package com.mapr.fs.cldb;

import com.mapr.baseutils.utils.ACL;
import com.mapr.baseutils.utils.AclUtil;
import com.mapr.baseutils.utils.Util;
import com.mapr.fs.cldb.proto.Accesscontrol;
import com.mapr.fs.cldb.proto.CLDBProto;
import com.mapr.fs.proto.Security;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/mapr/fs/cldb/ClusterAclProcessor.class */
public class ClusterAclProcessor extends ClusterAccessController {
    private Cluster cluster;
    private static final Log LOG = LogFactory.getLog(ClusterAclProcessor.class);
    private PermissionsManager permsManager = PermissionsManager.getInstance();
    private CLDBServer cldbServer = CLDBServerHolder.getInstance();

    public ClusterAclProcessor(Cluster cluster) {
        this.cluster = cluster;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mapr.fs.cldb.ClusterAccessController
    public boolean canPerformAction(Security.CredentialsMsg credentialsMsg, int i, StringBuilder sb) {
        CLDBProto.ClusterProperties clusterProperties = this.permsManager.getClusterProperties();
        if (clusterProperties == null) {
            if (sb == null || sb.length() != 0) {
                return false;
            }
            sb.append("Cluster is not Ready: Missing ClusterProperties");
            return false;
        }
        if (credentialsMsg == null) {
            if (LOG.isInfoEnabled()) {
                LOG.info("Credentials missing in the Request");
            }
            if (sb == null || sb.length() != 0) {
                return false;
            }
            sb.append("Credentials missing in the Request");
            return false;
        }
        if (this.permsManager.hasAdminCredentials(credentialsMsg)) {
            return true;
        }
        if (clusterProperties.getAcl() != null) {
            return new ACL(clusterProperties.getAcl()).verifyPermissions(credentialsMsg, i, sb);
        }
        if (sb == null || sb.length() != 0) {
            return false;
        }
        sb.append("Missing ACLs in ClusterProperties");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mapr.fs.cldb.ClusterAccessController
    public CLDBProto.ClusterProperties.Builder setDefaultControls(CLDBProto.ClusterProperties.Builder builder, int i) {
        return builder.setAcl(getDefaultAclForCluster(i));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mapr.fs.cldb.ClusterAccessController
    public Security.AccessControlList getAcl(Security.CredentialsMsg credentialsMsg, StringBuilder sb) {
        CLDBProto.ClusterProperties clusterProperties = this.cluster.getClusterProperties();
        if (clusterProperties == null) {
            sb.append("Cluster is Not Ready: Missing ClusterProperties");
            return null;
        }
        if (!this.permsManager.canPerformClusterAction(CLDBProto.UserActions.ClusterRead, credentialsMsg) && !this.permsManager.canPerformClusterAction(CLDBProto.UserActions.ClusterAdmin, credentialsMsg)) {
            sb.append("User do not have permissions to read/access ACLs.");
            return null;
        }
        if (!clusterProperties.hasAcl()) {
            sb.append("Missing ACLs in Cluster Properties");
        }
        return clusterProperties.getAcl();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mapr.fs.cldb.ClusterAccessController
    public CLDBProto.SecurityModifyAclResponse updateAcl(Security.CredentialsMsg credentialsMsg, CLDBProto.SecurityModifyAclRequest securityModifyAclRequest) {
        CLDBProto.ClusterProperties properties = this.cluster.getProperties();
        if (properties == null) {
            return CLDBProto.SecurityModifyAclResponse.newBuilder().setStatus(3).setErrorString("Cluster is Not Ready: Missing ClusterProperties").build();
        }
        if (!this.permsManager.canPerformClusterAction(CLDBProto.UserActions.ClusterAclUpdate, credentialsMsg)) {
            return CLDBProto.SecurityModifyAclResponse.newBuilder().setCreds(this.cldbServer.getCldbCreds()).setStatus(1).setErrorString("User do not have permissions to update ACLs.").build();
        }
        Security.AccessControlList acl = properties.getAcl();
        if (acl == null) {
            return CLDBProto.SecurityModifyAclResponse.newBuilder().setCreds(this.cldbServer.getCldbCreds()).setStatus(61).setErrorString("ACL not found.").build();
        }
        Security.AccessControlList build = AclUtil.purgeEmptyAclEntries((securityModifyAclRequest.hasEditFlag() && securityModifyAclRequest.getEditFlag()) ? AclUtil.mergeAcls(acl, securityModifyAclRequest.getAcl()) : Security.AccessControlList.newBuilder(securityModifyAclRequest.getAcl())).build();
        StringBuilder sb = new StringBuilder();
        int updateCluster = this.cluster.updateCluster(CLDBProto.ClusterProperties.newBuilder(properties).setAcl(build).build(), sb);
        if (updateCluster != 0) {
            return CLDBProto.SecurityModifyAclResponse.newBuilder().setCreds(this.cldbServer.getCldbCreds()).setStatus(updateCluster).setErrorString(sb.toString()).build();
        }
        ActivePolicyMap.getInstance().sendClusterInfoToPolicyServer();
        if (LOG.isInfoEnabled()) {
            LOG.info("[Modify ACL Req] IP: " + Util.printIPAddress(this.cldbServer.getThreadLocalIPAddress()) + " uid: " + credentialsMsg.getUid() + " old ACL " + AclUtil.buildAclString(acl, this.cldbServer.getUserInfo()) + " new ACL " + AclUtil.buildAclString(build, this.cldbServer.getUserInfo()));
        }
        return CLDBProto.SecurityModifyAclResponse.newBuilder().setCreds(this.cldbServer.getCldbCreds()).setStatus(0).setAcl(build).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mapr.fs.cldb.ClusterAccessController
    public Accesscontrol.SetClusterAcesResponse updateClusterAces(Accesscontrol.SetClusterAcesRequest setClusterAcesRequest) {
        return Accesscontrol.SetClusterAcesResponse.newBuilder().setErrorString("ACEs have not yet been Enabled on this Version").setStatus(22).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mapr.fs.cldb.ClusterAccessController
    public Accesscontrol.GetClusterAcesResponse getClusterAces(Accesscontrol.GetClusterAcesRequest getClusterAcesRequest) {
        return Accesscontrol.GetClusterAcesResponse.newBuilder().setErrorString("ACEs have not yet been Enabled on this Version").setStatus(22).build();
    }

    @Override // com.mapr.fs.cldb.ClusterAccessController
    public CLDBProto.ClusterAces getClusterAces(StringBuilder sb) {
        if (sb == null) {
            return null;
        }
        sb.append("ACEs have not yet been Enabled on this Version");
        return null;
    }
}
