package org.apache.solr.handler.component;

import com.google.common.base.Joiner;
import java.io.IOException;
import java.util.Iterator;
import java.util.Set;
import org.apache.solr.common.SolrException;
import org.apache.solr.common.params.ModifiableSolrParams;
import org.apache.solr.common.params.SolrParams;
import org.apache.solr.common.util.NamedList;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/handler/component/QueryDocAuthorizationComponent.class */
public class QueryDocAuthorizationComponent extends DocAuthorizationComponent {
    public static final String AUTH_FIELD_PROP = "sentryAuthField";
    public static final String DEFAULT_AUTH_FIELD = "sentry_auth";
    public static final String ALL_ROLES_TOKEN_PROP = "allRolesToken";
    public static final String ENABLED_PROP = "enabled";
    public static final String MODE_PROP = "matchMode";
    public static final String ALLOW_MISSING_VAL_PROP = "allow_missing_val";
    public static final String TOKEN_COUNT_PROP = "tokenCountField";
    public static final String DEFAULT_TOKEN_COUNT_FIELD_PROP = "sentry_auth_count";
    public static final String QPARSER_PROP = "qParser";
    private String authField;
    private String allRolesToken;
    private boolean enabled;
    private MatchType matchMode;
    private String tokenCountField;
    private boolean allowMissingValue;
    private String qParserName;
    private static final Logger LOG = LoggerFactory.getLogger(QueryDocAuthorizationComponent.class);
    public static final String DEFAULT_MODE_PROP = MatchType.DISJUNCTIVE.toString();

    /* loaded from: input_file:org/apache/solr/handler/component/QueryDocAuthorizationComponent$MatchType.class */
    private enum MatchType {
        DISJUNCTIVE,
        CONJUNCTIVE
    }

    public void init(NamedList namedList) {
        SolrParams solrParams = namedList.toSolrParams();
        this.authField = solrParams.get(AUTH_FIELD_PROP, DEFAULT_AUTH_FIELD);
        LOG.info("QueryDocAuthorizationComponent authField: {}", this.authField);
        this.allRolesToken = solrParams.get(ALL_ROLES_TOKEN_PROP, "");
        LOG.info("QueryDocAuthorizationComponent allRolesToken: {}", this.allRolesToken);
        this.enabled = solrParams.getBool("enabled", false);
        LOG.info("QueryDocAuthorizationComponent enabled: {}", Boolean.valueOf(this.enabled));
        this.matchMode = MatchType.valueOf(solrParams.get(MODE_PROP, DEFAULT_MODE_PROP).toUpperCase());
        LOG.info("QueryDocAuthorizationComponent matchType: {}", this.matchMode);
        if (this.matchMode == MatchType.CONJUNCTIVE) {
            this.qParserName = solrParams.get(QPARSER_PROP, "subset").trim();
            LOG.debug("QueryDocAuthorizationComponent qParserName: {}", this.qParserName);
            this.allowMissingValue = solrParams.getBool("allow_missing_val", false);
            LOG.debug("QueryDocAuthorizationComponent allowMissingValue: {}", Boolean.valueOf(this.allowMissingValue));
            this.tokenCountField = solrParams.get(TOKEN_COUNT_PROP, DEFAULT_TOKEN_COUNT_FIELD_PROP);
            LOG.debug("QueryDocAuthorizationComponent tokenCountField: {}", this.tokenCountField);
        }
    }

    private void addDisjunctiveRawClause(StringBuilder sb, String str) {
        sb.append(" {!raw f=").append(this.authField).append(" v=").append(str).append("}");
    }

    public String getDisjunctiveFilterQueryStr(Set<String> set) {
        if (set == null || set.isEmpty()) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            addDisjunctiveRawClause(sb, it.next());
        }
        if (this.allRolesToken != null && !this.allRolesToken.isEmpty()) {
            addDisjunctiveRawClause(sb, this.allRolesToken);
        }
        return sb.toString();
    }

    @Override // org.apache.solr.handler.component.DocAuthorizationComponent
    public void prepare(ResponseBuilder responseBuilder, String str) throws IOException {
        Set<String> roles = getRoles(responseBuilder.req, str);
        if (roles == null || roles.isEmpty()) {
            throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, "Request from user: " + str + " rejected because user is not associated with any roles");
        }
        String disjunctiveFilterQueryStr = this.matchMode == MatchType.DISJUNCTIVE ? getDisjunctiveFilterQueryStr(roles) : getConjunctiveFilterQueryStr(roles);
        ModifiableSolrParams modifiableSolrParams = new ModifiableSolrParams(responseBuilder.req.getParams());
        modifiableSolrParams.add("fq", new String[]{disjunctiveFilterQueryStr});
        responseBuilder.req.setParams(modifiableSolrParams);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Adding filter query {} for user {} with roles {}", new Object[]{disjunctiveFilterQueryStr, str, roles});
        }
    }

    private String getConjunctiveFilterQueryStr(Set<String> set) {
        StringBuilder sb = new StringBuilder();
        sb.append(" {!").append(this.qParserName).append(" set_field=\"").append(this.authField).append("\"").append(" set_value=\"").append(Joiner.on(',').join(set.iterator())).append("\"").append(" count_field=\"").append(this.tokenCountField).append("\"");
        if (this.allRolesToken != null && !this.allRolesToken.equals("")) {
            sb.append(" wildcard_token=\"").append(this.allRolesToken).append("\"");
        }
        sb.append(" allow_missing_val=").append(this.allowMissingValue).append(" }");
        return sb.toString();
    }

    public void process(ResponseBuilder responseBuilder) throws IOException {
    }

    public String getDescription() {
        return "Handle Query Document Authorization";
    }

    @Override // org.apache.solr.handler.component.DocAuthorizationComponent
    public boolean getEnabled() {
        return this.enabled;
    }
}
