package com.mapr.baseutils.utils;

import com.mapr.fs.cldb.proto.CLDBProto;
import com.mapr.fs.jni.MapRClient;
import com.mapr.fs.proto.Fileserver;
import com.mapr.fs.proto.Msicommon;
import com.mapr.fs.proto.Security;
import java.util.Iterator;

/* loaded from: input_file:com/mapr/baseutils/utils/ACL.class */
public class ACL {
    Security.AccessControlList aclList;
    static int AllUsersId = -1;
    public static int AllActionsMask = -1;

    boolean aclEntryMatches(Security.AclEntry aclEntry, int i) {
        int princId = aclEntry.getPrincipal().getPrincId();
        return princId == AllUsersId || princId == i;
    }

    boolean aclEntryMatchesExactly(Security.AclEntry aclEntry, int i) {
        return aclEntry.getPrincipal().getPrincId() == i;
    }

    boolean bitSet(int i, int i2) {
        return (i & i2) != 0;
    }

    boolean denyAccess(Security.AclEntry aclEntry, int i) {
        if (aclEntry.hasDeny()) {
            return bitSet(aclEntry.getDeny(), i);
        }
        return false;
    }

    boolean allowAccess(Security.AclEntry aclEntry, int i) {
        if (aclEntry.hasAllow()) {
            return bitSet(aclEntry.getAllow(), i);
        }
        return false;
    }

    int allowedAccess(int i, boolean z, int i2) {
        int makePrincipalId = makePrincipalId(i, z);
        for (Security.AclEntry aclEntry : this.aclList.getAclList()) {
            if (aclEntryMatches(aclEntry, makePrincipalId)) {
                if (denyAccess(aclEntry, i2)) {
                    return -1;
                }
                if (allowAccess(aclEntry, i2)) {
                    return 1;
                }
            }
        }
        return 0;
    }

    public boolean verifyPermissions(Security.CredentialsMsg credentialsMsg, int i) {
        return verifyPermissions(credentialsMsg, i, null);
    }

    public boolean verifyPermissions(Security.CredentialsMsg credentialsMsg, int i, StringBuilder sb) {
        boolean z = false;
        if (credentialsMsg == null) {
            if (sb == null || sb.length() != 0) {
                return false;
            }
            sb.append("Missing credentials");
            return false;
        }
        if (credentialsMsg.hasCapabilities() && credentialsMsg.getCapabilities().hasClusterOpsMask() && (((int) credentialsMsg.getCapabilities().getClusterOpsMask()) & i) != 0) {
            return true;
        }
        if (this.aclList == null) {
            if (sb == null || sb.length() != 0) {
                return false;
            }
            sb.append("ACL not found, not yet initialized");
            return false;
        }
        if (!credentialsMsg.hasUid()) {
            if (sb == null || sb.length() != 0) {
                return false;
            }
            sb.append("uid missing in creds request");
            return false;
        }
        int allowedAccess = allowedAccess(credentialsMsg.getUid(), true, i);
        if (allowedAccess == -1) {
            z = true;
        }
        if (allowedAccess == 1) {
            return true;
        }
        Iterator<Integer> it = credentialsMsg.getGidsList().iterator();
        while (it.hasNext()) {
            int allowedAccess2 = allowedAccess(it.next().intValue(), false, i);
            if (allowedAccess2 == -1) {
                z = true;
            }
            if (allowedAccess2 == 1 && !z) {
                return true;
            }
        }
        if (sb == null || sb.length() != 0) {
            return false;
        }
        sb.append("User do not have permissions to read ACL");
        return false;
    }

    public boolean setPermissionsForId(int i, boolean z, int i2, int i3) {
        Security.AccessControlList.Builder newBuilder = Security.AccessControlList.newBuilder(this.aclList);
        int makePrincipalId = makePrincipalId(i, z);
        int i4 = 0;
        for (Security.AclEntry aclEntry : this.aclList.getAclList()) {
            if (aclEntryMatchesExactly(aclEntry, makePrincipalId)) {
                Security.AclEntry.Builder newBuilder2 = Security.AclEntry.newBuilder();
                newBuilder2.setPrincipal(aclEntry.getPrincipal());
                newBuilder2.setAllow(i2);
                newBuilder2.setDeny(i3);
                newBuilder.setAcl(i4, newBuilder2);
                this.aclList = newBuilder.m84954build();
                return true;
            }
            i4++;
        }
        return false;
    }

    public boolean changePrincipal(int i, int i2) {
        Security.AccessControlList.Builder newBuilder = Security.AccessControlList.newBuilder(this.aclList);
        int i3 = 0;
        for (Security.AclEntry aclEntry : this.aclList.getAclList()) {
            if (aclEntry.getPrincipal().getPrincId() == i) {
                Security.SecurityPrincipal.Builder newBuilder2 = Security.SecurityPrincipal.newBuilder();
                newBuilder2.setPrincId(i2);
                Security.AclEntry.Builder newBuilder3 = Security.AclEntry.newBuilder(aclEntry);
                newBuilder3.setPrincipal(newBuilder2);
                newBuilder.setAcl(i3, newBuilder3);
                this.aclList = newBuilder.m84954build();
                return true;
            }
            i3++;
        }
        return false;
    }

    public boolean updateAclEntry(Security.AclEntry aclEntry) {
        Security.AccessControlList.Builder newBuilder = Security.AccessControlList.newBuilder(this.aclList);
        int i = 0;
        Iterator<Security.AclEntry> it = this.aclList.getAclList().iterator();
        while (it.hasNext()) {
            if (it.next().getPrincipal().getPrincId() == aclEntry.getPrincipal().getPrincId()) {
                newBuilder.setAcl(i, aclEntry);
                this.aclList = newBuilder.m84954build();
                return true;
            }
            i++;
        }
        return false;
    }

    public void addAclEntry(Security.AclEntry aclEntry) {
        Security.AccessControlList.Builder newBuilder = Security.AccessControlList.newBuilder();
        newBuilder.addAcl(aclEntry);
        newBuilder.mergeFrom(this.aclList);
        this.aclList = newBuilder.m84954build();
    }

    public void addPermissionsForId(int i, boolean z, int i2, int i3) {
        Security.AccessControlList.Builder newBuilder = Security.AccessControlList.newBuilder();
        Security.AclEntry.Builder principal = Security.AclEntry.newBuilder().setAllow(i2).setDeny(i3).setPrincipal(makePrincipal(i, z));
        if (i == AllUsersId) {
            newBuilder.addAcl(principal);
            newBuilder.mergeFrom(this.aclList);
        } else {
            newBuilder.mergeFrom(this.aclList);
            newBuilder.addAcl(principal);
        }
        this.aclList = newBuilder.m84954build();
    }

    public boolean removeAllPermissionsForId(int i, boolean z) {
        Security.AccessControlList.Builder newBuilder = Security.AccessControlList.newBuilder();
        int makePrincipalId = makePrincipalId(i, z);
        boolean z2 = false;
        for (Security.AclEntry aclEntry : this.aclList.getAclList()) {
            if (aclEntryMatchesExactly(aclEntry, makePrincipalId)) {
                z2 = true;
            } else {
                newBuilder.addAcl(aclEntry);
            }
        }
        this.aclList = newBuilder.m84954build();
        return z2;
    }

    public Security.AccessControlList getAclList() {
        return this.aclList;
    }

    public Security.AccessControlList getAclList(int i, boolean z) {
        Security.AccessControlList.Builder newBuilder = Security.AccessControlList.newBuilder();
        int makePrincipalId = makePrincipalId(i, z);
        Iterator<Security.AclEntry> it = this.aclList.getAclList().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Security.AclEntry next = it.next();
            if (aclEntryMatchesExactly(next, makePrincipalId)) {
                newBuilder.addAcl(next);
                break;
            }
        }
        return newBuilder.m84954build();
    }

    public ACL(Security.AccessControlList accessControlList) {
        this.aclList = accessControlList;
    }

    public static Security.SecurityPrincipal allUsers() {
        return Security.SecurityPrincipal.newBuilder().setPrincId(AllUsersId).m85761build();
    }

    public static boolean allUsers(int i) {
        return i == AllUsersId;
    }

    public static Security.SecurityPrincipal userUid(int i) {
        return Security.SecurityPrincipal.newBuilder().setPrincId(i).m85761build();
    }

    public static Security.SecurityPrincipal groupGid(int i) {
        return Security.SecurityPrincipal.newBuilder().setPrincId(i | Integer.MIN_VALUE).m85761build();
    }

    public static int makePrincipalId(int i, boolean z) {
        return z ? i : i | Integer.MIN_VALUE;
    }

    public static Security.SecurityPrincipal makePrincipal(int i, boolean z) {
        return Security.SecurityPrincipal.newBuilder().setPrincId(makePrincipalId(i, z)).m85761build();
    }

    public static boolean isGid(int i) {
        return (i & Integer.MIN_VALUE) != 0;
    }

    public static int getGid(int i) {
        return i & MapRClient.ERROR_VALUE;
    }

    public static boolean isUid(int i) {
        return (i & Integer.MIN_VALUE) == 0;
    }

    public static void main(String[] strArr) {
        ACL acl = new ACL(Security.AccessControlList.newBuilder().addAcl(Security.AclEntry.newBuilder().setPrincipal(allUsers()).setAllow(-1).m85001build()).m84954build());
        Security.CredentialsMsg m85240build = Security.CredentialsMsg.newBuilder().setUid(100).addGids(100).addGids(200).m85240build();
        System.out.println("Starting tests");
        for (int i = 0; i < 32; i++) {
            if (!acl.verifyPermissions(m85240build, 1 << i)) {
                System.out.println("FAIL: Allow ALL test for action = " + i);
                System.exit(-1);
            }
        }
        acl.setPermissionsForId(AllUsersId, true, -1, -1);
        for (int i2 = 0; i2 < 32; i2++) {
            if (acl.verifyPermissions(m85240build, 1 << i2)) {
                System.out.println("FAIL: Deny ALL test for action = " + i2);
                System.exit(-1);
            }
        }
        acl.removeAllPermissionsForId(AllUsersId, true);
        acl.addPermissionsForId(100, false, -1, 1);
        if (acl.verifyPermissions(m85240build, 1)) {
            System.out.println("FAIL: Allow all except 0 failed for 0");
            System.exit(-1);
        }
        if (!acl.verifyPermissions(m85240build, 2)) {
            System.out.println("FAIL: Allow all except 0 failed for 1");
            System.exit(-1);
        }
        acl.removeAllPermissionsForId(100, false);
        acl.addPermissionsForId(100, true, 15, 1);
        if (acl.verifyPermissions(m85240build, 1)) {
            System.out.println("FAIL: Allow 0xF except 0 failed for 0");
            System.exit(-1);
        }
        if (!acl.verifyPermissions(m85240build, 2)) {
            System.out.println("FAIL: Allow 0xF except 0 failed for 1");
            System.exit(-1);
        }
        if (acl.verifyPermissions(Security.CredentialsMsg.newBuilder().setUid(1048576).m85240build(), 1)) {
            System.out.println("FAIL: Unknown user should have no permissions allowed");
            System.exit(-1);
        }
        acl.addPermissionsForId(200, false, CLDBProto.CLDBProg.GetSPDareKeyProc_VALUE, 0);
        acl.addPermissionsForId(Fileserver.FSProg.CreateStripeletProc_VALUE, false, 3840, 0);
        if (acl.verifyPermissions(m85240build, 1)) {
            System.out.println("FAIL: User 100 should have no permissions for action 0");
            System.exit(-1);
        }
        if (!acl.verifyPermissions(m85240build, 2)) {
            System.out.println("FAIL: User 100 should have permissions for action 1");
            System.exit(-1);
        }
        if (!acl.verifyPermissions(m85240build, 128)) {
            System.out.println("FAIL: Group 200 should have permissions for action 7");
            System.exit(-1);
        }
        if (acl.verifyPermissions(m85240build, Msicommon.MSIPutType.MPTObjLockEnableLegalHold_VALUE)) {
            System.out.println("FAIL: Group 300 should have no permissions for action 11");
            System.exit(-1);
        }
        acl.addPermissionsForId(AllUsersId, true, -1, 0);
        if (!acl.verifyPermissions(m85240build, 1)) {
            System.out.println("FAIL: User 100 should have permissions for action 0");
            System.exit(-1);
        }
        System.out.println("All tests passed");
    }
}
