package com.pivotal.gemfirexd.internal.impl.sql.execute;

import com.pivotal.gemfirexd.internal.catalog.ExternalCatalog;
import com.pivotal.gemfirexd.internal.engine.Misc;
import com.pivotal.gemfirexd.internal.engine.distributed.utils.GemFireXDUtils;
import com.pivotal.gemfirexd.internal.engine.store.GemFireStore;
import com.pivotal.gemfirexd.internal.iapi.error.StandardException;
import com.pivotal.gemfirexd.internal.iapi.services.io.FormatableBitSet;
import com.pivotal.gemfirexd.internal.iapi.services.sanity.SanityManager;
import com.pivotal.gemfirexd.internal.iapi.sql.Activation;
import com.pivotal.gemfirexd.internal.iapi.sql.conn.LanguageConnectionContext;
import com.pivotal.gemfirexd.internal.iapi.sql.dictionary.AliasDescriptor;
import com.pivotal.gemfirexd.internal.iapi.sql.dictionary.ColPermsDescriptor;
import com.pivotal.gemfirexd.internal.iapi.sql.dictionary.DataDescriptorGenerator;
import com.pivotal.gemfirexd.internal.iapi.sql.dictionary.DataDictionary;
import com.pivotal.gemfirexd.internal.iapi.sql.dictionary.SchemaDescriptor;
import com.pivotal.gemfirexd.internal.iapi.sql.dictionary.TableDescriptor;
import com.pivotal.gemfirexd.internal.iapi.sql.dictionary.TablePermsDescriptor;
import com.pivotal.gemfirexd.internal.iapi.sql.dictionary.TupleDescriptor;
import com.pivotal.gemfirexd.internal.iapi.sql.dictionary.ViewDescriptor;
import com.pivotal.gemfirexd.internal.iapi.store.access.TransactionController;
import com.pivotal.gemfirexd.internal.snappy.CallbackFactoryProvider;
import java.util.Arrays;
import java.util.List;

/* loaded from: input_file:com/pivotal/gemfirexd/internal/impl/sql/execute/TablePrivilegeInfo.class */
public class TablePrivilegeInfo extends PrivilegeInfo {
    public static final int SELECT_ACTION = 0;
    public static final int DELETE_ACTION = 1;
    public static final int INSERT_ACTION = 2;
    public static final int UPDATE_ACTION = 3;
    public static final int REFERENCES_ACTION = 4;
    public static final int TRIGGER_ACTION = 5;
    public static final int ALTER_ACTION = 6;
    public static final int ACTION_COUNT = 7;
    private static final String YES_WITH_GRANT_OPTION = "Y";
    public static final String YES_WITHOUT_GRANT_OPTION = "y";
    public static final String NO = "N";
    private static final String[][] actionString = {new String[]{"s", "S"}, new String[]{"d", "D"}, new String[]{"i", "I"}, new String[]{"u", "U"}, new String[]{"r", "R"}, new String[]{"t", "T"}, new String[]{"a", "A"}};
    private TableDescriptor td;
    private boolean[] actionAllowed;
    private FormatableBitSet[] columnBitSets;
    private List descriptorList;

    public TablePrivilegeInfo(TableDescriptor tableDescriptor, boolean[] zArr, FormatableBitSet[] formatableBitSetArr, List list) {
        this.actionAllowed = zArr;
        this.columnBitSets = formatableBitSetArr;
        this.td = tableDescriptor;
        this.descriptorList = list;
    }

    protected void checkOwnership(String str, TableDescriptor tableDescriptor, SchemaDescriptor schemaDescriptor, DataDictionary dataDictionary, LanguageConnectionContext languageConnectionContext, boolean z) throws StandardException {
        PrivilegeInfo.checkOwnership(str, tableDescriptor, schemaDescriptor, dataDictionary);
        if (z) {
            checkPrivileges(str, tableDescriptor, schemaDescriptor, dataDictionary, languageConnectionContext);
        }
    }

    private void checkPrivileges(String str, TableDescriptor tableDescriptor, SchemaDescriptor schemaDescriptor, DataDictionary dataDictionary, LanguageConnectionContext languageConnectionContext) throws StandardException {
        if (str.equals(dataDictionary.getAuthorizationDatabaseOwner()) || tableDescriptor.getTableType() != 2 || this.descriptorList == null) {
            return;
        }
        TransactionController transactionExecute = languageConnectionContext.getTransactionExecute();
        int size = this.descriptorList.size();
        for (int i = 0; i < size; i++) {
            SchemaDescriptor schemaDescriptor2 = null;
            TupleDescriptor tupleDescriptor = (TupleDescriptor) this.descriptorList.get(i);
            if (tupleDescriptor instanceof TableDescriptor) {
                schemaDescriptor2 = ((TableDescriptor) tupleDescriptor).getSchemaDescriptor();
            } else if (tupleDescriptor instanceof ViewDescriptor) {
                schemaDescriptor2 = dataDictionary.getSchemaDescriptor(((ViewDescriptor) tupleDescriptor).getCompSchemaId(), transactionExecute);
            } else if (tupleDescriptor instanceof AliasDescriptor) {
                schemaDescriptor2 = dataDictionary.getSchemaDescriptor(((AliasDescriptor) tupleDescriptor).getSchemaUUID(), transactionExecute);
            }
            String authorizationId = schemaDescriptor2.getAuthorizationId();
            if (schemaDescriptor2 != null && !str.equals(authorizationId) && !Misc.checkLDAPGroupOwnership(schemaDescriptor2.getSchemaName(), authorizationId, str)) {
                throw StandardException.newException("4250A", str, "grant", schemaDescriptor.getSchemaName(), tableDescriptor.getName());
            }
        }
    }

    @Override // com.pivotal.gemfirexd.internal.impl.sql.execute.PrivilegeInfo
    public void executeGrantRevoke(Activation activation, boolean z, List list) throws StandardException {
        GemFireStore memStore = Misc.getMemStore();
        boolean z2 = memStore.isSnappyStore() && Misc.isSecurityEnabled();
        if (z2 && CallbackFactoryProvider.getStoreCallbacks().isColumnTable(Misc.getFullTableName(this.td.getSchemaName(), this.td.getName(), activation.getLanguageConnectionContext()))) {
            return;
        }
        doExecuteGrantRevoke(activation, z, list, this.columnBitSets, this.actionAllowed, true, this.td);
        if (z2) {
            String columnBatchTableName = CallbackFactoryProvider.getStoreCallbacks().columnBatchTableName(Misc.getFullTableName(this.td.getSchemaName(), this.td.getName(), activation.getLanguageConnectionContext()));
            ExternalCatalog externalCatalog = memStore.getExternalCatalog();
            if (externalCatalog == null && !Misc.initialDDLReplayInProgress()) {
                throw new IllegalStateException("External catalog not initialized.");
            }
            if ((externalCatalog == null || !externalCatalog.isColumnTable(this.td.getSchemaName(), this.td.getName(), true)) && Misc.getRegionForTableByPath(columnBatchTableName, false) == null) {
                return;
            }
            DataDictionary dataDictionary = activation.getLanguageConnectionContext().getDataDictionary();
            int indexOf = columnBatchTableName.indexOf(46);
            if (indexOf != -1) {
                columnBatchTableName = columnBatchTableName.substring(indexOf + 1);
            }
            doExecuteGrantRevoke(activation, z, list, new FormatableBitSet[0], null, false, dataDictionary.getTableDescriptor(columnBatchTableName, this.td.getSchemaDescriptor(), activation.getLanguageConnectionContext().getTransactionExecute()));
        }
    }

    private void doExecuteGrantRevoke(Activation activation, boolean z, List list, FormatableBitSet[] formatableBitSetArr, boolean[] zArr, boolean z2, TableDescriptor tableDescriptor) throws StandardException {
        LanguageConnectionContext languageConnectionContext = activation.getLanguageConnectionContext();
        DataDictionary dataDictionary = languageConnectionContext.getDataDictionary();
        String authorizationId = languageConnectionContext.getAuthorizationId();
        TransactionController transactionExecute = languageConnectionContext.getTransactionExecute();
        SchemaDescriptor schemaDescriptor = tableDescriptor.getSchemaDescriptor();
        dataDictionary.startWriting(languageConnectionContext);
        this.schemaName = schemaDescriptor.getSchemaName();
        if (z2) {
            this.tableName = tableDescriptor.getName();
        }
        if (z2) {
            checkOwnership(authorizationId, tableDescriptor, schemaDescriptor, dataDictionary, languageConnectionContext, z);
        }
        DataDescriptorGenerator dataDescriptorGenerator = dataDictionary.getDataDescriptorGenerator();
        TablePermsDescriptor newTablePermsDescriptor = dataDescriptorGenerator.newTablePermsDescriptor(tableDescriptor, getPermString(0, false), getPermString(1, false), getPermString(2, false), getPermString(3, false), getPermString(4, false), getPermString(5, false), getPermString(6, false), authorizationId);
        ColPermsDescriptor[] colPermsDescriptorArr = new ColPermsDescriptor[formatableBitSetArr.length];
        for (int i = 0; i < formatableBitSetArr.length; i++) {
            if (formatableBitSetArr[i] != null || (!z && hasColumnPermissions(i) && zArr[i])) {
                colPermsDescriptorArr[i] = dataDescriptorGenerator.newColPermsDescriptor(tableDescriptor, getActionString(i, false), formatableBitSetArr[i], authorizationId);
            }
        }
        GranteeIterator granteeIterator = new GranteeIterator(list, newTablePermsDescriptor, z, 16, 2, 12, dataDictionary, transactionExecute);
        while (granteeIterator.hasNext()) {
            boolean z3 = false;
            String moveNext = granteeIterator.moveNext();
            if (newTablePermsDescriptor != null && dataDictionary.addRemovePermissionsDescriptor(z, newTablePermsDescriptor, moveNext, transactionExecute)) {
                z3 = true;
                dataDictionary.getDependencyManager().invalidateFor(newTablePermsDescriptor, 44, languageConnectionContext);
                dataDictionary.getDependencyManager().invalidateFor(tableDescriptor, 23, languageConnectionContext);
            }
            if (GemFireXDUtils.TraceAuthentication) {
                SanityManager.DEBUG_PRINT("TraceAuthentication", (z ? " grant column permissions " : "revoke column permissions ") + GemFireXDUtils.addressOf(this) + " table=" + tableDescriptor.getDescriptorName() + " grantee=" + moveNext + " columnBitSets=" + Arrays.toString(formatableBitSetArr) + " colPermsDesc=" + Arrays.toString(colPermsDescriptorArr));
            }
            for (int i2 = 0; i2 < formatableBitSetArr.length; i2++) {
                if (colPermsDescriptorArr[i2] != null && dataDictionary.addRemovePermissionsDescriptor(z, colPermsDescriptorArr[i2], moveNext, transactionExecute)) {
                    z3 = true;
                    dataDictionary.getDependencyManager().invalidateFor(colPermsDescriptorArr[i2], 44, languageConnectionContext);
                    dataDictionary.getDependencyManager().invalidateFor(tableDescriptor, 23, languageConnectionContext);
                }
            }
            addWarningIfPrivilegeNotRevoked(activation, z, z3, moveNext);
        }
    }

    private String getPermString(int i, boolean z) {
        return (this.actionAllowed[i] && this.columnBitSets[i] == null) ? z ? "Y" : YES_WITHOUT_GRANT_OPTION : "N";
    }

    private String getActionString(int i, boolean z) {
        return actionString[i][z ? (char) 1 : (char) 0];
    }

    private boolean hasColumnPermissions(int i) {
        return i == 0 || i == 3 || i == 4;
    }
}
