package org.apache.cassandra.cql3.statements;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import org.apache.batik.util.CSSConstants;
import org.apache.cassandra.auth.IRoleManager;
import org.apache.cassandra.auth.Permission;
import org.apache.cassandra.auth.RoleResource;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.cql3.ColumnIdentifier;
import org.apache.cassandra.cql3.ColumnSpecification;
import org.apache.cassandra.cql3.ResultSet;
import org.apache.cassandra.cql3.RoleName;
import org.apache.cassandra.db.marshal.BooleanType;
import org.apache.cassandra.db.marshal.MapType;
import org.apache.cassandra.db.marshal.UTF8Type;
import org.apache.cassandra.exceptions.InvalidRequestException;
import org.apache.cassandra.exceptions.RequestExecutionException;
import org.apache.cassandra.exceptions.RequestValidationException;
import org.apache.cassandra.exceptions.UnauthorizedException;
import org.apache.cassandra.service.ClientState;
import org.apache.cassandra.transport.messages.ResultMessage;

/* loaded from: input_file:org/apache/cassandra/cql3/statements/ListRolesStatement.class */
public class ListRolesStatement extends AuthorizationStatement {
    private static final String KS = "system_auth";
    private static final String CF = "roles";
    private static final MapType optionsType = MapType.getInstance(UTF8Type.instance, UTF8Type.instance, false);
    private static final List<ColumnSpecification> metadata = ImmutableList.of(new ColumnSpecification("system_auth", "roles", new ColumnIdentifier("role", true), UTF8Type.instance), new ColumnSpecification("system_auth", "roles", new ColumnIdentifier(CSSConstants.CSS_SUPER_VALUE, true), BooleanType.instance), new ColumnSpecification("system_auth", "roles", new ColumnIdentifier("login", true), BooleanType.instance), new ColumnSpecification("system_auth", "roles", new ColumnIdentifier(IndexPropDefs.KW_OPTIONS, true), optionsType));
    private final RoleResource grantee;
    private final boolean recursive;

    public ListRolesStatement() {
        this(new RoleName(), false);
    }

    public ListRolesStatement(RoleName roleName, boolean z) {
        this.grantee = roleName.hasName() ? RoleResource.role(roleName.getName()) : null;
        this.recursive = z;
    }

    @Override // org.apache.cassandra.cql3.CQLStatement
    public void validate(ClientState clientState) throws UnauthorizedException, InvalidRequestException {
        clientState.ensureNotAnonymous();
        if (this.grantee != null && !DatabaseDescriptor.getRoleManager().isExistingRole(this.grantee)) {
            throw new InvalidRequestException(String.format("%s doesn't exist", this.grantee));
        }
    }

    @Override // org.apache.cassandra.cql3.CQLStatement
    public void checkAccess(ClientState clientState) throws InvalidRequestException {
    }

    @Override // org.apache.cassandra.cql3.statements.AuthorizationStatement
    public ResultMessage execute(ClientState clientState) throws RequestValidationException, RequestExecutionException {
        if (DatabaseDescriptor.getAuthorizer().authorize(clientState.getUser(), RoleResource.root()).contains(Permission.DESCRIBE)) {
            return this.grantee == null ? resultMessage(DatabaseDescriptor.getRoleManager().getAllRoles()) : resultMessage(DatabaseDescriptor.getRoleManager().getRoles(this.grantee, this.recursive));
        }
        RoleResource role = RoleResource.role(clientState.getUser().getName());
        if (this.grantee == null) {
            return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(role, this.recursive));
        }
        if (DatabaseDescriptor.getRoleManager().getRoles(role, true).contains(this.grantee)) {
            return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(this.grantee, this.recursive));
        }
        throw new UnauthorizedException(String.format("You are not authorized to view roles granted to %s ", this.grantee.getRoleName()));
    }

    private ResultMessage resultMessage(Set<RoleResource> set) {
        if (set.isEmpty()) {
            return new ResultMessage.Void();
        }
        ArrayList newArrayList = Lists.newArrayList(set);
        Collections.sort(newArrayList);
        return formatResults(newArrayList);
    }

    protected ResultMessage formatResults(List<RoleResource> list) {
        ResultSet resultSet = new ResultSet(metadata);
        IRoleManager roleManager = DatabaseDescriptor.getRoleManager();
        for (RoleResource roleResource : list) {
            resultSet.addColumnValue(UTF8Type.instance.decompose(roleResource.getRoleName()));
            resultSet.addColumnValue(BooleanType.instance.decompose(Boolean.valueOf(roleManager.isSuper(roleResource))));
            resultSet.addColumnValue(BooleanType.instance.decompose(Boolean.valueOf(roleManager.canLogin(roleResource))));
            resultSet.addColumnValue(optionsType.decompose(roleManager.getCustomOptions(roleResource)));
        }
        return new ResultMessage.Rows(resultSet);
    }
}
