package org.apache.sentry.core.model.solr.validator;

import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.sentry.core.common.validator.PrivilegeValidator;
import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
import org.apache.sentry.core.model.solr.AdminOperation;
import org.apache.sentry.core.model.solr.SolrConstants;
import org.apache.shiro.config.ConfigurationException;

/* loaded from: input_file:org/apache/sentry/core/model/solr/validator/SolrPrivilegeValidator.class */
public class SolrPrivilegeValidator implements PrivilegeValidator {
    private static final Pattern PRIVILEGE_AUTHORIZABLE_REGEX = Pattern.compile("^(collection|admin|schema|config)\\s*=\\s*(\\S+)$", 2);
    private static final Pattern PRIVILEGE_ACTION_REGEX = Pattern.compile("^action\\s*=\\s*(query|update|\\*)$", 2);
    private String entityType;
    private String entityName;
    private String actionName;

    public void validate(PrivilegeValidatorContext privilegeValidatorContext) throws ConfigurationException {
        try {
            validate(privilegeValidatorContext.getPrivilege(), false);
        } catch (IllegalArgumentException e) {
            throw new ConfigurationException(e.getMessage());
        }
    }

    public void validate(String str, boolean z) {
        String[] split = str.split("->");
        Matcher matcher = PRIVILEGE_AUTHORIZABLE_REGEX.matcher(split[0].trim());
        if (!matcher.matches()) {
            throw new IllegalArgumentException("Invalid privilege String: " + str);
        }
        this.entityType = matcher.group(1).toLowerCase();
        this.entityName = matcher.group(2).toLowerCase();
        this.actionName = null;
        if (split.length > 1) {
            Matcher matcher2 = PRIVILEGE_ACTION_REGEX.matcher(split[1].trim());
            if (!matcher2.matches()) {
                throw new IllegalArgumentException("Invalid privilege String: " + str);
            }
            this.actionName = matcher2.group(1).toLowerCase();
        }
        if (z && this.actionName == null) {
            throw new IllegalArgumentException("Privilege is invalid: action required but not specified.");
        }
        extraPrivilegeValidation(this.entityType, this.entityName, this.actionName);
    }

    private void extraPrivilegeValidation(String str, String str2, String str3) {
        if ("admin".equals(str)) {
            if (!AdminOperation.ENTITY_NAMES.contains(str2)) {
                throw new IllegalArgumentException("Invalid entity name specified for the admin entity type. Valid names are " + AdminOperation.ENTITY_NAMES);
            }
            if (AdminOperation.METRICS.getName().equals(str2) && !SolrConstants.QUERY.equals(str3)) {
                throw new IllegalArgumentException("Invalid action specified for the metrics entity of type admin. Valid actions are [query]");
            }
        }
    }

    public String getEntityType() {
        return this.entityType;
    }

    public String getEntityName() {
        return this.entityName;
    }

    public String getActionName() {
        return this.actionName;
    }
}
