package org.apache.solr.security;

import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.apache.solr.cloud.rule.Rule;
import org.apache.solr.handler.admin.SecurityConfHandler;
import org.apache.solr.security.AuthorizationContext;
import org.apache.solr.util.CommandOperation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/security/RuleBasedAuthorizationPlugin.class */
public class RuleBasedAuthorizationPlugin implements AuthorizationPlugin, ConfigEditablePlugin {
    private final Map<String, Set<String>> usersVsRoles = new HashMap();
    private final Map<String, WildCardSupportMap> mapping = new HashMap();
    private final List<Permission> permissions = new ArrayList();
    private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private static final Map<String, AutorizationEditOperation> ops = Collections.unmodifiableMap((Map) Arrays.asList(AutorizationEditOperation.values()).stream().collect(Collectors.toMap((v0) -> {
        return v0.getOperationName();
    }, Function.identity())));

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/solr/security/RuleBasedAuthorizationPlugin$MatchStatus.class */
    public enum MatchStatus {
        USER_REQUIRED(AuthorizationResponse.PROMPT),
        NO_PERMISSIONS_FOUND(AuthorizationResponse.OK),
        PERMITTED(AuthorizationResponse.OK),
        FORBIDDEN(AuthorizationResponse.FORBIDDEN);

        final AuthorizationResponse rsp;

        MatchStatus(AuthorizationResponse authorizationResponse) {
            this.rsp = authorizationResponse;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/solr/security/RuleBasedAuthorizationPlugin$WildCardSupportMap.class */
    public static class WildCardSupportMap extends HashMap<String, List<Permission>> {
        final Set<String> wildcardPrefixes;

        private WildCardSupportMap() {
            this.wildcardPrefixes = new HashSet();
        }

        @Override // java.util.HashMap, java.util.AbstractMap, java.util.Map
        public List<Permission> put(String str, List<Permission> list) {
            if (str != null && str.endsWith("/*")) {
                str = str.substring(0, str.length() - 2);
                this.wildcardPrefixes.add(str);
            }
            return (List) super.put((WildCardSupportMap) str, (String) list);
        }

        @Override // java.util.HashMap, java.util.AbstractMap, java.util.Map
        public List<Permission> get(Object obj) {
            List list;
            List<Permission> list2 = (List) super.get(obj);
            if (obj == null || list2 != null) {
                return list2;
            }
            if (!this.wildcardPrefixes.isEmpty()) {
                for (String str : this.wildcardPrefixes) {
                    if (obj.toString().startsWith(str) && (list = (List) super.get((Object) str)) != null) {
                        list2 = list2 == null ? new ArrayList() : new ArrayList(list2);
                        list2.addAll(list);
                    }
                }
            }
            return list2;
        }
    }

    @Override // org.apache.solr.security.AuthorizationPlugin
    public AuthorizationResponse authorize(AuthorizationContext authorizationContext) {
        List<AuthorizationContext.CollectionRequest> collectionRequests = authorizationContext.getCollectionRequests();
        if (authorizationContext.getRequestType() == AuthorizationContext.RequestType.ADMIN) {
            return checkCollPerm(this.mapping.get(null), authorizationContext).rsp;
        }
        Iterator<AuthorizationContext.CollectionRequest> it = collectionRequests.iterator();
        while (it.hasNext()) {
            MatchStatus checkCollPerm = checkCollPerm(this.mapping.get(it.next().collectionName), authorizationContext);
            if (checkCollPerm != MatchStatus.NO_PERMISSIONS_FOUND) {
                return checkCollPerm.rsp;
            }
        }
        return checkCollPerm(this.mapping.get(Rule.WILD_CARD), authorizationContext).rsp;
    }

    private MatchStatus checkCollPerm(Map<String, List<Permission>> map, AuthorizationContext authorizationContext) {
        if (map == null) {
            return MatchStatus.NO_PERMISSIONS_FOUND;
        }
        MatchStatus checkPathPerm = checkPathPerm(map.get(authorizationContext.getResource()), authorizationContext);
        return checkPathPerm != MatchStatus.NO_PERMISSIONS_FOUND ? checkPathPerm : checkPathPerm(map.get(null), authorizationContext);
    }

    /* JADX WARN: Removed duplicated region for block: B:19:0x010d  */
    /* JADX WARN: Removed duplicated region for block: B:22:0x0111  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private org.apache.solr.security.RuleBasedAuthorizationPlugin.MatchStatus checkPathPerm(java.util.List<org.apache.solr.security.Permission> r6, org.apache.solr.security.AuthorizationContext r7) {
        /*
            Method dump skipped, instructions count: 431
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.solr.security.RuleBasedAuthorizationPlugin.checkPathPerm(java.util.List, org.apache.solr.security.AuthorizationContext):org.apache.solr.security.RuleBasedAuthorizationPlugin$MatchStatus");
    }

    @Override // org.apache.solr.security.AuthorizationPlugin
    public void init(Map<String, Object> map) {
        this.mapping.put(null, new WildCardSupportMap());
        Map<String, Object> mapValue = SecurityConfHandler.getMapValue(map, "user-role");
        Iterator<Map.Entry<String, Object>> it = mapValue.entrySet().iterator();
        while (it.hasNext()) {
            String key = it.next().getKey();
            this.usersVsRoles.put(key, Permission.readValueAsSet(mapValue, key));
        }
        Iterator it2 = SecurityConfHandler.getListValue(map, "permissions").iterator();
        while (it2.hasNext()) {
            try {
                Permission load = Permission.load((Map) it2.next());
                this.permissions.add(load);
                add2Mapping(load);
            } catch (Exception e) {
                log.error("Invalid permission ", e);
            }
        }
    }

    private void add2Mapping(Permission permission) {
        for (String str : permission.collections) {
            WildCardSupportMap wildCardSupportMap = this.mapping.get(str);
            if (wildCardSupportMap == null) {
                Map<String, WildCardSupportMap> map = this.mapping;
                WildCardSupportMap wildCardSupportMap2 = new WildCardSupportMap();
                wildCardSupportMap = wildCardSupportMap2;
                map.put(str, wildCardSupportMap2);
            }
            for (String str2 : permission.path) {
                List<Permission> list = wildCardSupportMap.get((Object) str2);
                if (list == null) {
                    ArrayList arrayList = new ArrayList();
                    list = arrayList;
                    wildCardSupportMap.put(str2, (List<Permission>) arrayList);
                }
                list.add(permission);
            }
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
    }

    @Override // org.apache.solr.security.ConfigEditablePlugin
    public Map<String, Object> edit(Map<String, Object> map, List<CommandOperation> list) {
        for (CommandOperation commandOperation : list) {
            AutorizationEditOperation autorizationEditOperation = ops.get(commandOperation.name);
            if (autorizationEditOperation == null) {
                commandOperation.unknownOperation();
                return null;
            }
            map = autorizationEditOperation.edit(map, commandOperation);
            if (map == null) {
                return null;
            }
        }
        return map;
    }
}
