package org.ria.firewall;

import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.function.Supplier;
import org.ria.ScriptException;
import org.ria.value.Value;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ria/firewall/DefaultFirewall.class */
public class DefaultFirewall implements Firewall {
    private static final Logger log = LoggerFactory.getLogger(DefaultFirewall.class);
    private List<FieldRule> fieldRules = new ArrayList();
    private List<ConstructorRule> constructorRules = new ArrayList();
    private List<MethodRule> methodRules = new ArrayList();
    private RuleAction defaultFieldAction = RuleAction.ACCEPT;
    private RuleAction defaultConstructorAction = RuleAction.ACCEPT;
    private RuleAction defaultMethodAction = RuleAction.ACCEPT;

    private FieldRule match(Field field, FieldAccess fieldAccess) {
        if (this.fieldRules == null) {
            return null;
        }
        return this.fieldRules.stream().filter(fieldRule -> {
            return fieldRule.matches(field, fieldAccess);
        }).findFirst().orElse(null);
    }

    private Object checkAccess(Field field, FieldAccess fieldAccess, Supplier<Object> supplier) {
        FieldRule match = match(field, fieldAccess);
        RuleAction action = match != null ? match.getAction() : this.defaultFieldAction;
        if (RuleAction.ACCEPT.equals(action)) {
            return supplier.get();
        }
        if (RuleAction.DENY.equals(action)) {
            throw new AccessDeniedException("field '%s', access denied".formatted(field));
        }
        if (RuleAction.DROP.equals(action)) {
            log.debug("firewall drop action on field access '%s'".formatted(field));
            return null;
        }
        if (RuleAction.INTERCEPT.equals(action)) {
            throw new ScriptException("firewall action '%s' not implemeneted".formatted(action));
        }
        throw new ScriptException("firewall action '%s' not implemeneted".formatted(action));
    }

    private void setField(Field field, Object obj, Value value) throws IllegalArgumentException, IllegalAccessException {
        if (!value.isPrimitive()) {
            field.set(obj, value.val());
            return;
        }
        if (value.isDouble()) {
            field.setDouble(obj, value.toDouble());
            return;
        }
        if (value.isFloat()) {
            field.setFloat(obj, value.toFloat());
            return;
        }
        if (value.isLong()) {
            field.setLong(obj, value.toLong());
            return;
        }
        if (value.isInteger()) {
            field.setInt(obj, value.toInt());
            return;
        }
        if (value.isChar()) {
            field.setChar(obj, value.toChar());
        } else if (value.isByte()) {
            field.setByte(obj, value.toByte());
        } else {
            if (!value.isShort()) {
                throw new ScriptException("unsupported primitive type, " + value.type());
            }
            field.setShort(obj, value.toShort());
        }
    }

    @Override // org.ria.firewall.Firewall
    public void checkAndSet(Field field, Object obj, Value value) {
        checkAccess(field, FieldAccess.SET, () -> {
            try {
                setField(field, obj, value);
                return null;
            } catch (IllegalAccessException | IllegalArgumentException e) {
                throw new ScriptException("failed to set field '%s'".formatted(field.getName()), e);
            }
        });
    }

    @Override // org.ria.firewall.Firewall
    public Object checkAndGet(Field field, Object obj) {
        return checkAccess(field, FieldAccess.GET, () -> {
            try {
                return field.get(obj);
            } catch (IllegalAccessException | IllegalArgumentException e) {
                throw new ScriptException("failed to access field '%s'".formatted(field.getName()), e);
            }
        });
    }

    private ConstructorRule match(Constructor<?> constructor) {
        if (this.constructorRules == null) {
            return null;
        }
        return this.constructorRules.stream().filter(constructorRule -> {
            return constructorRule.matches(constructor);
        }).findFirst().orElse(null);
    }

    @Override // org.ria.firewall.Firewall
    public Object checkAndInvoke(Constructor<?> constructor, Object[] objArr) {
        ConstructorRule match = match(constructor);
        RuleAction action = match != null ? match.getAction() : this.defaultConstructorAction;
        if (RuleAction.ACCEPT.equals(action)) {
            try {
                return constructor.newInstance(objArr);
            } catch (IllegalAccessException | IllegalArgumentException | InstantiationException | InvocationTargetException e) {
                throw new ScriptException("constructor '%s' invocation failed".formatted(constructor), e);
            }
        }
        if (RuleAction.DENY.equals(action)) {
            throw new AccessDeniedException("constructor '%s', access denied".formatted(constructor));
        }
        if (RuleAction.DROP.equals(action)) {
            throw new ScriptException("firewall action drop not supported on constructor".formatted(action));
        }
        if (RuleAction.INTERCEPT.equals(action)) {
            throw new ScriptException("firewall action '%s' not implemeneted".formatted(action));
        }
        throw new ScriptException("firewall action '%s' not supported".formatted(action));
    }

    private MethodRule match(Method method) {
        if (this.methodRules == null) {
            return null;
        }
        return this.methodRules.stream().filter(methodRule -> {
            return methodRule.matches(method);
        }).findFirst().orElse(null);
    }

    @Override // org.ria.firewall.Firewall
    public Object checkAndInvoke(Method method, Object obj, Object[] objArr) {
        MethodRule match = match(method);
        RuleAction action = match != null ? match.getAction() : this.defaultMethodAction;
        if (RuleAction.ACCEPT.equals(action)) {
            try {
                return method.invoke(obj, objArr);
            } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
                throw new ScriptException("method '%s' invocation failed".formatted(method), e);
            }
        }
        if (RuleAction.DENY.equals(action)) {
            throw new AccessDeniedException("method '%s', access denied".formatted(method));
        }
        if (RuleAction.DROP.equals(action)) {
            return null;
        }
        if (RuleAction.INTERCEPT.equals(action)) {
            throw new ScriptException("firewall action '%s' not implemeneted".formatted(action));
        }
        throw new ScriptException("firewall action '%s' not supported".formatted(action));
    }

    public List<FieldRule> getFieldRules() {
        return this.fieldRules;
    }

    public DefaultFirewall setFieldRules(List<FieldRule> list) {
        if (list == null) {
            throw new ScriptException("fieldRules is null");
        }
        this.fieldRules = list;
        return this;
    }

    public RuleAction getDefaultFieldAction() {
        return this.defaultFieldAction;
    }

    public DefaultFirewall setDefaultFieldAction(RuleAction ruleAction) {
        if (ruleAction == null) {
            throw new ScriptException("defaultFieldAction is null");
        }
        this.defaultFieldAction = ruleAction;
        return this;
    }

    public RuleAction getDefaultConstructorAction() {
        return this.defaultConstructorAction;
    }

    public DefaultFirewall setDefaultConstructorAction(RuleAction ruleAction) {
        if (ruleAction == null) {
            throw new ScriptException("defaultConstructorAction is null");
        }
        this.defaultConstructorAction = ruleAction;
        return this;
    }

    public List<ConstructorRule> getConstructorRules() {
        return this.constructorRules;
    }

    public DefaultFirewall setConstructorRules(List<ConstructorRule> list) {
        this.constructorRules = list;
        return this;
    }

    public List<MethodRule> getMethodRules() {
        return this.methodRules;
    }

    public DefaultFirewall setMethodRules(List<MethodRule> list) {
        this.methodRules = list;
        return this;
    }

    public RuleAction getDefaultMethodAction() {
        return this.defaultMethodAction;
    }

    public DefaultFirewall setDefaultMethodAction(RuleAction ruleAction) {
        this.defaultMethodAction = ruleAction;
        return this;
    }

    public DefaultFirewall addFieldRule(Set<FieldAccess> set, String str, String str2, String str3, RuleAction ruleAction) {
        this.fieldRules.add(new SimpleFieldRule(set, str, str2, str3, ruleAction));
        return this;
    }

    public DefaultFirewall addConstructorRule(String str, String str2, RuleAction ruleAction) {
        this.constructorRules.add(new SimpleConstructorRule(str, str2, ruleAction));
        return this;
    }

    public DefaultFirewall addMethodRule(String str, String str2, String str3, RuleAction ruleAction) {
        this.methodRules.add(new SimpleMethodRule(str, str2, str3, ruleAction));
        return this;
    }
}
