package org.apache.sentry.provider.db.generic.tools;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.apache.sentry.core.model.search.Collection;
import org.apache.sentry.policy.common.KeyValue;
import org.apache.sentry.policy.common.PolicyConstants;
import org.apache.sentry.policy.common.PrivilegeValidator;
import org.apache.sentry.policy.common.PrivilegeValidatorContext;
import org.apache.sentry.policy.search.SearchModelAuthorizables;
import org.apache.sentry.policy.search.SimpleSearchPolicyEngine;
import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
import org.apache.sentry.provider.db.generic.service.thrift.TSentryGrantOption;
import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConvertor;
import org.apache.shiro.config.ConfigurationException;

/* loaded from: input_file:org/apache/sentry/provider/db/generic/tools/SolrTSentryPrivilegeConvertor.class */
public class SolrTSentryPrivilegeConvertor implements TSentryPrivilegeConvertor {
    private String component;
    private String service;

    public SolrTSentryPrivilegeConvertor(String str, String str2) {
        this.component = str;
        this.service = str2;
    }

    @Override // org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConvertor
    public TSentryPrivilege fromString(String str) throws Exception {
        validatePrivilegeHierarchy(str);
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        LinkedList linkedList = new LinkedList();
        Iterator it = PolicyConstants.AUTHORIZABLE_SPLITTER.split(str).iterator();
        while (it.hasNext()) {
            KeyValue keyValue = new KeyValue((String) it.next());
            String key = keyValue.getKey();
            String value = keyValue.getValue();
            Collection from = SearchModelAuthorizables.from(keyValue);
            if (from != null) {
                if (!(from instanceof Collection)) {
                    throw new IllegalArgumentException("Unknown authorizable type: " + from.getTypeName());
                }
                Collection collection = from;
                linkedList.add(new TAuthorizable(collection.getTypeName(), collection.getName()));
            } else {
                if (!"action".equalsIgnoreCase(key)) {
                    throw new IllegalArgumentException("Unknown key: " + key);
                }
                tSentryPrivilege.setAction(value);
            }
        }
        if (tSentryPrivilege.getAction() == null) {
            throw new IllegalArgumentException("Privilege is invalid: action required but not specified.");
        }
        tSentryPrivilege.setComponent(this.component);
        tSentryPrivilege.setServiceName(this.service);
        tSentryPrivilege.setAuthorizables(linkedList);
        return tSentryPrivilege;
    }

    @Override // org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConvertor
    public String toString(TSentryPrivilege tSentryPrivilege) {
        ArrayList newArrayList = Lists.newArrayList();
        if (tSentryPrivilege != null) {
            List<TAuthorizable> authorizables = tSentryPrivilege.getAuthorizables();
            String action = tSentryPrivilege.getAction();
            String str = tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE ? "true" : "false";
            Iterator<TAuthorizable> it = authorizables.iterator();
            if (it != null) {
                while (it.hasNext()) {
                    TAuthorizable next = it.next();
                    newArrayList.add(PolicyConstants.KV_JOINER.join(next.getType(), next.getName(), new Object[0]));
                }
            }
            if (!authorizables.isEmpty()) {
                newArrayList.add(PolicyConstants.KV_JOINER.join("action", action, new Object[0]));
            }
            if ("true".equals(str)) {
                newArrayList.add(PolicyConstants.KV_JOINER.join("grantoption", str, new Object[0]));
            }
        }
        return PolicyConstants.AUTHORIZABLE_JOINER.join(newArrayList);
    }

    private static void validatePrivilegeHierarchy(String str) throws Exception {
        ImmutableList createPrivilegeValidators = SimpleSearchPolicyEngine.createPrivilegeValidators();
        PrivilegeValidatorContext privilegeValidatorContext = new PrivilegeValidatorContext((String) null, str);
        Iterator it = createPrivilegeValidators.iterator();
        while (it.hasNext()) {
            try {
                ((PrivilegeValidator) it.next()).validate(privilegeValidatorContext);
            } catch (ConfigurationException e) {
                throw new IllegalArgumentException((Throwable) e);
            }
        }
    }
}
