package org.apache.pinot.controller.api.access;

import java.io.IOException;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.ws.rs.core.HttpHeaders;
import org.apache.pinot.common.config.provider.AccessControlUserCache;
import org.apache.pinot.common.utils.BcryptUtils;
import org.apache.pinot.controller.ControllerConf;
import org.apache.pinot.controller.api.access.AccessControl;
import org.apache.pinot.controller.helix.core.PinotHelixResourceManager;
import org.apache.pinot.core.auth.BasicAuthUtils;
import org.apache.pinot.core.auth.ZkBasicAuthPrincipal;
import org.apache.pinot.spi.env.PinotConfiguration;
import org.apache.pinot.spi.utils.builder.TableNameBuilder;

/* loaded from: input_file:org/apache/pinot/controller/api/access/ZkBasicAuthAccessControlFactory.class */
public class ZkBasicAuthAccessControlFactory implements AccessControlFactory {
    private static final String HEADER_AUTHORIZATION = "Authorization";
    private AccessControl _accessControl;

    /* loaded from: input_file:org/apache/pinot/controller/api/access/ZkBasicAuthAccessControlFactory$BasicAuthAccessControl.class */
    private static class BasicAuthAccessControl implements AccessControl {
        private Map<String, ZkBasicAuthPrincipal> _name2principal;
        private final AccessControlUserCache _userCache;

        public BasicAuthAccessControl(AccessControlUserCache accessControlUserCache) {
            this._userCache = accessControlUserCache;
        }

        @Override // org.apache.pinot.controller.api.access.AccessControl
        public boolean protectAnnotatedOnly() {
            return false;
        }

        @Override // org.apache.pinot.controller.api.access.AccessControl
        public boolean hasDataAccess(HttpHeaders httpHeaders, String str) {
            return getPrincipal(httpHeaders).filter(zkBasicAuthPrincipal -> {
                return zkBasicAuthPrincipal.hasTable(str);
            }).isPresent();
        }

        @Override // org.apache.pinot.controller.api.access.AccessControl
        public boolean hasAccess(String str, AccessType accessType, HttpHeaders httpHeaders, String str2) {
            return getPrincipal(httpHeaders).filter(zkBasicAuthPrincipal -> {
                return zkBasicAuthPrincipal.hasTable(TableNameBuilder.extractRawTableName(str)) && zkBasicAuthPrincipal.hasPermission(Objects.toString(accessType));
            }).isPresent();
        }

        @Override // org.apache.pinot.controller.api.access.AccessControl
        public boolean hasAccess(AccessType accessType, HttpHeaders httpHeaders, String str) {
            return getPrincipal(httpHeaders).isPresent();
        }

        private Optional<ZkBasicAuthPrincipal> getPrincipal(HttpHeaders httpHeaders) {
            if (httpHeaders == null) {
                return Optional.empty();
            }
            this._name2principal = (Map) BasicAuthUtils.extractBasicAuthPrincipals(this._userCache.getAllControllerUserConfig()).stream().collect(Collectors.toMap((v0) -> {
                return v0.getName();
            }, zkBasicAuthPrincipal -> {
                return zkBasicAuthPrincipal;
            }));
            List<String> requestHeader = httpHeaders.getRequestHeader("Authorization");
            if (requestHeader == null) {
                return Optional.empty();
            }
            Map map = (Map) requestHeader.stream().collect(Collectors.toMap(org.apache.pinot.common.auth.BasicAuthUtils::extractUsername, org.apache.pinot.common.auth.BasicAuthUtils::extractPassword));
            Stream stream = map.keySet().stream();
            Objects.requireNonNull(map);
            Function function = (v1) -> {
                return r1.get(v1);
            };
            Map<String, ZkBasicAuthPrincipal> map2 = this._name2principal;
            Objects.requireNonNull(map2);
            return ((Map) stream.collect(Collectors.toMap(function, (v1) -> {
                return r2.get(v1);
            }))).entrySet().stream().filter(entry -> {
                return BcryptUtils.checkpwWithCache((String) entry.getKey(), ((ZkBasicAuthPrincipal) entry.getValue()).getPassword(), this._userCache.getUserPasswordAuthCache());
            }).map(entry2 -> {
                return (ZkBasicAuthPrincipal) entry2.getValue();
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).findFirst();
        }

        @Override // org.apache.pinot.controller.api.access.AccessControl
        public AccessControl.AuthWorkflowInfo getAuthWorkflowInfo() {
            return new AccessControl.AuthWorkflowInfo("BASIC");
        }
    }

    @Override // org.apache.pinot.controller.api.access.AccessControlFactory
    public void init(PinotConfiguration pinotConfiguration, PinotHelixResourceManager pinotHelixResourceManager) throws IOException {
        pinotHelixResourceManager.initUserACLConfig((ControllerConf) pinotConfiguration);
        this._accessControl = new BasicAuthAccessControl(new AccessControlUserCache(pinotHelixResourceManager.getPropertyStore()));
    }

    @Override // org.apache.pinot.controller.api.access.AccessControlFactory
    public AccessControl create() {
        return this._accessControl;
    }
}
