package org.apache.sentry.policy.kafka;

import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import org.apache.sentry.core.model.kafka.Host;
import org.apache.sentry.core.model.kafka.KafkaActionFactory;
import org.apache.sentry.core.model.kafka.KafkaAuthorizable;
import org.apache.sentry.policy.common.PrivilegeValidator;
import org.apache.sentry.policy.common.PrivilegeValidatorContext;
import org.apache.sentry.provider.common.ProviderConstants;
import org.apache.shiro.config.ConfigurationException;

/* loaded from: input_file:org/apache/sentry/policy/kafka/KafkaPrivilegeValidator.class */
public class KafkaPrivilegeValidator implements PrivilegeValidator {
    public static final String KafkaPrivilegeHelpMsg = "Invalid Kafka privilege. Kafka privilege must be of the form host=<HOST>-><RESOURCE>=<RESOURCE_NAME>->action=<ACTION>, where <HOST> can be '*' or any valid host name, <RESOURCE> can be one of " + Arrays.toString(getKafkaAuthorizablesExceptHost()) + " <RESOURCE_NAME> is name of the resource, <ACTION> can be one of " + Arrays.toString(KafkaActionFactory.KafkaActionType.values()) + ".";

    private static KafkaAuthorizable.AuthorizableType[] getKafkaAuthorizablesExceptHost() {
        KafkaAuthorizable.AuthorizableType[] values = KafkaAuthorizable.AuthorizableType.values();
        ArrayList arrayList = new ArrayList(values.length - 1);
        for (KafkaAuthorizable.AuthorizableType authorizableType : values) {
            if (!authorizableType.equals(KafkaAuthorizable.AuthorizableType.HOST)) {
                arrayList.add(authorizableType);
            }
        }
        return (KafkaAuthorizable.AuthorizableType[]) arrayList.toArray(new KafkaAuthorizable.AuthorizableType[arrayList.size()]);
    }

    public void validate(PrivilegeValidatorContext privilegeValidatorContext) throws ConfigurationException {
        ArrayList newArrayList = Lists.newArrayList();
        Iterator it = ProviderConstants.AUTHORIZABLE_SPLITTER.split(privilegeValidatorContext.getPrivilege()).iterator();
        while (it.hasNext()) {
            newArrayList.add((String) it.next());
        }
        if (newArrayList.size() < 2 || newArrayList.size() > 3) {
            throw new ConfigurationException(KafkaPrivilegeHelpMsg);
        }
        if (isAction((String) newArrayList.get(0))) {
            throw new ConfigurationException("Kafka privilege can not start with an action.\n" + KafkaPrivilegeHelpMsg);
        }
        KafkaAuthorizable from = KafkaModelAuthorizables.from((String) newArrayList.get(0));
        if (from == null) {
            throw new ConfigurationException("No Kafka authorizable found for " + ((String) newArrayList.get(0)) + "\n." + KafkaPrivilegeHelpMsg);
        }
        if (!(from instanceof Host)) {
            throw new ConfigurationException("Kafka privilege must begin with host authorizable.\n" + KafkaPrivilegeHelpMsg);
        }
        if (newArrayList.size() == 3) {
            if (isAction((String) newArrayList.get(1))) {
                throw new ConfigurationException("Kafka privilege can have action only at the end of privilege.\n" + KafkaPrivilegeHelpMsg);
            }
            KafkaAuthorizable from2 = KafkaModelAuthorizables.from((String) newArrayList.get(1));
            if (from2 == null) {
                throw new ConfigurationException("No Kafka authorizable found for " + ((String) newArrayList.get(1)) + "\n." + KafkaPrivilegeHelpMsg);
            }
            if (from2 instanceof Host) {
                throw new ConfigurationException("Host authorizable can be specified just once in a Kafka privilege.\n" + KafkaPrivilegeHelpMsg);
            }
        }
        if (!isAction((String) newArrayList.get(newArrayList.size() - 1))) {
            throw new ConfigurationException("Kafka privilege must end with a valid action.\n" + KafkaPrivilegeHelpMsg);
        }
    }

    private boolean isAction(String str) {
        String lowerCase = str.toLowerCase();
        return lowerCase.startsWith(ProviderConstants.PRIVILEGE_PREFIX) && KafkaActionFactory.getInstance().getActionByName(lowerCase.replace(ProviderConstants.PRIVILEGE_PREFIX, "").toLowerCase()) != null;
    }
}
