), context);
        if (inaccessibleResources.size() > 0) {
            ArrayList arrayList = new ArrayList(inaccessibleResources.size());
            Iterator<String> it = inaccessibleResources.iterator();
            while (it.hasNext()) {
                arrayList.add(hashMap.get(it.next()));
            }
            handleValidationError(QueryPlugin.Util.getString("ERR.018.005.0095", new Object[]{this.userName, permissionType}), arrayList);
        }
    }

    public Set<String> getInaccessibleResources(DataPolicy.PermissionType permissionType, Set<String> set, Context context) {
        logRequest(set, context);
        HashSet hashSet = new HashSet(set);
        Iterator<DataPolicy> it = this.allowedPolicies.values().iterator();
        while (it.hasNext()) {
            DataPolicyMetadata dataPolicyMetadata = (DataPolicy) it.next();
            if (hashSet.isEmpty()) {
                break;
            }
            Iterator it2 = hashSet.iterator();
            while (it2.hasNext()) {
                if (dataPolicyMetadata.allows((String) it2.next(), permissionType)) {
                    it2.remove();
                }
            }
        }
        logResult(set, context, hashSet.isEmpty());
        return hashSet;
    }

    private void logResult(Set<String> set, Context context, boolean z) {
        if (LogManager.isMessageToBeRecorded("org.teiid.AUDIT_LOG", 5)) {
            if (z) {
                LogManager.logDetail("org.teiid.AUDIT_LOG", new Object[]{new AuditMessage(context.name(), "getInaccessibleResources-granted all", this.userName, (String[]) set.toArray(new String[set.size()]))});
            } else {
                LogManager.logDetail("org.teiid.AUDIT_LOG", new Object[]{new AuditMessage(context.name(), "getInaccessibleResources-denied", this.userName, (String[]) set.toArray(new String[set.size()]))});
            }
        }
    }
}
