package com.mapr.cli.common;

import com.google.protobuf.InvalidProtocolBufferException;
import com.google.protobuf.MessageLite;
import com.mapr.baseutils.Errno;
import com.mapr.baseutils.cldbutils.CLDBRpcCommonUtils;
import com.mapr.cliframework.base.CLIProcessingException;
import com.mapr.cliframework.base.CommandOutput;
import com.mapr.fs.cldb.proto.Accesscontrol;
import com.mapr.fs.cldb.proto.CLDBProto;
import com.mapr.fs.cldb.security.ACL;
import com.mapr.fs.proto.Common;
import com.mapr.fs.proto.Security;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/mapr/cli/common/AuthManager.class */
public class AuthManager {
    private static AuthManager s_instance;
    private static final Log LOG = LogFactory.getLog(AuthManager.class);

    public static synchronized AuthManager getInstance() {
        if (s_instance == null) {
            s_instance = new AuthManager();
        }
        return s_instance;
    }

    public boolean canPerformVolumeAction(String str, String str2, CLDBProto.VolumeProperties volumeProperties, int i, Security.CredentialsMsg credentialsMsg, CommandOutput.OutputHierarchy outputHierarchy) throws CLIProcessingException {
        Security.AccessControlList acl;
        Accesscontrol.ClientAuthorizationResponse sendAuthRequestToCldb = sendAuthRequestToCldb(str, credentialsMsg, i, str2, 0);
        if (sendAuthRequestToCldb.getStatus() == 0) {
            if (!sendAuthRequestToCldb.getIsAuthorized() && outputHierarchy != null) {
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(1, Errno.toString(1)));
            }
            return sendAuthRequestToCldb.getIsAuthorized();
        }
        if (sendAuthRequestToCldb.getStatus() != 10009) {
            if (outputHierarchy == null) {
                return false;
            }
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(sendAuthRequestToCldb.getStatus(), sendAuthRequestToCldb.getErrMsg()));
            return false;
        }
        if (LOG.isInfoEnabled()) {
            LOG.info("Authorization Not Supported at CLDB: Reverting to Obtaining ACLs");
        }
        if (volumeProperties == null) {
            CLDBProto.SecurityGetAclResponse acls = getAcls(credentialsMsg, str2);
            if (acls.getStatus() != 0) {
                if (outputHierarchy == null) {
                    return false;
                }
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(acls.getStatus(), acls.getErrorString()));
                return false;
            }
            acl = acls.getAcl();
        } else {
            if (volumeProperties.getAcl() == null) {
                if (outputHierarchy == null) {
                    return false;
                }
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(22, "Missing ACLs in VolumeProperties for Volume " + str2));
                return false;
            }
            acl = volumeProperties.getAcl();
        }
        if (new ACL(acl).verifyPermissions(credentialsMsg, i)) {
            return true;
        }
        if (outputHierarchy == null) {
            return false;
        }
        outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(1, "Authorization Error: Volume: " + str2 + " VolumeActions: " + i));
        return false;
    }

    public boolean canPerformVolumeAction(String str, CLDBProto.VolumeProperties volumeProperties, int i, Security.CredentialsMsg credentialsMsg, CommandOutput.OutputHierarchy outputHierarchy) throws CLIProcessingException {
        return canPerformVolumeAction(CLDBRpcCommonUtils.getInstance().getCurrentClusterName(), str, volumeProperties, i, credentialsMsg, outputHierarchy);
    }

    public boolean canPerformClusterActions(String str, int i, Security.CredentialsMsg credentialsMsg, CommandOutput.OutputHierarchy outputHierarchy) throws CLIProcessingException {
        Accesscontrol.ClientAuthorizationResponse sendAuthRequestToCldb = sendAuthRequestToCldb(str, credentialsMsg, 0, null, i);
        if (sendAuthRequestToCldb.getStatus() == 0) {
            if (!sendAuthRequestToCldb.getIsAuthorized() && outputHierarchy != null) {
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(1, Errno.toString(1)));
            }
            return sendAuthRequestToCldb.getIsAuthorized();
        }
        if (sendAuthRequestToCldb.getStatus() != 10009) {
            if (outputHierarchy == null) {
                return false;
            }
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(sendAuthRequestToCldb.getStatus(), sendAuthRequestToCldb.getErrMsg()));
            return false;
        }
        if (LOG.isInfoEnabled()) {
            LOG.info("Authorization Not Supported at CLDB: Reverting to Obtaining ACLs");
        }
        CLDBProto.SecurityGetAclResponse acls = getAcls(credentialsMsg, null);
        if (acls.getStatus() != 0) {
            if (outputHierarchy == null) {
                return false;
            }
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(acls.getStatus(), acls.getErrorString()));
            return false;
        }
        if (new ACL(acls.getAcl()).verifyPermissions(credentialsMsg, i)) {
            return true;
        }
        if (outputHierarchy == null) {
            return false;
        }
        outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(1, Errno.toString(1)));
        return false;
    }

    public boolean canPerformClusterActions(int i, Security.CredentialsMsg credentialsMsg, CommandOutput.OutputHierarchy outputHierarchy) throws CLIProcessingException {
        return canPerformClusterActions(CLDBRpcCommonUtils.getInstance().getCurrentClusterName(), i, credentialsMsg, outputHierarchy);
    }

    private Accesscontrol.ClientAuthorizationResponse sendAuthRequestToCldb(String str, Security.CredentialsMsg credentialsMsg, int i, String str2, int i2) throws CLIProcessingException {
        Accesscontrol.ClientAuthorizationRequest.Builder volumeActions = Accesscontrol.ClientAuthorizationRequest.newBuilder().setCreds(credentialsMsg).setClusterActions(i2).setVolumeActions(i);
        if (str2 != null) {
            volumeActions.setVolumeName(str2);
        }
        try {
            byte[] sendRequest = CLDBRpcCommonUtils.getInstance().sendRequest(str, Common.MapRProgramId.CldbProgramId.getNumber(), CLDBProto.CLDBProg.ClientAuthorizationProc.getNumber(), (MessageLite) volumeActions.build(), Accesscontrol.ClientAuthorizationResponse.class);
            if (sendRequest == null) {
                return Accesscontrol.ClientAuthorizationResponse.newBuilder().setStatus(Errno.ERPCFAILED).setErrMsg("RPC Rejected by CLDB Server").build();
            }
            try {
                return Accesscontrol.ClientAuthorizationResponse.parseFrom(sendRequest);
            } catch (InvalidProtocolBufferException e) {
                throw new CLIProcessingException("Error Parsing RPC Response", e);
            }
        } catch (Exception e2) {
            throw new CLIProcessingException("Error Sending RPC Request", e2);
        }
    }

    private CLDBProto.SecurityGetAclResponse getAcls(Security.CredentialsMsg credentialsMsg, String str) throws CLIProcessingException {
        CLDBProto.SecurityGetAclRequest.Builder objectType = CLDBProto.SecurityGetAclRequest.newBuilder().setCreds(credentialsMsg).setObjectType(CLDBProto.SecureObjectType.OBJECT_TYPE_CLUSTER);
        if (str != null) {
            objectType.setName(str).setObjectType(CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME);
        }
        try {
            byte[] sendRequest = CLDBRpcCommonUtils.getInstance().sendRequest(Common.MapRProgramId.CldbProgramId.getNumber(), CLDBProto.CLDBProg.SecurityGetAclProc.getNumber(), objectType.build(), CLDBProto.SecurityGetAclResponse.class);
            if (sendRequest == null) {
                return CLDBProto.SecurityGetAclResponse.newBuilder().setStatus(Errno.ERPCFAILED).setErrorString("RPC Rejected by CLDB Server").build();
            }
            try {
                return CLDBProto.SecurityGetAclResponse.parseFrom(sendRequest);
            } catch (InvalidProtocolBufferException e) {
                throw new CLIProcessingException("InvalidProtocolBufferException Exception", e);
            }
        } catch (Exception e2) {
            throw new CLIProcessingException(e2);
        }
    }
}
