package org.apache.sqoop.security.Authorization;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import org.apache.hadoop.util.Shell;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.model.MAOSPermission;
import org.apache.sqoop.model.MAccountableEntity;
import org.apache.sqoop.model.MConnection;
import org.apache.sqoop.model.MJob;
import org.apache.sqoop.model.MJobGroup;
import org.apache.sqoop.model.SchedulerTask;
import org.apache.sqoop.repository.RepositoryManager;
import org.apache.sqoop.security.AuthorizationManager;
import org.apache.sqoop.security.SecurityError;
import org.apache.sqoop.utils.Preconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sqoop/security/Authorization/AuthorizationEngine.class */
public class AuthorizationEngine {
    private static final Logger LOG = LoggerFactory.getLogger(AuthorizationEngine.class);
    private static final Map<String, List<MAOSPermission>> allPermissions = Collections.synchronizedMap(new HashMap());

    /* loaded from: input_file:org/apache/sqoop/security/Authorization/AuthorizationEngine$PrivilegeActionType.class */
    public enum PrivilegeActionType {
        VIEW,
        EDIT,
        EXECUTE,
        GROUP_EDIT,
        JOBS_EDIT,
        JOBS_EXECUTE
    }

    /* loaded from: input_file:org/apache/sqoop/security/Authorization/AuthorizationEngine$ResourceType.class */
    public enum ResourceType {
        CONNECTOR,
        LINK,
        JOB,
        SCHEDULER,
        CONNECTION,
        JOB_GROUP
    }

    /* loaded from: input_file:org/apache/sqoop/security/Authorization/AuthorizationEngine$RoleType.class */
    public enum RoleType {
        USER,
        GROUP,
        ROLE
    }

    public static <T extends MAccountableEntity> void filterResource(String str, String str2, String str3) throws SqoopException {
        Preconditions.checkNotNull(str, SecurityError.AUTH_0016, "The user name is null.");
        Preconditions.checkNotNull(str3, SecurityError.AUTH_0016, "The entity name is null.");
        if (isSpecialUser(str2, str)) {
            return;
        }
        List<MAOSPermission> privilege = getPrivilege(ResourceType.JOB, str, str3);
        if (privilege.isEmpty()) {
            throw new SqoopException(SecurityError.AUTH_0015);
        }
        if (!checkViewPrivilege(str2, str, privilege)) {
            throw new SqoopException(SecurityError.AUTH_0015);
        }
    }

    public static <T extends MAccountableEntity> boolean filterResource4Group(String str, MJobGroup mJobGroup) throws SqoopException {
        Preconditions.checkNotNull(str, SecurityError.AUTH_0016, "The user name is null.");
        Preconditions.checkNotNull(mJobGroup, SecurityError.AUTH_0016, "The resource  is null.");
        String creationUser = mJobGroup.getCreationUser();
        if (isSpecialUser(creationUser, str)) {
            return true;
        }
        List<MAOSPermission> privilege = getPrivilege(ResourceType.JOB_GROUP, str, mJobGroup.getName());
        if (privilege.isEmpty()) {
            return false;
        }
        return checkGroupJobsEditPrivilege(creationUser, str, privilege) || checkGroupJobsExecutePrivilege(creationUser, str, privilege);
    }

    public static int getAuth(ResourceType resourceType, String str, String str2, String str3) {
        Preconditions.checkNotNull(resourceType, SecurityError.AUTH_0016, "The resource type is null.");
        Preconditions.checkNotNull(str, SecurityError.AUTH_0016, "The user name is null.");
        Preconditions.checkNotNull(str3, SecurityError.AUTH_0016, "The entity name is null.");
        int i = 1;
        if (isSpecialUser(str2, str)) {
            return 1 + 2 + 4;
        }
        List<MAOSPermission> privilege = getPrivilege(resourceType, str, str3);
        if (privilege.isEmpty()) {
            return 1;
        }
        if (checkEditPrivilege(str2, str, privilege)) {
            i = 1 + 2;
        }
        if (ResourceType.JOB == resourceType && checkExecutePrivilege(str2, str, privilege)) {
            i += 4;
        }
        return i;
    }

    private static String getPermType(ResourceType resourceType) {
        switch (resourceType) {
            case JOB:
                return "0";
            case SCHEDULER:
                return "1";
            case CONNECTION:
                return "3";
            case JOB_GROUP:
                return "4";
            default:
                LOG.error("Failed to get user groups : invalid resource type");
                throw new SqoopException(SecurityError.AUTH_0016);
        }
    }

    public static int getGroupAuth(String str, MJobGroup mJobGroup) {
        Preconditions.checkNotNull(str, SecurityError.AUTH_0016, "The user name is null.");
        Preconditions.checkNotNull(mJobGroup, SecurityError.AUTH_0016, "The resource  is null.");
        String creationUser = mJobGroup.getCreationUser();
        int i = 0;
        if (isSpecialUser(creationUser, str)) {
            return 0 + 1 + 2 + 4;
        }
        List<MAOSPermission> privilege = getPrivilege(ResourceType.JOB_GROUP, str, mJobGroup.getName());
        if (privilege.isEmpty()) {
            return 0;
        }
        if (checkGroupEditPrivilege(creationUser, str, privilege)) {
            i = 0 + 1;
        }
        if (checkGroupJobsEditPrivilege(creationUser, str, privilege)) {
            i += 2;
        }
        if (checkGroupJobsExecutePrivilege(creationUser, str, privilege)) {
            i += 4;
        }
        return i;
    }

    public static void editJob(String str, MJob mJob) throws SqoopException {
        Preconditions.checkNotNull(str, SecurityError.AUTH_0016, "The user name is null.");
        Preconditions.checkNotNull(mJob, SecurityError.AUTH_0016, "The job is null.");
        if (isSpecialUser(mJob.getCreationUser(), str)) {
            return;
        }
        List<MAOSPermission> privilege = getPrivilege(ResourceType.JOB, str, mJob.getName());
        if (privilege.isEmpty()) {
            throw new SqoopException(SecurityError.AUTH_0012);
        }
        if (!checkEditPrivilege(mJob.getCreationUser(), str, privilege)) {
            throw new SqoopException(SecurityError.AUTH_0012);
        }
    }

    public static void executeJob(String str, MJob mJob) throws SqoopException {
        Preconditions.checkNotNull(str, SecurityError.AUTH_0016, "The user name is null.");
        Preconditions.checkNotNull(mJob, SecurityError.AUTH_0016, "The job is null.");
        if (isSpecialUser(mJob.getCreationUser(), str)) {
            return;
        }
        List<MAOSPermission> privilege = getPrivilege(ResourceType.JOB, str, mJob.getName());
        if (privilege.isEmpty()) {
            throw new SqoopException(SecurityError.AUTH_0014);
        }
        if (!checkExecutePrivilege(mJob.getCreationUser(), str, privilege)) {
            throw new SqoopException(SecurityError.AUTH_0014);
        }
    }

    public static void editScheduler(String str, SchedulerTask schedulerTask) throws SqoopException {
        Preconditions.checkNotNull(str, SecurityError.AUTH_0016, "The user name is null.");
        Preconditions.checkNotNull(schedulerTask, SecurityError.AUTH_0016, "The scheduler is null.");
        if (isSpecialUser(schedulerTask.getCreationUser(), str)) {
            return;
        }
        List<MAOSPermission> privilege = getPrivilege(ResourceType.SCHEDULER, str, schedulerTask.getTaskName());
        if (privilege.isEmpty()) {
            throw new SqoopException(SecurityError.AUTH_0017);
        }
        if (!checkEditPrivilege(schedulerTask.getCreationUser(), str, privilege)) {
            throw new SqoopException(SecurityError.AUTH_0017);
        }
    }

    public static void editConnection(String str, MConnection mConnection) throws SqoopException {
        Preconditions.checkNotNull(str, SecurityError.AUTH_0016, "The user name is null.");
        Preconditions.checkNotNull(mConnection, SecurityError.AUTH_0016, "The connection is null.");
        if (isSpecialUser(mConnection.getCreationUser(), str)) {
            return;
        }
        List<MAOSPermission> privilege = getPrivilege(ResourceType.CONNECTION, str, mConnection.getName());
        if (privilege.isEmpty()) {
            throw new SqoopException(SecurityError.AUTH_0018);
        }
        if (!checkEditPrivilege(mConnection.getCreationUser(), str, privilege)) {
            throw new SqoopException(SecurityError.AUTH_0018);
        }
    }

    public static void editJobGroup(String str, String str2, String str3) throws SqoopException {
        Preconditions.checkNotNull(str, SecurityError.AUTH_0016, "The user name is null.");
        if (null == str3 || isSpecialUser(str2, str)) {
            return;
        }
        List<MAOSPermission> privilege = getPrivilege(ResourceType.JOB_GROUP, str, str3);
        if (privilege.isEmpty()) {
            throw new SqoopException(SecurityError.NO_PERMISSION_TO_OPERATE_JOB_GROUP);
        }
        if (!checkGroupEditPrivilege(str2, str, privilege)) {
            throw new SqoopException(SecurityError.NO_PERMISSION_TO_OPERATE_JOB_GROUP);
        }
    }

    public static boolean editGroupJobs(String str, MJobGroup mJobGroup) throws SqoopException {
        Preconditions.checkNotNull(str, SecurityError.AUTH_0016, "The user name is null.");
        Preconditions.checkNotNull(mJobGroup, SecurityError.AUTH_0016, "The jobGroup is null.");
        if (null == mJobGroup) {
            return false;
        }
        if (isSpecialUser(mJobGroup.getCreationUser(), str)) {
            return true;
        }
        List<MAOSPermission> privilege = getPrivilege(ResourceType.JOB_GROUP, str, mJobGroup.getName());
        return !privilege.isEmpty() && checkGroupJobsEditPrivilege(mJobGroup.getCreationUser(), str, privilege);
    }

    public static boolean executeGroupJobs(String str, MJobGroup mJobGroup) throws SqoopException {
        Preconditions.checkNotNull(str, SecurityError.AUTH_0016, "The user name is null.");
        Preconditions.checkNotNull(mJobGroup, SecurityError.AUTH_0016, "The jobGroup is null.");
        if (null == mJobGroup) {
            return false;
        }
        if (isSpecialUser(mJobGroup.getCreationUser(), str)) {
            return true;
        }
        List<MAOSPermission> privilege = getPrivilege(ResourceType.JOB_GROUP, str, mJobGroup.getName());
        return !privilege.isEmpty() && checkGroupJobsExecutePrivilege(mJobGroup.getCreationUser(), str, privilege);
    }

    public static void clearPermissionCache() {
        LOG.info("Clear resource permission cache");
        allPermissions.clear();
    }

    public static List<MAOSPermission> getUserPrivilege(String str) {
        if (allPermissions.containsKey(str)) {
            return allPermissions.get(str);
        }
        try {
            List<MAOSPermission> userPermission = RepositoryManager.getInstance().getRepository().getUserPermission(getUnixGroups(str));
            allPermissions.put(str, userPermission);
            return userPermission;
        } catch (IOException e) {
            LOG.error("Failed to get user groups : ", e);
            throw new SqoopException(SecurityError.AUTH_0013);
        }
    }

    private static List<MAOSPermission> getPrivilege(ResourceType resourceType, String str, String str2) {
        List<MAOSPermission> userPrivilege = getUserPrivilege(str);
        String permType = getPermType(resourceType);
        ArrayList arrayList = new ArrayList();
        for (MAOSPermission mAOSPermission : userPrivilege) {
            if (permType.equals(mAOSPermission.getType()) && str2.equals(mAOSPermission.getName())) {
                arrayList.add(mAOSPermission);
            }
        }
        return arrayList;
    }

    public static boolean isAdmin(String str) {
        Iterator<MAOSPermission> it = getUserPrivilege(str).iterator();
        while (it.hasNext()) {
            if (it.next().isAdmin()) {
                return true;
            }
        }
        return false;
    }

    private static boolean isSpecialUser(String str, String str2) {
        if (str2.equals(str)) {
            return true;
        }
        return isAdmin(str2);
    }

    private static boolean checkEditPrivilege(String str, String str2, List<MAOSPermission> list) {
        return AuthorizationManager.getAuthorizationHandler().checkEditPrivileges(str, str2, list);
    }

    private static boolean checkExecutePrivilege(String str, String str2, List<MAOSPermission> list) {
        return AuthorizationManager.getAuthorizationHandler().checkExecutePrivileges(str, str2, list);
    }

    private static boolean checkViewPrivilege(String str, String str2, List<MAOSPermission> list) {
        return AuthorizationManager.getAuthorizationHandler().checkViewPrivileges(str, str2, list);
    }

    private static boolean checkGroupEditPrivilege(String str, String str2, List<MAOSPermission> list) {
        return AuthorizationManager.getAuthorizationHandler().checkGroupEditPrivileges(str, str2, list);
    }

    private static boolean checkGroupJobsEditPrivilege(String str, String str2, List<MAOSPermission> list) {
        return AuthorizationManager.getAuthorizationHandler().checkGroupJobsEditPrivileges(str, str2, list);
    }

    private static boolean checkGroupJobsExecutePrivilege(String str, String str2, List<MAOSPermission> list) {
        return AuthorizationManager.getAuthorizationHandler().checkGroupJobsExecutePrivilege(str, str2, list);
    }

    private static List<String> getUnixGroups(String str) throws IOException {
        String str2 = "";
        try {
            str2 = Shell.execCommand(Shell.getGroupsForUserCommand(str));
        } catch (Shell.ExitCodeException e) {
            LOG.warn("got exception trying to get groups for user " + str + ". IOException: " + e);
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str2);
        LinkedList linkedList = new LinkedList();
        LOG.debug("user " + str + " groups is:");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            LOG.debug("   " + nextToken);
            linkedList.add(nextToken);
        }
        return linkedList;
    }
}
