package org.apache.ranger.policymigration.transformer;

import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.policymigration.common.PolicyMigrationUtils;
import org.apache.ranger.policymigration.common.RangerPolicyMigrationConfig;
import org.apache.ranger.policymigration.common.RangerPolicyMigrationConstants;
import org.apache.ranger.policymigration.view.RangerExportPolicyList;
import org.apache.ranger.policymigration.view.RangerServiceList;

/* loaded from: input_file:org/apache/ranger/policymigration/transformer/TransformTask.class */
public class TransformTask {
    private static final Log LOG = LogFactory.getLog(TransformTask.class);
    private Configuration conf;
    private Map<String, String> serviceTypeMappings;
    private Map<String, String> serviceNameMappings;
    private Map<String, String> zoneNameMappings;
    private Map<String, String> serviceResourceMappings;
    private Map<String, String> hiveURLMappings;
    private Map<String, String> userMappings;
    private List<String> excludePoliciesFromServiceTypes;

    public TransformTask(Configuration configuration) {
        this.conf = null;
        this.conf = configuration;
        this.serviceTypeMappings = PolicyMigrationUtils.convertStringToMap(configuration.get(RangerPolicyMigrationConfig.RANGER_POLICYMIGRATION_SERVICE_TYPE_MAPPING, ""), PolicyMigrationUtils.DELIMITER_COLON);
        LOG.info("serviceTypeMappings:" + Collections.singletonList(this.serviceTypeMappings));
        this.serviceNameMappings = PolicyMigrationUtils.convertStringToMap(configuration.get(RangerPolicyMigrationConfig.RANGER_POLICYMIGRATION_SERVICE_NAME_MAPPING, ""), PolicyMigrationUtils.DELIMITER_COLON);
        LOG.info("serviceNameMappings:" + Collections.singletonList(this.serviceNameMappings));
        this.zoneNameMappings = PolicyMigrationUtils.convertStringToMap(configuration.get(RangerPolicyMigrationConfig.RANGER_POLICYMIGRATION_ZONE_NAME_MAPPING, ""), PolicyMigrationUtils.DELIMITER_COLON);
        LOG.info("zoneNameMappings:" + Collections.singletonList(this.zoneNameMappings));
        String str = configuration.get(RangerPolicyMigrationConfig.RANGER_POLICYMIGRATION_RESOURCE_MAPPING_FILE, "");
        try {
            this.serviceResourceMappings = PolicyMigrationUtils.readMappingFile(str);
        } catch (Exception e) {
            LOG.error("Error reading file: " + str, e);
        }
        LOG.info("serviceResourceMappings:" + Collections.singletonList(this.serviceResourceMappings));
        String str2 = configuration.get(RangerPolicyMigrationConfig.RANGER_POLICYMIGRATION_HIVE_URL_MAPPING_FILE, "");
        try {
            this.hiveURLMappings = PolicyMigrationUtils.readMappingFile(str2);
        } catch (Exception e2) {
            LOG.error("Error reading file: " + str2, e2);
        }
        LOG.info("hiveURLMappings:" + Collections.singletonList(this.hiveURLMappings));
        String property = RangerPolicyMigrationConfig.getProperty(configuration, RangerPolicyMigrationConfig.RANGER_POLICYMIGRATION_USERS_MAPPING_FILE);
        try {
            this.userMappings = PolicyMigrationUtils.readMappingFile(property);
        } catch (Exception e3) {
            LOG.error("Error reading file:" + property, e3);
        }
        this.excludePoliciesFromServiceTypes = PolicyMigrationUtils.stringToList(configuration.get(RangerPolicyMigrationConfig.RANGER_POLICYMIGRATION_EXCLUDE_SERVICE_TYPES, RangerPolicyMigrationConstants.LITERAL_STORM));
        LOG.info("excludeServiceNames:" + Collections.singletonList(this.excludePoliciesFromServiceTypes));
    }

    public RangerExportPolicyList getTransformedPolicies(RangerExportPolicyList rangerExportPolicyList, RangerServiceList rangerServiceList) throws Exception {
        return performTransformation(rangerExportPolicyList, rangerServiceList);
    }

    private RangerExportPolicyList performTransformation(RangerExportPolicyList rangerExportPolicyList, RangerServiceList rangerServiceList) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> TransformTask.performTransformation()");
        }
        long j = 0;
        long j2 = 0;
        Map<String, String> loadServiceNameAndTypeMapping = loadServiceNameAndTypeMapping(rangerServiceList);
        if (rangerExportPolicyList != null && CollectionUtils.isNotEmpty(rangerExportPolicyList.getPolicies())) {
            j = rangerExportPolicyList.getPolicies().size();
            LOG.info("Total Ranger policies:" + j);
            Iterator<RangerPolicy> it = rangerExportPolicyList.getPolicies().iterator();
            while (it.hasNext()) {
                RangerPolicy next = it.next();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Transforming Ranger Policy:" + next);
                }
                if (StringUtils.isBlank(next.getServiceType())) {
                    if (loadServiceNameAndTypeMapping == null || loadServiceNameAndTypeMapping.isEmpty()) {
                        throw new Exception("Please provide Ranger service json file path with the transform command to update the service types in the Ranger policies");
                    }
                    if (loadServiceNameAndTypeMapping.containsKey(next.getService())) {
                        next.setServiceType(loadServiceNameAndTypeMapping.get(next.getService()));
                    } else {
                        LOG.warn("ServiceType field is empty in the ranger policy:" + next.getName());
                        j2++;
                    }
                } else if (RangerPolicyMigrationConstants.SERVICE_DEF_ID_NAME_MAP.containsKey(next.getServiceType())) {
                    next.setServiceType(RangerPolicyMigrationConstants.SERVICE_DEF_ID_NAME_MAP.get(next.getServiceType()));
                }
                String serviceType = next.getServiceType();
                if (this.excludePoliciesFromServiceTypes.contains(serviceType)) {
                    it.remove();
                    j2++;
                } else {
                    if (RangerPolicyMigrationConstants.LITERAL_HDFS.equalsIgnoreCase(serviceType) && this.serviceTypeMappings.containsKey(serviceType)) {
                        next.setServiceType(this.serviceTypeMappings.get(serviceType).toLowerCase());
                    }
                    if (this.serviceNameMappings.containsKey(next.getService())) {
                        next.setService(this.serviceNameMappings.get(next.getService()));
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Target policy service name:" + next.getService());
                        }
                    }
                    if (this.zoneNameMappings.containsKey(next.getZoneName())) {
                        next.setZoneName(this.zoneNameMappings.get(next.getZoneName()));
                    }
                    for (Map.Entry entry : next.getResources().entrySet()) {
                        List values = ((RangerPolicy.RangerPolicyResource) entry.getValue()).getValues();
                        if (RangerPolicyMigrationConstants.LITERAL_HIVE.equalsIgnoreCase(serviceType) && "url".equalsIgnoreCase((String) entry.getKey())) {
                            Set<String> keySet = this.hiveURLMappings.keySet();
                            if (keySet != null && keySet.size() > 0) {
                                for (int i = 0; i < values.size(); i++) {
                                    for (String str : keySet) {
                                        if (StringUtils.startsWith((CharSequence) values.get(i), str)) {
                                            values.set(i, ((String) values.get(i)).replaceFirst(str, this.hiveURLMappings.get(str)));
                                        }
                                    }
                                }
                            }
                        } else {
                            for (int i2 = 0; i2 < values.size(); i2++) {
                                if (this.serviceResourceMappings.containsKey(values.get(i2))) {
                                    LOG.info("matchedresource:" + this.serviceResourceMappings.get(values.get(i2)));
                                    values.set(i2, this.serviceResourceMappings.get(values.get(i2)));
                                }
                            }
                        }
                    }
                    removeInvalidAccessTypesFromPolicyItems(serviceType, next.getPolicyItems());
                    removeInvalidAccessTypesFromPolicyItems(serviceType, next.getDenyPolicyItems());
                    removeInvalidAccessTypesFromPolicyItems(serviceType, next.getAllowExceptions());
                    removeInvalidAccessTypesFromPolicyItems(serviceType, next.getDenyExceptions());
                    removeInvalidAccessTypesFromDataMaskPolicyItems(serviceType, next.getDataMaskPolicyItems());
                    removeInvalidAccessTypesFromRowFilterPolicyItems(serviceType, next.getRowFilterPolicyItems());
                    if (RangerPolicyMigrationConstants.LITERAL_S3.equalsIgnoreCase(this.serviceTypeMappings.get(serviceType))) {
                        next.getResources().put("bucket", new RangerPolicy.RangerPolicyResource(this.conf.get(RangerPolicyMigrationConfig.RANGER_POLICYMIGRATION_S3_BUCKET_NAME, "myS3bucket")));
                    }
                    if (RangerPolicyMigrationConstants.LITERAL_ADLS.equalsIgnoreCase(this.serviceTypeMappings.get(serviceType))) {
                        String str2 = this.conf.get(RangerPolicyMigrationConfig.RANGER_POLICYMIGRATION_ADLS_STORAGE_ACCOUNT, "mystorage");
                        String str3 = this.conf.get(RangerPolicyMigrationConfig.RANGER_POLICYMIGRATION_ADLS_STORGAGE_CONTAINER, "mycontainer");
                        RangerPolicy.RangerPolicyResource rangerPolicyResource = new RangerPolicy.RangerPolicyResource(str2);
                        RangerPolicy.RangerPolicyResource rangerPolicyResource2 = new RangerPolicy.RangerPolicyResource(str3);
                        next.getResources().put("storageaccount", rangerPolicyResource);
                        next.getResources().put("container", rangerPolicyResource2);
                        if (next.getResources().containsKey(RangerPolicyMigrationConstants.RESOURCE_TYPE_PATH)) {
                            next.getResources().put("relativepath", (RangerPolicy.RangerPolicyResource) next.getResources().get(RangerPolicyMigrationConstants.RESOURCE_TYPE_PATH));
                            next.getResources().remove(RangerPolicyMigrationConstants.RESOURCE_TYPE_PATH);
                        }
                    }
                    replaceUserNamesFromPolicyItems(next.getPolicyItems());
                    replaceUserNamesFromPolicyItems(next.getDenyPolicyItems());
                    replaceUserNamesFromPolicyItems(next.getAllowExceptions());
                    replaceUserNamesFromPolicyItems(next.getDenyExceptions());
                    replaceUserNamesFromDataMaskPolicyItems(next.getDataMaskPolicyItems());
                    replaceUserNamesFromRowFilterPolicyItem(next.getRowFilterPolicyItems());
                    next.setId((Long) null);
                    next.setGuid((String) null);
                    next.setResourceSignature((String) null);
                    next.setCreatedBy((String) null);
                    next.setUpdatedBy((String) null);
                    next.setCreateTime((Date) null);
                    next.setUpdateTime((Date) null);
                }
            }
        }
        LOG.info("Ranger Policies Count:[Total=" + j + ", Skipped=" + j2 + "]");
        System.out.println("Ranger Policies Count:[Total=" + j + ", Skipped=" + j2 + "]");
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== TransformTask.performTransformation()");
        }
        return rangerExportPolicyList;
    }

    private void replaceUserNamesFromPolicyItems(List<RangerPolicy.RangerPolicyItem> list) {
        for (RangerPolicy.RangerPolicyItem rangerPolicyItem : list) {
            rangerPolicyItem.setUsers(replaceUserNames(rangerPolicyItem.getUsers()));
        }
    }

    private void replaceUserNamesFromDataMaskPolicyItems(List<RangerPolicy.RangerDataMaskPolicyItem> list) {
        for (RangerPolicy.RangerDataMaskPolicyItem rangerDataMaskPolicyItem : list) {
            rangerDataMaskPolicyItem.setUsers(replaceUserNames(rangerDataMaskPolicyItem.getUsers()));
        }
    }

    private void replaceUserNamesFromRowFilterPolicyItem(List<RangerPolicy.RangerRowFilterPolicyItem> list) {
        for (RangerPolicy.RangerRowFilterPolicyItem rangerRowFilterPolicyItem : list) {
            rangerRowFilterPolicyItem.setUsers(replaceUserNames(rangerRowFilterPolicyItem.getUsers()));
        }
    }

    private List<String> replaceUserNames(List<String> list) {
        for (int i = 0; i < list.size(); i++) {
            String str = list.get(i);
            if (MapUtils.isNotEmpty(this.userMappings) && this.userMappings.containsKey(str)) {
                list.set(i, this.userMappings.get(str));
            }
        }
        return list;
    }

    private void removeInvalidAccessTypesFromPolicyItems(String str, List<RangerPolicy.RangerPolicyItem> list) {
        Iterator<RangerPolicy.RangerPolicyItem> it = list.iterator();
        while (it.hasNext()) {
            RangerPolicy.RangerPolicyItem next = it.next();
            removeInvalidAccessTypes(str, next.getAccesses());
            if (CollectionUtils.isEmpty(next.getAccesses())) {
                it.remove();
            }
        }
    }

    private void removeInvalidAccessTypesFromDataMaskPolicyItems(String str, List<RangerPolicy.RangerDataMaskPolicyItem> list) {
        Iterator<RangerPolicy.RangerDataMaskPolicyItem> it = list.iterator();
        while (it.hasNext()) {
            RangerPolicy.RangerPolicyItem next = it.next();
            removeInvalidAccessTypes(str, next.getAccesses());
            if (CollectionUtils.isEmpty(next.getAccesses())) {
                it.remove();
            }
        }
    }

    private void removeInvalidAccessTypesFromRowFilterPolicyItems(String str, List<RangerPolicy.RangerRowFilterPolicyItem> list) {
        Iterator<RangerPolicy.RangerRowFilterPolicyItem> it = list.iterator();
        while (it.hasNext()) {
            RangerPolicy.RangerPolicyItem next = it.next();
            removeInvalidAccessTypes(str, next.getAccesses());
            if (CollectionUtils.isEmpty(next.getAccesses())) {
                it.remove();
            }
        }
    }

    private void removeInvalidAccessTypes(String str, List<RangerPolicy.RangerPolicyItemAccess> list) {
        if (RangerPolicyMigrationConstants.LITERAL_TAG.equalsIgnoreCase(str)) {
            updateAccessTypesForADLSandS3(list);
        }
        if (RangerPolicyMigrationConstants.NONSUPPORTED_ACCESS_TYPES_MAP.containsKey(str)) {
            Set<String> set = RangerPolicyMigrationConstants.NONSUPPORTED_ACCESS_TYPES_MAP.get(str);
            Iterator<RangerPolicy.RangerPolicyItemAccess> it = list.iterator();
            while (it.hasNext()) {
                RangerPolicy.RangerPolicyItemAccess next = it.next();
                if (set.contains(next.getType())) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("removing permission:" + next.getType());
                    }
                    it.remove();
                }
            }
        }
    }

    private void updateAccessTypesForADLSandS3(List<RangerPolicy.RangerPolicyItemAccess> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> TransformTask.updateAccessTypesForADLSandS3(accesses):" + list);
        }
        Iterator<RangerPolicy.RangerPolicyItemAccess> it = list.iterator();
        int i = -1;
        while (it.hasNext()) {
            i++;
            RangerPolicy.RangerPolicyItemAccess next = it.next();
            if (this.serviceTypeMappings.containsKey(RangerPolicyMigrationConstants.LITERAL_HDFS)) {
                String lowerCase = this.serviceTypeMappings.get(RangerPolicyMigrationConstants.LITERAL_HDFS).toLowerCase();
                if (RangerPolicyMigrationConstants.LITERAL_S3.equalsIgnoreCase(lowerCase) || RangerPolicyMigrationConstants.LITERAL_ADLS.equalsIgnoreCase(lowerCase)) {
                    if (RangerPolicyMigrationConstants.LITERAL_S3.equalsIgnoreCase(lowerCase) && RangerPolicyMigrationConstants.ACCESS_TYPE_HDFS_EXECUTE.equalsIgnoreCase(next.getType())) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("removing permission:" + next.getType());
                        }
                        it.remove();
                    } else if (next.getType().startsWith(RangerPolicyMigrationConstants.LITERAL_HDFS + PolicyMigrationUtils.DELIMITER_COLON)) {
                        if (LOG.isDebugEnabled()) {
                            LOG.info("replacing access Type:" + next.getType());
                        }
                        next.setType(next.getType().replaceFirst(RangerPolicyMigrationConstants.LITERAL_HDFS + PolicyMigrationUtils.DELIMITER_COLON, lowerCase + PolicyMigrationUtils.DELIMITER_COLON));
                        list.set(i, next);
                    }
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== TransformTask.performTransformation(accesses):" + list);
        }
    }

    private Map<String, String> loadServiceNameAndTypeMapping(RangerServiceList rangerServiceList) {
        HashMap hashMap = new HashMap();
        if (rangerServiceList != null) {
            List<RangerService> services = rangerServiceList.getServices();
            if (CollectionUtils.isNotEmpty(services)) {
                for (RangerService rangerService : services) {
                    hashMap.put(rangerService.getName(), rangerService.getType());
                }
            }
        }
        return hashMap;
    }
}
