package org.apache.cassandra.auth;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Lists;
import java.util.Set;
import org.apache.cassandra.cql3.QueryOptions;
import org.apache.cassandra.cql3.QueryProcessor;
import org.apache.cassandra.cql3.UntypedResultSet;
import org.apache.cassandra.cql3.statements.SelectStatement;
import org.apache.cassandra.db.ConsistencyLevel;
import org.apache.cassandra.db.marshal.UTF8Type;
import org.apache.cassandra.exceptions.ConfigurationException;
import org.apache.cassandra.schema.SchemaConstants;
import org.apache.cassandra.service.ClientState;
import org.apache.cassandra.service.QueryState;
import org.apache.cassandra.transport.messages.ResultMessage;
import org.apache.cassandra.utils.ByteBufferUtil;

/* loaded from: input_file:cassandra-all-4.0.1.jar:org/apache/cassandra/auth/CassandraNetworkAuthorizer.class */
public class CassandraNetworkAuthorizer implements INetworkAuthorizer {
    private SelectStatement authorizeUserStatement = null;

    @Override // org.apache.cassandra.auth.INetworkAuthorizer
    public void setup() {
        this.authorizeUserStatement = (SelectStatement) QueryProcessor.getStatement(String.format("SELECT dcs FROM %s.%s WHERE role = ?", SchemaConstants.AUTH_KEYSPACE_NAME, AuthKeyspace.NETWORK_PERMISSIONS), ClientState.forInternalCalls());
    }

    @VisibleForTesting
    ResultMessage.Rows select(SelectStatement selectStatement, QueryOptions queryOptions) {
        return selectStatement.execute(QueryState.forInternalCalls(), queryOptions, System.nanoTime());
    }

    @VisibleForTesting
    void process(String str) {
        QueryProcessor.process(str, ConsistencyLevel.LOCAL_ONE);
    }

    private Set<String> getAuthorizedDcs(String str) {
        UntypedResultSet create = UntypedResultSet.create(select(this.authorizeUserStatement, QueryOptions.forInternalCalls(ConsistencyLevel.LOCAL_ONE, Lists.newArrayList(ByteBufferUtil.bytes(str)))).result);
        Set<String> set = null;
        if (!create.isEmpty() && create.one().has("dcs")) {
            set = create.one().getFrozenSet("dcs", UTF8Type.instance);
        }
        return set;
    }

    @Override // org.apache.cassandra.auth.INetworkAuthorizer
    public DCPermissions authorize(RoleResource roleResource) {
        if (!Roles.canLogin(roleResource)) {
            return DCPermissions.none();
        }
        if (Roles.hasSuperuserStatus(roleResource)) {
            return DCPermissions.all();
        }
        Set<String> authorizedDcs = getAuthorizedDcs(roleResource.getName());
        return (authorizedDcs == null || authorizedDcs.isEmpty()) ? DCPermissions.all() : DCPermissions.subset(authorizedDcs);
    }

    private static String getSetString(DCPermissions dCPermissions) {
        if (!dCPermissions.restrictsAccess()) {
            return "{}";
        }
        StringBuilder sb = new StringBuilder();
        sb.append('{');
        boolean z = true;
        for (String str : dCPermissions.allowedDCs()) {
            if (z) {
                z = false;
            } else {
                sb.append(", ");
            }
            sb.append('\'');
            sb.append(str);
            sb.append('\'');
        }
        sb.append('}');
        return sb.toString();
    }

    @Override // org.apache.cassandra.auth.INetworkAuthorizer
    public void setRoleDatacenters(RoleResource roleResource, DCPermissions dCPermissions) {
        process(String.format("UPDATE %s.%s SET dcs = %s WHERE role = '%s'", SchemaConstants.AUTH_KEYSPACE_NAME, AuthKeyspace.NETWORK_PERMISSIONS, getSetString(dCPermissions), roleResource.getName()));
    }

    @Override // org.apache.cassandra.auth.INetworkAuthorizer
    public void drop(RoleResource roleResource) {
        process(String.format("DELETE FROM %s.%s WHERE role = '%s'", SchemaConstants.AUTH_KEYSPACE_NAME, AuthKeyspace.NETWORK_PERMISSIONS, roleResource.getName()));
    }

    @Override // org.apache.cassandra.auth.INetworkAuthorizer
    public void validateConfiguration() throws ConfigurationException {
    }
}
