package com.pivotal.gemfirexd.internal.impl.sql.conn;

import com.pivotal.gemfirexd.Property;
import com.pivotal.gemfirexd.internal.engine.distributed.utils.GemFireXDUtils;
import com.pivotal.gemfirexd.internal.iapi.error.StandardException;
import com.pivotal.gemfirexd.internal.iapi.services.property.PropertyUtil;
import com.pivotal.gemfirexd.internal.iapi.services.sanity.SanityManager;
import com.pivotal.gemfirexd.internal.iapi.sql.Activation;
import com.pivotal.gemfirexd.internal.iapi.sql.conn.Authorizer;
import com.pivotal.gemfirexd.internal.iapi.sql.conn.LanguageConnectionContext;
import com.pivotal.gemfirexd.internal.iapi.sql.conn.StatementContext;
import com.pivotal.gemfirexd.internal.iapi.sql.dictionary.DataDictionary;
import com.pivotal.gemfirexd.internal.iapi.sql.dictionary.StatementPermission;
import com.pivotal.gemfirexd.internal.iapi.sql.execute.ExecPreparedStatement;
import com.pivotal.gemfirexd.internal.iapi.util.IdUtil;
import com.pivotal.gemfirexd.internal.iapi.util.StringUtil;
import java.util.List;

/* loaded from: input_file:com/pivotal/gemfirexd/internal/impl/sql/conn/GenericAuthorizer.class */
final class GenericAuthorizer implements Authorizer {
    private static final int NO_ACCESS = 0;
    private static final int READ_ACCESS = 1;
    private static final int FULL_ACCESS = 2;
    private int userAccessLevel;
    boolean readOnlyConnection;
    private final LanguageConnectionContext lcc;
    private final String authorizationId;

    /* JADX INFO: Access modifiers changed from: package-private */
    public GenericAuthorizer(String str, LanguageConnectionContext languageConnectionContext) throws StandardException {
        this.lcc = languageConnectionContext;
        this.authorizationId = str;
        refresh();
    }

    private boolean connectionMustRemainReadOnly() {
        return this.lcc.getDatabase().isReadOnly() || this.userAccessLevel == 1;
    }

    @Override // com.pivotal.gemfirexd.internal.iapi.sql.conn.Authorizer
    public void authorize(int i) throws StandardException {
        authorize(null, null, null, i);
    }

    @Override // com.pivotal.gemfirexd.internal.iapi.sql.conn.Authorizer
    public final void authorize(Activation activation, int i) throws StandardException {
        authorize(activation, activation != null ? activation.getPreparedStatement() : null, null, i);
    }

    @Override // com.pivotal.gemfirexd.internal.iapi.sql.conn.Authorizer
    public final void authorize(Activation activation, ExecPreparedStatement execPreparedStatement, List<StatementPermission> list, int i) throws StandardException {
        if (this.lcc.isConnectionForRemote()) {
            if (GemFireXDUtils.TraceAuthentication) {
                SanityManager.DEBUG_PRINT("TraceAuthentication", "skipping remote connection authorization for authorizationId=" + this.authorizationId);
                return;
            }
            return;
        }
        checkAccess();
        short s = 3;
        if (list == null || list.size() <= 0) {
            StatementContext statementContext = this.lcc.getStatementContext();
            if (statementContext != null) {
                s = statementContext.getSQLAllowed();
            }
        } else {
            s = 1;
        }
        switch (i) {
            case 0:
            case 5:
                if (isReadOnlyConnection()) {
                    throw StandardException.newException("25502");
                }
                if (s > 0) {
                    throw externalRoutineException(i, s);
                }
                break;
            case 1:
                if (s > 1) {
                    throw externalRoutineException(i, s);
                }
                break;
            case 2:
            case 3:
                if (s == 3) {
                    throw externalRoutineException(i, s);
                }
                break;
            case 4:
            case 6:
                if (isReadOnlyConnection()) {
                    throw StandardException.newException("25503");
                }
                if (s > 0) {
                    throw externalRoutineException(i, s);
                }
                break;
            default:
                if (i >= 7) {
                    switch (i - 7) {
                        case 0:
                            if (isReadOnlyConnection()) {
                                throw StandardException.newException("25502");
                            }
                            break;
                        case 1:
                            break;
                        case 2:
                        case 3:
                        default:
                            SanityManager.THROWASSERT("Bad operation code " + i);
                            break;
                        case 4:
                            if (isReadOnlyConnection()) {
                                throw StandardException.newException("25503");
                            }
                            break;
                    }
                } else {
                    SanityManager.THROWASSERT("Bad operation code " + i);
                    break;
                }
                break;
        }
        if (list == null) {
            if (activation == null) {
                return;
            }
            if (execPreparedStatement == null) {
                ExecPreparedStatement preparedStatement = activation.getPreparedStatement();
                execPreparedStatement = preparedStatement;
                if (preparedStatement == null) {
                    return;
                }
            }
        }
        DataDictionary dataDictionary = this.lcc.getDataDictionary();
        int startReading = dataDictionary.startReading(this.lcc);
        boolean z = false;
        if (activation != null) {
            try {
                activation.checkStatementValidity();
            } finally {
                dataDictionary.doneReading(startReading, this.lcc);
                if (z) {
                    this.lcc.commitNestedTransaction();
                }
            }
        }
        List<StatementPermission> requiredPermissionsList = list != null ? list : execPreparedStatement.getRequiredPermissionsList();
        if (GemFireXDUtils.TraceAuthentication) {
            SanityManager.DEBUG_PRINT("TraceAuthentication", "authorizing for authorizationId=" + this.authorizationId + " activation " + activation + " distributed member owner = " + dataDictionary.getAuthorizationDatabaseOwner() + " requiredPermissionList=" + requiredPermissionsList);
        }
        if (requiredPermissionsList != null && !requiredPermissionsList.isEmpty() && !this.authorizationId.equals(dataDictionary.getAuthorizationDatabaseOwner())) {
            this.lcc.beginNestedTransaction(true);
            z = true;
            for (StatementPermission statementPermission : requiredPermissionsList) {
                if (GemFireXDUtils.TraceAuthentication) {
                    SanityManager.DEBUG_PRINT("TraceAuthentication", "authorizationId=" + this.authorizationId + " StatementPermission=" + statementPermission);
                }
                statementPermission.check(this.lcc, this.authorizationId, false);
            }
        }
    }

    private static StandardException externalRoutineException(int i, int i2) {
        String str;
        if (i2 == 1) {
            str = "38002";
        } else if (i2 == 2) {
            switch (i) {
                case 0:
                case 4:
                case 5:
                case 6:
                    str = "38002";
                    break;
                case 1:
                case 2:
                case 3:
                default:
                    str = "38004";
                    break;
            }
        } else {
            str = "38001";
        }
        return StandardException.newException(str);
    }

    @Override // com.pivotal.gemfirexd.internal.iapi.sql.conn.Authorizer
    public String getAuthorizationId() {
        return this.authorizationId;
    }

    private void getUserAccessLevel() throws StandardException {
        this.userAccessLevel = 0;
        if (userOnAccessList(Property.AUTHZ_FULL_ACCESS_USERS) || userOnAccessList("authz-full-access-users")) {
            this.userAccessLevel = 2;
        }
        if (this.userAccessLevel == 0 && (userOnAccessList(Property.AUTHZ_READ_ONLY_ACCESS_USERS) || userOnAccessList("authz-read-only-access-users"))) {
            this.userAccessLevel = 1;
        }
        if (this.userAccessLevel == 0) {
            this.userAccessLevel = getDefaultAccessLevel();
        }
    }

    private int getDefaultAccessLevel() throws StandardException {
        String serviceProperty = PropertyUtil.getServiceProperty(this.lcc.getTransactionExecute(), Property.AUTHZ_DEFAULT_CONNECTION_MODE);
        if (serviceProperty == null) {
            return 2;
        }
        if (StringUtil.SQLEqualsIgnoreCase(serviceProperty, "NOACCESS")) {
            return 0;
        }
        if (StringUtil.SQLEqualsIgnoreCase(serviceProperty, "READONLYACCESS")) {
            return 1;
        }
        if (StringUtil.SQLEqualsIgnoreCase(serviceProperty, "FULLACCESS")) {
            return 2;
        }
        SanityManager.THROWASSERT("Invalid value for property gemfirexd.authz-default-connection-mode " + serviceProperty);
        return 2;
    }

    private boolean userOnAccessList(String str) throws StandardException {
        return IdUtil.idOnList(this.authorizationId, PropertyUtil.getServiceProperty(this.lcc.getTransactionExecute(), str));
    }

    @Override // com.pivotal.gemfirexd.internal.iapi.sql.conn.Authorizer
    public boolean isReadOnlyConnection() {
        return this.readOnlyConnection;
    }

    @Override // com.pivotal.gemfirexd.internal.iapi.sql.conn.Authorizer
    public void setReadOnlyConnection(boolean z, boolean z2) throws StandardException {
        if (z2 && !z && connectionMustRemainReadOnly()) {
            throw StandardException.newException("25505");
        }
        this.readOnlyConnection = z;
    }

    @Override // com.pivotal.gemfirexd.internal.iapi.sql.conn.Authorizer
    public void refresh() throws StandardException {
        getUserAccessLevel();
        checkAccess();
    }

    private void checkAccess() throws StandardException {
        this.readOnlyConnection = connectionMustRemainReadOnly();
        if (this.userAccessLevel == 0) {
            throw StandardException.newException("08004.C.3");
        }
    }
}
