package org.apache.druid.server.security;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import java.util.Collections;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.druid.error.DruidException;
import org.apache.druid.query.policy.NoRestrictionPolicy;
import org.apache.druid.query.policy.Policy;
import org.apache.druid.segment.loading.LocalDataSegmentPuller;

/* loaded from: input_file:org/apache/druid/server/security/AuthorizationResult.class */
public class AuthorizationResult {
    public static final AuthorizationResult ALLOW_NO_RESTRICTION = new AuthorizationResult(Permission.ALLOW_NO_RESTRICTION, null, Collections.emptyMap());
    public static final AuthorizationResult DENY = new AuthorizationResult(Permission.DENY, Access.DENIED.getMessage(), Collections.emptyMap());
    private final Permission permission;

    @Nullable
    private final String failureMessage;
    private final Map<String, Optional<Policy>> policyRestrictions;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/druid/server/security/AuthorizationResult$Permission.class */
    public enum Permission {
        ALLOW_NO_RESTRICTION,
        ALLOW_WITH_RESTRICTION,
        DENY
    }

    AuthorizationResult(Permission permission, @Nullable String str, Map<String, Optional<Policy>> map) {
        this.permission = permission;
        this.failureMessage = str;
        this.policyRestrictions = map;
        switch (AnonymousClass1.$SwitchMap$org$apache$druid$server$security$AuthorizationResult$Permission[permission.ordinal()]) {
            case 1:
                validateFailureMessageIsSet();
                validatePolicyRestrictionEmpty();
                return;
            case 2:
                validateFailureMessageNull();
                validatePolicyRestrictionNonEmpty();
                return;
            case LocalDataSegmentPuller.DEFAULT_RETRY_COUNT /* 3 */:
                validateFailureMessageNull();
                validatePolicyRestrictionEmpty();
                return;
            default:
                throw DruidException.defensive("unreachable", new Object[0]);
        }
    }

    public static AuthorizationResult deny(@Nonnull String str) {
        return new AuthorizationResult(Permission.DENY, str, Collections.emptyMap());
    }

    public static AuthorizationResult allowWithRestriction(Map<String, Optional<Policy>> map) {
        return map.isEmpty() ? ALLOW_NO_RESTRICTION : new AuthorizationResult(Permission.ALLOW_WITH_RESTRICTION, null, map);
    }

    public boolean allowBasicAccess() {
        return Permission.ALLOW_NO_RESTRICTION.equals(this.permission) || Permission.ALLOW_WITH_RESTRICTION.equals(this.permission);
    }

    public boolean allowAccessWithNoRestriction() {
        return Permission.ALLOW_NO_RESTRICTION.equals(this.permission) || (Permission.ALLOW_WITH_RESTRICTION.equals(this.permission) && this.policyRestrictions.values().stream().flatMap((v0) -> {
            return v0.stream();
        }).allMatch(policy -> {
            return policy instanceof NoRestrictionPolicy;
        }));
    }

    public String getErrorMessage() {
        switch (this.permission) {
            case DENY:
                return (String) Objects.requireNonNull(this.failureMessage);
            case ALLOW_WITH_RESTRICTION:
                if (!allowAccessWithNoRestriction()) {
                    return Access.DEFAULT_ERROR_MESSAGE;
                }
                break;
        }
        throw DruidException.defensive("unreachable", new Object[0]);
    }

    public Map<String, Optional<Policy>> getPolicyMap() {
        return this.policyRestrictions;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        AuthorizationResult authorizationResult = (AuthorizationResult) obj;
        return Objects.equals(this.permission, authorizationResult.permission) && Objects.equals(this.failureMessage, authorizationResult.failureMessage) && Objects.equals(this.policyRestrictions, authorizationResult.policyRestrictions);
    }

    public int hashCode() {
        return Objects.hash(this.permission, this.failureMessage, this.policyRestrictions);
    }

    public String toString() {
        return "AuthorizationResult [permission=" + String.valueOf(this.permission) + ", failureMessage=" + this.failureMessage + ", policyRestrictions=" + String.valueOf(this.policyRestrictions) + "]";
    }

    private void validateFailureMessageIsSet() {
        Preconditions.checkArgument(!Strings.isNullOrEmpty(this.failureMessage), "Failure message must be set for permission[%s]", this.permission);
    }

    private void validateFailureMessageNull() {
        Preconditions.checkArgument(this.failureMessage == null, "Failure message must be null for permission[%s]", this.permission);
    }

    private void validatePolicyRestrictionEmpty() {
        Preconditions.checkArgument(this.policyRestrictions.isEmpty(), "Policy restrictions not allowed for permission[%s]", this.permission);
    }

    private void validatePolicyRestrictionNonEmpty() {
        Preconditions.checkArgument(!this.policyRestrictions.isEmpty(), "Policy restrictions must exist for permission[%s]", this.permission);
    }
}
