package com.mapr.fs.cldbs3server.policy;

import com.mapr.baseutils.audit.AuditRecord;
import com.mapr.fs.RpcCallContext;
import com.mapr.fs.cldbs3server.S3Server;
import com.mapr.fs.cldbs3server.S3ServerUtil;
import com.mapr.fs.cldbs3server.S3Status;
import com.mapr.fs.cldbs3server.account.S3AccountManager;
import com.mapr.fs.cldbs3server.group.S3GroupManager;
import com.mapr.fs.cldbs3server.user.S3UserManager;
import com.mapr.fs.proto.CLDBS3ServerProto;
import com.mapr.fs.proto.Security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.regex.Pattern;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/mapr/fs/cldbs3server/policy/S3PolicyManager.class */
public class S3PolicyManager {
    private static final Logger LOG = LogManager.getLogger(S3PolicyManager.class);
    private static S3PolicyManager s_instance = null;
    private PolicyHelper policyHelper = PolicyHelper.getInstance();
    private S3AccountManager accountMgr;
    private S3UserManager userMgr;
    private S3GroupManager groupMgr;

    public static S3PolicyManager getInstance() throws Exception {
        if (s_instance == null) {
            synchronized (S3PolicyManager.class) {
                if (s_instance == null) {
                    s_instance = new S3PolicyManager();
                }
            }
        }
        return s_instance;
    }

    public boolean addAccount(int i, String str) throws Exception {
        return this.policyHelper.addAccount(i, str);
    }

    public void removeAccount(int i, S3Status s3Status) {
        this.policyHelper.removeAccount(i, s3Status);
    }

    public boolean finalizeAccount(int i) throws Exception {
        return this.policyHelper.finalizeAccount(i);
    }

    public boolean init() throws Exception {
        this.accountMgr = S3AccountManager.getInstance();
        this.userMgr = S3UserManager.getInstance();
        this.groupMgr = S3GroupManager.getInstance();
        this.policyHelper.init();
        return true;
    }

    void isValidPolicyName(int i, String str, S3Status s3Status) {
        s3Status.resetStatus();
        int length = str.length();
        if (length < 1 || length > 64) {
            s3Status.setMsg("Permissible name length is [1-64]");
            s3Status.setStatus(34);
            return;
        }
        Pattern compile = Pattern.compile("[a-zA-Z0-9_+=,.@-]+");
        if (compile.matcher(str).matches()) {
            return;
        }
        s3Status.setMsg("Invalid name, Allowed Chars: " + compile.toString());
        s3Status.setStatus(22);
    }

    public CLDBS3ServerProto.S3CreatePolicyResponse policyCreate(RpcCallContext rpcCallContext, CLDBS3ServerProto.S3CreatePolicyRequest s3CreatePolicyRequest) {
        CLDBS3ServerProto.S3CreatePolicyResponse.Builder newBuilder = CLDBS3ServerProto.S3CreatePolicyResponse.newBuilder();
        S3Status s3Status = new S3Status();
        String domainName = s3CreatePolicyRequest.getDomainName();
        String accountName = s3CreatePolicyRequest.getAccountName();
        String policyName = s3CreatePolicyRequest.getPolicyName();
        byte[] byteArray = s3CreatePolicyRequest.getPolicyDoc().toByteArray();
        addPolicyAuditRecord(rpcCallContext, s3CreatePolicyRequest.hasCreds() ? s3CreatePolicyRequest.getCreds() : null, AuditRecord.Op.s3CreatePolicy, domainName + "." + accountName, policyName, null, null, null);
        int accountId = this.accountMgr.getAccountId(domainName, accountName);
        if (accountId < 0) {
            newBuilder.setErrString("Invalid account for policy create, policy: " + policyName + " Account: " + this.accountMgr.getAccountFqn(domainName, accountName));
            newBuilder.setStatus(22);
            return newBuilder.build();
        }
        isValidPolicyName(accountId, policyName, s3Status);
        if (s3Status.getStatus() != 0) {
            newBuilder.setErrString(s3Status.getMsg());
            newBuilder.setStatus(22);
            LOG.error(s3Status.getMsg());
            return newBuilder.build();
        }
        PolicyNameRow addNewPolicyEntry = addNewPolicyEntry(accountId, policyName, byteArray, s3Status);
        if (s3Status.getStatus() != 0) {
            newBuilder.setErrString(s3Status.getMsg());
            newBuilder.setStatus(s3Status.getStatus());
            return newBuilder.build();
        }
        newBuilder.setStatus(0);
        LOG.info("Policy creation {} is successful, pnRow: {}", addNewPolicyEntry);
        return newBuilder.build();
    }

    private PolicyNameRow addNewPolicyEntry(int i, String str, byte[] bArr, S3Status s3Status) {
        s3Status.setStatus(0);
        PolicyNameRow addPolicyEntryTxn = addPolicyEntryTxn(i, str, bArr, s3Status);
        if (s3Status.getStatus() != 0) {
            LOG.error("addNewPolicyEntry failed: account: {} policyName: {} status: {}", Integer.valueOf(i), str, Integer.valueOf(s3Status.getStatus()));
            return null;
        }
        if (S3Server.isTedEventEnabled(1607)) {
            return null;
        }
        int pid = addPolicyEntryTxn.getPid();
        PolicyNameRow executePolicyEntryTxn = executePolicyEntryTxn(i, addPolicyEntryTxn, s3Status);
        if (s3Status.getStatus() == 0) {
            return executePolicyEntryTxn;
        }
        LOG.error("For NewPolicy, executePolicyEntryTxn failed: account: {} policyName: {} pid: {} status: {}", Integer.valueOf(i), str, Integer.valueOf(pid), Integer.valueOf(s3Status.getStatus()));
        return null;
    }

    private PolicyNameRow addPolicyEntryTxn(int i, String str, byte[] bArr, S3Status s3Status) {
        s3Status.setStatus(0);
        String stringPolicyNameTable = this.policyHelper.toStringPolicyNameTable(i);
        this.policyHelper.lockPolicyNameTable(i);
        while (true) {
            try {
                try {
                    PolicyNameRow fetchPolicyNameRow = this.policyHelper.fetchPolicyNameRow(i, str, s3Status);
                    if (s3Status.getStatus() == 0) {
                        if (!fetchPolicyNameRow.isTxnInProgress()) {
                            s3Status.setStatus(17);
                            s3Status.setMsg("Policy: " + str + " already exists");
                            this.policyHelper.unlockPolicyNameTable(i);
                            return fetchPolicyNameRow;
                        }
                        this.policyHelper.addPolicyNameTableWaiter(i, str);
                    } else if (s3Status.getStatus() != 2) {
                        LOG.debug("addPolicyEntryTxn: Table: {} getPolicyName {} failed with {}", stringPolicyNameTable, str, Integer.valueOf(s3Status.getStatus()));
                    } else {
                        s3Status.resetStatus();
                        if (this.policyHelper.policyNameInUse(i, str)) {
                            s3Status.setMsg("PolicyName " + str + " is already in use");
                            s3Status.setStatus(119);
                            this.policyHelper.unlockPolicyNameTable(i);
                            return null;
                        }
                        s3Status.resetStatus();
                        int nextPid = this.accountMgr.getNextPid(i, s3Status);
                        if (s3Status.getStatus() == 0) {
                            PolicyNameRow txnRowForPolicyCreate = PolicyHelper.getTxnRowForPolicyCreate(str, nextPid, bArr);
                            this.policyHelper.putPolicyNameRow(i, txnRowForPolicyCreate, s3Status);
                            this.policyHelper.addToPolicyNameCache(i, str);
                            this.policyHelper.unlockPolicyNameTable(i);
                            return txnRowForPolicyCreate;
                        }
                    }
                } catch (Exception e) {
                    LOG.debug("Exception {} while adding policy entry", e);
                    S3ServerUtil.sleepForSeconds(2);
                }
            } catch (Throwable th) {
                this.policyHelper.unlockPolicyNameTable(i);
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PolicyNameRow executePolicyEntryTxn(int i, PolicyNameRow policyNameRow, S3Status s3Status) {
        policyCreateAddUid(i, policyNameRow, s3Status);
        if (s3Status.getStatus() != 0) {
            LOG.error("policyCreateAddUid failed with status: {} {}", Integer.valueOf(s3Status.getStatus()), s3Status.getMsg());
            return null;
        }
        PolicyNameRow policyCreateConfirm = policyCreateConfirm(i, policyNameRow, s3Status);
        if (s3Status.getStatus() == 0) {
            return policyCreateConfirm;
        }
        LOG.error("policyCreateConfirm failed with status: {} {}", Integer.valueOf(s3Status.getStatus()), s3Status.getMsg());
        return null;
    }

    private void policyCreateAddUid(int i, PolicyNameRow policyNameRow, S3Status s3Status) {
        String stringPolicyIdTable = this.policyHelper.toStringPolicyIdTable(i);
        PolicyIdRow pidRowForPolicyCreate = PolicyHelper.getPidRowForPolicyCreate(policyNameRow);
        this.policyHelper.lockPolicyIdTable(i);
        while (true) {
            try {
                try {
                    this.policyHelper.putPolicyIdRow(i, pidRowForPolicyCreate, s3Status);
                } catch (Exception e) {
                    LOG.info("Exception {} while adding policy id entry to table: {}  .. retrying", e, stringPolicyIdTable);
                    S3ServerUtil.sleepForSeconds(2);
                }
                if (s3Status.getStatus() == 0) {
                    return;
                } else {
                    LOG.debug("addPolicyId: Table: {} putPolicyId {} failed with {}", stringPolicyIdTable, Integer.valueOf(pidRowForPolicyCreate.getPid()), Integer.valueOf(s3Status.getStatus()));
                }
            } finally {
                this.policyHelper.unlockPolicyIdTable(i);
            }
        }
    }

    private PolicyNameRow policyCreateConfirm(int i, PolicyNameRow policyNameRow, S3Status s3Status) {
        String stringPolicyNameTable = this.policyHelper.toStringPolicyNameTable(i);
        PolicyNameRow rowForPolicyCreateConfirm = PolicyHelper.getRowForPolicyCreateConfirm(policyNameRow);
        this.policyHelper.lockPolicyNameTable(i);
        while (true) {
            try {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("policyCreateConfirm: Confirming Row: {}", rowForPolicyCreateConfirm.dump());
                }
                try {
                    this.policyHelper.putPolicyNameRow(i, rowForPolicyCreateConfirm, s3Status);
                } catch (Exception e) {
                    LOG.info("Exception {} while adding policy name confirm to table: {}, retrying..", e, stringPolicyNameTable);
                    S3ServerUtil.sleepForSeconds(2);
                }
                if (s3Status.getStatus() == 0) {
                    this.policyHelper.wakeUpAllPolicyNameTableWaiters(i, rowForPolicyCreateConfirm.getPolicyName());
                    return rowForPolicyCreateConfirm;
                }
                LOG.debug("policyCreateConfirm: Table: {} put PolicyName {} failed with {}", stringPolicyNameTable, rowForPolicyCreateConfirm.getPolicyName(), Integer.valueOf(s3Status.getStatus()));
            } finally {
                this.policyHelper.unlockPolicyNameTable(i);
            }
        }
    }

    private void addPolicyAuditRecord(RpcCallContext rpcCallContext, Security.CredentialsMsg credentialsMsg, AuditRecord.Op op, String str, String str2, String str3, String str4, String str5) {
        S3Server.addAuditRecord(S3Server.getUserCreds(rpcCallContext, credentialsMsg), op, str);
        AuditRecord auditRecord = S3Server.getInstance().getAuditRecord();
        if (str2 != null && !str2.isEmpty()) {
            auditRecord.setValues("policyName", (String) null, str2);
        }
        if (str3 != null && !str3.isEmpty()) {
            auditRecord.setValues("users", (String) null, str3);
        }
        if (str4 != null && !str4.isEmpty()) {
            auditRecord.setValues("groups", (String) null, str4);
        }
        if (str5 == null || str5.isEmpty()) {
            return;
        }
        auditRecord.setValues("principalsAccount", (String) null, str5);
    }

    public CLDBS3ServerProto.S3AttachPolicyResponse policyAttach(RpcCallContext rpcCallContext, CLDBS3ServerProto.S3AttachPolicyRequest s3AttachPolicyRequest) {
        CLDBS3ServerProto.S3AttachPolicyResponse.Builder newBuilder = CLDBS3ServerProto.S3AttachPolicyResponse.newBuilder();
        S3Status s3Status = new S3Status();
        String domainName = s3AttachPolicyRequest.getDomainName();
        String accountName = s3AttachPolicyRequest.getAccountName();
        String principalsAccount = s3AttachPolicyRequest.getPrincipalsAccount();
        String policyName = s3AttachPolicyRequest.getPolicyName();
        String accountFqn = this.accountMgr.getAccountFqn(domainName, accountName);
        String accountFqn2 = this.accountMgr.getAccountFqn(domainName, principalsAccount);
        addPolicyAuditRecord(rpcCallContext, s3AttachPolicyRequest.hasCreds() ? s3AttachPolicyRequest.getCreds() : null, AuditRecord.Op.s3AttachPolicy, domainName + "." + accountName, policyName, s3AttachPolicyRequest.getUsersList().toString(), s3AttachPolicyRequest.getGroupsList().toString(), principalsAccount);
        int accountId = this.accountMgr.getAccountId(domainName, accountName);
        if (accountId < 0) {
            newBuilder.setErrString("Invalid account for policy create, attach: " + policyName + " Account: " + accountFqn);
            newBuilder.setStatus(22);
            return newBuilder.build();
        }
        int accountId2 = this.accountMgr.getAccountId(domainName, principalsAccount);
        if (accountId2 < 0) {
            newBuilder.setErrString("Invalid principal account for policy attach, policy: " + policyName + " Account: " + accountFqn2);
            newBuilder.setStatus(22);
            return newBuilder.build();
        }
        if (accountId != accountId2 && !this.accountMgr.isLDAPAccount(accountId2)) {
            newBuilder.setErrString("Invalid cross account for policy: " + policyName + " Account: " + accountFqn2);
            newBuilder.setStatus(22);
            return newBuilder.build();
        }
        HashSet hashSet = new HashSet((Collection) s3AttachPolicyRequest.getUsersList());
        HashSet hashSet2 = new HashSet((Collection) s3AttachPolicyRequest.getGroupsList());
        if (hashSet.isEmpty() && hashSet2.isEmpty()) {
            newBuilder.setErrString("No Principals Provided");
            newBuilder.setStatus(0);
            return newBuilder.build();
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Policy attach, input: domain:{} account: {} principalAccount: {} policy: {} users: {} groups: {}", domainName, accountName, principalsAccount, policyName, hashSet, hashSet2);
        }
        HashSet hashSet3 = new HashSet();
        HashSet hashSet4 = new HashSet();
        PolicyIdRow attachPolicyToPrincipals = attachPolicyToPrincipals(accountId, policyName, accountId2, hashSet, hashSet2, hashSet3, hashSet4, s3Status);
        if (s3Status.getStatus() != 0) {
            newBuilder.setErrString(s3Status.getMsg());
            newBuilder.setStatus(s3Status.getStatus());
            return newBuilder.build();
        }
        newBuilder.setStatus(0);
        if (!hashSet3.isEmpty() || !hashSet4.isEmpty()) {
            String failedPrincipalString = failedPrincipalString("Policy Attach overall successful but failed for ", hashSet3, hashSet4);
            newBuilder.setErrString(failedPrincipalString);
            LOG.info(failedPrincipalString);
        }
        LOG.info("Policy attach is successful, pidRow: {}", attachPolicyToPrincipals);
        return newBuilder.build();
    }

    private PolicyIdRow attachPolicyToPrincipals(int i, String str, int i2, Set<String> set, Set<String> set2, Set<String> set3, Set<String> set4, S3Status s3Status) {
        s3Status.resetStatus();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        PolicyNameRow fetchPolicyNameRow = this.policyHelper.fetchPolicyNameRow(i, str, s3Status);
        if (s3Status.getStatus() != 0 || !fetchPolicyNameRow.isValid()) {
            return null;
        }
        int pid = fetchPolicyNameRow.getPid();
        getUidsForPolicyAttach(i, str, i2, set, hashMap, set3);
        getGidsForPolicyAttach(i, str, i2, set2, hashMap2, set4);
        if (set3.size() == set.size() && set4.size() == set2.size()) {
            String failedPrincipalString = failedPrincipalString("PolicyAttach: No valid principal, failed", set3, set4);
            LOG.info("PolicyAttach: No valid principal, failed" + failedPrincipalString);
            s3Status.setStatus(22);
            s3Status.setMsg(failedPrincipalString);
            return null;
        }
        PolicyIdRow attachPolicyEntryTxn = attachPolicyEntryTxn(i, pid, hashMap.keySet(), hashMap2.keySet(), s3Status);
        if (s3Status.getStatus() == 61) {
            LOG.info("PolicyAttach: No unattached principal, " + failedPrincipalString("Policy already attached for valid principals and failed for ", set3, set4));
            s3Status.setStatus(0);
            return attachPolicyEntryTxn;
        }
        if (s3Status.getStatus() != 0) {
            LOG.error("attachPolicyEntryTxn failed: account: {} policyName: {} status: {}", Integer.valueOf(i), str, Integer.valueOf(s3Status.getStatus()));
            return null;
        }
        if (S3Server.isTedEventEnabled(1615)) {
            return null;
        }
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        PolicyIdRow executePolicyAttachTxn = executePolicyAttachTxn(i, attachPolicyEntryTxn, hashSet, hashSet2, s3Status);
        if (s3Status.getStatus() != 0) {
            LOG.error("executePolicyAttachTxn failed: account: {} policy: status: {}", Integer.valueOf(i), executePolicyAttachTxn, Integer.valueOf(s3Status.getStatus()));
            return null;
        }
        Iterator<Long> it = hashSet.iterator();
        while (it.hasNext()) {
            set3.add(hashMap.get(Long.valueOf(it.next().longValue())));
        }
        Iterator<Long> it2 = hashSet2.iterator();
        while (it2.hasNext()) {
            set4.add(hashMap2.get(Long.valueOf(it2.next().longValue())));
        }
        return executePolicyAttachTxn;
    }

    private void getUidsForPolicyAttach(int i, String str, int i2, Set<String> set, Map<Long, String> map, Set<String> set2) {
        S3Status s3Status = new S3Status();
        for (String str2 : set) {
            s3Status.resetStatus();
            long uidForPolicyAttach = this.userMgr.getUidForPolicyAttach(i, str2, i2, s3Status);
            if (s3Status.getStatus() != 0 || uidForPolicyAttach < 0) {
                set2.add(str2);
                LOG.debug("getUidsForPolicyAttach failed for user: {} policy: {} toAccount: {} principalAccount: {} status: {}", str2, str, Integer.valueOf(i), Integer.valueOf(i2), s3Status);
            } else {
                map.put(Long.valueOf(uidForPolicyAttach), str2);
            }
        }
    }

    private void getGidsForPolicyAttach(int i, String str, int i2, Set<String> set, Map<Long, String> map, Set<String> set2) {
        S3Status s3Status = new S3Status();
        for (String str2 : set) {
            s3Status.resetStatus();
            long gidForPolicyAttach = this.groupMgr.getGidForPolicyAttach(i, str2, i2, s3Status);
            if (s3Status.getStatus() != 0 || gidForPolicyAttach < 0) {
                set2.add(str2);
                LOG.debug("getGidsForPolicyAttach failed for group: {} policy: {} toAccount: {} principalAccount: {} status: {}", str2, str, Integer.valueOf(i), Integer.valueOf(i2), s3Status);
            } else {
                map.put(Long.valueOf(gidForPolicyAttach), str2);
            }
        }
    }

    private String failedPrincipalString(String str, Set<String> set, Set<String> set2) {
        if (set.isEmpty() && set2.isEmpty()) {
            return "";
        }
        StringBuilder sb = new StringBuilder(str);
        if (!set.isEmpty() && !set2.isEmpty()) {
            sb.append(" for users: ");
            sb.append(set);
            sb.append(" for groups: ");
            sb.append(set2);
            return sb.toString();
        }
        if (set.isEmpty()) {
            sb.append(" for groups: ");
            sb.append(set2);
            return sb.toString();
        }
        sb.append(" for users: ");
        sb.append(set);
        return sb.toString();
    }

    private String failedPrincipalString(String str, List<CLDBS3ServerProto.S3PolicyPrincipals> list) {
        if (list.isEmpty()) {
            return "";
        }
        StringBuilder sb = new StringBuilder(str);
        for (CLDBS3ServerProto.S3PolicyPrincipals s3PolicyPrincipals : list) {
            sb.append(failedPrincipalString(" , principal: " + s3PolicyPrincipals.getPrincipalsAccount(), new HashSet((Collection) s3PolicyPrincipals.getUsersList()), new HashSet((Collection) s3PolicyPrincipals.getGroupsList())));
        }
        return sb.toString();
    }

    private PolicyIdRow attachPolicyEntryTxn(int i, int i2, Set<Long> set, Set<Long> set2, S3Status s3Status) {
        PolicyIdRow fetchPolicyIdRow;
        s3Status.setStatus(0);
        this.policyHelper.lockPolicyIdTable(i);
        while (true) {
            try {
                try {
                    fetchPolicyIdRow = this.policyHelper.fetchPolicyIdRow(i, i2, s3Status);
                } catch (Exception e) {
                    LOG.debug("Exception {} while attach policy entry", e);
                    S3ServerUtil.sleepForSeconds(2);
                }
                if (s3Status.getStatus() != 0) {
                    return null;
                }
                if (fetchPolicyIdRow.isDeleteInProgress()) {
                    s3Status.setStatus(2);
                    this.policyHelper.unlockPolicyIdTable(i);
                    return null;
                }
                if (!fetchPolicyIdRow.isTxnInProgress()) {
                    PolicyIdRow pidRowForPolicyAttachTxn = PolicyHelper.getPidRowForPolicyAttachTxn(fetchPolicyIdRow, set, set2);
                    List<Long> txnAttachUsers = pidRowForPolicyAttachTxn.getTxnAttachUsers();
                    List<Long> txnAttachGroups = pidRowForPolicyAttachTxn.getTxnAttachGroups();
                    if (txnAttachUsers.isEmpty() && txnAttachGroups.isEmpty()) {
                        s3Status.setStatus(61);
                        s3Status.setMsg("No-op attach: No non-attached Principal to attach");
                        this.policyHelper.unlockPolicyIdTable(i);
                        return pidRowForPolicyAttachTxn;
                    }
                    this.policyHelper.putPolicyIdRow(i, pidRowForPolicyAttachTxn, s3Status);
                    LOG.debug("policy attach transaction is recorded, pidRow: {}", pidRowForPolicyAttachTxn.dump());
                    this.policyHelper.unlockPolicyIdTable(i);
                    return pidRowForPolicyAttachTxn;
                }
                this.policyHelper.addPolicyIdTableWaiter(i, i2);
            } finally {
                this.policyHelper.unlockPolicyIdTable(i);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PolicyIdRow executePolicyAttachTxn(int i, PolicyIdRow policyIdRow, Set<Long> set, Set<Long> set2, S3Status s3Status) {
        policyAttachToPrincipals(i, policyIdRow, set, set2, s3Status);
        if (s3Status.getStatus() != 0) {
            LOG.error("policyAttachToPrincipals failed with status: {} {}", Integer.valueOf(s3Status.getStatus()), s3Status.getMsg());
            return null;
        }
        PolicyIdRow policyAttachConfirm = policyAttachConfirm(i, policyIdRow.getPid(), set, set2, s3Status);
        if (s3Status.getStatus() != 0) {
            LOG.error("policyAttachConfirm failed with status: {} {}", Integer.valueOf(s3Status.getStatus()), s3Status.getMsg());
            return null;
        }
        updatePolicyPrincipalVersion(i, policyIdRow, policyAttachConfirm, s3Status);
        if (s3Status.getStatus() == 0) {
            return policyAttachConfirm;
        }
        LOG.error("policyAttach version update with status: {} {}", Integer.valueOf(s3Status.getStatus()), s3Status.getMsg());
        return null;
    }

    private void updatePolicyPrincipalVersion(int i, PolicyIdRow policyIdRow, PolicyIdRow policyIdRow2, S3Status s3Status) {
        boolean z = false;
        if (!getUnionOfNonIntersection(new HashSet(policyIdRow.getAttachedUser()), new HashSet(policyIdRow2.getAttachedUser())).isEmpty()) {
            z = true;
        }
        boolean z2 = false;
        if (!getUnionOfNonIntersection(new HashSet(policyIdRow.getAttachedGroup()), new HashSet(policyIdRow2.getAttachedGroup())).isEmpty()) {
            z2 = true;
        }
        if (z && z2) {
            this.policyHelper.updatePolicyUserGroupVersion(i, s3Status);
        } else if (z) {
            this.policyHelper.updatePolicyUserVersion(i, s3Status);
        } else if (z2) {
            this.policyHelper.updatePolicyGroupVersion(i, s3Status);
        }
    }

    private Set<Long> getUnionOfNonIntersection(Set<Long> set, Set<Long> set2) {
        HashSet hashSet = new HashSet(set);
        hashSet.retainAll(set2);
        set.removeAll(hashSet);
        set2.removeAll(hashSet);
        HashSet hashSet2 = new HashSet(set);
        hashSet2.addAll(set2);
        return hashSet2;
    }

    private void policyAttachToPrincipals(int i, PolicyIdRow policyIdRow, Set<Long> set, Set<Long> set2, S3Status s3Status) {
        s3Status.resetStatus();
        List attachUserList = policyIdRow.getInProgressTxn().getAttachUserList();
        List attachGroupList = policyIdRow.getInProgressTxn().getAttachGroupList();
        LOG.debug("policyAttachToPrincipals for uids: {} gids: {} pidRow: {}", attachUserList, attachGroupList, policyIdRow.dump());
        Iterator it = attachUserList.iterator();
        while (it.hasNext()) {
            long longValue = ((Long) it.next()).longValue();
            this.userMgr.addPolicyToUser(i, longValue, policyIdRow.getPid(), s3Status);
            if (s3Status.getStatus() != 0) {
                set.add(Long.valueOf(longValue));
                LOG.debug("Policy attach for policy id: {} failed for user: {}", Integer.valueOf(policyIdRow.getPid()), Long.valueOf(longValue));
                s3Status.resetStatus();
            }
        }
        Iterator it2 = attachGroupList.iterator();
        while (it2.hasNext()) {
            long longValue2 = ((Long) it2.next()).longValue();
            this.groupMgr.addPolicyToGroup(i, longValue2, policyIdRow.getPid(), s3Status);
            if (s3Status.getStatus() != 0) {
                set.add(Long.valueOf(longValue2));
                LOG.debug("Policy attach for policy id: {} failed for group: {}", Integer.valueOf(policyIdRow.getPid()), Long.valueOf(longValue2));
                s3Status.resetStatus();
            }
        }
    }

    private PolicyIdRow policyAttachConfirm(int i, int i2, Set<Long> set, Set<Long> set2, S3Status s3Status) {
        String stringPolicyIdTable = this.policyHelper.toStringPolicyIdTable(i);
        this.policyHelper.lockPolicyIdTable(i);
        while (true) {
            try {
                PolicyIdRow fetchPolicyIdRow = this.policyHelper.fetchPolicyIdRow(i, i2, s3Status);
                if (s3Status.getStatus() != 0) {
                    LOG.debug("policyAttachConfirm: Error in fetching policyIdRow: account: {} pid: {}", Integer.valueOf(i), Integer.valueOf(i2));
                } else {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("policyAttachConfirm: Confirming Row: {}", fetchPolicyIdRow.dump());
                    }
                    HashSet hashSet = new HashSet(fetchPolicyIdRow.getInProgressTxn().getAttachUserList());
                    hashSet.removeAll(set);
                    HashSet hashSet2 = new HashSet(fetchPolicyIdRow.getInProgressTxn().getAttachGroupList());
                    hashSet2.removeAll(set2);
                    PolicyIdRow pidRowForPolicyAttachConfirm = PolicyHelper.getPidRowForPolicyAttachConfirm(fetchPolicyIdRow, hashSet, hashSet2);
                    try {
                        this.policyHelper.putPolicyIdRow(i, pidRowForPolicyAttachConfirm, s3Status);
                        if (s3Status.getStatus() == 0) {
                            this.policyHelper.wakeUpAllPolicyIdTableWaiters(i, i2);
                            LOG.debug("policy attach confirm is successful, pidRow: {}", pidRowForPolicyAttachConfirm.dump());
                            return pidRowForPolicyAttachConfirm;
                        }
                        LOG.debug("policyAttachConfirm: Table: {} put pid Row: {} failed with {}", stringPolicyIdTable, pidRowForPolicyAttachConfirm, Integer.valueOf(s3Status.getStatus()));
                    } catch (Exception e) {
                        LOG.info("Exception {} while adding policy attach confirm to table: {}, retrying..", e, stringPolicyIdTable);
                        S3ServerUtil.sleepForSeconds(2);
                    }
                }
            } finally {
                this.policyHelper.unlockPolicyIdTable(i);
            }
        }
    }

    public CLDBS3ServerProto.S3DetachPolicyResponse policyDetach(RpcCallContext rpcCallContext, CLDBS3ServerProto.S3DetachPolicyRequest s3DetachPolicyRequest) {
        CLDBS3ServerProto.S3DetachPolicyResponse.Builder newBuilder = CLDBS3ServerProto.S3DetachPolicyResponse.newBuilder();
        S3Status s3Status = new S3Status();
        String domainName = s3DetachPolicyRequest.getDomainName();
        String accountName = s3DetachPolicyRequest.getAccountName();
        String policyName = s3DetachPolicyRequest.getPolicyName();
        addPolicyAuditRecord(rpcCallContext, s3DetachPolicyRequest.hasCreds() ? s3DetachPolicyRequest.getCreds() : null, AuditRecord.Op.s3DetachPolicy, domainName + "." + accountName, policyName, null, null, null);
        if (s3DetachPolicyRequest.hasDetachAll()) {
            S3Server.getInstance().getAuditRecord().setValues("DetachAll", (String) null, Boolean.toString(s3DetachPolicyRequest.getDetachAll()));
        }
        String accountFqn = this.accountMgr.getAccountFqn(domainName, accountName);
        int accountId = this.accountMgr.getAccountId(domainName, accountName);
        if (accountId < 0) {
            newBuilder.setErrString("Invalid account for policy detach, policy: " + policyName + " Account: " + accountFqn);
            newBuilder.setStatus(22);
            return newBuilder.build();
        }
        List<CLDBS3ServerProto.S3PolicyPrincipals> policyPrincipals = getPolicyPrincipals(accountId, s3DetachPolicyRequest, s3Status);
        if (s3Status.getStatus() != 0) {
            newBuilder.setErrString(s3Status.getMsg());
            newBuilder.setStatus(s3Status.getStatus());
            return newBuilder.build();
        }
        if (policyPrincipals.isEmpty()) {
            newBuilder.setErrString("No Principals to detach");
            newBuilder.setStatus(0);
            return newBuilder.build();
        }
        PolicyIdRow policyIdRow = null;
        for (CLDBS3ServerProto.S3PolicyPrincipals s3PolicyPrincipals : policyPrincipals) {
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            HashSet hashSet3 = new HashSet((Collection) s3PolicyPrincipals.getUsersList());
            HashSet hashSet4 = new HashSet((Collection) s3PolicyPrincipals.getGroupsList());
            String principalsAccount = s3PolicyPrincipals.getPrincipalsAccount();
            int accountId2 = this.accountMgr.getAccountId(domainName, principalsAccount);
            if (!hashSet3.isEmpty() || !hashSet4.isEmpty()) {
                policyIdRow = detachPolicyFromPrincipals(accountId, policyName, accountId2, hashSet3, hashSet4, hashSet, hashSet2, s3Status);
                if (s3Status.getStatus() != 0) {
                    newBuilder.setErrString(s3Status.getMsg());
                    newBuilder.setStatus(s3Status.getStatus());
                    return newBuilder.build();
                }
                if (!hashSet.isEmpty() || !hashSet2.isEmpty()) {
                    newBuilder.addFailedPrincipals(CLDBS3ServerProto.S3PolicyPrincipals.newBuilder().setPrincipalsAccount(principalsAccount).addAllUsers(hashSet).addAllGroups(hashSet2).build());
                }
            }
        }
        newBuilder.setStatus(0);
        if (newBuilder.getFailedPrincipalsCount() > 0) {
            String failedPrincipalString = failedPrincipalString("Policy Detach overall successful but failed for ", newBuilder.getFailedPrincipalsList());
            newBuilder.setErrString(failedPrincipalString);
            LOG.info(failedPrincipalString);
        }
        LOG.info("Policy detach {} is successful, pidRow: {}", policyIdRow);
        return newBuilder.build();
    }

    private List<CLDBS3ServerProto.S3PolicyPrincipals> getPolicyPrincipals(int i, CLDBS3ServerProto.S3DetachPolicyRequest s3DetachPolicyRequest, S3Status s3Status) {
        s3Status.resetStatus();
        if (s3DetachPolicyRequest.getDetachAll() && s3DetachPolicyRequest.getPrincipalsCount() > 0) {
            s3Status.setStatus(22);
            s3Status.setMsg("Detach All and Policy Principals can't be provided together");
            return null;
        }
        ArrayList arrayList = new ArrayList();
        if (!s3DetachPolicyRequest.getDetachAll()) {
            arrayList.addAll(s3DetachPolicyRequest.getPrincipalsList());
            return arrayList;
        }
        String policyName = s3DetachPolicyRequest.getPolicyName();
        PolicyNameRow fetchPolicyNameRow = this.policyHelper.fetchPolicyNameRow(i, policyName, s3Status);
        if (s3Status.getStatus() != 0) {
            return null;
        }
        if (!fetchPolicyNameRow.isValid()) {
            s3Status.setStatus(22);
            s3Status.setMsg("policy: " + policyName + " not valid");
            return null;
        }
        PolicyIdRow fetchPolicyIdRow = this.policyHelper.fetchPolicyIdRow(i, fetchPolicyNameRow.getPid(), s3Status);
        if (s3Status.getStatus() != 0) {
            return null;
        }
        if (fetchPolicyIdRow.isDeleteInProgress()) {
            s3Status.setStatus(2);
            return null;
        }
        TreeSet treeSet = new TreeSet(fetchPolicyIdRow.getAttachedUser());
        TreeSet treeSet2 = new TreeSet(fetchPolicyIdRow.getAttachedGroup());
        return (treeSet.isEmpty() && treeSet2.isEmpty()) ? arrayList : getS3PolicyPrincipals(policyName, treeSet, treeSet2, s3Status);
    }

    private List<CLDBS3ServerProto.S3PolicyPrincipals> getS3PolicyPrincipals(String str, SortedSet<Long> sortedSet, SortedSet<Long> sortedSet2, S3Status s3Status) {
        HashMap hashMap = new HashMap();
        List<SortedSet<Long>> principalSortedOnAccount = getPrincipalSortedOnAccount(sortedSet);
        Iterator<SortedSet<Long>> it = principalSortedOnAccount.iterator();
        while (it.hasNext()) {
            int accountIdFromFQId = S3ServerUtil.getAccountIdFromFQId(it.next().first().longValue());
            hashMap.put(Integer.valueOf(accountIdFromFQId), CLDBS3ServerProto.S3PolicyPrincipals.newBuilder().setPrincipalsAccount(this.accountMgr.getAccountName(accountIdFromFQId)));
        }
        for (SortedSet<Long> sortedSet3 : principalSortedOnAccount) {
            int accountIdFromFQId2 = S3ServerUtil.getAccountIdFromFQId(sortedSet3.first().longValue());
            CLDBS3ServerProto.S3PolicyPrincipals.Builder builder = (CLDBS3ServerProto.S3PolicyPrincipals.Builder) hashMap.get(Integer.valueOf(accountIdFromFQId2));
            for (Long l : sortedSet3) {
                CLDBS3ServerProto.CLDBS3UserIdRow userInfo = this.userMgr.getUserInfo(accountIdFromFQId2, l.longValue(), s3Status);
                if (s3Status.getStatus() != 0) {
                    String str2 = " Couldn't access, Principal user: " + l + " exist in Policy " + str;
                    s3Status.setMsg(str2);
                    LOG.error(str2);
                    return null;
                }
                builder.addUsers(userInfo.getUInfo().getName());
            }
        }
        List<SortedSet<Long>> principalSortedOnAccount2 = getPrincipalSortedOnAccount(sortedSet2);
        Iterator<SortedSet<Long>> it2 = principalSortedOnAccount2.iterator();
        while (it2.hasNext()) {
            int accountIdFromFQId3 = S3ServerUtil.getAccountIdFromFQId(it2.next().first().longValue());
            if (!hashMap.containsKey(Integer.valueOf(accountIdFromFQId3))) {
                hashMap.put(Integer.valueOf(accountIdFromFQId3), CLDBS3ServerProto.S3PolicyPrincipals.newBuilder().setPrincipalsAccount(this.accountMgr.getAccountName(accountIdFromFQId3)));
            }
        }
        for (SortedSet<Long> sortedSet4 : principalSortedOnAccount2) {
            int accountIdFromFQId4 = S3ServerUtil.getAccountIdFromFQId(sortedSet4.first().longValue());
            CLDBS3ServerProto.S3PolicyPrincipals.Builder builder2 = (CLDBS3ServerProto.S3PolicyPrincipals.Builder) hashMap.get(Integer.valueOf(accountIdFromFQId4));
            for (Long l2 : sortedSet4) {
                CLDBS3ServerProto.CLDBS3GroupIdRow groupInfo = this.groupMgr.getGroupInfo(accountIdFromFQId4, l2.longValue(), s3Status);
                if (s3Status.getStatus() != 0) {
                    String str3 = " Couldn't access, Principal group: " + l2 + " exist in Policy " + str;
                    s3Status.setMsg(str3);
                    LOG.error(str3);
                    return null;
                }
                builder2.addGroups(groupInfo.getGInfo().getName());
            }
        }
        ArrayList arrayList = new ArrayList();
        Iterator it3 = hashMap.values().iterator();
        while (it3.hasNext()) {
            arrayList.add(((CLDBS3ServerProto.S3PolicyPrincipals.Builder) it3.next()).build());
        }
        return arrayList;
    }

    private List<SortedSet<Long>> getPrincipalSortedOnAccount(SortedSet<Long> sortedSet) {
        ArrayList arrayList = new ArrayList();
        if (sortedSet.isEmpty()) {
            return arrayList;
        }
        TreeSet treeSet = new TreeSet();
        arrayList.add(treeSet);
        Long first = sortedSet.first();
        treeSet.add(first);
        if (sortedSet.size() == 1) {
            return arrayList;
        }
        int accountIdFromFQId = S3ServerUtil.getAccountIdFromFQId(first.longValue());
        Iterator<Long> it = sortedSet.tailSet(first).iterator();
        while (it.hasNext()) {
            long longValue = it.next().longValue();
            if (S3ServerUtil.getAccountIdFromFQId(longValue) == accountIdFromFQId) {
                treeSet.add(Long.valueOf(longValue));
            } else {
                treeSet = new TreeSet();
                arrayList.add(treeSet);
                treeSet.add(Long.valueOf(longValue));
            }
        }
        return arrayList;
    }

    private PolicyIdRow detachPolicyFromPrincipals(int i, String str, int i2, Set<String> set, Set<String> set2, Set<String> set3, Set<String> set4, S3Status s3Status) {
        s3Status.resetStatus();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        PolicyNameRow fetchPolicyNameRow = this.policyHelper.fetchPolicyNameRow(i, str, s3Status);
        if (s3Status.getStatus() != 0 || !fetchPolicyNameRow.isValid()) {
            return null;
        }
        int pid = fetchPolicyNameRow.getPid();
        getUidsForPolicyDetach(i, str, i2, set, hashMap, set3);
        getGidsForPolicyDetach(i, str, i2, set2, hashMap2, set4);
        if (set3.size() == set.size() && set4.size() == set2.size()) {
            String failedPrincipalString = failedPrincipalString("PolicyDetach: No valid principal, failed", set3, set4);
            LOG.info("PolicyDetach: No valid principal, failed" + failedPrincipalString);
            s3Status.setStatus(22);
            s3Status.setMsg(failedPrincipalString);
            return null;
        }
        PolicyIdRow detachPolicyEntryTxn = detachPolicyEntryTxn(i, pid, hashMap.keySet(), hashMap2.keySet(), i2, s3Status);
        if (s3Status.getStatus() == 61) {
            LOG.info("PolicyDetach: No attached principal, msg: " + failedPrincipalString("Policy already detached for valid principals and failed for ", set3, set4));
            s3Status.setStatus(0);
            return detachPolicyEntryTxn;
        }
        if (s3Status.getStatus() != 0) {
            LOG.error("detachPolicyEntryTxn failed: account: {} policyName: {} status: {}", Integer.valueOf(i), str, Integer.valueOf(s3Status.getStatus()));
            return null;
        }
        if (S3Server.isTedEventEnabled(1616)) {
            return null;
        }
        HashSet hashSet = new HashSet();
        PolicyIdRow executePolicyDetachTxn = executePolicyDetachTxn(i, detachPolicyEntryTxn, hashSet, new HashSet(), s3Status);
        if (s3Status.getStatus() != 0) {
            LOG.error("executePolicyDetachTxn failed: account: {} policy: status: {}", Integer.valueOf(i), executePolicyDetachTxn, Integer.valueOf(s3Status.getStatus()));
            return null;
        }
        Iterator<Long> it = hashSet.iterator();
        while (it.hasNext()) {
            set3.add(hashMap.get(Long.valueOf(it.next().longValue())));
        }
        return executePolicyDetachTxn;
    }

    private void getUidsForPolicyDetach(int i, String str, int i2, Set<String> set, Map<Long, String> map, Set<String> set2) {
        S3Status s3Status = new S3Status();
        for (String str2 : set) {
            s3Status.resetStatus();
            long uidForPolicyDetach = this.userMgr.getUidForPolicyDetach(i, str2, i2, s3Status);
            if (s3Status.getStatus() != 0 || uidForPolicyDetach < 0) {
                set2.add(str2);
                LOG.debug("getUidsForPolicyDetach failed for user: {} policy: {} toAccount: {} principalAccount: {} status: {}", str2, str, Integer.valueOf(i), Integer.valueOf(i2), s3Status);
            } else {
                map.put(Long.valueOf(uidForPolicyDetach), str2);
            }
        }
    }

    private void getGidsForPolicyDetach(int i, String str, int i2, Set<String> set, Map<Long, String> map, Set<String> set2) {
        S3Status s3Status = new S3Status();
        for (String str2 : set) {
            s3Status.resetStatus();
            long gidForPolicyDetach = this.groupMgr.getGidForPolicyDetach(i, str2, i2, s3Status);
            if (s3Status.getStatus() != 0 || gidForPolicyDetach < 0) {
                set2.add(str2);
                LOG.debug("getGidsForPolicyDetach failed for group: {} policy: {} toAccount: {} principalAccount: {} status: {}", str2, str, Integer.valueOf(i), Integer.valueOf(i2), s3Status);
            } else {
                map.put(Long.valueOf(gidForPolicyDetach), str2);
            }
        }
    }

    private PolicyIdRow detachPolicyEntryTxn(int i, int i2, Set<Long> set, Set<Long> set2, int i3, S3Status s3Status) {
        PolicyIdRow fetchPolicyIdRow;
        s3Status.setStatus(0);
        String stringPolicyNameTable = this.policyHelper.toStringPolicyNameTable(i);
        this.policyHelper.lockPolicyIdTable(i);
        while (true) {
            try {
                try {
                    fetchPolicyIdRow = this.policyHelper.fetchPolicyIdRow(i, i2, s3Status);
                } catch (Exception e) {
                    LOG.debug("Exception {} while adding detach policy entry txn, table: {}", e, stringPolicyNameTable);
                    S3ServerUtil.sleepForSeconds(2);
                }
                if (s3Status.getStatus() != 0) {
                    return null;
                }
                if (fetchPolicyIdRow.isDeleteInProgress()) {
                    s3Status.setStatus(2);
                    this.policyHelper.unlockPolicyIdTable(i);
                    return null;
                }
                if (!fetchPolicyIdRow.isTxnInProgress()) {
                    s3Status.resetStatus();
                    PolicyIdRow pidRowForPolicyDetachTxn = PolicyHelper.getPidRowForPolicyDetachTxn(fetchPolicyIdRow, set, set2);
                    List<Long> txnDetachUsers = pidRowForPolicyDetachTxn.getTxnDetachUsers();
                    List<Long> txnDetachGroups = pidRowForPolicyDetachTxn.getTxnDetachGroups();
                    if (txnDetachUsers.isEmpty() && txnDetachGroups.isEmpty()) {
                        s3Status.setStatus(61);
                        s3Status.setMsg("No-op detach: No attached Principal to detach");
                        this.policyHelper.unlockPolicyIdTable(i);
                        return pidRowForPolicyDetachTxn;
                    }
                    this.policyHelper.putPolicyIdRow(i, pidRowForPolicyDetachTxn, s3Status);
                    LOG.debug("policy detach transaction is recorded, pidRow: {}", pidRowForPolicyDetachTxn.dump());
                    this.policyHelper.unlockPolicyIdTable(i);
                    return pidRowForPolicyDetachTxn;
                }
                this.policyHelper.addPolicyIdTableWaiter(i, i2);
            } finally {
                this.policyHelper.unlockPolicyIdTable(i);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PolicyIdRow executePolicyDetachTxn(int i, PolicyIdRow policyIdRow, Set<Long> set, Set<Long> set2, S3Status s3Status) {
        policyDetachFromPrincipals(i, policyIdRow, set, set2, s3Status);
        if (s3Status.getStatus() != 0) {
            LOG.error("policyDetachFromUsers failed with status: {} {}", Integer.valueOf(s3Status.getStatus()), s3Status.getMsg());
            return null;
        }
        PolicyIdRow policyDetachConfirm = policyDetachConfirm(i, policyIdRow.getPid(), set, set2, s3Status);
        if (s3Status.getStatus() != 0) {
            LOG.error("policyDetachConfirm failed with status: {} {}", Integer.valueOf(s3Status.getStatus()), s3Status.getMsg());
            return null;
        }
        updatePolicyPrincipalVersion(i, policyIdRow, policyDetachConfirm, s3Status);
        if (s3Status.getStatus() == 0) {
            return policyDetachConfirm;
        }
        LOG.error("policyDetach version update with status: {} {}", Integer.valueOf(s3Status.getStatus()), s3Status.getMsg());
        return null;
    }

    private void policyDetachFromPrincipals(int i, PolicyIdRow policyIdRow, Set<Long> set, Set<Long> set2, S3Status s3Status) {
        s3Status.resetStatus();
        Iterator it = policyIdRow.getInProgressTxn().getDetachUserList().iterator();
        while (it.hasNext()) {
            long longValue = ((Long) it.next()).longValue();
            this.userMgr.removePolicyFromUser(i, longValue, policyIdRow.getPid(), s3Status);
            if (s3Status.getStatus() != 0) {
                set.add(Long.valueOf(longValue));
                LOG.debug("Policy detach for policy id: {} failed for user: {}", Integer.valueOf(policyIdRow.getPid()), Long.valueOf(longValue));
                s3Status.resetStatus();
            }
        }
        Iterator it2 = policyIdRow.getInProgressTxn().getDetachGroupList().iterator();
        while (it2.hasNext()) {
            long longValue2 = ((Long) it2.next()).longValue();
            this.groupMgr.removePolicyFromGroup(i, longValue2, policyIdRow.getPid(), s3Status);
            if (s3Status.getStatus() != 0) {
                set.add(Long.valueOf(longValue2));
                LOG.debug("Policy detach for policy id: {} failed for group: {}", Integer.valueOf(policyIdRow.getPid()), Long.valueOf(longValue2));
                s3Status.resetStatus();
            }
        }
    }

    private PolicyIdRow policyDetachConfirm(int i, int i2, Set<Long> set, Set<Long> set2, S3Status s3Status) {
        String stringPolicyIdTable = this.policyHelper.toStringPolicyIdTable(i);
        this.policyHelper.lockPolicyIdTable(i);
        while (true) {
            try {
                PolicyIdRow fetchPolicyIdRow = this.policyHelper.fetchPolicyIdRow(i, i2, s3Status);
                if (s3Status.getStatus() != 0) {
                    LOG.debug("policyDetachConfirm: Error in fetching policyIdRow: account: {} pid: {}", Integer.valueOf(i), Integer.valueOf(i2));
                } else {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("policyDetachConfirm: Confirming Row: {}", fetchPolicyIdRow.dump());
                    }
                    HashSet hashSet = new HashSet(fetchPolicyIdRow.getInProgressTxn().getDetachUserList());
                    hashSet.removeAll(set);
                    HashSet hashSet2 = new HashSet(fetchPolicyIdRow.getInProgressTxn().getDetachGroupList());
                    hashSet2.removeAll(set2);
                    PolicyIdRow pidRowForPolicyDetachConfirm = PolicyHelper.getPidRowForPolicyDetachConfirm(fetchPolicyIdRow, hashSet, hashSet2);
                    try {
                        this.policyHelper.putPolicyIdRow(i, pidRowForPolicyDetachConfirm, s3Status);
                        if (s3Status.getStatus() == 0) {
                            this.policyHelper.wakeUpAllPolicyIdTableWaiters(i, i2);
                            LOG.debug("policy detach confirm is successful, pidRow: {}", pidRowForPolicyDetachConfirm.dump());
                            return pidRowForPolicyDetachConfirm;
                        }
                        LOG.debug("policyDetachConfirm: Table: {} put pid Row: {} failed with {}", stringPolicyIdTable, pidRowForPolicyDetachConfirm, Integer.valueOf(s3Status.getStatus()));
                    } catch (Exception e) {
                        LOG.info("Exception {} while adding policy detach confirm to table: {}, retrying..", e, stringPolicyIdTable);
                        S3ServerUtil.sleepForSeconds(2);
                    }
                }
            } finally {
                this.policyHelper.unlockPolicyIdTable(i);
            }
        }
    }

    public CLDBS3ServerProto.S3ModifyPolicyResponse modifyPolicy(RpcCallContext rpcCallContext, CLDBS3ServerProto.S3ModifyPolicyRequest s3ModifyPolicyRequest) {
        CLDBS3ServerProto.S3ModifyPolicyResponse.Builder newBuilder = CLDBS3ServerProto.S3ModifyPolicyResponse.newBuilder();
        S3Status s3Status = new S3Status();
        String domainName = s3ModifyPolicyRequest.getDomainName();
        String accountName = s3ModifyPolicyRequest.getAccountName();
        String policyName = s3ModifyPolicyRequest.getPolicyName();
        String accountFqn = this.accountMgr.getAccountFqn(domainName, accountName);
        addPolicyAuditRecord(rpcCallContext, s3ModifyPolicyRequest.hasCreds() ? s3ModifyPolicyRequest.getCreds() : null, AuditRecord.Op.s3ModifyPolicy, domainName + "." + accountName, policyName, null, null, null);
        int accountId = this.accountMgr.getAccountId(domainName, accountName);
        if (accountId < 0) {
            return newBuilder.setStatus(22).setErrString("Invalid account for modify policy: " + policyName + " Account: " + accountFqn).build();
        }
        if (!s3ModifyPolicyRequest.hasPolicyDoc() || s3ModifyPolicyRequest.getPolicyDoc().isEmpty()) {
            return newBuilder.setStatus(22).setErrString("policyDoc not provided for modify policy: " + policyName + " Account: " + accountFqn).build();
        }
        byte[] byteArray = s3ModifyPolicyRequest.getPolicyDoc().toByteArray();
        if (s3Status.getStatus() != 0) {
            String str = "Policy modify for policy: " + policyName + " Account: " + accountFqn + " failed with status: " + s3Status.getStatus();
            newBuilder.setStatus(s3Status.getStatus());
            newBuilder.setErrString(str);
            return newBuilder.build();
        }
        PolicyIdRow modifyPolicy = modifyPolicy(accountId, policyName, byteArray, s3Status);
        if (s3Status.getStatus() != 0) {
            newBuilder.setStatus(s3Status.getStatus());
            newBuilder.setErrString(s3Status.getMsg());
            return newBuilder.build();
        }
        this.policyHelper.updatePolicyVersion(accountId, s3Status);
        if (s3Status.getStatus() != 0) {
            newBuilder.setStatus(s3Status.getStatus());
            newBuilder.setErrString(s3Status.getMsg());
            return newBuilder.build();
        }
        newBuilder.setStatus(0);
        newBuilder.setErrString("Policy modify successful policy: " + modifyPolicy);
        return newBuilder.build();
    }

    private PolicyIdRow modifyPolicy(int i, String str, byte[] bArr, S3Status s3Status) {
        PolicyIdRow fetchPolicyIdRow;
        PolicyNameRow fetchPolicyNameRow = this.policyHelper.fetchPolicyNameRow(i, str, s3Status);
        if (s3Status.getStatus() != 0) {
            return null;
        }
        if (!fetchPolicyNameRow.isValid()) {
            s3Status.setStatus(22);
            s3Status.setMsg("Policy: " + str + " not valid");
            return null;
        }
        int pid = fetchPolicyNameRow.getPid();
        String stringPolicyIdTable = this.policyHelper.toStringPolicyIdTable(i);
        this.policyHelper.lockPolicyIdTable(i);
        while (true) {
            try {
                try {
                    fetchPolicyIdRow = this.policyHelper.fetchPolicyIdRow(i, pid, s3Status);
                } catch (Exception e) {
                    LOG.debug("Exception {} while adding modifyPolicy txn to table: {} , retrying..", e, stringPolicyIdTable);
                    S3ServerUtil.sleepForSeconds(2);
                }
                if (s3Status.getStatus() == 2 || (s3Status.getStatus() == 0 && fetchPolicyIdRow.isDeleteInProgress())) {
                    s3Status.setStatus(2);
                    s3Status.setMsg("modifyPolicy: Policy: " + str + " pid: " + pid + " doesn't exist");
                    return null;
                }
                if (s3Status.getStatus() != 0) {
                    LOG.debug("modifyPolicy: fetch PolicyId for Policy: {} pid: {} got error {}, trying again", str, Integer.valueOf(pid), Integer.valueOf(s3Status.getStatus()));
                } else {
                    PolicyIdRow rowForModifyPolicy = PolicyHelper.getRowForModifyPolicy(fetchPolicyIdRow, bArr);
                    this.policyHelper.putPolicyIdRow(i, rowForModifyPolicy, s3Status);
                    if (s3Status.getStatus() == 0) {
                        this.policyHelper.unlockPolicyIdTable(i);
                        return rowForModifyPolicy;
                    }
                    LOG.debug("modifyPolicy: put PolicyId for Policy: {} pid: {} got error {}, trying again", str, Integer.valueOf(pid), Integer.valueOf(s3Status.getStatus()));
                }
            } finally {
                this.policyHelper.unlockPolicyIdTable(i);
            }
        }
    }

    public CLDBS3ServerProto.S3RemovePolicyResponse removePolicy(RpcCallContext rpcCallContext, CLDBS3ServerProto.S3RemovePolicyRequest s3RemovePolicyRequest) {
        CLDBS3ServerProto.S3RemovePolicyResponse.Builder newBuilder = CLDBS3ServerProto.S3RemovePolicyResponse.newBuilder();
        S3Status s3Status = new S3Status();
        String domainName = s3RemovePolicyRequest.getDomainName();
        String accountName = s3RemovePolicyRequest.getAccountName();
        String policyName = s3RemovePolicyRequest.getPolicyName();
        addPolicyAuditRecord(rpcCallContext, s3RemovePolicyRequest.hasCreds() ? s3RemovePolicyRequest.getCreds() : null, AuditRecord.Op.s3RemovePolicy, domainName + "." + accountName, policyName, null, null, null);
        int accountId = this.accountMgr.getAccountId(domainName, accountName);
        if (accountId < 0) {
            newBuilder.setErrString("Invalid account for policy remove, policy: " + policyName + " Account: " + this.accountMgr.getAccountFqn(domainName, accountName));
            newBuilder.setStatus(22);
            return newBuilder.build();
        }
        PolicyIdRow addPolicyRemoveTxn = addPolicyRemoveTxn(accountId, policyName, s3Status);
        if (s3Status.getStatus() != 0) {
            newBuilder.setErrString(s3Status.getMsg());
            newBuilder.setStatus(s3Status.getStatus());
            return newBuilder.build();
        }
        if (S3Server.isTedEventEnabled(1614)) {
            newBuilder.setStatus(22);
            return newBuilder.build();
        }
        executePolicyRemoveTxn(accountId, addPolicyRemoveTxn, s3Status);
        newBuilder.setStatus(0);
        LOG.info("Policy remove {} is successful, {}", addPolicyRemoveTxn);
        return newBuilder.build();
    }

    private PolicyIdRow addPolicyRemoveTxn(int i, String str, S3Status s3Status) {
        PolicyIdRow fetchPolicyIdRow;
        PolicyNameRow fetchPolicyNameRow = this.policyHelper.fetchPolicyNameRow(i, str, s3Status);
        if (s3Status.getStatus() != 0) {
            LOG.error("addPolicyRemoveTxn: policy: {} Fetch PolicyName failed: {}", str, Integer.valueOf(s3Status.getStatus()));
            return null;
        }
        if (!fetchPolicyNameRow.isValid()) {
            String str2 = "Policy: " + str + " not valid";
            s3Status.setStatus(2);
            s3Status.setMsg(str2);
            LOG.error("addPolicyRemoveTxn: {}", str2);
            return null;
        }
        int pid = fetchPolicyNameRow.getPid();
        String stringPolicyIdTable = this.policyHelper.toStringPolicyIdTable(i);
        this.policyHelper.lockPolicyIdTable(i);
        while (true) {
            try {
                try {
                    fetchPolicyIdRow = this.policyHelper.fetchPolicyIdRow(i, pid, s3Status);
                } catch (Exception e) {
                    LOG.debug("Exception {} while attach policy entry table {}", e, stringPolicyIdTable);
                    S3ServerUtil.sleepForSeconds(2);
                }
                if (s3Status.getStatus() != 0) {
                    return null;
                }
                if (!fetchPolicyIdRow.isTxnInProgress() && !fetchPolicyIdRow.isDeleteInProgress()) {
                    if (fetchPolicyIdRow.getAttachedUser().isEmpty() && fetchPolicyIdRow.getAttachedGroup().isEmpty()) {
                        PolicyIdRow pidRowForPolicyRemoveTxn = PolicyHelper.getPidRowForPolicyRemoveTxn(fetchPolicyIdRow);
                        this.policyHelper.putPolicyIdRow(i, pidRowForPolicyRemoveTxn, s3Status);
                        this.policyHelper.unlockPolicyIdTable(i);
                        return pidRowForPolicyRemoveTxn;
                    }
                    s3Status.setStatus(95);
                    s3Status.setMsg("Policy: " + str + " remove failed, non-empty principals");
                    this.policyHelper.unlockPolicyIdTable(i);
                    return null;
                }
                this.policyHelper.addPolicyIdTableWaiter(i, pid);
            } finally {
                this.policyHelper.unlockPolicyIdTable(i);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void executePolicyRemoveTxn(int i, PolicyIdRow policyIdRow, S3Status s3Status) {
        String stringPolicyNameTable = this.policyHelper.toStringPolicyNameTable(i);
        String policyName = policyIdRow.getPolicyName();
        this.policyHelper.lockPolicyNameTable(i);
        while (true) {
            try {
                try {
                    this.policyHelper.deletePolicyNameRow(i, policyName, s3Status);
                    break;
                } catch (Exception e) {
                    LOG.debug("Exception {} while removing policy name table entry from table {} policy: {}", e, stringPolicyNameTable, policyName);
                    S3ServerUtil.sleepForSeconds(2);
                }
            } finally {
                this.policyHelper.unlockPolicyNameTable(i);
            }
        }
        String stringPolicyIdTable = this.policyHelper.toStringPolicyIdTable(i);
        int pid = policyIdRow.getPid();
        this.policyHelper.lockPolicyIdTable(i);
        while (true) {
            try {
                try {
                    this.policyHelper.deletePolicyIdRow(i, pid, s3Status);
                    this.policyHelper.removeFromPolicyCache(i, policyName);
                    this.policyHelper.updatePolicyVersion(i, s3Status);
                    return;
                } catch (Exception e2) {
                    LOG.debug("Exception {} while removing policy id table entry from table {} policy: {}", e2, stringPolicyIdTable, Integer.valueOf(pid));
                    S3ServerUtil.sleepForSeconds(2);
                }
            } finally {
                this.policyHelper.unlockPolicyIdTable(i);
            }
        }
    }

    public CLDBS3ServerProto.S3BulkPolicyAttachResponse bulkAttachPolicy(RpcCallContext rpcCallContext, CLDBS3ServerProto.S3BulkPolicyAttachRequest s3BulkPolicyAttachRequest) {
        CLDBS3ServerProto.S3BulkPolicyAttachResponse.Builder newBuilder = CLDBS3ServerProto.S3BulkPolicyAttachResponse.newBuilder();
        S3Status s3Status = new S3Status();
        String domainName = s3BulkPolicyAttachRequest.getDomainName();
        String accountName = s3BulkPolicyAttachRequest.getAccountName();
        HashSet hashSet = new HashSet((Collection) s3BulkPolicyAttachRequest.getPolicyNameList());
        addPolicyAuditRecord(rpcCallContext, s3BulkPolicyAttachRequest.hasCreds() ? s3BulkPolicyAttachRequest.getCreds() : null, AuditRecord.Op.s3BulkPolicyAttach, domainName + "." + accountName, s3BulkPolicyAttachRequest.getPolicyNameList().toString(), s3BulkPolicyAttachRequest.getUser(), s3BulkPolicyAttachRequest.getGroup(), s3BulkPolicyAttachRequest.getPrincipalsAccount());
        int accountId = this.accountMgr.getAccountId(domainName, accountName);
        if (accountId < 0) {
            newBuilder.setErrString("Invalid policy account for bulk policy attach, Account: " + this.accountMgr.getAccountFqn(domainName, accountName));
            newBuilder.setStatus(22);
            return newBuilder.build();
        }
        String principalsAccount = s3BulkPolicyAttachRequest.getPrincipalsAccount();
        int accountId2 = this.accountMgr.getAccountId(domainName, principalsAccount);
        if (accountId2 < 0) {
            newBuilder.setErrString("Invalid principal account for bulk policy attach, Account: " + this.accountMgr.getAccountFqn(domainName, principalsAccount));
            newBuilder.setStatus(22);
            return newBuilder.build();
        }
        if (hashSet.isEmpty() || !(s3BulkPolicyAttachRequest.hasUser() || s3BulkPolicyAttachRequest.hasGroup())) {
            newBuilder.setErrString("Bulk Policy Attach No-op");
            newBuilder.setStatus(0);
            return newBuilder.build();
        }
        String user = s3BulkPolicyAttachRequest.getUser();
        String group = s3BulkPolicyAttachRequest.getGroup();
        HashSet hashSet2 = new HashSet();
        policyBulkAttach(accountId, hashSet, accountId2, user, group, hashSet2, s3Status);
        if (s3Status.getStatus() != 0) {
            newBuilder.setErrString(s3Status.getMsg());
            newBuilder.setStatus(s3Status.getStatus());
            return newBuilder.build();
        }
        newBuilder.setStatus(0);
        LOG.info("Bulk Policy attach {} is successful, failed policies: ", hashSet2);
        return newBuilder.build();
    }

    private void policyBulkAttach(int i, Set<String> set, int i2, String str, String str2, Set<String> set2, S3Status s3Status) {
        s3Status.resetStatus();
        HashSet hashSet = new HashSet();
        hashSet.add(str);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(str2);
        HashSet hashSet3 = new HashSet();
        HashSet hashSet4 = new HashSet();
        for (String str3 : set) {
            attachPolicyToPrincipals(i, str3, i2, hashSet, hashSet2, hashSet3, hashSet4, s3Status);
            if (s3Status.getStatus() != 0) {
                set2.add(str3);
                LOG.debug(failedPrincipalString("Bulk Policy attach, policy attach failed for policy: " + str3, hashSet3, hashSet4));
                hashSet3.clear();
                hashSet4.clear();
                s3Status.resetStatus();
            }
        }
    }

    public CLDBS3ServerProto.S3BulkPolicyDetachResponse bulkDetachPolicy(RpcCallContext rpcCallContext, CLDBS3ServerProto.S3BulkPolicyDetachRequest s3BulkPolicyDetachRequest) {
        CLDBS3ServerProto.S3BulkPolicyDetachResponse.Builder newBuilder = CLDBS3ServerProto.S3BulkPolicyDetachResponse.newBuilder();
        S3Status s3Status = new S3Status();
        String domainName = s3BulkPolicyDetachRequest.getDomainName();
        String accountName = s3BulkPolicyDetachRequest.getAccountName();
        addPolicyAuditRecord(rpcCallContext, s3BulkPolicyDetachRequest.hasCreds() ? s3BulkPolicyDetachRequest.getCreds() : null, AuditRecord.Op.s3BulkPolicyDetach, domainName + "." + accountName, s3BulkPolicyDetachRequest.getPolicyNameList().toString(), s3BulkPolicyDetachRequest.getUser(), s3BulkPolicyDetachRequest.getGroup(), s3BulkPolicyDetachRequest.getPrincipalsAccount());
        if (s3BulkPolicyDetachRequest.hasDetachAll()) {
            S3Server.getInstance().getAuditRecord().setValues("detachAll", (String) null, Boolean.toString(s3BulkPolicyDetachRequest.getDetachAll()));
        }
        int accountId = this.accountMgr.getAccountId(domainName, accountName);
        if (accountId < 0) {
            newBuilder.setErrString("Invalid policy account for bulk policy detach, Account: " + this.accountMgr.getAccountFqn(domainName, accountName));
            newBuilder.setStatus(22);
            return newBuilder.build();
        }
        String principalsAccount = s3BulkPolicyDetachRequest.getPrincipalsAccount();
        int accountId2 = this.accountMgr.getAccountId(domainName, principalsAccount);
        if (accountId2 < 0) {
            newBuilder.setErrString("Invalid principal account for bulk policy detach, Account: " + this.accountMgr.getAccountFqn(domainName, principalsAccount));
            newBuilder.setStatus(22);
            return newBuilder.build();
        }
        Set<String> policyList = getPolicyList(accountId, accountId2, s3BulkPolicyDetachRequest, s3Status);
        if (s3Status.getStatus() != 0) {
            newBuilder.setErrString(s3Status.getMsg());
            newBuilder.setStatus(s3Status.getStatus());
            return newBuilder.build();
        }
        if (policyList.isEmpty() || !(s3BulkPolicyDetachRequest.hasUser() || s3BulkPolicyDetachRequest.hasGroup())) {
            newBuilder.setErrString("Bulk Policy Detach No-op");
            newBuilder.setStatus(0);
            return newBuilder.build();
        }
        String user = s3BulkPolicyDetachRequest.getUser();
        String group = s3BulkPolicyDetachRequest.getGroup();
        HashSet hashSet = new HashSet();
        policyBulkDetach(accountId, policyList, accountId2, user, group, hashSet, s3Status);
        if (s3Status.getStatus() != 0) {
            newBuilder.setErrString(s3Status.getMsg());
            newBuilder.setStatus(s3Status.getStatus());
            return newBuilder.build();
        }
        newBuilder.setStatus(0);
        LOG.info("Bulk Policy detach {} is successful, failed policies: ", hashSet);
        return newBuilder.build();
    }

    private Set<String> getPolicyList(int i, int i2, CLDBS3ServerProto.S3BulkPolicyDetachRequest s3BulkPolicyDetachRequest, S3Status s3Status) {
        s3Status.resetStatus();
        if (s3BulkPolicyDetachRequest.getPolicyNameCount() > 0 && s3BulkPolicyDetachRequest.getDetachAll()) {
            s3Status.setStatus(22);
            s3Status.setMsg("Policy name and detach all both can't be used together");
            return null;
        }
        HashSet hashSet = new HashSet();
        if (!s3BulkPolicyDetachRequest.getDetachAll()) {
            hashSet.addAll(s3BulkPolicyDetachRequest.getPolicyNameList());
            return hashSet;
        }
        HashSet hashSet2 = new HashSet();
        if (s3BulkPolicyDetachRequest.hasUser()) {
            CLDBS3ServerProto.CLDBS3UserIdRow userInfo = this.userMgr.getUserInfo(i2, s3BulkPolicyDetachRequest.getUser(), s3Status);
            if (s3Status.getStatus() != 0) {
                return null;
            }
            hashSet2.addAll(userInfo.getUInfo().getPolicyIdsList());
        }
        if (s3BulkPolicyDetachRequest.hasGroup()) {
            CLDBS3ServerProto.CLDBS3GroupIdRow groupInfo = this.groupMgr.getGroupInfo(i2, s3BulkPolicyDetachRequest.getGroup(), s3Status);
            if (s3Status.getStatus() != 0) {
                return null;
            }
            hashSet2.addAll(groupInfo.getGInfo().getPolicyIdsList());
        }
        Iterator it = hashSet2.iterator();
        while (it.hasNext()) {
            PolicyIdRow fetchPolicyIdRow = this.policyHelper.fetchPolicyIdRow(i, ((Integer) it.next()).intValue(), s3Status);
            if (s3Status.getStatus() != 0 || fetchPolicyIdRow.isDeleteInProgress()) {
                return null;
            }
            hashSet.add(fetchPolicyIdRow.getPolicyName());
        }
        return hashSet;
    }

    private void policyBulkDetach(int i, Set<String> set, int i2, String str, String str2, Set<String> set2, S3Status s3Status) {
        s3Status.resetStatus();
        HashSet hashSet = new HashSet();
        hashSet.add(str);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(str2);
        HashSet hashSet3 = new HashSet();
        HashSet hashSet4 = new HashSet();
        for (String str3 : set) {
            detachPolicyFromPrincipals(i, str3, i2, hashSet, hashSet2, hashSet3, hashSet4, s3Status);
            if (s3Status.getStatus() != 0) {
                set2.add(str3);
                LOG.debug(failedPrincipalString("Bulk Policy attach, policy detach failed for policy: " + str3, hashSet3, hashSet4));
                hashSet3.clear();
                hashSet4.clear();
                s3Status.resetStatus();
            }
        }
    }
}
