package org.apache.geode.cache.query.internal;

import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.Set;
import org.apache.geode.annotations.Immutable;
import org.apache.geode.cache.Cache;
import org.apache.geode.cache.query.internal.cq.CqService;
import org.apache.geode.cache.query.internal.cq.ServerCQ;
import org.apache.geode.cache.query.internal.xml.QueryMethodAuthorizerCreation;
import org.apache.geode.cache.query.security.JavaBeanAccessorMethodAuthorizer;
import org.apache.geode.cache.query.security.MethodInvocationAuthorizer;
import org.apache.geode.cache.query.security.RegExMethodAuthorizer;
import org.apache.geode.cache.query.security.RestrictedMethodAuthorizer;
import org.apache.geode.cache.query.security.UnrestrictedMethodAuthorizer;
import org.apache.geode.internal.ClassPathLoader;
import org.apache.geode.internal.cache.CacheService;
import org.apache.geode.internal.cache.InternalCache;
import org.apache.geode.logging.internal.log4j.api.LogService;
import org.apache.geode.management.internal.beans.CacheServiceMBeanBase;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:org/apache/geode/cache/query/internal/QueryConfigurationServiceImpl.class */
public class QueryConfigurationServiceImpl implements QueryConfigurationService {
    static final String NULL_CACHE_ERROR_MESSAGE = "Cache must not be null";
    private static final String UPDATE_ERROR_MESSAGE = "Exception while updating MethodInvocationAuthorizer.";
    public static final String INTERFACE_NOT_IMPLEMENTED_MESSAGE = "Provided method authorizer %S does not implement interface %S";
    public static final String CONTINUOUS_QUERIES_RUNNING_MESSAGE = "There are CQs running which might have method invocations not allowed by the new MethodInvocationAuthorizer, the update operation can not be completed on this member.";

    @Deprecated
    public final boolean ALLOW_UNTRUSTED_METHOD_INVOCATION = Boolean.parseBoolean(System.getProperty(ALLOW_UNTRUSTED_METHOD_INVOCATION_SYSTEM_PROPERTY));

    @Deprecated
    public static final String ALLOW_UNTRUSTED_METHOD_INVOCATION_SYSTEM_PROPERTY = "gemfire.QueryService.allowUntrustedMethodInvocation";
    public static final String DEPRECATION_WARNING = "The property gemfire.QueryService.allowUntrustedMethodInvocation is deprecated. Please use the UnrestrictedMethodAuthorizer implementation of MethodInvocationAuthorizer instead.";
    private MethodInvocationAuthorizer authorizer;
    private static final Logger logger = LogService.getLogger();

    @Immutable
    private static final MethodInvocationAuthorizer NO_OP_AUTHORIZER = new NoOpAuthorizer();

    /* loaded from: input_file:org/apache/geode/cache/query/internal/QueryConfigurationServiceImpl$NoOpAuthorizer.class */
    private static class NoOpAuthorizer implements MethodInvocationAuthorizer {
        private NoOpAuthorizer() {
        }

        @Override // org.apache.geode.cache.query.security.MethodInvocationAuthorizer
        public boolean authorize(Method method, Object obj) {
            return true;
        }
    }

    public static MethodInvocationAuthorizer getNoOpAuthorizer() {
        return NO_OP_AUTHORIZER;
    }

    @Override // org.apache.geode.internal.cache.CacheService
    public boolean init(Cache cache) {
        if (cache == null) {
            throw new IllegalArgumentException(NULL_CACHE_ERROR_MESSAGE);
        }
        if (System.getProperty(ALLOW_UNTRUSTED_METHOD_INVOCATION_SYSTEM_PROPERTY) != null) {
            logger.warn(DEPRECATION_WARNING);
        }
        if (isSecurityDisabled((InternalCache) cache) || this.ALLOW_UNTRUSTED_METHOD_INVOCATION) {
            this.authorizer = NO_OP_AUTHORIZER;
            return true;
        }
        this.authorizer = new RestrictedMethodAuthorizer(cache);
        return true;
    }

    @Override // org.apache.geode.internal.cache.CacheService
    public Class<? extends CacheService> getInterface() {
        return QueryConfigurationService.class;
    }

    @Override // org.apache.geode.internal.cache.CacheService
    public CacheServiceMBeanBase getMBean() {
        return null;
    }

    @Override // org.apache.geode.internal.cache.CacheService
    public void close() {
    }

    @Override // org.apache.geode.cache.query.internal.QueryConfigurationService
    public MethodInvocationAuthorizer getMethodAuthorizer() {
        return this.authorizer;
    }

    @Override // org.apache.geode.cache.query.internal.QueryConfigurationService
    public void updateMethodAuthorizer(Cache cache, boolean z, QueryMethodAuthorizerCreation queryMethodAuthorizerCreation) throws QueryConfigurationServiceException {
        updateMethodAuthorizer(cache, z, queryMethodAuthorizerCreation.getClassName(), queryMethodAuthorizerCreation.getParameters());
    }

    private boolean isSecurityDisabled(InternalCache internalCache) {
        return !internalCache.getSecurityService().isIntegratedSecurity();
    }

    private void invalidateContinuousQueryCache(CqService cqService) {
        cqService.getAllCqs().forEach(internalCqQuery -> {
            ((ServerCQ) internalCqQuery).invalidateCqResultKeys();
        });
    }

    @Override // org.apache.geode.cache.query.internal.QueryConfigurationService
    public void updateMethodAuthorizer(Cache cache, boolean z, String str, Set<String> set) throws QueryConfigurationServiceException {
        if (isSecurityDisabled((InternalCache) cache) || this.ALLOW_UNTRUSTED_METHOD_INVOCATION) {
            return;
        }
        CqService cqService = ((InternalCache) cache).getCqService();
        if (!cqService.getAllCqs().isEmpty() && !z) {
            throw new QueryConfigurationServiceException(CONTINUOUS_QUERIES_RUNNING_MESSAGE);
        }
        try {
            if (str.equals(RestrictedMethodAuthorizer.class.getName())) {
                this.authorizer = new RestrictedMethodAuthorizer(cache);
            } else if (str.equals(UnrestrictedMethodAuthorizer.class.getName())) {
                this.authorizer = new UnrestrictedMethodAuthorizer(cache);
            } else if (str.equals(JavaBeanAccessorMethodAuthorizer.class.getName())) {
                this.authorizer = new JavaBeanAccessorMethodAuthorizer(cache, set);
            } else if (str.equals(RegExMethodAuthorizer.class.getName())) {
                this.authorizer = new RegExMethodAuthorizer(cache, set);
            } else {
                Class<?> forName = ClassPathLoader.getLatest().forName(str);
                if (!Arrays.asList(forName.getInterfaces()).contains(MethodInvocationAuthorizer.class)) {
                    throw new QueryConfigurationServiceException(String.format(INTERFACE_NOT_IMPLEMENTED_MESSAGE, forName.getName(), MethodInvocationAuthorizer.class.getName()));
                }
                MethodInvocationAuthorizer methodInvocationAuthorizer = (MethodInvocationAuthorizer) forName.newInstance();
                methodInvocationAuthorizer.initialize(cache, set);
                this.authorizer = methodInvocationAuthorizer;
            }
            invalidateContinuousQueryCache(cqService);
        } catch (Exception e) {
            throw new QueryConfigurationServiceException(UPDATE_ERROR_MESSAGE, e);
        }
    }
}
