package com.evolveum.midpoint.model.common.expression.script.groovy;

import com.evolveum.midpoint.model.common.expression.functions.FunctionLibrary;
import com.evolveum.midpoint.model.common.expression.script.ScriptExpressionEvaluationContext;
import com.evolveum.midpoint.schema.AccessDecision;
import com.evolveum.midpoint.schema.expression.ScriptExpressionProfile;
import com.evolveum.midpoint.schema.expression.TypedValue;
import com.evolveum.midpoint.schema.expression.VariablesMap;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import java.util.Collection;
import org.codehaus.groovy.ast.ClassHelper;
import org.codehaus.groovy.ast.ClassNode;
import org.codehaus.groovy.ast.MethodNode;
import org.codehaus.groovy.ast.expr.Expression;
import org.codehaus.groovy.ast.expr.VariableExpression;
import org.codehaus.groovy.transform.stc.AbstractTypeCheckingExtension;
import org.codehaus.groovy.transform.stc.StaticTypeCheckingVisitor;

/* loaded from: input_file:BOOT-INF/lib/model-common-4.6.2-SNAPSHOT.jar:com/evolveum/midpoint/model/common/expression/script/groovy/SandboxTypeCheckingExtension.class */
public class SandboxTypeCheckingExtension extends AbstractTypeCheckingExtension {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) SandboxTypeCheckingExtension.class);

    public SandboxTypeCheckingExtension(StaticTypeCheckingVisitor staticTypeCheckingVisitor) {
        super(staticTypeCheckingVisitor);
    }

    private ScriptExpressionEvaluationContext getContext() {
        ScriptExpressionEvaluationContext threadLocal = ScriptExpressionEvaluationContext.getThreadLocal();
        if (threadLocal == null) {
            throw new AssertionError("No script execution context in thread-local variable during script compilation");
        }
        return threadLocal;
    }

    @Override // org.codehaus.groovy.transform.stc.TypeCheckingExtension
    public void onMethodSelection(Expression expression, MethodNode methodNode) {
        ClassNode declaringClass = methodNode.getDeclaringClass();
        AccessDecision decideClass = decideClass(declaringClass.getName(), methodNode.getName());
        if (decideClass != AccessDecision.ALLOW) {
            StringBuilder sb = new StringBuilder("[SANDBOX] ");
            sb.append("Access to Groovy method ");
            sb.append(declaringClass.getName()).append("#").append(methodNode.getName()).append(" ");
            if (decideClass == AccessDecision.DENY) {
                sb.append("denied");
            } else {
                sb.append("not allowed");
            }
            if (getContext().getExpressionProfile() != null) {
                sb.append(" (applied expression profile '").append(getContext().getExpressionProfile().getIdentifier()).append("')");
            }
            addStaticTypeError(sb.toString(), expression);
        }
    }

    private AccessDecision decideClass(String str, String str2) {
        AccessDecision decideGroovyBuiltin = GroovyScriptEvaluator.decideGroovyBuiltin(str, str2);
        LOGGER.trace("decideClass: builtin [{},{}] : {}", str, str2, decideGroovyBuiltin);
        if (decideGroovyBuiltin != AccessDecision.DEFAULT) {
            return decideGroovyBuiltin;
        }
        ScriptExpressionProfile scriptExpressionProfile = getContext().getScriptExpressionProfile();
        if (scriptExpressionProfile == null) {
            LOGGER.trace("decideClass: profile==null [{},{}] : ALLOW", str, str2);
            return AccessDecision.ALLOW;
        }
        AccessDecision decideClassAccess = scriptExpressionProfile.decideClassAccess(str, str2);
        LOGGER.trace("decideClass: profile({}) [{},{}] : {}", getContext().getExpressionProfile().getIdentifier(), str, str2, decideClassAccess);
        return decideClassAccess;
    }

    @Override // org.codehaus.groovy.transform.stc.TypeCheckingExtension
    public boolean handleUnresolvedVariableExpression(VariableExpression variableExpression) {
        TypedValue typedValue;
        String name = variableExpression.getName();
        ScriptExpressionEvaluationContext context = getContext();
        String contextDescription = context.getContextDescription();
        if (!isDynamic(variableExpression)) {
            LOGGER.error("Unresolved script variable {} because it is not dynamic, in {}", name, contextDescription);
            return false;
        }
        VariablesMap variables = context.getVariables();
        if (variables != null && (typedValue = variables.get((Object) name)) != null) {
            try {
                Class determineClass = typedValue.determineClass();
                LOGGER.trace("Determine script variable {} as expression variable, class {} in {}", name, determineClass, contextDescription);
                storeType(variableExpression, ClassHelper.make(determineClass));
                setHandled(true);
                return true;
            } catch (SchemaException e) {
                String str = "Cannot determine type of variable '" + name + "' (" + typedValue + ") in " + contextDescription + ": " + e.getMessage();
                LOGGER.error("{}", str);
                throw new IllegalStateException(str, e);
            }
        }
        Collection<FunctionLibrary> functions = context.getFunctions();
        if (functions != null) {
            for (FunctionLibrary functionLibrary : functions) {
                if (functionLibrary.getVariableName().equals(name)) {
                    Class<?> cls = functionLibrary.getGenericFunctions().getClass();
                    LOGGER.trace("Determine script variable {} as function library, class {} in {}", name, cls, contextDescription);
                    storeType(variableExpression, ClassHelper.make(cls));
                    setHandled(true);
                    return true;
                }
            }
        }
        LOGGER.error("Unresolved script variable {} because no declaration for it cannot be found in {}", name, contextDescription);
        return false;
    }
}
