package com.mapr.fs.cldb;

import com.google.protobuf.ByteString;
import com.mapr.baseutils.utils.AceHelper;
import com.mapr.fs.cldb.jni.AceEvaluator;
import com.mapr.fs.cldb.proto.Accesscontrol;
import com.mapr.fs.cldb.proto.CLDBProto;
import com.mapr.fs.proto.Security;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/mapr/fs/cldb/ClusterAceProcessor.class */
public class ClusterAceProcessor extends ClusterAccessController {
    private static final int MOST_SIGNIFICANT_BIT = 31;
    private static final int SUCCESS_STATUS = 0;
    private Cluster cluster;
    private static final Logger Logger = LogManager.getLogger(ClusterAceProcessor.class);
    private CLDBServer cldbServer = CLDBServerHolder.getInstance();
    private AceEvaluator aceEvaluator = new AceEvaluator();

    public ClusterAceProcessor(Cluster cluster) {
        this.cluster = cluster;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mapr.fs.cldb.ClusterAccessController
    public boolean canPerformAction(Security.CredentialsMsg credentialsMsg, int i, StringBuilder sb) {
        PermissionsManager permissionsManager = PermissionsManager.getInstance();
        CLDBProto.ClusterProperties clusterProperties = permissionsManager.getClusterProperties();
        if (clusterProperties == null) {
            if (sb == null) {
                return false;
            }
            sb.append("Cluster is not Ready: Missing ClusterProperties");
            return false;
        }
        if (credentialsMsg == null) {
            if (!Logger.isInfoEnabled()) {
                return false;
            }
            Logger.info("Credentials missing in the Request");
            return false;
        }
        if (permissionsManager.hasAdminCredentials(credentialsMsg)) {
            return true;
        }
        CLDBProto.ClusterAces clusterAclToClusterAces = clusterProperties.hasAcl() ? clusterAclToClusterAces(clusterProperties.getAcl()) : clusterProperties.getAces();
        if (clusterAclToClusterAces == null) {
            if (sb == null) {
                return false;
            }
            sb.append("Neither ACLs not ACEs are present for the Cluster");
            return false;
        }
        if (Logger.isDebugEnabled()) {
            Logger.debug("[cluster aces] checking perms for user id " + credentialsMsg.getUid());
        }
        int i2 = 0;
        while (i != 0) {
            boolean z = false;
            if ((i & 1) != 0) {
                CLDBProto.ClusterActions valueOf = CLDBProto.ClusterActions.valueOf(i2);
                if (Logger.isDebugEnabled()) {
                    Logger.debug("Verifying access for cluster action " + valueOf.name());
                }
                for (CLDBProto.ClusterAceEntry clusterAceEntry : clusterAclToClusterAces.getAcesList()) {
                    if (clusterAceEntry.hasClusterAction() && clusterAceEntry.getClusterAction() == valueOf && clusterAceEntry.hasExpr()) {
                        z = true;
                        if (this.aceEvaluator.checkAccess(credentialsMsg, clusterAceEntry.getExpr().toStringUtf8())) {
                            return true;
                        }
                    }
                }
                if (!z) {
                    return true;
                }
            }
            i2++;
            i >>= 1;
        }
        if (sb == null) {
            return false;
        }
        sb.append("Authorization Failure");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mapr.fs.cldb.ClusterAccessController
    public CLDBProto.ClusterProperties.Builder setDefaultControls(CLDBProto.ClusterProperties.Builder builder, int i) {
        return builder.setAces(clusterAclToClusterAces(getDefaultAclForCluster(i)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mapr.fs.cldb.ClusterAccessController
    public synchronized Accesscontrol.SetClusterAcesResponse updateClusterAces(Accesscontrol.SetClusterAcesRequest setClusterAcesRequest) {
        if (setClusterAcesRequest == null || !setClusterAcesRequest.hasAces()) {
            return Accesscontrol.SetClusterAcesResponse.newBuilder().setStatus(22).setErrorString("Aces Missing in the Request").build();
        }
        CLDBProto.ClusterProperties clusterProperties = PermissionsManager.getInstance().getClusterProperties();
        if (clusterProperties == null) {
            return Accesscontrol.SetClusterAcesResponse.newBuilder().setStatus(3).setErrorString("Cluster is Not Ready: Missing ClusterProperties").build();
        }
        int number = 1 << CLDBProto.ClusterActions.CLUSTER_ADMIN.getNumber();
        StringBuilder sb = new StringBuilder();
        if (!canPerformAction(setClusterAcesRequest.getCreds(), number, sb)) {
            return Accesscontrol.SetClusterAcesResponse.newBuilder().setStatus(22).setErrorString(sb.toString()).build();
        }
        CLDBProto.ClusterAces aces = setClusterAcesRequest.getAces();
        if (setClusterAcesRequest.getMergeAces()) {
            aces = mergeAces(clusterProperties.getAces(), aces);
        }
        Accesscontrol.SetClusterAcesResponse.Builder newBuilder = Accesscontrol.SetClusterAcesResponse.newBuilder();
        int updateCluster = this.cluster.updateCluster(CLDBProto.ClusterProperties.newBuilder(clusterProperties).setAces(aces).build());
        if (updateCluster != 0) {
            newBuilder.setErrorString("Unable to Update ClusterProperties with new ACEs");
        }
        return newBuilder.setStatus(updateCluster).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mapr.fs.cldb.ClusterAccessController
    public Accesscontrol.GetClusterAcesResponse getClusterAces(Accesscontrol.GetClusterAcesRequest getClusterAcesRequest) {
        CLDBProto.ClusterProperties clusterProperties = PermissionsManager.getInstance().getClusterProperties();
        if (clusterProperties == null) {
            return Accesscontrol.GetClusterAcesResponse.newBuilder().setStatus(3).setErrorString("Cluster is Not Ready: Missing ClusterProperties").build();
        }
        int number = (1 << CLDBProto.ClusterActions.CLUSTER_ADMIN.getNumber()) | (1 << CLDBProto.ClusterActions.CLUSTER_FULL_CONTROL.getNumber()) | (1 << CLDBProto.ClusterActions.CLUSTER_READ_ONLY.getNumber());
        StringBuilder sb = new StringBuilder();
        return !canPerformAction(getClusterAcesRequest.getCreds(), number, sb) ? Accesscontrol.GetClusterAcesResponse.newBuilder().setStatus(22).setErrorString(sb.toString() + ": Need Admin/FullControl/ReadOnly Credentials").build() : !clusterProperties.hasAces() ? Accesscontrol.GetClusterAcesResponse.newBuilder().setStatus(22).setErrorString("Aces Unavailable for the Cluster").build() : Accesscontrol.GetClusterAcesResponse.newBuilder().setAces(clusterProperties.getAces()).setStatus(0).build();
    }

    @Override // com.mapr.fs.cldb.ClusterAccessController
    public CLDBProto.ClusterAces getClusterAces(StringBuilder sb) {
        CLDBProto.ClusterProperties clusterProperties = PermissionsManager.getInstance().getClusterProperties();
        if (clusterProperties == null && sb != null) {
            sb.append("Cluster is Not Ready: Missing ClusterProperties");
            return null;
        }
        if (clusterProperties.hasAces() || sb == null) {
            return clusterProperties.getAces();
        }
        sb.append("Aces Unavailable for the Cluster");
        return null;
    }

    private CLDBProto.ClusterAces clusterAclToClusterAces(Security.AccessControlList accessControlList) {
        HashMap hashMap = new HashMap();
        for (Security.AclEntry aclEntry : accessControlList.getAclList()) {
            Security.SecurityPrincipal principal = aclEntry.getPrincipal();
            if (principal.hasPrincId()) {
                int princId = principal.getPrincId();
                String str = princId == -1 ? "p" : princId < 0 ? "g:" + Integer.toString(princId & ContainerAllocator.ANYWHERE) : "u:" + Integer.toString(princId);
                for (CLDBProto.ClusterActions clusterActions : CLDBProto.ClusterActions.values()) {
                    if (accessAllowed(aclEntry, clusterActions.getNumber())) {
                        StringBuilder sb = (StringBuilder) hashMap.get(clusterActions);
                        if (sb == null) {
                            hashMap.put(clusterActions, new StringBuilder(str));
                        } else {
                            sb.append("|" + str);
                        }
                    }
                }
            }
        }
        CLDBProto.ClusterAces.Builder newBuilder = CLDBProto.ClusterAces.newBuilder();
        for (CLDBProto.ClusterActions clusterActions2 : hashMap.keySet()) {
            try {
                newBuilder.addAces(CLDBProto.ClusterAceEntry.newBuilder().setClusterAction(clusterActions2).setExpr(ByteString.copyFromUtf8(AceHelper.toPostfix(((StringBuilder) hashMap.get(clusterActions2)).toString()))));
            } catch (IOException e) {
                this.cldbServer.getCLDB().shutdown("Error Converting Cluster Aces into Postfix", e);
            }
        }
        return newBuilder.build();
    }

    private CLDBProto.ClusterAces mergeAces(CLDBProto.ClusterAces clusterAces, CLDBProto.ClusterAces clusterAces2) {
        if (clusterAces == null || clusterAces.getAcesCount() == 0) {
            return clusterAces2;
        }
        if (clusterAces2 == null || clusterAces2.getAcesCount() == 0) {
            return clusterAces;
        }
        HashMap hashMap = new HashMap();
        for (CLDBProto.ClusterAceEntry clusterAceEntry : clusterAces.getAcesList()) {
            hashMap.put(clusterAceEntry.getClusterAction(), clusterAceEntry);
        }
        for (CLDBProto.ClusterAceEntry clusterAceEntry2 : clusterAces2.getAcesList()) {
            hashMap.put(clusterAceEntry2.getClusterAction(), clusterAceEntry2);
        }
        CLDBProto.ClusterAces.Builder newBuilder = CLDBProto.ClusterAces.newBuilder();
        Iterator it = hashMap.keySet().iterator();
        while (it.hasNext()) {
            newBuilder.addAces((CLDBProto.ClusterAceEntry) hashMap.get((CLDBProto.ClusterActions) it.next()));
        }
        return newBuilder.build();
    }

    private boolean accessAllowed(Security.AclEntry aclEntry, int i) {
        return aclEntry.hasAllow() && (aclEntry.getAllow() & (1 << i)) != 0;
    }

    void printClusterAcesInfo(CLDBProto.ClusterAces clusterAces, Logger logger) {
        if (clusterAces == null || !Logger.isDebugEnabled()) {
            return;
        }
        for (CLDBProto.ClusterAceEntry clusterAceEntry : clusterAces.getAcesList()) {
            Logger.debug("Cluster Action: " + clusterAceEntry.getClusterAction().name() + " Ace: " + clusterAceEntry.getExpr().toStringUtf8());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mapr.fs.cldb.ClusterAccessController
    public CLDBProto.SecurityModifyAclResponse updateAcl(Security.CredentialsMsg credentialsMsg, CLDBProto.SecurityModifyAclRequest securityModifyAclRequest) {
        return CLDBProto.SecurityModifyAclResponse.newBuilder().setErrorString("ACLs are no longer supported as ACEs have been Enabled").setStatus(22).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.mapr.fs.cldb.ClusterAccessController
    public Security.AccessControlList getAcl(Security.CredentialsMsg credentialsMsg, StringBuilder sb) {
        if (sb == null) {
            return null;
        }
        sb.append("ACLs are no longer supported as ACEs have been Enabled");
        return null;
    }
}
