package com.metamatrix.common.comm.platform.server;

import com.metamatrix.admin.api.exception.AdminException;
import com.metamatrix.admin.util.IAdminMethodRoleResolver;
import com.metamatrix.api.exception.ComponentNotFoundException;
import com.metamatrix.api.exception.MetaMatrixProcessingException;
import com.metamatrix.api.exception.MetaMatrixRuntimeException;
import com.metamatrix.api.exception.security.AuthorizationException;
import com.metamatrix.api.exception.security.InvalidSessionException;
import com.metamatrix.common.comm.platform.CommPlatformPlugin;
import com.metamatrix.common.jdbc.sql.SQLConstants;
import com.metamatrix.common.log.LogManager;
import com.metamatrix.common.util.LogContextsUtil;
import com.metamatrix.core.proxy.SecurityContext;
import com.metamatrix.core.proxy.SecurityContextFactory;
import com.metamatrix.core.proxy.ServiceInterceptor;
import com.metamatrix.core.proxy.ServiceInvocation;
import com.metamatrix.core.util.ArgCheck;
import com.metamatrix.platform.admin.apiimpl.IAdminHelper;
import com.metamatrix.platform.security.api.MetaMatrixSessionID;
import com.metamatrix.platform.security.api.SessionToken;
import com.metamatrix.platform.service.api.exception.ServiceException;

/* loaded from: input_file:mmquery/lib/mmquery.jar:com/metamatrix/common/comm/platform/server/AdminAuthorizationInterceptor.class */
public class AdminAuthorizationInterceptor implements ServiceInterceptor {
    private static final String READ_ROLE = "Admin.ReadOnlyAdmin";
    private final SecurityContextFactory securityContextFactory;
    private final IAdminHelper authorizationService;
    private final IAdminMethodRoleResolver methodNames;

    public AdminAuthorizationInterceptor(SecurityContextFactory securityContextFactory, IAdminHelper iAdminHelper, IAdminMethodRoleResolver iAdminMethodRoleResolver) {
        ArgCheck.isNotNull(securityContextFactory);
        ArgCheck.isNotNull(iAdminHelper);
        ArgCheck.isNotNull(iAdminMethodRoleResolver);
        this.securityContextFactory = securityContextFactory;
        this.authorizationService = iAdminHelper;
        this.methodNames = iAdminMethodRoleResolver;
    }

    @Override // com.metamatrix.core.proxy.BaseServiceInterceptor
    public Object invoke(ServiceInvocation serviceInvocation) throws Throwable {
        checkAdminAuthorization(serviceInvocation, this.securityContextFactory.create());
        return serviceInvocation.invokeNext();
    }

    private void checkAdminAuthorization(ServiceInvocation serviceInvocation, SecurityContext securityContext) throws AuthorizationException, MetaMatrixProcessingException, AdminException {
        try {
            SessionToken validateSession = this.authorizationService.validateSession(getSessionID(securityContext));
            if (validateSession == null) {
                throw new AuthorizationException(CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_Session_not_valid", new Object[]{securityContext.getUserName(), serviceInvocation.getMethodName()}));
            }
            String methodName = serviceInvocation.getMethodName();
            if (skipAuthorization(methodName)) {
                return;
            }
            String roleNameForMethod = this.methodNames.getRoleNameForMethod(methodName);
            Object[] objArr = null;
            boolean isMessageToBeRecorded = LogManager.isMessageToBeRecorded(LogContextsUtil.PlatformAdminConstants.CTX_AUDIT_ADMIN, 1);
            if (isMessageToBeRecorded) {
                objArr = buildAuditMessage(securityContext, validateSession, roleNameForMethod, serviceInvocation);
                LogManager.logCritical(LogContextsUtil.PlatformAdminConstants.CTX_AUDIT_ADMIN, CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_Audit_request", objArr));
            }
            try {
                this.authorizationService.checkForRequiredRole(validateSession, roleNameForMethod);
                LogManager.logCritical(LogContextsUtil.PlatformAdminConstants.CTX_AUDIT_ADMIN, CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_granted", objArr));
                if (1 == 0 && isMessageToBeRecorded) {
                    String string = CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_not_authorized", objArr);
                    LogManager.logCritical(LogContextsUtil.PlatformAdminConstants.CTX_AUDIT_ADMIN, string);
                    throw new AuthorizationException(string);
                }
            } catch (ComponentNotFoundException e) {
                if (objArr == null) {
                    objArr = buildAuditMessage(securityContext, validateSession, roleNameForMethod, serviceInvocation);
                }
                String string2 = CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_not_authorized", objArr);
                LogManager.logCritical(LogContextsUtil.PlatformAdminConstants.CTX_AUDIT_ADMIN, string2);
                throw new AuthorizationException(e, string2);
            } catch (AuthorizationException e2) {
                if (objArr == null) {
                    objArr = buildAuditMessage(securityContext, validateSession, roleNameForMethod, serviceInvocation);
                }
                String string3 = CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_not_authorized", objArr);
                LogManager.logCritical(LogContextsUtil.PlatformAdminConstants.CTX_AUDIT_ADMIN, string3);
                throw new AuthorizationException(e2, string3);
            }
        } catch (ServiceException e3) {
            throw new AuthorizationException(e3, CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_Session_not_valid", new Object[]{securityContext.getUserName(), serviceInvocation.getMethodName()}));
        } catch (ComponentNotFoundException e4) {
            throw new AuthorizationException(e4, CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_Session_not_valid", new Object[]{securityContext.getUserName(), serviceInvocation.getMethodName()}));
        } catch (InvalidSessionException e5) {
            throw new AuthorizationException(e5, CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_Session_not_valid", new Object[]{securityContext.getUserName(), serviceInvocation.getMethodName()}));
        }
    }

    private boolean skipAuthorization(String str) throws AdminException {
        String roleNameForMethod = this.methodNames.getRoleNameForMethod(str);
        return roleNameForMethod == null && roleNameForMethod.equals("Admin.ReadOnlyAdmin");
    }

    private MetaMatrixSessionID getSessionID(SecurityContext securityContext) throws InvalidSessionException, ServiceException, ComponentNotFoundException {
        try {
            return new MetaMatrixSessionID(Long.valueOf(securityContext.getConnectionId()).longValue(), securityContext.getUserName());
        } catch (NumberFormatException e) {
            throw new MetaMatrixRuntimeException(e);
        }
    }

    private Object[] buildAuditMessage(SecurityContext securityContext, SessionToken sessionToken, String str, ServiceInvocation serviceInvocation) {
        StringBuffer stringBuffer = new StringBuffer(serviceInvocation.getMethodName());
        stringBuffer.append('(');
        Object[] arguments = serviceInvocation.getArguments();
        for (Object obj : arguments) {
            if (obj != null) {
                stringBuffer.append(obj.toString());
                stringBuffer.append(SQLConstants.COMMA);
            }
        }
        if (arguments.length > 0) {
            stringBuffer.setLength(stringBuffer.length() - SQLConstants.COMMA.length());
        }
        stringBuffer.append(')');
        return new Object[]{securityContext.getUserName(), sessionToken.getSessionID().toString(), str, stringBuffer.toString()};
    }
}
