package org.apache.ranger.patch;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.authorization.utils.JsonUtils;
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.JSONUtil;
import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.RangerValidatorFactory;
import org.apache.ranger.common.StringUtil;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXAccessTypeDef;
import org.apache.ranger.entity.XXGroup;
import org.apache.ranger.entity.XXPolicy;
import org.apache.ranger.entity.XXPolicyItem;
import org.apache.ranger.entity.XXPolicyItemAccess;
import org.apache.ranger.entity.XXPolicyItemGroupPerm;
import org.apache.ranger.entity.XXPolicyItemUserPerm;
import org.apache.ranger.entity.XXPolicyResource;
import org.apache.ranger.entity.XXPolicyResourceMap;
import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.entity.XXResourceDef;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.entity.XXUser;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerPolicyResourceSignature;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.validation.RangerValidator;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.service.RangerPolicyService;
import org.apache.ranger.service.XPermMapService;
import org.apache.ranger.service.XPolicyService;
import org.apache.ranger.util.CLIUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.class */
public class PatchForKafkaServiceDefUpdate_J10033 extends BaseLoader {
    private static final String POLICY_NAME = "all - consumergroup";
    private static final String LOGIN_ID_ADMIN = "admin";
    public static final String SERVICEDBSTORE_SERVICEDEFBYNAME_KAFKA_NAME = "kafka";
    public static final String CONSUMERGROUP_RESOURCE_NAME = "consumergroup";

    @Autowired
    RangerDaoManager daoMgr;

    @Autowired
    ServiceDBStore svcDBStore;

    @Autowired
    JSONUtil jsonUtil;

    @Autowired
    RangerPolicyService policyService;

    @Autowired
    StringUtil stringUtil;

    @Autowired
    GUIDUtil guidUtil;

    @Autowired
    XPolicyService xPolService;

    @Autowired
    XPermMapService xPermMapService;

    @Autowired
    RangerBizUtil bizUtil;

    @Autowired
    RangerValidatorFactory validatorFactory;

    @Autowired
    ServiceDBStore svcStore;
    private static final Logger logger = Logger.getLogger(PatchForKafkaServiceDefUpdate_J10033.class);
    private static final List<String> DEFAULT_POLICY_USERS = new ArrayList(Arrays.asList("kafka", "rangerlookup"));
    private static final List<String> DEFAULT_POLICY_GROUP = new ArrayList(Arrays.asList(RangerConstants.GROUP_PUBLIC));

    public static void main(String[] strArr) {
        logger.info("main()");
        try {
            PatchForKafkaServiceDefUpdate_J10033 patchForKafkaServiceDefUpdate_J10033 = (PatchForKafkaServiceDefUpdate_J10033) CLIUtil.getBean(PatchForKafkaServiceDefUpdate_J10033.class);
            patchForKafkaServiceDefUpdate_J10033.init();
            while (patchForKafkaServiceDefUpdate_J10033.isMoreToProcess()) {
                patchForKafkaServiceDefUpdate_J10033.load();
            }
            logger.info("Load complete. Exiting!!!");
            System.exit(0);
        } catch (Exception e) {
            logger.error("Error loading", e);
            System.exit(1);
        }
    }

    @Override // org.apache.ranger.patch.BaseLoader
    public void init() throws Exception {
    }

    @Override // org.apache.ranger.patch.BaseLoader
    public void execLoad() {
        logger.info("==> PatchForKafkaServiceDefUpdate_J10033.execLoad()");
        try {
            updateKafkaServiceDef();
        } catch (Exception e) {
            logger.error("Error while applying PatchForKafkaServiceDefUpdate_J10033...", e);
        }
        logger.info("<== PatchForKafkaServiceDefUpdate_J10033.execLoad()");
    }

    @Override // org.apache.ranger.patch.BaseLoader
    public void printStats() {
        logger.info("PatchForKafkaServiceDefUpdate_J10033 ");
    }

    private void updateKafkaServiceDef() {
        try {
            RangerServiceDef embeddedServiceDef = EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef("kafka");
            if (embeddedServiceDef != null) {
                XXServiceDef findByName = this.daoMgr.getXXServiceDef().findByName("kafka");
                Map<String, String> map = null;
                if (findByName != null) {
                    map = jsonStringToMap(findByName.getDefOptions());
                }
                RangerServiceDef serviceDefByName = this.svcDBStore.getServiceDefByName("kafka");
                if (serviceDefByName != null) {
                    List<RangerServiceDef.RangerResourceDef> resources = embeddedServiceDef.getResources();
                    List accessTypes = embeddedServiceDef.getAccessTypes();
                    if (checkNewKafkaresourcePresent(resources)) {
                        if (resources != null) {
                            serviceDefByName.setResources(resources);
                        }
                        if (accessTypes != null && !accessTypes.toString().equalsIgnoreCase(serviceDefByName.getAccessTypes().toString())) {
                            serviceDefByName.setAccessTypes(accessTypes);
                        }
                    }
                    this.validatorFactory.getServiceDefValidator(this.svcStore).validate(serviceDefByName, RangerValidator.Action.UPDATE);
                    if (this.svcStore.updateServiceDef(serviceDefByName) == null) {
                        logger.error("Error while updating kafkaservice-def");
                        throw new RuntimeException("Error while updating kafkaservice-def");
                    }
                    XXServiceDef findByName2 = this.daoMgr.getXXServiceDef().findByName("kafka");
                    if (findByName2 != null) {
                        Map<String, String> jsonStringToMap = jsonStringToMap(findByName2.getDefOptions());
                        if (jsonStringToMap != null && jsonStringToMap.containsKey("enableDenyAndExceptionsInPolicies") && (map == null || !map.containsKey("enableDenyAndExceptionsInPolicies"))) {
                            String str = map == null ? null : map.get("enableDenyAndExceptionsInPolicies");
                            if (str == null) {
                                jsonStringToMap.remove("enableDenyAndExceptionsInPolicies");
                            } else {
                                jsonStringToMap.put("enableDenyAndExceptionsInPolicies", str);
                            }
                            findByName2.setDefOptions(mapToJsonString(jsonStringToMap));
                            this.daoMgr.getXXServiceDef().update(findByName2);
                        }
                        createDefaultPolicyForNewResources();
                    }
                }
            }
        } catch (Exception e) {
            logger.error("Error while updating kafkaservice-def", e);
        }
    }

    private boolean checkNewKafkaresourcePresent(List<RangerServiceDef.RangerResourceDef> list) {
        boolean z = false;
        Iterator<RangerServiceDef.RangerResourceDef> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (CONSUMERGROUP_RESOURCE_NAME.equals(it.next().getName())) {
                z = true;
                break;
            }
        }
        return z;
    }

    private String mapToJsonString(Map<String, String> map) {
        String str = null;
        if (map != null) {
            try {
                str = this.jsonUtil.readMapToString(map);
            } catch (Exception e) {
                logger.warn("mapToJsonString() failed to convert map: " + map, e);
            }
        }
        return str;
    }

    protected Map<String, String> jsonStringToMap(String str) {
        Map<String, String> map = null;
        if (!StringUtils.isEmpty(str)) {
            try {
                map = this.jsonUtil.jsonToMap(str);
            } catch (Exception e) {
                for (String str2 : str.split(";")) {
                    if (!StringUtils.isEmpty(str2)) {
                        String[] split = str2.split("=");
                        String trim = (split == null || split.length <= 0) ? null : split[0].trim();
                        String trim2 = (split == null || split.length <= 1) ? null : split[1].trim();
                        if (!StringUtils.isEmpty(trim)) {
                            if (map == null) {
                                map = new HashMap();
                            }
                            map.put(trim, trim2);
                        }
                    }
                }
            }
        }
        return map;
    }

    private void createDefaultPolicyForNewResources() {
        logger.info("==> createDefaultPolicyForNewResources ");
        XXPortalUser findByLoginId = this.daoMgr.getXXPortalUser().findByLoginId(LOGIN_ID_ADMIN);
        Long id = findByLoginId.getId();
        XXServiceDef findByName = this.daoMgr.getXXServiceDef().findByName("kafka");
        if (findByName == null) {
            logger.debug("ServiceDef not fount with name :kafka");
            return;
        }
        for (XXService xXService : this.daoMgr.getXXService().findByServiceDefId(findByName.getId())) {
            XXPolicy xXPolicy = new XXPolicy();
            xXPolicy.setName(POLICY_NAME);
            xXPolicy.setDescription(POLICY_NAME);
            xXPolicy.setService(xXService.getId());
            xXPolicy.setPolicyPriority(0);
            xXPolicy.setIsAuditEnabled(Boolean.TRUE.booleanValue());
            xXPolicy.setIsEnabled(Boolean.TRUE.booleanValue());
            xXPolicy.setPolicyType(0);
            xXPolicy.setGuid(this.guidUtil.genGUID());
            xXPolicy.setAddedByUserId(id);
            xXPolicy.setUpdatedByUserId(id);
            RangerPolicy rangerPolicy = getRangerPolicy(POLICY_NAME, findByLoginId, xXService);
            xXPolicy.setPolicyText(JsonUtils.objectToJson(rangerPolicy));
            xXPolicy.setResourceSignature(rangerPolicy.getResourceSignature());
            xXPolicy.setZoneId(1L);
            XXPolicy create = this.daoMgr.getXXPolicy().create(xXPolicy);
            XXPolicyItem xXPolicyItem = new XXPolicyItem();
            xXPolicyItem.setIsEnabled(Boolean.TRUE);
            xXPolicyItem.setDelegateAdmin(Boolean.TRUE);
            xXPolicyItem.setItemType(0);
            xXPolicyItem.setOrder(0);
            xXPolicyItem.setAddedByUserId(id);
            xXPolicyItem.setUpdatedByUserId(id);
            xXPolicyItem.setPolicyId(create.getId());
            XXPolicyItem create2 = this.daoMgr.getXXPolicyItem().create(xXPolicyItem);
            List<String> accessTypes = getAccessTypes();
            for (int i = 0; i < accessTypes.size(); i++) {
                XXAccessTypeDef findByNameAndServiceId = this.daoMgr.getXXAccessTypeDef().findByNameAndServiceId(accessTypes.get(i), xXPolicy.getService());
                if (findByNameAndServiceId == null) {
                    throw new RuntimeException(accessTypes.get(i) + ": is not a valid access-type. policy='" + xXPolicy.getName() + "' service='" + xXPolicy.getService() + "'");
                }
                XXPolicyItemAccess xXPolicyItemAccess = new XXPolicyItemAccess();
                xXPolicyItemAccess.setIsAllowed(Boolean.TRUE);
                xXPolicyItemAccess.setType(findByNameAndServiceId.getId());
                xXPolicyItemAccess.setOrder(Integer.valueOf(i));
                xXPolicyItemAccess.setAddedByUserId(id);
                xXPolicyItemAccess.setUpdatedByUserId(id);
                xXPolicyItemAccess.setPolicyitemid(create2.getId());
                this.daoMgr.getXXPolicyItemAccess().create(xXPolicyItemAccess);
            }
            for (int i2 = 0; i2 < DEFAULT_POLICY_USERS.size(); i2++) {
                String str = DEFAULT_POLICY_USERS.get(i2);
                if (!StringUtils.isBlank(str)) {
                    XXUser findByUserName = this.daoMgr.getXXUser().findByUserName(str);
                    if (findByUserName == null) {
                        throw new RuntimeException(str + ": user does not exist. policy='" + xXPolicy.getName() + "' service='" + xXPolicy.getService() + "' user='" + str + "'");
                    }
                    XXPolicyItemUserPerm xXPolicyItemUserPerm = new XXPolicyItemUserPerm();
                    xXPolicyItemUserPerm.setUserId(findByUserName.getId());
                    xXPolicyItemUserPerm.setPolicyItemId(create2.getId());
                    xXPolicyItemUserPerm.setOrder(Integer.valueOf(i2));
                    xXPolicyItemUserPerm.setAddedByUserId(id);
                    xXPolicyItemUserPerm.setUpdatedByUserId(id);
                    this.daoMgr.getXXPolicyItemUserPerm().create(xXPolicyItemUserPerm);
                }
            }
            for (int i3 = 0; i3 < DEFAULT_POLICY_GROUP.size(); i3++) {
                String str2 = DEFAULT_POLICY_GROUP.get(i3);
                if (!StringUtils.isBlank(str2)) {
                    XXGroup findByGroupName = this.daoMgr.getXXGroup().findByGroupName(str2);
                    if (findByGroupName == null) {
                        throw new RuntimeException(str2 + ": group does not exist. policy='" + xXPolicy.getName() + "' service='" + xXPolicy.getService() + "' group='" + str2 + "'");
                    }
                    XXPolicyItemGroupPerm xXPolicyItemGroupPerm = new XXPolicyItemGroupPerm();
                    xXPolicyItemGroupPerm.setGroupId(findByGroupName.getId());
                    xXPolicyItemGroupPerm.setPolicyItemId(create2.getId());
                    xXPolicyItemGroupPerm.setOrder(Integer.valueOf(i3));
                    xXPolicyItemGroupPerm.setAddedByUserId(id);
                    xXPolicyItemGroupPerm.setUpdatedByUserId(id);
                    this.daoMgr.getXXPolicyItemGroupPerm().create(xXPolicyItemGroupPerm);
                }
            }
            XXResourceDef findByNameAndPolicyId = this.daoMgr.getXXResourceDef().findByNameAndPolicyId(CONSUMERGROUP_RESOURCE_NAME, create.getId());
            if (findByNameAndPolicyId == null) {
                throw new RuntimeException(CONSUMERGROUP_RESOURCE_NAME + ": is not a valid resource-type. policy='" + create.getName() + "' service='" + create.getService() + "'");
            }
            XXPolicyResource xXPolicyResource = new XXPolicyResource();
            xXPolicyResource.setAddedByUserId(id);
            xXPolicyResource.setUpdatedByUserId(id);
            xXPolicyResource.setIsExcludes(Boolean.FALSE.booleanValue());
            xXPolicyResource.setIsRecursive(Boolean.FALSE.booleanValue());
            xXPolicyResource.setPolicyId(create.getId());
            xXPolicyResource.setResDefId(findByNameAndPolicyId.getId());
            XXPolicyResource create3 = this.daoMgr.getXXPolicyResource().create(xXPolicyResource);
            XXPolicyResourceMap xXPolicyResourceMap = new XXPolicyResourceMap();
            xXPolicyResourceMap.setResourceId(create3.getId());
            xXPolicyResourceMap.setValue(StringUtil.WILDCARD_ASTERISK);
            xXPolicyResourceMap.setOrder(0);
            xXPolicyResourceMap.setAddedByUserId(id);
            xXPolicyResourceMap.setUpdatedByUserId(id);
            this.daoMgr.getXXPolicyResourceMap().create(xXPolicyResourceMap);
            int i4 = 0 + 1;
            logger.info("Creating policy for service id : " + xXService.getId());
        }
        logger.info("<== createDefaultPolicyForNewResources ");
    }

    private RangerPolicy getRangerPolicy(String str, XXPortalUser xXPortalUser, XXService xXService) {
        RangerPolicy rangerPolicy = new RangerPolicy();
        ArrayList<RangerPolicy.RangerPolicyItemAccess> policyItemAccesses = getPolicyItemAccesses();
        ArrayList arrayList = new ArrayList(DEFAULT_POLICY_USERS);
        ArrayList arrayList2 = new ArrayList(DEFAULT_POLICY_GROUP);
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
        rangerPolicyItem.setAccesses(policyItemAccesses);
        rangerPolicyItem.setConditions(arrayList3);
        rangerPolicyItem.setGroups(arrayList2);
        rangerPolicyItem.setUsers(arrayList);
        rangerPolicyItem.setDelegateAdmin(false);
        arrayList4.add(rangerPolicyItem);
        HashMap hashMap = new HashMap();
        RangerPolicy.RangerPolicyResource rangerPolicyResource = new RangerPolicy.RangerPolicyResource();
        rangerPolicyResource.setIsExcludes(false);
        rangerPolicyResource.setIsRecursive(false);
        rangerPolicyResource.setValue(StringUtil.WILDCARD_ASTERISK);
        hashMap.put(CONSUMERGROUP_RESOURCE_NAME, rangerPolicyResource);
        rangerPolicy.setCreateTime(new Date());
        rangerPolicy.setDescription(str);
        rangerPolicy.setIsEnabled(true);
        rangerPolicy.setName(str);
        rangerPolicy.setCreatedBy(xXPortalUser.getLoginId());
        rangerPolicy.setUpdatedBy(xXPortalUser.getLoginId());
        rangerPolicy.setUpdateTime(new Date());
        rangerPolicy.setService(xXService.getName());
        rangerPolicy.setIsAuditEnabled(true);
        rangerPolicy.setPolicyItems(arrayList4);
        rangerPolicy.setResources(hashMap);
        rangerPolicy.setPolicyType(0);
        rangerPolicy.setId(0L);
        rangerPolicy.setGuid("");
        rangerPolicy.setPolicyLabels(new ArrayList());
        rangerPolicy.setVersion(1L);
        rangerPolicy.setResourceSignature(new RangerPolicyResourceSignature(rangerPolicy).getSignature());
        return rangerPolicy;
    }

    private List<String> getAccessTypes() {
        return Arrays.asList("consume", "describe", RangerConstants.ACTION_DELETE);
    }

    private ArrayList<RangerPolicy.RangerPolicyItemAccess> getPolicyItemAccesses() {
        ArrayList<RangerPolicy.RangerPolicyItemAccess> arrayList = new ArrayList<>();
        for (String str : getAccessTypes()) {
            RangerPolicy.RangerPolicyItemAccess rangerPolicyItemAccess = new RangerPolicy.RangerPolicyItemAccess();
            rangerPolicyItemAccess.setType(str);
            rangerPolicyItemAccess.setIsAllowed(true);
            arrayList.add(rangerPolicyItemAccess);
        }
        return arrayList;
    }
}
