package com.metamatrix.server.dqp.service;

import com.metamatrix.api.exception.MetaMatrixComponentException;
import com.metamatrix.api.exception.security.AuthorizationMgmtException;
import com.metamatrix.api.exception.security.InvalidSessionException;
import com.metamatrix.api.exception.security.InvalidUserException;
import com.metamatrix.api.exception.security.MembershipServiceException;
import com.metamatrix.api.exception.security.SessionServiceException;
import com.metamatrix.common.application.ApplicationEnvironment;
import com.metamatrix.common.application.exception.ApplicationInitializationException;
import com.metamatrix.common.application.exception.ApplicationLifecycleException;
import com.metamatrix.common.comm.platform.server.ClientConnectionManager;
import com.metamatrix.common.config.CurrentConfiguration;
import com.metamatrix.common.log.LogManager;
import com.metamatrix.dqp.service.AuthorizationService;
import com.metamatrix.platform.security.api.AuthorizationActions;
import com.metamatrix.platform.security.api.AuthorizationPermission;
import com.metamatrix.platform.security.api.AuthorizationRealm;
import com.metamatrix.platform.security.api.BasicAuthorizationPermissionFactory;
import com.metamatrix.platform.security.api.MetaBasePermissionFactory;
import com.metamatrix.platform.security.api.MetaMatrixSessionID;
import com.metamatrix.platform.security.api.SessionToken;
import com.metamatrix.platform.security.api.StandardAuthorizationActions;
import com.metamatrix.platform.security.api.service.AuthorizationServiceInterface;
import com.metamatrix.platform.security.api.service.AuthorizationServicePropertyNames;
import com.metamatrix.platform.security.api.service.ServerSessionService;
import com.metamatrix.platform.security.util.RolePermissionFactory;
import com.metamatrix.platform.service.api.exception.ServiceException;
import com.metamatrix.server.ServerPlugin;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;

/* loaded from: input_file:com/metamatrix/server/dqp/service/PlatformAuthorizationService.class */
public class PlatformAuthorizationService implements AuthorizationService {
    private static final BasicAuthorizationPermissionFactory PERMISSION_FACTORY = new BasicAuthorizationPermissionFactory();
    static boolean USE_ENTITLEMENTS = Boolean.valueOf(CurrentConfiguration.getProperty(AuthorizationServicePropertyNames.DATA_ACCESS_AUTHORIZATION_ENABLED)).booleanValue();
    private AuthorizationServiceInterface authInterface;
    private ServerSessionService sessionInterface;

    public PlatformAuthorizationService(AuthorizationServiceInterface authorizationServiceInterface, ServerSessionService serverSessionService, ClientConnectionManager clientConnectionManager) {
        this.authInterface = authorizationServiceInterface;
        this.sessionInterface = serverSessionService;
    }

    public void initialize(Properties properties) throws ApplicationInitializationException {
    }

    public void start(ApplicationEnvironment applicationEnvironment) throws ApplicationLifecycleException {
    }

    public void bind() throws ApplicationLifecycleException {
    }

    public void unbind() throws ApplicationLifecycleException {
    }

    public void stop() throws ApplicationLifecycleException {
    }

    @Override // com.metamatrix.dqp.service.AuthorizationService
    public Collection getInaccessibleResources(String str, int i, Collection collection, int i2) throws MetaMatrixComponentException {
        SessionToken token = getToken(str);
        Collection createPermissions = createPermissions(getRealm(token), collection, getActions(i));
        String auditContext = getAuditContext(i2);
        List list = Collections.EMPTY_LIST;
        try {
            Collection inaccessibleResources = this.authInterface.getInaccessibleResources(token, auditContext, createPermissions);
            List list2 = Collections.EMPTY_LIST;
            if (inaccessibleResources != null && inaccessibleResources.size() > 0) {
                list2 = new ArrayList();
                Iterator it = inaccessibleResources.iterator();
                while (it.hasNext()) {
                    list2.add(((AuthorizationPermission) it.next()).getResourceName());
                }
            }
            return list2;
        } catch (RemoteException e) {
            throw new MetaMatrixComponentException(e);
        } catch (InvalidSessionException e2) {
            throw new MetaMatrixComponentException(e2, ServerPlugin.Util.getString("PlatformAuthorizationService.Invalid_session"));
        } catch (AuthorizationMgmtException e3) {
            throw new MetaMatrixComponentException(e3);
        }
    }

    public boolean hasRole(String str, String str2, String str3) throws MetaMatrixComponentException {
        AuthorizationRealm realm;
        SessionToken token = getToken(str);
        if ("admin".equalsIgnoreCase(str2)) {
            realm = RolePermissionFactory.getRealm();
        } else if ("repository".equalsIgnoreCase(str2)) {
            realm = MetaBasePermissionFactory.getRealm();
        } else {
            if (!"data".equalsIgnoreCase(str2)) {
                return false;
            }
            realm = getRealm(token);
        }
        try {
            return this.authInterface.hasPolicy(token, realm, str3);
        } catch (RemoteException e) {
            throw new MetaMatrixComponentException(e);
        } catch (ServiceException e2) {
            throw new MetaMatrixComponentException(e2);
        } catch (MembershipServiceException e3) {
            throw new MetaMatrixComponentException(e3);
        } catch (AuthorizationMgmtException e4) {
            throw new MetaMatrixComponentException(e4);
        } catch (InvalidUserException e5) {
            throw new MetaMatrixComponentException(e5);
        }
    }

    @Override // com.metamatrix.dqp.service.AuthorizationService
    public boolean checkingEntitlements() {
        return USE_ENTITLEMENTS;
    }

    private SessionToken getToken(String str) throws MetaMatrixComponentException {
        try {
            return this.sessionInterface.validateSession(new MetaMatrixSessionID(Long.parseLong(str)));
        } catch (InvalidSessionException e) {
            throw new MetaMatrixComponentException(e, ServerPlugin.Util.getString("PlatformAuthorizationService.Invalid_session"));
        } catch (RemoteException e2) {
            throw new MetaMatrixComponentException(e2, e2.getMessage());
        } catch (SessionServiceException e3) {
            throw new MetaMatrixComponentException(e3, e3.getMessage());
        } catch (NumberFormatException e4) {
            MetaMatrixComponentException metaMatrixComponentException = new MetaMatrixComponentException(e4, ServerPlugin.Util.getString("PlatformAuthorizationService.Parse_conn_id", str));
            LogManager.logError("QUERY_SERVICE", metaMatrixComponentException, metaMatrixComponentException.getMessage());
            throw metaMatrixComponentException;
        }
    }

    private AuthorizationRealm getRealm(SessionToken sessionToken) {
        return new AuthorizationRealm(sessionToken.getProductInfo(0), sessionToken.getProductInfo(1));
    }

    private AuthorizationActions getActions(int i) {
        switch (i) {
            case 0:
                return StandardAuthorizationActions.DATA_READ;
            case 1:
                return StandardAuthorizationActions.DATA_CREATE;
            case 2:
                return StandardAuthorizationActions.DATA_UPDATE;
            case 3:
                return StandardAuthorizationActions.DATA_DELETE;
            default:
                return StandardAuthorizationActions.DATA_READ;
        }
    }

    private Collection createPermissions(AuthorizationRealm authorizationRealm, Collection collection, AuthorizationActions authorizationActions) {
        ArrayList arrayList = new ArrayList(collection.size());
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(PERMISSION_FACTORY.create((String) it.next(), authorizationRealm, authorizationActions));
        }
        return arrayList;
    }

    private String getAuditContext(int i) {
        switch (i) {
            case 0:
                return "QUERY";
            case 1:
                return "INSERT";
            case 2:
                return "UPDATE";
            case 3:
                return "DELETE";
            case AuthorizationService.CONTEXT_PROCEDURE /* 4 */:
                return "STORED_PROCEDURE";
            default:
                return "QUERY";
        }
    }

    @Override // com.metamatrix.dqp.service.AuthorizationService
    public boolean disableXQuery() {
        return Boolean.valueOf(CurrentConfiguration.getProperty(AuthorizationServicePropertyNames.XQUERY_DISABLED)).booleanValue();
    }
}
