package org.apache.ranger.ldapusersync.process;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.reflect.TypeToken;
import com.huawei.ranger.usersync.SeparationOfPowersUtil;
import com.sun.jersey.api.client.ClientResponse;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.NewCookie;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.apache.ranger.plugin.util.URLEncoderUtil;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.unixusersync.model.GroupUserInfo;
import org.apache.ranger.unixusersync.model.MUserInfo;
import org.apache.ranger.unixusersync.model.UgsyncAuditInfo;
import org.apache.ranger.unixusersync.model.UserGroupInfo;
import org.apache.ranger.unixusersync.model.UsersGroupRoleAssignments;
import org.apache.ranger.unixusersync.model.XGroupInfo;
import org.apache.ranger.unixusersync.model.XUserGroupInfo;
import org.apache.ranger.unixusersync.model.XUserInfo;
import org.apache.ranger.unixusersync.process.RangerUgSyncRESTClient;
import org.apache.ranger.usergroupsync.UserGroupSink;

/* loaded from: input_file:org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.class */
public class LdapPolicyMgrUserGroupBuilder implements UserGroupSink {
    private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder.class);
    private static final String AUTHENTICATION_TYPE = "hadoop.security.authentication";
    private static final String PRINCIPAL = "ranger.usersync.kerberos.principal";
    private static final String KEYTAB = "ranger.usersync.kerberos.keytab";
    private static final String NAME_RULE = "hadoop.security.auth_to_local";
    private static final String PM_ADD_USER_GROUP_INFO_URI = "/service/xusers/users/userinfo";
    public static final String PM_UPDATE_USERS_ROLES_URI = "/service/xusers/users/roleassignments";
    private static final String PM_ADD_GROUP_USER_INFO_URI = "/service/xusers/groups/groupinfo";
    private static final String PM_ADD_GROUP_URI = "/service/xusers/groups/";
    private static final String PM_DEL_USER_GROUP_LINK_URI = "/service/xusers/group/${groupName}/user/${userName}";
    public static final String PM_GET_GROUP_USER_MAP_LIST_URI = "/service/xusers/groupusers/groupName/${groupName}";
    private static final String PM_ADD_LOGIN_USER_URI = "/service/users/default";
    private static final String PM_AUDIT_INFO_URI = "/service/xusers/ugsync/auditinfo/";
    private static final String GROUP_SOURCE_EXTERNAL = "1";
    private static String LOCAL_HOSTNAME;
    private String policyMgrBaseUrl;
    private volatile RangerUgSyncRESTClient ldapUgSyncClient;
    String principal;
    String keytab;
    String nameRules;
    private boolean isRangerCookieEnabled;
    private String rangerCookieName;
    private String AUTH_KERBEROS = "kerberos";
    private String recordsToPullPerCall = "1000";
    private boolean isMockRun = false;
    private Cookie sessionId = null;
    private boolean isValidRangerCookie = false;
    private boolean isSeparationOfPowerEnabled = false;
    List<NewCookie> cookieList = new ArrayList();
    private UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
    private UserGroupInfo usergroupInfo = new UserGroupInfo();
    private GroupUserInfo groupuserInfo = new GroupUserInfo();
    private String authenticationType = null;
    Map<String, String> userMap = new LinkedHashMap();
    Map<String, String> groupMap = new LinkedHashMap();

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public synchronized void init() throws Throwable {
        this.recordsToPullPerCall = this.config.getMaxRecordsPerAPICall();
        this.policyMgrBaseUrl = this.config.getPolicyManagerBaseURL();
        this.isMockRun = this.config.isMockRunEnabled();
        this.isRangerCookieEnabled = this.config.isUserSyncRangerCookieEnabled();
        this.rangerCookieName = this.config.getRangerAdminCookieName();
        if (this.isMockRun) {
            LOG.setLevel(Level.DEBUG);
        }
        this.sessionId = null;
        String sSLKeyStorePath = this.config.getSSLKeyStorePath();
        String sSLKeyStorePathPassword = this.config.getSSLKeyStorePathPassword();
        String sSLTrustStorePath = this.config.getSSLTrustStorePath();
        String sSLTrustStorePathPassword = this.config.getSSLTrustStorePathPassword();
        String defaultType = KeyStore.getDefaultType();
        String defaultType2 = KeyStore.getDefaultType();
        this.authenticationType = this.config.getProperty(AUTHENTICATION_TYPE, "simple");
        this.isSeparationOfPowerEnabled = this.config.isSeparationOfPowersEnabled();
        try {
            this.principal = SecureClientLogin.getPrincipal(this.config.getProperty(PRINCIPAL, ""), LOCAL_HOSTNAME);
        } catch (IOException e) {
        }
        this.keytab = this.config.getProperty(KEYTAB, "");
        this.nameRules = this.config.getProperty(NAME_RULE, "DEFAULT");
        this.ldapUgSyncClient = new RangerUgSyncRESTClient(this.policyMgrBaseUrl, sSLKeyStorePath, sSLKeyStorePathPassword, defaultType, sSLTrustStorePath, sSLTrustStorePathPassword, defaultType2, this.authenticationType, this.principal, this.keytab, this.config.getPolicyMgrUserName(), this.config.getPolicyMgrPassword());
        String groupRoleRules = this.config.getGroupRoleRules();
        if (groupRoleRules != null && !groupRoleRules.isEmpty()) {
            getRoleForUserGroups(groupRoleRules);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("PolicyMgrUserGroupBuilder.init()==> PolMgrBaseUrl : " + this.policyMgrBaseUrl + " KeyStore File : " + sSLKeyStorePath + " TrustStore File : " + sSLTrustStorePath + "Authentication Type : " + this.authenticationType);
        }
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void addOrUpdateUser(String str, List<String> list) throws Throwable {
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void addOrUpdateGroup(String str, Map<String, String> map) throws Throwable {
        if (this.isMockRun || addGroupInfo(str, map) != null) {
            return;
        }
        LOG.error("Failed to add addorUpdate group info");
        throw new Exception("Failed to add addorUpdate group info");
    }

    private XGroupInfo addGroupInfo(String str, Map<String, String> map) {
        XGroupInfo xGroupInfo = null;
        if (LOG.isDebugEnabled()) {
            LOG.debug("INFO: addPMXAGroup(" + str + ")");
        }
        if (!this.isMockRun) {
            xGroupInfo = addXGroupInfo(str, map);
        }
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            return getAddedGroupInfo(xGroupInfo);
        }
        try {
            LOG.info("Using principal = " + this.principal + " and keytab = " + this.keytab);
            final XGroupInfo xGroupInfo2 = xGroupInfo;
            return (XGroupInfo) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<XGroupInfo>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public XGroupInfo run() {
                    try {
                        return LdapPolicyMgrUserGroupBuilder.this.getAddedGroupInfo(xGroupInfo2);
                    } catch (Exception e) {
                        LdapPolicyMgrUserGroupBuilder.LOG.error("Failed to build Group List : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
            return null;
        }
    }

    private XGroupInfo addXGroupInfo(String str, Map<String, String> map) {
        XGroupInfo xGroupInfo = new XGroupInfo();
        xGroupInfo.setName(str);
        xGroupInfo.setDescription(str + " - add from Unix box");
        xGroupInfo.setGroupType(GROUP_SOURCE_EXTERNAL);
        xGroupInfo.setGroupSource(GROUP_SOURCE_EXTERNAL);
        xGroupInfo.setOtherAttributes(new Gson().toJson(map));
        this.groupuserInfo.setXgroupInfo(xGroupInfo);
        return xGroupInfo;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public XGroupInfo getAddedGroupInfo(XGroupInfo xGroupInfo) {
        String str = null;
        Gson create = new GsonBuilder().create();
        String json = create.toJson(xGroupInfo);
        if (this.isRangerCookieEnabled) {
            str = cookieBasedUploadEntity(xGroupInfo, "/service/xusers/groups/");
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Group" + json);
            }
            try {
                ClientResponse post = this.ldapUgSyncClient.post("/service/xusers/groups/", null, xGroupInfo);
                if (post != null) {
                    str = (String) post.getEntity(String.class);
                }
            } catch (Throwable th) {
                LOG.error("Failed to get response, Error is : ", th);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("RESPONSE: [" + str + "]");
        }
        return (XGroupInfo) create.fromJson(str, XGroupInfo.class);
    }

    public static void main(String[] strArr) throws Throwable {
        new LdapPolicyMgrUserGroupBuilder().init();
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void addOrUpdateUser(String str) throws Throwable {
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void addOrUpdateUser(String str, Map<String, String> map, List<String> list) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("INFO: addPMAccount(" + str + ")");
        }
        if (!this.isMockRun && addMUser(str, map) == null) {
            LOG.error("Failed to add portal user");
            throw new Exception("Failed to add portal user");
        }
        if (this.isMockRun || addUserGroupInfo(str, map, list) != null) {
            return;
        }
        LOG.error("Failed to add addorUpdate user group info");
        throw new Exception("Failed to add addorUpdate user group info");
    }

    private UserGroupInfo addUserGroupInfo(String str, Map<String, String> map, List<String> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.addUserGroupInfo " + str + " and groups");
        }
        final UserGroupInfo userGroupInfo = null;
        if (LOG.isDebugEnabled()) {
            LOG.debug("INFO: addPMXAUser(" + str + ")");
        }
        XUserInfo addXUserInfo = this.isMockRun ? null : addXUserInfo(str, map);
        if (CollectionUtils.isNotEmpty(list)) {
            for (String str2 : list) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("INFO: addPMXAGroupToUser(" + str + "," + str2 + ")");
                }
            }
        }
        if (!this.isMockRun) {
            addXUserGroupInfo(addXUserInfo, list);
        }
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            return getUsergroupInfo(null);
        }
        try {
            return (UserGroupInfo) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<UserGroupInfo>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public UserGroupInfo run() {
                    try {
                        return LdapPolicyMgrUserGroupBuilder.this.getUsergroupInfo(userGroupInfo);
                    } catch (Exception e) {
                        LdapPolicyMgrUserGroupBuilder.LOG.error("Failed to add User Group Info : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
            return null;
        }
    }

    private XUserInfo addXUserInfo(String str, Map<String, String> map) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.addXUserInfo " + str + " and " + map);
        }
        XUserInfo xUserInfo = new XUserInfo();
        xUserInfo.setName(str);
        xUserInfo.setDescription(str + " - add from Unix box");
        if (MapUtils.isNotEmpty(map)) {
            xUserInfo.setOtherAttributes(new Gson().toJson(map));
        }
        ArrayList arrayList = new ArrayList();
        if (this.userMap.containsKey(str)) {
            arrayList.add(this.userMap.get(str));
        }
        xUserInfo.setUserRoleList(arrayList);
        this.usergroupInfo.setXuserInfo(xUserInfo);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== LdapPolicyMgrUserGroupBuilder.addXUserInfo " + str + " and " + map);
        }
        return xUserInfo;
    }

    private void addXUserGroupInfo(XUserInfo xUserInfo, List<String> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.addXUserGroupInfo ");
        }
        ArrayList arrayList = new ArrayList();
        if (CollectionUtils.isNotEmpty(list)) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                XGroupInfo addXGroupInfo = addXGroupInfo(it.next(), null);
                arrayList.add(addXGroupInfo);
                addXUserGroupInfo(xUserInfo, addXGroupInfo);
            }
        }
        this.usergroupInfo.setXgroupInfo(arrayList);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== LdapPolicyMgrUserGroupBuilder.addXUserGroupInfo ");
        }
    }

    private XUserGroupInfo addXUserGroupInfo(XUserInfo xUserInfo, XGroupInfo xGroupInfo) {
        XUserGroupInfo xUserGroupInfo = new XUserGroupInfo();
        xUserGroupInfo.setUserId(xUserInfo.getId());
        xUserGroupInfo.setGroupName(xGroupInfo.getName());
        return xUserGroupInfo;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public UserGroupInfo getUsergroupInfo(UserGroupInfo userGroupInfo) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret)");
        }
        String str = null;
        Gson create = new GsonBuilder().create();
        String json = create.toJson(this.usergroupInfo);
        if (LOG.isDebugEnabled()) {
            LOG.debug("USER GROUP MAPPING" + json);
        }
        if (this.isRangerCookieEnabled) {
            str = cookieBasedUploadEntity(this.usergroupInfo, PM_ADD_USER_GROUP_INFO_URI);
        } else {
            try {
                ClientResponse post = this.ldapUgSyncClient.post(PM_ADD_USER_GROUP_INFO_URI, null, this.usergroupInfo);
                if (post != null) {
                    str = (String) post.getEntity(String.class);
                }
            } catch (Throwable th) {
                LOG.error("Failed to get response, Error is : ", th);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("RESPONSE: [" + str + "]");
        }
        UserGroupInfo userGroupInfo2 = (UserGroupInfo) create.fromJson(str, UserGroupInfo.class);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== LdapPolicyMgrUserGroupBuilder.getUsergroupInfo (UserGroupInfo ret)");
        }
        if (null != userGroupInfo2 && this.isSeparationOfPowerEnabled) {
            SeparationOfPowersUtil.setSeparationOfPowers(this.usergroupInfo, this.ldapUgSyncClient);
        }
        return userGroupInfo2;
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void addOrUpdateGroup(String str, List<String> list) throws Throwable {
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void addOrUpdateGroup(final String str, Map<String, String> map, List<String> list) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("addOrUpdateGroup for " + str + " with users: " + list);
        }
        GroupUserInfo groupUserInfo = null;
        if (this.authenticationType != null && this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) && SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            try {
                LOG.info("Using principal = " + this.principal + " and keytab = " + this.keytab);
                groupUserInfo = (GroupUserInfo) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<GroupUserInfo>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.3
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public GroupUserInfo run() {
                        try {
                            return LdapPolicyMgrUserGroupBuilder.this.getGroupUserInfo(str);
                        } catch (Exception e) {
                            LdapPolicyMgrUserGroupBuilder.LOG.error("Failed to build Group List : ", e);
                            return null;
                        }
                    }
                });
            } catch (Exception e) {
                LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
            }
        } else {
            groupUserInfo = getGroupUserInfo(str);
        }
        ArrayList<String> arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        if (groupUserInfo != null && groupUserInfo.getXuserInfo() != null) {
            for (XUserInfo xUserInfo : groupUserInfo.getXuserInfo()) {
                arrayList.add(xUserInfo.getName());
                hashMap.put(xUserInfo.getName(), xUserInfo.getUserRoleList());
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Returned users for group " + groupUserInfo.getXgroupInfo().getName() + " are: " + arrayList);
            }
        }
        List<String> arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        for (String str2 : arrayList) {
            if (!list.contains(str2)) {
                arrayList3.add(str2);
            }
        }
        if (arrayList.isEmpty()) {
            arrayList2 = list;
        } else {
            for (String str3 : list) {
                if (!arrayList.contains(str3) || !((List) hashMap.get(str3)).contains(this.groupMap.get(str))) {
                    arrayList2.add(str3);
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("addUsers = " + arrayList2);
        }
        delXGroupUserInfo(str, arrayList3);
        if (!this.isMockRun && addGroupUserInfo(str, map, arrayList2) == null) {
            LOG.error("Failed to add addorUpdate group user info");
            throw new Exception("Failed to add addorUpdate group user info");
        }
        if (this.groupMap.isEmpty() && this.userMap.isEmpty()) {
            return;
        }
        UsersGroupRoleAssignments usersGroupRoleAssignments = new UsersGroupRoleAssignments();
        ArrayList arrayList4 = new ArrayList();
        if (!arrayList3.isEmpty()) {
            arrayList4.addAll(arrayList3);
        }
        if (!arrayList2.isEmpty()) {
            arrayList4.addAll(arrayList2);
        }
        if (arrayList4.isEmpty()) {
            return;
        }
        usersGroupRoleAssignments.setUsers(arrayList4);
        usersGroupRoleAssignments.setGroupRoleAssignments(this.groupMap);
        usersGroupRoleAssignments.setUserRoleAssignments(this.userMap);
        if (updateRoles(usersGroupRoleAssignments) == null) {
            LOG.error("Unable to update roles for " + arrayList4);
        }
    }

    private List<String> updateRoles(final UsersGroupRoleAssignments usersGroupRoleAssignments) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("LdapPolicyMgrUserGroupBuilder.updateUserRole(" + usersGroupRoleAssignments.getUsers() + ")");
        }
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            return updateUsersRoles(usersGroupRoleAssignments);
        }
        try {
            return (List) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<List<String>>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public List<String> run() {
                    try {
                        return LdapPolicyMgrUserGroupBuilder.this.updateUsersRoles(usersGroupRoleAssignments);
                    } catch (Exception e) {
                        LdapPolicyMgrUserGroupBuilder.LOG.error("Failed to add User Group Info : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Type inference failed for: r0v29, types: [org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder$5] */
    public List<String> updateUsersRoles(UsersGroupRoleAssignments usersGroupRoleAssignments) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.updateUserRoles(" + usersGroupRoleAssignments.getUsers() + ")");
        }
        List<String> list = null;
        try {
            String str = null;
            String json = new GsonBuilder().create().toJson(usersGroupRoleAssignments);
            if (LOG.isDebugEnabled()) {
                LOG.debug("USER role MAPPING" + json);
            }
            if (this.isRangerCookieEnabled) {
                str = cookieBasedUploadEntity(usersGroupRoleAssignments, PM_UPDATE_USERS_ROLES_URI);
            } else {
                try {
                    ClientResponse post = this.ldapUgSyncClient.post(PM_UPDATE_USERS_ROLES_URI, null, usersGroupRoleAssignments);
                    if (post != null) {
                        str = (String) post.getEntity(String.class);
                    }
                } catch (Throwable th) {
                    LOG.error("Failed to get response, Error is : ", th);
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("RESPONSE: [" + str + "]");
            }
            list = (List) new Gson().fromJson(str, new TypeToken<ArrayList<String>>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.5
            }.getType());
        } catch (Exception e) {
            LOG.warn("ERROR: Unable to update roles for: " + usersGroupRoleAssignments.getUsers(), e);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== LdapPolicyMgrUserGroupBuilder.updateUserRoles(" + list + ")");
        }
        return list;
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSink
    public void postUserGroupAuditInfo(UgsyncAuditInfo ugsyncAuditInfo) throws Throwable {
        if (this.isMockRun) {
            return;
        }
        addUserGroupAuditInfo(ugsyncAuditInfo);
    }

    private void addUserGroupAuditInfo(final UgsyncAuditInfo ugsyncAuditInfo) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("INFO: addAuditInfo(" + ugsyncAuditInfo.getNoOfNewUsers() + ", " + ugsyncAuditInfo.getNoOfNewGroups() + ", " + ugsyncAuditInfo.getNoOfModifiedUsers() + ", " + ugsyncAuditInfo.getNoOfModifiedGroups() + ", " + ugsyncAuditInfo.getSyncSource() + ")");
        }
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            getUserGroupAuditInfo(ugsyncAuditInfo);
            return;
        }
        try {
            Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<Void>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.6
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Void run() {
                    try {
                        LdapPolicyMgrUserGroupBuilder.this.getUserGroupAuditInfo(ugsyncAuditInfo);
                        return null;
                    } catch (Exception e) {
                        LdapPolicyMgrUserGroupBuilder.LOG.error("Failed to add User : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void getUserGroupAuditInfo(UgsyncAuditInfo ugsyncAuditInfo) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> PolicyMgrUserGroupBuilder.getUserGroupAuditInfo()");
        }
        String str = null;
        Gson create = new GsonBuilder().create();
        if (this.isRangerCookieEnabled) {
            str = cookieBasedUploadEntity(ugsyncAuditInfo, PM_AUDIT_INFO_URI);
        } else {
            try {
                ClientResponse post = this.ldapUgSyncClient.post(PM_AUDIT_INFO_URI, null, ugsyncAuditInfo);
                if (post != null) {
                    str = (String) post.getEntity(String.class);
                }
            } catch (Throwable th) {
                LOG.error("Failed to get response, Error is : ", th);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("RESPONSE[" + str + "]");
        }
        create.fromJson(str, UgsyncAuditInfo.class);
        if (LOG.isDebugEnabled()) {
            LOG.debug("AuditInfo Creation successful ");
            LOG.debug("<== LdapPolicyMgrUserGroupBuilder.getUserGroupAuditInfo()");
        }
    }

    private void delXGroupUserInfo(final String str, List<String> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.delXGroupUserInfo " + str + " and " + list);
        }
        for (final String str2 : list) {
            if (this.authenticationType != null && this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) && SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
                try {
                    LOG.info("Using principal = " + this.principal + " and keytab = " + this.keytab);
                    Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<Void>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.7
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedAction
                        public Void run() {
                            try {
                                LdapPolicyMgrUserGroupBuilder.this.delXGroupUserInfo(str, str2);
                                return null;
                            } catch (Exception e) {
                                LdapPolicyMgrUserGroupBuilder.LOG.error("Failed to build Group List : ", e);
                                return null;
                            }
                        }
                    });
                } catch (Exception e) {
                    LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
                }
            } else {
                delXGroupUserInfo(str, str2);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void delXGroupUserInfo(String str, String str2) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.delXUserGroupInfo()");
        }
        try {
            ClientResponse clientResponse = null;
            String replaceAll = PM_DEL_USER_GROUP_LINK_URI.replaceAll(Pattern.quote("${groupName}"), URLEncoderUtil.encodeURIParam(str)).replaceAll(Pattern.quote("${userName}"), URLEncoderUtil.encodeURIParam(str2));
            if (!this.isRangerCookieEnabled) {
                clientResponse = this.ldapUgSyncClient.delete(replaceAll, null);
            } else if (this.sessionId != null && this.isValidRangerCookie) {
                clientResponse = this.ldapUgSyncClient.delete(replaceAll, null, this.sessionId);
                if (clientResponse != null) {
                    if (!clientResponse.toString().contains(replaceAll)) {
                        clientResponse.setStatus(404);
                        this.sessionId = null;
                        this.isValidRangerCookie = false;
                    } else if (clientResponse.getStatus() == 401) {
                        LOG.warn("response from ranger is 401 unauthorized");
                        this.sessionId = null;
                        this.isValidRangerCookie = false;
                    } else if (clientResponse.getStatus() == 204 || clientResponse.getStatus() == 200) {
                        this.cookieList = clientResponse.getCookies();
                        Iterator<NewCookie> it = this.cookieList.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            NewCookie next = it.next();
                            if (next.getName().equalsIgnoreCase(this.rangerCookieName)) {
                                this.sessionId = next.toCookie();
                                this.isValidRangerCookie = true;
                                break;
                            }
                        }
                    }
                    if (clientResponse.getStatus() != 200 && clientResponse.getStatus() != 204 && clientResponse.getStatus() != 400) {
                        this.sessionId = null;
                        this.isValidRangerCookie = false;
                    }
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("RESPONSE: [" + clientResponse.toString() + "]");
            }
        } catch (Exception e) {
            LOG.warn("ERROR: Unable to delete GROUP: " + str + " from USER:" + str2, e);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== LdapPolicyMgrUserGroupBuilder.delXUserGroupInfo()");
        }
    }

    private GroupUserInfo addGroupUserInfo(String str, Map<String, String> map, List<String> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.addGroupUserInfo " + str + " and " + list);
        }
        final GroupUserInfo groupUserInfo = null;
        if (LOG.isDebugEnabled()) {
            LOG.debug("INFO: addPMXAGroup(" + str + ")");
        }
        XGroupInfo addXGroupInfo = this.isMockRun ? null : addXGroupInfo(str, map);
        for (String str2 : list) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("INFO: addPMXAGroupToUser(" + str + "," + str2 + ")");
            }
        }
        if (!this.isMockRun) {
            addXGroupUserInfo(addXGroupInfo, list);
        }
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            return getGroupUserInfo((GroupUserInfo) null);
        }
        try {
            return (GroupUserInfo) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<GroupUserInfo>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.8
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public GroupUserInfo run() {
                    try {
                        return LdapPolicyMgrUserGroupBuilder.this.getGroupUserInfo(groupUserInfo);
                    } catch (Exception e) {
                        LdapPolicyMgrUserGroupBuilder.LOG.error("Failed to add User Group Info : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
            return null;
        }
    }

    private void addXGroupUserInfo(XGroupInfo xGroupInfo, List<String> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            XUserInfo addXUserInfo = addXUserInfo(it.next(), null);
            arrayList.add(addXUserInfo);
            addXUserGroupInfo(addXUserInfo, xGroupInfo);
        }
        this.groupuserInfo.setXuserInfo(arrayList);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public GroupUserInfo getGroupUserInfo(GroupUserInfo groupUserInfo) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.getGroupUserInfo(GroupUserInfo ret)");
        }
        String str = null;
        Gson create = new GsonBuilder().create();
        String json = create.toJson(this.groupuserInfo);
        if (LOG.isDebugEnabled()) {
            LOG.debug("GROUP USER MAPPING" + json);
        }
        if (this.isRangerCookieEnabled) {
            str = cookieBasedUploadEntity(this.groupuserInfo, PM_ADD_GROUP_USER_INFO_URI);
        } else {
            try {
                ClientResponse post = this.ldapUgSyncClient.post(PM_ADD_GROUP_USER_INFO_URI, null, this.groupuserInfo);
                if (post != null) {
                    str = (String) post.getEntity(String.class);
                }
            } catch (Throwable th) {
                LOG.error("Failed to get response, Error is : ", th);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("RESPONSE: [" + str + "]");
        }
        GroupUserInfo groupUserInfo2 = (GroupUserInfo) create.fromJson(str, GroupUserInfo.class);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== LdapPolicyMgrUserGroupBuilder.getGroupUserInfo(GroupUserInfo ret)");
        }
        return groupUserInfo2;
    }

    private MUserInfo addMUser(String str, Map<String, String> map) {
        final MUserInfo mUserInfo = null;
        final MUserInfo mUserInfo2 = new MUserInfo();
        mUserInfo2.setLoginId(str);
        mUserInfo2.setFirstName(str);
        mUserInfo2.setLastName(str);
        mUserInfo2.setOtherAttributes(new Gson().toJson(map));
        String[] strArr = new String[1];
        if (this.userMap.containsKey(str)) {
            strArr[0] = this.userMap.get(str);
        }
        mUserInfo2.setUserRoleList(strArr);
        if (this.authenticationType == null || !this.AUTH_KERBEROS.equalsIgnoreCase(this.authenticationType) || !SecureClientLogin.isKerberosCredentialExists(this.principal, this.keytab)) {
            return getMUser(mUserInfo2, null);
        }
        try {
            return (MUserInfo) Subject.doAs(SecureClientLogin.loginUserFromKeytab(this.principal, this.keytab, this.nameRules), new PrivilegedAction<MUserInfo>() { // from class: org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.9
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public MUserInfo run() {
                    try {
                        return LdapPolicyMgrUserGroupBuilder.this.getMUser(mUserInfo2, mUserInfo);
                    } catch (Exception e) {
                        LdapPolicyMgrUserGroupBuilder.LOG.error("Failed to add User : ", e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public MUserInfo getMUser(MUserInfo mUserInfo, MUserInfo mUserInfo2) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.getMUser()");
        }
        String str = null;
        Gson create = new GsonBuilder().create();
        if (this.isRangerCookieEnabled) {
            str = cookieBasedUploadEntity(mUserInfo, PM_ADD_LOGIN_USER_URI);
        } else {
            try {
                ClientResponse post = this.ldapUgSyncClient.post(PM_ADD_LOGIN_USER_URI, null, mUserInfo);
                if (post != null) {
                    str = (String) post.getEntity(String.class);
                }
            } catch (Exception e) {
                LOG.error("Failed to get response, Error is : " + e.getMessage());
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("RESPONSE[" + str + "]");
        }
        MUserInfo mUserInfo3 = (MUserInfo) create.fromJson(str, MUserInfo.class);
        if (LOG.isDebugEnabled()) {
            LOG.debug("MUser Creation successful " + mUserInfo3);
            LOG.debug("<== LdapPolicyMgrUserGroupBuilder.getMUser()");
        }
        return mUserInfo3;
    }

    public GroupUserInfo getGroupUserInfo(String str) {
        GroupUserInfo groupUserInfo = null;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.getGroupUserInfo(String groupName)");
        }
        try {
            String str2 = null;
            Gson create = new GsonBuilder().create();
            String replaceAll = PM_GET_GROUP_USER_MAP_LIST_URI.replaceAll(Pattern.quote("${groupName}"), URLEncoderUtil.encodeURIParam(str));
            if (this.isRangerCookieEnabled) {
                str2 = cookieBasedGetEntity(replaceAll, 0);
            } else {
                ClientResponse clientResponse = this.ldapUgSyncClient.get(replaceAll, null);
                if (clientResponse != null) {
                    str2 = (String) clientResponse.getEntity(String.class);
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("RESPONSE for " + replaceAll + ": [" + str2 + "]");
            }
            groupUserInfo = (GroupUserInfo) create.fromJson(str2, GroupUserInfo.class);
        } catch (Exception e) {
            LOG.warn("ERROR: Unable to get group user mappings for: " + str, e);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== LdapPolicyMgrUserGroupBuilder.getGroupUserInfo(String groupName)");
        }
        return groupUserInfo;
    }

    private String cookieBasedUploadEntity(Object obj, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()");
        }
        String tryUploadEntityWithCred = (this.sessionId == null || !this.isValidRangerCookie) ? tryUploadEntityWithCred(obj, str) : tryUploadEntityWithCookie(obj, str);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== LdapPolicyMgrUserGroupBuilder.cookieBasedUploadEntity()");
        }
        return tryUploadEntityWithCred;
    }

    private String cookieBasedGetEntity(String str, int i) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.cookieBasedGetEntity()");
        }
        String tryGetEntityWithCred = (this.sessionId == null || !this.isValidRangerCookie) ? tryGetEntityWithCred(str, i) : tryGetEntityWithCookie(str, i);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== LdapPolicyMgrUserGroupBuilder.cookieBasedGetEntity()");
        }
        return tryGetEntityWithCred;
    }

    private String tryUploadEntityWithCookie(Object obj, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()");
        }
        String str2 = null;
        ClientResponse clientResponse = null;
        try {
            clientResponse = this.ldapUgSyncClient.post(str, null, obj, this.sessionId);
        } catch (Throwable th) {
            LOG.error("Failed to get response, Error is : ", th);
        }
        if (clientResponse != null) {
            if (!clientResponse.toString().contains(str)) {
                clientResponse.setStatus(404);
                this.sessionId = null;
                this.isValidRangerCookie = false;
            } else if (clientResponse.getStatus() == 401) {
                this.sessionId = null;
                this.isValidRangerCookie = false;
            } else if (clientResponse.getStatus() == 204 || clientResponse.getStatus() == 200) {
                Iterator it = clientResponse.getCookies().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    NewCookie newCookie = (NewCookie) it.next();
                    if (newCookie.getName().equalsIgnoreCase(this.rangerCookieName)) {
                        if (!this.sessionId.getValue().equalsIgnoreCase(newCookie.toCookie().getValue())) {
                            this.sessionId = newCookie.toCookie();
                        }
                        this.isValidRangerCookie = true;
                    }
                }
            }
            if (clientResponse.getStatus() != 200 && clientResponse.getStatus() != 204 && clientResponse.getStatus() != 400) {
                this.sessionId = null;
                this.isValidRangerCookie = false;
            }
            clientResponse.bufferEntity();
            str2 = (String) clientResponse.getEntity(String.class);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== LdapPolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()");
        }
        return str2;
    }

    private String tryUploadEntityWithCred(Object obj, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()");
        }
        String str2 = null;
        ClientResponse clientResponse = null;
        String json = new GsonBuilder().create().toJson(obj);
        if (LOG.isDebugEnabled()) {
            LOG.debug("USER GROUP MAPPING" + json);
        }
        try {
            clientResponse = this.ldapUgSyncClient.post(str, null, obj);
        } catch (Throwable th) {
            LOG.error("Failed to get response, Error is : ", th);
        }
        if (clientResponse != null) {
            if (!clientResponse.toString().contains(str)) {
                clientResponse.setStatus(404);
            } else if (clientResponse.getStatus() == 401) {
                LOG.warn("Credentials response from ranger is 401.");
            } else if (clientResponse.getStatus() == 200 || clientResponse.getStatus() == 204) {
                this.cookieList = clientResponse.getCookies();
                Iterator<NewCookie> it = this.cookieList.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    NewCookie next = it.next();
                    if (next.getName().equalsIgnoreCase(this.rangerCookieName)) {
                        this.sessionId = next.toCookie();
                        this.isValidRangerCookie = true;
                        LOG.info("valid cookie saved ");
                        break;
                    }
                }
            }
            if (clientResponse.getStatus() != 200 && clientResponse.getStatus() != 204 && clientResponse.getStatus() != 400) {
                this.sessionId = null;
                this.isValidRangerCookie = false;
            }
            clientResponse.bufferEntity();
            str2 = (String) clientResponse.getEntity(String.class);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== LdapPolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()");
        }
        return str2;
    }

    private String tryGetEntityWithCred(String str, int i) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.tryGetEntityWithCred()");
        }
        String str2 = null;
        ClientResponse clientResponse = null;
        HashMap hashMap = new HashMap();
        hashMap.put("pageSize", this.recordsToPullPerCall);
        hashMap.put("startIndex", String.valueOf(i));
        try {
            clientResponse = this.ldapUgSyncClient.get(str, hashMap);
        } catch (Throwable th) {
            LOG.error("Failed to get response, Error is : ", th);
        }
        if (clientResponse != null) {
            if (!clientResponse.toString().contains(str)) {
                clientResponse.setStatus(404);
            } else if (clientResponse.getStatus() == 401) {
                LOG.warn("Credentials response from ranger is 401.");
            } else if (clientResponse.getStatus() == 200 || clientResponse.getStatus() == 204) {
                this.cookieList = clientResponse.getCookies();
                Iterator<NewCookie> it = this.cookieList.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    NewCookie next = it.next();
                    if (next.getName().equalsIgnoreCase(this.rangerCookieName)) {
                        this.sessionId = next.toCookie();
                        this.isValidRangerCookie = true;
                        LOG.info("valid cookie saved ");
                        break;
                    }
                }
            }
            if (clientResponse.getStatus() != 200 && clientResponse.getStatus() != 204 && clientResponse.getStatus() != 400) {
                this.sessionId = null;
                this.isValidRangerCookie = false;
            }
            clientResponse.bufferEntity();
            str2 = (String) clientResponse.getEntity(String.class);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== LdapPolicyMgrUserGroupBuilder.tryGetEntityWithCred()");
        }
        return str2;
    }

    private String tryGetEntityWithCookie(String str, int i) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> LdapPolicyMgrUserGroupBuilder.tryGetEntityWithCookie()");
        }
        String str2 = null;
        ClientResponse clientResponse = null;
        HashMap hashMap = new HashMap();
        hashMap.put("pageSize", this.recordsToPullPerCall);
        hashMap.put("startIndex", String.valueOf(i));
        try {
            clientResponse = this.ldapUgSyncClient.get(str, hashMap, this.sessionId);
        } catch (Throwable th) {
            LOG.error("Failed to get response, Error is : ", th);
        }
        if (clientResponse != null) {
            if (!clientResponse.toString().contains(str)) {
                clientResponse.setStatus(404);
                this.sessionId = null;
                this.isValidRangerCookie = false;
            } else if (clientResponse.getStatus() == 401) {
                this.sessionId = null;
                this.isValidRangerCookie = false;
            } else if (clientResponse.getStatus() == 204 || clientResponse.getStatus() == 200) {
                Iterator it = clientResponse.getCookies().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    NewCookie newCookie = (NewCookie) it.next();
                    if (newCookie.getName().equalsIgnoreCase(this.rangerCookieName)) {
                        if (!this.sessionId.getValue().equalsIgnoreCase(newCookie.toCookie().getValue())) {
                            this.sessionId = newCookie.toCookie();
                        }
                        this.isValidRangerCookie = true;
                    }
                }
            }
            if (clientResponse.getStatus() != 200 && clientResponse.getStatus() != 204 && clientResponse.getStatus() != 400) {
                this.sessionId = null;
                this.isValidRangerCookie = false;
            }
            clientResponse.bufferEntity();
            str2 = (String) clientResponse.getEntity(String.class);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== LdapPolicyMgrUserGroupBuilder.tryGetEntityWithCookie()");
        }
        return str2;
    }

    private void getRoleForUserGroups(String str) {
        StringTokenizer stringTokenizer;
        String roleDelimiter = this.config.getRoleDelimiter();
        String userGroupDelimiter = this.config.getUserGroupDelimiter();
        String userGroupNameDelimiter = this.config.getUserGroupNameDelimiter();
        if (roleDelimiter == null || roleDelimiter.isEmpty()) {
            roleDelimiter = "&";
        }
        if (userGroupDelimiter == null || userGroupDelimiter.isEmpty()) {
            userGroupDelimiter = ":";
        }
        if (userGroupNameDelimiter == null || userGroupNameDelimiter.isEmpty()) {
            userGroupNameDelimiter = ",";
        }
        StringTokenizer stringTokenizer2 = new StringTokenizer(str, roleDelimiter);
        String str2 = null;
        String str3 = null;
        while (stringTokenizer2.hasMoreTokens()) {
            int i = 0;
            String nextToken = stringTokenizer2.nextToken();
            if (nextToken != null && !nextToken.isEmpty() && (stringTokenizer = new StringTokenizer(nextToken, userGroupDelimiter)) != null) {
                while (stringTokenizer.hasMoreElements()) {
                    String nextToken2 = stringTokenizer.nextToken();
                    if (nextToken2 != null && !nextToken2.isEmpty()) {
                        i++;
                        switch (i) {
                            case 1:
                                str3 = nextToken2;
                                break;
                            case 2:
                                str2 = nextToken2;
                                break;
                            case 3:
                                StringTokenizer stringTokenizer3 = new StringTokenizer(nextToken2, userGroupNameDelimiter);
                                if (stringTokenizer3 == null) {
                                    break;
                                } else {
                                    while (stringTokenizer3.hasMoreElements()) {
                                        String nextToken3 = stringTokenizer3.nextToken();
                                        if (nextToken3 != null && !nextToken3.isEmpty()) {
                                            if (str2.trim().equalsIgnoreCase("u")) {
                                                this.userMap.put(nextToken3.trim(), str3.trim());
                                            } else if (str2.trim().equalsIgnoreCase("g")) {
                                                this.groupMap.put(nextToken3.trim(), str3.trim());
                                            }
                                        }
                                    }
                                    break;
                                }
                            default:
                                this.userMap.clear();
                                this.groupMap.clear();
                                break;
                        }
                    }
                }
            }
        }
    }

    static {
        LOCAL_HOSTNAME = "unknown";
        try {
            LOCAL_HOSTNAME = InetAddress.getLocalHost().getCanonicalHostName();
        } catch (UnknownHostException e) {
            LOCAL_HOSTNAME = "unknown";
        }
    }
}
