package org.apache.cassandra.service;

import com.google.common.collect.Iterables;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import org.apache.cassandra.auth.AllowAllAuthorizer;
import org.apache.cassandra.auth.AuthKeyspace;
import org.apache.cassandra.auth.AuthenticatedUser;
import org.apache.cassandra.auth.CassandraAuthorizer;
import org.apache.cassandra.auth.CassandraRoleManager;
import org.apache.cassandra.auth.DataResource;
import org.apache.cassandra.auth.FunctionResource;
import org.apache.cassandra.auth.IResource;
import org.apache.cassandra.auth.PasswordAuthenticator;
import org.apache.cassandra.auth.Permission;
import org.apache.cassandra.auth.Resources;
import org.apache.cassandra.config.Config;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.config.Schema;
import org.apache.cassandra.cql3.QueryHandler;
import org.apache.cassandra.cql3.QueryProcessor;
import org.apache.cassandra.cql3.functions.Function;
import org.apache.cassandra.db.SystemKeyspace;
import org.apache.cassandra.exceptions.AuthenticationException;
import org.apache.cassandra.exceptions.InvalidRequestException;
import org.apache.cassandra.exceptions.UnauthorizedException;
import org.apache.cassandra.schema.LegacySchemaTables;
import org.apache.cassandra.thrift.ThriftValidation;
import org.apache.cassandra.tracing.TraceKeyspace;
import org.apache.cassandra.utils.CassandraVersion;
import org.apache.cassandra.utils.FBUtilities;
import org.apache.cassandra.utils.JVMStabilityInspector;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/cassandra/service/ClientState.class */
public class ClientState {
    private static final Logger logger = LoggerFactory.getLogger(ClientState.class);
    public static final CassandraVersion DEFAULT_CQL_VERSION = QueryProcessor.CQL_VERSION;
    private static final Set<IResource> READABLE_SYSTEM_RESOURCES = new HashSet();
    private static final Set<IResource> PROTECTED_AUTH_RESOURCES = new HashSet();
    private static final Set<String> ALTERABLE_SYSTEM_KEYSPACES = new HashSet();
    private static final Set<IResource> DROPPABLE_SYSTEM_TABLES = new HashSet();
    private volatile AuthenticatedUser user;
    private volatile String keyspace;
    private static final QueryHandler cqlQueryHandler;
    public final boolean isInternal;
    private final InetSocketAddress remoteAddress;
    private static final AtomicLong lastTimestampMicros;

    private ClientState() {
        this.isInternal = true;
        this.remoteAddress = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientState(InetSocketAddress inetSocketAddress) {
        this.isInternal = false;
        this.remoteAddress = inetSocketAddress;
        if (DatabaseDescriptor.getAuthenticator().requireAuthentication()) {
            return;
        }
        this.user = AuthenticatedUser.ANONYMOUS_USER;
    }

    public static ClientState forInternalCalls() {
        return new ClientState();
    }

    public static ClientState forExternalCalls(SocketAddress socketAddress) {
        return new ClientState((InetSocketAddress) socketAddress);
    }

    public long getTimestamp() {
        long j;
        long j2;
        do {
            long currentTimeMillis = System.currentTimeMillis() * 1000;
            j = lastTimestampMicros.get();
            j2 = j >= currentTimeMillis ? j + 1 : currentTimeMillis;
        } while (!lastTimestampMicros.compareAndSet(j, j2));
        return j2;
    }

    public long getTimestampForPaxos(long j) {
        long j2;
        long j3;
        do {
            long max = Math.max(System.currentTimeMillis() * 1000, j);
            j2 = lastTimestampMicros.get();
            j3 = j2 >= max ? j2 + 1 : max;
            if (j3 == j) {
                break;
            }
        } while (!lastTimestampMicros.compareAndSet(j2, j3));
        return j3;
    }

    public static QueryHandler getCQLQueryHandler() {
        return cqlQueryHandler;
    }

    public InetSocketAddress getRemoteAddress() {
        return this.remoteAddress;
    }

    public String getRawKeyspace() {
        return this.keyspace;
    }

    public String getKeyspace() throws InvalidRequestException {
        if (this.keyspace == null) {
            throw new InvalidRequestException("No keyspace has been specified. USE a keyspace, or explicitly specify keyspace.tablename");
        }
        return this.keyspace;
    }

    public void setKeyspace(String str) throws InvalidRequestException {
        if (this.user != null && Schema.instance.getKSMetaData(str) == null) {
            throw new InvalidRequestException("Keyspace '" + str + "' does not exist");
        }
        this.keyspace = str;
    }

    public void login(AuthenticatedUser authenticatedUser) throws AuthenticationException {
        if (!authenticatedUser.isAnonymous() && !DatabaseDescriptor.getRoleManager().canLogin(authenticatedUser.getPrimaryRole())) {
            throw new AuthenticationException(String.format("%s is not permitted to log in", authenticatedUser.getName()));
        }
        this.user = authenticatedUser;
    }

    public void hasAllKeyspacesAccess(Permission permission) throws UnauthorizedException {
        if (this.isInternal) {
            return;
        }
        validateLogin();
        ensureHasPermission(permission, DataResource.root());
    }

    public void hasKeyspaceAccess(String str, Permission permission) throws UnauthorizedException, InvalidRequestException {
        hasAccess(str, permission, DataResource.keyspace(str));
    }

    public void hasColumnFamilyAccess(String str, String str2, Permission permission) throws UnauthorizedException, InvalidRequestException {
        ThriftValidation.validateColumnFamily(str, str2);
        hasAccess(str, permission, DataResource.table(str, str2));
    }

    private void hasAccess(String str, Permission permission, DataResource dataResource) throws UnauthorizedException, InvalidRequestException {
        validateKeyspace(str);
        if (this.isInternal) {
            return;
        }
        validateLogin();
        preventSystemKSSchemaModification(str, dataResource, permission);
        if (permission == Permission.SELECT && READABLE_SYSTEM_RESOURCES.contains(dataResource)) {
            return;
        }
        if (PROTECTED_AUTH_RESOURCES.contains(dataResource) && (permission == Permission.CREATE || permission == Permission.ALTER || permission == Permission.DROP)) {
            throw new UnauthorizedException(String.format("%s schema is protected", dataResource));
        }
        ensureHasPermission(permission, dataResource);
    }

    public void ensureHasPermission(Permission permission, IResource iResource) throws UnauthorizedException {
        if (DatabaseDescriptor.getAuthorizer() instanceof AllowAllAuthorizer) {
            return;
        }
        if ((iResource instanceof FunctionResource) && iResource.hasParent() && ((FunctionResource) iResource).getKeyspace().equals("system")) {
            return;
        }
        checkPermissionOnResourceChain(permission, iResource);
    }

    public void ensureHasPermission(Permission permission, Function function) {
        if ((DatabaseDescriptor.getAuthorizer() instanceof AllowAllAuthorizer) || function.isNative()) {
            return;
        }
        checkPermissionOnResourceChain(permission, FunctionResource.function(function.name().keyspace, function.name().name, function.argTypes()));
    }

    private void checkPermissionOnResourceChain(Permission permission, IResource iResource) {
        Iterator<? extends IResource> it = Resources.chain(iResource).iterator();
        while (it.hasNext()) {
            if (authorize(it.next()).contains(permission)) {
                return;
            }
        }
        throw new UnauthorizedException(String.format("User %s has no %s permission on %s or any of its parents", this.user.getName(), permission, iResource));
    }

    private void preventSystemKSSchemaModification(String str, DataResource dataResource, Permission permission) throws UnauthorizedException {
        if (permission == Permission.ALTER || permission == Permission.DROP || permission == Permission.CREATE) {
            if ("system".equalsIgnoreCase(str)) {
                throw new UnauthorizedException(str + " keyspace is not user-modifiable.");
            }
            if (ALTERABLE_SYSTEM_KEYSPACES.contains(dataResource.getKeyspace().toLowerCase())) {
                if ((permission == Permission.ALTER && !dataResource.isKeyspaceLevel()) || (permission == Permission.DROP && !DROPPABLE_SYSTEM_TABLES.contains(dataResource))) {
                    throw new UnauthorizedException(String.format("Cannot %s %s", permission, dataResource));
                }
            }
        }
    }

    public void validateLogin() throws UnauthorizedException {
        if (this.user == null) {
            throw new UnauthorizedException("You have not logged in");
        }
    }

    public void ensureNotAnonymous() throws UnauthorizedException {
        validateLogin();
        if (this.user.isAnonymous()) {
            throw new UnauthorizedException("You have to be logged in and not anonymous to perform this request");
        }
    }

    public void ensureIsSuper(String str) throws UnauthorizedException {
        if (DatabaseDescriptor.getAuthenticator().requireAuthentication()) {
            if (this.user == null || !this.user.isSuper()) {
                throw new UnauthorizedException(str);
            }
        }
    }

    private static void validateKeyspace(String str) throws InvalidRequestException {
        if (str == null) {
            throw new InvalidRequestException("You have not set a keyspace for this session");
        }
    }

    public AuthenticatedUser getUser() {
        return this.user;
    }

    public static CassandraVersion[] getCQLSupportedVersion() {
        return new CassandraVersion[]{QueryProcessor.CQL_VERSION};
    }

    private Set<Permission> authorize(IResource iResource) {
        return this.user.getPermissions(iResource);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v33, types: [org.apache.cassandra.cql3.QueryHandler] */
    static {
        Iterator it = Iterables.concat(Arrays.asList(SystemKeyspace.LOCAL, SystemKeyspace.PEERS), LegacySchemaTables.ALL).iterator();
        while (it.hasNext()) {
            READABLE_SYSTEM_RESOURCES.add(DataResource.table("system", (String) it.next()));
        }
        if (!Config.isClientMode()) {
            PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getAuthenticator().protectedResources());
            PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getAuthorizer().protectedResources());
            PROTECTED_AUTH_RESOURCES.addAll(DatabaseDescriptor.getRoleManager().protectedResources());
        }
        ALTERABLE_SYSTEM_KEYSPACES.add(AuthKeyspace.NAME);
        ALTERABLE_SYSTEM_KEYSPACES.add(TraceKeyspace.NAME);
        DROPPABLE_SYSTEM_TABLES.add(DataResource.table(AuthKeyspace.NAME, PasswordAuthenticator.LEGACY_CREDENTIALS_TABLE));
        DROPPABLE_SYSTEM_TABLES.add(DataResource.table(AuthKeyspace.NAME, CassandraRoleManager.LEGACY_USERS_TABLE));
        DROPPABLE_SYSTEM_TABLES.add(DataResource.table(AuthKeyspace.NAME, CassandraAuthorizer.USER_PERMISSIONS));
        QueryProcessor queryProcessor = QueryProcessor.instance;
        String property = System.getProperty("cassandra.custom_query_handler_class");
        if (property != null) {
            try {
                queryProcessor = (QueryHandler) FBUtilities.construct(property, "QueryHandler");
                logger.info("Using {} as query handler for native protocol queries (as requested with -Dcassandra.custom_query_handler_class)", property);
            } catch (Exception e) {
                JVMStabilityInspector.inspectThrowable(e);
                logger.info("Cannot use class {} as query handler ({}), ignoring by defaulting on normal query handling", property, e.getMessage());
            }
        }
        cqlQueryHandler = queryProcessor;
        lastTimestampMicros = new AtomicLong(0L);
    }
}
