package org.apache.solr.handler.component;

import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import org.apache.lucene.document.Document;
import org.apache.lucene.document.Field;
import org.apache.lucene.index.AtomicReaderContext;
import org.apache.lucene.index.IndexableField;
import org.apache.lucene.search.Query;
import org.apache.lucene.search.Scorer;
import org.apache.lucene.util.Bits;
import org.apache.lucene.util.BytesRef;
import org.apache.solr.common.SolrDocument;
import org.apache.solr.common.SolrDocumentList;
import org.apache.solr.common.SolrException;
import org.apache.solr.core.SolrCore;
import org.apache.solr.request.SolrQueryRequest;
import org.apache.solr.response.SolrQueryResponse;
import org.apache.solr.response.transform.DocTransformer;
import org.apache.solr.response.transform.DocTransformers;
import org.apache.solr.response.transform.TransformContext;
import org.apache.solr.schema.FieldType;
import org.apache.solr.schema.IndexSchema;
import org.apache.solr.schema.SchemaField;
import org.apache.solr.search.SolrIndexSearcher;
import org.apache.solr.search.SolrReturnFields;
import org.apache.solr.sentry.SentryIndexAuthorizationSingleton;
import org.apache.solr.update.AddUpdateCommand;
import org.apache.solr.update.UpdateCommand;
import org.apache.solr.update.UpdateLog;
import org.apache.solr.util.RefCounted;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/handler/component/SecureRealTimeGetComponent.class */
public class SecureRealTimeGetComponent extends SearchComponent {
    private static final Logger LOG = LoggerFactory.getLogger(SecureRealTimeGetComponent.class);
    public static final String ID_FIELD_NAME = "_reserved_sentry_id";
    public static final String COMPONENT_NAME = "secureGet";
    private SentryIndexAuthorizationSingleton sentryInstance;

    /* loaded from: input_file:org/apache/solr/handler/component/SecureRealTimeGetComponent$AddDocIdReturnFields.class */
    private static class AddDocIdReturnFields extends SolrReturnFields {
        private DocTransformer transformer;
        private DocTransformer originalTransformer;
        private Query filterQuery;

        public AddDocIdReturnFields(SolrQueryRequest solrQueryRequest, DocTransformer docTransformer, Query query) {
            super(solrQueryRequest);
            this.originalTransformer = docTransformer;
            this.filterQuery = query;
            DocTransformers docTransformers = new DocTransformers();
            if (this.originalTransformer != null) {
                docTransformers.addTransformer(this.originalTransformer);
            }
            docTransformers.addTransformer(new DocIdAugmenter(SecureRealTimeGetComponent.ID_FIELD_NAME));
            this.transformer = docTransformers;
        }

        public DocTransformer getTransformer() {
            return this.transformer;
        }

        public DocTransformer getOriginalTransformer() {
            return this.originalTransformer;
        }

        public Query getFilterQuery() {
            return this.filterQuery;
        }
    }

    /* loaded from: input_file:org/apache/solr/handler/component/SecureRealTimeGetComponent$DocIdAugmenter.class */
    private static class DocIdAugmenter extends DocTransformer {
        private final String name;

        public DocIdAugmenter(String str) {
            this.name = str;
        }

        public String getName() {
            return this.name;
        }

        public void transform(SolrDocument solrDocument, int i) {
            solrDocument.setField(this.name, Integer.valueOf(i));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/solr/handler/component/SecureRealTimeGetComponent$ResponseFormatDocs.class */
    public static class ResponseFormatDocs {
        private boolean useResponseField;
        private SolrDocumentList docList;

        public ResponseFormatDocs(boolean z, SolrDocumentList solrDocumentList) {
            this.useResponseField = z;
            this.docList = solrDocumentList;
        }

        public boolean getUseResponseField() {
            return this.useResponseField;
        }

        public SolrDocumentList getDocList() {
            return this.docList;
        }
    }

    public SecureRealTimeGetComponent() {
        this(SentryIndexAuthorizationSingleton.getInstance());
    }

    @VisibleForTesting
    public SecureRealTimeGetComponent(SentryIndexAuthorizationSingleton sentryIndexAuthorizationSingleton) {
        this.sentryInstance = sentryIndexAuthorizationSingleton;
    }

    public void prepare(ResponseBuilder responseBuilder) throws IOException {
        QueryDocAuthorizationComponent queryDocAuthorizationComponent = (QueryDocAuthorizationComponent) responseBuilder.req.getCore().getSearchComponent("queryDocAuthorization");
        if (queryDocAuthorizationComponent == null) {
            throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, "RealTimeGetRequest request  rejected because \"queryDocAuthorization\" component not defined");
        }
        String userName = this.sentryInstance.getUserName(responseBuilder.req);
        String property = System.getProperty("solr.authorization.superuser", "solr");
        if (!queryDocAuthorizationComponent.getEnabled() || property.equals(userName)) {
            return;
        }
        Set<String> roles = this.sentryInstance.getRoles(userName);
        if (roles == null || roles.size() <= 0) {
            throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, "Request from user: " + userName + " rejected because user is not associated with any roles");
        }
        SolrReturnFields returnFields = responseBuilder.rsp.getReturnFields();
        if (returnFields == null) {
            throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Not able to authorize request because ReturnFields is null");
        }
        DocTransformer transformer = returnFields.getTransformer();
        Query filterQuery = queryDocAuthorizationComponent.getFilterQuery(roles);
        if (filterQuery == null) {
            throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, "Request from user: " + userName + "rejected because filter query was unable to be generated");
        }
        responseBuilder.rsp.setReturnFields(new AddDocIdReturnFields(responseBuilder.req, transformer, filterQuery));
    }

    public void process(ResponseBuilder responseBuilder) throws IOException {
        if (!(responseBuilder.rsp.getReturnFields() instanceof AddDocIdReturnFields)) {
            LOG.info("Skipping application of SecureRealTimeGetComponent because  return field wasn't applied in prepare phase");
            return;
        }
        SolrQueryResponse solrQueryResponse = responseBuilder.rsp;
        ResponseFormatDocs responseFormatDocs = getResponseFormatDocs(solrQueryResponse);
        if (responseFormatDocs == null) {
            return;
        }
        SolrDocumentList docList = responseFormatDocs.getDocList();
        AddDocIdReturnFields returnFields = responseBuilder.rsp.getReturnFields();
        Query filterQuery = returnFields.getFilterQuery();
        DocTransformer originalTransformer = returnFields.getOriginalTransformer();
        if (originalTransformer != null) {
            TransformContext transformContext = new TransformContext();
            transformContext.req = responseBuilder.req;
            originalTransformer.setContext(transformContext);
        }
        SolrCore core = responseBuilder.req.getCore();
        UpdateLog updateLog = core.getUpdateHandler().getUpdateLog();
        SchemaField uniqueKeyField = core.getLatestSchema().getUniqueKeyField();
        FieldType type = uniqueKeyField.getType();
        boolean z = false;
        RefCounted realtimeSearcher = core.getRealtimeSearcher();
        SolrDocumentList solrDocumentList = new SolrDocumentList();
        try {
            SolrIndexSearcher solrIndexSearcher = (SolrIndexSearcher) realtimeSearcher.get();
            Iterator it = docList.iterator();
            while (it.hasNext()) {
                SolrDocument solrDocument = (SolrDocument) it.next();
                Integer num = -1;
                if (num.equals(solrDocument.get(ID_FIELD_NAME)) && !z) {
                    realtimeSearcher.decref();
                    AddUpdateCommand addUpdateCommand = new AddUpdateCommand(responseBuilder.req);
                    addUpdateCommand.setFlags(UpdateCommand.REPLAY);
                    updateLog.add(addUpdateCommand, true);
                    realtimeSearcher = core.getRealtimeSearcher();
                    solrIndexSearcher = (SolrIndexSearcher) realtimeSearcher.get();
                    z = true;
                }
                int filteredInternalDocId = getFilteredInternalDocId(solrDocument, uniqueKeyField, type, filterQuery, solrIndexSearcher);
                if (filteredInternalDocId >= 0) {
                    SolrDocument solrDoc = toSolrDoc(solrIndexSearcher.doc(filteredInternalDocId), core.getLatestSchema());
                    if (originalTransformer != null) {
                        originalTransformer.transform(solrDoc, filteredInternalDocId);
                    }
                    solrDocumentList.add(solrDoc);
                }
            }
            if (!responseFormatDocs.getUseResponseField()) {
                solrQueryResponse.getValues().remove("doc");
                solrQueryResponse.add("doc", solrDocumentList.size() > 0 ? (SolrDocument) solrDocumentList.get(0) : null);
            } else {
                solrQueryResponse.getValues().remove("response");
                solrDocumentList.setNumFound(solrDocumentList.size());
                solrQueryResponse.add("response", solrDocumentList);
            }
        } finally {
            realtimeSearcher.decref();
        }
    }

    private static SolrDocument toSolrDoc(Document document, IndexSchema indexSchema) {
        SolrDocument solrDocument = new SolrDocument();
        for (IndexableField indexableField : document.getFields()) {
            if (solrDocument.get(indexableField.name()) == null) {
                SchemaField fieldOrNull = indexSchema.getFieldOrNull(indexableField.name());
                if (fieldOrNull == null || !indexSchema.isCopyFieldTarget(fieldOrNull)) {
                    if (fieldOrNull == null || !fieldOrNull.multiValued()) {
                        solrDocument.setField(indexableField.name(), indexableField);
                    } else {
                        ArrayList arrayList = new ArrayList();
                        arrayList.add(indexableField);
                        solrDocument.setField(indexableField.name(), arrayList);
                    }
                }
            } else {
                solrDocument.addField(indexableField.name(), indexableField);
            }
        }
        return solrDocument;
    }

    private static ResponseFormatDocs getResponseFormatDocs(SolrQueryResponse solrQueryResponse) {
        SolrDocumentList solrDocumentList = (SolrDocumentList) solrQueryResponse.getValues().get("response");
        SolrDocument solrDocument = (SolrDocument) solrQueryResponse.getValues().get("doc");
        if (solrDocumentList == null && solrDocument == null) {
            return null;
        }
        if (solrDocumentList != null && solrDocument != null) {
            throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Not able to filter secure reponse, RealTimeGet returned both a doc list and an individual document");
        }
        boolean z = solrDocumentList != null;
        if (solrDocumentList == null) {
            solrDocumentList = new SolrDocumentList();
            solrDocumentList.add(solrDocument);
        }
        return new ResponseFormatDocs(z, solrDocumentList);
    }

    private static int getFilteredInternalDocId(SolrDocument solrDocument, SchemaField schemaField, FieldType fieldType, Query query, SolrIndexSearcher solrIndexSearcher) throws IOException {
        int i = -1;
        String stringValue = ((Field) solrDocument.getFieldValue(schemaField.getName())).stringValue();
        BytesRef bytesRef = new BytesRef();
        fieldType.readableToIndexed(stringValue, bytesRef);
        long lookupId = solrIndexSearcher.lookupId(bytesRef);
        if (lookupId >= 0) {
            int i2 = (int) lookupId;
            AtomicReaderContext atomicReaderContext = (AtomicReaderContext) solrIndexSearcher.getTopReaderContext().leaves().get((int) (lookupId >> 32));
            i = i2 + atomicReaderContext.docBase;
            Scorer scorer = query.createWeight(solrIndexSearcher).scorer(atomicReaderContext, (Bits) null);
            if (scorer == null || i2 != scorer.advance(i2)) {
                i = -1;
            }
        }
        return i;
    }

    public String getDescription() {
        return "Handle Query Document Authorization for RealTimeGet";
    }

    public String getSource() {
        return "$URL$";
    }
}
