package oracle.kv.impl.security;

import java.lang.annotation.Annotation;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import oracle.kv.KVSecurityException;
import oracle.kv.impl.fault.ClientAccessException;
import oracle.kv.impl.fault.OperationFaultException;
import oracle.kv.impl.fault.ProcessFaultHandler;
import oracle.kv.impl.param.ParameterUtils;
import oracle.kv.impl.security.ExecutionContext;
import oracle.kv.impl.security.MethodHandlerUtils;
import oracle.kv.impl.security.annotations.PublicAPI;
import oracle.kv.impl.security.annotations.PublicMethod;
import oracle.kv.impl.security.annotations.SecureAPI;
import oracle.kv.impl.security.annotations.SecureAutoMethod;
import oracle.kv.impl.security.annotations.SecureInternalMethod;
import oracle.kv.impl.security.annotations.SecureR2Method;

/* loaded from: input_file:oracle/kv/impl/security/SecureProxy.class */
public final class SecureProxy implements InvocationHandler {
    private static final List<KVStorePrivilege> emptyPrivilegeList;
    private final Object proxyTo;
    private final AccessChecker checker;
    private final ProcessFaultHandler faultHandler;
    private static final Set<Class<?>> methodAnnotationClasses;
    static final /* synthetic */ boolean $assertionsDisabled;
    private final ConcurrentHashMap<Method, String> describeMap = new ConcurrentHashMap<>();
    private final Map<Method, MethodHandler> methodMap = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:oracle/kv/impl/security/SecureProxy$CheckingHandler.class */
    public final class CheckingHandler implements MethodHandler {
        private final List<KVStorePrivilege> requiredPrivileges;

        CheckingHandler(KVStorePrivilege[] kVStorePrivilegeArr) {
            this.requiredPrivileges = kVStorePrivilegeArr == null ? SecureProxy.emptyPrivilegeList : Collections.unmodifiableList(Arrays.asList(kVStorePrivilegeArr));
        }

        @Override // oracle.kv.impl.security.MethodHandler
        public Object invoke(final Method method, final Object[] objArr) throws Exception {
            if (SecureProxy.this.checker == null) {
                return MethodHandlerUtils.invokeMethod(SecureProxy.this.proxyTo, method, objArr);
            }
            return ExecutionContext.runWithContext(new ExecutionContext.Operation<Object, Exception>() { // from class: oracle.kv.impl.security.SecureProxy.CheckingHandler.2
                @Override // oracle.kv.impl.security.ExecutionContext.Operation
                public Object run() throws Exception {
                    return MethodHandlerUtils.invokeMethod(SecureProxy.this.proxyTo, method, objArr);
                }
            }, (ExecutionContext) SecureProxy.this.faultHandler.execute(new ProcessFaultHandler.SimpleOperation<ExecutionContext>() { // from class: oracle.kv.impl.security.SecureProxy.CheckingHandler.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // oracle.kv.impl.fault.ProcessFaultHandler.SimpleOperation
                public ExecutionContext execute() {
                    try {
                        return ExecutionContext.create(SecureProxy.this.checker, (AuthContext) objArr[objArr.length - 2], new MethodInvokeContext(method, CheckingHandler.this.requiredPrivileges));
                    } catch (KVSecurityException e) {
                        throw new ClientAccessException(e);
                    } catch (SessionAccessException e2) {
                        throw e2;
                    }
                }
            }));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:oracle/kv/impl/security/SecureProxy$MethodInvokeContext.class */
    public final class MethodInvokeContext implements OperationContext {
        private final Method m;
        private final List<KVStorePrivilege> reqPrivileges;

        private MethodInvokeContext(Method method, List<KVStorePrivilege> list) {
            this.m = method;
            this.reqPrivileges = list;
        }

        @Override // oracle.kv.impl.security.OperationContext
        public String describe() {
            if (!SecureProxy.this.describeMap.contains(this.m)) {
                SecureProxy.this.describeMap.putIfAbsent(this.m, SecureProxy.qualifiedMethodName(this.m));
            }
            return "attempt to call " + ((String) SecureProxy.this.describeMap.get(this.m));
        }

        @Override // oracle.kv.impl.security.OperationContext
        public List<? extends KVStorePrivilege> getRequiredPrivileges() {
            return this.reqPrivileges;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:oracle/kv/impl/security/SecureProxy$R2CompatHandler.class */
    public final class R2CompatHandler implements MethodHandler {
        private final Method r3Method;

        private R2CompatHandler(Method method) {
            this.r3Method = method;
        }

        @Override // oracle.kv.impl.security.MethodHandler
        public Object invoke(Method method, Object[] objArr) throws Exception {
            Object[] copyOf = Arrays.copyOf(objArr, objArr.length + 1);
            copyOf[objArr.length] = objArr[objArr.length - 1];
            copyOf[objArr.length - 1] = null;
            return SecureProxy.this.invoke(null, this.r3Method, copyOf);
        }
    }

    @Override // java.lang.reflect.InvocationHandler
    public Object invoke(Object obj, final Method method, Object[] objArr) throws Exception {
        MethodHandler methodHandler = this.methodMap.get(method);
        if (methodHandler == null) {
            if (method.getDeclaringClass() == Object.class) {
                String name = method.getName();
                boolean z = -1;
                switch (name.hashCode()) {
                    case -1776922004:
                        if (name.equals("toString")) {
                            z = false;
                            break;
                        }
                        break;
                    case -1295482945:
                        if (name.equals("equals")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 147696667:
                        if (name.equals("hashCode")) {
                            z = true;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        return obj.getClass().getName() + '@' + Integer.toHexString(System.identityHashCode(obj));
                    case true:
                        return Integer.valueOf(System.identityHashCode(obj));
                    case true:
                        return Boolean.valueOf(obj == objArr[0]);
                }
            }
            this.faultHandler.execute(new ProcessFaultHandler.SimpleProcedure() { // from class: oracle.kv.impl.security.SecureProxy.1
                @Override // oracle.kv.impl.fault.ProcessFaultHandler.SimpleProcedure
                public void execute() {
                    throw new OperationFaultException("MethodHandler for method " + SecureProxy.qualifiedMethodName(method) + " was not found");
                }
            });
        }
        return methodHandler.invoke(method, objArr);
    }

    public static <T> T create(T t, AccessChecker accessChecker, ProcessFaultHandler processFaultHandler) throws ConfigurationException {
        SecureProxy secureProxy = new SecureProxy(t, accessChecker, processFaultHandler);
        return (T) Proxy.newProxyInstance(t.getClass().getClassLoader(), (Class[]) ProxyUtils.findRemoteInterfaces(t.getClass()).toArray(new Class[0]), secureProxy);
    }

    private SecureProxy(Object obj, AccessChecker accessChecker, ProcessFaultHandler processFaultHandler) throws ConfigurationException {
        this.proxyTo = obj;
        this.checker = accessChecker;
        this.faultHandler = processFaultHandler;
        Class<?> cls = obj.getClass();
        Set<Method> findRemoteInterfaceMethods = ProxyUtils.findRemoteInterfaceMethods(cls);
        HashMap hashMap = new HashMap();
        Iterator<Method> it = findRemoteInterfaceMethods.iterator();
        while (it.hasNext()) {
            hashMap.put(methodKey(it.next()), null);
        }
        collectMethodInfo(cls, hashMap, findRemoteInterfaceMethods);
        for (Method method : findRemoteInterfaceMethods) {
            MethodHandler methodHandler = hashMap.get(methodKey(method));
            if (methodHandler == null) {
                throw new ConfigurationException("Interface method " + qualifiedMethodName(method) + " has no method handler defined.");
            }
            this.methodMap.put(method, methodHandler);
        }
        if (this.methodMap.isEmpty()) {
            throw new ConfigurationException("Class " + cls + " has no proxyable interface methods.");
        }
    }

    private void collectMethodInfo(Class<?> cls, Map<String, MethodHandler> map, Set<Method> set) throws ConfigurationException {
        if (cls == Object.class) {
            return;
        }
        Class<?> classSecureAnnotation = getClassSecureAnnotation(cls);
        for (Method method : cls.getDeclaredMethods()) {
            Annotation methodSecureAnnotation = getMethodSecureAnnotation(method);
            String methodKey = methodKey(method);
            if (map.containsKey(methodKey)) {
                if (null == classSecureAnnotation) {
                    throw new ConfigurationException("Class " + cls + " is not marked as either SecureAPI or PublicAPI.");
                }
                if (methodSecureAnnotation == null && classSecureAnnotation == SecureAPI.class) {
                    throw new ConfigurationException("All Remote interface methods implemented by a class marked as SecureAPI must be annotated with a security decoration. Method " + methodName(method) + " of Class " + cls.getName() + " is not annotated.");
                }
                set.add(method);
                MethodHandler makeMethodHandler = makeMethodHandler(method, cls, methodSecureAnnotation);
                if (!$assertionsDisabled && makeMethodHandler == null) {
                    throw new AssertionError();
                }
                if (map.get(methodKey) == null) {
                    map.put(methodKey, makeMethodHandler);
                }
            } else if (methodSecureAnnotation != null) {
                throw new ConfigurationException("SecureMethod and PublicMethod annotations may not be applied to methods that are not Remote interface methods.  Method " + methodName(method) + " of Class " + cls + " is marked as " + methodSecureAnnotation.annotationType().getSimpleName());
            }
        }
        collectMethodInfo(cls.getSuperclass(), map, set);
    }

    private Class<?> getClassSecureAnnotation(Class<?> cls) throws ConfigurationException {
        Class<? extends Annotation> cls2 = null;
        for (Annotation annotation : cls.getDeclaredAnnotations()) {
            if (annotation.annotationType() == SecureAPI.class || annotation.annotationType() == PublicAPI.class) {
                if (cls2 != null) {
                    throw new ConfigurationException("Class " + cls.getName() + " is marked as both " + annotation.annotationType().getSimpleName() + " and " + cls2.getSimpleName());
                }
                cls2 = annotation.annotationType();
            }
        }
        return cls2;
    }

    private Annotation getMethodSecureAnnotation(Method method) throws ConfigurationException {
        Annotation annotation = null;
        for (Annotation annotation2 : method.getDeclaredAnnotations()) {
            if (methodAnnotationClasses.contains(annotation2.annotationType())) {
                if (annotation != null) {
                    throw new ConfigurationException("Method " + qualifiedMethodName(method) + " is marked as both " + annotation.annotationType().getSimpleName() + " and " + annotation2.annotationType().getSimpleName());
                }
                annotation = annotation2;
            }
        }
        return annotation;
    }

    private MethodHandler makeMethodHandler(Method method, Class<?> cls, Annotation annotation) throws ConfigurationException {
        MethodHandler r2CompatHandler;
        Class<? extends Annotation> annotationType = annotation == null ? PublicMethod.class : annotation.annotationType();
        if (annotationType == PublicMethod.class) {
            r2CompatHandler = new MethodHandlerUtils.DirectHandler(this.proxyTo);
        } else if (annotationType == SecureAutoMethod.class) {
            ensureAuthContext(method);
            KVStorePrivilegeLabel[] privileges = ((SecureAutoMethod) annotation).privileges();
            if (privileges == null || privileges.length == 0) {
                throw new ConfigurationException("SecureAutoMethod requires a non-empty privilege list: " + qualifiedMethodName(method));
            }
            r2CompatHandler = new CheckingHandler(lookupPrivileges(privileges));
        } else if (annotationType == SecureInternalMethod.class) {
            ensureAuthContext(method);
            r2CompatHandler = new CheckingHandler(null);
        } else {
            if (annotationType != SecureR2Method.class) {
                throw new IllegalStateException("missing case for " + annotationType.getSimpleName());
            }
            Method findR3Method = findR3Method(method, cls);
            if (findR3Method == null) {
                throw new ConfigurationException("Unable to find an R3 method equivalent for method: " + qualifiedMethodName(method));
            }
            if (findR3Method.getClass() != method.getClass()) {
                throw new ConfigurationException("R2 compatibility methods must be implemented within the same class as their R3 equivalent methods: " + qualifiedMethodName(method));
            }
            r2CompatHandler = new R2CompatHandler(findR3Method);
        }
        return r2CompatHandler;
    }

    private static void ensureAuthContext(Method method) throws ConfigurationException {
        Class<?>[] parameterTypes = method.getParameterTypes();
        if (parameterTypes.length < 2 || AuthContext.class != parameterTypes[parameterTypes.length - 2]) {
            throw new ConfigurationException("Method " + qualifiedMethodName(method) + " does not have an AuthContext argument in the next to last position.");
        }
    }

    private static KVStorePrivilege[] lookupPrivileges(KVStorePrivilegeLabel[] kVStorePrivilegeLabelArr) throws ConfigurationException {
        KVStorePrivilege[] kVStorePrivilegeArr = new KVStorePrivilege[kVStorePrivilegeLabelArr.length];
        for (int i = 0; i < kVStorePrivilegeLabelArr.length; i++) {
            KVStorePrivilegeLabel kVStorePrivilegeLabel = kVStorePrivilegeLabelArr[i];
            try {
                SystemPrivilege systemPrivilege = SystemPrivilege.get(kVStorePrivilegeLabel);
                if (systemPrivilege == null) {
                    throw new ConfigurationException("The privilege label " + kVStorePrivilegeLabel + " has no corresponding privilege");
                }
                kVStorePrivilegeArr[i] = systemPrivilege;
            } catch (IllegalArgumentException e) {
                throw new ConfigurationException(e.getMessage(), e);
            }
        }
        return kVStorePrivilegeArr;
    }

    private static String methodKey(Method method) {
        StringBuffer stringBuffer = new StringBuffer();
        if ((method.getModifiers() & 2) != 0) {
            stringBuffer.append("private ");
        }
        stringBuffer.append(method.getName());
        stringBuffer.append("(");
        for (Class<?> cls : method.getParameterTypes()) {
            stringBuffer.append(cls.getName());
            stringBuffer.append(ParameterUtils.HELPER_HOST_SEPARATOR);
        }
        stringBuffer.append(")");
        return stringBuffer.toString();
    }

    private static String methodName(Method method) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(method.getName());
        stringBuffer.append("(");
        boolean z = true;
        for (Class<?> cls : method.getParameterTypes()) {
            if (!z) {
                stringBuffer.append(ParameterUtils.HELPER_HOST_SEPARATOR);
            }
            stringBuffer.append(cls.getSimpleName());
            z = false;
        }
        stringBuffer.append(")");
        return stringBuffer.toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String qualifiedMethodName(Method method) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(method.getDeclaringClass().getSimpleName());
        stringBuffer.append(".");
        stringBuffer.append(methodName(method));
        return stringBuffer.toString();
    }

    private static Method findR3Method(Method method, Class<?> cls) {
        Class<?>[] parameterTypes = method.getParameterTypes();
        if (parameterTypes.length < 1) {
            return null;
        }
        Class<?>[] clsArr = (Class[]) Arrays.copyOf(parameterTypes, parameterTypes.length + 1);
        clsArr[parameterTypes.length] = clsArr[parameterTypes.length - 1];
        clsArr[parameterTypes.length - 1] = AuthContext.class;
        try {
            return cls.getMethod(method.getName(), clsArr);
        } catch (NoSuchMethodException e) {
            return null;
        }
    }

    static {
        $assertionsDisabled = !SecureProxy.class.desiredAssertionStatus();
        emptyPrivilegeList = Collections.emptyList();
        methodAnnotationClasses = new HashSet();
        methodAnnotationClasses.add(PublicMethod.class);
        methodAnnotationClasses.add(SecureAutoMethod.class);
        methodAnnotationClasses.add(SecureInternalMethod.class);
        methodAnnotationClasses.add(SecureR2Method.class);
    }
}
