package org.apache.ranger.authorization.hadoop;

import java.security.SecureRandom;
import java.util.HashSet;
import java.util.Set;
import org.apache.hadoop.fs.Path;
import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: RangerHdfsAuthorizer.java */
/* loaded from: input_file:org/apache/ranger/authorization/hadoop/RangerHdfsPlugin.class */
public class RangerHdfsPlugin extends RangerBasePlugin {
    private static final Logger LOG = LoggerFactory.getLogger(RangerHdfsPlugin.class);
    private static String fileNameExtensionSeparator = RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR;
    private final boolean hadoopAuthEnabled;
    private final boolean optimizeSubAccessAuthEnabled;
    private final String randomizedWildcardPathName;
    private final String hadoopModuleName;
    private final Set<String> excludeUsers;

    public RangerHdfsPlugin(Path path) {
        super("hdfs", "hdfs");
        this.excludeUsers = new HashSet();
        RangerPluginConfig config = getConfig();
        if (path != null) {
            config.addResource(path);
        }
        String generateString = generateString("^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
        fileNameExtensionSeparator = config.get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
        this.hadoopAuthEnabled = config.getBoolean("xasecure.add-hadoop-authorization", false);
        config.setIsFallbackSupported(this.hadoopAuthEnabled);
        this.optimizeSubAccessAuthEnabled = config.getBoolean("ranger.optimize-subaccess-authorization", false);
        this.randomizedWildcardPathName = "*" + generateString + "*";
        this.hadoopModuleName = config.get("xasecure.auditlog.hadoopAcl.name", "hadoop-acl");
        String str = config.get("xasecure.auditlog.hdfs.excludeusers", "");
        if (str == null || str.trim().length() <= 0) {
            return;
        }
        for (String str2 : str.trim().split(",")) {
            String trim = str2.trim();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Adding exclude user [" + trim + "]");
            }
            this.excludeUsers.add(trim);
        }
    }

    private static String generateString(String str) {
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[1];
        secureRandom.nextBytes(bArr);
        byte b = bArr[0];
        byte b2 = b < 56 ? (byte) 56 : b;
        int i = b2 > 112 ? (byte) 112 : b2;
        char[] cArr = new char[i];
        for (int i2 = 0; i2 < i; i2++) {
            cArr[i2] = str.charAt(secureRandom.nextInt(str.length()));
        }
        return new String(cArr);
    }

    public static String getFileNameExtensionSeparator() {
        return fileNameExtensionSeparator;
    }

    public boolean isHadoopAuthEnabled() {
        return this.hadoopAuthEnabled;
    }

    public boolean isOptimizeSubAccessAuthEnabled() {
        return this.optimizeSubAccessAuthEnabled;
    }

    public String getRandomizedWildcardPathName() {
        return this.randomizedWildcardPathName;
    }

    public String getHadoopModuleName() {
        return this.hadoopModuleName;
    }

    public Set<String> getExcludedUsers() {
        return this.excludeUsers;
    }
}
