package com.orientechnologies.orient.core.metadata.security;

import com.oracle.truffle.js.runtime.builtins.JSBoolean;
import com.orientechnologies.orient.core.command.OBasicCommandContext;
import com.orientechnologies.orient.core.config.OGlobalConfiguration;
import com.orientechnologies.orient.core.db.ODatabaseInternal;
import com.orientechnologies.orient.core.db.ODatabaseSession;
import com.orientechnologies.orient.core.db.record.OClassTrigger;
import com.orientechnologies.orient.core.exception.OSecurityException;
import com.orientechnologies.orient.core.metadata.function.OFunction;
import com.orientechnologies.orient.core.metadata.schema.OClass;
import com.orientechnologies.orient.core.metadata.security.OSecurityPolicy;
import com.orientechnologies.orient.core.record.ORecord;
import com.orientechnologies.orient.core.record.impl.ODocument;
import com.orientechnologies.orient.core.sql.executor.OResult;
import com.orientechnologies.orient.core.sql.parser.OAndBlock;
import com.orientechnologies.orient.core.sql.parser.OBooleanExpression;
import com.orientechnologies.orient.core.sql.parser.OOrBlock;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/orientechnologies/orient/core/metadata/security/OSecurityEngine.class */
public class OSecurityEngine {
    private static OPredicateCache cache = new OPredicateCache(OGlobalConfiguration.STATEMENT_CACHE_SIZE.getValueAsInteger());

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OBooleanExpression getPredicateForSecurityResource(ODatabaseSession oDatabaseSession, OSecurityShared oSecurityShared, String str, OSecurityPolicy.Scope scope) {
        OSecurityUser user = oDatabaseSession.getUser();
        if (user == null) {
            return OBooleanExpression.FALSE;
        }
        Set<? extends OSecurityRole> roles = user.getRoles();
        if (roles == null || roles.size() == 0) {
            return OBooleanExpression.FALSE;
        }
        OSecurityResource resourceFromString = getResourceFromString(str);
        return resourceFromString instanceof OSecurityResourceClass ? getPredicateForClass(oDatabaseSession, oSecurityShared, (OSecurityResourceClass) resourceFromString, scope) : resourceFromString instanceof OSecurityResourceProperty ? getPredicateForProperty(oDatabaseSession, oSecurityShared, (OSecurityResourceProperty) resourceFromString, scope) : resourceFromString instanceof OSecurityResourceFunction ? getPredicateForFunction(oDatabaseSession, oSecurityShared, (OSecurityResourceFunction) resourceFromString, scope) : OBooleanExpression.FALSE;
    }

    private static OBooleanExpression getPredicateForFunction(ODatabaseSession oDatabaseSession, OSecurityShared oSecurityShared, OSecurityResourceFunction oSecurityResourceFunction, OSecurityPolicy.Scope scope) {
        OFunction function = oDatabaseSession.getMetadata().getFunctionLibrary().getFunction(oSecurityResourceFunction.getFunctionName());
        Set<? extends OSecurityRole> roles = oDatabaseSession.getUser().getRoles();
        if (roles == null || roles.size() == 0) {
            return null;
        }
        if (roles.size() == 1) {
            return getPredicateForRoleHierarchy(oDatabaseSession, oSecurityShared, roles.iterator().next(), function, scope);
        }
        OOrBlock oOrBlock = new OOrBlock(-1);
        Iterator<? extends OSecurityRole> it = roles.iterator();
        while (it.hasNext()) {
            OBooleanExpression predicateForRoleHierarchy = getPredicateForRoleHierarchy(oDatabaseSession, oSecurityShared, it.next(), function, scope);
            if (OBooleanExpression.TRUE.equals(predicateForRoleHierarchy)) {
                return OBooleanExpression.TRUE;
            }
            oOrBlock.getSubBlocks().add(predicateForRoleHierarchy);
        }
        return oOrBlock;
    }

    private static OBooleanExpression getPredicateForProperty(ODatabaseSession oDatabaseSession, OSecurityShared oSecurityShared, OSecurityResourceProperty oSecurityResourceProperty, OSecurityPolicy.Scope scope) {
        OClass oClass = oDatabaseSession.getClass(oSecurityResourceProperty.getClassName());
        if (oClass == null) {
            oClass = oDatabaseSession.getMetadata().getSchema().getView(oSecurityResourceProperty.getClassName());
        }
        String propertyName = oSecurityResourceProperty.getPropertyName();
        Set<? extends OSecurityRole> roles = oDatabaseSession.getUser().getRoles();
        if (roles == null || roles.size() == 0) {
            return null;
        }
        if (roles.size() == 1) {
            return getPredicateForRoleHierarchy(oDatabaseSession, oSecurityShared, roles.iterator().next(), oClass, propertyName, scope);
        }
        OOrBlock oOrBlock = new OOrBlock(-1);
        Iterator<? extends OSecurityRole> it = roles.iterator();
        while (it.hasNext()) {
            OBooleanExpression predicateForRoleHierarchy = getPredicateForRoleHierarchy(oDatabaseSession, oSecurityShared, it.next(), oClass, propertyName, scope);
            if (OBooleanExpression.TRUE.equals(predicateForRoleHierarchy)) {
                return OBooleanExpression.TRUE;
            }
            oOrBlock.getSubBlocks().add(predicateForRoleHierarchy);
        }
        return oOrBlock;
    }

    private static OBooleanExpression getPredicateForClass(ODatabaseSession oDatabaseSession, OSecurityShared oSecurityShared, OSecurityResourceClass oSecurityResourceClass, OSecurityPolicy.Scope scope) {
        OClass oClass = oDatabaseSession.getClass(oSecurityResourceClass.getClassName());
        if (oClass == null) {
            return OBooleanExpression.TRUE;
        }
        Set<? extends OSecurityRole> roles = oDatabaseSession.getUser().getRoles();
        if (roles == null || roles.size() == 0) {
            return null;
        }
        if (roles.size() == 1) {
            return getPredicateForRoleHierarchy(oDatabaseSession, oSecurityShared, roles.iterator().next(), oClass, scope);
        }
        OOrBlock oOrBlock = new OOrBlock(-1);
        Iterator<? extends OSecurityRole> it = roles.iterator();
        while (it.hasNext()) {
            OBooleanExpression predicateForRoleHierarchy = getPredicateForRoleHierarchy(oDatabaseSession, oSecurityShared, it.next(), oClass, scope);
            if (OBooleanExpression.TRUE.equals(predicateForRoleHierarchy)) {
                return OBooleanExpression.TRUE;
            }
            oOrBlock.getSubBlocks().add(predicateForRoleHierarchy);
        }
        return oOrBlock;
    }

    private static OBooleanExpression getPredicateForRoleHierarchy(ODatabaseSession oDatabaseSession, OSecurityShared oSecurityShared, OSecurityRole oSecurityRole, OFunction oFunction, OSecurityPolicy.Scope scope) {
        OBooleanExpression predicateForFunction = getPredicateForFunction(oDatabaseSession, oSecurityShared, oSecurityRole, oFunction, scope);
        return predicateForFunction != null ? predicateForFunction : oSecurityRole.getParentRole() != null ? getPredicateForRoleHierarchy(oDatabaseSession, oSecurityShared, oSecurityRole.getParentRole(), oFunction, scope) : OBooleanExpression.FALSE;
    }

    private static OBooleanExpression getPredicateForFunction(ODatabaseSession oDatabaseSession, OSecurityShared oSecurityShared, OSecurityRole oSecurityRole, OFunction oFunction, OSecurityPolicy.Scope scope) {
        String str = "database.function." + oFunction.getName();
        Map<String, OSecurityPolicy> securityPolicies = oSecurityShared.getSecurityPolicies(oDatabaseSession, (ORole) oSecurityRole);
        OSecurityPolicy oSecurityPolicy = securityPolicies.get(str);
        String str2 = oSecurityPolicy != null ? oSecurityPolicy.get(scope) : null;
        if (str2 == null) {
            OSecurityPolicy oSecurityPolicy2 = securityPolicies.get("database.function.*");
            str2 = oSecurityPolicy2 == null ? null : oSecurityPolicy2.get(scope);
        }
        return str2 != null ? parsePredicate(oDatabaseSession, str2) : OBooleanExpression.FALSE;
    }

    private static OBooleanExpression getPredicateForRoleHierarchy(ODatabaseSession oDatabaseSession, OSecurityShared oSecurityShared, OSecurityRole oSecurityRole, OClass oClass, OSecurityPolicy.Scope scope) {
        OBooleanExpression predicateFromCache;
        if (oSecurityRole != null && (predicateFromCache = oSecurityShared.getPredicateFromCache(oSecurityRole.getName(), oClass.getName())) != null) {
            return predicateFromCache;
        }
        OBooleanExpression predicateForClassHierarchy = getPredicateForClassHierarchy(oDatabaseSession, oSecurityShared, oSecurityRole, oClass, scope);
        if (predicateForClassHierarchy != null) {
            return predicateForClassHierarchy;
        }
        if (oSecurityRole.getParentRole() != null) {
            predicateForClassHierarchy = getPredicateForRoleHierarchy(oDatabaseSession, oSecurityShared, oSecurityRole.getParentRole(), oClass, scope);
        }
        if (predicateForClassHierarchy == null) {
            predicateForClassHierarchy = OBooleanExpression.FALSE;
        }
        if (oSecurityRole != null) {
            oSecurityShared.putPredicateInCache(oSecurityRole.getName(), oClass.getName(), predicateForClassHierarchy);
        }
        return predicateForClassHierarchy;
    }

    private static OBooleanExpression getPredicateForRoleHierarchy(ODatabaseSession oDatabaseSession, OSecurityShared oSecurityShared, OSecurityRole oSecurityRole, OClass oClass, String str, OSecurityPolicy.Scope scope) {
        OBooleanExpression predicateFromCache;
        String str2 = "$CLASS$" + oClass.getName() + "$PROP$" + str + "$" + scope;
        if (oSecurityRole != null && (predicateFromCache = oSecurityShared.getPredicateFromCache(oSecurityRole.getName(), str2)) != null) {
            return predicateFromCache;
        }
        OBooleanExpression predicateForClassHierarchy = getPredicateForClassHierarchy(oDatabaseSession, oSecurityShared, oSecurityRole, oClass, str, scope);
        if (predicateForClassHierarchy == null && oSecurityRole.getParentRole() != null) {
            predicateForClassHierarchy = getPredicateForRoleHierarchy(oDatabaseSession, oSecurityShared, oSecurityRole.getParentRole(), oClass, str, scope);
        }
        if (predicateForClassHierarchy == null) {
            predicateForClassHierarchy = OBooleanExpression.FALSE;
        }
        if (oSecurityRole != null) {
            oSecurityShared.putPredicateInCache(oSecurityRole.getName(), str2, predicateForClassHierarchy);
        }
        return predicateForClassHierarchy;
    }

    private static OBooleanExpression getPredicateForClassHierarchy(ODatabaseSession oDatabaseSession, OSecurityShared oSecurityShared, OSecurityRole oSecurityRole, OClass oClass, OSecurityPolicy.Scope scope) {
        String str = "database.class." + oClass.getName();
        Map<String, OSecurityPolicy> securityPolicies = oSecurityShared.getSecurityPolicies(oDatabaseSession, oSecurityRole);
        OSecurityPolicy oSecurityPolicy = securityPolicies.get(str);
        String str2 = oSecurityPolicy != null ? oSecurityPolicy.get(scope) : null;
        if (str2 != null || oClass.getSuperClasses().size() <= 0) {
            if (str2 == null) {
                OSecurityPolicy oSecurityPolicy2 = securityPolicies.get(ODatabaseSecurityResources.ALL_CLASSES);
                str2 = oSecurityPolicy2 == null ? null : oSecurityPolicy2.get(scope);
            }
            if (str2 == null) {
                OSecurityPolicy oSecurityPolicy3 = securityPolicies.get("*");
                str2 = oSecurityPolicy3 == null ? null : oSecurityPolicy3.get(scope);
            }
            return str2 != null ? parsePredicate(oDatabaseSession, str2) : OBooleanExpression.FALSE;
        }
        if (oClass.getSuperClasses().size() == 1) {
            return getPredicateForClassHierarchy(oDatabaseSession, oSecurityShared, oSecurityRole, oClass.getSuperClasses().iterator().next(), scope);
        }
        OAndBlock oAndBlock = new OAndBlock(-1);
        Iterator<OClass> it = oClass.getSuperClasses().iterator();
        while (it.hasNext()) {
            OBooleanExpression predicateForClassHierarchy = getPredicateForClassHierarchy(oDatabaseSession, oSecurityShared, oSecurityRole, it.next(), scope);
            if (predicateForClassHierarchy == null) {
                return OBooleanExpression.FALSE;
            }
            oAndBlock.getSubBlocks().add(predicateForClassHierarchy);
        }
        return oAndBlock;
    }

    private static OBooleanExpression getPredicateForClassHierarchy(ODatabaseSession oDatabaseSession, OSecurityShared oSecurityShared, OSecurityRole oSecurityRole, OClass oClass, String str, OSecurityPolicy.Scope scope) {
        String str2 = "database.class." + oClass.getName() + OClassTrigger.METHOD_SEPARATOR + str;
        Map<String, OSecurityPolicy> securityPolicies = oSecurityShared.getSecurityPolicies(oDatabaseSession, oSecurityRole);
        OSecurityPolicy oSecurityPolicy = securityPolicies.get(str2);
        String str3 = oSecurityPolicy != null ? oSecurityPolicy.get(scope) : null;
        if (str3 == null && oClass.getSuperClasses().size() > 0) {
            if (oClass.getSuperClasses().size() == 1) {
                return getPredicateForClassHierarchy(oDatabaseSession, oSecurityShared, oSecurityRole, oClass.getSuperClasses().iterator().next(), str, scope);
            }
            OAndBlock oAndBlock = new OAndBlock(-1);
            Iterator<OClass> it = oClass.getSuperClasses().iterator();
            while (it.hasNext()) {
                OBooleanExpression predicateForClassHierarchy = getPredicateForClassHierarchy(oDatabaseSession, oSecurityShared, oSecurityRole, it.next(), str, scope);
                if (predicateForClassHierarchy == null) {
                    return OBooleanExpression.TRUE;
                }
                oAndBlock.getSubBlocks().add(predicateForClassHierarchy);
            }
            return oAndBlock;
        }
        if (str3 == null) {
            OSecurityPolicy oSecurityPolicy2 = securityPolicies.get("database.class." + oClass.getName() + ".*");
            str3 = oSecurityPolicy2 == null ? null : oSecurityPolicy2.get(scope);
        }
        if (str3 == null) {
            OSecurityPolicy oSecurityPolicy3 = securityPolicies.get("database.class.*." + str);
            str3 = oSecurityPolicy3 == null ? null : oSecurityPolicy3.get(scope);
        }
        if (str3 == null) {
            OSecurityPolicy oSecurityPolicy4 = securityPolicies.get("database.class.*.*");
            str3 = oSecurityPolicy4 == null ? null : oSecurityPolicy4.get(scope);
        }
        if (str3 == null) {
            OSecurityPolicy oSecurityPolicy5 = securityPolicies.get("*");
            str3 = oSecurityPolicy5 == null ? null : oSecurityPolicy5.get(scope);
        }
        return str3 != null ? parsePredicate(oDatabaseSession, str3) : OBooleanExpression.TRUE;
    }

    public static OBooleanExpression parsePredicate(ODatabaseSession oDatabaseSession, String str) {
        if (JSBoolean.TRUE_NAME.equalsIgnoreCase(str)) {
            return OBooleanExpression.TRUE;
        }
        if ("false".equalsIgnoreCase(str)) {
            return OBooleanExpression.FALSE;
        }
        try {
            return cache.get(str);
        } catch (Exception e) {
            System.out.println("Error parsing predicate: " + str);
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean evaluateSecuirtyPolicyPredicate(ODatabaseSession oDatabaseSession, OBooleanExpression oBooleanExpression, ORecord oRecord) {
        if (OBooleanExpression.TRUE.equals(oBooleanExpression)) {
            return true;
        }
        if (OBooleanExpression.FALSE.equals(oBooleanExpression)) {
            return false;
        }
        if (oBooleanExpression == null) {
            return true;
        }
        try {
            ODocument oDocument = new ODocument(oDatabaseSession.getUser().getIdentity().getIdentity());
            return ((Boolean) ((ODatabaseInternal) oDatabaseSession).getSharedContext().getOrientDB().executeNoAuthorization(oDatabaseSession.getName(), oDatabaseSession2 -> {
                OBasicCommandContext oBasicCommandContext = new OBasicCommandContext();
                oBasicCommandContext.setDatabase(oDatabaseSession2);
                oBasicCommandContext.setDynamicVariable("$currentUser", oCommandContext -> {
                    return oDocument;
                });
                return Boolean.valueOf(oBooleanExpression.evaluate(oRecord, oBasicCommandContext));
            }).get()).booleanValue();
        } catch (Exception e) {
            e.printStackTrace();
            throw new OSecurityException("Cannot execute security predicate");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean evaluateSecuirtyPolicyPredicate(ODatabaseSession oDatabaseSession, OBooleanExpression oBooleanExpression, OResult oResult) {
        if (OBooleanExpression.TRUE.equals(oBooleanExpression)) {
            return true;
        }
        if (OBooleanExpression.FALSE.equals(oBooleanExpression)) {
            return false;
        }
        try {
            ODocument oDocument = new ODocument(oDatabaseSession.getUser().getIdentity().getIdentity());
            return ((Boolean) ((ODatabaseInternal) oDatabaseSession).getSharedContext().getOrientDB().executeNoAuthorization(oDatabaseSession.getName(), oDatabaseSession2 -> {
                OBasicCommandContext oBasicCommandContext = new OBasicCommandContext();
                oBasicCommandContext.setDatabase(oDatabaseSession2);
                oBasicCommandContext.setDynamicVariable("$currentUser", oCommandContext -> {
                    return oDocument;
                });
                return Boolean.valueOf(oBooleanExpression.evaluate(oResult, oBasicCommandContext));
            }).get()).booleanValue();
        } catch (Exception e) {
            e.printStackTrace();
            throw new OSecurityException("Cannot execute security predicate");
        }
    }

    private static OSecurityResource getResourceFromString(String str) {
        return OSecurityResource.getInstance(str);
    }
}
