package org.apache.ranger.services.tag;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.service.RangerBaseService;
import org.apache.ranger.plugin.service.ResourceLookupContext;
import org.apache.ranger.plugin.store.TagStore;

/* loaded from: input_file:WEB-INF/lib/ranger-plugins-common-1.0.0.jar:org/apache/ranger/services/tag/RangerServiceTag.class */
public class RangerServiceTag extends RangerBaseService {
    private static final Log LOG = LogFactory.getLog(RangerServiceTag.class);
    public static final String TAG_RESOURCE_NAME = "tag";
    public static final String RANGER_TAG_NAME_EXPIRES_ON = "EXPIRES_ON";
    public static final String RANGER_TAG_EXPIRY_CONDITION_NAME = "accessed-after-expiry";
    private TagStore tagStore;

    @Override // org.apache.ranger.plugin.service.RangerBaseService
    public void init(RangerServiceDef rangerServiceDef, RangerService rangerService) {
        super.init(rangerServiceDef, rangerService);
    }

    public void setTagStore(TagStore tagStore) {
        this.tagStore = tagStore;
    }

    @Override // org.apache.ranger.plugin.service.RangerBaseService
    public Map<String, Object> validateConfig() throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerServiceTag.validateConfig(" + this.serviceName + " )");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("connectivityStatus", true);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerServiceTag.validateConfig(" + this.serviceName + " ): " + hashMap);
        }
        return hashMap;
    }

    @Override // org.apache.ranger.plugin.service.RangerBaseService
    public List<String> lookupResource(ResourceLookupContext resourceLookupContext) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerServiceTag.lookupResource(" + resourceLookupContext + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        ArrayList arrayList = new ArrayList();
        if (resourceLookupContext != null && StringUtils.equals(resourceLookupContext.getResourceName(), "tag")) {
            try {
                List<String> tagTypes = this.tagStore != null ? this.tagStore.getTagTypes() : null;
                if (CollectionUtils.isNotEmpty(tagTypes)) {
                    List<String> list = MapUtils.isNotEmpty(resourceLookupContext.getResources()) ? resourceLookupContext.getResources().get("tag") : null;
                    if (CollectionUtils.isNotEmpty(list)) {
                        tagTypes.removeAll(list);
                    }
                    String userInput = resourceLookupContext.getUserInput();
                    if (StringUtils.isNotEmpty(userInput)) {
                        if (!userInput.endsWith("*")) {
                            userInput = userInput + "*";
                        }
                        for (String str : tagTypes) {
                            if (FilenameUtils.wildcardMatch(str, userInput)) {
                                arrayList.add(str);
                            }
                        }
                    }
                }
            } catch (Exception e) {
                LOG.error("RangerServiceTag.lookupResource()", e);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerServiceTag.lookupResource(): tag count=" + arrayList.size());
        }
        return arrayList;
    }

    @Override // org.apache.ranger.plugin.service.RangerBaseService
    public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerServiceTag.getDefaultRangerPolicies() ");
        }
        List<RangerPolicy> arrayList = new ArrayList();
        boolean z = false;
        List<RangerServiceDef.RangerPolicyConditionDef> policyConditions = this.serviceDef.getPolicyConditions();
        if (CollectionUtils.isNotEmpty(policyConditions)) {
            Iterator<RangerServiceDef.RangerPolicyConditionDef> it = policyConditions.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (it.next().getName().equals(RANGER_TAG_EXPIRY_CONDITION_NAME)) {
                    z = true;
                    break;
                }
            }
        }
        if (z) {
            arrayList = super.getDefaultRangerPolicies();
            if (!this.serviceDef.getResources().isEmpty()) {
                String name = this.serviceDef.getResources().get(0).getName();
                for (RangerPolicy rangerPolicy : arrayList) {
                    RangerPolicy.RangerPolicyResource rangerPolicyResource = rangerPolicy.getResources().get(name);
                    if (rangerPolicyResource != null) {
                        rangerPolicyResource.setValue(RANGER_TAG_NAME_EXPIRES_ON);
                        rangerPolicy.setName(RANGER_TAG_NAME_EXPIRES_ON);
                        rangerPolicy.setDescription("Policy for data with " + RANGER_TAG_NAME_EXPIRES_ON + " tag");
                        List<RangerPolicy.RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
                        for (RangerPolicy.RangerPolicyItem rangerPolicyItem : policyItems) {
                            ArrayList arrayList2 = new ArrayList();
                            arrayList2.add("public");
                            rangerPolicyItem.setGroups(arrayList2);
                            ArrayList arrayList3 = new ArrayList();
                            ArrayList arrayList4 = new ArrayList();
                            arrayList4.add("yes");
                            arrayList3.add(new RangerPolicy.RangerPolicyItemCondition(RANGER_TAG_EXPIRY_CONDITION_NAME, arrayList4));
                            rangerPolicyItem.setConditions(arrayList3);
                            rangerPolicyItem.setDelegateAdmin(Boolean.FALSE);
                        }
                        rangerPolicy.setDenyPolicyItems(policyItems);
                        rangerPolicy.setPolicyItems(null);
                    }
                }
            }
        } else {
            LOG.error("RangerServiceTag.getDefaultRangerPolicies() - Cannot create default TAG policy: Cannot get tagPolicyConditionDef with name=accessed-after-expiry");
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerServiceTag.getDefaultRangerPolicies() : " + arrayList);
        }
        return arrayList;
    }
}
