package org.apache.cassandra.service;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import org.apache.cassandra.auth.AllowAllAuthorizer;
import org.apache.cassandra.auth.Auth;
import org.apache.cassandra.auth.AuthenticatedUser;
import org.apache.cassandra.auth.DataResource;
import org.apache.cassandra.auth.IResource;
import org.apache.cassandra.auth.Permission;
import org.apache.cassandra.auth.Resources;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.config.Schema;
import org.apache.cassandra.cql3.QueryProcessor;
import org.apache.cassandra.db.SystemTable;
import org.apache.cassandra.db.Table;
import org.apache.cassandra.exceptions.AuthenticationException;
import org.apache.cassandra.exceptions.InvalidRequestException;
import org.apache.cassandra.exceptions.UnauthorizedException;
import org.apache.cassandra.utils.Pair;
import org.apache.cassandra.utils.SemanticVersion;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/cassandra/service/ClientState.class */
public class ClientState {
    private static final Logger logger = LoggerFactory.getLogger(ClientState.class);
    public static final SemanticVersion DEFAULT_CQL_VERSION = QueryProcessor.CQL_VERSION;
    private static final Set<IResource> READABLE_SYSTEM_RESOURCES = new HashSet(5);
    private static final Set<IResource> PROTECTED_AUTH_RESOURCES = new HashSet();
    private static final LoadingCache<Pair<AuthenticatedUser, IResource>, Set<Permission>> permissionsCache = initPermissionsCache();
    private volatile AuthenticatedUser user;
    private String keyspace;
    private SemanticVersion cqlVersion;
    private final boolean internalCall;

    public ClientState() {
        this(false);
    }

    public ClientState(boolean z) {
        this.internalCall = z;
        if (DatabaseDescriptor.getAuthenticator().requireAuthentication()) {
            return;
        }
        this.user = AuthenticatedUser.ANONYMOUS_USER;
    }

    public String getRawKeyspace() {
        return this.keyspace;
    }

    public String getKeyspace() throws InvalidRequestException {
        if (this.keyspace == null) {
            throw new InvalidRequestException("no keyspace has been specified");
        }
        return this.keyspace;
    }

    public void setKeyspace(String str) throws InvalidRequestException {
        if (this.user != null && Schema.instance.getKSMetaData(str) == null) {
            throw new InvalidRequestException("Keyspace '" + str + "' does not exist");
        }
        this.keyspace = str;
    }

    public void login(Map<String, String> map) throws AuthenticationException {
        AuthenticatedUser authenticate = DatabaseDescriptor.getAuthenticator().authenticate(map);
        if (!authenticate.isAnonymous() && !Auth.isExistingUser(authenticate.getName())) {
            throw new AuthenticationException(String.format("User %s doesn't exist - create it with CREATE USER query first", authenticate.getName()));
        }
        this.user = authenticate;
    }

    public void hasAllKeyspacesAccess(Permission permission) throws UnauthorizedException, InvalidRequestException {
        if (this.internalCall) {
            return;
        }
        validateLogin();
        ensureHasPermission(permission, DataResource.root());
    }

    public void hasKeyspaceAccess(String str, Permission permission) throws UnauthorizedException, InvalidRequestException {
        hasAccess(str, permission, DataResource.keyspace(str));
    }

    public void hasColumnFamilyAccess(String str, String str2, Permission permission) throws UnauthorizedException, InvalidRequestException {
        hasAccess(str, permission, DataResource.columnFamily(str, str2));
    }

    private void hasAccess(String str, Permission permission, DataResource dataResource) throws UnauthorizedException, InvalidRequestException {
        validateKeyspace(str);
        if (this.internalCall) {
            return;
        }
        validateLogin();
        preventSystemKSSchemaModification(str, dataResource, permission);
        if (permission.equals(Permission.SELECT) && READABLE_SYSTEM_RESOURCES.contains(dataResource)) {
            return;
        }
        if (PROTECTED_AUTH_RESOURCES.contains(dataResource) && (permission.equals(Permission.CREATE) || permission.equals(Permission.ALTER) || permission.equals(Permission.DROP))) {
            throw new UnauthorizedException(String.format("%s schema is protected", dataResource));
        }
        ensureHasPermission(permission, dataResource);
    }

    public void ensureHasPermission(Permission permission, IResource iResource) throws UnauthorizedException {
        Iterator<? extends IResource> it = Resources.chain(iResource).iterator();
        while (it.hasNext()) {
            if (authorize(it.next()).contains(permission)) {
                return;
            }
        }
        throw new UnauthorizedException(String.format("User %s has no %s permission on %s or any of its parents", this.user.getName(), permission, iResource));
    }

    private void preventSystemKSSchemaModification(String str, DataResource dataResource, Permission permission) throws UnauthorizedException {
        if (permission.equals(Permission.ALTER) || permission.equals(Permission.DROP) || permission.equals(Permission.CREATE)) {
            if (Schema.systemKeyspaceNames.contains(str.toLowerCase())) {
                throw new UnauthorizedException(str + " keyspace is not user-modifiable.");
            }
            if (str.equals(Auth.AUTH_KS)) {
                if (!dataResource.isKeyspaceLevel() || !permission.equals(Permission.ALTER)) {
                    throw new UnauthorizedException(String.format("Cannot %s %s", permission, dataResource));
                }
            }
        }
    }

    public void validateLogin() throws UnauthorizedException {
        if (this.user == null) {
            throw new UnauthorizedException("You have not logged in");
        }
    }

    public void ensureNotAnonymous() throws UnauthorizedException {
        validateLogin();
        if (this.user.isAnonymous()) {
            throw new UnauthorizedException("You have to be logged in and not anonymous to perform this request");
        }
    }

    private static void validateKeyspace(String str) throws InvalidRequestException {
        if (str == null) {
            throw new InvalidRequestException("You have not set a keyspace for this session");
        }
    }

    public void setCQLVersion(String str) throws InvalidRequestException {
        try {
            SemanticVersion semanticVersion = new SemanticVersion(str);
            SemanticVersion semanticVersion2 = org.apache.cassandra.cql.QueryProcessor.CQL_VERSION;
            SemanticVersion semanticVersion3 = QueryProcessor.CQL_VERSION;
            if (semanticVersion.equals(new SemanticVersion("3.0.0-beta1"))) {
                throw new InvalidRequestException(String.format("There has been a few syntax breaking changes between 3.0.0-beta1 and 3.0.0 (mainly the syntax for options of CREATE KEYSPACE and CREATE TABLE). 3.0.0-beta1  is not supported; please upgrade to 3.0.0", new Object[0]));
            }
            if (semanticVersion.isSupportedBy(semanticVersion2)) {
                this.cqlVersion = semanticVersion2;
            } else {
                if (!semanticVersion.isSupportedBy(semanticVersion3)) {
                    throw new InvalidRequestException(String.format("Provided version %s is not supported by this server (supported: %s)", semanticVersion, StringUtils.join(getCQLSupportedVersion(), ", ")));
                }
                this.cqlVersion = semanticVersion3;
            }
        } catch (IllegalArgumentException e) {
            throw new InvalidRequestException(e.getMessage());
        }
    }

    public AuthenticatedUser getUser() {
        return this.user;
    }

    public SemanticVersion getCQLVersion() {
        return this.cqlVersion;
    }

    public static SemanticVersion[] getCQLSupportedVersion() {
        return new SemanticVersion[]{org.apache.cassandra.cql.QueryProcessor.CQL_VERSION, QueryProcessor.CQL_VERSION};
    }

    private static LoadingCache<Pair<AuthenticatedUser, IResource>, Set<Permission>> initPermissionsCache() {
        int permissionsValidity;
        if (!(DatabaseDescriptor.getAuthorizer() instanceof AllowAllAuthorizer) && (permissionsValidity = DatabaseDescriptor.getPermissionsValidity()) > 0) {
            return CacheBuilder.newBuilder().expireAfterWrite(permissionsValidity, TimeUnit.MILLISECONDS).build(new CacheLoader<Pair<AuthenticatedUser, IResource>, Set<Permission>>() { // from class: org.apache.cassandra.service.ClientState.1
                public Set<Permission> load(Pair<AuthenticatedUser, IResource> pair) {
                    return DatabaseDescriptor.getAuthorizer().authorize(pair.left, pair.right);
                }
            });
        }
        return null;
    }

    private Set<Permission> authorize(IResource iResource) {
        if (permissionsCache == null) {
            return DatabaseDescriptor.getAuthorizer().authorize(this.user, iResource);
        }
        try {
            return (Set) permissionsCache.get(Pair.create(this.user, iResource));
        } catch (ExecutionException e) {
            throw new RuntimeException(e);
        }
    }

    static {
        for (String str : new String[]{SystemTable.LOCAL_CF, SystemTable.PEERS_CF, SystemTable.SCHEMA_KEYSPACES_CF, SystemTable.SCHEMA_COLUMNFAMILIES_CF, SystemTable.SCHEMA_COLUMNS_CF}) {
            READABLE_SYSTEM_RESOURCES.add(DataResource.columnFamily(Table.SYSTEM_KS, str));
        }
        PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getAuthenticator().protectedResources());
        PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getAuthorizer().protectedResources());
    }
}
