package io.trino.server;

import com.google.common.base.MoreObjects;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.errorprone.annotations.FormatMethod;
import com.google.inject.Inject;
import io.airlift.units.DataSize;
import io.airlift.units.Duration;
import io.trino.Session;
import io.trino.client.ProtocolDetectionException;
import io.trino.client.ProtocolHeaders;
import io.trino.connector.system.GlobalSystemConnector;
import io.trino.metadata.Metadata;
import io.trino.security.AccessControl;
import io.trino.server.protocol.PreparedStatementEncoder;
import io.trino.spi.security.AccessDeniedException;
import io.trino.spi.security.GroupProvider;
import io.trino.spi.security.Identity;
import io.trino.spi.security.SelectedRole;
import io.trino.spi.session.ResourceEstimates;
import io.trino.sql.parser.ParsingException;
import io.trino.sql.parser.SqlParser;
import io.trino.transaction.TransactionId;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.MultivaluedMap;
import jakarta.ws.rs.core.Response;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;

/* loaded from: input_file:io/trino/server/HttpRequestSessionContextFactory.class */
public class HttpRequestSessionContextFactory {
    private static final Splitter DOT_SPLITTER = Splitter.on('.');
    public static final String AUTHENTICATED_IDENTITY = "trino.authenticated-identity";
    private final PreparedStatementEncoder preparedStatementEncoder;
    private final Metadata metadata;
    private final GroupProvider groupProvider;
    private final AccessControl accessControl;

    @Inject
    public HttpRequestSessionContextFactory(PreparedStatementEncoder preparedStatementEncoder, Metadata metadata, GroupProvider groupProvider, AccessControl accessControl) {
        this.preparedStatementEncoder = (PreparedStatementEncoder) Objects.requireNonNull(preparedStatementEncoder, "preparedStatementEncoder is null");
        this.metadata = (Metadata) Objects.requireNonNull(metadata, "metadata is null");
        this.groupProvider = (GroupProvider) Objects.requireNonNull(groupProvider, "groupProvider is null");
        this.accessControl = (AccessControl) Objects.requireNonNull(accessControl, "accessControl is null");
    }

    public SessionContext createSessionContext(MultivaluedMap<String, String> multivaluedMap, Optional<String> optional, Optional<String> optional2, Optional<Identity> optional3) throws WebApplicationException {
        try {
            ProtocolHeaders detectProtocol = ProtocolHeaders.detectProtocol(optional, multivaluedMap.keySet());
            Optional ofNullable = Optional.ofNullable(trimEmptyToNull((String) multivaluedMap.getFirst(detectProtocol.requestCatalog())));
            Optional ofNullable2 = Optional.ofNullable(trimEmptyToNull((String) multivaluedMap.getFirst(detectProtocol.requestSchema())));
            Optional ofNullable3 = Optional.ofNullable(trimEmptyToNull((String) multivaluedMap.getFirst(detectProtocol.requestPath())));
            assertRequest(ofNullable.isPresent() || ofNullable2.isEmpty(), "Schema is set but catalog is not", new Object[0]);
            Objects.requireNonNull(optional3, "authenticatedIdentity is null");
            Identity buildSessionIdentity = buildSessionIdentity(optional3, detectProtocol, multivaluedMap);
            Identity buildSessionOriginalIdentity = buildSessionOriginalIdentity(buildSessionIdentity, detectProtocol, multivaluedMap);
            SelectedRole parseSystemRoleHeaders = parseSystemRoleHeaders(detectProtocol, multivaluedMap);
            Optional ofNullable4 = Optional.ofNullable((String) multivaluedMap.getFirst(detectProtocol.requestSource()));
            Optional ofNullable5 = Optional.ofNullable(trimEmptyToNull((String) multivaluedMap.getFirst(detectProtocol.requestTraceToken())));
            Optional ofNullable6 = Optional.ofNullable((String) multivaluedMap.getFirst("User-Agent"));
            Optional optional4 = (Optional) Objects.requireNonNull(optional2, "remoteAddress is null");
            Optional ofNullable7 = Optional.ofNullable((String) multivaluedMap.getFirst(detectProtocol.requestTimeZone()));
            Optional ofNullable8 = Optional.ofNullable((String) multivaluedMap.getFirst(detectProtocol.requestLanguage()));
            Optional ofNullable9 = Optional.ofNullable((String) multivaluedMap.getFirst(detectProtocol.requestClientInfo()));
            Set<String> parseClientTags = parseClientTags(detectProtocol, multivaluedMap);
            Set<String> parseClientCapabilities = parseClientCapabilities(detectProtocol, multivaluedMap);
            ResourceEstimates parseResourceEstimate = parseResourceEstimate(detectProtocol, multivaluedMap);
            ImmutableMap.Builder builder = ImmutableMap.builder();
            HashMap hashMap = new HashMap();
            for (Map.Entry<String, String> entry : parseSessionHeaders(detectProtocol, multivaluedMap).entrySet()) {
                String key = entry.getKey();
                String value = entry.getValue();
                List splitToList = DOT_SPLITTER.splitToList(key);
                if (splitToList.size() == 1) {
                    String str = (String) splitToList.get(0);
                    assertRequest(!str.isEmpty(), "Invalid %s header", detectProtocol.requestSession());
                    builder.put(str, value);
                } else {
                    if (splitToList.size() != 2) {
                        throw badRequest(String.format("Invalid %s header", detectProtocol.requestSession()));
                    }
                    String str2 = (String) splitToList.get(0);
                    String str3 = (String) splitToList.get(1);
                    assertRequest(!str2.isEmpty(), "Invalid %s header", detectProtocol.requestSession());
                    assertRequest(!str3.isEmpty(), "Invalid %s header", detectProtocol.requestSession());
                    ((Map) hashMap.computeIfAbsent(str2, str4 -> {
                        return new HashMap();
                    })).put(str3, value);
                }
            }
            Objects.requireNonNull(hashMap, "catalogSessionProperties is null");
            Map map = (Map) hashMap.entrySet().stream().collect(ImmutableMap.toImmutableMap((v0) -> {
                return v0.getKey();
            }, entry2 -> {
                return ImmutableMap.copyOf((Map) entry2.getValue());
            }));
            Map<String, String> parsePreparedStatementsHeaders = parsePreparedStatementsHeaders(detectProtocol, multivaluedMap);
            String str5 = (String) multivaluedMap.getFirst(detectProtocol.requestTransactionId());
            return new SessionContext(detectProtocol, ofNullable, ofNullable2, ofNullable3, optional3, buildSessionIdentity, buildSessionOriginalIdentity, parseSystemRoleHeaders, ofNullable4, ofNullable5, ofNullable6, optional4, ofNullable7, ofNullable8, parseClientTags, parseClientCapabilities, parseResourceEstimate, builder.buildOrThrow(), map, parsePreparedStatementsHeaders, parseTransactionId(str5), str5 != null, ofNullable9);
        } catch (ProtocolDetectionException e) {
            throw badRequest(e.getMessage());
        }
    }

    public Identity extractAuthorizedIdentity(HttpServletRequest httpServletRequest, HttpHeaders httpHeaders, Optional<String> optional) {
        return extractAuthorizedIdentity(Optional.ofNullable((Identity) httpServletRequest.getAttribute(AUTHENTICATED_IDENTITY)), httpHeaders.getRequestHeaders(), optional);
    }

    public Identity extractAuthorizedIdentity(Optional<Identity> optional, MultivaluedMap<String, String> multivaluedMap, Optional<String> optional2) throws AccessDeniedException {
        try {
            ProtocolHeaders detectProtocol = ProtocolHeaders.detectProtocol(optional2, multivaluedMap.keySet());
            Identity buildSessionIdentity = buildSessionIdentity(optional, detectProtocol, multivaluedMap);
            Identity buildSessionOriginalIdentity = buildSessionOriginalIdentity(buildSessionIdentity, detectProtocol, multivaluedMap);
            this.accessControl.checkCanSetUser(buildSessionOriginalIdentity.getPrincipal(), buildSessionOriginalIdentity.getUser());
            optional.ifPresent(identity -> {
                if (identity.getUser().equals(buildSessionOriginalIdentity.getUser())) {
                    return;
                }
                this.accessControl.checkCanImpersonateUser(Identity.from(identity).withEnabledRoles(this.metadata.listEnabledRoles(identity)).build(), buildSessionOriginalIdentity.getUser());
            });
            if (!buildSessionOriginalIdentity.getUser().equals(buildSessionIdentity.getUser())) {
                this.accessControl.checkCanSetUser(buildSessionOriginalIdentity.getPrincipal(), buildSessionIdentity.getUser());
                this.accessControl.checkCanImpersonateUser(buildSessionOriginalIdentity, buildSessionIdentity.getUser());
            }
            return addEnabledRoles(buildSessionIdentity, parseSystemRoleHeaders(detectProtocol, multivaluedMap), this.metadata);
        } catch (ProtocolDetectionException e) {
            throw badRequest(e.getMessage());
        }
    }

    public static Identity addEnabledRoles(Identity identity, SelectedRole selectedRole, Metadata metadata) {
        if (selectedRole.getType() == SelectedRole.Type.NONE) {
            return identity;
        }
        Set listEnabledRoles = metadata.listEnabledRoles(identity);
        if (selectedRole.getType() == SelectedRole.Type.ROLE) {
            String str = (String) selectedRole.getRole().orElseThrow();
            if (!listEnabledRoles.contains(str)) {
                AccessDeniedException.denySetRole(str);
            }
            listEnabledRoles = ImmutableSet.of(str);
        }
        return Identity.from(identity).withEnabledRoles(listEnabledRoles).build();
    }

    private Identity buildSessionIdentity(Optional<Identity> optional, ProtocolHeaders protocolHeaders, MultivaluedMap<String, String> multivaluedMap) {
        String trimEmptyToNull = trimEmptyToNull((String) multivaluedMap.getFirst(protocolHeaders.requestUser()));
        String str = trimEmptyToNull != null ? trimEmptyToNull : (String) optional.map((v0) -> {
            return v0.getUser();
        }).orElse(null);
        assertRequest(str != null, "User must be set", new Object[0]);
        SelectedRole parseSystemRoleHeaders = parseSystemRoleHeaders(protocolHeaders, multivaluedMap);
        ImmutableSet.Builder builder = ImmutableSet.builder();
        if (parseSystemRoleHeaders.getType() == SelectedRole.Type.ROLE) {
            builder.add((String) parseSystemRoleHeaders.getRole().orElseThrow());
        }
        return ((Identity.Builder) optional.map(identity -> {
            return Identity.from(identity).withUser(str);
        }).orElseGet(() -> {
            return Identity.forUser(str);
        })).withEnabledRoles(builder.build()).withAdditionalConnectorRoles(parseConnectorRoleHeaders(protocolHeaders, multivaluedMap)).withAdditionalExtraCredentials(parseExtraCredentials(protocolHeaders, multivaluedMap)).withAdditionalGroups(this.groupProvider.getGroups(str)).build();
    }

    private Identity buildSessionOriginalIdentity(Identity identity, ProtocolHeaders protocolHeaders, MultivaluedMap<String, String> multivaluedMap) {
        return (Identity) Optional.ofNullable(trimEmptyToNull((String) multivaluedMap.getFirst(protocolHeaders.requestOriginalUser()))).map(str -> {
            return Identity.from(identity).withUser(str).withExtraCredentials(new HashMap()).withGroups(this.groupProvider.getGroups(str)).build();
        }).orElse(identity);
    }

    private static List<String> splitHttpHeader(MultivaluedMap<String, String> multivaluedMap, String str) {
        List list = (List) MoreObjects.firstNonNull((List) multivaluedMap.get(str), ImmutableList.of());
        Splitter omitEmptyStrings = Splitter.on(',').trimResults().omitEmptyStrings();
        Stream stream = list.stream();
        Objects.requireNonNull(omitEmptyStrings);
        return (List) stream.map((v1) -> {
            return r1.splitToList(v1);
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(ImmutableList.toImmutableList());
    }

    private static Map<String, String> parseSessionHeaders(ProtocolHeaders protocolHeaders, MultivaluedMap<String, String> multivaluedMap) {
        return parseProperty(multivaluedMap, protocolHeaders.requestSession());
    }

    private static SelectedRole parseSystemRoleHeaders(ProtocolHeaders protocolHeaders, MultivaluedMap<String, String> multivaluedMap) {
        return (SelectedRole) parseProperty(multivaluedMap, protocolHeaders.requestRole()).entrySet().stream().filter(entry -> {
            return ((String) entry.getKey()).equalsIgnoreCase(GlobalSystemConnector.NAME);
        }).map((v0) -> {
            return v0.getValue();
        }).map(str -> {
            return toSelectedRole(protocolHeaders, str);
        }).findFirst().orElse(new SelectedRole(SelectedRole.Type.ALL, Optional.empty()));
    }

    private static Map<String, SelectedRole> parseConnectorRoleHeaders(ProtocolHeaders protocolHeaders, MultivaluedMap<String, String> multivaluedMap) {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        parseProperty(multivaluedMap, protocolHeaders.requestRole()).forEach((str, str2) -> {
            if (str.equalsIgnoreCase(GlobalSystemConnector.NAME)) {
                return;
            }
            builder.put(str, toSelectedRole(protocolHeaders, str2));
        });
        return builder.buildOrThrow();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SelectedRole toSelectedRole(ProtocolHeaders protocolHeaders, String str) {
        try {
            return SelectedRole.valueOf(str);
        } catch (IllegalArgumentException e) {
            throw badRequest(String.format("Invalid %s header", protocolHeaders.requestRole()));
        }
    }

    private static Map<String, String> parseExtraCredentials(ProtocolHeaders protocolHeaders, MultivaluedMap<String, String> multivaluedMap) {
        return parseProperty(multivaluedMap, protocolHeaders.requestExtraCredential());
    }

    private static Map<String, String> parseProperty(MultivaluedMap<String, String> multivaluedMap, String str) {
        HashMap hashMap = new HashMap();
        Iterator<String> it = splitHttpHeader(multivaluedMap, str).iterator();
        while (it.hasNext()) {
            List splitToList = Splitter.on('=').trimResults().splitToList(it.next());
            assertRequest(splitToList.size() == 2, "Invalid %s header", str);
            try {
                hashMap.put((String) splitToList.get(0), urlDecode((String) splitToList.get(1)));
            } catch (IllegalArgumentException e) {
                throw badRequest(String.format("Invalid %s header: %s", str, e));
            }
        }
        return hashMap;
    }

    private static Set<String> parseClientTags(ProtocolHeaders protocolHeaders, MultivaluedMap<String, String> multivaluedMap) {
        return ImmutableSet.copyOf(Splitter.on(',').trimResults().omitEmptyStrings().split(Strings.nullToEmpty((String) multivaluedMap.getFirst(protocolHeaders.requestClientTags()))));
    }

    private static Set<String> parseClientCapabilities(ProtocolHeaders protocolHeaders, MultivaluedMap<String, String> multivaluedMap) {
        return ImmutableSet.copyOf(Splitter.on(',').trimResults().omitEmptyStrings().split(Strings.nullToEmpty((String) multivaluedMap.getFirst(protocolHeaders.requestClientCapabilities()))));
    }

    private static ResourceEstimates parseResourceEstimate(ProtocolHeaders protocolHeaders, MultivaluedMap<String, String> multivaluedMap) {
        Session.ResourceEstimateBuilder resourceEstimateBuilder = new Session.ResourceEstimateBuilder();
        parseProperty(multivaluedMap, protocolHeaders.requestResourceEstimate()).forEach((str, str2) -> {
            try {
                String upperCase = str.toUpperCase(Locale.ENGLISH);
                boolean z = -1;
                switch (upperCase.hashCode()) {
                    case -1671340959:
                        if (upperCase.equals("PEAK_MEMORY")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 673383348:
                        if (upperCase.equals("EXECUTION_TIME")) {
                            z = false;
                            break;
                        }
                        break;
                    case 1313813284:
                        if (upperCase.equals("CPU_TIME")) {
                            z = true;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        resourceEstimateBuilder.setExecutionTime(Duration.valueOf(str2));
                        return;
                    case true:
                        resourceEstimateBuilder.setCpuTime(Duration.valueOf(str2));
                        return;
                    case true:
                        resourceEstimateBuilder.setPeakMemory(DataSize.valueOf(str2));
                        return;
                    default:
                        throw badRequest(String.format("Unsupported resource name %s", str));
                }
            } catch (IllegalArgumentException e) {
                throw badRequest(String.format("Unsupported format for resource estimate '%s': %s", str2, e));
            }
        });
        return resourceEstimateBuilder.build();
    }

    @FormatMethod
    private static void assertRequest(boolean z, String str, Object... objArr) {
        if (!z) {
            throw badRequest(String.format(str, objArr));
        }
    }

    private Map<String, String> parsePreparedStatementsHeaders(ProtocolHeaders protocolHeaders, MultivaluedMap<String, String> multivaluedMap) {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        parseProperty(multivaluedMap, protocolHeaders.requestPreparedStatement()).forEach((str, str2) -> {
            try {
                String urlDecode = urlDecode(str);
                String decodePreparedStatementFromHeader = this.preparedStatementEncoder.decodePreparedStatementFromHeader(str2);
                try {
                    new SqlParser().createStatement(decodePreparedStatementFromHeader);
                    builder.put(urlDecode, decodePreparedStatementFromHeader);
                } catch (ParsingException e) {
                    throw badRequest(String.format("Invalid %s header: %s", protocolHeaders.requestPreparedStatement(), e.getMessage()));
                }
            } catch (IllegalArgumentException e2) {
                throw badRequest(String.format("Invalid %s header: %s", protocolHeaders.requestPreparedStatement(), e2.getMessage()));
            }
        });
        return builder.buildOrThrow();
    }

    private static Optional<TransactionId> parseTransactionId(String str) {
        String trimEmptyToNull = trimEmptyToNull(str);
        if (trimEmptyToNull == null || trimEmptyToNull.equalsIgnoreCase("none")) {
            return Optional.empty();
        }
        try {
            return Optional.of(TransactionId.valueOf(trimEmptyToNull));
        } catch (Exception e) {
            throw badRequest(e.getMessage());
        }
    }

    private static WebApplicationException badRequest(String str) {
        throw new WebApplicationException(str, Response.status(Response.Status.BAD_REQUEST).type("text/plain").entity(str).build());
    }

    private static String trimEmptyToNull(String str) {
        return Strings.emptyToNull(Strings.nullToEmpty(str).trim());
    }

    private static String urlDecode(String str) {
        return URLDecoder.decode(str, StandardCharsets.UTF_8);
    }
}
