package org.apache.pinot.broker.broker;

import com.google.common.base.Preconditions;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.apache.pinot.broker.api.AccessControl;
import org.apache.pinot.broker.api.HttpRequesterIdentity;
import org.apache.pinot.broker.api.RequesterIdentity;
import org.apache.pinot.common.request.BrokerRequest;
import org.apache.pinot.spi.env.PinotConfiguration;

/* loaded from: input_file:org/apache/pinot/broker/broker/BasicAuthAccessControlFactory.class */
public class BasicAuthAccessControlFactory extends AccessControlFactory {
    private static final String PRINCIPALS = "principals";
    private static final String PASSWORD = "password";
    private static final String TABLES = "tables";
    private static final String TABLES_ALL = "*";
    private static final String HEADER_AUTHORIZATION = "authorization";
    private AccessControl _accessControl;

    /* loaded from: input_file:org/apache/pinot/broker/broker/BasicAuthAccessControlFactory$BasicAuthAccessControl.class */
    private static class BasicAuthAccessControl implements AccessControl {
        private final Map<String, BasicAuthPrincipal> _principals;

        public BasicAuthAccessControl(Collection<BasicAuthPrincipal> collection) {
            this._principals = (Map) collection.stream().collect(Collectors.toMap((v0) -> {
                return v0.getToken();
            }, basicAuthPrincipal -> {
                return basicAuthPrincipal;
            }));
        }

        @Override // org.apache.pinot.broker.api.AccessControl
        public boolean hasAccess(RequesterIdentity requesterIdentity, BrokerRequest brokerRequest) {
            Preconditions.checkArgument(requesterIdentity instanceof HttpRequesterIdentity, "HttpRequesterIdentity required");
            Stream map = ((HttpRequesterIdentity) requesterIdentity).getHttpHeaders().get(BasicAuthAccessControlFactory.HEADER_AUTHORIZATION).stream().map(str -> {
                return BasicAuthAccessControlFactory.normalizeToken(str);
            });
            Map<String, BasicAuthPrincipal> map2 = this._principals;
            map2.getClass();
            Optional findFirst = map.map((v1) -> {
                return r1.get(v1);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).findFirst();
            if (!findFirst.isPresent()) {
                return false;
            }
            BasicAuthPrincipal basicAuthPrincipal = (BasicAuthPrincipal) findFirst.get();
            if (!basicAuthPrincipal.getTables().isEmpty() && brokerRequest.isSetQuerySource() && brokerRequest.getQuerySource().isSetTableName()) {
                return basicAuthPrincipal.getTables().contains(brokerRequest.getQuerySource().getTableName());
            }
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/pinot/broker/broker/BasicAuthAccessControlFactory$BasicAuthPrincipal.class */
    public static class BasicAuthPrincipal {
        private final String _name;
        private final String _token;
        private final Set<String> _tables;

        public BasicAuthPrincipal(String str, String str2, Set<String> set) {
            this._name = str;
            this._token = str2;
            this._tables = set;
        }

        public String getName() {
            return this._name;
        }

        public Set<String> getTables() {
            return this._tables;
        }

        public String getToken() {
            return this._token;
        }
    }

    @Override // org.apache.pinot.broker.broker.AccessControlFactory
    public void init(PinotConfiguration pinotConfiguration) {
        String property = pinotConfiguration.getProperty(PRINCIPALS);
        Preconditions.checkArgument(StringUtils.isNotBlank(property), "must provide principals");
        this._accessControl = new BasicAuthAccessControl((List) Arrays.stream(property.split(",")).map(str -> {
            String trim = str.trim();
            Preconditions.checkArgument(StringUtils.isNotBlank(trim), "%s is not a valid name", trim);
            String property2 = pinotConfiguration.getProperty(String.format("%s.%s.%s", PRINCIPALS, trim, PASSWORD));
            Preconditions.checkArgument(StringUtils.isNotBlank(property2), "must provide a password for %s", trim);
            HashSet hashSet = new HashSet();
            String property3 = pinotConfiguration.getProperty(String.format("%s.%s.%s", PRINCIPALS, trim, TABLES));
            if (StringUtils.isNotBlank(property3) && !TABLES_ALL.equals(property3)) {
                hashSet.addAll(Arrays.asList(property3.split(",")));
            }
            return new BasicAuthPrincipal(trim, toToken(trim, property2), hashSet);
        }).collect(Collectors.toList()));
    }

    @Override // org.apache.pinot.broker.broker.AccessControlFactory
    public AccessControl create() {
        return this._accessControl;
    }

    private static String toToken(String str, String str2) {
        return normalizeToken(String.format("Basic %s", Base64.getEncoder().encodeToString(String.format("%s:%s", str, str2).getBytes(StandardCharsets.UTF_8))));
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nullable
    public static String normalizeToken(String str) {
        if (str == null) {
            return null;
        }
        return StringUtils.remove(str.trim(), '=');
    }
}
