package org.jpasecurity.security.rules;

import java.beans.Introspector;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.persistence.PersistenceException;
import javax.persistence.metamodel.ManagedType;
import javax.persistence.metamodel.Metamodel;
import org.jpasecurity.AccessType;
import org.jpasecurity.Alias;
import org.jpasecurity.Path;
import org.jpasecurity.SecurityContext;
import org.jpasecurity.jpql.compiler.QueryPreparator;
import org.jpasecurity.jpql.parser.JpqlAccessRule;
import org.jpasecurity.jpql.parser.JpqlCollectionValuedPath;
import org.jpasecurity.jpql.parser.JpqlFromItem;
import org.jpasecurity.jpql.parser.JpqlInnerFetchJoin;
import org.jpasecurity.jpql.parser.JpqlInnerJoin;
import org.jpasecurity.jpql.parser.JpqlKeywords;
import org.jpasecurity.jpql.parser.JpqlOuterFetchJoin;
import org.jpasecurity.jpql.parser.JpqlOuterJoin;
import org.jpasecurity.jpql.parser.JpqlParser;
import org.jpasecurity.jpql.parser.JpqlPath;
import org.jpasecurity.jpql.parser.JpqlSelectExpressions;
import org.jpasecurity.jpql.parser.JpqlSubselect;
import org.jpasecurity.jpql.parser.JpqlVisitorAdapter;
import org.jpasecurity.jpql.parser.JpqlWhere;
import org.jpasecurity.jpql.parser.JpqlWith;
import org.jpasecurity.jpql.parser.Node;
import org.jpasecurity.jpql.parser.ParseException;
import org.jpasecurity.security.AccessRule;
import org.jpasecurity.security.Permit;
import org.jpasecurity.security.PermitAny;
import org.jpasecurity.util.ListHashMap;
import org.jpasecurity.util.ListMap;
import org.jpasecurity.util.Validate;

/* loaded from: input_file:org/jpasecurity/security/rules/AccessRulesParser.class */
public class AccessRulesParser {
    private static final Alias THIS_ALIAS = new Alias("this");
    private final JpqlParser jpqlParser = new JpqlParser();
    private final AliasVisitor aliasVisitor = new AliasVisitor();
    private Metamodel metamodel;
    private SecurityContext securityContext;
    private AccessRulesProvider accessRulesProvider;
    private AccessRulesCompiler compiler;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jpasecurity/security/rules/AccessRulesParser$AliasVisitor.class */
    public class AliasVisitor extends JpqlVisitorAdapter<Set<Alias>> {
        private AliasVisitor() {
        }

        @Override // org.jpasecurity.jpql.parser.JpqlVisitorAdapter
        public boolean visit(JpqlSelectExpressions jpqlSelectExpressions) {
            return false;
        }

        @Override // org.jpasecurity.jpql.parser.JpqlVisitorAdapter, org.jpasecurity.jpql.parser.JpqlParserVisitor
        public boolean visit(JpqlFromItem jpqlFromItem, Set<Alias> set) {
            return visitAlias(jpqlFromItem, set);
        }

        @Override // org.jpasecurity.jpql.parser.JpqlVisitorAdapter, org.jpasecurity.jpql.parser.JpqlParserVisitor
        public boolean visit(JpqlInnerJoin jpqlInnerJoin, Set<Alias> set) {
            return visitAlias(jpqlInnerJoin, set);
        }

        @Override // org.jpasecurity.jpql.parser.JpqlVisitorAdapter, org.jpasecurity.jpql.parser.JpqlParserVisitor
        public boolean visit(JpqlOuterJoin jpqlOuterJoin, Set<Alias> set) {
            return visitAlias(jpqlOuterJoin, set);
        }

        @Override // org.jpasecurity.jpql.parser.JpqlVisitorAdapter, org.jpasecurity.jpql.parser.JpqlParserVisitor
        public boolean visit(JpqlInnerFetchJoin jpqlInnerFetchJoin, Set<Alias> set) {
            return visitAlias(jpqlInnerFetchJoin, set);
        }

        @Override // org.jpasecurity.jpql.parser.JpqlVisitorAdapter, org.jpasecurity.jpql.parser.JpqlParserVisitor
        public boolean visit(JpqlOuterFetchJoin jpqlOuterFetchJoin, Set<Alias> set) {
            return visitAlias(jpqlOuterFetchJoin, set);
        }

        public boolean visitAlias(Node node, Set<Alias> set) {
            set.add(new Alias(node.jjtGetChild(1).getValue().toLowerCase()));
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jpasecurity/security/rules/AccessRulesParser$PathVisitor.class */
    public class PathVisitor extends JpqlVisitorAdapter<Set<Alias>> {
        private final Alias alias;
        private final QueryPreparator queryPreparator = new QueryPreparator();

        PathVisitor(Alias alias) {
            this.alias = alias;
        }

        @Override // org.jpasecurity.jpql.parser.JpqlVisitorAdapter, org.jpasecurity.jpql.parser.JpqlParserVisitor
        public boolean visit(JpqlSubselect jpqlSubselect, Set<Alias> set) {
            HashSet hashSet = new HashSet(set);
            jpqlSubselect.visit(AccessRulesParser.this.aliasVisitor, hashSet);
            for (int i = 0; i < jpqlSubselect.jjtGetNumChildren(); i++) {
                jpqlSubselect.jjtGetChild(i).visit(this, hashSet);
            }
            return false;
        }

        @Override // org.jpasecurity.jpql.parser.JpqlVisitorAdapter, org.jpasecurity.jpql.parser.JpqlParserVisitor
        public boolean visit(JpqlWith jpqlWith, Set<Alias> set) {
            return false;
        }

        @Override // org.jpasecurity.jpql.parser.JpqlVisitorAdapter, org.jpasecurity.jpql.parser.JpqlParserVisitor
        public boolean visit(JpqlPath jpqlPath, Set<Alias> set) {
            return visitPath(jpqlPath, set);
        }

        @Override // org.jpasecurity.jpql.parser.JpqlVisitorAdapter, org.jpasecurity.jpql.parser.JpqlParserVisitor
        public boolean visit(JpqlCollectionValuedPath jpqlCollectionValuedPath, Set<Alias> set) {
            return visitPath(jpqlCollectionValuedPath, set);
        }

        private boolean visitPath(Node node, Set<Alias> set) {
            Alias alias = new Alias(node.jjtGetChild(0).getValue().toLowerCase());
            if (AccessRulesParser.THIS_ALIAS.equals(alias)) {
                this.queryPreparator.replace(node.jjtGetChild(0), this.queryPreparator.createIdentificationVariable(this.alias));
                return false;
            }
            if (set.contains(alias)) {
                return false;
            }
            if ((node.jjtGetNumChildren() <= 1 && AccessRulesParser.this.securityContext.getAliases().contains(alias)) || new Path(node.toString()).isEnumValue()) {
                return false;
            }
            this.queryPreparator.prependPath(this.alias.toPath(), node);
            return false;
        }
    }

    public AccessRulesParser(String str, Metamodel metamodel, SecurityContext securityContext, AccessRulesProvider accessRulesProvider) {
        this.metamodel = (Metamodel) Validate.notNull((Class<Metamodel>) Metamodel.class, metamodel);
        this.securityContext = (SecurityContext) Validate.notNull((Class<SecurityContext>) SecurityContext.class, securityContext);
        this.accessRulesProvider = (AccessRulesProvider) Validate.notNull((Class<AccessRulesProvider>) AccessRulesProvider.class, accessRulesProvider);
        this.compiler = new AccessRulesCompiler(metamodel);
    }

    public Collection<AccessRule> parseAccessRules() {
        try {
            HashSet hashSet = new HashSet();
            for (Map.Entry entry : parsePermissions().entrySet()) {
                Iterator it = ((List) entry.getValue()).iterator();
                while (it.hasNext()) {
                    hashSet.addAll(this.compiler.compile(createAccessRule((Class) entry.getKey(), (Permit) it.next())));
                }
            }
            Iterator<String> it2 = this.accessRulesProvider.getAccessRules().iterator();
            while (it2.hasNext()) {
                hashSet.addAll(this.compiler.compile(this.jpqlParser.parseRule(it2.next())));
            }
            return hashSet;
        } catch (ParseException e) {
            throw new PersistenceException(e);
        }
    }

    private JpqlAccessRule createAccessRule(Class<?> cls, Permit permit) throws ParseException {
        Alias alias = new Alias(Introspector.decapitalize(cls.getSimpleName()));
        JpqlWhere jpqlWhere = null;
        if (permit.where().trim().length() > 0) {
            jpqlWhere = this.jpqlParser.parseWhereClause("WHERE " + permit.where());
            alias = findUnusedAlias(jpqlWhere, alias);
            appendAlias(jpqlWhere, alias);
        }
        StringBuilder sb = new StringBuilder("GRANT ");
        List asList = Arrays.asList(permit.access());
        if (asList.contains(AccessType.CREATE)) {
            sb.append("CREATE ");
        }
        if (asList.contains(AccessType.READ)) {
            sb.append("READ ");
        }
        if (asList.contains(AccessType.UPDATE)) {
            sb.append("UPDATE ");
        }
        if (asList.contains(AccessType.DELETE)) {
            sb.append("DELETE ");
        }
        sb.append("ACCESS TO ");
        sb.append(cls.getName()).append(' ');
        sb.append(alias);
        if (jpqlWhere != null) {
            sb.append(' ').append(jpqlWhere);
        }
        return this.jpqlParser.parseRule(sb.toString());
    }

    private ListMap<Class<?>, Permit> parsePermissions() {
        ListHashMap listHashMap = new ListHashMap();
        Iterator it = this.metamodel.getManagedTypes().iterator();
        while (it.hasNext()) {
            Class javaType = ((ManagedType) it.next()).getJavaType();
            Permit permit = (Permit) javaType.getAnnotation(Permit.class);
            if (permit != null) {
                listHashMap.add(javaType, permit);
            }
            PermitAny permitAny = (PermitAny) javaType.getAnnotation(PermitAny.class);
            if (permitAny != null) {
                listHashMap.addAll(javaType, Arrays.asList(permitAny.value()));
            }
        }
        return listHashMap;
    }

    private Alias findUnusedAlias(JpqlWhere jpqlWhere, Alias alias) {
        HashSet hashSet = new HashSet();
        jpqlWhere.visit(this.aliasVisitor, hashSet);
        int i = 0;
        while (true) {
            if (!hashSet.contains(alias) && !JpqlKeywords.ALL.contains(alias.toString().toUpperCase())) {
                return alias;
            }
            alias = new Alias(alias.getName() + i);
            i++;
        }
    }

    private void appendAlias(JpqlWhere jpqlWhere, Alias alias) {
        jpqlWhere.visit(new PathVisitor(alias), new HashSet());
    }
}
