package com.huawei.cdc.service.security;

import com.huawei.cdc.common.conf.CommonConfiguration;
import com.huawei.cdc.service.models.CDLResource;
import com.huawei.cdc.service.models.Operation;
import com.huawei.cdc.service.util.CommonConstants;
import java.io.IOException;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/cdc/service/security/SimpleAuthorizer.class */
public class SimpleAuthorizer implements IAuthorizer {
    private static final Logger LOG = LoggerFactory.getLogger(SimpleAuthorizer.class);
    private Set<String> cdlAdminGroupList;
    private Set<String> cdlNormalGroupList;
    private Set<String> cdlAdminUserList;
    private Set<Operation> userCommands = new HashSet(Arrays.asList(Operation.GET, Operation.CREATE));
    private JniBasedUnixGroupsMappingWithFallback jniBasedUnixGroupsMappingWithFallback = new JniBasedUnixGroupsMappingWithFallback();

    @Override // com.huawei.cdc.service.security.IAuthorizer
    public void prepare() {
        this.cdlAdminGroupList = new HashSet(Arrays.asList(CommonConfiguration.CDL_ADMIN_GROUPS.split(CommonConstants.COMMA)));
        this.cdlNormalGroupList = new HashSet(Arrays.asList(CommonConfiguration.CDL_GROUPS.split(CommonConstants.COMMA)));
        this.cdlAdminUserList = new HashSet(Arrays.asList(CommonConfiguration.CDL_ADMIN_USERS.split(CommonConstants.COMMA)));
    }

    @Override // com.huawei.cdc.service.security.IAuthorizer
    public boolean authorize(HttpServletRequest httpServletRequest, CDLResource cDLResource, Operation operation) {
        String shortName = getShortName(httpServletRequest.getUserPrincipal());
        if (null == shortName) {
            return false;
        }
        if (shortName.equals(cDLResource.getOwner()) || this.cdlAdminUserList.contains(shortName)) {
            return true;
        }
        HashSet hashSet = new HashSet();
        try {
            hashSet.addAll(this.jniBasedUnixGroupsMappingWithFallback.getGroups(shortName));
        } catch (IOException e) {
            LOG.warn("Error while trying to fetch user groups", e);
        }
        if (checkUserGroupAllowed(hashSet, this.cdlAdminGroupList).booleanValue()) {
            return true;
        }
        if (this.userCommands.contains(operation)) {
            return checkUserGroupAllowed(hashSet, this.cdlNormalGroupList).booleanValue();
        }
        return false;
    }

    private String getShortName(Principal principal) {
        if (principal == null) {
            return null;
        }
        return principal.getName().split("[/@]")[0];
    }

    private Boolean checkUserGroupAllowed(Set<String> set, Set<String> set2) {
        if (set.size() > 0 && set2.size() > 0) {
            Iterator<String> it = set2.iterator();
            while (it.hasNext()) {
                if (set.contains(it.next())) {
                    return true;
                }
            }
        }
        return false;
    }
}
