package org.apache.derby.impl.sql.conn;

import java.util.Iterator;
import java.util.List;
import org.apache.derby.iapi.error.StandardException;
import org.apache.derby.iapi.services.property.PropertyUtil;
import org.apache.derby.iapi.sql.Activation;
import org.apache.derby.iapi.sql.conn.Authorizer;
import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
import org.apache.derby.iapi.sql.dictionary.DataDictionary;
import org.apache.derby.iapi.sql.dictionary.StatementPermission;
import org.apache.derby.iapi.util.IdUtil;
import org.apache.derby.iapi.util.StringUtil;

/* loaded from: input_file:glassfish-embedded-all-3.0-nx.jar:org/apache/derby/impl/sql/conn/GenericAuthorizer.class */
class GenericAuthorizer implements Authorizer {
    private static final int NO_ACCESS = 0;
    private static final int READ_ACCESS = 1;
    private static final int FULL_ACCESS = 2;
    private int userAccessLevel;
    boolean readOnlyConnection;
    private final LanguageConnectionContext lcc;
    private final String authorizationId;

    /* JADX INFO: Access modifiers changed from: package-private */
    public GenericAuthorizer(String str, LanguageConnectionContext languageConnectionContext, boolean z) throws StandardException {
        this.lcc = languageConnectionContext;
        this.authorizationId = str;
        if (z) {
            refresh();
        }
    }

    private boolean connectionMustRemainReadOnly() {
        return this.lcc.getDatabase().isReadOnly() || this.userAccessLevel == 1;
    }

    @Override // org.apache.derby.iapi.sql.conn.Authorizer
    public void authorize(int i) throws StandardException {
        authorize((Activation) null, i);
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.apache.derby.iapi.sql.conn.Authorizer
    public void authorize(Activation activation, int i) throws StandardException {
        short sQLAllowed = this.lcc.getStatementContext().getSQLAllowed();
        switch (i) {
            case 0:
            case 5:
                if (isReadOnlyConnection()) {
                    throw StandardException.newException("25502");
                }
                if (sQLAllowed > 0) {
                    throw externalRoutineException(i, sQLAllowed);
                }
                break;
            case 1:
                if (sQLAllowed > 1) {
                    throw externalRoutineException(i, sQLAllowed);
                }
                break;
            case 2:
            case 3:
                if (sQLAllowed == 3) {
                    throw externalRoutineException(i, sQLAllowed);
                }
                break;
            case 4:
            case 6:
                if (isReadOnlyConnection()) {
                    throw StandardException.newException("25503");
                }
                if (sQLAllowed > 0) {
                    throw externalRoutineException(i, sQLAllowed);
                }
                break;
        }
        if (activation != null) {
            List requiredPermissionsList = activation.getPreparedStatement().getRequiredPermissionsList();
            DataDictionary dataDictionary = this.lcc.getDataDictionary();
            if (requiredPermissionsList == null || requiredPermissionsList.isEmpty() || this.authorizationId.equals(dataDictionary.getAuthorizationDatabaseOwner())) {
                return;
            }
            int startReading = dataDictionary.startReading(this.lcc);
            this.lcc.beginNestedTransaction(true);
            try {
                try {
                    Iterator it = requiredPermissionsList.iterator();
                    while (it.hasNext()) {
                        ((StatementPermission) it.next()).check(this.lcc, this.authorizationId, false);
                    }
                    dataDictionary.doneReading(startReading, this.lcc);
                } catch (Throwable th) {
                    dataDictionary.doneReading(startReading, this.lcc);
                    throw th;
                }
            } finally {
                this.lcc.commitNestedTransaction();
            }
        }
    }

    private static StandardException externalRoutineException(int i, int i2) {
        String str;
        if (i2 == 1) {
            str = "38002";
        } else if (i2 == 2) {
            switch (i) {
                case 0:
                case 4:
                case 5:
                case 6:
                    str = "38002";
                    break;
                case 1:
                case 2:
                case 3:
                default:
                    str = "38004";
                    break;
            }
        } else {
            str = "38001";
        }
        return StandardException.newException(str);
    }

    @Override // org.apache.derby.iapi.sql.conn.Authorizer
    public String getAuthorizationId() {
        return this.authorizationId;
    }

    private void getUserAccessLevel() throws StandardException {
        this.userAccessLevel = 0;
        if (userOnAccessList("derby.database.fullAccessUsers")) {
            this.userAccessLevel = 2;
        }
        if (this.userAccessLevel == 0 && userOnAccessList("derby.database.readOnlyAccessUsers")) {
            this.userAccessLevel = 1;
        }
        if (this.userAccessLevel == 0) {
            this.userAccessLevel = getDefaultAccessLevel();
        }
    }

    private int getDefaultAccessLevel() throws StandardException {
        String serviceProperty = PropertyUtil.getServiceProperty(this.lcc.getTransactionExecute(), "derby.database.defaultConnectionMode");
        if (serviceProperty == null) {
            return 2;
        }
        if (StringUtil.SQLEqualsIgnoreCase(serviceProperty, "noAccess")) {
            return 0;
        }
        if (StringUtil.SQLEqualsIgnoreCase(serviceProperty, "readOnlyAccess")) {
            return 1;
        }
        return StringUtil.SQLEqualsIgnoreCase(serviceProperty, "fullAccess") ? 2 : 2;
    }

    private boolean userOnAccessList(String str) throws StandardException {
        return IdUtil.idOnList(this.authorizationId, PropertyUtil.getServiceProperty(this.lcc.getTransactionExecute(), str));
    }

    @Override // org.apache.derby.iapi.sql.conn.Authorizer
    public boolean isReadOnlyConnection() {
        return this.readOnlyConnection;
    }

    @Override // org.apache.derby.iapi.sql.conn.Authorizer
    public void setReadOnlyConnection(boolean z, boolean z2) throws StandardException {
        if (z2 && !z && connectionMustRemainReadOnly()) {
            throw StandardException.newException("25505");
        }
        this.readOnlyConnection = z;
    }

    @Override // org.apache.derby.iapi.sql.conn.Authorizer
    public void refresh() throws StandardException {
        getUserAccessLevel();
        if (!this.readOnlyConnection) {
            this.readOnlyConnection = connectionMustRemainReadOnly();
        }
        if (this.userAccessLevel == 0) {
            throw StandardException.newException("04501.C");
        }
    }
}
