package org.apache.ranger.authorization.kms.authorizer;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.crypto.key.kms.server.KMS;
import org.apache.hadoop.crypto.key.kms.server.KMSACLsType;
import org.apache.hadoop.crypto.key.kms.server.KeyAuthorizationKeyProvider;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.plugin.classloader.RangerPluginClassLoader;

/* loaded from: input_file:org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.class */
public class RangerKmsAuthorizer implements Runnable, KeyAuthorizationKeyProvider.KeyACLs {
    private static final String RANGER_PLUGIN_TYPE = "kms";
    private static final String RANGER_KMS_AUTHORIZER_IMPL_CLASSNAME = "org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer";
    private Object impl = null;
    private Runnable implRunnable = null;
    private KeyAuthorizationKeyProvider.KeyACLs implKeyACLs = null;
    private static final Log LOG = LogFactory.getLog(RangerKmsAuthorizer.class);
    private static RangerPluginClassLoader rangerPluginClassLoader = null;

    public RangerKmsAuthorizer() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerKmsAuthorizer.RangerKmsAuthorizer()");
        }
        init();
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerKmsAuthorizer.RangerKmsAuthorizer()");
        }
    }

    private void init() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerKmsAuthorizer.init()");
        }
        try {
            rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, getClass());
            Class<?> cls = Class.forName(RANGER_KMS_AUTHORIZER_IMPL_CLASSNAME, true, rangerPluginClassLoader);
            activatePluginClassLoader();
            this.impl = cls.newInstance();
            this.implRunnable = (Runnable) this.impl;
            this.implKeyACLs = (KeyAuthorizationKeyProvider.KeyACLs) this.impl;
        } catch (Exception e) {
            LOG.error("Error Enabling RangerKMSPlugin", e);
        } finally {
            deactivatePluginClassLoader();
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerKmsAuthorizer.init()");
        }
    }

    public boolean hasAccessToKey(String str, UserGroupInformation userGroupInformation, KeyAuthorizationKeyProvider.KeyOpType keyOpType) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerKmsAuthorizer.hasAccessToKey(" + str + ", " + userGroupInformation + ", " + keyOpType + ")");
        }
        try {
            activatePluginClassLoader();
            boolean hasAccessToKey = this.implKeyACLs.hasAccessToKey(str, userGroupInformation, keyOpType);
            deactivatePluginClassLoader();
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RangerKmsAuthorizer.hasAccessToKey(" + str + ", " + userGroupInformation + ", " + keyOpType + ")");
            }
            return hasAccessToKey;
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public boolean isACLPresent(String str, KeyAuthorizationKeyProvider.KeyOpType keyOpType) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerKmsAuthorizer.isACLPresent(" + str + ", " + keyOpType + ")");
        }
        try {
            activatePluginClassLoader();
            boolean isACLPresent = this.implKeyACLs.isACLPresent(str, keyOpType);
            deactivatePluginClassLoader();
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RangerKmsAuthorizer.isACLPresent(" + str + ", " + keyOpType + ")");
            }
            return isACLPresent;
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public boolean hasAccess(KMSACLsType.Type type, UserGroupInformation userGroupInformation, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerKmsAuthorizer.hasAccess(" + type + ", " + userGroupInformation + ")");
        }
        try {
            activatePluginClassLoader();
            boolean hasAccess = this.implKeyACLs.hasAccess(type, userGroupInformation, str);
            deactivatePluginClassLoader();
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RangerKmsAuthorizer.hasAccess(" + type + ", " + userGroupInformation + ")");
            }
            return hasAccess;
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void assertAccess(KMSACLsType.Type type, UserGroupInformation userGroupInformation, KMS.KMSOp kMSOp, String str, String str2) throws AccessControlException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerKmsAuthorizer.assertAccess(" + str + ", " + userGroupInformation + ", " + type + ")");
        }
        try {
            activatePluginClassLoader();
            this.implKeyACLs.assertAccess(type, userGroupInformation, kMSOp, str, str2);
            deactivatePluginClassLoader();
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RangerKmsAuthorizer.assertAccess(" + str + ", " + userGroupInformation + ", " + type + ")");
            }
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void startReloader() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerKmsAuthorizer.startReloader()");
        }
        try {
            activatePluginClassLoader();
            this.implKeyACLs.startReloader();
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RangerKmsAuthorizer.startReloader()");
            }
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void stopReloader() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerKmsAuthorizer.stopReloader()");
        }
        try {
            activatePluginClassLoader();
            this.implKeyACLs.stopReloader();
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RangerKmsAuthorizer.stopReloader()");
            }
        } finally {
            deactivatePluginClassLoader();
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerKmsAuthorizer.run()");
        }
        try {
            activatePluginClassLoader();
            this.implRunnable.run();
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RangerKmsAuthorizer.run()");
            }
        } finally {
            deactivatePluginClassLoader();
        }
    }

    private void activatePluginClassLoader() {
        if (rangerPluginClassLoader != null) {
            rangerPluginClassLoader.activate();
        }
    }

    private void deactivatePluginClassLoader() {
        if (rangerPluginClassLoader != null) {
            rangerPluginClassLoader.deactivate();
        }
    }
}
