package org.apache.sqoop.handler;

import java.io.IOException;
import java.util.List;
import org.apache.derby.security.DatabasePermission;
import org.apache.log4j.Logger;
import org.apache.sqoop.audit.AuditLoggerManager;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.json.JSONUtils;
import org.apache.sqoop.json.JsonBean;
import org.apache.sqoop.json.PrincipalBean;
import org.apache.sqoop.json.PrincipalsBean;
import org.apache.sqoop.json.PrivilegeBean;
import org.apache.sqoop.json.PrivilegesBean;
import org.apache.sqoop.json.RoleBean;
import org.apache.sqoop.json.RolesBean;
import org.apache.sqoop.model.MPrincipal;
import org.apache.sqoop.model.MPrivilege;
import org.apache.sqoop.model.MResource;
import org.apache.sqoop.model.MRole;
import org.apache.sqoop.security.AuthorizationHandler;
import org.apache.sqoop.security.AuthorizationManager;
import org.apache.sqoop.security.SecurityError;
import org.apache.sqoop.server.RequestContext;
import org.apache.sqoop.server.RequestHandler;
import org.apache.sqoop.server.common.ServerError;
import org.json.simple.JSONObject;

/* loaded from: input_file:WEB-INF/classes/org/apache/sqoop/handler/AuthorizationRequestHandler.class */
public class AuthorizationRequestHandler implements RequestHandler {
    private static final Logger LOG = Logger.getLogger(AuthorizationRequestHandler.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/classes/org/apache/sqoop/handler/AuthorizationRequestHandler$Action.class */
    public enum Action {
        AUTHORIZATION("authorization"),
        ROLES("roles"),
        PRINCIPALS("principals"),
        PRIVILEGES("privileges"),
        CREATE(DatabasePermission.CREATE),
        GRANT("grant"),
        REVOKE("revoke");

        String name;

        Action(String str) {
            this.name = str;
        }

        public static Action fromString(String str) {
            if (str == null) {
                return null;
            }
            for (Action action : values()) {
                if (str.equalsIgnoreCase(action.name)) {
                    return action;
                }
            }
            return null;
        }
    }

    public AuthorizationRequestHandler() {
        LOG.info("AuthorizationRequestHandler initialized");
    }

    @Override // org.apache.sqoop.server.RequestHandler
    public JsonBean handleEvent(RequestContext requestContext) {
        Action fromString = Action.fromString(requestContext.getLastURLElement());
        String requestURI = requestContext.getRequest().getRequestURI();
        switch (requestContext.getMethod()) {
            case GET:
                switch (fromString) {
                    case ROLES:
                        return getRoles(requestContext);
                    case PRINCIPALS:
                        return getPrincipal(requestContext);
                    case PRIVILEGES:
                        return getPrivilege(requestContext);
                    default:
                        throw new SqoopException(ServerError.SERVER_0003, "Invalid action in url" + requestURI);
                }
            case POST:
                switch (fromString) {
                    case CREATE:
                        return createRole(requestContext);
                    default:
                        throw new SqoopException(ServerError.SERVER_0003, "Invalid action in url" + requestURI);
                }
            case PUT:
                requestContext.getUrlElements();
                switch (Action.fromString(r0[r0.length - 2])) {
                    case ROLES:
                        switch (fromString) {
                            case GRANT:
                                return grantRevokeRole(requestContext, true);
                            case REVOKE:
                                return grantRevokeRole(requestContext, false);
                            default:
                                throw new SqoopException(ServerError.SERVER_0003, "Invalid action in url" + requestURI);
                        }
                    case PRIVILEGES:
                        switch (fromString) {
                            case GRANT:
                                return grantRevokePrivilege(requestContext, true);
                            case REVOKE:
                                return grantRevokePrivilege(requestContext, false);
                            default:
                                throw new SqoopException(ServerError.SERVER_0003, "Invalid action in url" + requestURI);
                        }
                    default:
                        throw new SqoopException(ServerError.SERVER_0003, "Invalid action in url" + requestURI);
                }
            case DELETE:
                return dropRole(requestContext);
            default:
                throw new SqoopException(ServerError.SERVER_0003, "Invalid action in url" + requestURI);
        }
    }

    private JsonBean getRoles(RequestContext requestContext) {
        AuthorizationHandler authorizationHandler = AuthorizationManager.getAuthorizationHandler();
        AuditLoggerManager auditLoggerManager = AuditLoggerManager.getInstance();
        String parameterValue = requestContext.getParameterValue(RequestHandler.PRINCIPAL_NAME_QUERY_PARAM);
        String parameterValue2 = requestContext.getParameterValue(RequestHandler.PRINCIPAL_TYPE_QUERY_PARAM);
        if (parameterValue == null || parameterValue2 == null) {
            auditLoggerManager.logAuditEvent(requestContext.getUserName(), requestContext.getRequest().getRemoteAddr(), "get", "roles", "all");
            return new RolesBean(authorizationHandler.getAllRoles());
        }
        MPrincipal mPrincipal = new MPrincipal(parameterValue, parameterValue2);
        auditLoggerManager.logAuditEvent(requestContext.getUserName(), requestContext.getRequest().getRemoteAddr(), "get", "roles by principal", mPrincipal.toString());
        return new RolesBean(authorizationHandler.getRolesByPrincipal(mPrincipal));
    }

    private JsonBean getPrincipal(RequestContext requestContext) {
        AuthorizationHandler authorizationHandler = AuthorizationManager.getAuthorizationHandler();
        AuditLoggerManager auditLoggerManager = AuditLoggerManager.getInstance();
        String parameterValue = requestContext.getParameterValue(RequestHandler.ROLE_NAME_QUERY_PARAM);
        if (parameterValue == null) {
            throw new SqoopException(SecurityError.AUTH_0012, "Can't get role name");
        }
        MRole mRole = new MRole(parameterValue);
        auditLoggerManager.logAuditEvent(requestContext.getUserName(), requestContext.getRequest().getRemoteAddr(), "get", "principals by role", mRole.toString());
        return new PrincipalsBean(authorizationHandler.getPrincipalsByRole(mRole));
    }

    private JsonBean getPrivilege(RequestContext requestContext) {
        AuthorizationHandler authorizationHandler = AuthorizationManager.getAuthorizationHandler();
        AuditLoggerManager auditLoggerManager = AuditLoggerManager.getInstance();
        String parameterValue = requestContext.getParameterValue(RequestHandler.PRINCIPAL_NAME_QUERY_PARAM);
        String parameterValue2 = requestContext.getParameterValue(RequestHandler.PRINCIPAL_TYPE_QUERY_PARAM);
        String parameterValue3 = requestContext.getParameterValue(RequestHandler.RESOURCE_NAME_QUERY_PARAM);
        String parameterValue4 = requestContext.getParameterValue(RequestHandler.RESOURCE_TYPE_QUERY_PARAM);
        if (parameterValue == null || parameterValue2 == null) {
            throw new SqoopException(SecurityError.AUTH_0013, "Can't get principal");
        }
        MPrincipal mPrincipal = new MPrincipal(parameterValue, parameterValue2);
        MResource mResource = null;
        if (parameterValue3 != null && parameterValue4 != null) {
            mResource = new MResource(parameterValue3, parameterValue4);
        }
        auditLoggerManager.logAuditEvent(requestContext.getUserName(), requestContext.getRequest().getRemoteAddr(), "get", "privileges by principal", mPrincipal.toString());
        return new PrivilegesBean(authorizationHandler.getPrivilegesByPrincipal(mPrincipal, mResource));
    }

    private JsonBean createRole(RequestContext requestContext) {
        AuthorizationHandler authorizationHandler = AuthorizationManager.getAuthorizationHandler();
        AuditLoggerManager auditLoggerManager = AuditLoggerManager.getInstance();
        RoleBean roleBean = new RoleBean();
        try {
            roleBean.restore(JSONUtils.parse(requestContext.getRequest().getReader()));
            List<MRole> roles = roleBean.getRoles();
            if (roles.size() != 1) {
                throw new SqoopException(ServerError.SERVER_0003, "Expected one role but got " + roles.size());
            }
            MRole mRole = roles.get(0);
            auditLoggerManager.logAuditEvent(requestContext.getUserName(), requestContext.getRequest().getRemoteAddr(), DatabasePermission.CREATE, RoleBean.ROLE, mRole.toString());
            authorizationHandler.createRole(mRole);
            return JsonBean.EMPTY_BEAN;
        } catch (IOException e) {
            throw new SqoopException(ServerError.SERVER_0003, "Can't read request content", e);
        }
    }

    private JsonBean grantRevokeRole(RequestContext requestContext, boolean z) {
        AuthorizationHandler authorizationHandler = AuthorizationManager.getAuthorizationHandler();
        AuditLoggerManager auditLoggerManager = AuditLoggerManager.getInstance();
        RolesBean rolesBean = new RolesBean();
        PrincipalsBean principalsBean = new PrincipalsBean();
        try {
            JSONObject parse = JSONUtils.parse(requestContext.getRequest().getReader());
            rolesBean.restore(parse);
            principalsBean.restore(parse);
            List<MRole> roles = rolesBean.getRoles();
            List<MPrincipal> principals = principalsBean.getPrincipals();
            if (z) {
                auditLoggerManager.logAuditEvent(requestContext.getUserName(), requestContext.getRequest().getRemoteAddr(), "grant", RoleBean.ROLE, PrincipalBean.PRINCIPAL);
                authorizationHandler.grantRole(principals, roles);
            } else {
                auditLoggerManager.logAuditEvent(requestContext.getUserName(), requestContext.getRequest().getRemoteAddr(), "revoke", RoleBean.ROLE, PrincipalBean.PRINCIPAL);
                authorizationHandler.revokeRole(principals, roles);
            }
            return JsonBean.EMPTY_BEAN;
        } catch (IOException e) {
            throw new SqoopException(ServerError.SERVER_0003, "Can't read request content", e);
        }
    }

    private JsonBean grantRevokePrivilege(RequestContext requestContext, boolean z) {
        AuthorizationHandler authorizationHandler = AuthorizationManager.getAuthorizationHandler();
        AuditLoggerManager auditLoggerManager = AuditLoggerManager.getInstance();
        PrincipalsBean principalsBean = new PrincipalsBean();
        PrivilegesBean privilegesBean = new PrivilegesBean();
        try {
            JSONObject parse = JSONUtils.parse(requestContext.getRequest().getReader());
            principalsBean.restore(parse);
            try {
                privilegesBean.restore(parse);
            } catch (Exception e) {
                privilegesBean = null;
            }
            List<MPrincipal> principals = principalsBean.getPrincipals();
            List<MPrivilege> privileges = privilegesBean == null ? null : privilegesBean.getPrivileges();
            if (z) {
                auditLoggerManager.logAuditEvent(requestContext.getUserName(), requestContext.getRequest().getRemoteAddr(), "grant", RoleBean.ROLE, PrivilegeBean.PRIVILEGE);
                authorizationHandler.grantPrivileges(principals, privileges);
            } else {
                auditLoggerManager.logAuditEvent(requestContext.getUserName(), requestContext.getRequest().getRemoteAddr(), "revoke", RoleBean.ROLE, PrivilegeBean.PRIVILEGE);
                authorizationHandler.revokePrivileges(principals, privileges);
            }
            return JsonBean.EMPTY_BEAN;
        } catch (IOException e2) {
            throw new SqoopException(ServerError.SERVER_0003, "Can't read request content", e2);
        }
    }

    private JsonBean dropRole(RequestContext requestContext) {
        AuthorizationHandler authorizationHandler = AuthorizationManager.getAuthorizationHandler();
        AuditLoggerManager auditLoggerManager = AuditLoggerManager.getInstance();
        String[] urlElements = requestContext.getUrlElements();
        if (urlElements.length < 2 || !urlElements[urlElements.length - 2].equals(Action.ROLES.name)) {
            throw new SqoopException(SecurityError.AUTH_0012, "Can't get role name");
        }
        MRole mRole = new MRole(requestContext.getLastURLElement());
        auditLoggerManager.logAuditEvent(requestContext.getUserName(), requestContext.getRequest().getRemoteAddr(), "delete", RoleBean.ROLE, mRole.toString());
        authorizationHandler.dropRole(mRole);
        return JsonBean.EMPTY_BEAN;
    }
}
