package org.apache.ignite.internal.sql.engine.exec.ddl;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.function.LongSupplier;
import org.apache.ignite.internal.catalog.CatalogCommand;
import org.apache.ignite.internal.catalog.CatalogManager;
import org.apache.ignite.internal.catalog.commands.AbstractCreateIndexCommand;
import org.apache.ignite.internal.catalog.commands.AbstractSequenceCommand;
import org.apache.ignite.internal.catalog.commands.AbstractTableCommand;
import org.apache.ignite.internal.catalog.commands.AlterSequenceCommand;
import org.apache.ignite.internal.catalog.commands.AlterTableAddColumnCommand;
import org.apache.ignite.internal.catalog.commands.AlterTableAlterColumnCommand;
import org.apache.ignite.internal.catalog.commands.AlterTableDropColumnCommand;
import org.apache.ignite.internal.catalog.commands.AlterTableDropExpireCommand;
import org.apache.ignite.internal.catalog.commands.AlterTableDropSecondaryZoneCommand;
import org.apache.ignite.internal.catalog.commands.AlterTableSetExpireCommand;
import org.apache.ignite.internal.catalog.commands.AlterZoneCommand;
import org.apache.ignite.internal.catalog.commands.AlterZoneSetDefaultCommand;
import org.apache.ignite.internal.catalog.commands.ColumnParams;
import org.apache.ignite.internal.catalog.commands.CreateSequenceCommand;
import org.apache.ignite.internal.catalog.commands.CreateTableCommand;
import org.apache.ignite.internal.catalog.commands.CreateZoneCommand;
import org.apache.ignite.internal.catalog.commands.DefaultValue;
import org.apache.ignite.internal.catalog.commands.DropIndexCommand;
import org.apache.ignite.internal.catalog.commands.DropSequenceCommand;
import org.apache.ignite.internal.catalog.commands.DropTableCommand;
import org.apache.ignite.internal.catalog.commands.DropZoneCommand;
import org.apache.ignite.internal.catalog.commands.RenameZoneCommand;
import org.apache.ignite.internal.hlc.ClockService;
import org.apache.ignite.internal.sql.engine.prepare.ddl.AssignRolesCommand;
import org.apache.ignite.internal.sql.engine.prepare.ddl.CreateRoleCommand;
import org.apache.ignite.internal.sql.engine.prepare.ddl.CreateUserCommand;
import org.apache.ignite.internal.sql.engine.prepare.ddl.DropRoleCommand;
import org.apache.ignite.internal.sql.engine.prepare.ddl.DropUserCommand;
import org.apache.ignite.internal.sql.engine.prepare.ddl.PrivilegesCommand;
import org.apache.ignite.internal.sql.engine.prepare.ddl.RevokeRolesCommand;
import org.apache.ignite.internal.sql.engine.sql.fun.GridgainSqlOperatorTable;
import org.apache.ignite.lang.ErrorGroups;
import org.apache.ignite.sql.SqlException;
import org.gridgain.internal.license.LicenseFeatureChecker;
import org.gridgain.internal.rbac.Rbac;
import org.gridgain.internal.rbac.authorization.Authorizer;
import org.gridgain.internal.rbac.privileges.Action;
import org.gridgain.internal.rbac.privileges.Privilege;
import org.gridgain.internal.rbac.privileges.Selector;

/* loaded from: input_file:org/apache/ignite/internal/sql/engine/exec/ddl/SecuredDdlCommandHandler.class */
public class SecuredDdlCommandHandler extends DdlCommandHandler {
    private final Authorizer authorizer;

    public SecuredDdlCommandHandler(CatalogManager catalogManager, Rbac rbac, ClockService clockService, LongSupplier longSupplier, LicenseFeatureChecker licenseFeatureChecker) {
        super(catalogManager, rbac, clockService, longSupplier, licenseFeatureChecker);
        this.authorizer = rbac.authorizer();
    }

    @Override // org.apache.ignite.internal.sql.engine.exec.ddl.DdlCommandHandler
    public CompletableFuture<Boolean> handle(CatalogCommand catalogCommand) {
        if (catalogCommand instanceof CreateTableCommand) {
            return handleCreateTable((CreateTableCommand) catalogCommand);
        }
        if (catalogCommand instanceof DropTableCommand) {
            return handleDropTable((DropTableCommand) catalogCommand);
        }
        if (catalogCommand instanceof AlterTableAddColumnCommand) {
            return handleAlterAddColumn((AlterTableAddColumnCommand) catalogCommand);
        }
        if (catalogCommand instanceof AlterTableDropColumnCommand) {
            return handleAlterDropColumn((AlterTableDropColumnCommand) catalogCommand);
        }
        if (catalogCommand instanceof AlterTableSetExpireCommand) {
            return handleAlterTableSetExpire((AlterTableSetExpireCommand) catalogCommand);
        }
        if (catalogCommand instanceof AlterTableDropExpireCommand) {
            return handleAlterTableDropExpire((AlterTableDropExpireCommand) catalogCommand);
        }
        if (catalogCommand instanceof AlterTableAlterColumnCommand) {
            return handleAlterColumn((AlterTableAlterColumnCommand) catalogCommand);
        }
        if (catalogCommand instanceof AbstractCreateIndexCommand) {
            return handleCreateIndex((AbstractCreateIndexCommand) catalogCommand);
        }
        if (catalogCommand instanceof DropIndexCommand) {
            return handleDropIndex((DropIndexCommand) catalogCommand);
        }
        if (catalogCommand instanceof CreateZoneCommand) {
            return handleCreateZone((CreateZoneCommand) catalogCommand);
        }
        if (catalogCommand instanceof RenameZoneCommand) {
            return handleRenameZone((RenameZoneCommand) catalogCommand);
        }
        if (catalogCommand instanceof AlterZoneCommand) {
            return handleAlterZone((AlterZoneCommand) catalogCommand);
        }
        if (catalogCommand instanceof AlterZoneSetDefaultCommand) {
            return handleAlterZone((AlterZoneSetDefaultCommand) catalogCommand);
        }
        if (catalogCommand instanceof DropZoneCommand) {
            return handleDropZone((DropZoneCommand) catalogCommand);
        }
        if (catalogCommand instanceof AlterTableDropSecondaryZoneCommand) {
            return handleAlterDropSecondaryZone((AlterTableDropSecondaryZoneCommand) catalogCommand);
        }
        if (catalogCommand instanceof CreateSequenceCommand) {
            return handleCreateSequence((CreateSequenceCommand) catalogCommand);
        }
        if (catalogCommand instanceof DropSequenceCommand) {
            return handleDropSequence((DropSequenceCommand) catalogCommand);
        }
        if (catalogCommand instanceof AlterSequenceCommand) {
            return handleAlterSequence((AlterSequenceCommand) catalogCommand);
        }
        if (!(catalogCommand instanceof CreateUserCommand) && !(catalogCommand instanceof DropUserCommand) && !(catalogCommand instanceof CreateRoleCommand) && !(catalogCommand instanceof DropRoleCommand) && !(catalogCommand instanceof AssignRolesCommand) && !(catalogCommand instanceof RevokeRolesCommand) && !(catalogCommand instanceof PrivilegesCommand)) {
            return CompletableFuture.failedFuture(new SqlException(ErrorGroups.Sql.STMT_VALIDATION_ERR, "Unsupported DDL operation [cmdName=" + (catalogCommand == null ? null : catalogCommand.getClass().getSimpleName()) + "; cmd=\"" + catalogCommand + "\"]"));
        }
        return super.handle(catalogCommand);
    }

    private CompletableFuture<Boolean> handleCreateZone(CreateZoneCommand createZoneCommand) {
        return this.authorizer.authorizeThenCompose(Action.CREATE_DISTRIBUTION_ZONE, () -> {
            return super.handle(createZoneCommand);
        });
    }

    private CompletableFuture<Boolean> handleRenameZone(RenameZoneCommand renameZoneCommand) {
        return this.authorizer.authorizeThenCompose(Action.ALTER_DISTRIBUTION_ZONE, () -> {
            return super.handle(renameZoneCommand);
        });
    }

    private CompletableFuture<Boolean> handleAlterZone(AlterZoneCommand alterZoneCommand) {
        return this.authorizer.authorizeThenCompose(Action.ALTER_DISTRIBUTION_ZONE, () -> {
            return super.handle(alterZoneCommand);
        });
    }

    private CompletableFuture<Boolean> handleAlterZone(AlterZoneSetDefaultCommand alterZoneSetDefaultCommand) {
        return this.authorizer.authorizeThenCompose(Action.ALTER_DISTRIBUTION_ZONE, () -> {
            return super.handle(alterZoneSetDefaultCommand);
        });
    }

    private CompletableFuture<Boolean> handleDropZone(DropZoneCommand dropZoneCommand) {
        return this.authorizer.authorizeThenCompose(Action.DROP_DISTRIBUTION_ZONE, () -> {
            return super.handle(dropZoneCommand);
        });
    }

    private CompletableFuture<Boolean> handleCreateTable(CreateTableCommand createTableCommand) {
        HashSet hashSet = new HashSet();
        hashSet.add(getTablePrivilege(Action.CREATE_TABLE, createTableCommand));
        hashSet.addAll(getFunctionPrivileges(createTableCommand.columns()));
        return this.authorizer.authorizeThenCompose(hashSet, () -> {
            return super.handle(createTableCommand);
        });
    }

    private CompletableFuture<Boolean> handleDropTable(DropTableCommand dropTableCommand) {
        return this.authorizer.authorizeThenCompose(getTablePrivilege(Action.DROP_TABLE, dropTableCommand), () -> {
            return super.handle(dropTableCommand);
        });
    }

    private CompletableFuture<Boolean> handleAlterTableSetExpire(AlterTableSetExpireCommand alterTableSetExpireCommand) {
        return this.authorizer.authorizeThenCompose(getTablePrivilege(Action.ALTER_TABLE, alterTableSetExpireCommand), () -> {
            return super.handle(alterTableSetExpireCommand);
        });
    }

    private CompletableFuture<Boolean> handleAlterTableDropExpire(AlterTableDropExpireCommand alterTableDropExpireCommand) {
        return this.authorizer.authorizeThenCompose(getTablePrivilege(Action.ALTER_TABLE, alterTableDropExpireCommand), () -> {
            return super.handle(alterTableDropExpireCommand);
        });
    }

    private CompletableFuture<Boolean> handleAlterAddColumn(AlterTableAddColumnCommand alterTableAddColumnCommand) {
        return this.authorizer.authorizeThenCompose(getTablePrivilege(Action.ALTER_TABLE, alterTableAddColumnCommand), () -> {
            return super.handle(alterTableAddColumnCommand);
        });
    }

    private CompletableFuture<Boolean> handleAlterDropColumn(AlterTableDropColumnCommand alterTableDropColumnCommand) {
        return this.authorizer.authorizeThenCompose(getTablePrivilege(Action.ALTER_TABLE, alterTableDropColumnCommand), () -> {
            return super.handle(alterTableDropColumnCommand);
        });
    }

    private CompletableFuture<Boolean> handleAlterColumn(AlterTableAlterColumnCommand alterTableAlterColumnCommand) {
        return this.authorizer.authorizeThenCompose(getTablePrivilege(Action.ALTER_TABLE, alterTableAlterColumnCommand), () -> {
            return super.handle(alterTableAlterColumnCommand);
        });
    }

    private CompletableFuture<Boolean> handleCreateIndex(AbstractCreateIndexCommand abstractCreateIndexCommand) {
        return this.authorizer.authorizeThenCompose(Privilege.builder().action(Action.CREATE_INDEX).selector(Selector.table(abstractCreateIndexCommand.schemaName(), abstractCreateIndexCommand.indexName())).build(), () -> {
            return super.handle(abstractCreateIndexCommand);
        });
    }

    private CompletableFuture<Boolean> handleDropIndex(DropIndexCommand dropIndexCommand) {
        return this.authorizer.authorizeThenCompose(Privilege.builder().action(Action.DROP_INDEX).selector(Selector.table(dropIndexCommand.schemaName(), dropIndexCommand.indexName())).build(), () -> {
            return super.handle(dropIndexCommand);
        });
    }

    private CompletableFuture<Boolean> handleAlterDropSecondaryZone(AlterTableDropSecondaryZoneCommand alterTableDropSecondaryZoneCommand) {
        return this.authorizer.authorizeThenCompose(getTablePrivilege(Action.ALTER_TABLE, alterTableDropSecondaryZoneCommand), () -> {
            return super.handle(alterTableDropSecondaryZoneCommand);
        });
    }

    private CompletableFuture<Boolean> handleCreateSequence(CreateSequenceCommand createSequenceCommand) {
        return this.authorizer.authorizeThenCompose(getSequencePrivilege(Action.CREATE_SEQUENCE, createSequenceCommand), () -> {
            return super.handle(createSequenceCommand);
        });
    }

    private CompletableFuture<Boolean> handleAlterSequence(AlterSequenceCommand alterSequenceCommand) {
        return this.authorizer.authorizeThenCompose(getSequencePrivilege(Action.ALTER_SEQUENCE, alterSequenceCommand), () -> {
            return super.handle(alterSequenceCommand);
        });
    }

    private CompletableFuture<Boolean> handleDropSequence(DropSequenceCommand dropSequenceCommand) {
        return this.authorizer.authorizeThenCompose(getSequencePrivilege(Action.DROP_SEQUENCE, dropSequenceCommand), () -> {
            return super.handle(dropSequenceCommand);
        });
    }

    private static Privilege getTablePrivilege(Action action, AbstractTableCommand abstractTableCommand) {
        return Privilege.builder().action(action).selector(Selector.table(abstractTableCommand.schemaName(), abstractTableCommand.tableName())).build();
    }

    private static Privilege getSequencePrivilege(Action action, AbstractSequenceCommand abstractSequenceCommand) {
        return Privilege.builder().action(action).selector(Selector.sequence(abstractSequenceCommand.schemaName(), abstractSequenceCommand.sequenceName())).build();
    }

    private static List<Privilege> getFunctionPrivileges(List<ColumnParams> list) {
        ArrayList arrayList = new ArrayList(list.size());
        for (ColumnParams columnParams : list) {
            if (columnParams.defaultValueDefinition() instanceof DefaultValue.FunctionCall) {
                DefaultValue.FunctionCall defaultValueDefinition = columnParams.defaultValueDefinition();
                if (GridgainSqlOperatorTable.NEXTVAL.getName().equalsIgnoreCase(defaultValueDefinition.functionName())) {
                    arrayList.add(Privilege.builder().action(Action.USE_SEQUENCE).selector(Selector.sequence((String) defaultValueDefinition.parameters().get(1))).build());
                }
            }
        }
        return arrayList;
    }
}
