package org.teiid.dqp.internal.process;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import org.teiid.CommandContext;
import org.teiid.PolicyDecider;
import org.teiid.adminapi.DataPolicy;
import org.teiid.api.exception.query.QueryMetadataException;
import org.teiid.core.TeiidComponentException;
import org.teiid.core.TeiidProcessingException;
import org.teiid.dqp.internal.process.multisource.MultiSourceElement;
import org.teiid.logging.AuditMessage;
import org.teiid.logging.LogManager;
import org.teiid.query.QueryPlugin;
import org.teiid.query.function.FunctionLibrary;
import org.teiid.query.metadata.TempMetadataID;
import org.teiid.query.resolver.util.ResolverUtil;
import org.teiid.query.sql.LanguageObject;
import org.teiid.query.sql.lang.AlterProcedure;
import org.teiid.query.sql.lang.AlterTrigger;
import org.teiid.query.sql.lang.AlterView;
import org.teiid.query.sql.lang.Create;
import org.teiid.query.sql.lang.Delete;
import org.teiid.query.sql.lang.Drop;
import org.teiid.query.sql.lang.Insert;
import org.teiid.query.sql.lang.Into;
import org.teiid.query.sql.lang.Query;
import org.teiid.query.sql.lang.StoredProcedure;
import org.teiid.query.sql.lang.Update;
import org.teiid.query.sql.symbol.ElementSymbol;
import org.teiid.query.sql.symbol.Function;
import org.teiid.query.sql.symbol.GroupSymbol;
import org.teiid.query.sql.visitor.ElementCollectorVisitor;
import org.teiid.query.sql.visitor.GroupCollectorVisitor;
import org.teiid.query.validator.AbstractValidationVisitor;

/* loaded from: input_file:org/teiid/dqp/internal/process/AuthorizationValidationVisitor.class */
public class AuthorizationValidationVisitor extends AbstractValidationVisitor {
    private CommandContext commandContext;
    private PolicyDecider decider;

    public AuthorizationValidationVisitor(PolicyDecider policyDecider, CommandContext commandContext) {
        this.decider = policyDecider;
        this.commandContext = commandContext;
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(Create create) {
        validateTemp(DataPolicy.PermissionType.CREATE, create.getTable(), DataPolicy.Context.CREATE);
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(AlterProcedure alterProcedure) {
        validateEntitlements(Arrays.asList(alterProcedure.getTarget()), DataPolicy.PermissionType.ALTER, DataPolicy.Context.ALTER);
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(AlterTrigger alterTrigger) {
        validateEntitlements(Arrays.asList(alterTrigger.getTarget()), DataPolicy.PermissionType.ALTER, alterTrigger.isCreate() ? DataPolicy.Context.CREATE : DataPolicy.Context.ALTER);
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(AlterView alterView) {
        validateEntitlements(Arrays.asList(alterView.getTarget()), DataPolicy.PermissionType.ALTER, DataPolicy.Context.ALTER);
    }

    private void validateTemp(DataPolicy.PermissionType permissionType, GroupSymbol groupSymbol, DataPolicy.Context context) {
        String nonCorrelationName = groupSymbol.getNonCorrelationName();
        Set<String> singleton = Collections.singleton(nonCorrelationName);
        logRequest(singleton, context);
        boolean isTempAccessable = this.decider.isTempAccessable(permissionType, nonCorrelationName, context, this.commandContext);
        logResult(singleton, context, isTempAccessable);
        if (isTempAccessable) {
            return;
        }
        handleValidationError(QueryPlugin.Util.getString("ERR.018.005.0095", new Object[]{this.commandContext.getUserName(), "CREATE_TEMPORARY_TABLES"}), Arrays.asList(groupSymbol));
    }

    private void logRequest(Set<String> set, DataPolicy.Context context) {
        if (LogManager.isMessageToBeRecorded("org.teiid.AUDIT_LOG", 5)) {
            LogManager.logDetail("org.teiid.AUDIT_LOG", new Object[]{new AuditMessage(context.name(), "getInaccessibleResources-request", (String[]) set.toArray(new String[set.size()]), this.commandContext)});
        }
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(Drop drop) {
        validateTemp(DataPolicy.PermissionType.DROP, drop.getTable(), DataPolicy.Context.DROP);
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(Delete delete) {
        validateEntitlements(delete);
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(Insert insert) {
        validateEntitlements(insert);
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(Query query) {
        validateEntitlements(query);
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(Update update) {
        validateEntitlements(update);
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(StoredProcedure storedProcedure) {
        validateEntitlements(storedProcedure);
    }

    @Override // org.teiid.query.sql.LanguageVisitor
    public void visit(Function function) {
        if (!FunctionLibrary.LOOKUP.equalsIgnoreCase(function.getName())) {
            String schema = function.getFunctionDescriptor().getSchema();
            if (schema == null || isSystemSchema(schema)) {
                return;
            }
            Map<String, ? extends LanguageObject> hashMap = new HashMap<>();
            hashMap.put(schema + '.' + function.getFunctionDescriptor().getName(), function);
            validateEntitlements(DataPolicy.PermissionType.EXECUTE, DataPolicy.Context.FUNCTION, hashMap);
            return;
        }
        try {
            ResolverUtil.ResolvedLookup resolveLookup = ResolverUtil.resolveLookup(function, getMetadata());
            LinkedList linkedList = new LinkedList();
            linkedList.add(resolveLookup.getGroup());
            linkedList.add(resolveLookup.getKeyElement());
            linkedList.add(resolveLookup.getReturnElement());
            validateEntitlements(linkedList, DataPolicy.PermissionType.READ, DataPolicy.Context.QUERY);
        } catch (TeiidComponentException e) {
            handleException(e, function);
        } catch (TeiidProcessingException e2) {
            handleException(e2, function);
        }
    }

    protected void validateEntitlements(Insert insert) {
        LinkedList linkedList = new LinkedList();
        linkedList.add(insert.getGroup());
        linkedList.addAll(insert.getVariables());
        validateEntitlements(linkedList, DataPolicy.PermissionType.CREATE, DataPolicy.Context.INSERT);
    }

    protected void validateEntitlements(Update update) {
        Collection<? extends LanguageObject> hashSet = new HashSet<>();
        ElementCollectorVisitor.getElements((Collection<? extends LanguageObject>) update.getChangeList().getClauseMap().values(), (Collection<ElementSymbol>) hashSet);
        if (update.getCriteria() != null) {
            ElementCollectorVisitor.getElements((LanguageObject) update.getCriteria(), (Collection<? super ElementSymbol>) hashSet);
        }
        validateEntitlements(hashSet, DataPolicy.PermissionType.READ, DataPolicy.Context.UPDATE);
        LinkedList linkedList = new LinkedList();
        linkedList.add(update.getGroup());
        linkedList.addAll(update.getChangeList().getClauseMap().keySet());
        validateEntitlements(linkedList, DataPolicy.PermissionType.UPDATE, DataPolicy.Context.UPDATE);
    }

    protected void validateEntitlements(Delete delete) {
        if (delete.getCriteria() != null) {
            validateEntitlements(ElementCollectorVisitor.getElements((LanguageObject) delete.getCriteria(), true), DataPolicy.PermissionType.READ, DataPolicy.Context.DELETE);
        }
        validateEntitlements(Arrays.asList(delete.getGroup()), DataPolicy.PermissionType.DELETE, DataPolicy.Context.DELETE);
    }

    protected void validateEntitlements(Query query) {
        Into into = query.getInto();
        if (into != null) {
            GroupSymbol group = into.getGroup();
            LinkedList linkedList = new LinkedList();
            linkedList.add(group);
            try {
                linkedList.addAll(ResolverUtil.resolveElementsInGroup(group, getMetadata()));
            } catch (QueryMetadataException e) {
                handleException(e, group);
            } catch (TeiidComponentException e2) {
                handleException(e2, group);
            }
            validateEntitlements(linkedList, DataPolicy.PermissionType.CREATE, DataPolicy.Context.INSERT);
        }
        ArrayList arrayList = new ArrayList(GroupCollectorVisitor.getGroupsIgnoreInlineViews((LanguageObject) query, true));
        if (!isXMLCommand(query)) {
            arrayList.addAll(ElementCollectorVisitor.getElements((LanguageObject) query, true));
        }
        if (arrayList.size() == 0) {
            return;
        }
        validateEntitlements(arrayList, DataPolicy.PermissionType.READ, DataPolicy.Context.QUERY);
    }

    protected void validateEntitlements(StoredProcedure storedProcedure) {
        validateEntitlements(Arrays.asList(storedProcedure.getGroup()), DataPolicy.PermissionType.EXECUTE, DataPolicy.Context.STORED_PROCEDURE);
    }

    protected void validateEntitlements(Collection<? extends LanguageObject> collection, DataPolicy.PermissionType permissionType, DataPolicy.Context context) {
        Object obj;
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (LanguageObject languageObject : collection) {
            try {
                obj = null;
            } catch (QueryMetadataException e) {
                handleException(e);
            } catch (TeiidComponentException e2) {
                handleException(e2);
            }
            if (languageObject instanceof ElementSymbol) {
                obj = ((ElementSymbol) languageObject).getMetadataID();
                if ((obj instanceof MultiSourceElement) || (obj instanceof TempMetadataID)) {
                }
            } else if (languageObject instanceof GroupSymbol) {
                GroupSymbol groupSymbol = (GroupSymbol) languageObject;
                obj = groupSymbol.getMetadataID();
                if ((obj instanceof TempMetadataID) && !groupSymbol.isProcedure()) {
                    if (groupSymbol.isTempTable()) {
                        validateTemp(permissionType, groupSymbol, context);
                    }
                }
            }
            String fullName = getMetadata().getFullName(obj);
            if (!isSystemSchema(getMetadata().getFullName(getMetadata().getModelID(obj)))) {
                linkedHashMap.put(fullName, languageObject);
            }
        }
        validateEntitlements(permissionType, context, linkedHashMap);
    }

    private boolean isSystemSchema(String str) {
        return "SYS".equalsIgnoreCase(str) || "pg_catalog".equalsIgnoreCase(str);
    }

    private void validateEntitlements(DataPolicy.PermissionType permissionType, DataPolicy.Context context, Map<String, ? extends LanguageObject> map) {
        if (map.isEmpty()) {
            return;
        }
        Set<String> inaccessibleResources = getInaccessibleResources(permissionType, map.keySet(), context);
        if (inaccessibleResources.isEmpty()) {
            return;
        }
        ArrayList arrayList = new ArrayList(inaccessibleResources.size());
        Iterator<String> it = inaccessibleResources.iterator();
        while (it.hasNext()) {
            arrayList.add(map.get(it.next()));
        }
        handleValidationError(QueryPlugin.Util.getString("ERR.018.005.0095", new Object[]{this.commandContext.getUserName(), permissionType}), arrayList);
    }

    public Set<String> getInaccessibleResources(DataPolicy.PermissionType permissionType, Set<String> set, DataPolicy.Context context) {
        logRequest(set, context);
        Set<String> inaccessibleResources = this.decider.getInaccessibleResources(permissionType, set, context, this.commandContext);
        logResult(set, context, inaccessibleResources.isEmpty());
        return inaccessibleResources;
    }

    private void logResult(Set<String> set, DataPolicy.Context context, boolean z) {
        if (LogManager.isMessageToBeRecorded("org.teiid.AUDIT_LOG", 5)) {
            if (z) {
                LogManager.logDetail("org.teiid.AUDIT_LOG", new Object[]{new AuditMessage(context.name(), "getInaccessibleResources-granted all", (String[]) set.toArray(new String[set.size()]), this.commandContext)});
            } else {
                LogManager.logDetail("org.teiid.AUDIT_LOG", new Object[]{new AuditMessage(context.name(), "getInaccessibleResources-denied", (String[]) set.toArray(new String[set.size()]), this.commandContext)});
            }
        }
    }
}
