package org.apache.ranger.authorization.solr.authorizer;

import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import java.io.IOException;
import java.security.Principal;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.authorization.solr.authorizer.FieldToAttributeMapping;
import org.apache.ranger.plugin.contextenricher.RangerContextEnricher;
import org.apache.ranger.plugin.contextenricher.RangerUserStoreEnricher;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.service.RangerAuthContext;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.apache.ranger.services.solr.RangerSolrConstants;
import org.apache.solr.common.SolrException;
import org.apache.solr.common.params.ModifiableSolrParams;
import org.apache.solr.common.params.SolrParams;
import org.apache.solr.common.util.NamedList;
import org.apache.solr.core.SolrCore;
import org.apache.solr.handler.component.ResponseBuilder;
import org.apache.solr.handler.component.SearchComponent;
import org.apache.solr.request.LocalSolrQueryRequest;
import org.apache.solr.request.SolrQueryRequest;
import org.apache.solr.security.AuthorizationContext;
import org.apache.solr.security.AuthorizationPlugin;
import org.apache.solr.security.PermissionNameProvider;

/* loaded from: input_file:org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.class */
public class RangerSolrAuthorizer extends SearchComponent implements AuthorizationPlugin {
    private String andQParserName;
    private String authField;
    private String allRolesToken;
    private boolean enabled;
    private RangerSolrConstants.MatchType matchMode;
    private String tokenCountField;
    private boolean allowMissingValue;
    private String qParserName;
    private boolean attrsEnabled;
    private static final Log logger = LogFactory.getLog(RangerSolrAuthorizer.class);
    private static volatile RangerBasePlugin solrPlugin = null;
    private List<FieldToAttributeMapping> fieldAttributeMappings = new LinkedList();
    boolean useProxyIP = false;
    String proxyIPHeader = "HTTP_X_FORWARDED_FOR";
    String solrAppName = "Client";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name;

        static {
            try {
                $SwitchMap$org$apache$ranger$authorization$solr$authorizer$FieldToAttributeMapping$FilterType[FieldToAttributeMapping.FilterType.OR.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$ranger$authorization$solr$authorizer$FieldToAttributeMapping$FilterType[FieldToAttributeMapping.FilterType.AND.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$ranger$authorization$solr$authorizer$FieldToAttributeMapping$FilterType[FieldToAttributeMapping.FilterType.GTE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$ranger$authorization$solr$authorizer$FieldToAttributeMapping$FilterType[FieldToAttributeMapping.FilterType.LTE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name = new int[PermissionNameProvider.Name.values().length];
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.READ_PERM.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.UPDATE_PERM.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.SECURITY_EDIT_PERM.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.SECURITY_READ_PERM.ordinal()] = 4;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.CORE_READ_PERM.ordinal()] = 5;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.CORE_EDIT_PERM.ordinal()] = 6;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.COLL_READ_PERM.ordinal()] = 7;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.COLL_EDIT_PERM.ordinal()] = 8;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.CONFIG_EDIT_PERM.ordinal()] = 9;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.CONFIG_READ_PERM.ordinal()] = 10;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.SCHEMA_EDIT_PERM.ordinal()] = 11;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.SCHEMA_READ_PERM.ordinal()] = 12;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.METRICS_HISTORY_READ_PERM.ordinal()] = 13;
            } catch (NoSuchFieldError e17) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.METRICS_READ_PERM.ordinal()] = 14;
            } catch (NoSuchFieldError e18) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.AUTOSCALING_READ_PERM.ordinal()] = 15;
            } catch (NoSuchFieldError e19) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.AUTOSCALING_HISTORY_READ_PERM.ordinal()] = 16;
            } catch (NoSuchFieldError e20) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.AUTOSCALING_WRITE_PERM.ordinal()] = 17;
            } catch (NoSuchFieldError e21) {
            }
            try {
                $SwitchMap$org$apache$solr$security$PermissionNameProvider$Name[PermissionNameProvider.Name.ALL.ordinal()] = 18;
            } catch (NoSuchFieldError e22) {
            }
        }
    }

    public RangerSolrAuthorizer() {
        logger.info("RangerSolrAuthorizer()");
    }

    public void init(NamedList namedList) {
        SolrParams solrParams = namedList.toSolrParams();
        this.authField = solrParams.get(RangerSolrConstants.AUTH_FIELD_PROP, RangerSolrConstants.DEFAULT_AUTH_FIELD);
        this.allRolesToken = solrParams.get(RangerSolrConstants.ALL_ROLES_TOKEN_PROP, "");
        this.enabled = solrParams.getBool(RangerSolrConstants.ENABLED_PROP, false);
        this.matchMode = RangerSolrConstants.MatchType.valueOf(solrParams.get(RangerSolrConstants.MODE_PROP, RangerSolrConstants.DEFAULT_MODE_PROP).toUpperCase());
        if (this.matchMode == RangerSolrConstants.MatchType.CONJUNCTIVE) {
            this.qParserName = solrParams.get(RangerSolrConstants.QPARSER_PROP, "subset").trim();
            this.allowMissingValue = solrParams.getBool("allow_missing_val", false);
            this.tokenCountField = solrParams.get(RangerSolrConstants.TOKEN_COUNT_PROP, RangerSolrConstants.DEFAULT_TOKEN_COUNT_FIELD_PROP);
        }
        this.attrsEnabled = solrParams.getBool(RangerSolrConstants.ATTRS_ENABLED_PROP, false);
        logger.info("RangerSolrAuthorizer.init(): authField={" + this.authField + "}, allRolesToken={" + this.allRolesToken + "}, enabled={" + this.enabled + "}, matchType={" + this.matchMode + "}, qParserName={" + this.qParserName + "}, allowMissingValue={" + this.allowMissingValue + "}, tokenCountField={" + this.tokenCountField + "}, attrsEnabled={" + this.attrsEnabled + "}");
        if (this.attrsEnabled) {
            if (solrParams.get(RangerSolrConstants.FIELD_ATTR_MAPPINGS) != null) {
                logger.info("Solr params = " + solrParams.get(RangerSolrConstants.FIELD_ATTR_MAPPINGS));
                Iterator it = ((NamedList) checkAndGet(namedList, RangerSolrConstants.FIELD_ATTR_MAPPINGS)).iterator();
                while (it.hasNext()) {
                    Map.Entry entry = (Map.Entry) it.next();
                    String str = (String) entry.getKey();
                    String str2 = (String) checkAndGet((NamedList) entry.getValue(), RangerSolrConstants.ATTR_NAMES);
                    String str3 = (String) checkAndGet((NamedList) entry.getValue(), RangerSolrConstants.FIELD_FILTER_TYPE);
                    boolean z = false;
                    if (((NamedList) entry.getValue()).getBooleanArg(RangerSolrConstants.PERMIT_EMPTY_VALUES) != null) {
                        z = ((NamedList) entry.getValue()).getBooleanArg(RangerSolrConstants.PERMIT_EMPTY_VALUES).booleanValue();
                    }
                    this.fieldAttributeMappings.add(new FieldToAttributeMapping(str, str2, str3, z, (String) getWithDefault((NamedList) entry.getValue(), RangerSolrConstants.ALL_USERS_VALUE, ""), (String) getWithDefault((NamedList) entry.getValue(), RangerSolrConstants.ATTRIBUTE_FILTER_REGEX, ""), (String) getWithDefault((NamedList) entry.getValue(), RangerSolrConstants.EXTRA_OPTS, "")));
                }
            }
            this.andQParserName = ((String) checkAndGet(namedList, RangerSolrConstants.AND_OP_QPARSER)).trim();
        }
    }

    public void init(Map<String, Object> map) {
        logger.info("init()");
        try {
            if (solrPlugin == null) {
                synchronized (RangerSolrAuthorizer.class) {
                    RangerBasePlugin rangerBasePlugin = solrPlugin;
                    logger.info("RangerSolrAuthorizer(): init called");
                    if (rangerBasePlugin == null) {
                        authToJAASFile();
                        logger.info("Creating RangerSolrPlugin");
                        solrPlugin = new RangerBasePlugin("solr", "solr");
                    }
                    logger.info("Calling solrPlugin.init()");
                    solrPlugin.init();
                    solrPlugin.setResultProcessor(new RangerSolrAuditHandler(solrPlugin.getConfig()));
                }
            }
            this.useProxyIP = solrPlugin.getConfig().getBoolean(RangerSolrConstants.PROP_USE_PROXY_IP, this.useProxyIP);
            this.proxyIPHeader = solrPlugin.getConfig().get(RangerSolrConstants.PROP_PROXY_IP_HEADER, this.proxyIPHeader);
            this.solrAppName = System.getProperty("solr.kerberos.jaas.appname", this.solrAppName);
            this.solrAppName = solrPlugin.getConfig().get(RangerSolrConstants.PROP_SOLR_APP_NAME, this.solrAppName);
            logger.info("init(): useProxyIP=" + this.useProxyIP);
            logger.info("init(): proxyIPHeader=" + this.proxyIPHeader);
            logger.info("init(): solrAppName=" + this.solrAppName);
            logger.info("init(): KerberosName.rules=" + MiscUtil.getKerberosNamesRules());
        } catch (Throwable th) {
            logger.fatal("Error creating and initializing RangerBasePlugin()", th);
        }
    }

    public void close() throws IOException {
        logger.info("close() called");
        try {
            solrPlugin.cleanup();
            if (solrPlugin.getAuditProviderFactory() != null) {
                solrPlugin.getAuditProviderFactory().shutdown();
            }
        } catch (Throwable th) {
            logger.error("Error cleaning up Ranger plugin. Ignoring error", th);
        }
    }

    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Removed duplicated region for block: B:101:0x0495  */
    /* JADX WARN: Removed duplicated region for block: B:105:0x047f  */
    /* JADX WARN: Removed duplicated region for block: B:98:0x0471  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.apache.solr.security.AuthorizationResponse authorize(org.apache.solr.security.AuthorizationContext r12) {
        /*
            Method dump skipped, instructions count: 1214
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(org.apache.solr.security.AuthorizationContext):org.apache.solr.security.AuthorizationResponse");
    }

    public void prepare(ResponseBuilder responseBuilder) throws IOException {
        if (!this.enabled) {
            if (logger.isDebugEnabled()) {
                logger.debug("Solr Document level Authorization is not enabled!");
                return;
            }
            return;
        }
        String userName = getUserName(responseBuilder.req);
        if (RangerSolrConstants.SUPERUSER.equals(userName)) {
            return;
        }
        RangerSolrAuditHandler rangerSolrAuditHandler = new RangerSolrAuditHandler(solrPlugin.getConfig());
        boolean z = false;
        if (this.attrsEnabled) {
            if (logger.isDebugEnabled()) {
                logger.debug("Checking Ldap attributes to be added to the query filter");
            }
            if (getUserStoreEnricher() == null || getUserStoreEnricher().getRangerUserStore() == null) {
                logger.error("No User store enricher to read the ldap attributes");
                z = true;
            }
            Map userAttrMapping = getUserStoreEnricher().getRangerUserStore().getUserAttrMapping();
            if (MapUtils.isNotEmpty(userAttrMapping)) {
                ModifiableSolrParams modifiableSolrParams = new ModifiableSolrParams(responseBuilder.req.getParams());
                Map<String, String> map = (Map) userAttrMapping.get(userName);
                Iterator<FieldToAttributeMapping> it = this.fieldAttributeMappings.iterator();
                while (it.hasNext()) {
                    String buildFilterQueryString = buildFilterQueryString(userName, map, it.next());
                    if (logger.isDebugEnabled()) {
                        logger.debug("Adding filter clause : {}" + buildFilterQueryString);
                    }
                    modifiableSolrParams.add("fq", new String[]{buildFilterQueryString});
                }
                responseBuilder.req.setParams(modifiableSolrParams);
            }
        } else {
            if (logger.isDebugEnabled()) {
                logger.debug("Checking User roles to be added to the query filter");
            }
            Set<String> rolesForUser = getRolesForUser(userName);
            if (rolesForUser == null || rolesForUser.isEmpty()) {
                z = true;
            } else {
                String disjunctiveFilterQueryStr = this.matchMode == RangerSolrConstants.MatchType.DISJUNCTIVE ? getDisjunctiveFilterQueryStr(rolesForUser) : getConjunctiveFilterQueryStr(rolesForUser);
                ModifiableSolrParams modifiableSolrParams2 = new ModifiableSolrParams(responseBuilder.req.getParams());
                modifiableSolrParams2.add("fq", new String[]{disjunctiveFilterQueryStr});
                responseBuilder.req.setParams(modifiableSolrParams2);
                if (logger.isDebugEnabled()) {
                    logger.debug("Adding filter query {" + disjunctiveFilterQueryStr + "} for user {" + userName + "} with roles {" + rolesForUser + "}");
                }
            }
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) responseBuilder.req.getContext().get("httpRequest");
        if (httpServletRequest == null) {
            SolrCore core = responseBuilder.req.getCore();
            StringBuilder sb = new StringBuilder("Unable to locate HttpServletRequest");
            if (core != null && !core.getSolrConfig().getBool("requestDispatcher/requestParsers/@addHttpRequestToContext", true)) {
                sb.append(", ensure requestDispatcher/requestParsers/@addHttpRequestToContext is set to true in solrconfig.xml");
            }
            throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, sb.toString());
        }
        String str = null;
        Date date = new Date();
        if (this.useProxyIP) {
            str = httpServletRequest.getHeader("X-Forwarded-For");
        }
        if (str == null) {
            str = httpServletRequest.getRemoteAddr();
        }
        try {
            RangerAccessRequestImpl createQueryRequest = createQueryRequest(userName, getGroupsForUser(userName), str, date, responseBuilder.req);
            if (z) {
                RangerAccessResult rangerAccessResult = new RangerAccessResult(0, solrPlugin.getServiceName(), solrPlugin.getServiceDef(), createQueryRequest);
                rangerAccessResult.setIsAllowed(false);
                rangerAccessResult.setPolicyId(-1L);
                rangerAccessResult.setIsAccessDetermined(true);
                rangerAccessResult.setIsAudited(true);
                rangerSolrAuditHandler.processResult(rangerAccessResult);
            } else {
                RangerAccessResult isAccessAllowed = solrPlugin.isAccessAllowed(createQueryRequest, rangerSolrAuditHandler);
                if (logger.isDebugEnabled()) {
                    logger.debug("rangerRequest=" + isAccessAllowed);
                }
                if (isAccessAllowed == null) {
                    z = true;
                }
            }
            if (z) {
                throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, "Permission denied for user: " + userName);
            }
        } finally {
            rangerSolrAuditHandler.flushAudit();
        }
    }

    public void process(ResponseBuilder responseBuilder) throws IOException {
    }

    public String getDescription() {
        return "Handle Query Document Authorization";
    }

    private void authToJAASFile() {
        try {
            MiscUtil.setUGIFromJAASConfig(this.solrAppName);
            logger.info("LoginUser=" + MiscUtil.getUGILoginUser());
        } catch (Throwable th) {
            logger.error("Error authenticating for appName=" + this.solrAppName, th);
        }
    }

    private void logAuthorizationContext(AuthorizationContext authorizationContext) {
        try {
            String str = "";
            int i = -1;
            for (AuthorizationContext.CollectionRequest collectionRequest : authorizationContext.getCollectionRequests()) {
                i++;
                if (i > 0) {
                    str = str + ",";
                }
                str = str + collectionRequest.collectionName;
            }
            String str2 = "";
            int i2 = -1;
            Enumeration headerNames = authorizationContext.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                i2++;
                if (i2 > 0) {
                    str2 = str2 + ",";
                }
                String str3 = (String) headerNames.nextElement();
                str2 = str2 + str3 + "=" + authorizationContext.getHttpHeader(str3);
            }
            String httpHeader = authorizationContext.getHttpHeader("HTTP_X_FORWARDED_FOR");
            if (httpHeader == null) {
                httpHeader = authorizationContext.getHttpHeader("REMOTE_HOST");
            }
            if (httpHeader == null) {
                httpHeader = authorizationContext.getHttpHeader("REMOTE_ADDR");
            }
            if (httpHeader == null) {
                httpHeader = authorizationContext.getRemoteAddr();
            }
            String userName = getUserName(authorizationContext);
            Set<String> groupsForUser = getGroupsForUser(userName);
            String resource = authorizationContext.getResource();
            String str4 = "";
            try {
                str4 = authorizationContext.getParams().toQueryString();
            } catch (Throwable th) {
            }
            String requestType = authorizationContext.getRequestType();
            Principal userPrincipal = authorizationContext.getUserPrincipal();
            logger.debug(((((((((new String("AuthorizationContext: ") + "context.getResource()= " + (resource != null ? resource : "")) + ", solarParams= " + (str4 != null ? str4 : "")) + ", requestType= " + ((Object) (requestType != null ? requestType : ""))) + ", userPrincipal= " + (userPrincipal != null ? userPrincipal : "")) + ", userName= " + userName) + ", groups= " + groupsForUser) + ", ipAddress= " + httpHeader) + ", collections= " + str) + ", headers= " + str2);
        } catch (Throwable th2) {
            logger.error("Error getting request context!!!", th2);
        }
    }

    private RangerAccessRequestImpl createRequest(String str, Set<String> set, String str2, Date date, AuthorizationContext authorizationContext, RangerSolrConstants.RESOURCE_TYPE resource_type, String str3, RangerSolrConstants.ACCESS_TYPE access_type) {
        String access_type2 = access_type.toString();
        RangerAccessRequestImpl createBaseRequest = createBaseRequest(str, set, str2, date);
        RangerAccessResourceImpl rangerAccessResourceImpl = new RangerAccessResourceImpl();
        rangerAccessResourceImpl.setValue(resource_type.toString(), str3);
        createBaseRequest.setResource(rangerAccessResourceImpl);
        createBaseRequest.setAccessType(access_type.toString());
        createBaseRequest.setAction(access_type2);
        return createBaseRequest;
    }

    private RangerAccessRequestImpl createAdminRequest(String str, Set<String> set, String str2, Date date, AuthorizationContext authorizationContext, RangerSolrConstants.ADMIN_TYPE admin_type, RangerSolrConstants.ACCESS_TYPE access_type) {
        return createRequest(str, set, str2, date, authorizationContext, RangerSolrConstants.RESOURCE_TYPE.ADMIN, admin_type.toString(), access_type);
    }

    private RangerAccessRequestImpl createQueryRequest(String str, Set<String> set, String str2, Date date, SolrQueryRequest solrQueryRequest) {
        String access_type = RangerSolrConstants.ACCESS_TYPE.QUERY.toString();
        String access_type2 = RangerSolrConstants.ACCESS_TYPE.QUERY.toString();
        RangerAccessRequestImpl createBaseRequest = createBaseRequest(str, set, str2, date);
        RangerAccessResourceImpl rangerAccessResourceImpl = new RangerAccessResourceImpl();
        rangerAccessResourceImpl.setServiceDef(solrPlugin.getServiceDef());
        rangerAccessResourceImpl.setValue(RangerSolrConstants.RESOURCE_TYPE.COLLECTION.toString(), solrQueryRequest.getCore().getCoreDescriptor().getCollectionName());
        createBaseRequest.setResource(rangerAccessResourceImpl);
        createBaseRequest.setAccessType(access_type);
        createBaseRequest.setAction(access_type2);
        createBaseRequest.setRequestData(solrQueryRequest.getParams().toLocalParamsString());
        createBaseRequest.setClusterName(solrPlugin.getClusterName());
        return createBaseRequest;
    }

    private RangerAccessRequestImpl createBaseRequest(String str, Set<String> set, String str2, Date date) {
        RangerAccessRequestImpl rangerAccessRequestImpl = new RangerAccessRequestImpl();
        if (str != null && !str.isEmpty()) {
            rangerAccessRequestImpl.setUser(str);
        }
        if (set != null && set.size() > 0) {
            rangerAccessRequestImpl.setUserGroups(set);
        }
        if (str2 != null && !str2.isEmpty()) {
            rangerAccessRequestImpl.setClientIPAddress(str2);
        }
        rangerAccessRequestImpl.setAccessTime(date);
        return rangerAccessRequestImpl;
    }

    private String getUserName(AuthorizationContext authorizationContext) {
        Principal userPrincipal = authorizationContext.getUserPrincipal();
        if (userPrincipal != null) {
            return MiscUtil.getShortNameFromPrincipalName(userPrincipal.getName());
        }
        return null;
    }

    private Set<String> getGroupsForUser(String str) {
        return MiscUtil.getGroupsForRequestUser(str);
    }

    private void addDisjunctiveRawClause(StringBuilder sb, String str) {
        sb.append(" {!raw f=").append(this.authField).append(" v=").append(str).append("}");
    }

    private String getDisjunctiveFilterQueryStr(Set<String> set) {
        if (set == null || set.isEmpty()) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            addDisjunctiveRawClause(sb, it.next());
        }
        if (this.allRolesToken != null && !this.allRolesToken.isEmpty()) {
            addDisjunctiveRawClause(sb, this.allRolesToken);
        }
        return sb.toString();
    }

    private String getConjunctiveFilterQueryStr(Set<String> set) {
        StringBuilder sb = new StringBuilder();
        sb.append(" {!").append(this.qParserName).append(" set_field=\"").append(this.authField).append("\"").append(" set_value=\"").append(Joiner.on(',').join(set.iterator())).append("\"").append(" count_field=\"").append(this.tokenCountField).append("\"");
        if (this.allRolesToken != null && !this.allRolesToken.equals("")) {
            sb.append(" wildcard_token=\"").append(this.allRolesToken).append("\"");
        }
        sb.append(" allow_missing_val=").append(this.allowMissingValue).append(" }");
        return sb.toString();
    }

    private Set<String> getRolesForUser(String str) {
        if (solrPlugin.getCurrentRangerAuthContext() != null) {
            return solrPlugin.getRolesFromUserAndGroups(str, getGroupsForUser(str));
        }
        logger.info("Current Ranger Auth Context is null!!");
        return null;
    }

    private final String getUserName(SolrQueryRequest solrQueryRequest) {
        if (solrQueryRequest instanceof LocalSolrQueryRequest) {
            return RangerSolrConstants.SUPERUSER;
        }
        SolrCore core = solrQueryRequest.getCore();
        HttpServletRequest httpServletRequest = (HttpServletRequest) solrQueryRequest.getContext().get("httpRequest");
        if (httpServletRequest == null) {
            StringBuilder sb = new StringBuilder("Unable to locate HttpServletRequest");
            if (core != null && !core.getSolrConfig().getBool("requestDispatcher/requestParsers/@addHttpRequestToContext", true)) {
                sb.append(", ensure requestDispatcher/requestParsers/@addHttpRequestToContext is set to true in solrconfig.xml");
            }
            throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, sb.toString());
        }
        String remoteUser = httpServletRequest.getRemoteUser();
        if (remoteUser == null) {
            remoteUser = MiscUtil.getShortNameFromPrincipalName(httpServletRequest.getUserPrincipal().getName());
        }
        if (remoteUser == null) {
            throw new SolrException(SolrException.ErrorCode.UNAUTHORIZED, "This request is not authenticated.");
        }
        return remoteUser;
    }

    private RangerUserStoreEnricher getUserStoreEnricher() {
        RangerUserStoreEnricher rangerUserStoreEnricher = null;
        RangerAuthContext currentRangerAuthContext = solrPlugin.getCurrentRangerAuthContext();
        if (currentRangerAuthContext != null) {
            Map requestContextEnrichers = currentRangerAuthContext.getRequestContextEnrichers();
            if (MapUtils.isNotEmpty(requestContextEnrichers)) {
                Iterator it = requestContextEnrichers.keySet().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    RangerContextEnricher rangerContextEnricher = (RangerContextEnricher) it.next();
                    if (rangerContextEnricher instanceof RangerUserStoreEnricher) {
                        rangerUserStoreEnricher = (RangerUserStoreEnricher) rangerContextEnricher;
                        break;
                    }
                }
            }
        }
        return rangerUserStoreEnricher;
    }

    private <T> T checkAndGet(NamedList namedList, String str) {
        logger.info("checkAndGet() " + str);
        return (T) Preconditions.checkNotNull(namedList.get(str));
    }

    private <T> T getWithDefault(NamedList namedList, String str, T t) {
        T t2 = (T) namedList.get(str);
        return t2 == null ? t : t2;
    }

    private String buildFilterQueryString(String str, Map<String, String> map, FieldToAttributeMapping fieldToAttributeMapping) {
        String fieldName = fieldToAttributeMapping.getFieldName();
        Collection<String> userAttributesForField = getUserAttributesForField(str, map, fieldToAttributeMapping);
        switch (fieldToAttributeMapping.getFilterType()) {
            case OR:
                return buildSimpleORFilterQuery(fieldName, userAttributesForField, fieldToAttributeMapping.getAcceptEmpty(), fieldToAttributeMapping.getAllUsersValue(), fieldToAttributeMapping.getExtraOpts());
            case AND:
                return buildSubsetFilterQuery(fieldName, userAttributesForField, fieldToAttributeMapping.getAcceptEmpty(), fieldToAttributeMapping.getAllUsersValue(), fieldToAttributeMapping.getExtraOpts());
            case GTE:
                return buildGreaterThanFilterQuery(fieldName, userAttributesForField, fieldToAttributeMapping.getAcceptEmpty(), fieldToAttributeMapping.getAllUsersValue(), fieldToAttributeMapping.getExtraOpts());
            case LTE:
                return buildLessThanFilterQuery(fieldName, userAttributesForField, fieldToAttributeMapping.getAcceptEmpty(), fieldToAttributeMapping.getAllUsersValue(), fieldToAttributeMapping.getExtraOpts());
            default:
                return null;
        }
    }

    private Collection<String> getUserAttributesForField(String str, Map<String, String> map, FieldToAttributeMapping fieldToAttributeMapping) {
        HashSet hashSet = new HashSet();
        if (CollectionUtils.isNotEmpty(fieldToAttributeMapping.getAttributes()) && fieldToAttributeMapping.getAttributes().contains("groups")) {
            hashSet.addAll(getGroupsForUser(str));
        }
        Iterator<String> it = fieldToAttributeMapping.getAttributes().iterator();
        while (it.hasNext()) {
            hashSet.add(map.get(it.next()));
        }
        return hashSet;
    }

    private String buildSimpleORFilterQuery(String str, Collection<String> collection, boolean z, String str2, String str3) {
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            sb.append(str).append(":\"").append(it.next()).append("\" ");
        }
        if (str2 != null && !str2.equals("")) {
            sb.append(str).append(":\"").append(str2).append("\" ");
        }
        if (z) {
            sb.append("(*:* AND -").append(str).append(":*) ");
        }
        if (str3 != null && !str3.equals("")) {
            sb.append(str3 + " ");
        }
        sb.deleteCharAt(sb.length() - 1);
        return sb.toString();
    }

    private String buildSubsetFilterQuery(String str, Collection<String> collection, boolean z, String str2, String str3) {
        StringBuilder sb = new StringBuilder();
        sb.append("{!").append(this.andQParserName).append(" set_field=").append(str).append(" set_value=").append(Joiner.on(',').join(collection));
        if (str2 != null && !str2.equals("")) {
            sb.append(" wildcard_token=").append(str2);
        }
        if (z) {
            sb.append(" allow_missing_val=true");
        } else {
            sb.append(" allow_missing_val=false");
        }
        if (str3 != null && !str3.equals("")) {
            sb.append(" " + str3);
        }
        sb.append("}");
        return sb.toString();
    }

    private String buildGreaterThanFilterQuery(String str, Collection<String> collection, boolean z, String str2, String str3) {
        String str4;
        if (collection.size() == 1) {
            str4 = collection.iterator().next();
        } else {
            if (str2 == null || str2.equals("")) {
                throw new IllegalArgumentException("Greater Than Filter Query cannot be built for field " + str);
            }
            str4 = str2;
        }
        StringBuilder sb = new StringBuilder();
        if (z) {
            sb.append(" (*:* AND -").append(str).append(":*)");
        }
        if (str3 != null && !str3.equals("")) {
            sb.append(" ").append(str3);
        }
        return str + ":[" + str4 + " TO *]" + sb.toString();
    }

    private String buildLessThanFilterQuery(String str, Collection<String> collection, boolean z, String str2, String str3) {
        String str4;
        if (collection.size() == 1) {
            str4 = collection.iterator().next();
        } else {
            if (str2 == null || str2.equals("")) {
                throw new IllegalArgumentException("Less Than Filter Query cannot be built for field " + str);
            }
            str4 = str2;
        }
        StringBuilder sb = new StringBuilder();
        if (z) {
            sb.append(" (*:* AND -").append(str).append(":*)");
        }
        if (str3 != null && !str3.equals("")) {
            sb.append(" ").append(str3);
        }
        return str + ":[* TO " + str4 + "]" + sb.toString();
    }
}
