package org.apache.pinot.core.auth;

import java.lang.reflect.Method;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.lang.StringUtils;
import org.apache.pinot.spi.utils.builder.TableNameBuilder;

/* loaded from: input_file:org/apache/pinot/core/auth/FineGrainedAuthUtils.class */
public class FineGrainedAuthUtils {
    private FineGrainedAuthUtils() {
    }

    private static String findParam(String str, MultivaluedMap<String, String> multivaluedMap, MultivaluedMap<String, String> multivaluedMap2) {
        String str2 = (String) multivaluedMap.getFirst(str);
        if (str2 == null) {
            str2 = (String) multivaluedMap2.getFirst(str);
        }
        return str2;
    }

    public static void validateFineGrainedAuth(Method method, UriInfo uriInfo, HttpHeaders httpHeaders, FineGrainedAccessControl fineGrainedAccessControl) {
        String str;
        if (!method.isAnnotationPresent(Authorize.class)) {
            if (!fineGrainedAccessControl.defaultAccess(httpHeaders)) {
                throw new WebApplicationException("Access denied - default authorization failed", Response.Status.FORBIDDEN);
            }
            return;
        }
        Authorize authorize = (Authorize) method.getAnnotation(Authorize.class);
        String str2 = null;
        if (authorize.targetType() == TargetType.TABLE) {
            if (StringUtils.isEmpty(authorize.paramName())) {
                throw new WebApplicationException("paramName not found for table level authorization in API: " + uriInfo.getRequestUri(), Response.Status.INTERNAL_SERVER_ERROR);
            }
            String findParam = findParam(authorize.paramName(), uriInfo.getPathParameters(), uriInfo.getQueryParameters());
            if (StringUtils.isEmpty(findParam)) {
                throw new WebApplicationException("Could not find paramName " + authorize.paramName() + " in path or query params of the API: " + uriInfo.getRequestUri(), Response.Status.INTERNAL_SERVER_ERROR);
            }
            str2 = TableNameBuilder.extractRawTableName(findParam);
            str = "Access denied to " + authorize.action() + " for table: " + str2;
        } else {
            if (authorize.targetType() != TargetType.CLUSTER) {
                throw new WebApplicationException("Unsupported targetType: " + authorize.targetType() + " in API: " + uriInfo.getRequestUri(), Response.Status.INTERNAL_SERVER_ERROR);
            }
            str = "Access denied to " + authorize.action() + " in the cluster";
        }
        if (!fineGrainedAccessControl.hasAccess(httpHeaders, authorize.targetType(), str2, authorize.action())) {
            throw new WebApplicationException(str, Response.Status.FORBIDDEN);
        }
    }
}
