package io.stargate.db.cassandra.impl;

import io.stargate.auth.AuthorizationOutcome;
import io.stargate.auth.AuthorizationProcessor;
import io.stargate.auth.PermissionKind;
import io.stargate.auth.entity.AccessPermission;
import io.stargate.auth.entity.AuthorizedResource;
import io.stargate.auth.entity.EntitySelector;
import io.stargate.auth.entity.ImmutableAccessPermission;
import io.stargate.auth.entity.ImmutableActor;
import io.stargate.auth.entity.ImmutableAuthorizedResource;
import io.stargate.auth.entity.ResourceKind;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.CompletionStage;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import org.apache.cassandra.auth.AuthenticatedUser;
import org.apache.cassandra.auth.CassandraAuthorizer;
import org.apache.cassandra.auth.DataResource;
import org.apache.cassandra.auth.FunctionResource;
import org.apache.cassandra.auth.IResource;
import org.apache.cassandra.auth.Permission;
import org.apache.cassandra.auth.RoleResource;
import org.apache.cassandra.exceptions.RequestExecutionException;
import org.apache.cassandra.exceptions.RequestValidationException;
import org.apache.cassandra.stargate.exceptions.AuthenticationException;

/* loaded from: input_file:io/stargate/db/cassandra/impl/DelegatingAuthorizer.class */
public class DelegatingAuthorizer extends CassandraAuthorizer {
    private static final Duration PROCESSING_TIMEOUT = Duration.parse(System.getProperty("stargate.authorization.processing.timeout", "PT5M"));
    private AuthorizationProcessor authProcessor;

    public void setProcessor(AuthorizationProcessor authorizationProcessor) {
        this.authProcessor = authorizationProcessor;
    }

    @Override // org.apache.cassandra.auth.CassandraAuthorizer, org.apache.cassandra.auth.IAuthorizer
    public void grant(AuthenticatedUser authenticatedUser, Set<Permission> set, IResource iResource, RoleResource roleResource) throws RequestValidationException, RequestExecutionException {
        if (this.authProcessor == null) {
            super.grant(authenticatedUser, set, iResource, roleResource);
        } else {
            get(this.authProcessor.addPermissions(ImmutableActor.of(authenticatedUser.getName()), AuthorizationOutcome.ALLOW, PermissionKind.ACCESS, permissions(set), resource(iResource), role(roleResource)));
        }
    }

    @Override // org.apache.cassandra.auth.CassandraAuthorizer, org.apache.cassandra.auth.IAuthorizer
    public void revoke(AuthenticatedUser authenticatedUser, Set<Permission> set, IResource iResource, RoleResource roleResource) throws RequestValidationException, RequestExecutionException {
        if (this.authProcessor == null) {
            super.revoke(authenticatedUser, set, iResource, roleResource);
        } else {
            get(this.authProcessor.removePermissions(ImmutableActor.of(authenticatedUser.getName()), AuthorizationOutcome.ALLOW, PermissionKind.ACCESS, permissions(set), resource(iResource), role(roleResource)));
        }
    }

    private static void get(CompletionStage<Void> completionStage) {
        try {
            completionStage.toCompletableFuture().get(PROCESSING_TIMEOUT.toMillis(), TimeUnit.MILLISECONDS);
        } catch (ExecutionException e) {
            org.apache.cassandra.stargate.exceptions.RequestValidationException cause = e.getCause();
            if (!(cause instanceof org.apache.cassandra.stargate.exceptions.RequestValidationException)) {
                throw new AuthenticationException(e.getMessage(), e);
            }
            throw cause;
        } catch (Exception e2) {
            throw new AuthenticationException(e2.getMessage(), e2);
        }
    }

    private static EntitySelector role(RoleResource roleResource) {
        return !roleResource.hasParent() ? EntitySelector.wildcard() : EntitySelector.byName(roleResource.getRoleName());
    }

    private static AuthorizedResource resource(IResource iResource) {
        ImmutableAuthorizedResource withElement;
        String name = iResource.getName();
        if (iResource instanceof FunctionResource) {
            withElement = ImmutableAuthorizedResource.of(ResourceKind.FUNCTION);
            FunctionResource functionResource = (FunctionResource) iResource;
            if (name.indexOf("/") > 0) {
                withElement = withElement.withKeyspace(EntitySelector.byName(functionResource.getKeyspace()));
                String substring = name.substring(name.indexOf(47));
                int indexOf = substring.indexOf(47);
                if (indexOf > 0) {
                    withElement = withElement.withElement(EntitySelector.byName(substring.substring(indexOf)));
                }
            }
        } else {
            if (!(iResource instanceof DataResource)) {
                throw new UnsupportedOperationException("Unsupported resource type: " + iResource.getClass());
            }
            DataResource dataResource = (DataResource) iResource;
            if (dataResource.isRootLevel()) {
                withElement = ImmutableAuthorizedResource.of(ResourceKind.KEYSPACE);
            } else if (dataResource.isKeyspaceLevel()) {
                withElement = ImmutableAuthorizedResource.of(ResourceKind.KEYSPACE).withKeyspace(EntitySelector.byName(dataResource.getKeyspace()));
            } else {
                if (!dataResource.isTableLevel()) {
                    throw new IllegalArgumentException("Unsupported data resource: " + dataResource);
                }
                withElement = ImmutableAuthorizedResource.of(ResourceKind.TABLE).withKeyspace(EntitySelector.byName(dataResource.getKeyspace())).withElement(EntitySelector.byName(dataResource.getTable()));
            }
        }
        return withElement;
    }

    private static Collection<AccessPermission> permissions(Set<Permission> set) {
        ArrayList arrayList = new ArrayList(set.size());
        Iterator<Permission> it = set.iterator();
        while (it.hasNext()) {
            arrayList.add(ImmutableAccessPermission.of(it.next().name()));
        }
        return arrayList;
    }
}
