package org.apache.sentry.provider.file;

import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.HashBasedTable;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Interner;
import com.google.common.collect.Interners;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.google.common.collect.Table;
import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nullable;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.SentryConfigurationException;
import org.apache.sentry.policy.common.PrivilegeUtils;
import org.apache.sentry.policy.common.PrivilegeValidator;
import org.apache.sentry.policy.common.PrivilegeValidatorContext;
import org.apache.sentry.provider.common.ProviderBackend;
import org.apache.sentry.provider.common.ProviderBackendContext;
import org.apache.sentry.provider.common.ProviderConstants;
import org.apache.shiro.config.Ini;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/provider/file/SimpleFileProviderBackend.class */
public class SimpleFileProviderBackend implements ProviderBackend {
    private static final Logger LOGGER = LoggerFactory.getLogger(SimpleFileProviderBackend.class);
    private final FileSystem fileSystem;
    private final Path resourcePath;
    private final Configuration conf;
    private final List<String> configErrors;
    private final List<String> configWarnings;
    private final Table<String, String, Set<String>> groupRolePrivilegeTable;
    private final Interner<String> stringInterner;
    private ImmutableList<PrivilegeValidator> validators;
    private boolean allowPerDatabaseSection;
    private volatile boolean initialized;

    public SimpleFileProviderBackend(Configuration configuration, String str) throws IOException {
        this(configuration, new Path(str));
    }

    public SimpleFileProviderBackend(Configuration configuration, Path path) throws IOException {
        this.resourcePath = path;
        this.fileSystem = path.getFileSystem(configuration);
        this.groupRolePrivilegeTable = HashBasedTable.create();
        this.conf = configuration;
        this.configErrors = Lists.newArrayList();
        this.configWarnings = Lists.newArrayList();
        this.validators = ImmutableList.of();
        this.allowPerDatabaseSection = true;
        this.initialized = false;
        this.stringInterner = Interners.newWeakInterner();
    }

    public void initialize(ProviderBackendContext providerBackendContext) {
        if (this.initialized) {
            throw new IllegalStateException("Backend has already been initialized, cannot be initialized twice");
        }
        this.validators = providerBackendContext.getValidators();
        this.allowPerDatabaseSection = providerBackendContext.isAllowPerDatabase();
        parse();
        this.initialized = true;
    }

    public ImmutableSet<String> getPrivileges(Set<String> set, ActiveRoleSet activeRoleSet, Authorizable... authorizableArr) {
        if (!this.initialized) {
            throw new IllegalStateException("Backend has not been properly initialized");
        }
        ImmutableSet.Builder builder = ImmutableSet.builder();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            for (Map.Entry entry : this.groupRolePrivilegeTable.row(it.next()).entrySet()) {
                if (activeRoleSet.containsRole((String) entry.getKey())) {
                    builder.addAll((Iterable) entry.getValue());
                }
            }
        }
        return builder.build();
    }

    public ImmutableSet<String> getRoles(Set<String> set, ActiveRoleSet activeRoleSet) {
        if (!this.initialized) {
            throw new IllegalStateException("Backend has not been properly initialized");
        }
        ImmutableSet.Builder builder = ImmutableSet.builder();
        if (set != null) {
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                for (Map.Entry entry : this.groupRolePrivilegeTable.row(it.next()).entrySet()) {
                    if (activeRoleSet.containsRole((String) entry.getKey())) {
                        builder.add(entry.getKey());
                    }
                }
            }
        }
        return builder.build();
    }

    public void close() {
    }

    public void validatePolicy(boolean z) throws SentryConfigurationException {
        if (!this.initialized) {
            throw new IllegalStateException("Backend has not been properly initialized");
        }
        ArrayList newArrayList = Lists.newArrayList(this.configErrors);
        ArrayList newArrayList2 = Lists.newArrayList(this.configWarnings);
        if ((!z || newArrayList2.isEmpty()) && newArrayList.isEmpty()) {
            return;
        }
        newArrayList.add("Failed to process global policy file " + this.resourcePath);
        SentryConfigurationException sentryConfigurationException = new SentryConfigurationException("");
        sentryConfigurationException.setConfigErrors(newArrayList);
        sentryConfigurationException.setConfigWarnings(newArrayList2);
        throw sentryConfigurationException;
    }

    private void parse() {
        Ini loadFromPath;
        this.configErrors.clear();
        this.configWarnings.clear();
        HashBasedTable create = HashBasedTable.create();
        LOGGER.info("Parsing " + this.resourcePath);
        LOGGER.info("Filesystem: " + this.fileSystem.getUri());
        try {
            try {
                Ini loadFromPath2 = PolicyFiles.loadFromPath(this.fileSystem, this.resourcePath);
                if (LOGGER.isDebugEnabled()) {
                    for (String str : loadFromPath2.getSectionNames()) {
                        LOGGER.debug("Section: " + str);
                        Ini.Section section = loadFromPath2.get(str);
                        for (String str2 : section.keySet()) {
                            LOGGER.debug(str2 + " = " + section.get(str2));
                        }
                    }
                }
                parseIni(null, loadFromPath2, this.validators, this.resourcePath, create);
                mergeResult(create);
                create.clear();
                Ini.Section section2 = loadFromPath2.getSection("databases");
                if (section2 == null) {
                    LOGGER.info("Section databases needs no further processing");
                } else {
                    if (!this.allowPerDatabaseSection) {
                        throw new SentryConfigurationException("Per-db policy file is not expected in this configuration.");
                    }
                    for (Map.Entry entry : section2.entrySet()) {
                        String lowerCase = Strings.nullToEmpty((String) entry.getKey()).trim().toLowerCase();
                        Path path = new Path(Strings.nullToEmpty((String) entry.getValue()).trim());
                        if (isRelative(path)) {
                            path = new Path(this.resourcePath.getParent(), path);
                        }
                        try {
                            LOGGER.debug("Parsing " + path);
                            loadFromPath = PolicyFiles.loadFromPath(path.getFileSystem(this.conf), path);
                        } catch (Exception e) {
                            this.configErrors.add("Failed to read per-DB policy file " + path + " Error: " + e.getMessage());
                            LOGGER.error("Error processing key " + ((String) entry.getKey()) + ", skipping " + ((String) entry.getValue()), e);
                        }
                        if (loadFromPath.containsKey("users")) {
                            this.configErrors.add("Per-db policy file cannot contain users section in " + path);
                            throw new SentryConfigurationException("Per-db policy files cannot contain users section");
                        }
                        if (loadFromPath.containsKey("databases")) {
                            this.configErrors.add("Per-db policy files cannot contain databases section in " + path);
                            throw new SentryConfigurationException("Per-db policy files cannot contain databases section");
                        }
                        parseIni(lowerCase, loadFromPath, this.validators, path, create);
                    }
                }
                mergeResult(create);
                create.clear();
            } catch (IOException e2) {
                this.configErrors.add("Failed to read policy file " + this.resourcePath + " Error: " + e2.getMessage());
                throw new SentryConfigurationException("Error loading policy file " + this.resourcePath, e2);
            } catch (IllegalArgumentException e3) {
                this.configErrors.add("Failed to read policy file " + this.resourcePath + " Error: " + e3.getMessage());
                throw new SentryConfigurationException("Error loading policy file " + this.resourcePath, e3);
            }
        } catch (Exception e4) {
            this.configErrors.add("Error processing file " + this.resourcePath + e4.getMessage());
            LOGGER.error("Error processing file, ignoring " + this.resourcePath, e4);
        }
    }

    private boolean isRelative(Path path) {
        URI uri = path.toUri();
        return uri.getAuthority() == null && uri.getScheme() == null && !path.isUriPathAbsolute();
    }

    private void mergeResult(Table<String, String, Set<String>> table) {
        for (Table.Cell cell : table.cellSet()) {
            String str = (String) cell.getRowKey();
            String str2 = (String) cell.getColumnKey();
            Set set = (Set) this.groupRolePrivilegeTable.get(str, str2);
            if (set == null) {
                set = new HashSet();
                this.groupRolePrivilegeTable.put(str, str2, set);
            }
            set.addAll((Collection) cell.getValue());
        }
    }

    private void parseIni(String str, Ini ini, List<? extends PrivilegeValidator> list, Path path, Table<String, String, Set<String>> table) {
        Ini.Section section = ini.getSection("roles");
        boolean z = false;
        if (section == null) {
            String format = String.format("Section %s empty for %s", "roles", path);
            LOGGER.warn(format);
            this.configErrors.add(format);
            z = true;
        }
        Ini.Section section2 = ini.getSection("groups");
        if (section2 == null) {
            String format2 = String.format("Section %s empty for %s", "groups", path);
            LOGGER.warn(format2);
            this.configErrors.add(format2);
            z = true;
        }
        if (z) {
            return;
        }
        parsePrivileges(str, section, section2, list, path, table);
    }

    private void parsePrivileges(@Nullable String str, Ini.Section section, Ini.Section section2, List<? extends PrivilegeValidator> list, Path path, Table<String, String, Set<String>> table) {
        HashMultimap create = HashMultimap.create();
        for (Map.Entry entry : section.entrySet()) {
            String str2 = (String) this.stringInterner.intern(Strings.nullToEmpty((String) entry.getKey()).trim());
            String trim = Strings.nullToEmpty((String) entry.getValue()).trim();
            boolean z = false;
            if (str2.isEmpty()) {
                String format = String.format("Empty role name encountered in %s", path);
                LOGGER.warn(format);
                this.configErrors.add(format);
                z = true;
            }
            if (trim.isEmpty()) {
                String format2 = String.format("Empty role value encountered in %s", path);
                LOGGER.warn(format2);
                this.configErrors.add(format2);
                z = true;
            }
            if (create.containsKey(str2)) {
                String format3 = String.format("Role %s defined twice in %s", str2, path);
                LOGGER.warn(format3);
                this.configWarnings.add(format3);
            }
            Set<String> privilegeStrings = PrivilegeUtils.toPrivilegeStrings(trim);
            if (!z && privilegeStrings != null) {
                HashSet newHashSet = Sets.newHashSet();
                for (String str3 : privilegeStrings) {
                    Iterator<? extends PrivilegeValidator> it = list.iterator();
                    while (it.hasNext()) {
                        it.next().validate(new PrivilegeValidatorContext(str, str3.trim()));
                    }
                    newHashSet.add(this.stringInterner.intern(str3));
                }
                create.putAll(str2, newHashSet);
            }
        }
        Splitter trimResults = ProviderConstants.ROLE_SPLITTER.omitEmptyStrings().trimResults();
        for (Map.Entry entry2 : section2.entrySet()) {
            String str4 = (String) this.stringInterner.intern(Strings.nullToEmpty((String) entry2.getKey()).trim());
            Iterator it2 = trimResults.split(Strings.nullToEmpty((String) entry2.getValue()).trim()).iterator();
            while (it2.hasNext()) {
                String str5 = (String) this.stringInterner.intern((String) it2.next());
                if (create.containsKey(str5)) {
                    Set set = (Set) table.get(str4, str5);
                    if (set == null) {
                        set = new HashSet();
                        table.put(str4, str5, set);
                    }
                    set.addAll(create.get(str5));
                } else {
                    String format4 = String.format("Role %s for group %s does not exist in privileges section in %s", str5, str4, path);
                    LOGGER.warn(format4);
                    this.configWarnings.add(format4);
                }
            }
        }
    }

    public Table<String, String, Set<String>> getGroupRolePrivilegeTable() {
        return this.groupRolePrivilegeTable;
    }
}
