package org.apache.ranger.biz;

import com.google.gson.GsonBuilder;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.PostConstruct;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.ListUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.RangerRoleCache;
import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.common.db.RangerTransactionSynchronizationAdapter;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXRole;
import org.apache.ranger.entity.XXRoleRefGroup;
import org.apache.ranger.entity.XXRoleRefUser;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.entity.XXServiceVersionInfo;
import org.apache.ranger.plugin.model.RangerRole;
import org.apache.ranger.plugin.store.AbstractPredicateUtil;
import org.apache.ranger.plugin.store.RolePredicateUtil;
import org.apache.ranger.plugin.store.RoleStore;
import org.apache.ranger.plugin.util.RangerRoles;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.service.RangerRoleService;
import org.apache.ranger.service.XUserService;
import org.apache.ranger.view.RangerRoleList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/apache/ranger/biz/RoleDBStore.class */
public class RoleDBStore implements RoleStore {
    private static final Log LOG = LogFactory.getLog(RoleDBStore.class);
    private static final String RANGER_ROLE_GLOBAL_STATE_NAME = "RangerRole";

    @Autowired
    RangerRoleService roleService;

    @Autowired
    XUserService xUserService;

    @Autowired
    RangerDaoManager daoMgr;

    @Autowired
    RESTErrorUtil restErrorUtil;

    @Autowired
    RoleRefUpdater roleRefUpdater;

    @Autowired
    RangerBizUtil bizUtil;

    @Autowired
    RangerTransactionSynchronizationAdapter transactionSynchronizationAdapter;
    RangerAdminConfig config;
    private Boolean populateExistingBaseFields = true;
    AbstractPredicateUtil predicateUtil = null;

    /* loaded from: input_file:org/apache/ranger/biz/RoleDBStore$RoleVersionUpdater.class */
    public static class RoleVersionUpdater implements Runnable {
        final RangerDaoManager daoManager;

        public RoleVersionUpdater(RangerDaoManager rangerDaoManager) {
            this.daoManager = rangerDaoManager;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                this.daoManager.getXXGlobalState().onGlobalAppDataChange(RoleDBStore.RANGER_ROLE_GLOBAL_STATE_NAME);
            } catch (Exception e) {
                RoleDBStore.LOG.error("Cannot update GlobalState version for state:[RangerRole]", e);
            }
        }
    }

    public void init() throws Exception {
    }

    @PostConstruct
    public void initStore() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RoleDBStore.initStore()");
        }
        this.config = RangerAdminConfig.getInstance();
        this.roleService.setPopulateExistingBaseFields(this.populateExistingBaseFields);
        this.predicateUtil = new RolePredicateUtil();
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RoleDBStore.initStore()");
        }
    }

    public RangerRole createRole(RangerRole rangerRole, Boolean bool) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RoleDBStore.createRole()");
        }
        if (this.daoMgr.getXXRole().findByRoleName(rangerRole.getName()) != null) {
            throw this.restErrorUtil.createRESTException("role with name: " + rangerRole.getName() + " already exists", MessageEnums.ERROR_DUPLICATE_OBJECT);
        }
        this.transactionSynchronizationAdapter.executeOnTransactionCommit(new RoleVersionUpdater(this.daoMgr));
        RangerRole rangerRole2 = (RangerRole) this.roleService.create(rangerRole);
        if (rangerRole2 == null) {
            throw new Exception("Cannot create role:[" + rangerRole + "]");
        }
        this.roleRefUpdater.createNewRoleMappingForRefTable(rangerRole2, bool);
        this.bizUtil.createTrxLog(this.roleService.getTransactionLog(rangerRole2, null, "create"));
        return rangerRole2;
    }

    public RangerRole updateRole(RangerRole rangerRole, Boolean bool) throws Exception {
        XXRole findByRoleId = this.daoMgr.getXXRole().findByRoleId(rangerRole.getId());
        if (findByRoleId == null) {
            throw this.restErrorUtil.createRESTException("role with id: " + rangerRole.getId() + " does not exist");
        }
        if (!rangerRole.getName().equals(findByRoleId.getName())) {
            ensureRoleNameUpdateAllowed(findByRoleId.getName());
        }
        RangerRole rangerRole2 = (RangerRole) new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").create().fromJson(findByRoleId.getRoleText(), RangerRole.class);
        this.transactionSynchronizationAdapter.executeOnTransactionCommit(new RoleVersionUpdater(this.daoMgr));
        RangerRole rangerRole3 = (RangerRole) this.roleService.update(rangerRole);
        if (rangerRole3 == null) {
            throw new Exception("Cannot update role:[" + rangerRole + "]");
        }
        this.roleRefUpdater.createNewRoleMappingForRefTable(rangerRole3, bool);
        this.roleService.updatePolicyVersions(rangerRole3.getId());
        if (ServiceDBStore.isSupportsRolesDownloadByService()) {
            this.roleService.updateRoleVersions(rangerRole3.getId());
        }
        this.bizUtil.createTrxLog(this.roleService.getTransactionLog(rangerRole3, rangerRole2, "update"));
        return rangerRole;
    }

    private void ensureRoleNameUpdateAllowed(String str) throws Exception {
        if (!ensureRoleNotInPolicy(str)) {
            throw new Exception("Rolename for '" + str + "' can not be updated as it is referenced in one or more policies");
        }
        if (!ensureRoleNotInRole(str)) {
            throw new Exception("Rolename for '" + str + "' can not be updated as it is referenced in one or more other roles");
        }
    }

    public void deleteRole(String str) throws Exception {
        XXRole findByRoleName = this.daoMgr.getXXRole().findByRoleName(str);
        if (findByRoleName == null) {
            throw this.restErrorUtil.createRESTException("Role with name: " + str + " does not exist");
        }
        ensureRoleDeleteAllowed(str);
        this.transactionSynchronizationAdapter.executeOnTransactionCommit(new RoleVersionUpdater(this.daoMgr));
        RangerRole rangerRole = (RangerRole) this.roleService.read(findByRoleName.getId());
        this.roleRefUpdater.cleanupRefTables(rangerRole);
        this.roleService.delete(rangerRole);
        this.bizUtil.createTrxLog(this.roleService.getTransactionLog(rangerRole, null, RangerConstants.ACTION_DELETE));
    }

    public void deleteRole(Long l) throws Exception {
        RangerRole rangerRole = (RangerRole) this.roleService.read(l);
        ensureRoleDeleteAllowed(rangerRole.getName());
        this.transactionSynchronizationAdapter.executeOnTransactionCommit(new RoleVersionUpdater(this.daoMgr));
        this.roleRefUpdater.cleanupRefTables(rangerRole);
        this.roleService.delete(rangerRole);
        this.bizUtil.createTrxLog(this.roleService.getTransactionLog(rangerRole, null, RangerConstants.ACTION_DELETE));
    }

    private void ensureRoleDeleteAllowed(String str) throws Exception {
        if (!ensureRoleNotInPolicy(str)) {
            throw new Exception("Role '" + str + "' can not be deleted as it is referenced in one or more policies");
        }
        if (!ensureRoleNotInRole(str)) {
            throw new Exception("Role '" + str + "' can not be deleted as it is referenced in one or more other roles");
        }
    }

    private boolean ensureRoleNotInPolicy(String str) {
        return this.daoMgr.getXXPolicyRefRole().findRoleRefPolicyCount(str).longValue() < 1;
    }

    private boolean ensureRoleNotInRole(String str) {
        return this.daoMgr.getXXRoleRefRole().findRoleRefRoleCount(str).longValue() < 1;
    }

    public RangerRole getRole(Long l) throws Exception {
        return (RangerRole) this.roleService.read(l);
    }

    public RangerRole getRole(String str) throws Exception {
        XXRole findByRoleName = this.daoMgr.getXXRole().findByRoleName(str);
        if (findByRoleName == null) {
            throw this.restErrorUtil.createRESTException("Role with name: " + str + " does not exist");
        }
        return (RangerRole) this.roleService.read(findByRoleName.getId());
    }

    public List<RangerRole> getRoles(SearchFilter searchFilter) throws Exception {
        ArrayList arrayList = new ArrayList();
        List<XXRole> all = this.daoMgr.getXXRole().getAll();
        if (CollectionUtils.isNotEmpty(all)) {
            Iterator<XXRole> it = all.iterator();
            while (it.hasNext()) {
                arrayList.add(this.roleService.read(it.next().getId()));
            }
            if (this.predicateUtil != null && searchFilter != null && !searchFilter.isEmpty()) {
                ArrayList arrayList2 = new ArrayList(arrayList);
                this.predicateUtil.applyFilter(arrayList2, searchFilter);
                arrayList = arrayList2;
            }
        }
        return arrayList;
    }

    public RangerRoleList getRoles(SearchFilter searchFilter, RangerRoleList rangerRoleList) throws Exception {
        ArrayList arrayList = new ArrayList();
        List<T> searchResources = this.roleService.searchResources(searchFilter, this.roleService.searchFields, this.roleService.sortFields, rangerRoleList);
        if (CollectionUtils.isNotEmpty(searchResources)) {
            Iterator it = searchResources.iterator();
            while (it.hasNext()) {
                arrayList.add(this.roleService.read(((XXRole) it.next()).getId()));
            }
        }
        rangerRoleList.setRoleList(arrayList);
        return rangerRoleList;
    }

    public RangerRoleList getRolesForUser(SearchFilter searchFilter, RangerRoleList rangerRoleList) throws Exception {
        List<RangerRole> arrayList = new ArrayList();
        UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
        if (currentUserSession == null || currentUserSession.getUserRoleList().size() != 1 || !currentUserSession.getUserRoleList().contains(RangerConstants.ROLE_USER) || currentUserSession.getLoginId() == null) {
            List<T> searchResources = this.roleService.searchResources(searchFilter, this.roleService.searchFields, this.roleService.sortFields, rangerRoleList);
            if (CollectionUtils.isNotEmpty(searchResources)) {
                Iterator it = searchResources.iterator();
                while (it.hasNext()) {
                    arrayList.add(this.roleService.read(((XXRole) it.next()).getId()));
                }
            }
        } else {
            List<XXRole> findByUserId = this.daoMgr.getXXRole().findByUserId(this.xUserService.getXUserByUserName(currentUserSession.getLoginId()).getId());
            if (CollectionUtils.isNotEmpty(findByUserId)) {
                Iterator<XXRole> it2 = findByUserId.iterator();
                while (it2.hasNext()) {
                    arrayList.add(this.roleService.read(it2.next().getId()));
                }
            }
            if (this.predicateUtil != null && searchFilter != null && !searchFilter.isEmpty()) {
                ArrayList arrayList2 = new ArrayList(arrayList);
                this.predicateUtil.applyFilter(arrayList2, searchFilter);
                arrayList = arrayList2;
            }
            int size = arrayList.size();
            int startIndex = searchFilter.getStartIndex();
            int min = Math.min(startIndex + searchFilter.getMaxRows(), size);
            if (CollectionUtils.isNotEmpty(arrayList)) {
                arrayList = arrayList.subList(startIndex, min);
                rangerRoleList.setResultSize(arrayList.size());
                rangerRoleList.setPageSize(searchFilter.getMaxRows());
                rangerRoleList.setSortBy(searchFilter.getSortBy());
                rangerRoleList.setSortType(searchFilter.getSortType());
                rangerRoleList.setStartIndex(searchFilter.getStartIndex());
                rangerRoleList.setTotalCount(size);
            }
        }
        rangerRoleList.setRoleList(arrayList);
        return rangerRoleList;
    }

    public List<String> getRoleNames(SearchFilter searchFilter) throws Exception {
        return this.daoMgr.getXXRole().getAllNames();
    }

    public RangerRoles getRoles(String str, Long l) throws Exception {
        RangerRoles rangerRoles = null;
        Long roleVersion = getRoleVersion(str);
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RoleDBStore.getRoles() lastKnownRoleVersion= " + l + " rangerRoleVersionInDB= " + roleVersion);
        }
        if (roleVersion != null) {
            rangerRoles = RangerRoleCache.getInstance().getLatestRangerRoleOrCached(str, this, l, roleVersion);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<= RoleDBStore.getRoles() lastKnownRoleVersion= " + l + " rangerRoleVersionInDB= " + roleVersion + " RangerRoles= " + rangerRoles);
        }
        return rangerRoles;
    }

    public Long getRoleVersion(String str) {
        Long appDataVersion;
        if (ServiceDBStore.isSupportsRolesDownloadByService()) {
            XXServiceVersionInfo findByServiceName = this.daoMgr.getXXServiceVersionInfo().findByServiceName(str);
            appDataVersion = findByServiceName != null ? findByServiceName.getRoleVersion() : null;
        } else {
            appDataVersion = this.daoMgr.getXXGlobalState().getAppDataVersion(RANGER_ROLE_GLOBAL_STATE_NAME);
        }
        return appDataVersion;
    }

    public Set<RangerRole> getRoleNames(String str, Set<String> set) throws Exception {
        HashSet hashSet = new HashSet();
        if (StringUtils.isNotEmpty(str)) {
            Iterator<XXRoleRefUser> it = this.roleRefUpdater.daoMgr.getXXRoleRefUser().findByUserName(str).iterator();
            while (it.hasNext()) {
                hashSet.add(getRole(it.next().getRoleId()));
            }
        }
        Iterator<String> it2 = set.iterator();
        while (it2.hasNext()) {
            Iterator<XXRoleRefGroup> it3 = this.roleRefUpdater.daoMgr.getXXRoleRefGroup().findByGroupName(it2.next()).iterator();
            while (it3.hasNext()) {
                hashSet.add(getRole(it3.next().getRoleId()));
            }
        }
        return hashSet;
    }

    public List<RangerRole> getRoles(String str) {
        List<RangerRole> list = ListUtils.EMPTY_LIST;
        if (StringUtils.isNotEmpty(str)) {
            list = getRoles(this.daoMgr.getXXService().findByName(str));
        }
        return list;
    }

    public List<RangerRole> getRoles(Long l) {
        String[] split;
        List<RangerRole> list = ListUtils.EMPTY_LIST;
        if (l != null) {
            String findServiceDefTypeByServiceId = this.daoMgr.getXXServiceDef().findServiceDefTypeByServiceId(l);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Service Type for serviceId (" + l + ") = " + findServiceDefTypeByServiceId);
            }
            String str = this.config.get("ranger.admin.service.types.for.returning.all.roles", RangerBizUtil.AUDIT_STORE_SOLR);
            boolean z = false;
            if (StringUtils.isNotEmpty(str) && (split = StringUtils.split(str, ",")) != null) {
                int length = split.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (StringUtils.equalsIgnoreCase(findServiceDefTypeByServiceId, split[i])) {
                        z = true;
                        break;
                    }
                    i++;
                }
            }
            List<XXRole> all = z ? this.daoMgr.getXXRole().getAll() : this.daoMgr.getXXRole().findByServiceId(l);
            if (CollectionUtils.isNotEmpty(all)) {
                list = new ArrayList();
                Iterator<XXRole> it = all.iterator();
                while (it.hasNext()) {
                    list.add(this.roleService.read(it.next().getId()));
                }
            }
        }
        return list;
    }

    public List<RangerRole> getRoles(XXService xXService) {
        return xXService == null ? ListUtils.EMPTY_LIST : getRoles(xXService.getId());
    }

    public boolean roleExists(Long l) throws Exception {
        return this.daoMgr.getXXRole().findByRoleId(l) != null;
    }

    public boolean roleExists(String str) throws Exception {
        return this.daoMgr.getXXRole().findByRoleName(str) != null;
    }
}
