package net.sf.jpasecurity.security.rules;

import java.beans.Introspector;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import net.sf.jpasecurity.AccessType;
import net.sf.jpasecurity.jpql.compiler.QueryPreparator;
import net.sf.jpasecurity.jpql.parser.JpqlFromItem;
import net.sf.jpasecurity.jpql.parser.JpqlInnerJoin;
import net.sf.jpasecurity.jpql.parser.JpqlOuterJoin;
import net.sf.jpasecurity.jpql.parser.JpqlParser;
import net.sf.jpasecurity.jpql.parser.JpqlPath;
import net.sf.jpasecurity.jpql.parser.JpqlSelectExpressions;
import net.sf.jpasecurity.jpql.parser.JpqlSubselect;
import net.sf.jpasecurity.jpql.parser.JpqlVisitorAdapter;
import net.sf.jpasecurity.jpql.parser.JpqlWhere;
import net.sf.jpasecurity.jpql.parser.Node;
import net.sf.jpasecurity.jpql.parser.ParseException;
import net.sf.jpasecurity.mapping.Alias;
import net.sf.jpasecurity.security.Permit;
import net.sf.jpasecurity.util.SetMap;

/* loaded from: input_file:net/sf/jpasecurity/security/rules/AnnotationAccessRulesProvider.class */
public class AnnotationAccessRulesProvider extends AbstractAccessRulesProvider {
    private static final Alias THIS_ALIAS = new Alias("this");
    private final RolesAllowedParser rolesAllowedParser = new RolesAllowedParser();
    private final PermissionParser permissionParser = new PermissionParser();
    private final JpqlParser whereClauseParser = new JpqlParser();
    private final AliasVisitor aliasVisitor = new AliasVisitor();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/sf/jpasecurity/security/rules/AnnotationAccessRulesProvider$AliasVisitor.class */
    public class AliasVisitor extends JpqlVisitorAdapter<Set<Alias>> {
        private AliasVisitor() {
        }

        @Override // net.sf.jpasecurity.jpql.parser.JpqlVisitorAdapter
        public boolean visit(JpqlSelectExpressions jpqlSelectExpressions) {
            return false;
        }

        @Override // net.sf.jpasecurity.jpql.parser.JpqlVisitorAdapter, net.sf.jpasecurity.jpql.parser.JpqlParserVisitor
        public boolean visit(JpqlFromItem jpqlFromItem, Set<Alias> set) {
            return visitAlias(jpqlFromItem, set);
        }

        @Override // net.sf.jpasecurity.jpql.parser.JpqlVisitorAdapter, net.sf.jpasecurity.jpql.parser.JpqlParserVisitor
        public boolean visit(JpqlInnerJoin jpqlInnerJoin, Set<Alias> set) {
            return visitAlias(jpqlInnerJoin, set);
        }

        @Override // net.sf.jpasecurity.jpql.parser.JpqlVisitorAdapter, net.sf.jpasecurity.jpql.parser.JpqlParserVisitor
        public boolean visit(JpqlOuterJoin jpqlOuterJoin, Set<Alias> set) {
            return visitAlias(jpqlOuterJoin, set);
        }

        public boolean visitAlias(Node node, Set<Alias> set) {
            if (node.jjtGetNumChildren() != 2) {
                return false;
            }
            set.add(new Alias(node.jjtGetChild(1).getValue().toLowerCase()));
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/sf/jpasecurity/security/rules/AnnotationAccessRulesProvider$PathVisitor.class */
    public class PathVisitor extends JpqlVisitorAdapter<Set<Alias>> {
        private final Alias alias;
        private final QueryPreparator queryPreparator = new QueryPreparator();

        public PathVisitor(Alias alias) {
            this.alias = alias;
        }

        @Override // net.sf.jpasecurity.jpql.parser.JpqlVisitorAdapter, net.sf.jpasecurity.jpql.parser.JpqlParserVisitor
        public boolean visit(JpqlSubselect jpqlSubselect, Set<Alias> set) {
            HashSet hashSet = new HashSet(set);
            jpqlSubselect.visit(AnnotationAccessRulesProvider.this.aliasVisitor, hashSet);
            for (int i = 0; i < jpqlSubselect.jjtGetNumChildren(); i++) {
                jpqlSubselect.jjtGetChild(i).visit(this, hashSet);
            }
            return false;
        }

        @Override // net.sf.jpasecurity.jpql.parser.JpqlVisitorAdapter, net.sf.jpasecurity.jpql.parser.JpqlParserVisitor
        public boolean visit(JpqlPath jpqlPath, Set<Alias> set) {
            Alias alias = new Alias(jpqlPath.jjtGetChild(0).getValue().toLowerCase());
            if (AnnotationAccessRulesProvider.THIS_ALIAS.equals(alias)) {
                this.queryPreparator.replace(jpqlPath.jjtGetChild(0), this.queryPreparator.createIdentificationVariable(this.alias));
                return false;
            }
            if (set.contains(alias)) {
                return false;
            }
            if (jpqlPath.jjtGetNumChildren() <= 1 && AnnotationAccessRulesProvider.this.getSecurityContext().getAliases().contains(alias)) {
                return false;
            }
            this.queryPreparator.prepend(this.alias.toPath(), jpqlPath);
            return false;
        }
    }

    @Override // net.sf.jpasecurity.security.rules.AbstractAccessRulesProvider
    protected void initializeAccessRules() {
        HashSet hashSet = new HashSet();
        for (Class<?> cls : getPersistenceMapping().getSecureClasses()) {
            hashSet.addAll(parseAllowedRoles(cls));
            hashSet.addAll(parsePermissions(cls));
        }
        hashSet.remove(null);
        compileRules(hashSet);
    }

    Collection<String> parseAllowedRoles(Class<?> cls) {
        SetMap<Set<AccessType>, String> parseAllowedRoles = this.rolesAllowedParser.parseAllowedRoles(cls);
        HashSet hashSet = new HashSet();
        for (Map.Entry entry : parseAllowedRoles.entrySet()) {
            String simpleName = cls.getSimpleName();
            StringBuilder sb = new StringBuilder("GRANT ");
            if (((Set) entry.getKey()).contains(AccessType.CREATE)) {
                sb.append("CREATE ");
            }
            if (((Set) entry.getKey()).contains(AccessType.READ)) {
                sb.append("READ ");
            }
            if (((Set) entry.getKey()).contains(AccessType.UPDATE)) {
                sb.append("UPDATE ");
            }
            if (((Set) entry.getKey()).contains(AccessType.DELETE)) {
                sb.append("DELETE ");
            }
            sb.append("ACCESS TO ");
            sb.append(cls.getName()).append(' ');
            sb.append(Character.toLowerCase(simpleName.charAt(0))).append(simpleName.substring(1)).append(' ');
            Iterator it = ((Set) entry.getValue()).iterator();
            sb.append("WHERE '").append((String) it.next()).append("' IN (CURRENT_ROLES)");
            if (it.hasNext()) {
                Object next = it.next();
                while (true) {
                    String str = (String) next;
                    if (it.hasNext()) {
                        sb.append(" OR '").append(str).append("' IN (CURRENT_ROLES)");
                        next = it.next();
                    }
                }
            }
            hashSet.add(sb.toString());
        }
        return hashSet;
    }

    Collection<String> parsePermissions(Class<?> cls) {
        try {
            HashSet hashSet = new HashSet();
            for (Map.Entry entry : this.permissionParser.parsePermissions(cls).entrySet()) {
                String simpleName = cls.getSimpleName();
                for (Permit permit : (List) entry.getValue()) {
                    Alias alias = new Alias(Introspector.decapitalize(simpleName));
                    JpqlWhere jpqlWhere = null;
                    if (permit.rule().trim().length() > 0) {
                        jpqlWhere = this.whereClauseParser.parseWhereClause("WHERE " + permit.rule());
                        alias = findUnusedAlias(jpqlWhere, alias);
                        appendAlias(jpqlWhere, alias);
                    }
                    StringBuilder sb = new StringBuilder("GRANT ");
                    List asList = Arrays.asList(permit.access());
                    if (asList.contains(AccessType.CREATE)) {
                        sb.append("CREATE ");
                    }
                    if (asList.contains(AccessType.READ)) {
                        sb.append("READ ");
                    }
                    if (asList.contains(AccessType.UPDATE)) {
                        sb.append("UPDATE ");
                    }
                    if (asList.contains(AccessType.DELETE)) {
                        sb.append("DELETE ");
                    }
                    sb.append("ACCESS TO ");
                    sb.append(cls.getName()).append(' ');
                    sb.append(alias);
                    if (jpqlWhere != null) {
                        sb.append(' ').append(jpqlWhere);
                    }
                    hashSet.add(sb.toString());
                }
            }
            return hashSet;
        } catch (ParseException e) {
            throw getConfiguration().getExceptionFactory().createRuntimeException(e);
        }
    }

    private Alias findUnusedAlias(JpqlWhere jpqlWhere, Alias alias) {
        HashSet hashSet = new HashSet();
        jpqlWhere.visit(this.aliasVisitor, hashSet);
        int i = 0;
        while (hashSet.contains(alias)) {
            alias = new Alias(alias.getName() + i);
            i++;
        }
        return alias;
    }

    private void appendAlias(JpqlWhere jpqlWhere, Alias alias) {
        jpqlWhere.visit(new PathVisitor(alias), new HashSet());
    }
}
