package com.google.apphosting.client.datastoreservice.app.mobile;

import com.google.appengine.repackaged.com.google.net.util.error.Codes;
import com.google.apphosting.client.datastoreservice.app.EntityTranslator;
import com.google.apphosting.client.datastoreservice.app.QueryV4Normalizer;
import com.google.apphosting.client.datastoreservice.mobile.DatastoreMobileService;
import com.google.apphosting.client.serviceapp.RpcException;
import com.google.apphosting.datastore.DatastoreV4;
import com.google.apphosting.datastore.EntityV4;
import java.util.Iterator;

/* loaded from: input_file:WEB-INF/lib/appengine-api-1.0-sdk-1.9.30.jar:com/google/apphosting/client/datastoreservice/app/mobile/MobileV4NormAuthenticator.class */
class MobileV4NormAuthenticator {
    private final MobileEntityV4Normalizer entityNormalizer;
    private final QueryV4Normalizer queryNormalizer;
    private final EntityTranslator.Format inputFormat;
    private static final String ERROR_MESSAGE_INVALID_QUERY = "Incorrect query format";
    private static final String ERROR_MESSAGE_INVALID_MUTATION = "Incorrect mutation format";

    public MobileV4NormAuthenticator(MobileEntityV4Normalizer mobileEntityV4Normalizer, EntityTranslator.Format format) {
        this.entityNormalizer = mobileEntityV4Normalizer;
        this.queryNormalizer = new QueryV4Normalizer(mobileEntityV4Normalizer);
        this.inputFormat = format;
    }

    public DatastoreMobileService.CommitRequest normalizeAndAuthenticateCommitRequest(DatastoreMobileService.CommitRequest commitRequest) throws RpcException {
        DatastoreMobileService.CommitRequest.Builder clearMutation = commitRequest.toBuilder().clearMutation();
        if (clearMutation.hasReceiptEntity()) {
            clearMutation.setReceiptEntity(this.entityNormalizer.normalizeEntity(clearMutation.getReceiptEntity(), this.inputFormat));
            authenticateAccess(clearMutation.getReceiptEntityOrBuilder().getKey());
        }
        Iterator<DatastoreMobileService.Mutation> it = commitRequest.getMutationList().iterator();
        while (it.hasNext()) {
            clearMutation.addMutation(normalizeAndAuthenticateMutation(it.next()));
        }
        return clearMutation.build();
    }

    private DatastoreMobileService.Mutation normalizeAndAuthenticateMutation(DatastoreMobileService.Mutation mutation) throws RpcException {
        if (mutation.hasKey()) {
            EntityV4.Key normalizeKey = this.entityNormalizer.normalizeKey(mutation.getKey());
            authenticateAccess(normalizeKey);
            return normalizeKey != mutation.getKey() ? mutation.toBuilder().setKey(normalizeKey).build() : mutation;
        }
        if (!mutation.hasEntity()) {
            throw new RpcException(Codes.Code.PERMISSION_DENIED, ERROR_MESSAGE_INVALID_MUTATION);
        }
        EntityV4.Entity normalizeEntity = this.entityNormalizer.normalizeEntity(mutation.getEntity(), this.inputFormat);
        authenticateAccess(normalizeEntity.getKey());
        return normalizeEntity != mutation.getEntity() ? mutation.toBuilder().setEntity(normalizeEntity).build() : mutation;
    }

    public DatastoreV4.RunQueryRequest normalizeAndAuthenticateRunQueryRequest(DatastoreMobileService.RunQueryRequest runQueryRequest) throws RpcException {
        DatastoreV4.RunQueryRequest v4RunQueryRequest = this.queryNormalizer.toV4RunQueryRequest(RunQueryHandler.toDatastoreServiceRunQueryRequest(runQueryRequest));
        authenticateAccess(v4RunQueryRequest.getQuery());
        return v4RunQueryRequest;
    }

    private void authenticateAccess(DatastoreV4.Query query) throws RpcException {
        if (!query.hasFilter()) {
            throw new RpcException(Codes.Code.PERMISSION_DENIED, ERROR_MESSAGE_INVALID_QUERY);
        }
        DatastoreV4.Filter filter = query.getFilter();
        if (filter.hasPropertyFilter()) {
            authenticateEntityGroupAccess(filter.getPropertyFilter());
            return;
        }
        if (filter.hasCompositeFilter()) {
            DatastoreV4.CompositeFilter compositeFilter = filter.getCompositeFilter();
            if (compositeFilter.getOperator() == DatastoreV4.CompositeFilter.Operator.AND && compositeFilter.getFilterCount() != 0 && compositeFilter.getFilter(0).hasPropertyFilter()) {
                authenticateEntityGroupAccess(compositeFilter.getFilter(0).getPropertyFilter());
                return;
            }
        }
        throw new RpcException(Codes.Code.PERMISSION_DENIED, ERROR_MESSAGE_INVALID_QUERY);
    }

    private void authenticateEntityGroupAccess(DatastoreV4.PropertyFilter propertyFilter) throws RpcException {
        if (propertyFilter.getOperator() != DatastoreV4.PropertyFilter.Operator.HAS_ANCESTOR || !propertyFilter.getProperty().getName().equals("__key__") || !propertyFilter.getValue().hasKeyValue()) {
            throw new RpcException(Codes.Code.PERMISSION_DENIED, ERROR_MESSAGE_INVALID_QUERY);
        }
        authenticateAccess(propertyFilter.getValue().getKeyValue());
    }

    private void authenticateAccess(EntityV4.Key key) throws RpcException {
        String str;
        if (key == null || key.getPathElementCount() == 0) {
            throw new RpcException(Codes.Code.INVALID_ARGUMENT, "Empty key or empty path element in the key");
        }
        EntityV4.Key.PathElement pathElement = key.getPathElement(0);
        if (pathElement.getKind().equals("__gcd_user") && pathElement.getName().equals(this.entityNormalizer.getFullUserId())) {
            return;
        }
        Codes.Code code = Codes.Code.PERMISSION_DENIED;
        String valueOf = String.valueOf(key.toString());
        if (valueOf.length() != 0) {
            str = "Invalid key: ".concat(valueOf);
        } else {
            str = r4;
            String str2 = new String("Invalid key: ");
        }
        throw new RpcException(code, str);
    }
}
