package com.mapr.fs.cldb;

import com.mapr.baseutils.audit.AuditRecord;
import com.mapr.fs.cldb.proto.Accesscontrol;
import com.mapr.fs.cldb.proto.CLDBProto;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/mapr/fs/cldb/SecurityManager.class */
public class SecurityManager {
    private static SecurityManager s_instance;
    private Cluster cluster;
    private VolumeManager volumeManager;
    private ActiveVolumeMap volumeMap;
    private CLDBServer cldbServer;
    private static final Log LOG = LogFactory.getLog(SecurityManager.class);

    public Accesscontrol.ClientAuthorizationResponse canPerformActions(Accesscontrol.ClientAuthorizationRequest clientAuthorizationRequest) {
        auditRequest(clientAuthorizationRequest);
        StringBuilder sb = new StringBuilder();
        if (!isValidRequest(clientAuthorizationRequest, sb)) {
            return Accesscontrol.ClientAuthorizationResponse.newBuilder().setStatus(22).setErrMsg(sb.toString()).setIsAuthorized(false).build();
        }
        boolean z = true;
        if (clientAuthorizationRequest.getVolumeActions() != 0) {
            if (!clientAuthorizationRequest.hasVolumeName()) {
                return Accesscontrol.ClientAuthorizationResponse.newBuilder().setStatus(22).setErrMsg("Missing Volume Name in the Request").setIsAuthorized(false).build();
            }
            CLDBProto.VolumeProperties volumePropertiesFromName = this.volumeMap.getVolumePropertiesFromName(clientAuthorizationRequest.getVolumeName());
            if (volumePropertiesFromName == null) {
                return Accesscontrol.ClientAuthorizationResponse.newBuilder().setStatus(22).setErrMsg("Missing VolumeProperties for Volume: " + clientAuthorizationRequest.getVolumeName()).setIsAuthorized(false).build();
            }
            z = this.volumeManager.canPerformAction(volumePropertiesFromName, clientAuthorizationRequest.getCreds(), clientAuthorizationRequest.getVolumeActions(), null);
        }
        if (clientAuthorizationRequest.getClusterActions() != 0) {
            z = z && this.cluster.canPerformAction(clientAuthorizationRequest.getCreds(), clientAuthorizationRequest.getClusterActions());
        }
        return Accesscontrol.ClientAuthorizationResponse.newBuilder().setStatus(0).setIsAuthorized(z).build();
    }

    private void auditRequest(Accesscontrol.ClientAuthorizationRequest clientAuthorizationRequest) {
        AuditRecord auditRecord = this.cldbServer.getAuditRecord();
        auditRecord.setCreds(clientAuthorizationRequest.getCreds());
        auditRecord.setOp(AuditRecord.Op.clientAuthorizationRequest);
        StringBuilder sb = new StringBuilder();
        if (clientAuthorizationRequest.hasClusterActions()) {
            sb.append("Cluster Actions: " + clientAuthorizationRequest.getClusterActions());
        }
        if (clientAuthorizationRequest.hasVolumeActions()) {
            sb.append(" Volume Actions: " + clientAuthorizationRequest.getVolumeActions());
        }
        if (clientAuthorizationRequest.hasVolumeName()) {
            sb.append(" Volume Name: " + clientAuthorizationRequest.getVolumeName());
        }
        auditRecord.setResource(sb.toString());
    }

    private boolean isValidRequest(Accesscontrol.ClientAuthorizationRequest clientAuthorizationRequest, StringBuilder sb) {
        if (!clientAuthorizationRequest.hasCreds()) {
            sb.append("Credentials Missing in the Request");
            return false;
        }
        if (clientAuthorizationRequest.getClusterActions() != 0 || clientAuthorizationRequest.getVolumeActions() != 0) {
            return true;
        }
        sb.append("List of Actions missing in the Request");
        return false;
    }

    public static synchronized SecurityManager getInstance() {
        if (s_instance == null) {
            s_instance = new SecurityManager();
        }
        return s_instance;
    }

    public void init(Cluster cluster, VolumeManager volumeManager, ActiveVolumeMap activeVolumeMap) {
        this.cluster = cluster;
        this.volumeManager = volumeManager;
        this.volumeMap = activeVolumeMap;
        this.cldbServer = CLDBServerHolder.getInstance();
    }
}
