package oracle.kv.impl.security;

import java.util.Arrays;
import java.util.List;
import oracle.kv.KVSecurityException;
import oracle.kv.impl.admin.AdminService;
import oracle.kv.impl.admin.IllegalCommandException;
import oracle.kv.impl.admin.plan.Plan;
import oracle.kv.impl.api.table.TableImpl;
import oracle.kv.impl.fault.ClientAccessException;
import oracle.kv.impl.security.util.SecurityUtils;
import oracle.kv.impl.util.RateLimitingLogger;
import oracle.kv.impl.util.server.LoggerUtils;

/* loaded from: input_file:oracle/kv/impl/security/AccessCheckUtils.class */
public class AccessCheckUtils {

    /* loaded from: input_file:oracle/kv/impl/security/AccessCheckUtils$PlanAccessContext.class */
    public static class PlanAccessContext extends PlanContext {
        public PlanAccessContext(Plan plan, String str) {
            super(plan, str);
        }

        @Override // oracle.kv.impl.security.AccessCheckUtils.ResourceContext
        List<? extends KVStorePrivilege> privilegesForOwner() {
            return SystemPrivilege.usrviewPrivList;
        }

        @Override // oracle.kv.impl.security.AccessCheckUtils.ResourceContext
        List<? extends KVStorePrivilege> privilegesForNonOwner() {
            return SystemPrivilege.sysviewPrivList;
        }

        @Override // oracle.kv.impl.security.AccessCheckUtils.PlanContext, oracle.kv.impl.security.OperationContext
        public /* bridge */ /* synthetic */ String describe() {
            return super.describe();
        }

        @Override // oracle.kv.impl.security.AccessCheckUtils.ResourceContext, oracle.kv.impl.security.OperationContext
        public /* bridge */ /* synthetic */ List getRequiredPrivileges() {
            return super.getRequiredPrivileges();
        }
    }

    /* loaded from: input_file:oracle/kv/impl/security/AccessCheckUtils$PlanContext.class */
    private static abstract class PlanContext extends ResourceContext {
        private final String ctxDescription;

        PlanContext(Plan plan, String str) {
            super(plan, "Plan");
            Object[] objArr = new Object[4];
            objArr[0] = str;
            objArr[1] = plan.getName();
            objArr[2] = Integer.valueOf(plan.getId());
            objArr[3] = plan.getOwner() == null ? "" : plan.getOwner();
            this.ctxDescription = String.format("%s, Plan Name: %s, Plan Id: %d, Owner: %s", objArr);
        }

        @Override // oracle.kv.impl.security.OperationContext
        public String describe() {
            return this.ctxDescription;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/security/AccessCheckUtils$PlanOperationContext.class */
    public static class PlanOperationContext extends PlanContext {
        public PlanOperationContext(Plan plan, String str) {
            super(plan, str);
        }

        @Override // oracle.kv.impl.security.AccessCheckUtils.ResourceContext
        List<? extends KVStorePrivilege> privilegesForOwner() {
            return ((Plan) this.resource).getRequiredPrivileges();
        }

        @Override // oracle.kv.impl.security.AccessCheckUtils.ResourceContext
        List<? extends KVStorePrivilege> privilegesForNonOwner() {
            return SystemPrivilege.sysoperPrivList;
        }

        @Override // oracle.kv.impl.security.AccessCheckUtils.PlanContext, oracle.kv.impl.security.OperationContext
        public /* bridge */ /* synthetic */ String describe() {
            return super.describe();
        }

        @Override // oracle.kv.impl.security.AccessCheckUtils.ResourceContext, oracle.kv.impl.security.OperationContext
        public /* bridge */ /* synthetic */ List getRequiredPrivileges() {
            return super.getRequiredPrivileges();
        }
    }

    /* loaded from: input_file:oracle/kv/impl/security/AccessCheckUtils$ResourceContext.class */
    private static abstract class ResourceContext implements OperationContext {
        final Ownable resource;

        ResourceContext(Ownable ownable, String str) {
            if (ownable == null) {
                throw new IllegalCommandException(str + " to be checked doesn't exist");
            }
            this.resource = ownable;
        }

        @Override // oracle.kv.impl.security.OperationContext
        public List<? extends KVStorePrivilege> getRequiredPrivileges() {
            return AccessCheckUtils.currentUserOwnsResource(this.resource) ? privilegesForOwner() : privilegesForNonOwner();
        }

        abstract List<? extends KVStorePrivilege> privilegesForOwner();

        abstract List<? extends KVStorePrivilege> privilegesForNonOwner();
    }

    /* loaded from: input_file:oracle/kv/impl/security/AccessCheckUtils$TableContext.class */
    public static class TableContext extends ResourceContext {
        private final List<KVStorePrivilege> privsToCheck;
        private final String ctxDescription;

        public TableContext(String str, TableImpl tableImpl, KVStorePrivilege... kVStorePrivilegeArr) {
            this(str, tableImpl, (List<KVStorePrivilege>) Arrays.asList(kVStorePrivilegeArr));
        }

        public TableContext(String str, TableImpl tableImpl, List<KVStorePrivilege> list) {
            super(tableImpl, "Table");
            this.privsToCheck = list;
            Object[] objArr = new Object[4];
            objArr[0] = str;
            objArr[1] = tableImpl.getFullName();
            objArr[2] = Long.valueOf(tableImpl.getId());
            objArr[3] = tableImpl.getOwner() == null ? "" : tableImpl.getOwner();
            this.ctxDescription = String.format("%s, Table name: %s, Table Id: %d, Owner: %s", objArr);
        }

        @Override // oracle.kv.impl.security.OperationContext
        public String describe() {
            return this.ctxDescription;
        }

        @Override // oracle.kv.impl.security.AccessCheckUtils.ResourceContext
        List<? extends KVStorePrivilege> privilegesForOwner() {
            return SystemPrivilege.usrviewPrivList;
        }

        @Override // oracle.kv.impl.security.AccessCheckUtils.ResourceContext
        List<? extends KVStorePrivilege> privilegesForNonOwner() {
            return this.privsToCheck;
        }

        @Override // oracle.kv.impl.security.AccessCheckUtils.ResourceContext, oracle.kv.impl.security.OperationContext
        public /* bridge */ /* synthetic */ List getRequiredPrivileges() {
            return super.getRequiredPrivileges();
        }
    }

    public static void checkPermission(AdminService adminService, OperationContext operationContext) throws SessionAccessException, ClientAccessException {
        AccessChecker accessChecker;
        ExecutionContext current = ExecutionContext.getCurrent();
        if (current == null || (accessChecker = adminService.getAdminSecurity().getAccessChecker()) == null) {
            return;
        }
        try {
            accessChecker.checkAccess(current, operationContext);
        } catch (KVSecurityException e) {
            throw new ClientAccessException(e);
        }
    }

    public static boolean currentUserOwnsResource(Ownable ownable) {
        ResourceOwner currentUserAsOwner = SecurityUtils.currentUserAsOwner();
        return currentUserAsOwner != null && currentUserAsOwner.equals(ownable.getOwner());
    }

    public static void logSecurityError(KVSecurityException kVSecurityException, String str, RateLimitingLogger<String> rateLimitingLogger) {
        ExecutionContext current = ExecutionContext.getCurrent();
        if (current != null) {
            logSecurityError(kVSecurityException.getMessage(), str, current, rateLimitingLogger);
        }
    }

    public static void logSecurityError(String str, String str2, ExecutionContext executionContext, RateLimitingLogger<String> rateLimitingLogger) {
        if (rateLimitingLogger.getInternalLogger() != null) {
            String str3 = "";
            if (executionContext.requestorContext() != null && executionContext.requestorContext().getClientHost() != null) {
                str3 = executionContext.requestorContext().getClientHost();
            }
            KVStoreUserPrincipal subjectUserPrincipal = ExecutionContext.getSubjectUserPrincipal(executionContext.requestorSubject());
            rateLimitingLogger.log((RateLimitingLogger<String>) str2, LoggerUtils.SecurityLevel.SEC_WARNING, LoggerUtils.KVAuditInfo.failure(subjectUserPrincipal != null ? subjectUserPrincipal.getName() : "", executionContext.requestorHost(), str3, str2, str));
        }
    }
}
