package org.apache.solr.security;

import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.HttpRequest;
import org.apache.http.protocol.HttpContext;
import org.apache.lucene.util.ResourceLoader;
import org.apache.solr.api.AnnotatedApi;
import org.apache.solr.common.SolrException;
import org.apache.solr.common.SpecProvider;
import org.apache.solr.common.StringUtils;
import org.apache.solr.common.util.CommandOperation;
import org.apache.solr.common.util.ValidatingJsonMap;
import org.apache.solr.core.CoreContainer;
import org.apache.solr.core.SolrInfoBean;
import org.apache.solr.handler.admin.api.ModifyMultiPluginAuthConfigAPI;
import org.apache.solr.metrics.SolrMetricsContext;
import org.eclipse.jetty.client.api.Request;

/* loaded from: input_file:org/apache/solr/security/MultiAuthPlugin.class */
public class MultiAuthPlugin extends AuthenticationPlugin implements ConfigEditablePlugin, SpecProvider {
    public static final String PROPERTY_SCHEMES = "schemes";
    public static final String PROPERTY_SCHEME = "scheme";
    public static final String AUTHORIZATION_HEADER = "Authorization";
    private static final ThreadLocal<AuthenticationPlugin> pluginInRequest = new ThreadLocal<>();
    private static final String UNKNOWN_SCHEME = "";
    private final ResourceLoader loader;
    private final Map<String, AuthenticationPlugin> pluginMap = new LinkedHashMap();
    private AuthenticationPlugin allowsUnknown = null;

    public MultiAuthPlugin(CoreContainer coreContainer) {
        this.loader = coreContainer.getResourceLoader();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean applyEditCommandToSchemePlugin(String str, ConfigEditablePlugin configEditablePlugin, CommandOperation commandOperation, Map<String, Object> map) {
        boolean z = false;
        Map<String, Object> map2 = null;
        int i = -1;
        List list = (List) map.get(PROPERTY_SCHEMES);
        int i2 = 0;
        while (true) {
            if (i2 >= list.size()) {
                break;
            }
            Map map3 = (Map) list.get(i2);
            if (str.equals(map3.get(PROPERTY_SCHEME))) {
                map2 = withoutScheme(map3);
                i = i2;
                break;
            }
            i2++;
        }
        if (map2 == null) {
            throw new SolrException(SolrException.ErrorCode.BAD_REQUEST, "Config for scheme '" + str + "' not found!");
        }
        Map<String, Object> edit = configEditablePlugin.edit(map2, Collections.singletonList(commandOperation));
        if (edit != null) {
            z = true;
            list.set(i, withScheme(str, edit));
        }
        return z;
    }

    private static Map<String, Object> withoutScheme(Map<String, Object> map) {
        HashMap hashMap = new HashMap(map);
        hashMap.remove(PROPERTY_SCHEME);
        return hashMap;
    }

    private static Map<String, Object> withScheme(String str, Map<String, Object> map) {
        HashMap hashMap = new HashMap(map);
        hashMap.put(PROPERTY_SCHEME, str);
        return hashMap;
    }

    @Override // org.apache.solr.security.AuthenticationPlugin
    public void init(Map<String, Object> map) {
        Object obj = map.get(PROPERTY_SCHEMES);
        if (!(obj instanceof List)) {
            throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Invalid config: MultiAuthPlugin requires a list of schemes!");
        }
        List list = (List) obj;
        if (list.size() < 2) {
            throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Invalid config: MultiAuthPlugin requires at least two schemes!");
        }
        for (Object obj2 : list) {
            if (!(obj2 instanceof Map)) {
                throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Invalid scheme config, expected JSON object but found: " + obj2);
            }
            initPluginForScheme((Map) obj2);
        }
    }

    protected void initPluginForScheme(Map<String, Object> map) {
        HashMap hashMap = new HashMap(map);
        String str = (String) hashMap.remove(PROPERTY_SCHEME);
        if (StringUtils.isEmpty(str)) {
            throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "'scheme' is a required attribute: " + map);
        }
        String str2 = (String) hashMap.remove("class");
        if (StringUtils.isEmpty(str2)) {
            throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "'class' is a required attribute: " + map);
        }
        AuthenticationPlugin authenticationPlugin = (AuthenticationPlugin) this.loader.newInstance(str2, AuthenticationPlugin.class);
        authenticationPlugin.init(hashMap);
        this.pluginMap.put(str.toLowerCase(Locale.ROOT), authenticationPlugin);
        if (this.allowsUnknown != null || Boolean.parseBoolean(String.valueOf(hashMap.getOrDefault(BasicAuthPlugin.PROPERTY_BLOCK_UNKNOWN, true)))) {
            return;
        }
        this.allowsUnknown = authenticationPlugin;
    }

    @Override // org.apache.solr.security.AuthenticationPlugin, org.apache.solr.metrics.SolrMetricProducer
    public void initializeMetrics(SolrMetricsContext solrMetricsContext, String str) {
        Iterator<AuthenticationPlugin> it = this.pluginMap.values().iterator();
        while (it.hasNext()) {
            it.next().initializeMetrics(solrMetricsContext, str);
        }
    }

    private String getSchemeFromAuthHeader(String str) {
        int indexOf = str.indexOf(32);
        return indexOf != -1 ? str.substring(0, indexOf).toLowerCase(Locale.ROOT) : UNKNOWN_SCHEME;
    }

    @Override // org.apache.solr.security.AuthenticationPlugin
    public boolean doAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws Exception {
        String header = httpServletRequest.getHeader(AUTHORIZATION_HEADER);
        if (header == null) {
            AuthenticationPlugin next = BasicAuthPlugin.isAjaxRequest(httpServletRequest) ? this.pluginMap.values().iterator().next() : this.allowsUnknown;
            boolean z = false;
            if (next != null) {
                pluginInRequest.set(next);
                z = next.doAuthenticate(httpServletRequest, httpServletResponse, filterChain);
            } else {
                httpServletResponse.sendError(SolrException.ErrorCode.UNAUTHORIZED.code, "No Authorization header");
            }
            return z;
        }
        String schemeFromAuthHeader = getSchemeFromAuthHeader(header);
        AuthenticationPlugin authenticationPlugin = this.pluginMap.get(schemeFromAuthHeader);
        if (authenticationPlugin == null) {
            httpServletResponse.sendError(SolrException.ErrorCode.UNAUTHORIZED.code, "Authorization scheme '" + schemeFromAuthHeader + "' not supported!");
            return false;
        }
        pluginInRequest.set(authenticationPlugin);
        return authenticationPlugin.doAuthenticate(httpServletRequest, httpServletResponse, filterChain);
    }

    @Override // org.apache.solr.metrics.SolrMetricProducer, java.lang.AutoCloseable, java.io.Closeable
    public void close() throws IOException {
        IOException iOException = null;
        Iterator<AuthenticationPlugin> it = this.pluginMap.values().iterator();
        while (it.hasNext()) {
            try {
                it.next().close();
            } catch (IOException e) {
                if (iOException == null) {
                    iOException = e;
                }
            }
        }
        if (iOException != null) {
            throw iOException;
        }
    }

    @Override // org.apache.solr.security.AuthenticationPlugin
    public void closeRequest() {
        AuthenticationPlugin authenticationPlugin = pluginInRequest.get();
        if (authenticationPlugin != null) {
            authenticationPlugin.closeRequest();
            pluginInRequest.remove();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.solr.security.AuthenticationPlugin
    public boolean interceptInternodeRequest(HttpRequest httpRequest, HttpContext httpContext) {
        Iterator<AuthenticationPlugin> it = this.pluginMap.values().iterator();
        while (it.hasNext()) {
            if (it.next().interceptInternodeRequest(httpRequest, httpContext)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.solr.security.AuthenticationPlugin
    public boolean interceptInternodeRequest(Request request) {
        Iterator<AuthenticationPlugin> it = this.pluginMap.values().iterator();
        while (it.hasNext()) {
            if (it.next().interceptInternodeRequest(request)) {
                return true;
            }
        }
        return false;
    }

    public ValidatingJsonMap getSpec() {
        return AnnotatedApi.getApis(new ModifyMultiPluginAuthConfigAPI()).get(0).getSpec();
    }

    @Override // org.apache.solr.security.ConfigEditablePlugin
    public Map<String, Object> edit(Map<String, Object> map, List<CommandOperation> list) {
        boolean z = false;
        for (CommandOperation commandOperation : list) {
            Map dataMap = commandOperation.getDataMap();
            if (dataMap == null || dataMap.size() != 1) {
                throw new SolrException(SolrException.ErrorCode.BAD_REQUEST, "All edit commands must include a 'scheme' wrapper object!");
            }
            String lowerCase = ((String) dataMap.keySet().iterator().next()).toLowerCase(Locale.ROOT);
            SolrInfoBean solrInfoBean = (AuthenticationPlugin) this.pluginMap.get(lowerCase);
            if (solrInfoBean == null) {
                throw new SolrException(SolrException.ErrorCode.BAD_REQUEST, "No authentication plugin configured for the '" + lowerCase + "' scheme!");
            }
            if (!(solrInfoBean instanceof ConfigEditablePlugin)) {
                throw new SolrException(SolrException.ErrorCode.BAD_REQUEST, "Plugin for scheme '" + lowerCase + "' is not editable!");
            }
            CommandOperation commandOperation2 = new CommandOperation(commandOperation.name, dataMap.get(lowerCase));
            if (applyEditCommandToSchemePlugin(lowerCase, (ConfigEditablePlugin) solrInfoBean, commandOperation2, map)) {
                z = true;
            }
            Iterator it = commandOperation2.getErrors().iterator();
            while (it.hasNext()) {
                commandOperation.addError((String) it.next());
            }
        }
        if (z) {
            return map;
        }
        return null;
    }
}
