package org.apache.atlas.authorize.simple;

import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.AtlasException;
import org.apache.atlas.authorize.AtlasAccessRequest;
import org.apache.atlas.authorize.AtlasActionTypes;
import org.apache.atlas.authorize.AtlasAuthorizationException;
import org.apache.atlas.authorize.AtlasAuthorizer;
import org.apache.atlas.authorize.AtlasResourceTypes;
import org.apache.atlas.utils.PropertiesUtil;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.io.IOCase;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/atlas/authorize/simple/SimpleAtlasAuthorizer.class */
public final class SimpleAtlasAuthorizer implements AtlasAuthorizer {
    private static final Logger LOG = LoggerFactory.getLogger(SimpleAtlasAuthorizer.class);
    private static final String WILDCARD_ASTERISK = "*";
    private static final String WILDCARDS = "*?";
    private boolean isDebugEnabled = LOG.isDebugEnabled();
    private boolean optIgnoreCase = false;
    private Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null;
    private Map<String, Map<AtlasResourceTypes, List<String>>> userWriteMap = null;
    private Map<String, Map<AtlasResourceTypes, List<String>>> userUpdateMap = null;
    private Map<String, Map<AtlasResourceTypes, List<String>>> userDeleteMap = null;
    private Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null;
    private Map<String, Map<AtlasResourceTypes, List<String>>> groupWriteMap = null;
    private Map<String, Map<AtlasResourceTypes, List<String>>> groupUpdateMap = null;
    private Map<String, Map<AtlasResourceTypes, List<String>>> groupDeleteMap = null;

    /* renamed from: org.apache.atlas.authorize.simple.SimpleAtlasAuthorizer$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/atlas/authorize/simple/SimpleAtlasAuthorizer$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$atlas$authorize$AtlasActionTypes = new int[AtlasActionTypes.values().length];

        static {
            try {
                $SwitchMap$org$apache$atlas$authorize$AtlasActionTypes[AtlasActionTypes.READ.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$atlas$authorize$AtlasActionTypes[AtlasActionTypes.CREATE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$atlas$authorize$AtlasActionTypes[AtlasActionTypes.UPDATE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$atlas$authorize$AtlasActionTypes[AtlasActionTypes.DELETE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* loaded from: input_file:org/apache/atlas/authorize/simple/SimpleAtlasAuthorizer$AtlasAccessorTypes.class */
    public enum AtlasAccessorTypes {
        USER,
        GROUP
    }

    @Override // org.apache.atlas.authorize.AtlasAuthorizer
    public void init() {
        if (this.isDebugEnabled) {
            LOG.debug("==> SimpleAtlasAuthorizer init");
        }
        try {
            PolicyUtil policyUtil = new PolicyUtil();
            PolicyParser policyParser = new PolicyParser();
            this.optIgnoreCase = Boolean.valueOf(PropertiesUtil.getProperty("optIgnoreCase", "false")).booleanValue();
            if (this.isDebugEnabled) {
                LOG.debug("Read from PropertiesUtil --> optIgnoreCase :: " + this.optIgnoreCase);
            }
            String string = ApplicationProperties.get().getString("atlas.auth.policy.file", System.getProperty("atlas.conf") + "/policy-store.txt");
            if (this.isDebugEnabled) {
                LOG.debug("Loading Apache Atlas policies from : " + string);
            }
            List<PolicyDef> parsePolicies = policyParser.parsePolicies(FileReaderUtil.readFile(string));
            this.userReadMap = policyUtil.createPermissionMap(parsePolicies, AtlasActionTypes.READ, AtlasAccessorTypes.USER);
            this.userWriteMap = policyUtil.createPermissionMap(parsePolicies, AtlasActionTypes.CREATE, AtlasAccessorTypes.USER);
            this.userUpdateMap = policyUtil.createPermissionMap(parsePolicies, AtlasActionTypes.UPDATE, AtlasAccessorTypes.USER);
            this.userDeleteMap = policyUtil.createPermissionMap(parsePolicies, AtlasActionTypes.DELETE, AtlasAccessorTypes.USER);
            this.groupReadMap = policyUtil.createPermissionMap(parsePolicies, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
            this.groupWriteMap = policyUtil.createPermissionMap(parsePolicies, AtlasActionTypes.CREATE, AtlasAccessorTypes.GROUP);
            this.groupUpdateMap = policyUtil.createPermissionMap(parsePolicies, AtlasActionTypes.UPDATE, AtlasAccessorTypes.GROUP);
            this.groupDeleteMap = policyUtil.createPermissionMap(parsePolicies, AtlasActionTypes.DELETE, AtlasAccessorTypes.GROUP);
            if (this.isDebugEnabled) {
                LOG.debug("\n\nUserReadMap :: " + this.userReadMap + "\nGroupReadMap :: " + this.groupReadMap);
                LOG.debug("\n\nUserWriteMap :: " + this.userWriteMap + "\nGroupWriteMap :: " + this.groupWriteMap);
                LOG.debug("\n\nUserUpdateMap :: " + this.userUpdateMap + "\nGroupUpdateMap :: " + this.groupUpdateMap);
                LOG.debug("\n\nUserDeleteMap :: " + this.userDeleteMap + "\nGroupDeleteMap :: " + this.groupDeleteMap);
            }
        } catch (IOException | AtlasException e) {
            if (LOG.isErrorEnabled()) {
                LOG.error("SimpleAtlasAuthorizer could not be initialized properly due to : ", e);
            }
        }
    }

    @Override // org.apache.atlas.authorize.AtlasAuthorizer
    public boolean isAccessAllowed(AtlasAccessRequest atlasAccessRequest) throws AtlasAuthorizationException {
        boolean checkAccessForGroups;
        if (this.isDebugEnabled) {
            LOG.debug("==> SimpleAtlasAuthorizer isAccessAllowed");
            LOG.debug("isAccessAllowd(" + atlasAccessRequest + ")");
        }
        String user = atlasAccessRequest.getUser();
        Set<String> userGroups = atlasAccessRequest.getUserGroups();
        AtlasActionTypes action = atlasAccessRequest.getAction();
        String resource = atlasAccessRequest.getResource();
        Set<AtlasResourceTypes> resourceTypes = atlasAccessRequest.getResourceTypes();
        if (this.isDebugEnabled) {
            LOG.debug("Checking for :: \nUser :: " + user + "\nGroups :: " + userGroups + "\nAction :: " + action + "\nResource :: " + resource);
        }
        boolean z = user != null;
        boolean z2 = userGroups != null;
        if ((!z && !z2) || action == null || resource == null) {
            if (this.isDebugEnabled) {
                LOG.debug("Please check the formation AtlasAccessRequest.");
            }
            return false;
        }
        if (this.isDebugEnabled) {
            LOG.debug("checkAccess for Operation :: " + action + " on Resource " + resourceTypes + ":" + resource);
        }
        switch (AnonymousClass1.$SwitchMap$org$apache$atlas$authorize$AtlasActionTypes[action.ordinal()]) {
            case 1:
                boolean checkAccess = checkAccess(user, resourceTypes, resource, this.userReadMap);
                checkAccessForGroups = !checkAccess ? checkAccessForGroups(userGroups, resourceTypes, resource, this.groupReadMap) : checkAccess;
                break;
            case PolicyParser.GROUP_INDEX /* 2 */:
                boolean checkAccess2 = checkAccess(user, resourceTypes, resource, this.userWriteMap);
                checkAccessForGroups = !checkAccess2 ? checkAccessForGroups(userGroups, resourceTypes, resource, this.groupWriteMap) : checkAccess2;
                break;
            case PolicyParser.RESOURCE_INDEX /* 3 */:
                boolean checkAccess3 = checkAccess(user, resourceTypes, resource, this.userUpdateMap);
                checkAccessForGroups = !checkAccess3 ? checkAccessForGroups(userGroups, resourceTypes, resource, this.groupUpdateMap) : checkAccess3;
                break;
            case 4:
                boolean checkAccess4 = checkAccess(user, resourceTypes, resource, this.userDeleteMap);
                checkAccessForGroups = !checkAccess4 ? checkAccessForGroups(userGroups, resourceTypes, resource, this.groupDeleteMap) : checkAccess4;
                break;
            default:
                if (this.isDebugEnabled) {
                    LOG.debug("Invalid Action " + action + "\nRaising AtlasAuthorizationException!!!");
                }
                throw new AtlasAuthorizationException("Invalid Action :: " + action);
        }
        if (this.isDebugEnabled) {
            LOG.debug("<== SimpleAtlasAuthorizer isAccessAllowed = " + checkAccessForGroups);
        }
        return checkAccessForGroups;
    }

    private boolean checkAccess(String str, Set<AtlasResourceTypes> set, String str2, Map<String, Map<AtlasResourceTypes, List<String>>> map) {
        if (this.isDebugEnabled) {
            LOG.debug("==> SimpleAtlasAuthorizer checkAccess");
            LOG.debug("Now checking access for accessor : " + str + "\nResource Types : " + set + "\nResource : " + str2 + "\nMap : " + map);
        }
        boolean z = true;
        Map<AtlasResourceTypes, List<String>> map2 = map.get(str);
        if (map2 != null) {
            Iterator<AtlasResourceTypes> it = set.iterator();
            while (it.hasNext()) {
                List<String> list = map2.get(it.next());
                if (this.isDebugEnabled) {
                    LOG.debug("\nChecking for resource : " + str2 + " in list : " + list + "\n");
                }
                if (list != null) {
                    z = z && isMatch(str2, list);
                } else {
                    z = false;
                }
            }
        } else {
            z = false;
            if (this.isDebugEnabled) {
                LOG.debug("Key " + str + " missing. Returning with result : false");
            }
        }
        if (this.isDebugEnabled) {
            LOG.debug("Check for " + str + " :: " + z);
            LOG.debug("<== SimpleAtlasAuthorizer checkAccess");
        }
        return z;
    }

    private boolean checkAccessForGroups(Set<String> set, Set<AtlasResourceTypes> set2, String str, Map<String, Map<AtlasResourceTypes, List<String>>> map) {
        boolean z = false;
        if (this.isDebugEnabled) {
            LOG.debug("==> SimpleAtlasAuthorizer checkAccessForGroups");
        }
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            z = checkAccess(it.next(), set2, str, map);
            if (z) {
                break;
            }
        }
        if (this.isDebugEnabled) {
            LOG.debug("<== SimpleAtlasAuthorizer checkAccessForGroups");
        }
        return z;
    }

    private boolean resourceMatchHelper(List<String> list) {
        boolean z = false;
        if (this.isDebugEnabled) {
            LOG.debug("==> SimpleAtlasAuthorizer resourceMatchHelper");
        }
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            boolean z2 = 1 == 0;
            for (String str : list) {
                if (!StringUtils.isEmpty(str)) {
                    if (StringUtils.containsOnly(str, WILDCARD_ASTERISK)) {
                        z = true;
                    } else if (!z2 && StringUtils.containsAny(str, WILDCARDS)) {
                        z2 = true;
                    }
                    arrayList.add(str);
                }
            }
            boolean z3 = 1 != 0 && z2;
        } else {
            z = false;
        }
        if (this.isDebugEnabled) {
            LOG.debug("<== SimpleAtlasAuthorizer resourceMatchHelper");
        }
        return z;
    }

    private boolean isMatch(String str, List<String> list) {
        if (this.isDebugEnabled) {
            LOG.debug("==> SimpleAtlasAuthorizer isMatch");
        }
        boolean resourceMatchHelper = resourceMatchHelper(list);
        boolean z = false;
        if (!isAllValuesRequested(str) && !resourceMatchHelper) {
            for (String str2 : list) {
                z = str2.contains(WILDCARD_ASTERISK) ? this.optIgnoreCase ? FilenameUtils.wildcardMatch(str, str2, IOCase.INSENSITIVE) : FilenameUtils.wildcardMatch(str, str2, IOCase.SENSITIVE) : this.optIgnoreCase ? StringUtils.equalsIgnoreCase(str, str2) : StringUtils.equals(str, str2);
                if (z) {
                    break;
                }
            }
        } else {
            z = resourceMatchHelper;
        }
        if (!z && this.isDebugEnabled) {
            StringBuilder sb = new StringBuilder();
            sb.append("[");
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                sb.append(it.next());
                sb.append(" ");
            }
            sb.append("]");
            LOG.debug("AtlasDefaultResourceMatcher.isMatch returns FALSE, (resource=" + str + ", policyValues=" + sb.toString() + ")");
        }
        if (this.isDebugEnabled) {
            LOG.debug("<== SimpleAtlasAuthorizer isMatch(" + str + "): " + z);
        }
        return z;
    }

    private boolean isAllValuesRequested(String str) {
        return StringUtils.isEmpty(str) || WILDCARD_ASTERISK.equals(str);
    }

    @Override // org.apache.atlas.authorize.AtlasAuthorizer
    public void cleanUp() {
        if (this.isDebugEnabled) {
            LOG.debug("==> +SimpleAtlasAuthorizer cleanUp");
        }
        this.userReadMap = null;
        this.userWriteMap = null;
        this.userUpdateMap = null;
        this.userDeleteMap = null;
        this.groupReadMap = null;
        this.groupWriteMap = null;
        this.groupUpdateMap = null;
        this.groupDeleteMap = null;
        if (this.isDebugEnabled) {
            LOG.debug("<== +SimpleAtlasAuthorizer cleanUp");
        }
    }

    @VisibleForTesting
    public void setResourcesForTesting(Map<String, Map<AtlasResourceTypes, List<String>>> map, Map<String, Map<AtlasResourceTypes, List<String>>> map2, AtlasActionTypes atlasActionTypes) {
        switch (AnonymousClass1.$SwitchMap$org$apache$atlas$authorize$AtlasActionTypes[atlasActionTypes.ordinal()]) {
            case 1:
                this.userReadMap = map;
                this.groupReadMap = map2;
                return;
            case PolicyParser.GROUP_INDEX /* 2 */:
                this.userWriteMap = map;
                this.groupWriteMap = map2;
                return;
            case PolicyParser.RESOURCE_INDEX /* 3 */:
                this.userUpdateMap = map;
                this.groupUpdateMap = map2;
                return;
            case 4:
                this.userDeleteMap = map;
                this.groupDeleteMap = map2;
                return;
            default:
                if (this.isDebugEnabled) {
                    LOG.debug("No such action available");
                    return;
                }
                return;
        }
    }
}
