package org.apache.solr.handler.component;

import java.io.IOException;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.sentry.binding.solr.authz.SentrySolrPluginImpl;
import org.apache.sentry.core.common.exception.SentryUserException;
import org.apache.solr.common.SolrException;
import org.apache.solr.core.SolrCore;
import org.apache.solr.request.LocalSolrQueryRequest;
import org.apache.solr.request.SolrQueryRequest;

/* loaded from: input_file:org/apache/solr/handler/component/DocAuthorizationComponent.class */
public abstract class DocAuthorizationComponent extends SearchComponent {
    public static final String SUPERUSER = System.getProperty("solr.authorization.superuser", "solr");

    public abstract boolean getEnabled();

    public abstract void prepare(ResponseBuilder responseBuilder, String str) throws IOException;

    /* JADX INFO: Access modifiers changed from: protected */
    public final Set<String> getRoles(SolrQueryRequest solrQueryRequest, String str) {
        SentrySolrPluginImpl authorizationPlugin = solrQueryRequest.getCore().getCoreContainer().getAuthorizationPlugin();
        if (!(authorizationPlugin instanceof SentrySolrPluginImpl)) {
            throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, getClass().getSimpleName() + " can only be used with Sentry authorization plugin for Solr");
        }
        try {
            return authorizationPlugin.getRoles(str);
        } catch (SentryUserException e) {
            throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, "Request from user: " + str + " rejected due to SentryUserException: ", e);
        }
    }

    protected final String getUserName(SolrQueryRequest solrQueryRequest) {
        if (solrQueryRequest instanceof LocalSolrQueryRequest) {
            return SUPERUSER;
        }
        SolrCore core = solrQueryRequest.getCore();
        HttpServletRequest httpServletRequest = (HttpServletRequest) solrQueryRequest.getContext().get("httpRequest");
        if (httpServletRequest == null) {
            StringBuilder sb = new StringBuilder("Unable to locate HttpServletRequest");
            if (core != null && !core.getSolrConfig().getBool("requestDispatcher/requestParsers/@addHttpRequestToContext", true)) {
                sb.append(", ensure requestDispatcher/requestParsers/@addHttpRequestToContext is set to true in solrconfig.xml");
            }
            throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, sb.toString());
        }
        String remoteUser = httpServletRequest.getRemoteUser();
        if (remoteUser == null) {
            remoteUser = SentrySolrPluginImpl.getShortUserName(httpServletRequest.getUserPrincipal());
        }
        if (remoteUser == null) {
            throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, "This request is not authenticated.");
        }
        return remoteUser;
    }

    public final void prepare(ResponseBuilder responseBuilder) throws IOException {
        if (getEnabled()) {
            String userName = getUserName(responseBuilder.req);
            if (SUPERUSER.equals(userName)) {
                return;
            }
            prepare(responseBuilder, userName);
        }
    }
}
