package org.apache.ignite.internal.sql.engine.exec.ddl;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.Function;
import org.apache.ignite.internal.catalog.CatalogApplyResult;
import org.apache.ignite.internal.catalog.CatalogCommand;
import org.apache.ignite.internal.catalog.CatalogManager;
import org.apache.ignite.internal.catalog.commands.AbstractCacheCommand;
import org.apache.ignite.internal.catalog.commands.AbstractCreateIndexCommand;
import org.apache.ignite.internal.catalog.commands.AbstractSequenceCommand;
import org.apache.ignite.internal.catalog.commands.AbstractTableCommand;
import org.apache.ignite.internal.catalog.commands.AlterCacheDropExpireCommand;
import org.apache.ignite.internal.catalog.commands.AlterCacheSetExpireCommand;
import org.apache.ignite.internal.catalog.commands.AlterSequenceCommand;
import org.apache.ignite.internal.catalog.commands.AlterTableAddColumnCommand;
import org.apache.ignite.internal.catalog.commands.AlterTableAlterColumnCommand;
import org.apache.ignite.internal.catalog.commands.AlterTableDropColumnCommand;
import org.apache.ignite.internal.catalog.commands.AlterTableDropExpireCommand;
import org.apache.ignite.internal.catalog.commands.AlterTableDropSecondaryZoneCommand;
import org.apache.ignite.internal.catalog.commands.AlterTableSetExpireCommand;
import org.apache.ignite.internal.catalog.commands.AlterZoneCommand;
import org.apache.ignite.internal.catalog.commands.AlterZoneSetDefaultCommand;
import org.apache.ignite.internal.catalog.commands.ColumnParams;
import org.apache.ignite.internal.catalog.commands.CreateCacheCommand;
import org.apache.ignite.internal.catalog.commands.CreateSchemaCommand;
import org.apache.ignite.internal.catalog.commands.CreateSequenceCommand;
import org.apache.ignite.internal.catalog.commands.CreateTableCommand;
import org.apache.ignite.internal.catalog.commands.CreateZoneCommand;
import org.apache.ignite.internal.catalog.commands.DefaultValue;
import org.apache.ignite.internal.catalog.commands.DropCacheCommand;
import org.apache.ignite.internal.catalog.commands.DropIndexCommand;
import org.apache.ignite.internal.catalog.commands.DropSchemaCommand;
import org.apache.ignite.internal.catalog.commands.DropSequenceCommand;
import org.apache.ignite.internal.catalog.commands.DropTableCommand;
import org.apache.ignite.internal.catalog.commands.DropZoneCommand;
import org.apache.ignite.internal.catalog.commands.RenameZoneCommand;
import org.apache.ignite.internal.hlc.ClockService;
import org.apache.ignite.internal.sql.engine.sql.fun.GridgainSqlOperatorTable;
import org.apache.ignite.internal.util.CompletableFutures;
import org.gridgain.internal.license.LicenseFeatureChecker;
import org.gridgain.internal.rbac.Rbac;
import org.gridgain.internal.rbac.authorization.Authorizer;
import org.gridgain.internal.rbac.privileges.Action;
import org.gridgain.internal.rbac.privileges.Privilege;
import org.gridgain.internal.rbac.privileges.Selector;

/* loaded from: input_file:org/apache/ignite/internal/sql/engine/exec/ddl/SecuredDdlCommandHandler.class */
public class SecuredDdlCommandHandler extends DdlCommandHandler {
    private final Authorizer authorizer;

    public SecuredDdlCommandHandler(CatalogManager catalogManager, Rbac rbac, ClockService clockService, LicenseFeatureChecker licenseFeatureChecker) {
        super(catalogManager, clockService, licenseFeatureChecker);
        this.authorizer = rbac.authorizer();
    }

    @Override // org.apache.ignite.internal.sql.engine.exec.ddl.DdlCommandHandler
    public CompletableFuture<CatalogApplyResult> handle(List<CatalogCommand> list) {
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<CatalogCommand> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(authorizeThenCompose(it.next(), catalogCommand -> {
                return CompletableFutures.nullCompletedFuture();
            }));
        }
        return CompletableFutures.allOf(arrayList).thenCompose(r5 -> {
            return super.handle((List<CatalogCommand>) list);
        });
    }

    @Override // org.apache.ignite.internal.sql.engine.exec.ddl.DdlCommandHandler
    public CompletableFuture<CatalogApplyResult> handle(CatalogCommand catalogCommand) {
        Objects.requireNonNull(catalogCommand, "cmd");
        return authorizeThenCompose(catalogCommand, catalogCommand2 -> {
            return super.handle(catalogCommand2);
        });
    }

    private <T> CompletableFuture<T> authorizeThenCompose(CatalogCommand catalogCommand, Function<CatalogCommand, CompletableFuture<T>> function) {
        CompletableFuture<Void> authorizeAlterCacheDropExpire;
        if (catalogCommand instanceof CreateSchemaCommand) {
            authorizeAlterCacheDropExpire = authorizeCreateSchema((CreateSchemaCommand) catalogCommand);
        } else if (catalogCommand instanceof DropSchemaCommand) {
            authorizeAlterCacheDropExpire = authorizeDropSchema((DropSchemaCommand) catalogCommand);
        } else if (catalogCommand instanceof CreateTableCommand) {
            authorizeAlterCacheDropExpire = authorizeCreateTable((CreateTableCommand) catalogCommand);
        } else if (catalogCommand instanceof DropTableCommand) {
            authorizeAlterCacheDropExpire = authorizeDropTable((DropTableCommand) catalogCommand);
        } else if (catalogCommand instanceof AlterTableAddColumnCommand) {
            authorizeAlterCacheDropExpire = authorizeAlterAddColumn((AlterTableAddColumnCommand) catalogCommand);
        } else if (catalogCommand instanceof AlterTableDropColumnCommand) {
            authorizeAlterCacheDropExpire = authorizeAlterDropColumn((AlterTableDropColumnCommand) catalogCommand);
        } else if (catalogCommand instanceof AlterTableSetExpireCommand) {
            authorizeAlterCacheDropExpire = authorizeAlterTableSetExpire((AlterTableSetExpireCommand) catalogCommand);
        } else if (catalogCommand instanceof AlterTableDropExpireCommand) {
            authorizeAlterCacheDropExpire = authorizeAlterTableDropExpire((AlterTableDropExpireCommand) catalogCommand);
        } else if (catalogCommand instanceof AlterTableAlterColumnCommand) {
            authorizeAlterCacheDropExpire = authorizeAlterColumn((AlterTableAlterColumnCommand) catalogCommand);
        } else if (catalogCommand instanceof AbstractCreateIndexCommand) {
            authorizeAlterCacheDropExpire = authorizeCreateIndex((AbstractCreateIndexCommand) catalogCommand);
        } else if (catalogCommand instanceof DropIndexCommand) {
            authorizeAlterCacheDropExpire = authorizeDropIndex((DropIndexCommand) catalogCommand);
        } else if (catalogCommand instanceof CreateZoneCommand) {
            authorizeAlterCacheDropExpire = authorizeCreateZone();
        } else if (catalogCommand instanceof RenameZoneCommand) {
            authorizeAlterCacheDropExpire = authorizeAlterZone();
        } else if (catalogCommand instanceof AlterZoneCommand) {
            authorizeAlterCacheDropExpire = authorizeAlterZone();
        } else if (catalogCommand instanceof AlterZoneSetDefaultCommand) {
            authorizeAlterCacheDropExpire = authorizeAlterZone();
        } else if (catalogCommand instanceof DropZoneCommand) {
            authorizeAlterCacheDropExpire = authorizeDropZone();
        } else if (catalogCommand instanceof AlterTableDropSecondaryZoneCommand) {
            authorizeAlterCacheDropExpire = authorizeAlterDropSecondaryZone((AlterTableDropSecondaryZoneCommand) catalogCommand);
        } else if (catalogCommand instanceof CreateSequenceCommand) {
            authorizeAlterCacheDropExpire = authorizeCreateSequence((CreateSequenceCommand) catalogCommand);
        } else if (catalogCommand instanceof DropSequenceCommand) {
            authorizeAlterCacheDropExpire = authorizeDropSequence((DropSequenceCommand) catalogCommand);
        } else if (catalogCommand instanceof AlterSequenceCommand) {
            authorizeAlterCacheDropExpire = authorizeAlterSequence((AlterSequenceCommand) catalogCommand);
        } else if (catalogCommand instanceof CreateCacheCommand) {
            authorizeAlterCacheDropExpire = authorizeCreateCache((CreateCacheCommand) catalogCommand);
        } else if (catalogCommand instanceof DropCacheCommand) {
            authorizeAlterCacheDropExpire = authorizeDropCache((DropCacheCommand) catalogCommand);
        } else if (catalogCommand instanceof AlterCacheSetExpireCommand) {
            authorizeAlterCacheDropExpire = authorizeAlterCacheSetExpire((AlterCacheSetExpireCommand) catalogCommand);
        } else {
            if (!(catalogCommand instanceof AlterCacheDropExpireCommand)) {
                throw new UnsupportedOperationException("Unsupported command: " + catalogCommand.getClass().getCanonicalName());
            }
            authorizeAlterCacheDropExpire = authorizeAlterCacheDropExpire((AlterCacheDropExpireCommand) catalogCommand);
        }
        return (CompletableFuture<T>) authorizeAlterCacheDropExpire.thenCompose(r5 -> {
            return (CompletionStage) function.apply(catalogCommand);
        });
    }

    private CompletableFuture<Void> authorizeCreateZone() {
        return this.authorizer.authorizeAsync(Action.CREATE_DISTRIBUTION_ZONE);
    }

    private CompletableFuture<Void> authorizeAlterZone() {
        return this.authorizer.authorizeAsync(Action.ALTER_DISTRIBUTION_ZONE);
    }

    private CompletableFuture<Void> authorizeDropZone() {
        return this.authorizer.authorizeAsync(Action.DROP_DISTRIBUTION_ZONE);
    }

    private CompletableFuture<Void> authorizeCreateSchema(CreateSchemaCommand createSchemaCommand) {
        return this.authorizer.authorizeAsync(Privilege.builder().action(Action.CREATE_SCHEMA).selector(Selector.schema(createSchemaCommand.schemaName())).build());
    }

    private CompletableFuture<Void> authorizeDropSchema(DropSchemaCommand dropSchemaCommand) {
        return this.authorizer.authorizeAsync(Privilege.builder().action(Action.DROP_SCHEMA).selector(Selector.schema(dropSchemaCommand.schemaName())).build());
    }

    private CompletableFuture<Void> authorizeCreateTable(CreateTableCommand createTableCommand) {
        HashSet hashSet = new HashSet();
        hashSet.add(getTablePrivilege(Action.CREATE_TABLE, createTableCommand));
        hashSet.addAll(getFunctionPrivileges(createTableCommand.columns()));
        return this.authorizer.authorizeAsync(hashSet);
    }

    private CompletableFuture<Void> authorizeDropTable(DropTableCommand dropTableCommand) {
        return this.authorizer.authorizeAsync(getTablePrivilege(Action.DROP_TABLE, dropTableCommand));
    }

    private CompletableFuture<Void> authorizeAlterTableSetExpire(AlterTableSetExpireCommand alterTableSetExpireCommand) {
        return this.authorizer.authorizeAsync(getTablePrivilege(Action.ALTER_TABLE, alterTableSetExpireCommand));
    }

    private CompletableFuture<Void> authorizeAlterTableDropExpire(AlterTableDropExpireCommand alterTableDropExpireCommand) {
        return this.authorizer.authorizeAsync(getTablePrivilege(Action.ALTER_TABLE, alterTableDropExpireCommand));
    }

    private CompletableFuture<Void> authorizeAlterAddColumn(AlterTableAddColumnCommand alterTableAddColumnCommand) {
        return this.authorizer.authorizeAsync(getTablePrivilege(Action.ALTER_TABLE, alterTableAddColumnCommand));
    }

    private CompletableFuture<Void> authorizeAlterDropColumn(AlterTableDropColumnCommand alterTableDropColumnCommand) {
        return this.authorizer.authorizeAsync(getTablePrivilege(Action.ALTER_TABLE, alterTableDropColumnCommand));
    }

    private CompletableFuture<Void> authorizeAlterColumn(AlterTableAlterColumnCommand alterTableAlterColumnCommand) {
        return this.authorizer.authorizeAsync(getTablePrivilege(Action.ALTER_TABLE, alterTableAlterColumnCommand));
    }

    private CompletableFuture<Void> authorizeCreateIndex(AbstractCreateIndexCommand abstractCreateIndexCommand) {
        return this.authorizer.authorizeAsync(Privilege.builder().action(Action.CREATE_INDEX).selector(Selector.table(abstractCreateIndexCommand.schemaName(), abstractCreateIndexCommand.indexName())).build());
    }

    private CompletableFuture<Void> authorizeDropIndex(DropIndexCommand dropIndexCommand) {
        return this.authorizer.authorizeAsync(Privilege.builder().action(Action.DROP_INDEX).selector(Selector.table(dropIndexCommand.schemaName(), dropIndexCommand.indexName())).build());
    }

    private CompletableFuture<Void> authorizeAlterDropSecondaryZone(AlterTableDropSecondaryZoneCommand alterTableDropSecondaryZoneCommand) {
        return this.authorizer.authorizeAsync(getTablePrivilege(Action.ALTER_TABLE, alterTableDropSecondaryZoneCommand));
    }

    private CompletableFuture<Void> authorizeCreateSequence(CreateSequenceCommand createSequenceCommand) {
        return this.authorizer.authorizeAsync(getSequencePrivilege(Action.CREATE_SEQUENCE, createSequenceCommand));
    }

    private CompletableFuture<Void> authorizeAlterSequence(AlterSequenceCommand alterSequenceCommand) {
        return this.authorizer.authorizeAsync(getSequencePrivilege(Action.ALTER_SEQUENCE, alterSequenceCommand));
    }

    private CompletableFuture<Void> authorizeDropSequence(DropSequenceCommand dropSequenceCommand) {
        return this.authorizer.authorizeAsync(getSequencePrivilege(Action.DROP_SEQUENCE, dropSequenceCommand));
    }

    private CompletableFuture<Void> authorizeCreateCache(CreateCacheCommand createCacheCommand) {
        HashSet hashSet = new HashSet();
        hashSet.add(getCachePrivilege(Action.CREATE_TABLE, createCacheCommand));
        hashSet.addAll(getFunctionPrivileges(createCacheCommand.columns()));
        return this.authorizer.authorizeAsync(hashSet);
    }

    private CompletableFuture<Void> authorizeDropCache(DropCacheCommand dropCacheCommand) {
        return this.authorizer.authorizeAsync(getCachePrivilege(Action.DROP_TABLE, dropCacheCommand));
    }

    private CompletableFuture<Void> authorizeAlterCacheSetExpire(AlterCacheSetExpireCommand alterCacheSetExpireCommand) {
        return this.authorizer.authorizeAsync(getCachePrivilege(Action.ALTER_TABLE, alterCacheSetExpireCommand));
    }

    private CompletableFuture<Void> authorizeAlterCacheDropExpire(AlterCacheDropExpireCommand alterCacheDropExpireCommand) {
        return this.authorizer.authorizeAsync(getCachePrivilege(Action.ALTER_TABLE, alterCacheDropExpireCommand));
    }

    private static Privilege getTablePrivilege(Action action, AbstractTableCommand abstractTableCommand) {
        return Privilege.builder().action(action).selector(Selector.table(abstractTableCommand.schemaName(), abstractTableCommand.tableName())).build();
    }

    private static Privilege getSequencePrivilege(Action action, AbstractSequenceCommand abstractSequenceCommand) {
        return Privilege.builder().action(action).selector(Selector.sequence(abstractSequenceCommand.schemaName(), abstractSequenceCommand.sequenceName())).build();
    }

    private static Privilege getCachePrivilege(Action action, AbstractCacheCommand abstractCacheCommand) {
        return Privilege.builder().action(action).selector(Selector.table(abstractCacheCommand.schemaName(), abstractCacheCommand.cacheName())).build();
    }

    private static List<Privilege> getFunctionPrivileges(List<ColumnParams> list) {
        ArrayList arrayList = new ArrayList(list.size());
        for (ColumnParams columnParams : list) {
            if (columnParams.defaultValueDefinition() instanceof DefaultValue.FunctionCall) {
                DefaultValue.FunctionCall defaultValueDefinition = columnParams.defaultValueDefinition();
                if (GridgainSqlOperatorTable.NEXTVAL.getName().equalsIgnoreCase(defaultValueDefinition.functionName())) {
                    arrayList.add(Privilege.builder().action(Action.USE_SEQUENCE).selector(Selector.sequence((String) defaultValueDefinition.parameters().get(1))).build());
                }
            }
        }
        return arrayList;
    }
}
