package org.apache.pulsar.sql.presto;

import com.google.common.annotations.VisibleForTesting;
import com.google.inject.Inject;
import io.airlift.log.Logger;
import io.trino.spi.StandardErrorCode;
import io.trino.spi.TrinoException;
import io.trino.spi.connector.ConnectorSession;
import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.client.api.PulsarClient;
import org.apache.pulsar.client.api.PulsarClientException;
import org.apache.pulsar.client.api.SubscriptionMode;
import org.apache.pulsar.client.api.SubscriptionType;

/* loaded from: input_file:org/apache/pulsar/sql/presto/PulsarAuth.class */
public class PulsarAuth {
    private static final Logger log = Logger.get(PulsarAuth.class);
    private final PulsarConnectorConfig pulsarConnectorConfig;
    private static final String CREDENTIALS_AUTH_PLUGIN = "auth-plugin";
    private static final String CREDENTIALS_AUTH_PARAMS = "auth-params";

    @VisibleForTesting
    final Map<String, Set<String>> authorizedQueryTopicsMap = new ConcurrentHashMap();

    @Inject
    public PulsarAuth(PulsarConnectorConfig pulsarConnectorConfig) {
        this.pulsarConnectorConfig = pulsarConnectorConfig;
        if (pulsarConnectorConfig.getAuthorizationEnabled() && StringUtils.isEmpty(pulsarConnectorConfig.getBrokerBinaryServiceUrl())) {
            throw new IllegalArgumentException("pulsar.broker-binary-service-url must be present when the pulsar.authorization-enable is true.");
        }
    }

    /* JADX WARN: Finally extract failed */
    public void checkTopicAuth(ConnectorSession connectorSession, String str) {
        if (this.authorizedQueryTopicsMap.computeIfAbsent(connectorSession.getQueryId(), str2 -> {
            return new HashSet();
        }).contains(str)) {
            if (log.isDebugEnabled()) {
                log.debug("The topic %s is already authorized.", new Object[]{str});
                return;
            }
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Checking the authorization for the topic: %s", new Object[]{str});
        }
        Map extraCredentials = connectorSession.getIdentity().getExtraCredentials();
        if (extraCredentials.isEmpty()) {
            throw new TrinoException(StandardErrorCode.QUERY_REJECTED, String.format("Failed to check the authorization for topic %s: The credential information is empty.", str));
        }
        String str3 = (String) extraCredentials.get(CREDENTIALS_AUTH_PLUGIN);
        String str4 = (String) extraCredentials.get(CREDENTIALS_AUTH_PARAMS);
        if (StringUtils.isEmpty(str3) || StringUtils.isEmpty(str4)) {
            throw new TrinoException(StandardErrorCode.QUERY_REJECTED, String.format("Failed to check the authorization for topic %s: Required credential parameters are missing. Please specify the auth-method and auth-params in the extra credentials.", str));
        }
        try {
            PulsarClient build = PulsarClient.builder().serviceUrl(this.pulsarConnectorConfig.getBrokerBinaryServiceUrl()).authentication(str3, str4).build();
            try {
                build.newConsumer().topic(new String[]{str}).subscriptionName("pulsar-sql-auth" + connectorSession.getQueryId()).subscriptionType(SubscriptionType.Exclusive).subscriptionMode(SubscriptionMode.NonDurable).startPaused(true).subscribe().close();
                this.authorizedQueryTopicsMap.computeIfPresent(connectorSession.getQueryId(), (str5, set) -> {
                    set.add(str);
                    return set;
                });
                if (log.isDebugEnabled()) {
                    log.debug("Check the authorization for the topic %s successfully.", new Object[]{str});
                }
                if (Collections.singletonList(build).get(0) != null) {
                    build.close();
                }
            } catch (Throwable th) {
                if (Collections.singletonList(build).get(0) != null) {
                    build.close();
                }
                throw th;
            }
        } catch (IOException e) {
            throw new TrinoException(StandardErrorCode.QUERY_REJECTED, String.format("Failed to check authorization for topic %s: %s", str, e.getLocalizedMessage()));
        } catch (PulsarClientException.AuthenticationException | PulsarClientException.AuthorizationException e2) {
            throw new TrinoException(StandardErrorCode.PERMISSION_DENIED, String.format("Failed to access topic %s: %s", str, e2.getLocalizedMessage()));
        }
    }

    public void cleanSession(ConnectorSession connectorSession) {
        this.authorizedQueryTopicsMap.remove(connectorSession.getQueryId());
    }
}
