package org.apache.druid.server.security;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.collect.ImmutableSet;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.apache.druid.query.QueryContexts;
import org.apache.druid.utils.CollectionUtils;

/* loaded from: input_file:org/apache/druid/server/security/AuthConfig.class */
public class AuthConfig {
    public static final String DRUID_AUTHENTICATION_RESULT = "Druid-Authentication-Result";
    public static final String DRUID_AUTHORIZATION_CHECKED = "Druid-Authorization-Checked";
    public static final String DRUID_ALLOW_UNSECURED_PATH = "Druid-Allow-Unsecured-Path";
    public static final String ALLOW_ALL_NAME = "allowAll";
    public static final String ANONYMOUS_NAME = "anonymous";
    public static final String TRUSTED_DOMAIN_NAME = "trustedDomain";
    public static final Set<String> ALLOWED_CONTEXT_KEYS = ImmutableSet.of(QueryContexts.CTX_SQL_STRINGIFY_ARRAYS, "sqlQueryId");

    @JsonProperty
    private final List<String> authenticatorChain;

    @JsonProperty
    private final List<String> authorizers;

    @JsonProperty
    private final List<String> unsecuredPaths;

    @JsonProperty
    private final boolean allowUnauthenticatedHttpOptions;

    @JsonProperty
    private final boolean authorizeQueryContextParams;

    @JsonProperty
    private final Set<String> unsecuredContextKeys;

    @JsonProperty
    private final Set<String> securedContextKeys;

    @JsonProperty
    private final boolean enableInputSourceSecurity;

    /* loaded from: input_file:org/apache/druid/server/security/AuthConfig$Builder.class */
    public static class Builder {
        private List<String> authenticatorChain;
        private List<String> authorizers;
        private List<String> unsecuredPaths;
        private boolean allowUnauthenticatedHttpOptions;
        private boolean authorizeQueryContextParams;
        private Set<String> unsecuredContextKeys;
        private Set<String> securedContextKeys;
        private boolean enableInputSourceSecurity;

        public Builder setAuthenticatorChain(List<String> list) {
            this.authenticatorChain = list;
            return this;
        }

        public Builder setAuthorizers(List<String> list) {
            this.authorizers = list;
            return this;
        }

        public Builder setUnsecuredPaths(List<String> list) {
            this.unsecuredPaths = list;
            return this;
        }

        public Builder setAllowUnauthenticatedHttpOptions(boolean z) {
            this.allowUnauthenticatedHttpOptions = z;
            return this;
        }

        public Builder setAuthorizeQueryContextParams(boolean z) {
            this.authorizeQueryContextParams = z;
            return this;
        }

        public Builder setUnsecuredContextKeys(Set<String> set) {
            this.unsecuredContextKeys = set;
            return this;
        }

        public Builder setSecuredContextKeys(Set<String> set) {
            this.securedContextKeys = set;
            return this;
        }

        public Builder setEnableInputSourceSecurity(boolean z) {
            this.enableInputSourceSecurity = z;
            return this;
        }

        public AuthConfig build() {
            return new AuthConfig(this.authenticatorChain, this.authorizers, this.unsecuredPaths, this.allowUnauthenticatedHttpOptions, this.authorizeQueryContextParams, this.unsecuredContextKeys, this.securedContextKeys, this.enableInputSourceSecurity);
        }
    }

    public AuthConfig() {
        this(null, null, null, false, false, null, null, false);
    }

    @JsonCreator
    public AuthConfig(@JsonProperty("authenticatorChain") List<String> list, @JsonProperty("authorizers") List<String> list2, @JsonProperty("unsecuredPaths") List<String> list3, @JsonProperty("allowUnauthenticatedHttpOptions") boolean z, @JsonProperty("authorizeQueryContextParams") boolean z2, @JsonProperty("unsecuredContextKeys") Set<String> set, @JsonProperty("securedContextKeys") Set<String> set2, @JsonProperty("enableInputSourceSecurity") boolean z3) {
        this.authenticatorChain = list;
        this.authorizers = list2;
        this.unsecuredPaths = list3 == null ? Collections.emptyList() : list3;
        this.allowUnauthenticatedHttpOptions = z;
        this.authorizeQueryContextParams = z2;
        this.unsecuredContextKeys = set == null ? Collections.emptySet() : set;
        this.securedContextKeys = set2;
        this.enableInputSourceSecurity = z3;
    }

    public List<String> getAuthenticatorChain() {
        return this.authenticatorChain;
    }

    public List<String> getAuthorizers() {
        return this.authorizers;
    }

    public List<String> getUnsecuredPaths() {
        return this.unsecuredPaths;
    }

    public boolean isAllowUnauthenticatedHttpOptions() {
        return this.allowUnauthenticatedHttpOptions;
    }

    public boolean authorizeQueryContextParams() {
        return this.authorizeQueryContextParams;
    }

    public boolean isEnableInputSourceSecurity() {
        return this.enableInputSourceSecurity;
    }

    public Set<String> contextKeysToAuthorize(Set<String> set) {
        if (!this.authorizeQueryContextParams) {
            return ImmutableSet.of();
        }
        Set<String> subtract = CollectionUtils.subtract(CollectionUtils.subtract(set, ALLOWED_CONTEXT_KEYS), this.unsecuredContextKeys);
        if (this.securedContextKeys != null) {
            subtract = CollectionUtils.intersect(subtract, this.securedContextKeys);
        }
        return subtract;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        AuthConfig authConfig = (AuthConfig) obj;
        return this.allowUnauthenticatedHttpOptions == authConfig.allowUnauthenticatedHttpOptions && this.authorizeQueryContextParams == authConfig.authorizeQueryContextParams && Objects.equals(this.authenticatorChain, authConfig.authenticatorChain) && Objects.equals(this.authorizers, authConfig.authorizers) && Objects.equals(this.unsecuredPaths, authConfig.unsecuredPaths) && Objects.equals(this.unsecuredContextKeys, authConfig.unsecuredContextKeys) && Objects.equals(this.securedContextKeys, authConfig.securedContextKeys) && Objects.equals(Boolean.valueOf(this.enableInputSourceSecurity), Boolean.valueOf(authConfig.enableInputSourceSecurity));
    }

    public int hashCode() {
        return Objects.hash(this.authenticatorChain, this.authorizers, this.unsecuredPaths, Boolean.valueOf(this.allowUnauthenticatedHttpOptions), Boolean.valueOf(this.authorizeQueryContextParams), this.unsecuredContextKeys, this.securedContextKeys, Boolean.valueOf(this.enableInputSourceSecurity));
    }

    public String toString() {
        return "AuthConfig{authenticatorChain=" + this.authenticatorChain + ", authorizers=" + this.authorizers + ", unsecuredPaths=" + this.unsecuredPaths + ", allowUnauthenticatedHttpOptions=" + this.allowUnauthenticatedHttpOptions + ", enableQueryContextAuthorization=" + this.authorizeQueryContextParams + ", unsecuredContextKeys=" + this.unsecuredContextKeys + ", securedContextKeys=" + this.securedContextKeys + ", enableInputSourceSecurity=" + this.enableInputSourceSecurity + '}';
    }

    public static Builder newBuilder() {
        return new Builder();
    }
}
