package org.apache.kyuubi.plugin.spark.authz.util;

import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.Signature;
import java.security.interfaces.ECPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.kyuubi.plugin.spark.authz.AccessControlException;
import org.apache.kyuubi.plugin.spark.authz.AccessControlException$;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.apache.spark.SparkContext;
import org.apache.spark.package$;
import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan;
import org.apache.spark.sql.catalyst.plans.logical.View;
import scala.Array$;
import scala.Function2;
import scala.MatchError;
import scala.Option;
import scala.Predef$;
import scala.Tuple2;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.TraversableOnce;
import scala.collection.mutable.ArrayOps;
import scala.reflect.ClassTag$;
import scala.runtime.BoxesRunTime;
import scala.runtime.Nothing$;
import scala.util.Failure;
import scala.util.Success;
import scala.util.Try$;

/* compiled from: AuthZUtils.scala */
/* loaded from: input_file:org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils$.class */
public final class AuthZUtils$ {
    public static AuthZUtils$ MODULE$;
    private boolean isRanger21orGreater;
    private volatile boolean bitmap$0;

    static {
        new AuthZUtils$();
    }

    public <T> T getFieldVal(Object obj, String str) {
        Success apply = Try$.MODULE$.apply(() -> {
            Field declaredField = obj.getClass().getDeclaredField(str);
            declaredField.setAccessible(true);
            return declaredField.get(obj);
        });
        if (apply instanceof Success) {
            return (T) apply.value();
        }
        if (!(apply instanceof Failure)) {
            throw new MatchError(apply);
        }
        throw new RuntimeException(new StringBuilder(9).append(str).append(" not in ").append(obj.getClass()).append(" ").append(new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps((Object[]) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(obj.getClass().getDeclaredFields())).map(field -> {
            return field.getName();
        }, Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.apply(String.class))))).mkString("[", ",", "]")).toString(), ((Failure) apply).exception());
    }

    public <T> Option<T> getFieldValOpt(Object obj, String str) {
        return Try$.MODULE$.apply(() -> {
            return MODULE$.getFieldVal(obj, str);
        }).toOption();
    }

    public Object invoke(Object obj, String str, Seq<Tuple2<Class<?>, Object>> seq) {
        try {
            Tuple2 unzip = seq.unzip(Predef$.MODULE$.$conforms());
            if (unzip == null) {
                throw new MatchError(unzip);
            }
            Tuple2 tuple2 = new Tuple2((Seq) unzip._1(), (Seq) unzip._2());
            Seq seq2 = (Seq) tuple2._1();
            Seq seq3 = (Seq) tuple2._2();
            Method method = obj.getClass().getMethod(str, (Class[]) seq2.toArray(ClassTag$.MODULE$.apply(Class.class)));
            method.setAccessible(true);
            return method.invoke(obj, (Object[]) seq3.toArray(ClassTag$.MODULE$.AnyRef()));
        } catch (NoSuchMethodException e) {
            throw new RuntimeException(new StringBuilder(9).append(str).append(" not in ").append(obj.getClass()).append(" ").append(new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps((Object[]) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(obj.getClass().getMethods())).map(method2 -> {
                return method2.getName();
            }, Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.apply(String.class))))).mkString("[", ",", "]")).toString(), e);
        }
    }

    public <T> T invokeAs(Object obj, String str, Seq<Tuple2<Class<?>, Object>> seq) {
        return (T) invoke(obj, str, seq);
    }

    public Object invokeStatic(Class<?> cls, String str, Seq<Tuple2<Class<?>, Object>> seq) {
        Tuple2 unzip = seq.unzip(Predef$.MODULE$.$conforms());
        if (unzip == null) {
            throw new MatchError(unzip);
        }
        Tuple2 tuple2 = new Tuple2((Seq) unzip._1(), (Seq) unzip._2());
        Seq seq2 = (Seq) tuple2._1();
        Seq seq3 = (Seq) tuple2._2();
        Method method = cls.getMethod(str, (Class[]) seq2.toArray(ClassTag$.MODULE$.apply(Class.class)));
        method.setAccessible(true);
        return method.invoke(cls, (Object[]) seq3.toArray(ClassTag$.MODULE$.AnyRef()));
    }

    public <T> T invokeStaticAs(Class<?> cls, String str, Seq<Tuple2<Class<?>, Object>> seq) {
        return (T) invokeStatic(cls, str, seq);
    }

    public UserGroupInformation getAuthzUgi(SparkContext sparkContext) {
        boolean z = sparkContext.getConf().getBoolean(new StringBuilder(38).append("spark.").append("kyuubi.session.user.sign.enabled").toString(), false);
        String localProperty = sparkContext.getLocalProperty("kyuubi.session.user");
        if (z) {
            verifyKyuubiSessionUser(sparkContext, localProperty);
        }
        if (localProperty != null) {
            String shortUserName = UserGroupInformation.getCurrentUser().getShortUserName();
            if (localProperty != null ? !localProperty.equals(shortUserName) : shortUserName != null) {
                return UserGroupInformation.createRemoteUser(localProperty);
            }
        }
        return UserGroupInformation.getCurrentUser();
    }

    public boolean hasResolvedPermanentView(LogicalPlan logicalPlan) {
        if (!(logicalPlan instanceof View)) {
            return false;
        }
        View view = (View) logicalPlan;
        return view.resolved() && isSparkVersionAtLeast("3.1.0") && !BoxesRunTime.unboxToBoolean(getFieldVal(view, "isTempView"));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8, types: [org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils$] */
    private boolean isRanger21orGreater$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.isRanger21orGreater = liftedTree1$1();
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        return this.isRanger21orGreater;
    }

    public boolean isRanger21orGreater() {
        return !this.bitmap$0 ? isRanger21orGreater$lzycompute() : this.isRanger21orGreater;
    }

    public boolean isSparkVersionAtMost(String str) {
        return SemanticVersion$.MODULE$.apply(package$.MODULE$.SPARK_VERSION()).isVersionAtMost(str);
    }

    public boolean isSparkVersionAtLeast(String str) {
        return SemanticVersion$.MODULE$.apply(package$.MODULE$.SPARK_VERSION()).isVersionAtLeast(str);
    }

    public boolean isSparkVersionEqualTo(String str) {
        return SemanticVersion$.MODULE$.apply(package$.MODULE$.SPARK_VERSION()).isVersionEqualTo(str);
    }

    public Function2<Option<String>, Option<String>, Object> passSparkVersionCheck() {
        return (option, option2) -> {
            return BoxesRunTime.boxToBoolean($anonfun$passSparkVersionCheck$1(option, option2));
        };
    }

    public String quoteIfNeeded(String str) {
        return (!str.matches("[a-zA-Z0-9_]+") || str.matches("\\d+")) ? new StringBuilder(2).append("`").append(str.replace("`", "``")).append("`").toString() : str;
    }

    public String quote(Seq<String> seq) {
        return ((TraversableOnce) seq.map(str -> {
            return MODULE$.quoteIfNeeded(str);
        }, Seq$.MODULE$.canBuildFrom())).mkString(".");
    }

    private void verifyKyuubiSessionUser(SparkContext sparkContext, String str) {
        try {
            String localProperty = sparkContext.getLocalProperty("kyuubi.session.sign.publickey");
            String localProperty2 = sparkContext.getLocalProperty("kyuubi.session.user.sign");
            if (StringUtils.isAnyBlank(new CharSequence[]{str, localProperty, localProperty2})) {
                throw illegalAccessWithUnverifiedUser$1(str);
            }
            if (!verifySignWithECDSA(str, localProperty2, localProperty)) {
                throw illegalAccessWithUnverifiedUser$1(str);
            }
        } catch (Exception unused) {
            throw illegalAccessWithUnverifiedUser$1(str);
        }
    }

    private boolean verifySignWithECDSA(String str, String str2, String str3) {
        ECPublicKey eCPublicKey = (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str3)));
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initVerify(eCPublicKey);
        signature.update(str.getBytes(StandardCharsets.UTF_8));
        return signature.verify(Base64.getDecoder().decode(str2));
    }

    private static final /* synthetic */ boolean liftedTree1$1() {
        try {
            RangerBasePlugin.class.getConstructor(String.class, String.class, String.class);
            return true;
        } catch (NoSuchMethodException unused) {
            return false;
        }
    }

    public static final /* synthetic */ boolean $anonfun$passSparkVersionCheck$2(String str) {
        return MODULE$.isSparkVersionAtMost(str);
    }

    public static final /* synthetic */ boolean $anonfun$passSparkVersionCheck$3(String str) {
        return MODULE$.isSparkVersionAtLeast(str);
    }

    public static final /* synthetic */ boolean $anonfun$passSparkVersionCheck$1(Option option, Option option2) {
        return option.forall(str -> {
            return BoxesRunTime.boxToBoolean($anonfun$passSparkVersionCheck$2(str));
        }) && option2.forall(str2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$passSparkVersionCheck$3(str2));
        });
    }

    private static final Nothing$ illegalAccessWithUnverifiedUser$1(String str) {
        throw new AccessControlException(new StringBuilder(26).append("Invalid user identifier [").append(str).append("]").toString(), AccessControlException$.MODULE$.$lessinit$greater$default$2());
    }

    private AuthZUtils$() {
        MODULE$ = this;
    }
}
