package sernet.verinice.service;

import antlr.RecognitionException;
import antlr.TokenStreamException;
import antlr.collections.AST;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.apache.log4j.Logger;
import org.hibernate.hql.antlr.HqlTokenTypes;
import org.hibernate.hql.ast.HqlParser;
import org.hibernate.hql.ast.util.ASTPrinter;
import org.hibernate.hql.ast.util.ASTUtil;
import sernet.verinice.interfaces.IReportHQLService;
import sernet.verinice.model.common.CnALink;
import sernet.verinice.model.common.CnATreeElement;

/* loaded from: input_file:sernet/verinice/service/ReportHQLService.class */
public class ReportHQLService implements IReportHQLService {
    private static final Logger LOG = Logger.getLogger(ReportHQLService.class);

    public boolean isQueryAllowed(String str) {
        HqlParser hqlParser = HqlParser.getInstance(str);
        try {
            hqlParser.statement();
            AST ast = hqlParser.getAST();
            if (isQueryRoot(ast) && isAllowedStatementBeginning(ast.getFirstChild())) {
                return validateSelectStatements(str, ast, getAllSelectStatements(ast));
            }
            return false;
        } catch (TokenStreamException e) {
            LOG.error("Error parsing the hql-qry", e);
            return false;
        } catch (RecognitionException e2) {
            LOG.error("Error parsing the hql-qry", e2);
            return false;
        }
    }

    private boolean validateSelectStatements(String str, AST ast, List<AST> list) {
        Iterator<AST> it = list.iterator();
        while (it.hasNext()) {
            if (!checkRangeStatements(it.next())) {
                if (!LOG.isDebugEnabled()) {
                    return false;
                }
                LOG.debug("Checking if following hql is allowed:\n" + new ASTPrinter(HqlTokenTypes.class).showAsString(ast, "verinice HQL Query String Representation") + "\n\n" + str);
                return false;
            }
        }
        return true;
    }

    private boolean checkRangeStatements(AST ast) {
        Iterator<AST> it = getRangeofSelectStatement(ast).iterator();
        while (it.hasNext()) {
            AST firstChild = it.next().getFirstChild();
            while (true) {
                AST ast2 = firstChild;
                if (ast2 == null) {
                    break;
                }
                if (!isSelectionTargetValid(ast2)) {
                    return false;
                }
                firstChild = ast2.getNextSibling();
            }
        }
        return true;
    }

    private boolean isSelectionTargetValid(AST ast) {
        HashSet hashSet = new HashSet();
        hashSet.add(CnATreeElement.class.getSimpleName());
        hashSet.add(CnALink.class.getSimpleName());
        if (120 != ast.getType() || hashSet.contains(ast.getText())) {
            return true;
        }
        if (!LOG.isDebugEnabled()) {
            return false;
        }
        LOG.debug("qry is not allowed to be executed from a verinice report because usage of:\t\"" + ast.getText() + "\" in a select statement");
        return false;
    }

    public boolean isValidQuery(String str) {
        try {
            return isValidHQL(str);
        } catch (Exception e) {
            LOG.error("Query could not be parsed", e);
            return false;
        }
    }

    private List<AST> getAllSelectStatements(AST ast) {
        return ASTUtil.collectChildren(ast, new ASTUtil.IncludePredicate() { // from class: sernet.verinice.service.ReportHQLService.1
            public boolean include(AST ast2) {
                return 86 == ast2.getType() || 45 == ast2.getType();
            }
        });
    }

    private List<AST> getRangeofSelectStatement(AST ast) {
        return ASTUtil.collectChildren(ast, new ASTUtil.IncludePredicate() { // from class: sernet.verinice.service.ReportHQLService.2
            public boolean include(AST ast2) {
                return 84 == ast2.getType();
            }
        });
    }

    private boolean isValidHQL(String str) throws RecognitionException, TokenStreamException {
        HqlParser hqlParser = HqlParser.getInstance(str);
        hqlParser.statement();
        return hqlParser.getParseErrorHandler().getErrorCount() == 0;
    }

    private boolean isQueryRoot(AST ast) {
        return ast != null && 83 == ast.getType();
    }

    private boolean isAllowedStatementBeginning(AST ast) {
        return 45 == ast.getType() || 22 == ast.getType() || 86 == ast.getType();
    }
}
