package net.sf.jpasecurity.security;

import java.beans.Introspector;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import net.sf.jpasecurity.AccessType;
import net.sf.jpasecurity.ExceptionFactory;
import net.sf.jpasecurity.configuration.AccessRule;
import net.sf.jpasecurity.configuration.SecurityContext;
import net.sf.jpasecurity.entity.SecureObjectCache;
import net.sf.jpasecurity.jpql.JpqlCompiledStatement;
import net.sf.jpasecurity.jpql.compiler.JpqlCompiler;
import net.sf.jpasecurity.jpql.compiler.NotEvaluatableException;
import net.sf.jpasecurity.jpql.compiler.QueryEvaluationParameters;
import net.sf.jpasecurity.jpql.compiler.QueryEvaluator;
import net.sf.jpasecurity.jpql.compiler.QueryPreparator;
import net.sf.jpasecurity.jpql.compiler.SubselectEvaluator;
import net.sf.jpasecurity.jpql.parser.JpqlAccessRule;
import net.sf.jpasecurity.jpql.parser.JpqlBooleanLiteral;
import net.sf.jpasecurity.jpql.parser.JpqlBrackets;
import net.sf.jpasecurity.jpql.parser.JpqlIdentificationVariable;
import net.sf.jpasecurity.jpql.parser.JpqlIn;
import net.sf.jpasecurity.jpql.parser.JpqlParser;
import net.sf.jpasecurity.jpql.parser.JpqlPath;
import net.sf.jpasecurity.jpql.parser.JpqlWhere;
import net.sf.jpasecurity.jpql.parser.Node;
import net.sf.jpasecurity.jpql.parser.ParseException;
import net.sf.jpasecurity.jpql.parser.SimpleNode;
import net.sf.jpasecurity.mapping.Alias;
import net.sf.jpasecurity.mapping.ClassMappingInformation;
import net.sf.jpasecurity.mapping.ConditionalPath;
import net.sf.jpasecurity.mapping.MappingInformation;
import net.sf.jpasecurity.mapping.Path;
import net.sf.jpasecurity.mapping.TypeDefinition;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:net/sf/jpasecurity/security/EntityFilter.class */
public class EntityFilter {
    private static final Log LOG = LogFactory.getLog(EntityFilter.class);
    private final MappingInformation mappingInformation;
    private final SecurityContext securityContext;
    protected final JpqlCompiler compiler;
    private final SecureObjectCache objectCache;
    private final QueryEvaluator queryEvaluator;
    private final Collection<AccessRule> accessRules;
    private final ExceptionFactory exceptionFactory;
    private final Map<String, JpqlCompiledStatement> statementCache = new HashMap();
    private final QueryPreparator queryPreparator = new QueryPreparator();
    private final JpqlParser parser = new JpqlParser();

    /* loaded from: input_file:net/sf/jpasecurity/security/EntityFilter$AccessDefinition.class */
    public class AccessDefinition {
        private Node accessRules;
        private Map<String, Object> queryParameters;

        public AccessDefinition(EntityFilter entityFilter, Node node) {
            this(node, new HashMap());
        }

        public AccessDefinition(Node node, Map<String, Object> map) {
            if (node == null) {
                throw new IllegalArgumentException("accessRules may not be null");
            }
            if (map == null) {
                throw new IllegalArgumentException("queryParameters may not be null");
            }
            this.accessRules = node;
            this.queryParameters = map;
        }

        public Node getAccessRules() {
            return this.accessRules;
        }

        public void setAccessRules(Node node) {
            if (node == null) {
                throw new IllegalArgumentException("accessRules may not be null");
            }
            this.accessRules = node;
        }

        public Map<String, Object> getQueryParameters() {
            return this.queryParameters;
        }

        public AccessDefinition append(AccessDefinition accessDefinition) {
            if (accessDefinition != null) {
                this.queryParameters.putAll(accessDefinition.getQueryParameters());
                appendNode(accessDefinition.getAccessRules());
            }
            return this;
        }

        public void appendNode(Node node) {
            this.accessRules = EntityFilter.this.appendNode(this.accessRules, node);
        }

        public AccessDefinition merge(AccessDefinition accessDefinition) {
            if (accessDefinition != null) {
                this.queryParameters.putAll(accessDefinition.getQueryParameters());
                mergeNode(accessDefinition.getAccessRules());
            }
            return this;
        }

        public void mergeNode(Node node) {
            this.accessRules = EntityFilter.this.queryPreparator.createAnd(node, this.accessRules);
        }

        public String toString() {
            return "[query=\"" + this.accessRules.toString() + "\",parameters=" + this.queryParameters.toString() + "]";
        }

        public void group() {
            this.accessRules = EntityFilter.this.queryPreparator.createBrackets(this.accessRules);
        }
    }

    /* loaded from: input_file:net/sf/jpasecurity/security/EntityFilter$Evaluatable.class */
    protected enum Evaluatable {
        ALWAYS_TRUE,
        ALWAYS_FALSE,
        DEPENDING
    }

    public EntityFilter(SecureObjectCache secureObjectCache, MappingInformation mappingInformation, SecurityContext securityContext, ExceptionFactory exceptionFactory, Collection<AccessRule> collection, SubselectEvaluator... subselectEvaluatorArr) {
        this.mappingInformation = mappingInformation;
        this.securityContext = securityContext;
        this.compiler = new JpqlCompiler(mappingInformation, exceptionFactory);
        this.objectCache = secureObjectCache;
        this.queryEvaluator = new QueryEvaluator(this.compiler, exceptionFactory, subselectEvaluatorArr);
        this.accessRules = collection;
        this.exceptionFactory = exceptionFactory;
    }

    public QueryPreparator getQueryPreparator() {
        return this.queryPreparator;
    }

    public boolean isAccessible(Object obj, AccessType accessType) throws NotEvaluatableException {
        ClassMappingInformation classMapping = this.mappingInformation.getClassMapping(obj.getClass());
        LOG.debug("Evaluating " + accessType + " access for entity of type " + classMapping.getEntityName());
        Alias alias = new Alias(Introspector.decapitalize(classMapping.getEntityName()));
        AccessDefinition createAccessDefinition = createAccessDefinition(alias, classMapping.getEntityType(), accessType);
        LOG.debug("Using access definition " + createAccessDefinition);
        return ((Boolean) this.queryEvaluator.evaluate(createAccessDefinition.getAccessRules(), new QueryEvaluationParameters(this.mappingInformation, Collections.singletonMap(alias, obj), createAccessDefinition.getQueryParameters(), Collections.emptyMap()))).booleanValue();
    }

    public FilterResult<String> filterQuery(String str, AccessType accessType) {
        LOG.debug("Filtering query " + str);
        JpqlCompiledStatement compile = compile(str);
        AccessDefinition createAccessDefinition = createAccessDefinition(compile, accessType);
        FilterResult<String> alwaysEvaluatableResult = getAlwaysEvaluatableResult(str, createAccessDefinition);
        if (alwaysEvaluatableResult != null) {
            return alwaysEvaluatableResult;
        }
        JpqlWhere whereClause = compile.getWhereClause();
        if (whereClause == null) {
            JpqlWhere createWhere = this.queryPreparator.createWhere(createAccessDefinition.getAccessRules());
            Node jjtGetParent = compile.getFromClause().jjtGetParent();
            for (int jjtGetNumChildren = jjtGetParent.jjtGetNumChildren(); jjtGetNumChildren > 2; jjtGetNumChildren--) {
                jjtGetParent.jjtAddChild(jjtGetParent.jjtGetChild(jjtGetNumChildren - 1), jjtGetNumChildren);
            }
            jjtGetParent.jjtAddChild(createWhere, 2);
        } else {
            Node jjtGetChild = whereClause.jjtGetChild(0);
            if (!(jjtGetChild instanceof JpqlBrackets)) {
                jjtGetChild = this.queryPreparator.createBrackets(jjtGetChild);
            }
            Node createAnd = this.queryPreparator.createAnd(jjtGetChild, createAccessDefinition.getAccessRules());
            createAnd.jjtSetParent(whereClause);
            whereClause.jjtSetChild(createAnd, 0);
        }
        Node statement = compile.getStatement();
        LOG.debug("Optimizing filtered query " + statement);
        optimize(createAccessDefinition);
        Set<String> namedParameters = this.compiler.getNamedParameters(createAccessDefinition.getAccessRules());
        Map<String, Object> queryParameters = createAccessDefinition.getQueryParameters();
        queryParameters.keySet().retainAll(namedParameters);
        String jpqlString = ((SimpleNode) statement).toJpqlString();
        LOG.debug("Returning optimized query " + jpqlString);
        return new FilterResult<>(jpqlString, queryParameters.size() > 0 ? queryParameters : null, compile.getSelectedPaths(), compile.getTypeDefinitions());
    }

    protected AccessDefinition createAccessDefinition(JpqlCompiledStatement jpqlCompiledStatement, AccessType accessType) {
        return createAccessDefinition(getSelectedEntityTypes(jpqlCompiledStatement), accessType);
    }

    private AccessDefinition createAccessDefinition(Alias alias, Class<?> cls, AccessType accessType) {
        return createAccessDefinition(Collections.singletonMap(alias.toPath(), cls), accessType);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessDefinition createAccessDefinition(Map<Path, Class<?>> map, AccessType accessType) {
        AccessDefinition accessDefinition = null;
        boolean z = false;
        for (Map.Entry<Path, Class<?>> entry : map.entrySet()) {
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            AccessDefinition accessDefinition2 = null;
            for (AccessRule accessRule : this.accessRules) {
                if (!hashSet.contains(accessRule.getStatement()) && accessRule.isAssignable(entry.getValue(), this.mappingInformation)) {
                    z = true;
                    hashSet2.add(entry.getValue());
                    hashSet.add((JpqlAccessRule) accessRule.getStatement());
                    if (accessRule.grantsAccess(accessType)) {
                        accessDefinition2 = appendAccessDefinition(accessDefinition2, accessRule, entry.getKey(), this.securityContext);
                    }
                }
            }
            HashMap hashMap = new HashMap();
            for (AccessRule accessRule2 : this.accessRules) {
                if (!hashSet.contains(accessRule2.getStatement()) && accessRule2.mayBeAssignable(entry.getValue(), this.mappingInformation)) {
                    Set set = (Set) hashMap.get(accessRule2.getStatement());
                    if (set == null) {
                        set = new HashSet();
                        hashMap.put((JpqlAccessRule) accessRule2.getStatement(), set);
                    }
                    set.add(accessRule2);
                }
            }
            HashSet<AccessRule> hashSet3 = new HashSet();
            Iterator it = hashMap.values().iterator();
            while (it.hasNext()) {
                AccessRule accessRule3 = null;
                Class<?> cls = null;
                for (AccessRule accessRule4 : (Set) it.next()) {
                    Class<?> selectedType = accessRule4.getSelectedType(this.mappingInformation);
                    if (accessRule3 == null) {
                        accessRule3 = accessRule4;
                        cls = accessRule3.getSelectedType(this.mappingInformation);
                    } else if (selectedType.isAssignableFrom(cls)) {
                        accessRule3 = accessRule4;
                        cls = selectedType;
                    }
                }
                hashSet3.add(accessRule3);
            }
            for (AccessRule accessRule5 : hashSet3) {
                if (accessRule5.mayBeAssignable(entry.getValue(), this.mappingInformation)) {
                    z = true;
                    hashSet2.add(accessRule5.getSelectedType(this.mappingInformation));
                    if (accessRule5.grantsAccess(accessType)) {
                        Node createInstanceOf = this.queryPreparator.createInstanceOf(entry.getKey(), this.mappingInformation.getClassMapping(accessRule5.getSelectedType(this.mappingInformation)));
                        AccessDefinition prepareAccessRule = prepareAccessRule(accessRule5, entry.getKey(), this.securityContext);
                        prepareAccessRule.mergeNode(createInstanceOf);
                        accessDefinition2 = prepareAccessRule.append(accessDefinition2);
                    }
                }
            }
            if (hashSet2.size() > 0 && !hashSet2.contains(entry.getValue())) {
                Node node = null;
                Iterator it2 = hashSet2.iterator();
                while (it2.hasNext()) {
                    Node createInstanceOf2 = this.queryPreparator.createInstanceOf(entry.getKey(), this.mappingInformation.getClassMapping((Class<?>) it2.next()));
                    node = node == null ? this.queryPreparator.createNot(createInstanceOf2) : this.queryPreparator.createAnd(node, this.queryPreparator.createNot(createInstanceOf2));
                }
                if (accessDefinition2 == null) {
                    accessDefinition2 = new AccessDefinition(this, this.queryPreparator.createBrackets(node));
                } else {
                    accessDefinition2.appendNode(node);
                    accessDefinition2.group();
                }
            }
            if (accessDefinition2 != null && (entry.getKey() instanceof ConditionalPath)) {
                accessDefinition2.setAccessRules(this.queryPreparator.createBrackets(this.queryPreparator.createImplication(((ConditionalPath) entry.getKey()).getCondition(), accessDefinition2.getAccessRules())));
            }
            if (accessDefinition == null) {
                accessDefinition = accessDefinition2;
            } else {
                accessDefinition.merge(accessDefinition2);
            }
        }
        if (accessDefinition == null) {
            return new AccessDefinition(this, this.queryPreparator.createBoolean(!z));
        }
        accessDefinition.setAccessRules(this.queryPreparator.createBrackets(accessDefinition.getAccessRules()));
        return accessDefinition;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <Q> FilterResult<Q> getAlwaysEvaluatableResult(Q q, AccessDefinition accessDefinition) {
        if (accessDefinition.getAccessRules() instanceof JpqlBooleanLiteral) {
            if (!Boolean.parseBoolean(((JpqlBooleanLiteral) accessDefinition.getAccessRules()).getValue())) {
                LOG.info("No access rules defined for access type. Returning <null> query.");
                return new FilterResult<>();
            }
            LOG.info("No access rules defined for selected type. Returning unfiltered query");
            return new FilterResult<>(q);
        }
        LOG.debug("Using access definition " + accessDefinition);
        try {
            if (((Boolean) this.queryEvaluator.evaluate(accessDefinition.getAccessRules(), new QueryEvaluationParameters(this.mappingInformation, Collections.emptyMap(), accessDefinition.getQueryParameters(), Collections.emptyMap(), true, QueryEvaluationParameters.EvaluationType.GET_ALWAYS_EVALUATABLE_RESULT))).booleanValue()) {
                LOG.debug("Access rules are always true for current user and roles. Returning unfiltered query");
                return new FilterResult<>(q);
            }
            LOG.debug("Access rules are always false for current user and roles. Returning empty result");
            return new FilterResult<>();
        } catch (NotEvaluatableException e) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void optimize(AccessDefinition accessDefinition) {
        new QueryOptimizer(this.mappingInformation, Collections.EMPTY_MAP, accessDefinition.getQueryParameters(), Collections.EMPTY_MAP, this.queryEvaluator, this.objectCache).optimize(accessDefinition.getAccessRules());
    }

    private AccessDefinition appendAccessDefinition(AccessDefinition accessDefinition, AccessRule accessRule, Path path, SecurityContext securityContext) {
        return prepareAccessRule(accessRule, path, securityContext).append(accessDefinition);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Node appendNode(Node node, Node node2) {
        return node == null ? node2 : this.queryPreparator.createOr(node, node2);
    }

    private AccessDefinition prepareAccessRule(AccessRule accessRule, Path path, SecurityContext securityContext) {
        if (accessRule.getWhereClause() == null) {
            return new AccessDefinition(this, this.queryPreparator.createBoolean(true));
        }
        AccessRule mo4clone = accessRule.mo4clone();
        HashMap hashMap = new HashMap();
        expand(mo4clone, securityContext, hashMap);
        Node createBrackets = this.queryPreparator.createBrackets(mo4clone.getWhereClause().jjtGetChild(0));
        this.queryPreparator.replace(createBrackets, mo4clone.getSelectedPath(), path);
        return new AccessDefinition(createBrackets, hashMap);
    }

    private JpqlCompiledStatement compile(String str) {
        JpqlCompiledStatement jpqlCompiledStatement = this.statementCache.get(str);
        if (jpqlCompiledStatement == null) {
            try {
                jpqlCompiledStatement = this.compiler.compile(this.parser.parseQuery(str));
                this.statementCache.put(str, jpqlCompiledStatement);
            } catch (ParseException e) {
                throw this.exceptionFactory.createRuntimeException(e);
            }
        }
        return jpqlCompiledStatement.mo4clone();
    }

    private void expand(AccessRule accessRule, SecurityContext securityContext, Map<String, Object> map) {
        for (Alias alias : securityContext.getAliases()) {
            Collection<JpqlIn> inNodes = accessRule.getInNodes(alias);
            if (inNodes.size() > 0) {
                expand(alias.getName(), inNodes, securityContext.getAliasValues(alias), map);
            } else {
                for (JpqlIdentificationVariable jpqlIdentificationVariable : accessRule.getIdentificationVariableNodes(alias)) {
                    if (jpqlIdentificationVariable.jjtGetParent() instanceof JpqlPath) {
                        jpqlIdentificationVariable = jpqlIdentificationVariable.jjtGetParent();
                    }
                    this.queryPreparator.replace(jpqlIdentificationVariable, this.queryPreparator.createNamedParameter(alias.getName()));
                }
                map.put(alias.getName(), securityContext.getAliasValue(alias));
            }
        }
    }

    private void expand(String str, Collection<JpqlIn> collection, Collection<Object> collection2, Map<String, Object> map) {
        for (JpqlIn jpqlIn : collection) {
            if (collection2.size() == 0) {
                this.queryPreparator.replace(jpqlIn, this.queryPreparator.createNotEquals(this.queryPreparator.createNumber(1), this.queryPreparator.createNumber(1)));
            } else {
                ArrayList arrayList = new ArrayList(collection2);
                String str2 = str + "0";
                map.put(str2, arrayList.get(0));
                Node createEquals = this.queryPreparator.createEquals(jpqlIn.jjtGetChild(0), this.queryPreparator.createNamedParameter(str2));
                for (int i = 1; i < collection2.size(); i++) {
                    String str3 = str + i;
                    map.put(str3, arrayList.get(i));
                    createEquals = this.queryPreparator.createOr(createEquals, this.queryPreparator.createEquals(jpqlIn.jjtGetChild(0), this.queryPreparator.createNamedParameter(str3)));
                }
                this.queryPreparator.replace(jpqlIn, this.queryPreparator.createBrackets(createEquals));
            }
        }
    }

    private Map<Path, Class<?>> getSelectedEntityTypes(JpqlCompiledStatement jpqlCompiledStatement) {
        Set<TypeDefinition> typeDefinitions = jpqlCompiledStatement.getTypeDefinitions();
        HashMap hashMap = new HashMap();
        for (Path path : jpqlCompiledStatement.getSelectedPaths()) {
            if (!(path instanceof ConditionalPath)) {
                Path selectedEntityPath = getSelectedEntityPath(path, typeDefinitions);
                hashMap.put(selectedEntityPath, getSelectedType(selectedEntityPath, typeDefinitions));
            }
        }
        for (Path path2 : jpqlCompiledStatement.getSelectedPaths()) {
            if (path2 instanceof ConditionalPath) {
                Path selectedEntityPath2 = getSelectedEntityPath(path2, typeDefinitions);
                if (!hashMap.containsKey(new Path(selectedEntityPath2))) {
                    hashMap.put(selectedEntityPath2, getSelectedType(selectedEntityPath2, typeDefinitions));
                }
            }
        }
        return hashMap;
    }

    private Path getSelectedEntityPath(Path path, Set<TypeDefinition> set) {
        if (path.hasParentPath() && !this.mappingInformation.getPropertyMapping(path, set).isRelationshipMapping()) {
            return path.getParentPath();
        }
        return path;
    }

    private Class<?> getSelectedType(Path path, Set<TypeDefinition> set) {
        if (!path.isKeyPath()) {
            return path.hasSubpath() ? this.mappingInformation.getPropertyMapping(path, set).getProperyType() : this.mappingInformation.getType(path.getRootAlias(), set);
        }
        Class<?> keyType = this.mappingInformation.getKeyType(path.getRootAlias(), set);
        return !path.hasSubpath() ? keyType : this.mappingInformation.getPropertyMapping(keyType, path).getProperyType();
    }
}
