package com.aerospike.firefly.process.traversal.strategy.optimization;

import com.aerospike.firefly.io.aerospike.admin.AdminService;
import com.aerospike.firefly.security.JWTAuthorizer;
import com.aerospike.firefly.security.UserContext;
import com.aerospike.firefly.structure.FireflyGraph;
import com.aerospike.firefly.util.exceptions.AerospikeGraphAuthException;
import io.vertx.ext.auth.authorization.impl.RoleBasedAuthorizationConverter;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.apache.tinkerpop.gremlin.process.traversal.Bytecode;
import org.apache.tinkerpop.gremlin.process.traversal.Step;
import org.apache.tinkerpop.gremlin.process.traversal.Traversal;
import org.apache.tinkerpop.gremlin.process.traversal.dsl.graph.GraphTraversal;
import org.apache.tinkerpop.gremlin.process.traversal.step.Mutating;
import org.apache.tinkerpop.gremlin.process.traversal.step.map.CallStep;
import org.apache.tinkerpop.gremlin.process.traversal.translator.GroovyTranslator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/aerospike/firefly/process/traversal/strategy/optimization/FireflyAuthenticationStrategy.class */
public class FireflyAuthenticationStrategy extends FireflyStrategyBase {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) FireflyAuthenticationStrategy.class);
    final ThreadLocal<UserClaims> userClaims = ThreadLocal.withInitial(() -> {
        return null;
    });
    final ThreadLocal<Boolean> hasMutateStep = ThreadLocal.withInitial(() -> {
        return false;
    });

    /* loaded from: input_file:com/aerospike/firefly/process/traversal/strategy/optimization/FireflyAuthenticationStrategy$UserClaims.class */
    public static class UserClaims {
        private final String username;
        private final UserContext.ROLE role;
        private final Map<String, String> allRoles;

        private UserClaims(String str, UserContext.ROLE role, Map<String, String> map) {
            this.username = str;
            this.role = role;
            this.allRoles = map;
        }

        public String getUsername() {
            return this.username;
        }

        public UserContext.ROLE getRole() {
            return this.role;
        }

        public UserContext.ROLE getRole(String str) {
            if (this.allRoles == null) {
                return this.role;
            }
            if (this.allRoles.containsKey(str)) {
                return UserContext.ROLE.valueOf(this.allRoles.get(str));
            }
            return null;
        }
    }

    @Override // com.aerospike.firefly.process.traversal.strategy.optimization.FireflyStrategyBase
    public String getStrategyEnabledKey() {
        return null;
    }

    @Override // org.apache.tinkerpop.gremlin.process.traversal.TraversalStrategy
    public void apply(Traversal.Admin<?, ?> admin) {
        FireflyGraph fireflyGraph = (FireflyGraph) admin.getGraph().get();
        ArrayList arrayList = new ArrayList();
        CallStep callStep = null;
        if (!fireflyGraph.getBaseGraph().AUTHENTICATION_ENABLED) {
            for (Step step : admin.getSteps()) {
                if (step instanceof CallStep) {
                    CallStep callStep2 = (CallStep) step;
                    String str = null;
                    try {
                        Field declaredField = CallStep.class.getDeclaredField("serviceName");
                        declaredField.setAccessible(true);
                        str = (String) declaredField.get(callStep2);
                    } catch (IllegalAccessException | NoSuchFieldException e) {
                    }
                    if (JWTAuthorizer.RESERVED_CALL_STRING.equals(str)) {
                        throw AerospikeGraphAuthException.credentialsProvidedAuthenticationDisabled();
                    }
                }
            }
            return;
        }
        for (Step step2 : admin.getSteps()) {
            if (step2 instanceof CallStep) {
                CallStep callStep3 = (CallStep) step2;
                String str2 = null;
                try {
                    Field declaredField2 = CallStep.class.getDeclaredField("serviceName");
                    declaredField2.setAccessible(true);
                    str2 = (String) declaredField2.get(callStep3);
                } catch (IllegalAccessException | NoSuchFieldException e2) {
                }
                if (JWTAuthorizer.RESERVED_CALL_STRING.equals(str2)) {
                    Map<Object, List<Object>> raw = callStep3.getParameters().getRaw(new Object[0]);
                    if (!raw.containsKey("name") || !raw.containsKey(RoleBasedAuthorizationConverter.TYPE) || raw.get("name").size() != 1 || raw.get(RoleBasedAuthorizationConverter.TYPE).size() != 1) {
                        throw AerospikeGraphAuthException.userNotFoundInParameters();
                    }
                    this.userClaims.set(new UserClaims((String) raw.get("name").get(0), getRole(raw.get(RoleBasedAuthorizationConverter.TYPE).get(0), fireflyGraph.getBaseGraph().GRAPH_ID), raw.get(RoleBasedAuthorizationConverter.TYPE).get(0) instanceof Map ? (Map) raw.get(RoleBasedAuthorizationConverter.TYPE).get(0) : null));
                    callStep = callStep3;
                } else {
                    arrayList.add(callStep3);
                }
            } else if (step2 instanceof Mutating) {
                this.hasMutateStep.set(true);
            }
        }
        arrayList.forEach(callStep4 -> {
            callStep4.configure(AdminService.RESERVED_USER_CONTEXT, this.userClaims.get());
        });
        if (callStep != null) {
            admin.removeStep(callStep);
        }
        if (this.userClaims.get() == null) {
            throw AerospikeGraphAuthException.userNotFoundInParameters();
        }
        UserContext.ROLE role = this.userClaims.get().getRole();
        if (role == null) {
            throw AerospikeGraphAuthException.userDoesNotHaveValidRole();
        }
        if (!this.hasMutateStep.get().booleanValue() || role.equals(UserContext.ROLE.READ_WRITE) || role.equals(UserContext.ROLE.ADMIN)) {
            if (!this.hasMutateStep.get().booleanValue() && !role.equals(UserContext.ROLE.READ) && !role.equals(UserContext.ROLE.READ_WRITE) && !role.equals(UserContext.ROLE.ADMIN)) {
                throw AerospikeGraphAuthException.userDoesNotHaveReadAccess();
            }
            fireflyGraph.setUser(this.userClaims.get().username);
            return;
        }
        if (fireflyGraph.getBaseGraph().IS_AUDIT_LOG_ENABLED) {
            Traversal.Admin<?, ?> mo4074clone = admin.mo4074clone();
            List<Bytecode.Instruction> stepInstructions = mo4074clone.asAdmin().getBytecode().getStepInstructions();
            ArrayList arrayList2 = new ArrayList();
            boolean z = false;
            for (Bytecode.Instruction instruction : stepInstructions) {
                if (z) {
                    arrayList2.add(instruction);
                }
                if (instruction.getOperator().equals(GraphTraversal.Symbols.call) && instruction.getArguments().length > 0 && instruction.getArguments()[0].equals(JWTAuthorizer.RESERVED_CALL_STRING)) {
                    arrayList2.add(instruction);
                    z = true;
                }
            }
            Objects.requireNonNull(stepInstructions);
            arrayList2.forEach((v1) -> {
                r1.remove(v1);
            });
            LOG.info("[{}] -  Insufficient permissions to execute mutating step. Query: 'g{}'.", this.userClaims.get().getUsername(), GroovyTranslator.of("").translate(mo4074clone.asAdmin().getBytecode()).getScript());
        }
        throw AerospikeGraphAuthException.userDoesNotHaveWriteAccess();
    }

    @Override // com.aerospike.firefly.process.traversal.strategy.optimization.FireflyStrategyBase
    public void reset() {
        this.userClaims.remove();
        this.hasMutateStep.remove();
    }

    private static UserContext.ROLE getRole(Object obj, String str) {
        if (obj == null) {
            return null;
        }
        if (obj instanceof String) {
            return UserContext.ROLE.valueOf((String) obj);
        }
        Object obj2 = ((Map) obj).get(str);
        if (obj2 == null) {
            return null;
        }
        return UserContext.ROLE.valueOf((String) obj2);
    }
}
