package org.wso2.carbon.cassandra.server;

import java.io.File;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Set;
import org.apache.cassandra.auth.AuthenticatedUser;
import org.apache.cassandra.auth.DataResource;
import org.apache.cassandra.auth.IAuthorizer;
import org.apache.cassandra.auth.IResource;
import org.apache.cassandra.auth.Permission;
import org.apache.cassandra.auth.PermissionDetails;
import org.apache.cassandra.exceptions.ConfigurationException;
import org.apache.cassandra.exceptions.RequestExecutionException;
import org.apache.cassandra.exceptions.RequestValidationException;
import org.apache.cassandra.exceptions.UnauthorizedException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.cassandra.common.auth.Action;
import org.wso2.carbon.cassandra.common.auth.AuthUtils;
import org.wso2.carbon.cassandra.server.internal.CassandraServerDataHolder;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/cassandra/server/CarbonCassandraAuthorizer.class */
public class CarbonCassandraAuthorizer implements IAuthorizer {
    private static final Log log = LogFactory.getLog(CarbonCassandraAuthorizer.class);

    public Set<Permission> authorize(AuthenticatedUser authenticatedUser, IResource iResource) {
        String str = AuthUtils.RESOURCE_PATH_PREFIX + File.separator + (iResource instanceof DataResource ? iResource.getName() : getResourcePath(iResource));
        try {
            if (!str.startsWith(AuthUtils.RESOURCE_PATH_PREFIX + File.separator + DataResource.root().getName())) {
                return Permission.NONE;
            }
            try {
                String name = authenticatedUser.getName();
                String tenantDomain = MultitenantUtils.getTenantDomain(name);
                PrivilegedCarbonContext.startTenantFlow();
                PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                if ("carbon.super".equals(tenantDomain)) {
                    threadLocalCarbonContext.setTenantDomain("carbon.super");
                    threadLocalCarbonContext.setTenantId(-1234);
                } else {
                    int tenantId = CassandraServerDataHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
                    threadLocalCarbonContext.setTenantDomain(tenantDomain);
                    threadLocalCarbonContext.setTenantId(tenantId);
                }
                AuthorizationManager authorizationManager = getRealmForTenant(tenantDomain).getAuthorizationManager();
                String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(name);
                EnumSet noneOf = EnumSet.noneOf(Permission.class);
                for (String str2 : Action.ALL_ACTIONS_ARRAY) {
                    try {
                        if (authorizationManager.isUserAuthorized(tenantAwareUsername, str, str2)) {
                            noneOf.add(AuthUtils.getCassandraPermission(str2));
                        }
                    } catch (UserStoreException e) {
                        log.error(e.getMessage(), e);
                    }
                }
                if (!noneOf.isEmpty()) {
                    PrivilegedCarbonContext.endTenantFlow();
                    return noneOf;
                }
                Set<Permission> set = Permission.NONE;
                PrivilegedCarbonContext.endTenantFlow();
                return set;
            } catch (UserStoreException e2) {
                log.error("Error during authorizing a user for a resource" + str, e2);
                Set<Permission> set2 = Permission.NONE;
                PrivilegedCarbonContext.endTenantFlow();
                return set2;
            }
        } catch (Throwable th) {
            PrivilegedCarbonContext.endTenantFlow();
            throw th;
        }
    }

    public void grant(AuthenticatedUser authenticatedUser, Set<Permission> set, IResource iResource, String str) throws RequestValidationException, RequestExecutionException {
        logAndUnauthorizedException("You are not allowed to do this action. Please use Carbon admin console to manage permissions.");
    }

    public void revoke(AuthenticatedUser authenticatedUser, Set<Permission> set, IResource iResource, String str) throws RequestValidationException, RequestExecutionException {
        logAndUnauthorizedException("You are not allowed to do this action. Please use Carbon admin console to manage permissions.");
    }

    public Set<PermissionDetails> list(AuthenticatedUser authenticatedUser, Set<Permission> set, IResource iResource, String str) throws RequestValidationException, RequestExecutionException {
        return new HashSet();
    }

    public void revokeAll(String str) {
        log.error("You are not allowed to do this action. Please use Carbon admin console to manage permissions.");
    }

    public void revokeAll(IResource iResource) {
        log.error("You are not allowed to do this action. Please use Carbon admin console to manage permissions.");
    }

    public Set<? extends IResource> protectedResources() {
        return new HashSet();
    }

    public void validateConfiguration() throws ConfigurationException {
    }

    public void setup() {
        try {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            threadLocalCarbonContext.setTenantDomain("carbon.super");
            threadLocalCarbonContext.setTenantId(-1234);
            UserRealm realmForTenant = getRealmForTenant("carbon.super");
            AuthorizationManager authorizationManager = realmForTenant.getAuthorizationManager();
            for (String str : Action.ALL_ACTIONS_ARRAY) {
                authorizationManager.authorizeRole(realmForTenant.getRealmConfiguration().getAdminRoleName(), AuthUtils.RESOURCE_PATH_PREFIX, str);
            }
        } catch (UserStoreException e) {
            log.error("Setting Cassandra permissions for 'admin' role failed atauthorization setup", e);
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }

    private String getResourcePath(IResource iResource) {
        String name = iResource.getName();
        while (iResource.hasParent()) {
            IResource parent = iResource.getParent();
            name = parent.getName().concat(File.separator).concat(name);
            iResource = parent;
        }
        return name;
    }

    private void logAndUnauthorizedException(String str) throws RequestValidationException {
        log.error(str);
        throw new UnauthorizedException(str);
    }

    private UserRealm getRealmForTenant(String str) {
        try {
            RealmService realmService = CassandraServerDataHolder.getInstance().getRealmService();
            return realmService.getTenantUserRealm(realmService.getTenantManager().getTenantId(str));
        } catch (UserStoreException e) {
            throw new CassandraServerException("Error accessing the UserRealm for tenant : " + e, log);
        }
    }
}
