package ca.nrc.cadc.vosi.actions;

import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.log.WebServiceLogInfo;
import ca.nrc.cadc.net.ResourceNotFoundException;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.rest.InlineContentHandler;
import ca.nrc.cadc.rest.RestAction;
import ca.nrc.cadc.tap.PluginFactory;
import ca.nrc.cadc.tap.schema.ColumnDesc;
import ca.nrc.cadc.tap.schema.SchemaDesc;
import ca.nrc.cadc.tap.schema.TableDesc;
import ca.nrc.cadc.tap.schema.TapPermissions;
import ca.nrc.cadc.tap.schema.TapSchemaDAO;
import java.io.IOException;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.Iterator;
import java.util.TreeSet;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.sql.DataSource;
import org.apache.log4j.Logger;
import org.opencadc.gms.GroupURI;
import org.opencadc.gms.IvoaGroupClient;

/* loaded from: input_file:ca/nrc/cadc/vosi/actions/TablesAction.class */
public abstract class TablesAction extends RestAction {
    static final String INPUT_TAG = "inputTable";
    protected static final String PERMS_CONTENTTYPE = "text/plain";
    protected static final String OWNER_KEY = "owner";
    protected static final String PUBLIC_KEY = "public";
    protected static final String RGROUP_KEY = "r-group";
    protected static final String RWGROUP_KEY = "rw-group";
    protected String jndiAdminKey;
    protected String jndiCreateSchemaKey;
    private static final Logger log = Logger.getLogger(TablesAction.class);
    public static String ADMIN_KEY = "-admin-principal";
    public static String CREATE_SCHEMA_KEY = "-create-schema-in-db";

    public void initAction() throws Exception {
        super.initAction();
        this.jndiAdminKey = this.appName + ADMIN_KEY;
        this.jndiCreateSchemaKey = this.appName + CREATE_SCHEMA_KEY;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final DataSource getDataSource() {
        return new PluginFactory().getDataSourceProvider().getDataSource(((RestAction) this).syncInput.getRequestPath());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkWritableImpl() throws TransientException {
        super.checkWritable();
    }

    protected InlineContentHandler getInlineContentHandler() {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getTableName() throws ResourceNotFoundException {
        String[] target = getTarget();
        if (target == null) {
            return null;
        }
        return target[1];
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getTarget() throws ResourceNotFoundException {
        String path = this.syncInput.getPath();
        if (path == null || path.isEmpty()) {
            return null;
        }
        String[] split = path.split("[.]");
        if (split.length > 2) {
            throw new ResourceNotFoundException("not found: " + path + " (reason: invalid schema|table name -- too many dots)");
        }
        String[] strArr = new String[2];
        strArr[0] = split[0];
        if (split.length == 2) {
            strArr[1] = path;
        }
        return strArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final TapSchemaDAO getTapSchemaDAO() {
        TapSchemaDAO tapSchemaDAO = new PluginFactory().getTapSchemaDAO();
        tapSchemaDAO.setDataSource(getDataSource());
        tapSchemaDAO.setOrdered(true);
        return tapSchemaDAO;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TableDesc getInputTable(String str, String str2) {
        Object content = this.syncInput.getContent(INPUT_TAG);
        if (content == null) {
            throw new IllegalArgumentException("no input: expected a document describing the table to create/update");
        }
        if (!(content instanceof TableDesc)) {
            throw new RuntimeException("BUG: no input table");
        }
        TableDesc tableDesc = (TableDesc) content;
        tableDesc.setSchemaName(str);
        tableDesc.setTableName(str2);
        int i = 0;
        for (ColumnDesc columnDesc : tableDesc.getColumnDescs()) {
            columnDesc.setTableName(str2);
            int i2 = i;
            i++;
            columnDesc.column_index = Integer.valueOf(i2);
        }
        return tableDesc;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SchemaDesc getInputSchema(String str) {
        Object content = this.syncInput.getContent(INPUT_TAG);
        if (content == null) {
            throw new IllegalArgumentException("no input: expected a document describing the schema to create/update");
        }
        if (content instanceof SchemaDesc) {
            return (SchemaDesc) content;
        }
        throw new RuntimeException("BUG: no input schema");
    }

    public static void checkDropTablePermission(TapSchemaDAO tapSchemaDAO, String str, WebServiceLogInfo webServiceLogInfo) throws AccessControlException, ResourceNotFoundException {
        String schemaFromTable = Util.getSchemaFromTable(str);
        TapPermissions schemaPermissions = tapSchemaDAO.getSchemaPermissions(schemaFromTable);
        TapPermissions tablePermissions = tapSchemaDAO.getTablePermissions(str);
        if (schemaPermissions == null) {
            throw new ResourceNotFoundException("schema not found: " + schemaFromTable);
        }
        if (tablePermissions == null) {
            throw new ResourceNotFoundException("table not found: " + str);
        }
        if (Util.isOwner(schemaPermissions)) {
            webServiceLogInfo.setMessage("drop table allowed: schema owner");
        } else {
            if (!Util.isOwner(tablePermissions)) {
                throw new AccessControlException("permission denied");
            }
            webServiceLogInfo.setMessage("drop table allowed: table owner");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TapPermissions checkViewSchemaPermissions(TapSchemaDAO tapSchemaDAO, String str, WebServiceLogInfo webServiceLogInfo) throws AccessControlException, ResourceNotFoundException {
        TapPermissions schemaPermissions = tapSchemaDAO.getSchemaPermissions(str);
        if (schemaPermissions == null) {
            throw new ResourceNotFoundException("schema not found: " + str);
        }
        if (schemaPermissions.owner == null) {
            webServiceLogInfo.setMessage("view table allowed: null schema owner");
            return schemaPermissions;
        }
        if (schemaPermissions.isPublic.booleanValue()) {
            webServiceLogInfo.setMessage("view table allowed: public schema");
            return schemaPermissions;
        }
        if (Util.isOwner(schemaPermissions)) {
            webServiceLogInfo.setMessage("view schema permissions allowed: schema owner");
            return schemaPermissions;
        }
        if (!checkIsAdmin()) {
            throw new AccessControlException("permission denied");
        }
        webServiceLogInfo.setMessage("view schema permissions allowed: admin");
        return schemaPermissions;
    }

    public static void checkModifySchemaPermissions(TapSchemaDAO tapSchemaDAO, String str, WebServiceLogInfo webServiceLogInfo) throws AccessControlException, ResourceNotFoundException {
        TapPermissions schemaPermissions = tapSchemaDAO.getSchemaPermissions(str);
        if (schemaPermissions == null) {
            throw new ResourceNotFoundException("schema not found: " + str);
        }
        if (!Util.isOwner(schemaPermissions)) {
            throw new AccessControlException("permission denied");
        }
        webServiceLogInfo.setMessage("modify schema permissions allowed: schema owner");
    }

    public TapPermissions checkViewTablePermissions(TapSchemaDAO tapSchemaDAO, String str, WebServiceLogInfo webServiceLogInfo) throws AccessControlException, ResourceNotFoundException {
        String schemaFromTable = Util.getSchemaFromTable(str);
        TapPermissions schemaPermissions = tapSchemaDAO.getSchemaPermissions(schemaFromTable);
        if (schemaPermissions == null) {
            throw new ResourceNotFoundException("schema not found: " + schemaFromTable);
        }
        TapPermissions tablePermissions = tapSchemaDAO.getTablePermissions(str);
        if (tablePermissions == null) {
            throw new ResourceNotFoundException("table not found: " + str);
        }
        if (Util.isOwner(schemaPermissions)) {
            webServiceLogInfo.setMessage("view table permissions allowed: schema owner");
            return tablePermissions;
        }
        if (Util.isOwner(tablePermissions)) {
            webServiceLogInfo.setMessage("view table permissions allowed: table owner");
            return tablePermissions;
        }
        if (!checkIsAdmin()) {
            throw new AccessControlException("permission denied");
        }
        webServiceLogInfo.setMessage("view table permissions allowed: admin");
        return tablePermissions;
    }

    public static void checkModifyTablePermissions(TapSchemaDAO tapSchemaDAO, String str, WebServiceLogInfo webServiceLogInfo) throws AccessControlException, ResourceNotFoundException {
        String schemaFromTable = Util.getSchemaFromTable(str);
        TapPermissions schemaPermissions = tapSchemaDAO.getSchemaPermissions(schemaFromTable);
        TapPermissions tablePermissions = tapSchemaDAO.getTablePermissions(str);
        if (schemaPermissions == null) {
            throw new ResourceNotFoundException("schema not found: " + schemaFromTable);
        }
        if (tablePermissions == null) {
            throw new ResourceNotFoundException("table not found: " + str);
        }
        if (Util.isOwner(schemaPermissions)) {
            webServiceLogInfo.setMessage("modify table permissions allowed: schema owner");
        } else {
            if (!Util.isOwner(tablePermissions)) {
                throw new AccessControlException("permission denied");
            }
            webServiceLogInfo.setMessage("modify table permissions allowed: table owner");
        }
    }

    public void checkTableReadPermissions(TapSchemaDAO tapSchemaDAO, String str, WebServiceLogInfo webServiceLogInfo) throws AccessControlException, IOException, InterruptedException, ResourceNotFoundException {
        TapPermissions tablePermissions = tapSchemaDAO.getTablePermissions(str);
        if (tablePermissions == null) {
            throw new ResourceNotFoundException("table not found: " + str);
        }
        String schemaFromTable = Util.getSchemaFromTable(str);
        TapPermissions schemaPermissions = tapSchemaDAO.getSchemaPermissions(schemaFromTable);
        if (schemaPermissions == null) {
            throw new ResourceNotFoundException("schema not found: " + schemaFromTable);
        }
        if (schemaPermissions.owner == null) {
            webServiceLogInfo.setMessage("view table allowed: null schema owner");
            return;
        }
        if (schemaPermissions.isPublic.booleanValue()) {
            webServiceLogInfo.setMessage("view table allowed: public schema");
            return;
        }
        if (tablePermissions.owner == null) {
            webServiceLogInfo.setMessage("view table allowed: null table owner");
            return;
        }
        if (tablePermissions.isPublic.booleanValue()) {
            webServiceLogInfo.setMessage("view table allowed: public table");
            return;
        }
        if (Util.isOwner(tablePermissions)) {
            webServiceLogInfo.setMessage("view table allowed: table owner");
            return;
        }
        if (Util.isOwner(schemaPermissions)) {
            webServiceLogInfo.setMessage("view table allowed: schema owner");
            return;
        }
        if (checkIsAdmin()) {
            webServiceLogInfo.setMessage("view table allowed: admin");
            return;
        }
        IvoaGroupClient ivoaGroupClient = new IvoaGroupClient();
        TreeSet treeSet = new TreeSet();
        if (schemaPermissions.readGroup != null) {
            treeSet.add(schemaPermissions.readGroup);
        }
        if (schemaPermissions.readWriteGroup != null) {
            treeSet.add(schemaPermissions.readWriteGroup);
        }
        if (tablePermissions.readGroup != null) {
            treeSet.add(tablePermissions.readGroup);
        }
        if (tablePermissions.readWriteGroup != null) {
            treeSet.add(tablePermissions.readWriteGroup);
        }
        GroupURI permittedGroup = Util.getPermittedGroup(ivoaGroupClient, treeSet);
        if (permittedGroup == null) {
            throw new AccessControlException("permission denied");
        }
        webServiceLogInfo.setMessage("view table allowed: member of group " + permittedGroup);
    }

    public void checkTableWritePermissions(TapSchemaDAO tapSchemaDAO, String str) throws AccessControlException, IOException, ResourceNotFoundException {
        checkTableWritePermissions(tapSchemaDAO, str, this.logInfo);
    }

    public static void checkTableWritePermissions(TapSchemaDAO tapSchemaDAO, String str, WebServiceLogInfo webServiceLogInfo) throws AccessControlException, IOException, ResourceNotFoundException {
        TapPermissions tablePermissions = tapSchemaDAO.getTablePermissions(str);
        if (tablePermissions == null) {
            throw new ResourceNotFoundException("table not found: " + str);
        }
        if (Util.isOwner(tablePermissions)) {
            webServiceLogInfo.setMessage("table write allowed: table owner");
            return;
        }
        IvoaGroupClient ivoaGroupClient = new IvoaGroupClient();
        TreeSet treeSet = new TreeSet();
        if (tablePermissions.readWriteGroup != null) {
            treeSet.add(tablePermissions.readWriteGroup);
            GroupURI permittedGroup = Util.getPermittedGroup(ivoaGroupClient, treeSet);
            if (permittedGroup != null) {
                webServiceLogInfo.setMessage("schema write allowed: member of table group " + permittedGroup);
                return;
            }
        }
        throw new AccessControlException("permission denied");
    }

    public static void checkSchemaWritePermissions(TapSchemaDAO tapSchemaDAO, String str, WebServiceLogInfo webServiceLogInfo) throws AccessControlException, IOException, ResourceNotFoundException {
        TapPermissions schemaPermissions = tapSchemaDAO.getSchemaPermissions(str);
        if (schemaPermissions == null) {
            throw new ResourceNotFoundException("not found: " + str);
        }
        if (Util.isOwner(schemaPermissions)) {
            webServiceLogInfo.setMessage("schema write allowed: schema owner");
            return;
        }
        IvoaGroupClient ivoaGroupClient = new IvoaGroupClient();
        TreeSet treeSet = new TreeSet();
        if (schemaPermissions.readWriteGroup != null) {
            treeSet.add(schemaPermissions.readWriteGroup);
            GroupURI permittedGroup = Util.getPermittedGroup(ivoaGroupClient, treeSet);
            if (permittedGroup != null) {
                webServiceLogInfo.setMessage("schema write allowed: member of table group " + permittedGroup);
                return;
            }
        }
        throw new AccessControlException("permission denied");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean checkIsAdmin() {
        try {
            HttpPrincipal httpPrincipal = (HttpPrincipal) new InitialContext().lookup(this.jndiAdminKey);
            if (httpPrincipal != null) {
                Iterator<Principal> it = AuthenticationUtil.getCurrentSubject().getPrincipals().iterator();
                while (it.hasNext()) {
                    if (AuthenticationUtil.equals(httpPrincipal, it.next())) {
                        return true;
                    }
                }
            }
        } catch (NamingException e) {
            log.error("Failed to find JNDI key: " + this.jndiAdminKey, e);
        }
        throw new AccessControlException("permission denied");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean getCreateSchemaEnabled() {
        try {
            Boolean bool = (Boolean) new InitialContext().lookup(this.jndiCreateSchemaKey);
            if (bool != null) {
                return bool.booleanValue();
            }
            return false;
        } catch (NamingException e) {
            log.error("Failed to find JNDI key: " + this.jndiCreateSchemaKey, e);
            return false;
        }
    }
}
