package com.evolveum.midpoint.model.common.expression.script.groovy;

import com.evolveum.midpoint.common.LocalizationService;
import com.evolveum.midpoint.model.common.expression.script.AbstractCachingScriptEvaluator;
import com.evolveum.midpoint.model.common.expression.script.ScriptExpressionEvaluationContext;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.schema.AccessDecision;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.expression.ExpressionPermissionProfile;
import com.evolveum.midpoint.schema.expression.ScriptLanguageExpressionProfile;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import groovy.lang.Binding;
import groovy.lang.GString;
import groovy.lang.GroovyClassLoader;
import groovy.lang.GroovyRuntimeException;
import groovy.lang.Script;
import groovy.transform.CompileStatic;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.List;
import java.util.Map;
import org.codehaus.groovy.control.CompilerConfiguration;
import org.codehaus.groovy.control.MultipleCompilationErrorsException;
import org.codehaus.groovy.control.customizers.ASTTransformationCustomizer;
import org.codehaus.groovy.control.customizers.SecureASTCustomizer;
import org.codehaus.groovy.control.messages.Message;
import org.codehaus.groovy.control.messages.SyntaxErrorMessage;
import org.codehaus.groovy.runtime.InvokerHelper;
import org.codehaus.groovy.syntax.SyntaxException;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:BOOT-INF/lib/model-common-4.9.3.jar:com/evolveum/midpoint/model/common/expression/script/groovy/GroovyScriptEvaluator.class */
public class GroovyScriptEvaluator extends AbstractCachingScriptEvaluator<GroovyClassLoader, Class<?>> {
    public static final String LANGUAGE_NAME = "Groovy";
    private static final String LANGUAGE_URL = "http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy";
    static final String SANDBOX_ERROR_PREFIX = "[SANDBOX] ";

    @NotNull
    private static final ScriptLanguageExpressionProfile BUILTIN_GROOVY_LANGUAGE_PROFILE;

    public GroovyScriptEvaluator(PrismContext prismContext, Protector protector, LocalizationService localizationService) {
        super(prismContext, protector, localizationService);
    }

    @Override // com.evolveum.midpoint.model.common.expression.script.ScriptEvaluator
    public String getLanguageName() {
        return LANGUAGE_NAME;
    }

    @Override // com.evolveum.midpoint.model.common.expression.script.ScriptEvaluator
    @NotNull
    public String getLanguageUrl() {
        return LANGUAGE_URL;
    }

    @Override // com.evolveum.midpoint.model.common.expression.script.AbstractScriptEvaluator
    protected boolean doesSupportRestrictions() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.evolveum.midpoint.model.common.expression.script.AbstractCachingScriptEvaluator
    public Class<?> compileScript(String str, ScriptExpressionEvaluationContext scriptExpressionEvaluationContext) throws ExpressionEvaluationException, SecurityViolationException {
        try {
            return getGroovyLoader(scriptExpressionEvaluationContext).parseClass(str, scriptExpressionEvaluationContext.getContextDescription());
        } catch (MultipleCompilationErrorsException e) {
            String sandboxError = getSandboxError(e);
            if (sandboxError == null) {
                throw new ExpressionEvaluationException("Compilation error in %s: %s".formatted(scriptExpressionEvaluationContext.getContextDescription(), e.getMessage()), serializationSafeThrowable(e));
            }
            throw new SecurityViolationException("Denied access to functionality of script in %s: %s".formatted(scriptExpressionEvaluationContext.getContextDescription(), sandboxError), serializationSafeThrowable(e));
        } catch (Throwable th) {
            throw new ExpressionEvaluationException("Unexpected error during compilation of script in %s: %s".formatted(scriptExpressionEvaluationContext.getContextDescription(), th.getMessage()), serializationSafeThrowable(th));
        }
    }

    private GroovyClassLoader getGroovyLoader(ScriptExpressionEvaluationContext scriptExpressionEvaluationContext) throws SecurityViolationException {
        GroovyClassLoader interpreter = getScriptCache().getInterpreter(scriptExpressionEvaluationContext.getExpressionProfile());
        if (interpreter != null) {
            return interpreter;
        }
        GroovyClassLoader createGroovyLoader = createGroovyLoader(scriptExpressionEvaluationContext);
        getScriptCache().putInterpreter(scriptExpressionEvaluationContext.getExpressionProfile(), createGroovyLoader);
        return createGroovyLoader;
    }

    private GroovyClassLoader createGroovyLoader(ScriptExpressionEvaluationContext scriptExpressionEvaluationContext) throws SecurityViolationException {
        CompilerConfiguration compilerConfiguration = new CompilerConfiguration(CompilerConfiguration.DEFAULT);
        configureCompiler(compilerConfiguration, scriptExpressionEvaluationContext);
        return new GroovyClassLoader(GroovyScriptEvaluator.class.getClassLoader(), compilerConfiguration);
    }

    private void configureCompiler(CompilerConfiguration compilerConfiguration, ScriptExpressionEvaluationContext scriptExpressionEvaluationContext) throws SecurityViolationException {
        ScriptLanguageExpressionProfile scriptExpressionProfile = scriptExpressionEvaluationContext.getScriptExpressionProfile();
        if (scriptExpressionProfile == null) {
            return;
        }
        if (scriptExpressionProfile.isTypeChecking()) {
            compilerConfiguration.addCompilationCustomizers(new SecureASTCustomizer());
            compilerConfiguration.addCompilationCustomizers(new ASTTransformationCustomizer(Map.of("extensions", List.of(SandboxTypeCheckingExtension.class.getName())), (Class<? extends Annotation>) CompileStatic.class));
        } else if (scriptExpressionProfile.hasRestrictions()) {
            throw new SecurityViolationException("Requested to apply restrictions to groovy script, but the script is not set to type checking mode, in " + scriptExpressionEvaluationContext.getContextDescription());
        }
    }

    private String getSandboxError(MultipleCompilationErrorsException multipleCompilationErrorsException) {
        SyntaxException cause;
        String message;
        int indexOf;
        List<? extends Message> errors = multipleCompilationErrorsException.getErrorCollector().getErrors();
        if (errors == null) {
            return null;
        }
        for (Message message2 : errors) {
            if ((message2 instanceof SyntaxErrorMessage) && (cause = ((SyntaxErrorMessage) message2).getCause()) != null && (message = cause.getMessage()) != null && (indexOf = message.indexOf(SANDBOX_ERROR_PREFIX)) >= 0) {
                return message.substring(indexOf + SANDBOX_ERROR_PREFIX.length());
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.model.common.expression.script.AbstractCachingScriptEvaluator
    public Object evaluateScript(Class<?> cls, ScriptExpressionEvaluationContext scriptExpressionEvaluationContext) throws Exception {
        if (!Script.class.isAssignableFrom(cls)) {
            throw new ExpressionEvaluationException("Expected groovy script class, but got " + cls);
        }
        try {
            Object run = InvokerHelper.createScript(cls, new Binding(prepareScriptVariablesValueMap(scriptExpressionEvaluationContext))).run();
            if (run == null) {
                return null;
            }
            if (run instanceof GString) {
                run = ((GString) run).toString();
            }
            return run;
        } catch (GroovyRuntimeException e) {
            throw new ExpressionEvaluationException("Groovy Evaluation Failed: " + e.getMessage(), serializationSafeThrowable(e));
        }
    }

    private static Throwable serializationSafeThrowable(Throwable th) {
        if (th instanceof GroovyRuntimeException) {
            new GroovyRuntimeException(th.getMessage(), serializationSafeThrowable(th.getCause())).setStackTrace(th.getStackTrace());
        }
        return th;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public static AccessDecision decideGroovyBuiltin(String str, String str2) {
        return BUILTIN_GROOVY_LANGUAGE_PROFILE.decideClassAccess(str, str2);
    }

    static {
        ExpressionPermissionProfile open = ExpressionPermissionProfile.open(SchemaConstants.BUILTIN_GROOVY_EXPRESSION_PROFILE_ID, AccessDecision.DEFAULT);
        open.addClassAccessRule(Script.class, "<init>", AccessDecision.ALLOW);
        open.addClassAccessRule(InvokerHelper.class, "runScript", AccessDecision.ALLOW);
        open.addClassAccessRule(Class.class, (String) null, AccessDecision.DENY);
        open.addClassAccessRule(Method.class, (String) null, AccessDecision.DENY);
        open.freeze();
        BUILTIN_GROOVY_LANGUAGE_PROFILE = new ScriptLanguageExpressionProfile(SchemaConstants.BUILTIN_GROOVY_EXPRESSION_PROFILE_ID, AccessDecision.DEFAULT, false, open);
    }
}
