package org.apache.pinot.server.access;

import io.netty.channel.ChannelHandlerContext;
import java.util.Collection;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang.StringUtils;
import org.apache.pinot.common.auth.BasicAuthUtils;
import org.apache.pinot.core.auth.BasicAuthPrincipal;
import org.apache.pinot.spi.env.PinotConfiguration;
import org.apache.pinot.spi.utils.builder.TableNameBuilder;

/* loaded from: input_file:org/apache/pinot/server/access/BasicAuthAccessFactory.class */
public class BasicAuthAccessFactory implements AccessControlFactory {
    private static final String PREFIX = "principals";
    private static final String AUTHORIZATION_KEY = "authorization";
    private AccessControl _accessControl;

    /* loaded from: input_file:org/apache/pinot/server/access/BasicAuthAccessFactory$BasicAuthAccessControl.class */
    private static class BasicAuthAccessControl implements AccessControl {
        private final Map<String, BasicAuthPrincipal> _token2principal;

        public BasicAuthAccessControl(Collection<BasicAuthPrincipal> collection) {
            this._token2principal = (Map) collection.stream().collect(Collectors.toMap((v0) -> {
                return v0.getToken();
            }, basicAuthPrincipal -> {
                return basicAuthPrincipal;
            }));
        }

        @Override // org.apache.pinot.server.access.AccessControl
        public boolean isAuthorizedChannel(ChannelHandlerContext channelHandlerContext) {
            return true;
        }

        @Override // org.apache.pinot.server.access.AccessControl
        public boolean hasDataAccess(RequesterIdentity requesterIdentity, String str) {
            Stream<R> map = getTokens(requesterIdentity).stream().map(BasicAuthUtils::normalizeBase64Token);
            Map<String, BasicAuthPrincipal> map2 = this._token2principal;
            Objects.requireNonNull(map2);
            return ((Boolean) map.map((v1) -> {
                return r1.get(v1);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).findFirst().map(basicAuthPrincipal -> {
                return Boolean.valueOf(StringUtils.isEmpty(str) || basicAuthPrincipal.hasTable(TableNameBuilder.extractRawTableName(str)));
            }).orElse(false)).booleanValue();
        }

        private Collection<String> getTokens(RequesterIdentity requesterIdentity) {
            if (requesterIdentity instanceof GrpcRequesterIdentity) {
                return ((GrpcRequesterIdentity) requesterIdentity).getGrpcMetadata().get(BasicAuthAccessFactory.AUTHORIZATION_KEY);
            }
            if (requesterIdentity instanceof HttpRequesterIdentity) {
                return ((HttpRequesterIdentity) requesterIdentity).getHttpHeaders().get(BasicAuthAccessFactory.AUTHORIZATION_KEY);
            }
            throw new UnsupportedOperationException("GrpcRequesterIdentity or HttpRequesterIdentity is required");
        }
    }

    @Override // org.apache.pinot.server.access.AccessControlFactory
    public void init(PinotConfiguration pinotConfiguration) {
        this._accessControl = new BasicAuthAccessControl(org.apache.pinot.core.auth.BasicAuthUtils.extractBasicAuthPrincipals(pinotConfiguration, PREFIX));
    }

    @Override // org.apache.pinot.server.access.AccessControlFactory
    public AccessControl create() {
        return this._accessControl;
    }
}
