package org.apache.cassandra.service;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.cassandra.auth.AuthenticatedUser;
import org.apache.cassandra.auth.Permission;
import org.apache.cassandra.auth.Resources;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.db.Table;
import org.apache.cassandra.thrift.AuthenticationException;
import org.apache.cassandra.thrift.InvalidRequestException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/cassandra/service/ClientState.class */
public class ClientState {
    private static Logger logger = LoggerFactory.getLogger(ClientState.class);
    private AuthenticatedUser user;
    private String keyspace;
    private final List<Object> resource = new ArrayList();

    public ClientState() {
        reset();
    }

    public String getKeyspace() throws InvalidRequestException {
        if (this.keyspace == null) {
            throw new InvalidRequestException("no keyspace has been specified");
        }
        return this.keyspace;
    }

    public void setKeyspace(String str) {
        this.keyspace = str;
    }

    public String getSchedulingValue() {
        switch (DatabaseDescriptor.getRequestSchedulerId()) {
            case keyspace:
                return this.keyspace;
            default:
                return "default";
        }
    }

    public void login(Map<? extends CharSequence, ? extends CharSequence> map) throws AuthenticationException {
        AuthenticatedUser authenticate = DatabaseDescriptor.getAuthenticator().authenticate(map);
        if (logger.isDebugEnabled()) {
            logger.debug("logged in: {}", authenticate);
        }
        this.user = authenticate;
    }

    public void logout() {
        if (logger.isDebugEnabled()) {
            logger.debug("logged out: {}", this.user);
        }
        reset();
    }

    private void resourceClear() {
        this.resource.clear();
        this.resource.add(Resources.ROOT);
        this.resource.add(Resources.KEYSPACES);
    }

    public void reset() {
        this.user = DatabaseDescriptor.getAuthenticator().defaultUser();
        this.keyspace = null;
        resourceClear();
    }

    public void hasKeyspaceListAccess(Permission permission) throws InvalidRequestException {
        validateLogin();
        resourceClear();
        hasAccess(this.user, DatabaseDescriptor.getAuthority().authorize(this.user, this.resource), permission, this.resource);
    }

    public void hasColumnFamilyListAccess(Permission permission) throws InvalidRequestException {
        validateLogin();
        validateKeyspace();
        if (this.keyspace.equalsIgnoreCase(Table.SYSTEM_TABLE)) {
            throw new InvalidRequestException("system keyspace is not user-modifiable");
        }
        resourceClear();
        this.resource.add(this.keyspace);
        hasAccess(this.user, DatabaseDescriptor.getAuthority().authorize(this.user, this.resource), permission, this.resource);
    }

    public void hasColumnFamilyAccess(String str, Permission permission) throws InvalidRequestException {
        validateLogin();
        validateKeyspace();
        resourceClear();
        this.resource.add(this.keyspace);
        this.resource.add(str);
        hasAccess(this.user, DatabaseDescriptor.getAuthority().authorize(this.user, this.resource), permission, this.resource);
    }

    private void validateLogin() throws InvalidRequestException {
        if (this.user == null) {
            throw new InvalidRequestException("You have not logged in");
        }
    }

    private void validateKeyspace() throws InvalidRequestException {
        if (this.keyspace == null) {
            throw new InvalidRequestException("You have not set a keyspace for this session");
        }
    }

    private static void hasAccess(AuthenticatedUser authenticatedUser, Set<Permission> set, Permission permission, List<Object> list) throws InvalidRequestException {
        if (!set.contains(permission)) {
            throw new InvalidRequestException(String.format("%s does not have permission %s for %s", authenticatedUser, permission, Resources.toString(list)));
        }
    }
}
