package org.apache.solr.sentry;

import java.net.URL;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.sentry.binding.solr.authz.SentrySolrAuthorizationException;
import org.apache.sentry.binding.solr.authz.SolrAuthzBinding;
import org.apache.sentry.binding.solr.conf.SolrAuthzConf;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.model.search.Collection;
import org.apache.sentry.core.model.search.SearchModelAction;
import org.apache.solr.common.SolrException;
import org.apache.solr.core.SolrCore;
import org.apache.solr.request.LocalSolrQueryRequest;
import org.apache.solr.request.SolrQueryRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/sentry/SentryIndexAuthorizationSingleton.class */
public class SentryIndexAuthorizationSingleton {
    private static Logger log = LoggerFactory.getLogger(SentryIndexAuthorizationSingleton.class);
    public static final String propertyName = "solr.authorization.sentry.site";
    private static final SentryIndexAuthorizationSingleton INSTANCE = new SentryIndexAuthorizationSingleton(System.getProperty(propertyName));
    private final SolrAuthzBinding binding;

    private SentryIndexAuthorizationSingleton(String str) {
        SolrAuthzBinding solrAuthzBinding = null;
        if (str != null) {
            try {
            } catch (Exception e) {
                log.error("Unable to create SolrAuthzBinding", e);
            }
            if (str.length() > 0) {
                solrAuthzBinding = new SolrAuthzBinding(new SolrAuthzConf(new URL("file://" + str)));
                log.info("SolrAuthzBinding created successfully");
                this.binding = solrAuthzBinding;
            }
        }
        log.info("SolrAuthzBinding not created because solr.authorization.sentry.site not set, sentry not enabled");
        this.binding = solrAuthzBinding;
    }

    public static SentryIndexAuthorizationSingleton getInstance() {
        return INSTANCE;
    }

    public boolean isEnabled() {
        return this.binding != null;
    }

    public void authorizeAdminAction(SolrQueryRequest solrQueryRequest, Set<SearchModelAction> set, boolean z, String str) throws SolrException {
        authorizeCollectionAction(solrQueryRequest, set, "admin", true);
        if (z) {
            authorizeCollectionAction(solrQueryRequest, set, str, false);
        }
    }

    public void authorizeCollectionAction(SolrQueryRequest solrQueryRequest, Set<SearchModelAction> set) throws SolrException {
        authorizeCollectionAction(solrQueryRequest, set, null, true);
    }

    public void authorizeCollectionAction(SolrQueryRequest solrQueryRequest, Set<SearchModelAction> set, String str, boolean z) throws SolrException {
        Subject subject = new Subject(System.getProperty("solr.authorization.superuser", "solr"));
        Subject subject2 = new Subject(getUserName(solrQueryRequest));
        if (str == null) {
            SolrCore core = solrQueryRequest.getCore();
            if (core == null) {
                if (z) {
                    throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, "Unable to locate collection for sentry to authorize because no SolrCore attached to request");
                }
                log.warn("Unable to locate collection for sentry to authorize because no SolrCore attached to request");
                return;
            }
            str = core.getCoreDescriptor().getCloudDescriptor().getCollectionName();
        }
        Collection collection = new Collection(str);
        try {
            if (!subject.getName().equals(subject2.getName())) {
                this.binding.authorizeCollection(subject2, collection, set);
            }
        } catch (SentrySolrAuthorizationException e) {
            throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, e);
        }
    }

    public Set<String> getRoles(String str) {
        if (this.binding == null) {
            return null;
        }
        return this.binding.getRoles(str);
    }

    public String getUserName(SolrQueryRequest solrQueryRequest) throws SolrException {
        if (this.binding == null) {
            throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, "Solr binding was not created successfully.  Defaulting to no access");
        }
        SolrCore core = solrQueryRequest.getCore();
        HttpServletRequest httpServletRequest = (HttpServletRequest) solrQueryRequest.getContext().get("httpRequest");
        if (httpServletRequest != null || (solrQueryRequest instanceof LocalSolrQueryRequest)) {
            return solrQueryRequest instanceof LocalSolrQueryRequest ? System.getProperty("solr.authorization.superuser", "solr") : (String) httpServletRequest.getAttribute("solr.user.name");
        }
        StringBuilder sb = new StringBuilder("Unable to locate HttpServletRequest");
        if (core != null && !core.getSolrConfig().getBool("requestDispatcher/requestParsers/@addHttpRequestToContext", true)) {
            sb.append(", ensure requestDispatcher/requestParsers/@addHttpRequestToContext is set to true");
        }
        throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, sb.toString());
    }
}
