package com.datastax.bdp.cassandra.auth;

import com.datastax.bdp.config.DseConfig;
import com.datastax.dse.byos.shade.com.google.common.collect.ImmutableSet;
import java.util.Collection;
import java.util.EnumSet;
import java.util.Set;
import org.apache.cassandra.auth.AuthenticatedUser;
import org.apache.cassandra.auth.CassandraAuthorizer;
import org.apache.cassandra.auth.IResource;
import org.apache.cassandra.auth.Permission;
import org.apache.cassandra.auth.PermissionDetails;
import org.apache.cassandra.auth.RoleResource;
import org.apache.cassandra.exceptions.ConfigurationException;
import org.apache.cassandra.exceptions.RequestExecutionException;
import org.apache.cassandra.exceptions.RequestValidationException;

/* loaded from: input_file:com/datastax/bdp/cassandra/auth/DseAuthorizer.class */
public class DseAuthorizer extends CassandraAuthorizer {
    protected boolean enabled;
    protected TransitionalMode transitionalMode = TransitionalMode.DISABLED;

    /* loaded from: input_file:com/datastax/bdp/cassandra/auth/DseAuthorizer$TransitionalMode.class */
    protected enum TransitionalMode {
        DISABLED,
        NORMAL,
        STRICT
    }

    @Override // org.apache.cassandra.auth.CassandraAuthorizer, org.apache.cassandra.auth.IAuthorizer
    public Set<Permission> authorize(AuthenticatedUser authenticatedUser, IResource iResource) {
        return this.enabled ? (this.transitionalMode == TransitionalMode.NORMAL || (this.transitionalMode == TransitionalMode.STRICT && authenticatedUser == AuthenticatedUser.ANONYMOUS_USER)) ? authenticatedUser.isSuper() ? Permission.ALL : ImmutableSet.copyOf((Collection) EnumSet.of(Permission.CREATE, Permission.ALTER, Permission.SELECT, Permission.DROP, Permission.MODIFY, Permission.EXECUTE)) : super.authorize(authenticatedUser, iResource) : iResource.applicablePermissions();
    }

    @Override // org.apache.cassandra.auth.CassandraAuthorizer, org.apache.cassandra.auth.IAuthorizer
    public void validateConfiguration() throws ConfigurationException {
        this.enabled = DseConfig.isAuthorizationEnabled();
        this.transitionalMode = TransitionalMode.valueOf(DseConfig.getAuthorizationTransitionalMode().toUpperCase());
    }

    @Override // org.apache.cassandra.auth.CassandraAuthorizer, org.apache.cassandra.auth.IAuthorizer
    public Set<PermissionDetails> list(AuthenticatedUser authenticatedUser, Set<Permission> set, IResource iResource, RoleResource roleResource) throws RequestValidationException, RequestExecutionException {
        if (this.enabled) {
            return super.list(authenticatedUser, set, iResource, roleResource, DseResources::fromName);
        }
        throw new UnsupportedOperationException("LIST PERMISSIONS operation is not supported by the DseAuthorizer if it is not enabled");
    }
}
