package com.gemstone.gemfire.internal.security;

import com.gemstone.gemfire.DataSerializable;
import com.gemstone.gemfire.DataSerializer;
import com.gemstone.gemfire.Instantiator;
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.operations.GetOperationContext;
import com.gemstone.gemfire.cache.operations.OperationContext;
import com.gemstone.gemfire.cache.operations.PutOperationContext;
import com.gemstone.gemfire.cache.operations.QueryOperationContext;
import com.gemstone.gemfire.cache.query.SelectResults;
import com.gemstone.gemfire.cache.query.internal.CqEntry;
import com.gemstone.gemfire.cache.query.internal.ResultsCollectionWrapper;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.i18n.LogWriterI18n;
import com.gemstone.gemfire.internal.HeapDataOutputStream;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.security.AccessControl;
import com.gemstone.gemfire.security.NotAuthorizedException;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;

/* loaded from: input_file:WEB-INF/lib/gemfire-7.0.jar:com/gemstone/gemfire/internal/security/FilterPostAuthorization.class */
public class FilterPostAuthorization implements AccessControl {
    private String principalName = null;
    private LogWriterI18n logger = null;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static AccessControl create() {
        return new FilterPostAuthorization();
    }

    @Override // com.gemstone.gemfire.security.AccessControl
    public void init(Principal principal, DistributedMember distributedMember, Cache cache) throws NotAuthorizedException {
        this.principalName = principal == null ? "" : principal.getName();
        this.logger = cache.getSecurityLoggerI18n();
    }

    private byte[] checkObjectAuth(byte[] bArr, boolean z) {
        if (!z) {
            return null;
        }
        try {
            Object readObject = DataSerializer.readObject(new DataInputStream(new ByteArrayInputStream(bArr)));
            if (this.logger.finerEnabled()) {
                this.logger.finer("FilterPostAuthorization: successfully read object from serialized object: " + readObject);
            }
            Object checkObjectAuth = checkObjectAuth(readObject);
            if (checkObjectAuth == null) {
                return null;
            }
            HeapDataOutputStream heapDataOutputStream = new HeapDataOutputStream(bArr.length + 32);
            try {
                DataSerializer.writeObject(checkObjectAuth, heapDataOutputStream);
                return heapDataOutputStream.toByteArray();
            } catch (Exception e) {
                this.logger.severe(LocalizedStrings.FilterPostAuthorization_FILTERPOSTAUTHORIZATION_AN_EXCEPTION_WAS_THROWN_WHILE_TRYING_TO_SERIALIZE, (Throwable) e);
                return null;
            }
        } catch (Exception e2) {
            this.logger.severe(LocalizedStrings.FilterPostAuthorization_FILTERPOSTAUTHORIZATION_AN_EXCEPTION_WAS_THROWN_WHILE_TRYING_TO_DESERIALIZE, (Throwable) e2);
            return null;
        }
    }

    private Object checkObjectAuth(Object obj) {
        Object obj2 = obj;
        if (obj instanceof CqEntry) {
            obj2 = ((CqEntry) obj).getValue();
        }
        if (!(obj2 instanceof ObjectWithAuthz)) {
            this.logger.warning(LocalizedStrings.FilterPostAuthorization_FILTERPOSTAUTHORIZATION_THE_OBJECT_OF_TYPE_0_IS_NOT_AN_INSTANCE_OF_1, new Object[]{obj2.getClass(), ObjectWithAuthz.class});
            return null;
        }
        int charAt = (this.principalName.charAt(this.principalName.length() - 1) - '0') % 10;
        ObjectWithAuthz objectWithAuthz = (ObjectWithAuthz) obj2;
        int intValue = (((Integer) objectWithAuthz.getAuthz()).intValue() - 48) % 10;
        if (charAt == 0 || intValue % charAt != 0) {
            this.logger.warning(LocalizedStrings.FilterPostAuthorization_FILTERPOSTAUTHORIZATION_THE_USER_0_IS_NOT_AUTHORIZED_FOR_THE_OBJECT_1, new Object[]{this.principalName, objectWithAuthz.getVal()});
            return null;
        }
        if (this.logger.fineEnabled()) {
            this.logger.fine("FilterPostAuthorization: user [" + this.principalName + "] authorized for object: " + objectWithAuthz.getVal());
        }
        return obj instanceof CqEntry ? new CqEntry(((CqEntry) obj).getKey(), objectWithAuthz.getVal()) : objectWithAuthz.getVal();
    }

    @Override // com.gemstone.gemfire.security.AccessControl
    public boolean authorizeOperation(String str, OperationContext operationContext) {
        if (!$assertionsDisabled && !operationContext.isPostOperation()) {
            throw new AssertionError();
        }
        OperationContext.OperationCode operationCode = operationContext.getOperationCode();
        if (operationCode.isGet()) {
            GetOperationContext getOperationContext = (GetOperationContext) operationContext;
            Object object = getOperationContext.getObject();
            boolean isObject = getOperationContext.isObject();
            if (object != null) {
                Object checkObjectAuth = checkObjectAuth(object);
                if (checkObjectAuth == null) {
                    return false;
                }
                getOperationContext.setObject(checkObjectAuth, isObject);
                return true;
            }
            byte[] checkObjectAuth2 = checkObjectAuth(getOperationContext.getSerializedValue(), isObject);
            if (checkObjectAuth2 == null) {
                return false;
            }
            getOperationContext.setSerializedValue(checkObjectAuth2, isObject);
            return true;
        }
        if (operationCode.isPut()) {
            PutOperationContext putOperationContext = (PutOperationContext) operationContext;
            byte[] serializedValue = putOperationContext.getSerializedValue();
            boolean isObject2 = putOperationContext.isObject();
            byte[] checkObjectAuth3 = checkObjectAuth(serializedValue, isObject2);
            if (checkObjectAuth3 == null) {
                return false;
            }
            putOperationContext.setSerializedValue(checkObjectAuth3, isObject2);
            return true;
        }
        if (operationCode.equals(OperationContext.OperationCode.PUTALL)) {
            return false;
        }
        if (!operationCode.isQuery() && !operationCode.isExecuteCQ()) {
            return false;
        }
        QueryOperationContext queryOperationContext = (QueryOperationContext) operationContext;
        Object queryResult = queryOperationContext.getQueryResult();
        if (!(queryResult instanceof SelectResults)) {
            return false;
        }
        SelectResults selectResults = (SelectResults) queryResult;
        ArrayList arrayList = new ArrayList();
        Iterator<E> it = selectResults.iterator();
        while (it.hasNext()) {
            Object checkObjectAuth4 = checkObjectAuth(it.next());
            if (checkObjectAuth4 != null) {
                arrayList.add(checkObjectAuth4);
            }
        }
        if (!selectResults.isModifiable()) {
            queryOperationContext.setQueryResult(new ResultsCollectionWrapper(selectResults.getCollectionType().getElementType(), arrayList));
            return true;
        }
        selectResults.clear();
        selectResults.addAll(arrayList);
        return true;
    }

    @Override // com.gemstone.gemfire.cache.CacheCallback
    public void close() {
        this.principalName = null;
    }

    static {
        $assertionsDisabled = !FilterPostAuthorization.class.desiredAssertionStatus();
        Instantiator.register(new Instantiator(ObjectWithAuthz.class, 57) { // from class: com.gemstone.gemfire.internal.security.FilterPostAuthorization.1
            @Override // com.gemstone.gemfire.Instantiator
            public DataSerializable newInstance() {
                return new ObjectWithAuthz();
            }
        }, false);
    }
}
