package com.mapr.cli;

import com.google.common.collect.ImmutableMap;
import com.google.protobuf.InvalidProtocolBufferException;
import com.google.protobuf.MessageLite;
import com.mapr.baseutils.Errno;
import com.mapr.baseutils.acls.SecurityCommandHelper;
import com.mapr.baseutils.cldbutils.CLDBRpcCommonUtils;
import com.mapr.baseutils.policyserverutils.PolicyServerRpcCommonUtils;
import com.mapr.baseutils.utils.ACL;
import com.mapr.baseutils.utils.PolicyServerPermissionsManager;
import com.mapr.cliframework.base.CLIBaseClass;
import com.mapr.cliframework.base.CLICommand;
import com.mapr.cliframework.base.CLIInterface;
import com.mapr.cliframework.base.CLIProcessingException;
import com.mapr.cliframework.base.CLIUsageOnlyCommand;
import com.mapr.cliframework.base.CommandOutput;
import com.mapr.cliframework.base.ProcessedInput;
import com.mapr.cliframework.base.TextCommandOutput;
import com.mapr.cliframework.base.inputparams.BaseInputParameter;
import com.mapr.cliframework.base.inputparams.BooleanInputParameter;
import com.mapr.cliframework.base.inputparams.NoValueInputParameter;
import com.mapr.cliframework.base.inputparams.TextInputParameter;
import com.mapr.fs.cldb.Cluster;
import com.mapr.fs.cldb.ClusterAceProcessor;
import com.mapr.fs.cldb.PermissionsManager;
import com.mapr.fs.cldb.VolumeAceProcessor;
import com.mapr.fs.cldb.proto.CLDBProto;
import com.mapr.fs.proto.Common;
import com.mapr.fs.proto.PolicyServerProto;
import com.mapr.fs.proto.Security;
import com.mapr.security.MaprSecurityException;
import com.mapr.security.UnixUserGroupHelper;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/mapr/cli/AclCommands.class */
public class AclCommands extends CLIBaseClass implements CLIInterface {
    static final String OBJECT_PARAM_NAME = "name";
    static final String PARAM_PERMS_NONE = "none";
    static final String UID_PARAM_NAME = "user";
    static final String GID_PARAM_NAME = "group";
    static final String OUTPUT_PARAM_NAME = "output";
    static final String OBJECT_TYPE_PARAM_NAME = "type";
    UnixUserGroupHelper userInfo;
    private static final Logger LOG = Logger.getLogger(AclCommands.class);
    static PermissionsManager procPermsManager = PermissionsManager.getInstance();
    static final Map<String, BaseInputParameter> params = new ImmutableMap.Builder().put("type", new TextInputParameter("type", "object type [cluster|volume|securitypolicy]", true, (String) null)).put("name", new TextInputParameter("name", "name", false, (String) null)).put("cluster", new TextInputParameter("cluster", "cluster name", false, (String) null)).build();
    static final String PERM_PARAM_NAME = "perm";
    static final String SHOW_ADMIN_PARAM_NAME = "showadmin";
    static final CLICommand showAclCommand = new CLICommand("show", "display ACL for an object", AclCommands.class, CLICommand.ExecutionTypeEnum.NATIVE, new ImmutableMap.Builder().putAll(params).put("user", new TextInputParameter("user", "userName whose ACL is queried", false, (String) null)).put("group", new TextInputParameter("group", "groupName whose ACL is queried", false, (String) null)).put("output", new TextInputParameter("output", "output format short|long|terse (default short)", false, "short")).put(PERM_PARAM_NAME, new NoValueInputParameter(PERM_PARAM_NAME, "list of available permissions", false, false)).put(SHOW_ADMIN_PARAM_NAME, new BooleanInputParameter(SHOW_ADMIN_PARAM_NAME, "show cluster admin", false, false).setInvisible(true)).build(), (CLICommand[]) null).setShortUsage("show -type cluster|volume|securitypolicy -perm -name <volume name> -user <userName> -group <groupName> -output <format>");
    static final String USER_CLUSTER_OPMASK_PARAM_NAME = "opmask";
    static final CLICommand showUserPermissionsCommand = new CLICommand("userperms", "display ACL for an object", AclCommands.class, CLICommand.ExecutionTypeEnum.NATIVE, new ImmutableMap.Builder().put("type", new TextInputParameter("type", "object type [cluster|volume|securitypolicy]", true, (String) null)).put("name", new TextInputParameter("name", "name", false, (String) null)).put("cluster", new TextInputParameter("cluster", "cluster name", false, (String) null)).put("user", new TextInputParameter("user", "userName whose permissions are queried", true, (String) null)).put(USER_CLUSTER_OPMASK_PARAM_NAME, new TextInputParameter(USER_CLUSTER_OPMASK_PARAM_NAME, "user cluster op mask whose permissions are queried", false, (String) null)).build(), (CLICommand[]) null).setShortUsage("userperms -type cluster|volume|securitypolicy -name <comma seperated volume names> -user <userName>").setUsageInVisible(true);
    static final CLICommand setAclCommand = new CLICommand("set", "set ACL for an object", AclCommands.class, CLICommand.ExecutionTypeEnum.NATIVE, new ImmutableMap.Builder().putAll(params).put("user", new TextInputParameter("user", "space separated list of user:permissions,perimssions,.. to be set", false, (String) null)).put("group", new TextInputParameter("group", "space separated list of group:permissions,permissions,... to be set", false, (String) null)).build(), (CLICommand[]) null).setShortUsage("set -type cluster|volume|securitypolicy -name <volume name> -user {userName:permissions}+ -group {groupName:permissions}+");
    static final CLICommand editAclCommand = new CLICommand("edit", "edit ACL for an object", AclCommands.class, CLICommand.ExecutionTypeEnum.NATIVE, new ImmutableMap.Builder().putAll(params).put("user", new TextInputParameter("user", "space separated list of user:permissions,perimssions,.. to be changed", false, (String) null)).put("group", new TextInputParameter("group", "space separated list of group:permissions,permissions,... to be changed", false, (String) null)).build(), (CLICommand[]) null).setShortUsage("edit -type cluster|volume|securitypolicy -name <volume name> -user {userName:permissions}+ -group {groupName:permissions}+");
    static final CLICommand[] aclSubCommands = {showAclCommand, showUserPermissionsCommand, setAclCommand, editAclCommand};
    static final String usageStr = "acl [show|set|edit] -type [cluster|volume|securitypolicy] -name <volume name>";
    public static final CLICommand aclCommands = new CLICommand("acl", "usage: acl [show|set|edit] -type [cluster|volume|securitypolicy] -name <volume name>", CLIUsageOnlyCommand.class, CLICommand.ExecutionTypeEnum.NATIVE, aclSubCommands).setShortUsage(usageStr);
    static String MULTI_ARG_SEP = ",";
    static String ALLOW_MASK_SEP = ":";

    public AclCommands(ProcessedInput processedInput, CLICommand cLICommand) {
        super(processedInput, cLICommand);
    }

    public static CommandOutput.OutputHierarchy formatAcl(Security.AccessControlList accessControlList, CLDBProto.SecureObjectType secureObjectType, String str, UnixUserGroupHelper unixUserGroupHelper, List<Integer> list, List<Integer> list2) {
        return formatAcl(accessControlList, secureObjectType, str, unixUserGroupHelper, list, list2, -1);
    }

    private static CommandOutput.OutputHierarchy formatAcl(Security.AccessControlList accessControlList, CLDBProto.SecureObjectType secureObjectType, String str, UnixUserGroupHelper unixUserGroupHelper, List<Integer> list, List<Integer> list2, int i) {
        String str2;
        ArrayList arrayList = new ArrayList();
        CommandOutput.OutputHierarchy outputHierarchy = new CommandOutput.OutputHierarchy();
        if (secureObjectType != CLDBProto.SecureObjectType.OBJECT_TYPE_CLUSTER) {
            i = -1;
        }
        for (Security.AclEntry aclEntry : accessControlList.getAclList()) {
            CommandOutput.OutputHierarchy.OutputNode outputNode = new CommandOutput.OutputHierarchy.OutputNode();
            boolean z = false;
            int princId = aclEntry.getPrincipal().getPrincId();
            if (ACL.allUsers(princId)) {
                str2 = "All users";
            } else if (ACL.isUid(princId)) {
                r21 = i != -1 ? princId == i : false;
                try {
                    str2 = "User " + unixUserGroupHelper.getUsername(princId);
                } catch (SecurityException e) {
                    str2 = "Uid " + princId;
                    if (list != null) {
                        list.add(Integer.valueOf(princId));
                    }
                }
            } else {
                try {
                    str2 = "Group " + unixUserGroupHelper.getGroupname(ACL.getGid(princId));
                } catch (SecurityException e2) {
                    int gid = ACL.getGid(princId);
                    str2 = "Gid " + gid;
                    if (list2 != null) {
                        list2.add(Integer.valueOf(gid));
                    }
                }
            }
            if (str.equalsIgnoreCase(AlarmCommands.ALARM_TERSE_NAME_PARAM_NAME)) {
                if (ACL.allUsers(princId)) {
                    str2 = "User allusers";
                }
                if (aclEntry.hasAllow()) {
                    z = true;
                    outputNode.addNode(new CommandOutput.OutputHierarchy.OutputNode(str2, SecurityCommandHelper.formatActionMask(aclEntry.getAllow(), secureObjectType, true)));
                }
            } else {
                boolean equalsIgnoreCase = str.equalsIgnoreCase("short");
                int allow = aclEntry.hasAllow() ? aclEntry.getAllow() : 0;
                int deny = aclEntry.hasDeny() ? aclEntry.getDeny() : 0;
                if (allow != 0 || deny != 0) {
                    z = true;
                    outputNode.addNode(new CommandOutput.OutputHierarchy.OutputNode("Principal", str2));
                }
                if (allow != 0) {
                    z = true;
                    outputNode.addNode(new CommandOutput.OutputHierarchy.OutputNode("Allowed actions", SecurityCommandHelper.formatActionMask(allow, secureObjectType, equalsIgnoreCase)));
                }
                if (deny != 0) {
                    z = true;
                    outputNode.addNode(new CommandOutput.OutputHierarchy.OutputNode("Denied actions", SecurityCommandHelper.formatActionMask(deny, secureObjectType, equalsIgnoreCase)));
                }
            }
            if (z) {
                if (r21) {
                    outputNode.addNode(new CommandOutput.OutputHierarchy.OutputNode("ClusterAdmin", true));
                }
                arrayList.add(outputNode);
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            outputHierarchy.addNode((CommandOutput.OutputHierarchy.OutputNode) it.next());
        }
        return outputHierarchy;
    }

    private CommandOutput.OutputHierarchy formatResponse(CLDBProto.PermissionsQueryResponse permissionsQueryResponse, CommandOutput.OutputHierarchy outputHierarchy) {
        List<CLDBProto.PermRespEntity> permEntityList = permissionsQueryResponse.getPermEntityList();
        CLDBProto.ClusterConfiguration config = permissionsQueryResponse.getConfig();
        CommandOutput.OutputHierarchy.OutputNode outputNode = new CommandOutput.OutputHierarchy.OutputNode();
        outputHierarchy.addNode(outputNode);
        CommandOutput.OutputHierarchy.OutputNode outputNode2 = new CommandOutput.OutputHierarchy.OutputNode("ClusterProperties");
        CommandOutput.OutputHierarchy.OutputNode outputNode3 = new CommandOutput.OutputHierarchy.OutputNode("Licenses");
        formatLicenseInfo(permissionsQueryResponse.getLicense(), outputNode3);
        outputNode2.addNode(outputNode3);
        outputNode.addNode(outputNode2);
        CommandOutput.OutputHierarchy.OutputNode outputNode4 = new CommandOutput.OutputHierarchy.OutputNode("UserProperties");
        for (CLDBProto.UserInfo userInfo : permissionsQueryResponse.getUserInfoList()) {
            CommandOutput.OutputHierarchy.OutputNode outputNode5 = new CommandOutput.OutputHierarchy.OutputNode(userInfo.getName());
            formatUserInfo(userInfo, permEntityList, config, outputNode5);
            outputNode4.addNode(outputNode5);
        }
        outputNode.addNode(outputNode4);
        return outputHierarchy;
    }

    private CommandOutput.OutputHierarchy.OutputNode formatLicenseInfo(CLDBProto.LicensesAvailable licensesAvailable, CommandOutput.OutputHierarchy.OutputNode outputNode) {
        outputNode.addNode(new CommandOutput.OutputHierarchy.OutputNode("CreateMirror", Boolean.valueOf(licensesAvailable.getCreateMirror())));
        outputNode.addNode(new CommandOutput.OutputHierarchy.OutputNode("DataPlacement", Boolean.valueOf(licensesAvailable.getDataPlacement())));
        return outputNode;
    }

    private CommandOutput.OutputHierarchy.OutputNode formatUserInfo(CLDBProto.UserInfo userInfo, List<CLDBProto.PermRespEntity> list, CLDBProto.ClusterConfiguration clusterConfiguration, CommandOutput.OutputHierarchy.OutputNode outputNode) {
        formatResponseEntities(list, userInfo.getCreds(), clusterConfiguration, outputNode);
        return outputNode;
    }

    private CommandOutput.OutputHierarchy.OutputNode formatResponseEntities(List<CLDBProto.PermRespEntity> list, Security.CredentialsMsg credentialsMsg, CLDBProto.ClusterConfiguration clusterConfiguration, CommandOutput.OutputHierarchy.OutputNode outputNode) {
        CommandOutput.OutputHierarchy.OutputNode outputNode2;
        CommandOutput.OutputHierarchy.OutputNode outputNode3 = new CommandOutput.OutputHierarchy.OutputNode("ClusterPerms");
        formatUserPermissions(outputNode3, credentialsMsg, null);
        outputNode.addNode(outputNode3);
        if (list.size() > 0) {
            if (list.get(0).hasSecPolProp()) {
                outputNode2 = new CommandOutput.OutputHierarchy.OutputNode("SecurityPolicyPerms");
                outputNode.addNode(outputNode2);
            } else {
                outputNode2 = new CommandOutput.OutputHierarchy.OutputNode("VolumePerms");
                outputNode.addNode(outputNode2);
            }
            for (CLDBProto.PermRespEntity permRespEntity : list) {
                if (permRespEntity.getType() != CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY) {
                    CLDBProto.VolumeProperties volProp = permRespEntity.getVolProp();
                    CommandOutput.OutputHierarchy.OutputNode outputNode4 = new CommandOutput.OutputHierarchy.OutputNode(volProp.getVolumeName());
                    outputNode2.addNode(outputNode4);
                    formatUserPermissions(outputNode4, credentialsMsg, volProp);
                } else if (permRespEntity.hasSecPolProp()) {
                    Common.SecurityPolicyProperties secPolProp = permRespEntity.getSecPolProp();
                    CommandOutput.OutputHierarchy.OutputNode outputNode5 = new CommandOutput.OutputHierarchy.OutputNode(secPolProp.getPolicyName());
                    outputNode2.addNode(outputNode5);
                    formatSecurityPolicyUserPermissions(outputNode5, credentialsMsg, secPolProp, clusterConfiguration);
                }
            }
        }
        return outputNode;
    }

    private CommandOutput.OutputHierarchy.OutputNode formatSecurityPolicyUserPermissions(CommandOutput.OutputHierarchy.OutputNode outputNode, Security.CredentialsMsg credentialsMsg, Common.SecurityPolicyProperties securityPolicyProperties, CLDBProto.ClusterConfiguration clusterConfiguration) {
        Iterator it = PolicyServerPermissionsManager.getInstance(clusterConfiguration.getProps().getAcl(), clusterConfiguration.getProps().getAces(), clusterConfiguration.getProps().getClusterIamAces(), clusterConfiguration.getClusterOwnerUid(), clusterConfiguration.getRejectRoot(), clusterConfiguration.getSquashRoot()).getUserPermissions(credentialsMsg, securityPolicyProperties).iterator();
        while (it.hasNext()) {
            outputNode.addNode(formatPoilicyActionPermission((PolicyServerPermissionsManager.PoilicyActionPermission) it.next()));
        }
        return outputNode;
    }

    private CommandOutput.OutputHierarchy.OutputNode formatUserPermissions(CommandOutput.OutputHierarchy.OutputNode outputNode, Security.CredentialsMsg credentialsMsg, CLDBProto.VolumeProperties volumeProperties) {
        Iterator it = procPermsManager.getUserPermissions(credentialsMsg, volumeProperties).iterator();
        while (it.hasNext()) {
            outputNode.addNode(formatActionPermission((PermissionsManager.ActionPermission) it.next()));
        }
        return outputNode;
    }

    private CommandOutput.OutputHierarchy.OutputNode formatPoilicyActionPermission(PolicyServerPermissionsManager.PoilicyActionPermission poilicyActionPermission) {
        return new CommandOutput.OutputHierarchy.OutputNode(poilicyActionPermission.action, poilicyActionPermission.allow ? "1" : "0");
    }

    private CommandOutput.OutputHierarchy.OutputNode formatActionPermission(PermissionsManager.ActionPermission actionPermission) {
        return new CommandOutput.OutputHierarchy.OutputNode(actionPermission.action, actionPermission.allow ? "1" : "0");
    }

    String getHostName() {
        String hostname = MapRCliUtil.getHostname();
        if (hostname != null) {
            return hostname;
        }
        try {
            hostname = InetAddress.getLocalHost().getHostName();
        } catch (Exception e) {
        }
        if (hostname == null) {
            try {
                hostname = InetAddress.getLocalHost().getHostAddress();
            } catch (Exception e2) {
            }
        }
        return hostname;
    }

    String formatList(List<Integer> list) {
        if (list.size() == 0) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        boolean z = false;
        Iterator<Integer> it = list.iterator();
        while (it.hasNext()) {
            int intValue = it.next().intValue();
            if (z) {
                stringBuffer.append(", ");
                stringBuffer.append(intValue);
            } else {
                stringBuffer.append(intValue);
                z = true;
            }
        }
        return stringBuffer.toString();
    }

    public byte[] sendRpcToPolicyServer(int i, MessageLite messageLite, Class<? extends MessageLite> cls) throws Exception {
        return isParamPresent("cluster") ? PolicyServerRpcCommonUtils.getInstance().sendRequestToPolicyServer(getParamTextValue("cluster", 0), i, messageLite, cls) : PolicyServerRpcCommonUtils.getInstance().sendRequestToPolicyServer(i, messageLite, cls);
    }

    CommandOutput showAcl() throws CLIProcessingException {
        CLDBProto.SecureObjectType secureObjectType;
        CommandOutput commandOutput = new CommandOutput();
        CommandOutput.OutputHierarchy outputHierarchy = new CommandOutput.OutputHierarchy();
        String paramTextValue = getParamTextValue("type", 0);
        if (paramTextValue.equalsIgnoreCase("cluster")) {
            secureObjectType = CLDBProto.SecureObjectType.OBJECT_TYPE_CLUSTER;
        } else if (paramTextValue.equalsIgnoreCase("volume")) {
            secureObjectType = CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME;
        } else {
            if (!paramTextValue.equalsIgnoreCase("securitypolicy")) {
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl show failed with invalid object type " + paramTextValue + ". Valid object types are cluster|volume|securitypolicy.").setField("type"));
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            secureObjectType = CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY;
        }
        if (isParamPresent(PERM_PARAM_NAME)) {
            commandOutput.setNodeOrder(new String[]{"Permissions", "Description"});
            ArrayList arrayList = new ArrayList();
            if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_CLUSTER) {
                for (int i = 0; i < SecurityCommandHelper.clusterActionsDescription.length - 1; i += 2) {
                    CommandOutput.OutputHierarchy.OutputNode outputNode = new CommandOutput.OutputHierarchy.OutputNode();
                    if (SecurityCommandHelper.clusterActionsDescription[i] != null && SecurityCommandHelper.clusterActionsDescription[i + 1] != null) {
                        outputNode.addNode(new CommandOutput.OutputHierarchy.OutputNode("Permissions", SecurityCommandHelper.clusterActionsDescription[i]));
                        outputNode.addNode(new CommandOutput.OutputHierarchy.OutputNode("Description", SecurityCommandHelper.clusterActionsDescription[i + 1]));
                        arrayList.add(outputNode);
                    }
                }
            } else if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME) {
                for (int i2 = 0; i2 < SecurityCommandHelper.volumeActionsDescription.length - 1; i2 += 2) {
                    CommandOutput.OutputHierarchy.OutputNode outputNode2 = new CommandOutput.OutputHierarchy.OutputNode();
                    if (SecurityCommandHelper.volumeActionsDescription[i2] != null && SecurityCommandHelper.volumeActionsDescription[i2 + 1] != null) {
                        outputNode2.addNode(new CommandOutput.OutputHierarchy.OutputNode("Permissions", SecurityCommandHelper.volumeActionsDescription[i2]));
                        outputNode2.addNode(new CommandOutput.OutputHierarchy.OutputNode("Description", SecurityCommandHelper.volumeActionsDescription[i2 + 1]));
                        arrayList.add(outputNode2);
                    }
                }
            } else if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY) {
                for (int i3 = 0; i3 < SecurityCommandHelper.securityPolicyActionsDescription.length - 1; i3 += 2) {
                    CommandOutput.OutputHierarchy.OutputNode outputNode3 = new CommandOutput.OutputHierarchy.OutputNode();
                    if (SecurityCommandHelper.securityPolicyActionsDescription[i3] != null && SecurityCommandHelper.securityPolicyActionsDescription[i3 + 1] != null) {
                        outputNode3.addNode(new CommandOutput.OutputHierarchy.OutputNode("Permissions", SecurityCommandHelper.securityPolicyActionsDescription[i3]));
                        outputNode3.addNode(new CommandOutput.OutputHierarchy.OutputNode("Description", SecurityCommandHelper.securityPolicyActionsDescription[i3 + 1]));
                        arrayList.add(outputNode3);
                    }
                }
            }
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                outputHierarchy.addNode((CommandOutput.OutputHierarchy.OutputNode) it.next());
            }
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        }
        String paramTextValue2 = isParamPresent("name") ? getParamTextValue("name", 0) : null;
        if (paramTextValue2 == null && secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl show requires the name of the volume").setField("name"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        }
        if (paramTextValue2 == null && secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl show requires the name of the security policy").setField("name"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        }
        if (paramTextValue2 != null && secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_CLUSTER) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl show for a cluster does not require a name").setField("name"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        }
        boolean z = false;
        int i4 = 0;
        if (isParamPresent("user")) {
            z = true;
            String paramTextValue3 = getParamTextValue("user", 0);
            if (paramTextValue3.equalsIgnoreCase("allUsers")) {
                i4 = -1;
            } else {
                try {
                    i4 = this.userInfo.getUserId(paramTextValue3);
                } catch (SecurityException e) {
                    outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(135, Errno.toString(135) + ":" + paramTextValue3).setField("name"));
                    commandOutput.setOutput(outputHierarchy);
                    return commandOutput;
                }
            }
        }
        boolean z2 = false;
        if (isParamPresent("group")) {
            z2 = true;
            String paramTextValue4 = getParamTextValue("group", 0);
            try {
                i4 = Integer.MIN_VALUE | this.userInfo.getGroupId(paramTextValue4);
            } catch (SecurityException e2) {
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(135, Errno.toString(135) + ":" + paramTextValue4).setField("name"));
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
        }
        if (z && z2) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl show does not accept both userName and groupName simultaneously").setField("user"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        }
        String paramTextValue5 = isParamPresent("output") ? getParamTextValue("output", 0) : "short";
        if (!paramTextValue5.equalsIgnoreCase("short") && !paramTextValue5.equalsIgnoreCase("long") && !paramTextValue5.equalsIgnoreCase(AlarmCommands.ALARM_TERSE_NAME_PARAM_NAME)) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Invalid output format " + paramTextValue5 + " expecting short|long|terse").setField("output"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        }
        boolean paramBooleanValue = getParamBooleanValue(SHOW_ADMIN_PARAM_NAME, 0);
        int i5 = -1;
        try {
            CLDBProto.SecurityGetAclRequest.Builder newBuilder = CLDBProto.SecurityGetAclRequest.newBuilder();
            Security.CredentialsMsg userCredentials = getUserCredentials();
            newBuilder.setObjectType(secureObjectType);
            if (paramTextValue2 != null) {
                newBuilder.setName(paramTextValue2);
            }
            if (z || z2) {
                Security.SecurityPrincipal.Builder newBuilder2 = Security.SecurityPrincipal.newBuilder();
                newBuilder2.setPrincId(i4);
                newBuilder.setPrincipal(newBuilder2.build());
            }
            newBuilder.setCreds(userCredentials);
            byte[] sendRequest = secureObjectType != CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY ? isParamPresent("cluster") ? CLDBRpcCommonUtils.getInstance().sendRequest(getParamTextValue("cluster", 0), Common.MapRProgramId.CldbProgramId.getNumber(), CLDBProto.CLDBProg.SecurityGetAclProc.getNumber(), newBuilder.build(), CLDBProto.SecurityGetAclResponse.class) : CLDBRpcCommonUtils.getInstance().sendRequest(Common.MapRProgramId.CldbProgramId.getNumber(), CLDBProto.CLDBProg.SecurityGetAclProc.getNumber(), newBuilder.build(), CLDBProto.SecurityGetAclResponse.class) : sendRpcToPolicyServer(PolicyServerProto.SecurityPolicyProc.SecurityPolicyGetAclProc.getNumber(), newBuilder.build(), CLDBProto.SecurityGetAclResponse.class);
            if (sendRequest == null) {
                if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY) {
                    outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10009, "Couldn't connect to the policy server"));
                } else {
                    outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10009, "Couldn't connect to the CLDB service"));
                }
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            CLDBProto.SecurityGetAclResponse parseFrom = CLDBProto.SecurityGetAclResponse.parseFrom(sendRequest);
            if (parseFrom.getStatus() != 0) {
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "ACL lookup Failure: " + parseFrom.getErrorString()).setField("name"));
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            Security.AccessControlList acl = parseFrom.getAcl();
            if (paramBooleanValue && parseFrom.hasClusterAdmin()) {
                i5 = parseFrom.getClusterAdmin();
            }
            ArrayList arrayList2 = new ArrayList();
            ArrayList arrayList3 = new ArrayList();
            CommandOutput.OutputHierarchy formatAcl = formatAcl(acl, secureObjectType, paramTextValue5, this.userInfo, arrayList2, arrayList3, i5);
            for (CommandOutput.OutputHierarchy.OutputError outputError : formatAcl.getOutputErrors()) {
                LOG.info("Error in output:" + outputError.toString());
                outputHierarchy.addError(outputError);
            }
            for (CommandOutput.OutputHierarchy.OutputNode outputNode4 : formatAcl.getOutputNodes()) {
                LOG.info("Output Node:" + outputNode4.toJSONString());
                outputHierarchy.addNode(outputNode4);
            }
            if (arrayList3.size() > 0 || arrayList2.size() > 0) {
                String str = arrayList2.size() > 0 ? "uid(s) (" + formatList(arrayList2) + ")" : "";
                String str2 = arrayList3.size() > 0 ? (arrayList2.size() > 0 ? " and " : "") + "gid(s) (" + formatList(arrayList3) + ")" : "";
                String hostName = getHostName();
                if (hostName == null) {
                    hostName = LogLevelChangesCommand.DEFAULT_HOST_NAME;
                }
                outputHierarchy.addMessage("Warning: The " + str + str2 + " used on the cluster do not have an appropriate account on " + hostName + ". This indicates a possible mis-configuration on " + hostName + ". Please check with your cluster administrator");
            }
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        } catch (MaprSecurityException e3) {
            throw new CLIProcessingException("MaprSecurityException Exception", e3);
        } catch (Exception e4) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Error while trying to get ACL"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        } catch (InvalidProtocolBufferException e5) {
            throw new CLIProcessingException("InvalidProtocolBufferException Exception", e5);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v162, types: [java.util.List] */
    CommandOutput getPermissions() throws CLIProcessingException {
        CLDBProto.SecureObjectType secureObjectType;
        CommandOutput commandOutput = new CommandOutput();
        CommandOutput.OutputHierarchy outputHierarchy = new CommandOutput.OutputHierarchy();
        String paramTextValue = getParamTextValue("type", 0);
        if (paramTextValue.equalsIgnoreCase("cluster")) {
            secureObjectType = CLDBProto.SecureObjectType.OBJECT_TYPE_CLUSTER;
        } else if (paramTextValue.equalsIgnoreCase("volume")) {
            secureObjectType = CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME;
        } else {
            if (!paramTextValue.equalsIgnoreCase("securitypolicy")) {
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "User permission query failed with invalid object type " + paramTextValue + ". Valid object types are cluster|volume|securitypolicy.").setField("type"));
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            secureObjectType = CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY;
        }
        String str = null;
        String str2 = null;
        if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME) {
            if (isParamPresent("name")) {
                str = getParamTextValue("name", 0);
            }
        } else if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY && isParamPresent("name")) {
            str2 = getParamTextValue("name", 0);
        }
        if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME) {
            if (str == null) {
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "User permission for volume requires volume name(s).").setField("name"));
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
        } else if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY) {
            if (str2 == null) {
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "User permission for security policy requires security policy name(s).").setField("name"));
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
        } else if (isParamPresent("name")) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "User permission for a cluster does not require a name").setField("name"));
            commandOutput.setOutput(outputHierarchy);
        }
        String paramTextValue2 = getParamTextValue("user", 0);
        ArrayList arrayList = new ArrayList();
        if (paramTextValue2.contains(MULTI_ARG_SEP)) {
            arrayList = Arrays.asList(paramTextValue2.split(MULTI_ARG_SEP));
        } else {
            arrayList.add(paramTextValue2);
        }
        ArrayList arrayList2 = new ArrayList();
        if (isParamPresent(USER_CLUSTER_OPMASK_PARAM_NAME)) {
            String paramTextValue3 = getParamTextValue(USER_CLUSTER_OPMASK_PARAM_NAME, 0);
            if (paramTextValue3.contains(MULTI_ARG_SEP)) {
                for (String str3 : paramTextValue3.split(MULTI_ARG_SEP)) {
                    arrayList2.add(Long.valueOf(Long.parseLong(str3)));
                }
            } else {
                arrayList2.add(Long.valueOf(Long.parseLong(paramTextValue3)));
            }
            if (arrayList2.size() > 0 && arrayList2.size() != arrayList.size()) {
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "User list and op masks size should be same"));
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
        }
        try {
            CLDBProto.PermissionsQueryRequest.Builder addAllClusterOpMasks = CLDBProto.PermissionsQueryRequest.newBuilder().setCreds(getUserCredentials()).addAllUserNames(arrayList).addAllClusterOpMasks(arrayList2);
            if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME) {
                ArrayList arrayList3 = new ArrayList();
                if (str.contains(MULTI_ARG_SEP)) {
                    arrayList3.addAll(Arrays.asList(str.split(MULTI_ARG_SEP)));
                } else {
                    arrayList3.add(str);
                }
                Iterator it = arrayList3.iterator();
                while (it.hasNext()) {
                    addAllClusterOpMasks.addEntities(CLDBProto.PermEntity.newBuilder().setType(secureObjectType).setName((String) it.next()).build());
                }
            } else if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY) {
                ArrayList arrayList4 = new ArrayList();
                if (str2.contains(MULTI_ARG_SEP)) {
                    arrayList4.addAll(Arrays.asList(str2.split(MULTI_ARG_SEP)));
                } else {
                    arrayList4.add(str2);
                }
                Iterator it2 = arrayList4.iterator();
                while (it2.hasNext()) {
                    addAllClusterOpMasks.addEntities(CLDBProto.PermEntity.newBuilder().setType(secureObjectType).setName((String) it2.next()).build());
                }
            } else {
                addAllClusterOpMasks.addEntities(CLDBProto.PermEntity.newBuilder().setType(secureObjectType).build());
            }
            byte[] sendRequest = isParamPresent("cluster") ? CLDBRpcCommonUtils.getInstance().sendRequest(getParamTextValue("cluster", 0), Common.MapRProgramId.CldbProgramId.getNumber(), CLDBProto.CLDBProg.UserPermissionsQueryProc.getNumber(), addAllClusterOpMasks.build(), CLDBProto.PermissionsQueryResponse.class) : CLDBRpcCommonUtils.getInstance().sendRequest(Common.MapRProgramId.CldbProgramId.getNumber(), CLDBProto.CLDBProg.UserPermissionsQueryProc.getNumber(), addAllClusterOpMasks.build(), CLDBProto.PermissionsQueryResponse.class);
            if (sendRequest == null) {
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10009, "Couldn't connect to the CLDB service"));
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            CLDBProto.PermissionsQueryResponse parseFrom = CLDBProto.PermissionsQueryResponse.parseFrom(sendRequest);
            if (parseFrom.getStatus() != 0) {
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "User permission lookup Failure: " + parseFrom.getErrorString()).setField("name"));
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            CLDBProto.ClusterConfiguration config = parseFrom.getConfig();
            procPermsManager.initializeInstance((Cluster) null, config.getClusterOwnerUid(), config.getRejectRoot(), config.getSquashRoot(), config.getProps());
            if (config.getClusterAceSupported()) {
                procPermsManager.setClusterAccessController(new ClusterAceProcessor((Cluster) null));
            }
            if (config.getVolumeAceSupported()) {
                procPermsManager.setVolumeAccessController(new VolumeAceProcessor());
            }
            formatResponse(parseFrom, outputHierarchy);
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        } catch (InvalidProtocolBufferException e) {
            throw new CLIProcessingException("InvalidProtocolBufferException Exception", e);
        } catch (MaprSecurityException e2) {
            throw new CLIProcessingException("MaprSecurityException Exception", e2);
        } catch (Exception e3) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Error while trying to get volume/security policy properties"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        }
    }

    static List<Security.AclEntry> getAclElements(String str, UnixUserGroupHelper unixUserGroupHelper, boolean z) {
        ArrayList<String> arrayList = new ArrayList();
        if (str.contains(MULTI_ARG_SEP)) {
            arrayList.addAll(Arrays.asList(str.split(MULTI_ARG_SEP)));
        } else {
            arrayList.add(str);
        }
        ArrayList arrayList2 = new ArrayList();
        for (String str2 : arrayList) {
            if (!str2.contains(ALLOW_MASK_SEP)) {
                return null;
            }
            ArrayList arrayList3 = new ArrayList();
            arrayList3.addAll(Arrays.asList(str2.split(ALLOW_MASK_SEP)));
            if (arrayList3.size() > 2) {
                return null;
            }
            String str3 = (String) arrayList3.get(0);
            int userId = str3.equalsIgnoreCase("allUsers") ? -1 : z ? unixUserGroupHelper.getUserId(str3) : Integer.MIN_VALUE | unixUserGroupHelper.getGroupId(str3);
            Security.AclEntry.Builder allow = Security.AclEntry.newBuilder().setDeny(0).setAllow(Integer.decode((String) arrayList3.get(1)).intValue());
            allow.setPrincipal(Security.SecurityPrincipal.newBuilder().setPrincId(userId));
            arrayList2.add(allow.build());
        }
        return arrayList2;
    }

    private static int convertToId(String str, UnixUserGroupHelper unixUserGroupHelper, boolean z) {
        return str.equalsIgnoreCase("allUsers") ? -1 : z ? unixUserGroupHelper.getUserId(str) : Integer.MIN_VALUE | unixUserGroupHelper.getGroupId(str);
    }

    public static List<Security.AclEntry> actionsToAcls(List<String> list, UnixUserGroupHelper unixUserGroupHelper, CLDBProto.SecureObjectType secureObjectType, boolean z, CommandOutput.OutputHierarchy outputHierarchy) {
        int parseInt;
        int i;
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            Collections.addAll(arrayList2, it.next().split(" "));
        }
        Iterator it2 = arrayList2.iterator();
        while (it2.hasNext()) {
            List asList = Arrays.asList(((String) it2.next()).split(ALLOW_MASK_SEP));
            String str = (String) asList.get(0);
            try {
                parseInt = convertToId(str, unixUserGroupHelper, z);
            } catch (SecurityException e) {
                try {
                    parseInt = Integer.parseInt(str);
                    if (!z) {
                        parseInt = Integer.MIN_VALUE | parseInt;
                    }
                } catch (NumberFormatException e2) {
                    outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(135, "Error for user " + str + ":" + Errno.toString(135)).setField("name"));
                    return null;
                }
            }
            if (asList.size() == 1 || PARAM_PERMS_NONE.equalsIgnoreCase((String) asList.get(1))) {
                i = 0;
            } else {
                try {
                    i = SecurityCommandHelper.convertActionsToMask((String) asList.get(1), MULTI_ARG_SEP, secureObjectType);
                } catch (Exception e3) {
                    LOG.error(e3.getMessage());
                    if (((String) asList.get(1)).indexOf(PARAM_PERMS_NONE) < 0) {
                        outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(22, "Error for user " + str + ":" + e3.getMessage()).setField("name"));
                        return null;
                    }
                    String str2 = "Error for user " + str + ": Invalid to use none with permissions ";
                    LOG.error(str2);
                    outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(22, str2 + Errno.toString(22)).setField((String) asList.get(1)));
                    return null;
                }
            }
            Security.AclEntry.Builder allow = Security.AclEntry.newBuilder().setAllow(i);
            allow.setPrincipal(Security.SecurityPrincipal.newBuilder().setPrincId(parseInt));
            arrayList.add(allow.build());
        }
        return arrayList;
    }

    CommandOutput setAcl() throws CLIProcessingException {
        CLDBProto.SecureObjectType secureObjectType;
        Object obj;
        Object obj2;
        CommandOutput commandOutput = new CommandOutput();
        CommandOutput.OutputHierarchy outputHierarchy = new CommandOutput.OutputHierarchy();
        CLDBProto.SecurityModifyAclRequest.Builder newBuilder = CLDBProto.SecurityModifyAclRequest.newBuilder();
        String paramTextValue = getParamTextValue("type", 0);
        if (paramTextValue.equalsIgnoreCase("cluster")) {
            secureObjectType = CLDBProto.SecureObjectType.OBJECT_TYPE_CLUSTER;
        } else if (paramTextValue.equalsIgnoreCase("volume")) {
            secureObjectType = CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME;
        } else {
            if (!paramTextValue.equalsIgnoreCase("securitypolicy")) {
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl set failed with invalid object type " + paramTextValue + ". Valid object types are cluster|volume|securitypolicy.").setField("type"));
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            secureObjectType = CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY;
        }
        Security.AccessControlList.Builder newBuilder2 = Security.AccessControlList.newBuilder();
        if (isParamPresent("user")) {
            List<Security.AclEntry> actionsToAcls = actionsToAcls(this.input.getParameterByName("user").getParamValues(), this.userInfo, secureObjectType, true, outputHierarchy);
            if (actionsToAcls == null) {
                if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_CLUSTER) {
                    obj2 = "[login, ss, cv, cp, a, fc, cip, aip, cir, air]";
                } else if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME) {
                    obj2 = "[dump, restore, m, d, a, fc]";
                } else {
                    if (secureObjectType != CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY) {
                        outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl set failed - invalid object type: must be cluster, volume or securitypolicy").setField("user"));
                        commandOutput.setOutput(outputHierarchy);
                        return commandOutput;
                    }
                    obj2 = "[r, a, fc]";
                }
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl set failed - invalid list of user permissions, valid permissions are: " + obj2).setField("user"));
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            newBuilder2.addAllAcl(actionsToAcls);
        }
        if (isParamPresent("group")) {
            List<Security.AclEntry> actionsToAcls2 = actionsToAcls(this.input.getParameterByName("group").getParamValues(), this.userInfo, secureObjectType, false, outputHierarchy);
            if (actionsToAcls2 == null) {
                if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_CLUSTER) {
                    obj = "[login, ss, cv, cp, a, fc, cip, aip, cir, air]";
                } else if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME) {
                    obj = "[dump, restore, m, d, a, fc]";
                } else {
                    if (secureObjectType != CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY) {
                        outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl set failed - invalid object type: must be cluster, volume or securitypolicy").setField("user"));
                        commandOutput.setOutput(outputHierarchy);
                        return commandOutput;
                    }
                    obj = "[r, a, fc]";
                }
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl set failed - invalid list of group permissions, valid permissions are: " + obj).setField("group"));
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            newBuilder2.addAllAcl(actionsToAcls2);
        }
        String str = null;
        if (isParamPresent("name")) {
            str = getParamTextValue("name", 0);
        }
        if (str == null && secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl set failed - volume name missing").setField("name"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        }
        if (str == null && secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl set failed - security policy name missing").setField("name"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        }
        if (str != null && secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_CLUSTER) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl set for a cluster does not require a name").setField("name"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        }
        try {
            Security.CredentialsMsg userCredentials = getUserCredentials();
            newBuilder.setObjectType(secureObjectType);
            if (str != null) {
                newBuilder.setName(str);
            }
            newBuilder.setAcl(newBuilder2);
            newBuilder.setCreds(userCredentials);
            byte[] sendRequest = secureObjectType != CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY ? isParamPresent("cluster") ? CLDBRpcCommonUtils.getInstance().sendRequest(getParamTextValue("cluster", 0), Common.MapRProgramId.CldbProgramId.getNumber(), CLDBProto.CLDBProg.SecurityModifyAclProc.getNumber(), newBuilder.build(), CLDBProto.SecurityModifyAclResponse.class) : CLDBRpcCommonUtils.getInstance().sendRequest(Common.MapRProgramId.CldbProgramId.getNumber(), CLDBProto.CLDBProg.SecurityModifyAclProc.getNumber(), newBuilder.build(), CLDBProto.SecurityModifyAclResponse.class) : sendRpcToPolicyServer(PolicyServerProto.SecurityPolicyProc.SecurityPolicyUpdateAclProc.getNumber(), newBuilder.build(), CLDBProto.SecurityModifyAclResponse.class);
            if (sendRequest == null) {
                if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY) {
                    outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10009, "Couldn't connect to the policy server"));
                } else {
                    outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10009, "Couldn't connect to the CLDB service"));
                }
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            CLDBProto.SecurityModifyAclResponse parseFrom = CLDBProto.SecurityModifyAclResponse.parseFrom(sendRequest);
            if (parseFrom.getStatus() == 0) {
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "ACL modification failed for " + paramTextValue + " failed with error message: " + parseFrom.getErrorString()).setField("name"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        } catch (Exception e) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Error while trying to modify ACL"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        } catch (InvalidProtocolBufferException e2) {
            throw new CLIProcessingException("InvalidProtocolBufferException Exception", e2);
        } catch (MaprSecurityException e3) {
            throw new CLIProcessingException("MaprSecurityException Exception", e3);
        }
    }

    CommandOutput editAcl() throws CLIProcessingException {
        CLDBProto.SecureObjectType secureObjectType;
        Object obj;
        Object obj2;
        CommandOutput commandOutput = new CommandOutput();
        CommandOutput.OutputHierarchy outputHierarchy = new CommandOutput.OutputHierarchy();
        CLDBProto.SecurityModifyAclRequest.Builder newBuilder = CLDBProto.SecurityModifyAclRequest.newBuilder();
        String paramTextValue = getParamTextValue("type", 0);
        if (paramTextValue.equalsIgnoreCase("cluster")) {
            secureObjectType = CLDBProto.SecureObjectType.OBJECT_TYPE_CLUSTER;
        } else if (paramTextValue.equalsIgnoreCase("volume")) {
            secureObjectType = CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME;
        } else {
            if (!paramTextValue.equalsIgnoreCase("securitypolicy")) {
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl edit failed with invalid object type " + paramTextValue + ". Valid object types are cluster|volume|securitypolicy.").setField("type"));
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            secureObjectType = CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY;
        }
        Security.AccessControlList.Builder newBuilder2 = Security.AccessControlList.newBuilder();
        boolean z = false;
        if (isParamPresent("user")) {
            z = true;
            List<Security.AclEntry> actionsToAcls = actionsToAcls(this.input.getParameterByName("user").getParamValues(), this.userInfo, secureObjectType, true, outputHierarchy);
            if (actionsToAcls == null) {
                if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_CLUSTER) {
                    obj2 = "[login, ss, cv, cp, a, fc, cip, aip, cir, air]";
                } else if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME) {
                    obj2 = "[dump, restore, m, d, a, fc]";
                } else {
                    if (secureObjectType != CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY) {
                        outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl edit failed - invalid object type: must be cluster, volume or securitypolicy").setField("user"));
                        commandOutput.setOutput(outputHierarchy);
                        return commandOutput;
                    }
                    obj2 = "[r, a, fc]";
                }
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl edit failed - invalid list of user permissions, valid permissions are: " + obj2).setField("user"));
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            newBuilder2.addAllAcl(actionsToAcls);
        }
        if (isParamPresent("group")) {
            z = true;
            List<Security.AclEntry> actionsToAcls2 = actionsToAcls(this.input.getParameterByName("group").getParamValues(), this.userInfo, secureObjectType, false, outputHierarchy);
            if (actionsToAcls2 == null) {
                if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_CLUSTER) {
                    obj = "[login, ss, cv, cp, a, fc, cip, aip, cir, air]";
                } else if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME) {
                    obj = "[dump, restore, m, d, a, fc]";
                } else {
                    if (secureObjectType != CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY) {
                        outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl edit failed - invalid object type: must be cluster, volume or securitypolicy").setField("user"));
                        commandOutput.setOutput(outputHierarchy);
                        return commandOutput;
                    }
                    obj = "[r, a, fc]";
                }
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl edit failed - invalid list of group permissions, valid permissions are: " + obj).setField("group"));
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            newBuilder2.addAllAcl(actionsToAcls2);
        }
        if (!z) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl edit failed - no user/group specified, use -user/-group option to specify the acls to be changed "));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        }
        String str = null;
        if (isParamPresent("name")) {
            str = getParamTextValue("name", 0);
        }
        if (str == null && secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_VOLUME) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl edit failed - volume name missing").setField("name"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        }
        if (str == null && secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl edit failed - securitypolicy name missing").setField("name"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        }
        if (str != null && secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_CLUSTER) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Acl edit for a cluster does not require a name").setField("name"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        }
        try {
            Security.CredentialsMsg userCredentials = getUserCredentials();
            newBuilder.setObjectType(secureObjectType);
            if (str != null) {
                newBuilder.setName(str);
            }
            newBuilder.setAcl(newBuilder2);
            newBuilder.setCreds(userCredentials);
            newBuilder.setEditFlag(true);
            byte[] sendRequest = secureObjectType != CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY ? isParamPresent("cluster") ? CLDBRpcCommonUtils.getInstance().sendRequest(getParamTextValue("cluster", 0), Common.MapRProgramId.CldbProgramId.getNumber(), CLDBProto.CLDBProg.SecurityModifyAclProc.getNumber(), newBuilder.build(), CLDBProto.SecurityModifyAclResponse.class) : CLDBRpcCommonUtils.getInstance().sendRequest(Common.MapRProgramId.CldbProgramId.getNumber(), CLDBProto.CLDBProg.SecurityModifyAclProc.getNumber(), newBuilder.build(), CLDBProto.SecurityModifyAclResponse.class) : sendRpcToPolicyServer(PolicyServerProto.SecurityPolicyProc.SecurityPolicyUpdateAclProc.getNumber(), newBuilder.build(), CLDBProto.SecurityModifyAclResponse.class);
            if (sendRequest == null) {
                if (secureObjectType == CLDBProto.SecureObjectType.OBJECT_TYPE_SECURITYPOLICY) {
                    outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10009, "Couldn't connect to the policy server"));
                } else {
                    outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10009, "Couldn't connect to the CLDB service"));
                }
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            CLDBProto.SecurityModifyAclResponse parseFrom = CLDBProto.SecurityModifyAclResponse.parseFrom(sendRequest);
            int status = parseFrom.getStatus();
            if (status == 0) {
                commandOutput.setOutput(outputHierarchy);
                return commandOutput;
            }
            if (parseFrom.hasErrorString()) {
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(status, parseFrom.getErrorString()));
            } else {
                outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Unknown error while ACL modification for " + paramTextValue).setField("name"));
            }
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        } catch (MaprSecurityException e) {
            throw new CLIProcessingException("MaprSecurityException Exception", e);
        } catch (Exception e2) {
            outputHierarchy.addError(new CommandOutput.OutputHierarchy.OutputError(10003, "Error while trying to modify ACL"));
            commandOutput.setOutput(outputHierarchy);
            return commandOutput;
        } catch (InvalidProtocolBufferException e3) {
            throw new CLIProcessingException("InvalidProtocolBufferException Exception", e3);
        }
    }

    public CommandOutput executeRealCommand() throws CLIProcessingException {
        if (super.validateInput()) {
            this.userInfo = new UnixUserGroupHelper();
            String commandName = this.cliCommand.getCommandName();
            return commandName.equalsIgnoreCase("show") ? showAcl() : commandName.equalsIgnoreCase("userperms") ? getPermissions() : commandName.equalsIgnoreCase("set") ? setAcl() : commandName.equalsIgnoreCase("edit") ? editAcl() : new TextCommandOutput(("Acl command failed: unknown command " + commandName + " received.").getBytes());
        }
        CommandOutput commandOutput = new CommandOutput();
        commandOutput.setOutput(new CommandOutput.OutputHierarchy());
        return commandOutput;
    }

    public String getCommandUsage() {
        return usageStr;
    }
}
