package org.apache.pulsar.broker.authorization;

import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeUnit;
import org.apache.pulsar.broker.PulsarServerException;
import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.authentication.AuthenticationDataSource;
import org.apache.pulsar.broker.cache.ConfigurationCacheService;
import org.apache.pulsar.shade.org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.shade.org.apache.pulsar.common.naming.NamespaceName;
import org.apache.pulsar.shade.org.apache.pulsar.common.naming.TopicName;
import org.apache.pulsar.shade.org.apache.pulsar.common.policies.data.AuthAction;
import org.apache.pulsar.shade.org.apache.pulsar.common.util.FutureUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/pulsar/broker/authorization/AuthorizationService.class */
public class AuthorizationService {
    private static final Logger log = LoggerFactory.getLogger(AuthorizationService.class);
    private AuthorizationProvider provider;
    private final ServiceConfiguration conf;

    public AuthorizationService(ServiceConfiguration serviceConfiguration, ConfigurationCacheService configurationCacheService) throws PulsarServerException {
        this.conf = serviceConfiguration;
        if (!this.conf.isAuthorizationEnabled()) {
            log.info("Authorization is disabled");
            return;
        }
        try {
            String authorizationProvider = serviceConfiguration.getAuthorizationProvider();
            if (!StringUtils.isNotBlank(authorizationProvider)) {
                throw new PulsarServerException("No authorization providers are present.");
            }
            this.provider = (AuthorizationProvider) Class.forName(authorizationProvider).newInstance();
            this.provider.initialize(serviceConfiguration, configurationCacheService);
            log.info("{} has been loaded.", authorizationProvider);
        } catch (PulsarServerException e) {
            throw e;
        } catch (Throwable th) {
            throw new PulsarServerException("Failed to load an authorization provider.", th);
        }
    }

    public CompletableFuture<Void> grantPermissionAsync(NamespaceName namespaceName, Set<AuthAction> set, String str, String str2) {
        return this.provider != null ? this.provider.grantPermissionAsync(namespaceName, set, str, str2) : FutureUtil.failedFuture(new IllegalStateException("No authorization provider configured"));
    }

    public CompletableFuture<Void> grantPermissionAsync(TopicName topicName, Set<AuthAction> set, String str, String str2) {
        return this.provider != null ? this.provider.grantPermissionAsync(topicName, set, str, str2) : FutureUtil.failedFuture(new IllegalStateException("No authorization provider configured"));
    }

    public CompletableFuture<Boolean> canProduceAsync(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource) {
        return !this.conf.isAuthorizationEnabled() ? CompletableFuture.completedFuture(true) : this.provider != null ? this.provider.canProduceAsync(topicName, str, authenticationDataSource) : FutureUtil.failedFuture(new IllegalStateException("No authorization provider configured"));
    }

    public CompletableFuture<Boolean> canConsumeAsync(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource, String str2) {
        return !this.conf.isAuthorizationEnabled() ? CompletableFuture.completedFuture(true) : this.provider != null ? this.provider.canConsumeAsync(topicName, str, authenticationDataSource, str2) : FutureUtil.failedFuture(new IllegalStateException("No authorization provider configured"));
    }

    public boolean canProduce(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource) throws Exception {
        try {
            return canProduceAsync(topicName, str, authenticationDataSource).get(30L, TimeUnit.SECONDS).booleanValue();
        } catch (InterruptedException e) {
            log.warn("Time-out {} sec while checking authorization on {} ", 30, topicName);
            throw e;
        } catch (Exception e2) {
            log.warn("Producer-client  with Role - {} failed to get permissions for topic - {}. {}", new Object[]{str, topicName, e2.getMessage()});
            throw e2;
        }
    }

    public boolean canConsume(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource, String str2) throws Exception {
        try {
            return canConsumeAsync(topicName, str, authenticationDataSource, str2).get(30L, TimeUnit.SECONDS).booleanValue();
        } catch (InterruptedException e) {
            log.warn("Time-out {} sec while checking authorization on {} ", 30, topicName);
            throw e;
        } catch (Exception e2) {
            log.warn("Consumer-client  with Role - {} failed to get permissions for topic - {}. {}", new Object[]{str, topicName, e2.getMessage()});
            throw e2;
        }
    }

    public boolean canLookup(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource) throws Exception {
        return canProduce(topicName, str, authenticationDataSource) || canConsume(topicName, str, authenticationDataSource, null);
    }

    public CompletableFuture<Boolean> canLookupAsync(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource) {
        CompletableFuture<Boolean> completableFuture = new CompletableFuture<>();
        canProduceAsync(topicName, str, authenticationDataSource).whenComplete((bool, th) -> {
            if (th == null) {
                if (bool.booleanValue()) {
                    completableFuture.complete(bool);
                    return;
                }
            } else if (log.isDebugEnabled()) {
                log.debug("Topic [{}] Role [{}] exception occured while trying to check Produce permissions. {}", new Object[]{topicName.toString(), str, th.getMessage()});
            }
            canConsumeAsync(topicName, str, null, null).whenComplete((bool, th) -> {
                if (th != null) {
                    if (log.isDebugEnabled()) {
                        log.debug("Topic [{}] Role [{}] exception occured while trying to check Consume permissions. {}", new Object[]{topicName.toString(), str, th.getMessage()});
                    }
                    completableFuture.completeExceptionally(th);
                } else if (bool.booleanValue()) {
                    completableFuture.complete(bool);
                } else {
                    completableFuture.complete(false);
                }
            });
        });
        return completableFuture;
    }
}
