package org.apache.kyuubi.plugin.spark.authz.util;

import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.Signature;
import java.security.interfaces.ECPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.kyuubi.plugin.spark.authz.AccessControlException;
import org.apache.kyuubi.plugin.spark.authz.AccessControlException$;
import org.apache.kyuubi.util.SemanticVersion;
import org.apache.kyuubi.util.SemanticVersion$;
import org.apache.kyuubi.util.reflect.DynConstructors;
import org.apache.kyuubi.util.reflect.ReflectUtils$;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.apache.spark.SparkContext;
import org.apache.spark.package$;
import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan;
import org.apache.spark.sql.catalyst.plans.logical.View;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.TraversableOnce;
import scala.runtime.BoxesRunTime;
import scala.runtime.Nothing$;
import scala.util.Properties$;

/* compiled from: AuthZUtils.scala */
/* loaded from: input_file:org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils$.class */
public final class AuthZUtils$ {
    public static AuthZUtils$ MODULE$;
    private boolean isRanger21orGreater;
    private SemanticVersion SPARK_RUNTIME_VERSION;
    private boolean isSparkV32OrGreater;
    private boolean isSparkV33OrGreater;
    private boolean isSparkV34OrGreater;
    private boolean isSparkV35OrGreater;
    private boolean isSparkV40OrGreater;
    private SemanticVersion SCALA_RUNTIME_VERSION;
    private boolean isScalaV213;
    private volatile int bitmap$0;

    static {
        new AuthZUtils$();
    }

    public UserGroupInformation getAuthzUgi(SparkContext sparkContext) {
        boolean z = sparkContext.getConf().getBoolean(new StringBuilder(38).append("spark.").append("kyuubi.session.user.sign.enabled").toString(), false);
        String localProperty = sparkContext.getLocalProperty("kyuubi.session.user");
        if (z) {
            verifyKyuubiSessionUser(sparkContext, localProperty);
        }
        if (localProperty != null) {
            String shortUserName = UserGroupInformation.getCurrentUser().getShortUserName();
            if (localProperty != null ? !localProperty.equals(shortUserName) : shortUserName != null) {
                return UserGroupInformation.createRemoteUser(localProperty);
            }
        }
        return UserGroupInformation.getCurrentUser();
    }

    public boolean hasResolvedPermanentView(LogicalPlan logicalPlan) {
        if (!(logicalPlan instanceof View)) {
            return false;
        }
        View view = (View) logicalPlan;
        return view.resolved() && !BoxesRunTime.unboxToBoolean(ReflectUtils$.MODULE$.getField(view, "isTempView"));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9, types: [org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils$] */
    private boolean isRanger21orGreater$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if ((this.bitmap$0 & 1) == 0) {
                this.isRanger21orGreater = liftedTree1$1();
                r0 = this;
                r0.bitmap$0 = this.bitmap$0 | 1;
            }
        }
        return this.isRanger21orGreater;
    }

    public boolean isRanger21orGreater() {
        return (this.bitmap$0 & 1) == 0 ? isRanger21orGreater$lzycompute() : this.isRanger21orGreater;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9, types: [org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils$] */
    private SemanticVersion SPARK_RUNTIME_VERSION$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if ((this.bitmap$0 & 2) == 0) {
                this.SPARK_RUNTIME_VERSION = SemanticVersion$.MODULE$.apply(package$.MODULE$.SPARK_VERSION());
                r0 = this;
                r0.bitmap$0 = this.bitmap$0 | 2;
            }
        }
        return this.SPARK_RUNTIME_VERSION;
    }

    public SemanticVersion SPARK_RUNTIME_VERSION() {
        return (this.bitmap$0 & 2) == 0 ? SPARK_RUNTIME_VERSION$lzycompute() : this.SPARK_RUNTIME_VERSION;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9, types: [org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils$] */
    private boolean isSparkV32OrGreater$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if ((this.bitmap$0 & 4) == 0) {
                this.isSparkV32OrGreater = SPARK_RUNTIME_VERSION().$greater$eq("3.2");
                r0 = this;
                r0.bitmap$0 = this.bitmap$0 | 4;
            }
        }
        return this.isSparkV32OrGreater;
    }

    public boolean isSparkV32OrGreater() {
        return (this.bitmap$0 & 4) == 0 ? isSparkV32OrGreater$lzycompute() : this.isSparkV32OrGreater;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9, types: [org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils$] */
    private boolean isSparkV33OrGreater$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if ((this.bitmap$0 & 8) == 0) {
                this.isSparkV33OrGreater = SPARK_RUNTIME_VERSION().$greater$eq("3.3");
                r0 = this;
                r0.bitmap$0 = this.bitmap$0 | 8;
            }
        }
        return this.isSparkV33OrGreater;
    }

    public boolean isSparkV33OrGreater() {
        return (this.bitmap$0 & 8) == 0 ? isSparkV33OrGreater$lzycompute() : this.isSparkV33OrGreater;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9, types: [org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils$] */
    private boolean isSparkV34OrGreater$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if ((this.bitmap$0 & 16) == 0) {
                this.isSparkV34OrGreater = SPARK_RUNTIME_VERSION().$greater$eq("3.4");
                r0 = this;
                r0.bitmap$0 = this.bitmap$0 | 16;
            }
        }
        return this.isSparkV34OrGreater;
    }

    public boolean isSparkV34OrGreater() {
        return (this.bitmap$0 & 16) == 0 ? isSparkV34OrGreater$lzycompute() : this.isSparkV34OrGreater;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9, types: [org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils$] */
    private boolean isSparkV35OrGreater$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if ((this.bitmap$0 & 32) == 0) {
                this.isSparkV35OrGreater = SPARK_RUNTIME_VERSION().$greater$eq("3.5");
                r0 = this;
                r0.bitmap$0 = this.bitmap$0 | 32;
            }
        }
        return this.isSparkV35OrGreater;
    }

    public boolean isSparkV35OrGreater() {
        return (this.bitmap$0 & 32) == 0 ? isSparkV35OrGreater$lzycompute() : this.isSparkV35OrGreater;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9, types: [org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils$] */
    private boolean isSparkV40OrGreater$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if ((this.bitmap$0 & 64) == 0) {
                this.isSparkV40OrGreater = SPARK_RUNTIME_VERSION().$greater$eq("4.0");
                r0 = this;
                r0.bitmap$0 = this.bitmap$0 | 64;
            }
        }
        return this.isSparkV40OrGreater;
    }

    public boolean isSparkV40OrGreater() {
        return (this.bitmap$0 & 64) == 0 ? isSparkV40OrGreater$lzycompute() : this.isSparkV40OrGreater;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9, types: [org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils$] */
    private SemanticVersion SCALA_RUNTIME_VERSION$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if ((this.bitmap$0 & 128) == 0) {
                this.SCALA_RUNTIME_VERSION = SemanticVersion$.MODULE$.apply(Properties$.MODULE$.versionNumberString());
                r0 = this;
                r0.bitmap$0 = this.bitmap$0 | 128;
            }
        }
        return this.SCALA_RUNTIME_VERSION;
    }

    public SemanticVersion SCALA_RUNTIME_VERSION() {
        return (this.bitmap$0 & 128) == 0 ? SCALA_RUNTIME_VERSION$lzycompute() : this.SCALA_RUNTIME_VERSION;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9, types: [org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils$] */
    private boolean isScalaV213$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if ((this.bitmap$0 & 256) == 0) {
                this.isScalaV213 = SCALA_RUNTIME_VERSION().$greater$eq("2.13");
                r0 = this;
                r0.bitmap$0 = this.bitmap$0 | 256;
            }
        }
        return this.isScalaV213;
    }

    public boolean isScalaV213() {
        return (this.bitmap$0 & 256) == 0 ? isScalaV213$lzycompute() : this.isScalaV213;
    }

    public String derbyJdbcDriverClass() {
        return isSparkV40OrGreater() ? "org.apache.derby.iapi.jdbc.AutoloadedDriver" : "org.apache.derby.jdbc.AutoloadedDriver";
    }

    public String quoteIfNeeded(String str) {
        return (!str.matches("[a-zA-Z0-9_]+") || str.matches("\\d+")) ? new StringBuilder(2).append("`").append(str.replace("`", "``")).append("`").toString() : str;
    }

    public String quote(Seq<String> seq) {
        return ((TraversableOnce) seq.map(str -> {
            return MODULE$.quoteIfNeeded(str);
        }, Seq$.MODULE$.canBuildFrom())).mkString(".");
    }

    private void verifyKyuubiSessionUser(SparkContext sparkContext, String str) {
        try {
            String localProperty = sparkContext.getLocalProperty("kyuubi.session.sign.publickey");
            String localProperty2 = sparkContext.getLocalProperty("kyuubi.session.user.sign");
            if (StringUtils.isAnyBlank(new CharSequence[]{str, localProperty, localProperty2})) {
                throw illegalAccessWithUnverifiedUser$1(str);
            }
            if (!verifySignWithECDSA(str, localProperty2, localProperty)) {
                throw illegalAccessWithUnverifiedUser$1(str);
            }
        } catch (Exception unused) {
            throw illegalAccessWithUnverifiedUser$1(str);
        }
    }

    private boolean verifySignWithECDSA(String str, String str2, String str3) {
        ECPublicKey eCPublicKey = (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str3)));
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initVerify(eCPublicKey);
        signature.update(str.getBytes(StandardCharsets.UTF_8));
        return signature.verify(Base64.getDecoder().decode(str2));
    }

    private static final /* synthetic */ boolean liftedTree1$1() {
        try {
            DynConstructors.builder().impl(RangerBasePlugin.class, String.class, String.class, String.class).buildChecked();
            return true;
        } catch (NoSuchMethodException unused) {
            return false;
        }
    }

    private static final Nothing$ illegalAccessWithUnverifiedUser$1(String str) {
        throw new AccessControlException(new StringBuilder(26).append("Invalid user identifier [").append(str).append("]").toString(), AccessControlException$.MODULE$.$lessinit$greater$default$2());
    }

    private AuthZUtils$() {
        MODULE$ = this;
    }
}
