package com.appiancorp.recordlevelsecurity.service;

import com.appian.data.client.DataClient;
import com.appian.data.client.Query;
import com.appiancorp.core.expr.portable.string.Strings;
import com.appiancorp.record.data.recordloaders.SyncSchemaHelper;
import com.appiancorp.record.domain.ReadOnlyRecordReplicaAttributesMetadata;
import com.appiancorp.record.domain.ReadOnlyReplicaMetadata;
import com.appiancorp.record.domain.SupportsReadOnlyReplicatedRecordType;
import com.appiancorp.record.query.AdsQueryOptionsGenerator;
import com.appiancorp.record.recordlevelsecurity.RecordSecurityRuntimeFilterCreator;
import com.appiancorp.record.recordlevelsecurity.service.RecordLevelSecurityService;
import com.appiancorp.record.recordlevelsecurity.service.SecurityPolicyAttributeProvider;
import com.appiancorp.record.replica.RecordReplicaStatus;
import com.appiancorp.record.replica.RecordReplicaSystemAttributes;
import com.appiancorp.record.service.ContextSpecificRunner;
import com.appiancorp.record.service.ReplicaMetadataService;
import com.appiancorp.recordlevelsecurity.externaldependents.generated._RlsConstant;
import com.appiancorp.tracing.CloseableSpan;
import com.appiancorp.tracing.TracingHelper;
import com.appiancorp.types.ads.AttrRef;
import com.google.common.collect.ImmutableList;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/appiancorp/recordlevelsecurity/service/RecordLevelSecurityServiceImpl.class */
public class RecordLevelSecurityServiceImpl implements RecordLevelSecurityService {
    public static final String SECURITY_POLICY_NAME_SUFFIX = "RowLevelSecurity";
    private final DataClient dataClient;
    ReplicaMetadataService replicaMetadataService;
    private final RecordSecurityRuntimeFilterCreator securityFilterCreator;
    private final ContextSpecificRunner contextSpecificRunner;
    private final SecurityPolicyAttributeProvider securityPolicyAttributeProvider;
    private final AdsQueryOptionsGenerator adsQueryOptionsGenerator;
    private static final Logger LOG = Logger.getLogger(RecordLevelSecurityServiceImpl.class);
    public static final Object FAILED_SECURITY_POLICY = ImmutableList.of("fail");

    public RecordLevelSecurityServiceImpl(DataClient dataClient, ReplicaMetadataService replicaMetadataService, RecordSecurityRuntimeFilterCreator recordSecurityRuntimeFilterCreator, ContextSpecificRunner contextSpecificRunner, SecurityPolicyAttributeProvider securityPolicyAttributeProvider, AdsQueryOptionsGenerator adsQueryOptionsGenerator) {
        this.dataClient = dataClient;
        this.replicaMetadataService = replicaMetadataService;
        this.securityFilterCreator = recordSecurityRuntimeFilterCreator;
        this.contextSpecificRunner = contextSpecificRunner;
        this.securityPolicyAttributeProvider = securityPolicyAttributeProvider;
        this.adsQueryOptionsGenerator = adsQueryOptionsGenerator;
    }

    public List<Object> getRecordLevelSecurityPolicyDescriptors(SupportsReadOnlyReplicatedRecordType supportsReadOnlyReplicatedRecordType, String str, Long l) {
        CloseableSpan createDebugCloseableSpan = TracingHelper.createDebugCloseableSpan("RecordLevelSecurityService#getRecordLevelSecurityPolicyDescriptors");
        Throwable th = null;
        try {
            try {
                List<Object> recordLevelSecurityPolicyDescriptors = getRecordLevelSecurityPolicyDescriptors(supportsReadOnlyReplicatedRecordType, str, l, getSecurityPolicyFilter(supportsReadOnlyReplicatedRecordType));
                if (createDebugCloseableSpan != null) {
                    if (0 != 0) {
                        try {
                            createDebugCloseableSpan.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        createDebugCloseableSpan.close();
                    }
                }
                return recordLevelSecurityPolicyDescriptors;
            } finally {
            }
        } catch (Throwable th3) {
            if (createDebugCloseableSpan != null) {
                if (th != null) {
                    try {
                        createDebugCloseableSpan.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    createDebugCloseableSpan.close();
                }
            }
            throw th3;
        }
    }

    private List<Object> getRecordLevelSecurityPolicyDescriptors(SupportsReadOnlyReplicatedRecordType supportsReadOnlyReplicatedRecordType, String str, Long l, Object obj) {
        Map attributesCommonToAllReplicaSchemaObjects = RecordReplicaSystemAttributes.getAttributesCommonToAllReplicaSchemaObjects(supportsReadOnlyReplicatedRecordType.getUuid(), l, l == null ? RecordReplicaStatus.LIVE : RecordReplicaStatus.SHADOW);
        Long securityPolicyAttrId = getSecurityPolicyAttrId(str);
        ArrayList arrayList = new ArrayList(2);
        LinkedHashMap linkedHashMap = new LinkedHashMap(attributesCommonToAllReplicaSchemaObjects);
        linkedHashMap.put(_RlsConstant.ID_ALIAS, -10L);
        linkedHashMap.put("secPolicyAttr", securityPolicyAttrId);
        linkedHashMap.put("secPolicyName", getRecordTypeRecordLevelSecurityName(supportsReadOnlyReplicatedRecordType));
        linkedHashMap.put("secPolicyExpr", obj);
        arrayList.add(linkedHashMap);
        LinkedHashMap linkedHashMap2 = new LinkedHashMap(attributesCommonToAllReplicaSchemaObjects);
        linkedHashMap2.put(_RlsConstant.ID_ALIAS, securityPolicyAttrId);
        linkedHashMap2.put("attrDefaultReadSecPolicy", -10L);
        arrayList.add(linkedHashMap2);
        return arrayList;
    }

    public Object getSecurityPolicyFilterAsAdmin(SupportsReadOnlyReplicatedRecordType supportsReadOnlyReplicatedRecordType) {
        return this.contextSpecificRunner.run(() -> {
            return getSecurityPolicyFilter(supportsReadOnlyReplicatedRecordType);
        });
    }

    private Object getSecurityPolicyFilter(SupportsReadOnlyReplicatedRecordType supportsReadOnlyReplicatedRecordType) {
        try {
            return this.securityFilterCreator.getRuntimeSecurityFilters(supportsReadOnlyReplicatedRecordType);
        } catch (Exception e) {
            logConversionError(supportsReadOnlyReplicatedRecordType, e);
            return FAILED_SECURITY_POLICY;
        }
    }

    public void updateRecordViewerSecurityPolicyAsAdmin(SupportsReadOnlyReplicatedRecordType supportsReadOnlyReplicatedRecordType) {
        CloseableSpan createDebugCloseableSpan = TracingHelper.createDebugCloseableSpan("RecordLevelSecurityService#updateRecordViewerSecurityPolicyAsAdmin");
        Throwable th = null;
        try {
            try {
                this.contextSpecificRunner.runVoid(() -> {
                    updateRecordViewerSecurityPolicy(supportsReadOnlyReplicatedRecordType, getSecurityPolicyFilter(supportsReadOnlyReplicatedRecordType));
                });
                if (createDebugCloseableSpan != null) {
                    if (0 == 0) {
                        createDebugCloseableSpan.close();
                        return;
                    }
                    try {
                        createDebugCloseableSpan.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createDebugCloseableSpan != null) {
                if (th != null) {
                    try {
                        createDebugCloseableSpan.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createDebugCloseableSpan.close();
                }
            }
            throw th4;
        }
    }

    public void invalidateRecordViewSecurityPolicyAsAdmin(SupportsReadOnlyReplicatedRecordType supportsReadOnlyReplicatedRecordType) {
        CloseableSpan createDebugCloseableSpan = TracingHelper.createDebugCloseableSpan("RecordLevelSecurityService#invalidateRecordViewerSecurityPolicyAsAdmin");
        Throwable th = null;
        try {
            try {
                this.contextSpecificRunner.runVoid(() -> {
                    updateRecordViewerSecurityPolicy(supportsReadOnlyReplicatedRecordType, FAILED_SECURITY_POLICY);
                });
                if (createDebugCloseableSpan != null) {
                    if (0 == 0) {
                        createDebugCloseableSpan.close();
                        return;
                    }
                    try {
                        createDebugCloseableSpan.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createDebugCloseableSpan != null) {
                if (th != null) {
                    try {
                        createDebugCloseableSpan.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createDebugCloseableSpan.close();
                }
            }
            throw th4;
        }
    }

    public String writeRecordViewerSecurityPolicy(List<Object> list, Long l) {
        if (list.isEmpty()) {
            return null;
        }
        CloseableSpan createDebugCloseableSpan = TracingHelper.createDebugCloseableSpan("RecordLevelSecurityService#writeRecordViewerSecurityPolicy");
        Throwable th = null;
        try {
            try {
                String resolvedUuid = this.dataClient.write(list, this.adsQueryOptionsGenerator.generateOptionsForWrite(l)).getResolvedUuid(-10L);
                if (createDebugCloseableSpan != null) {
                    if (0 != 0) {
                        try {
                            createDebugCloseableSpan.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        createDebugCloseableSpan.close();
                    }
                }
                return resolvedUuid;
            } finally {
            }
        } catch (Throwable th3) {
            if (createDebugCloseableSpan != null) {
                if (th != null) {
                    try {
                        createDebugCloseableSpan.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    createDebugCloseableSpan.close();
                }
            }
            throw th3;
        }
    }

    public Object getSecurityPolicyFromAds(SupportsReadOnlyReplicatedRecordType supportsReadOnlyReplicatedRecordType) {
        ReadOnlyReplicaMetadata replicaMetadata = this.replicaMetadataService.getReplicaMetadata(supportsReadOnlyReplicatedRecordType.getUuid());
        if (replicaMetadata == null || replicaMetadata.getSecurityPolicyUuid() == null) {
            LOG.debug(String.format("Could not retrieve security policy for record type %s with missing replica metadata", supportsReadOnlyReplicatedRecordType.getUuid()));
            return null;
        }
        String securityPolicyUuid = replicaMetadata.getSecurityPolicyUuid();
        Query project = Query.searchSpace("SecurityPolicy").filter(Query.Filter.eq(AttrRef.of(_RlsConstant.UUID_ALIAS), securityPolicyUuid)).project("secPolicyExpr");
        List list = (List) this.contextSpecificRunner.run(() -> {
            return this.dataClient.query(project);
        });
        if (!list.isEmpty()) {
            return ((Map) list.get(0)).get("secPolicyExpr");
        }
        LOG.debug(String.format("Did not find any security policies in ADS for record type %s, securityPolicyUuid=%s", supportsReadOnlyReplicatedRecordType.getUuid(), securityPolicyUuid));
        return null;
    }

    protected void updateRecordViewerSecurityPolicy(SupportsReadOnlyReplicatedRecordType supportsReadOnlyReplicatedRecordType, Object obj) {
        ReadOnlyReplicaMetadata replicaMetadata = this.replicaMetadataService.getReplicaMetadata(supportsReadOnlyReplicatedRecordType.getUuid());
        String securityPolicyUuid = replicaMetadata.getSecurityPolicyUuid();
        ReadOnlyRecordReplicaAttributesMetadata attributesMetadataAsPojoReadOnly = replicaMetadata.getAttributesMetadataAsPojoReadOnly();
        if (attributesMetadataAsPojoReadOnly != null && Strings.isNullOrEmpty(securityPolicyUuid)) {
            writeRecordViewerSecurityPolicy(getRecordLevelSecurityPolicyDescriptors(supportsReadOnlyReplicatedRecordType, attributesMetadataAsPojoReadOnly.getIsLiveAdsAttributeUuid(), null, obj), null);
            return;
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(_RlsConstant.ID_ALIAS, securityPolicyUuid);
        linkedHashMap.put("secPolicyExpr", obj);
        this.dataClient.write(Collections.singletonList(linkedHashMap), this.adsQueryOptionsGenerator.generateOptionsForWrite((Long) null));
    }

    private String getRecordTypeRecordLevelSecurityName(SupportsReadOnlyReplicatedRecordType supportsReadOnlyReplicatedRecordType) {
        return SyncSchemaHelper.qualifiedDisplayName(supportsReadOnlyReplicatedRecordType, SECURITY_POLICY_NAME_SUFFIX);
    }

    public Long getSecurityPolicyAttrId(String str) {
        return this.securityPolicyAttributeProvider.getAttributeIdFromUuid(str);
    }

    private void logConversionError(SupportsReadOnlyReplicatedRecordType supportsReadOnlyReplicatedRecordType, Exception exc) {
        LOG.error(String.format("Error while converting security policy for RecordType[uuid=%s]. The security policy will be marked as invalid. Message: %s", supportsReadOnlyReplicatedRecordType.getUuid(), exc.getMessage()));
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("Unable to convert row level security json for RecordType[uuid=%s]: ", supportsReadOnlyReplicatedRecordType.getUuid()), exc);
        }
    }
}
