package com.hortonworks.registries.schemaregistry.authorizer.ranger;

import com.hortonworks.registries.schemaregistry.authorizer.core.Authorizer;
import java.util.Map;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.service.RangerBasePlugin;

/* loaded from: input_file:com/hortonworks/registries/schemaregistry/authorizer/ranger/RangerSchemaRegistryAuthorizerImpl.class */
public class RangerSchemaRegistryAuthorizerImpl implements Authorizer {
    private static final String RANGER_RESOURCE_REGISTRY_SERVICE = "registry-service";
    private static final String RANGER_RESOURCE_SERDE = "serde";
    private static final String RANGER_RESOURCE_SCHEMA_GROUP = "schema-group";
    private static final String RANGER_RESOURCE_SCHEMA_METADATA = "schema-metadata";
    private static final String RANGER_RESOURCE_SCHEMA_BRANCH = "schema-branch";
    private static final String RANGER_RESOURCE_SCHEMA_VERSION = "schema-version";
    private final RangerBasePlugin plg = SchemaRegistryRangerPlugin.getInstance();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.hortonworks.registries.schemaregistry.authorizer.ranger.RangerSchemaRegistryAuthorizerImpl$1, reason: invalid class name */
    /* loaded from: input_file:com/hortonworks/registries/schemaregistry/authorizer/ranger/RangerSchemaRegistryAuthorizerImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$hortonworks$registries$schemaregistry$authorizer$core$Authorizer$ResourceType = new int[Authorizer.ResourceType.values().length];

        static {
            try {
                $SwitchMap$com$hortonworks$registries$schemaregistry$authorizer$core$Authorizer$ResourceType[Authorizer.ResourceType.SERDE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$hortonworks$registries$schemaregistry$authorizer$core$Authorizer$ResourceType[Authorizer.ResourceType.SCHEMA_VERSION.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$hortonworks$registries$schemaregistry$authorizer$core$Authorizer$ResourceType[Authorizer.ResourceType.SCHEMA_METADATA.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$hortonworks$registries$schemaregistry$authorizer$core$Authorizer$ResourceType[Authorizer.ResourceType.SCHEMA_BRANCH.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* loaded from: input_file:com/hortonworks/registries/schemaregistry/authorizer/ranger/RangerSchemaRegistryAuthorizerImpl$SchemaRegistryRangerPlugin.class */
    private static class SchemaRegistryRangerPlugin extends RangerBasePlugin {
        private static final String PLG_TYPE = "schema-registry";
        private static final String PLG_NAME = "schema-registry";
        private static SchemaRegistryRangerPlugin instance;

        private SchemaRegistryRangerPlugin() {
            this("schema-registry", "schema-registry");
        }

        private SchemaRegistryRangerPlugin(String str, String str2) {
            super(str, str2);
        }

        public static SchemaRegistryRangerPlugin getInstance() {
            if (instance == null) {
                synchronized (SchemaRegistryRangerPlugin.class) {
                    if (instance == null) {
                        instance = new SchemaRegistryRangerPlugin();
                        instance.setResultProcessor(new RangerSchemaRegistryAuditHandler());
                        instance.init();
                    }
                }
            }
            return instance;
        }
    }

    public void configure(Map<String, Object> map) {
    }

    public boolean authorize(Authorizer.Resource resource, Authorizer.AccessType accessType, Authorizer.UserAndGroups userAndGroups) {
        return authorize(registryResource2RangerResource(resource), accessType, userAndGroups) || authorizeRangerSchemaRegistryResource(accessType, userAndGroups);
    }

    private boolean authorize(RangerAccessResourceImpl rangerAccessResourceImpl, Authorizer.AccessType accessType, Authorizer.UserAndGroups userAndGroups) {
        RangerAccessResult isAccessAllowed = this.plg.isAccessAllowed(new RangerAccessRequestImpl(rangerAccessResourceImpl, accessType.getName(), userAndGroups.getUser(), userAndGroups.getGroups()));
        return isAccessAllowed != null && isAccessAllowed.getIsAllowed();
    }

    RangerAccessResourceImpl registryResource2RangerResource(Authorizer.Resource resource) {
        RangerAccessResourceImpl rangerAccessResourceImpl = new RangerAccessResourceImpl();
        if (resource instanceof Authorizer.SchemaMetadataResource) {
            Authorizer.SchemaMetadataResource schemaMetadataResource = (Authorizer.SchemaMetadataResource) resource;
            rangerAccessResourceImpl.setValue(RANGER_RESOURCE_SCHEMA_GROUP, schemaMetadataResource.getsGroupName());
            rangerAccessResourceImpl.setValue(RANGER_RESOURCE_SCHEMA_METADATA, schemaMetadataResource.getsMetadataName());
        }
        if (resource instanceof Authorizer.SchemaBranchResource) {
            rangerAccessResourceImpl.setValue(RANGER_RESOURCE_SCHEMA_BRANCH, ((Authorizer.SchemaBranchResource) resource).getsBranchName());
        }
        switch (AnonymousClass1.$SwitchMap$com$hortonworks$registries$schemaregistry$authorizer$core$Authorizer$ResourceType[resource.getResourceType().ordinal()]) {
            case 1:
                rangerAccessResourceImpl.setValue(RANGER_RESOURCE_SERDE, "ANY_VALUE");
                return rangerAccessResourceImpl;
            case 2:
                rangerAccessResourceImpl.setValue(RANGER_RESOURCE_SCHEMA_VERSION, "ANY_VALUE");
                return rangerAccessResourceImpl;
            case 3:
            case 4:
                return rangerAccessResourceImpl;
            default:
                throw new RuntimeException(String.format("Cannot convert registry resource to ranger resource. ResourceType %s is not supported", resource.getResourceType().name()));
        }
    }

    boolean authorizeRangerSchemaRegistryResource(Authorizer.AccessType accessType, Authorizer.UserAndGroups userAndGroups) {
        RangerAccessResourceImpl rangerAccessResourceImpl = new RangerAccessResourceImpl();
        rangerAccessResourceImpl.setValue(RANGER_RESOURCE_REGISTRY_SERVICE, "ANY_VALUE");
        return authorize(rangerAccessResourceImpl, accessType, userAndGroups);
    }
}
