package org.apache.ranger.raz.processor;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResource;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.raz.intg.RangerRazErrorCode;
import org.apache.ranger.raz.intg.RangerRazException;
import org.apache.ranger.raz.model.RangerRazRequest;
import org.apache.ranger.raz.model.RangerRazRequestBase;
import org.apache.ranger.raz.model.RangerRazResult;
import org.apache.ranger.raz.model.RangerRazResultBase;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/raz/processor/RangerDefaultRazProcessor.class */
public class RangerDefaultRazProcessor implements RangerRazProcessor {
    private static final Logger LOG = LoggerFactory.getLogger(RangerDefaultRazProcessor.class);

    public RangerDefaultRazProcessor() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("RangerDefaultRazProcessor()");
        }
    }

    @Override // org.apache.ranger.raz.processor.RangerRazProcessor
    public void init(RangerRazContext rangerRazContext) throws RangerRazException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultRazProcessor.init(context={})", rangerRazContext);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultRazProcessor.init(context={})", rangerRazContext);
        }
    }

    @Override // org.apache.ranger.raz.processor.RangerRazProcessor
    public List<RangerAccessRequest> preProcess(RangerRazRequest rangerRazRequest, RangerRazRequestContext rangerRazRequestContext) throws RangerRazException {
        if (LOG.isTraceEnabled()) {
            LOG.trace("==> RangerDefaultRazProcessor.preProcess(request={}, context={})", rangerRazRequest, rangerRazRequestContext);
        }
        RangerRazRequestBase.ResourceAccess operation = rangerRazRequest.getOperation();
        if (StringUtils.isEmpty(rangerRazRequest.getServiceName())) {
            throw new RangerRazException(RangerRazErrorCode.INVALID_PARAMETERS, new Object[]{"serviceName must be provided"});
        }
        if (operation == null || MapUtils.isEmpty(operation.getResource())) {
            throw new RangerRazException(RangerRazErrorCode.INVALID_PARAMETERS, new Object[]{"resource must be provided"});
        }
        if (CollectionUtils.isEmpty(operation.getAccessTypes())) {
            throw new RangerRazException(RangerRazErrorCode.INVALID_PARAMETERS, new Object[]{"accessTypes must be provided"});
        }
        ArrayList arrayList = new ArrayList();
        String user = rangerRazRequest.getUser();
        Set userGroups = rangerRazRequest.getUserGroups();
        for (String str : operation.getAccessTypes()) {
            HashMap hashMap = rangerRazRequest.getContext() != null ? new HashMap(rangerRazRequest.getContext()) : null;
            RangerAccessRequestImpl rangerAccessRequestImpl = new RangerAccessRequestImpl(getRangerAccessResource(operation), str, user, userGroups, (Set) null);
            rangerAccessRequestImpl.setAction(operation.getAction());
            rangerAccessRequestImpl.setAccessTime(rangerRazRequest.getAccessTime());
            rangerAccessRequestImpl.setClientIPAddress(rangerRazRequest.getClientIpAddress());
            rangerAccessRequestImpl.setClientType(rangerRazRequest.getClientType());
            rangerAccessRequestImpl.setClusterName(rangerRazRequest.getClusterName());
            rangerAccessRequestImpl.setClusterType(rangerRazRequest.getClientType());
            rangerAccessRequestImpl.setSessionId(rangerRazRequest.getSessionId());
            rangerAccessRequestImpl.setContext(hashMap);
            rangerAccessRequestImpl.setResourceMatchingScope(RangerAccessRequest.ResourceMatchingScope.SELF_OR_CHILD);
            arrayList.add(rangerAccessRequestImpl);
        }
        if (LOG.isTraceEnabled()) {
            LOG.trace("<== RangerDefaultRazProcessor.preProcess(request={}, context={}): ret={}", new Object[]{rangerRazRequest, rangerRazRequestContext, arrayList});
        }
        return arrayList;
    }

    @Override // org.apache.ranger.raz.processor.RangerRazProcessor
    public RangerRazResult postProcess(RangerRazRequest rangerRazRequest, List<RangerAccessResult> list, RangerRazRequestContext rangerRazRequestContext) throws RangerRazException {
        if (LOG.isTraceEnabled()) {
            LOG.trace("==> RangerDefaultRazProcessor.postProcess(request={}, accessResults={}, context={})", new Object[]{rangerRazRequest, list, rangerRazRequestContext});
        }
        RangerRazResultBase.ResourceAccessResult resourceAccessResult = new RangerRazResultBase.ResourceAccessResult(RangerRazResultBase.AccessResult.ALLOWED, false, new ArrayList(), (Map) null, rangerRazRequestContext.getKeysToRedact());
        for (RangerAccessResult rangerAccessResult : list) {
            RangerRazResultBase.AccessResult accessResult = rangerAccessResult.getIsAccessDetermined() ? rangerAccessResult.getIsAllowed() ? RangerRazResultBase.AccessResult.ALLOWED : RangerRazResultBase.AccessResult.DENIED : RangerRazResultBase.AccessResult.NOT_DETERMINED;
            if (resourceAccessResult.getResult() != RangerRazResultBase.AccessResult.DENIED) {
                if (accessResult == RangerRazResultBase.AccessResult.DENIED) {
                    resourceAccessResult.setResult(RangerRazResultBase.AccessResult.DENIED);
                } else if (accessResult == RangerRazResultBase.AccessResult.NOT_DETERMINED) {
                    resourceAccessResult.setResult(RangerRazResultBase.AccessResult.NOT_DETERMINED);
                }
            }
            if (rangerAccessResult.getIsAudited()) {
                resourceAccessResult.setIsAudited(true);
            }
            resourceAccessResult.getAuditLogs().add(new RangerRazResultBase.AuditInfo(rangerAccessResult.getAuditLogId(), rangerAccessResult.getAccessRequest().getAccessType(), accessResult, Long.valueOf(rangerAccessResult.getPolicyId()), rangerAccessResult.getPolicyVersion()));
            if (resourceAccessResult.getAdditionalInfo() == null && rangerAccessResult.getAdditionalInfo() != null) {
                HashMap hashMap = new HashMap(rangerAccessResult.getAdditionalInfo().size());
                for (Map.Entry entry : rangerAccessResult.getAdditionalInfo().entrySet()) {
                    hashMap.put(entry.getKey(), Objects.toString(entry.getValue()));
                }
                resourceAccessResult.setAdditionalInfo(hashMap);
            }
        }
        RangerRazResult rangerRazResult = new RangerRazResult(rangerRazRequest.getRequestId(), resourceAccessResult);
        if (LOG.isTraceEnabled()) {
            LOG.trace("==> RangerDefaultRazProcessor.postProcess(request={}, accessResults={}, context={}): ret={}", new Object[]{rangerRazRequest, list, rangerRazRequestContext, rangerRazResult});
        }
        return rangerRazResult;
    }

    @Override // org.apache.ranger.raz.processor.RangerRazProcessor
    public String getFallbackAclEnforcerName() {
        return "ranger-acl";
    }

    public RangerAccessResource getRangerAccessResource(RangerRazRequestBase.ResourceAccess resourceAccess) {
        return new RangerAccessResourceImpl(new HashMap(resourceAccess.getResource()), resourceAccess.getResourceOwner());
    }
}
