package io.trino.gateway.ha.security;

import io.dropwizard.auth.Authorizer;
import io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor;
import io.trino.gateway.ha.config.AuthorizationConfiguration;
import jakarta.annotation.Nullable;
import jakarta.ws.rs.container.ContainerRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/trino/gateway/ha/security/LbAuthorizer.class */
public class LbAuthorizer implements Authorizer<LbPrincipal> {
    private static final Logger log = LoggerFactory.getLogger(LbAuthorizer.class);
    private final AuthorizationConfiguration configuration;

    public LbAuthorizer(AuthorizationConfiguration authorizationConfiguration) {
        this.configuration = authorizationConfiguration;
    }

    public boolean authorize(LbPrincipal lbPrincipal, String str, @Nullable ContainerRequestContext containerRequestContext) {
        boolean z = -1;
        switch (str.hashCode()) {
            case 65018:
                if (str.equals("API")) {
                    z = 2;
                    break;
                }
                break;
            case 2614219:
                if (str.equals("USER")) {
                    z = true;
                    break;
                }
                break;
            case 62130991:
                if (str.equals("ADMIN")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                log.info("User '{}' with memberOf({}) was identified as ADMIN({})", new Object[]{lbPrincipal.getName(), lbPrincipal.getMemberOf(), this.configuration.getAdmin()});
                return lbPrincipal.getMemberOf().filter(str2 -> {
                    return str2.matches(this.configuration.getAdmin());
                }).isPresent();
            case ActiveClusterMonitor.MONITOR_TASK_DELAY_MIN /* 1 */:
                log.info("User '{}' with memberOf({}) identified as USER({})", new Object[]{lbPrincipal.getName(), lbPrincipal.getMemberOf(), this.configuration.getUser()});
                return lbPrincipal.getMemberOf().filter(str3 -> {
                    return str3.matches(this.configuration.getUser());
                }).isPresent();
            case true:
                log.info("User '{}' with memberOf({}) identified as API({})", new Object[]{lbPrincipal.getName(), lbPrincipal.getMemberOf(), this.configuration.getApi()});
                return lbPrincipal.getMemberOf().filter(str4 -> {
                    return str4.matches(this.configuration.getApi());
                }).isPresent();
            default:
                log.warn("User '{}' with role {} has no regex match based on ldap search", lbPrincipal.getName(), str);
                return false;
        }
    }
}
