package com.metamatrix.server.dqp.service;

import com.google.inject.Inject;
import com.metamatrix.admin.api.exception.security.InvalidSessionException;
import com.metamatrix.api.exception.MetaMatrixComponentException;
import com.metamatrix.api.exception.security.AuthorizationMgmtException;
import com.metamatrix.api.exception.security.InvalidUserException;
import com.metamatrix.api.exception.security.MembershipServiceException;
import com.metamatrix.common.application.ApplicationEnvironment;
import com.metamatrix.common.application.exception.ApplicationInitializationException;
import com.metamatrix.common.application.exception.ApplicationLifecycleException;
import com.metamatrix.common.util.PropertiesUtils;
import com.metamatrix.dqp.service.AuthorizationService;
import com.metamatrix.platform.security.api.AuthorizationActions;
import com.metamatrix.platform.security.api.AuthorizationPermission;
import com.metamatrix.platform.security.api.AuthorizationRealm;
import com.metamatrix.platform.security.api.BasicAuthorizationPermissionFactory;
import com.metamatrix.platform.security.api.SessionToken;
import com.metamatrix.platform.security.api.StandardAuthorizationActions;
import com.metamatrix.platform.security.api.service.AuthorizationServiceInterface;
import com.metamatrix.platform.security.api.service.AuthorizationServicePropertyNames;
import com.metamatrix.platform.security.util.RolePermissionFactory;
import com.metamatrix.platform.service.api.exception.ServiceException;
import com.metamatrix.server.ServerPlugin;
import com.metamatrix.server.util.ServerAuditContexts;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import org.teiid.dqp.internal.process.DQPWorkContext;

/* loaded from: input_file:com/metamatrix/server/dqp/service/PlatformAuthorizationService.class */
public class PlatformAuthorizationService implements AuthorizationService {
    private static final BasicAuthorizationPermissionFactory PERMISSION_FACTORY = new BasicAuthorizationPermissionFactory();
    private boolean useEntitlements;
    private AuthorizationServiceInterface authInterface;

    @Inject
    public PlatformAuthorizationService(AuthorizationServiceInterface authorizationServiceInterface) {
        this.authInterface = authorizationServiceInterface;
    }

    public void initialize(Properties properties) throws ApplicationInitializationException {
        this.useEntitlements = PropertiesUtils.getBooleanProperty(properties, AuthorizationServicePropertyNames.DATA_ACCESS_AUTHORIZATION_ENABLED, false);
    }

    public void start(ApplicationEnvironment applicationEnvironment) throws ApplicationLifecycleException {
    }

    public void stop() throws ApplicationLifecycleException {
    }

    public Collection getInaccessibleResources(String str, int i, Collection collection, int i2) throws MetaMatrixComponentException {
        SessionToken sessionToken = DQPWorkContext.getWorkContext().getSessionToken();
        Collection createPermissions = createPermissions(getRealm(DQPWorkContext.getWorkContext()), collection, getActions(i));
        String auditContext = getAuditContext(i2);
        List list = Collections.EMPTY_LIST;
        try {
            Collection inaccessibleResources = this.authInterface.getInaccessibleResources(sessionToken, auditContext, createPermissions);
            List list2 = Collections.EMPTY_LIST;
            if (inaccessibleResources != null && inaccessibleResources.size() > 0) {
                list2 = new ArrayList();
                Iterator it = inaccessibleResources.iterator();
                while (it.hasNext()) {
                    list2.add(((AuthorizationPermission) it.next()).getResourceName());
                }
            }
            return list2;
        } catch (AuthorizationMgmtException e) {
            throw new MetaMatrixComponentException(e);
        } catch (InvalidSessionException e2) {
            throw new MetaMatrixComponentException(e2, ServerPlugin.Util.getString("PlatformAuthorizationService.Invalid_session"));
        }
    }

    public boolean hasRole(String str, String str2, String str3) throws MetaMatrixComponentException {
        AuthorizationRealm realm;
        SessionToken sessionToken = DQPWorkContext.getWorkContext().getSessionToken();
        if ("admin".equalsIgnoreCase(str2)) {
            realm = RolePermissionFactory.getRealm();
        } else {
            if (!"data".equalsIgnoreCase(str2)) {
                return false;
            }
            realm = getRealm(DQPWorkContext.getWorkContext());
        }
        try {
            return this.authInterface.hasPolicy(sessionToken, realm, str3);
        } catch (AuthorizationMgmtException e) {
            throw new MetaMatrixComponentException(e);
        } catch (InvalidUserException e2) {
            throw new MetaMatrixComponentException(e2);
        } catch (ServiceException e3) {
            throw new MetaMatrixComponentException(e3);
        } catch (MembershipServiceException e4) {
            throw new MetaMatrixComponentException(e4);
        }
    }

    public boolean checkingEntitlements() {
        return this.useEntitlements;
    }

    private AuthorizationRealm getRealm(DQPWorkContext dQPWorkContext) {
        return new AuthorizationRealm(dQPWorkContext.getVdbName(), dQPWorkContext.getVdbVersion());
    }

    private AuthorizationActions getActions(int i) {
        switch (i) {
            case 0:
                return StandardAuthorizationActions.DATA_READ;
            case 1:
                return StandardAuthorizationActions.DATA_CREATE;
            case 2:
                return StandardAuthorizationActions.DATA_UPDATE;
            case 3:
                return StandardAuthorizationActions.DATA_DELETE;
            default:
                return StandardAuthorizationActions.DATA_READ;
        }
    }

    private Collection createPermissions(AuthorizationRealm authorizationRealm, Collection collection, AuthorizationActions authorizationActions) {
        ArrayList arrayList = new ArrayList(collection.size());
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(PERMISSION_FACTORY.create((String) it.next(), authorizationRealm, authorizationActions));
        }
        return arrayList;
    }

    private String getAuditContext(int i) {
        switch (i) {
            case 0:
                return ServerAuditContexts.CTX_QUERY;
            case 1:
                return "INSERT";
            case 2:
                return "UPDATE";
            case 3:
                return "DELETE";
            case 4:
                return ServerAuditContexts.CTX_PROCEDURE;
            default:
                return ServerAuditContexts.CTX_QUERY;
        }
    }
}
