package org.apache.solr.security;

import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.solr.common.params.CollectionParams;
import org.apache.solr.common.params.SolrParams;
import org.apache.solr.core.CoreContainer;
import org.apache.solr.security.AuditEvent;
import org.apache.solr.security.AuthorizationContext;
import org.apache.solr.servlet.HttpSolrCall;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/security/AuthorizationUtils.class */
public class AuthorizationUtils {
    private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());

    /* loaded from: input_file:org/apache/solr/security/AuthorizationUtils$AuthorizationFailure.class */
    public static class AuthorizationFailure {
        private final int statusCode;
        private final String message;

        public AuthorizationFailure(int i, String str) {
            this.statusCode = i;
            this.message = str;
        }

        public int getStatusCode() {
            return this.statusCode;
        }

        public String getMessage() {
            return this.message;
        }
    }

    private AuthorizationUtils() {
    }

    public static AuthorizationFailure authorize(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, CoreContainer coreContainer, AuthorizationContext authorizationContext) throws IOException {
        log.debug("AuthorizationContext : {}", authorizationContext);
        AuthorizationPlugin authorizationPlugin = coreContainer.getAuthorizationPlugin();
        if (authorizationPlugin == null) {
            return null;
        }
        AuthorizationResponse authorize = authorizationPlugin.authorize(authorizationContext);
        int i = authorize.statusCode;
        if (i == AuthorizationResponse.PROMPT.statusCode) {
            Map map = (Map) httpServletRequest.getAttribute(AuthenticationPlugin.class.getName());
            if (map != null) {
                for (Map.Entry entry : map.entrySet()) {
                    httpServletResponse.setHeader((String) entry.getKey(), (String) entry.getValue());
                }
            }
            if (log.isDebugEnabled()) {
                log.debug("USER_REQUIRED {} {}", httpServletRequest.getHeader(MultiAuthPlugin.AUTHORIZATION_HEADER), httpServletRequest.getUserPrincipal());
            }
            if (HttpSolrCall.shouldAudit(coreContainer, AuditEvent.EventType.REJECTED)) {
                coreContainer.getAuditLoggerPlugin().doAudit(new AuditEvent(AuditEvent.EventType.REJECTED, httpServletRequest, authorizationContext));
            }
            return new AuthorizationFailure(i, "Authentication failed, Response code: " + i);
        }
        if (i == AuthorizationResponse.FORBIDDEN.statusCode) {
            if (log.isDebugEnabled()) {
                log.debug("UNAUTHORIZED auth header {} context : {}, msg: {}", new Object[]{httpServletRequest.getHeader(MultiAuthPlugin.AUTHORIZATION_HEADER), authorizationContext, authorize.getMessage()});
            }
            if (HttpSolrCall.shouldAudit(coreContainer, AuditEvent.EventType.UNAUTHORIZED)) {
                coreContainer.getAuditLoggerPlugin().doAudit(new AuditEvent(AuditEvent.EventType.UNAUTHORIZED, httpServletRequest, authorizationContext));
            }
            return new AuthorizationFailure(i, "Unauthorized request, Response code: " + i);
        }
        if (i == 202 || i == 200) {
            if (!HttpSolrCall.shouldAudit(coreContainer, AuditEvent.EventType.AUTHORIZED)) {
                return null;
            }
            coreContainer.getAuditLoggerPlugin().doAudit(new AuditEvent(AuditEvent.EventType.AUTHORIZED, httpServletRequest, authorizationContext));
            return null;
        }
        log.warn("ERROR {} during authentication: {}", Integer.valueOf(i), authorize.getMessage());
        if (HttpSolrCall.shouldAudit(coreContainer, AuditEvent.EventType.ERROR)) {
            coreContainer.getAuditLoggerPlugin().doAudit(new AuditEvent(AuditEvent.EventType.ERROR, httpServletRequest, authorizationContext));
        }
        return new AuthorizationFailure(i, "ERROR during authorization, Response code: " + i);
    }

    public static List<AuthorizationContext.CollectionRequest> getCollectionRequests(String str, List<String> list, SolrParams solrParams) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(new AuthorizationContext.CollectionRequest(it.next()));
            }
        }
        if (str.equals("/admin/collections")) {
            if (CollectionParams.CollectionAction.CREATE.isEqual(solrParams.get("action")) || CollectionParams.CollectionAction.RELOAD.isEqual(solrParams.get("action")) || CollectionParams.CollectionAction.DELETE.isEqual(solrParams.get("action"))) {
                arrayList.add(new AuthorizationContext.CollectionRequest(solrParams.get("name")));
            } else if (solrParams.get("collection") != null) {
                arrayList.add(new AuthorizationContext.CollectionRequest(solrParams.get("collection")));
            }
        }
        return arrayList;
    }
}
