package org.apache.ranger.plugin.service;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.client.HadoopConfigHolder;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.validation.RangerServiceDefHelper;
import org.apache.ranger.plugin.resourcematcher.RangerAbstractResourceMatcher;

/* loaded from: input_file:org/apache/ranger/plugin/service/RangerBaseService.class */
public abstract class RangerBaseService {
    private static final Log LOG = LogFactory.getLog(RangerBaseService.class);
    protected static final String ADMIN_USER_PRINCIPAL = "ranger.admin.kerberos.principal";
    protected static final String ADMIN_USER_KEYTAB = "ranger.admin.kerberos.keytab";
    protected static final String LOOKUP_PRINCIPAL = "ranger.lookup.kerberos.principal";
    protected static final String LOOKUP_KEYTAB = "ranger.lookup.kerberos.keytab";
    protected static final String RANGER_AUTH_TYPE = "hadoop.security.authentication";
    protected static final String KERBEROS_TYPE = "kerberos";
    protected RangerServiceDef serviceDef;
    protected RangerService service;
    protected Map<String, String> configs;
    protected String serviceName;
    protected String serviceType;

    public void init(RangerServiceDef rangerServiceDef, RangerService rangerService) {
        this.serviceDef = rangerServiceDef;
        this.service = rangerService;
        this.configs = rangerService.getConfigs();
        this.serviceName = rangerService.getName();
        this.serviceType = rangerService.getType();
    }

    public RangerServiceDef getServiceDef() {
        return this.serviceDef;
    }

    public RangerService getService() {
        return this.service;
    }

    public Map<String, String> getConfigs() {
        return this.configs;
    }

    public void setConfigs(Map<String, String> map) {
        this.configs = map;
    }

    public String getServiceName() {
        return this.serviceName;
    }

    public void setServiceName(String str) {
        this.serviceName = str;
    }

    public String getServiceType() {
        return this.serviceType;
    }

    public void setServiceType(String str) {
        this.serviceType = str;
    }

    public abstract Map<String, Object> validateConfig() throws Exception;

    public abstract List<String> lookupResource(ResourceLookupContext resourceLookupContext) throws Exception;

    public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerBaseService.getDefaultRangerPolicies() ");
        }
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<List<RangerServiceDef.RangerResourceDef>> it = new RangerServiceDefHelper(this.serviceDef).getResourceHierarchies(0).iterator();
            while (it.hasNext()) {
                RangerPolicy defaultPolicy = getDefaultPolicy(it.next());
                if (defaultPolicy != null) {
                    arrayList.add(defaultPolicy);
                }
            }
        } catch (Exception e) {
            LOG.error("Error getting default polcies for Service: " + this.service.getName(), e);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerBaseService.getDefaultRangerPolicies(): " + arrayList);
        }
        return arrayList;
    }

    public List<RangerPolicy.RangerPolicyItemAccess> getAndAllowAllAccesses() {
        ArrayList arrayList = new ArrayList();
        for (RangerServiceDef.RangerAccessTypeDef rangerAccessTypeDef : this.serviceDef.getAccessTypes()) {
            RangerPolicy.RangerPolicyItemAccess rangerPolicyItemAccess = new RangerPolicy.RangerPolicyItemAccess();
            rangerPolicyItemAccess.setType(rangerAccessTypeDef.getName());
            rangerPolicyItemAccess.setIsAllowed(true);
            arrayList.add(rangerPolicyItemAccess);
        }
        return arrayList;
    }

    private RangerPolicy getDefaultPolicy(List<RangerServiceDef.RangerResourceDef> list) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerBaseService.getDefaultPolicy()");
        }
        RangerPolicy rangerPolicy = new RangerPolicy();
        String buildPolicyName = buildPolicyName(list);
        rangerPolicy.setIsEnabled(true);
        rangerPolicy.setVersion(1L);
        rangerPolicy.setName(buildPolicyName);
        rangerPolicy.setService(this.service.getName());
        rangerPolicy.setDescription("Policy for " + buildPolicyName);
        rangerPolicy.setIsAuditEnabled(true);
        rangerPolicy.setResources(createDefaultPolicyResource(list));
        ArrayList arrayList = new ArrayList();
        arrayList.add(createDefaultPolicyItem());
        rangerPolicy.setPolicyItems(arrayList);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerBaseService.getDefaultPolicy()" + rangerPolicy);
        }
        return rangerPolicy;
    }

    private RangerPolicy.RangerPolicyItem createDefaultPolicyItem() throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerBaseService.createDefaultPolicyItem()");
        }
        RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
        rangerPolicyItem.setUsers(getUserList());
        rangerPolicyItem.setAccesses(getAndAllowAllAccesses());
        rangerPolicyItem.setDelegateAdmin(true);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerBaseService.createDefaultPolicyItem(): " + rangerPolicyItem);
        }
        return rangerPolicyItem;
    }

    private Map<String, RangerPolicy.RangerPolicyResource> createDefaultPolicyResource(List<RangerServiceDef.RangerResourceDef> list) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerBaseService.createDefaultPolicyResource()");
        }
        HashMap hashMap = new HashMap();
        for (RangerServiceDef.RangerResourceDef rangerResourceDef : list) {
            RangerPolicy.RangerPolicyResource rangerPolicyResource = new RangerPolicy.RangerPolicyResource();
            rangerPolicyResource.setIsExcludes(false);
            rangerPolicyResource.setIsRecursive(rangerResourceDef.getRecursiveSupported());
            rangerPolicyResource.setValue(RangerAbstractResourceMatcher.WILDCARD_ASTERISK);
            hashMap.put(rangerResourceDef.getName(), rangerPolicyResource);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerBaseService.createDefaultPolicyResource():" + hashMap);
        }
        return hashMap;
    }

    private String buildPolicyName(List<RangerServiceDef.RangerResourceDef> list) {
        StringBuilder sb = new StringBuilder("all");
        if (CollectionUtils.isNotEmpty(list)) {
            int i = 0;
            for (RangerServiceDef.RangerResourceDef rangerResourceDef : list) {
                if (i > 0) {
                    sb.append(", ");
                } else {
                    sb.append(" - ");
                }
                sb.append(rangerResourceDef.getName());
                i++;
            }
        }
        return sb.toString().trim();
    }

    private List<String> getUserList() {
        ArrayList arrayList = new ArrayList();
        Map<String, String> configs = this.service.getConfigs();
        if (configs != null) {
            arrayList.add(configs.get(HadoopConfigHolder.RANGER_LOGIN_USER_NAME_PROP));
            String str = configs.get("default.policy.users");
            if (!StringUtils.isEmpty(str)) {
                ArrayList arrayList2 = new ArrayList(Arrays.asList(StringUtils.split(str, ",")));
                if (!arrayList2.isEmpty()) {
                    arrayList.addAll(arrayList2);
                }
            }
        }
        String lookupUser = getLookupUser(RangerConfiguration.getInstance().get("hadoop.security.authentication", "simple"), RangerConfiguration.getInstance().get(LOOKUP_PRINCIPAL), RangerConfiguration.getInstance().get(LOOKUP_KEYTAB));
        if (StringUtils.isNotBlank(lookupUser)) {
            arrayList.add(lookupUser);
        }
        return arrayList;
    }

    protected String getLookupUser(String str, String str2, String str3) {
        String str4 = null;
        if (!StringUtils.isEmpty(str) && str.equalsIgnoreCase("kerberos") && SecureClientLogin.isKerberosCredentialExists(str2, str3)) {
            try {
                str4 = new KerberosName(str2).getShortName();
            } catch (IOException e) {
                LOG.error("Unknown lookup user", e);
            }
        }
        return str4;
    }
}
