package org.apache.ranger.plugin.service;

import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.LinkedBlockingQueue;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.authorization.hadoop.config.RangerRmsPluginConfig;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.util.DownloaderTask;
import org.apache.ranger.plugin.util.RangerMappingProvider;
import org.apache.ranger.plugin.util.RangerMappingRefresher;
import org.apache.ranger.plugin.util.RangerMappingRetriever;

/* loaded from: input_file:org/apache/ranger/plugin/service/RangerChainedMapperPlugin.class */
public abstract class RangerChainedMapperPlugin extends RangerChainedPlugin {
    private static final Log LOG = LogFactory.getLog(RangerChainedMapperPlugin.class);
    public static final String ACL_MAPPING_SOURCE_TYPE_PARAMETER = ".mapping.source.type";
    public static final String ACL_MAPPING_SOURCE_CLASS_PARAMETER = ".mapping.source.impl";
    public static final String ACL_MAPPING_SOURCE_URL_PARAMETER = ".mapping.source.url";
    public static final String ACL_MAPPING_SOURCE_FILE_PARAMETER = ".mapping.source.file.name";
    public static final String ACL_MAPPING_DOWNLOAD_INTERVAL_PARAMETER = ".mapping.source.download.interval";
    private static final String ACL_MAPPING_SERVICE_WHITELISTED_USERS_PARAMETER = ".whitelisted.users";
    private static final String ACL_MAPPING_SERVICE_WHITELISTED_GROUPS_PARAMETER = ".whitelisted.groups";
    protected RangerMappingProvider mappingProvider;
    protected RangerMappingRefresher mappingRefresher;
    private Set<String> whitelistedUsers;
    private Set<String> whitelistedGroups;
    private boolean isInited;

    protected RangerChainedMapperPlugin(RangerBasePlugin rangerBasePlugin, String str, String str2) {
        super(rangerBasePlugin, str, str2);
    }

    protected RangerBasePlugin buildChainedPlugin(String str, String str2, String str3) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerChainedMapperPlugin.buildChainedPlugin(serviceName=" + str2 + ")");
        }
        RangerBasePlugin rangerBasePlugin = new RangerBasePlugin(new RangerRmsPluginConfig(str, str2, str3, this.rootPlugin.getConfig()));
        this.isInited = initChainedPlugin(rangerBasePlugin);
        if (!this.isInited) {
            LOG.error("Could not initialize RangerChainedMapperPlugin object. The plugin for service:[" + str2 + "] will not be operational!");
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerChainedMapperPlugin.buildChainedPlugin(serviceName=" + str2 + "): isInited:[" + this.isInited + "]");
        }
        return rangerBasePlugin;
    }

    protected boolean initChainedPlugin(RangerBasePlugin rangerBasePlugin) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerChainedMapperPlugin.initChainedPlugin(serviceName=" + this.serviceName + ")");
        }
        boolean z = false;
        RangerPluginConfig config = rangerBasePlugin.getConfig();
        this.mappingProvider = new RangerMappingProvider(this.rootPlugin.getServiceType(), this.rootPlugin.getServiceName(), config);
        String str = config.get(config.getPropertyPrefix() + ACL_MAPPING_SOURCE_TYPE_PARAMETER, "rest");
        String str2 = config.get(config.getPropertyPrefix() + ACL_MAPPING_SOURCE_CLASS_PARAMETER);
        String str3 = config.get(config.getPropertyPrefix() + ACL_MAPPING_SOURCE_URL_PARAMETER);
        String str4 = config.get(config.getPropertyPrefix() + ACL_MAPPING_SOURCE_FILE_PARAMETER);
        int i = config.getInt(config.getPropertyPrefix() + ACL_MAPPING_DOWNLOAD_INTERVAL_PARAMETER, 30000);
        String str5 = config.get(config.getPropertyPrefix() + ACL_MAPPING_SERVICE_WHITELISTED_USERS_PARAMETER);
        String str6 = config.get(config.getPropertyPrefix() + ACL_MAPPING_SERVICE_WHITELISTED_GROUPS_PARAMETER);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Data for service-name = " + this.serviceName + ": [targetServiceType=" + this.serviceType + ", mappingRetrieverType=" + str + ", downloadInterval=" + i + ", mappingProviderUrl=" + str3 + ", mappingProviderFileName=" + str4 + ", whitelistedUsers=" + str5 + ", whitelistedGroups=" + str6 + "]");
        }
        RangerMappingRetriever mappingRetriever = getMappingRetriever(str, str2, str3, str4);
        if (mappingRetriever != null) {
            mappingRetriever.init(this.rootPlugin.getServiceName(), this.serviceName, config);
            this.whitelistedUsers = buildSet(str5);
            this.whitelistedGroups = buildSet(str6);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Initialized chainedPlugin for service:[" + this.serviceName + "]");
            }
            LinkedBlockingQueue linkedBlockingQueue = new LinkedBlockingQueue();
            this.mappingRefresher = new RangerMappingRefresher(rangerBasePlugin, mappingRetriever, this.mappingProvider, -1L, linkedBlockingQueue);
            LOG.info("Created RangerMappingRefresher Thread(" + this.mappingRefresher.getName() + ")");
            try {
                this.mappingRefresher.populateMappings();
                new Timer("mappingDownloadTimer", true).schedule((TimerTask) new DownloaderTask(linkedBlockingQueue), i, i);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Scheduled mappingRefresher to download mappings every " + i + " milliseconds");
                }
                this.mappingRefresher.setDaemon(true);
                this.mappingRefresher.startRefresher();
                z = true;
            } catch (IllegalStateException e) {
                LOG.error("Error scheduling mappingRefresher:", e);
                LOG.error("*** Mappings will NOT be downloaded every " + i + " milliseconds ***");
            } catch (InterruptedException e2) {
                LOG.error("Caught InterruptedException. Cleaning up before interrupting this thread: [" + Thread.currentThread().getName() + "]");
                LOG.error("*** Mappings will NOT be downloaded every " + i + " milliseconds ***");
                Thread.currentThread().interrupt();
            }
        } else {
            LOG.error("Cannot initialize mapping-retriever");
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerChainedMapperPlugin.initChainedPlugin(serviceName=" + this.serviceName + ") : ret:[" + z + "]");
        }
        return z;
    }

    protected boolean isNotWhitelisted(RangerAccessRequest rangerAccessRequest) {
        if (this.whitelistedUsers.contains(rangerAccessRequest.getUser())) {
            return false;
        }
        Iterator it = rangerAccessRequest.getUserGroups().iterator();
        while (it.hasNext()) {
            if (this.whitelistedGroups.contains((String) it.next())) {
                return false;
            }
        }
        return true;
    }

    protected boolean getIsInited() {
        return this.isInited;
    }

    private RangerMappingRetriever getMappingRetriever(String str, String str2, String str3, String str4) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerChainedMapperPlugin.getMappingRetriever(mappingRetrieverType=" + str + ", mappingRetrieverClassName=" + str2 + ", mappingProviderUrl=" + str3 + ", mappingProviderFileName=" + str4 + ")");
        }
        if (StringUtils.equals(str, "rest")) {
            if (StringUtils.isEmpty(str3)) {
                LOG.error("No Mapping provider URL");
            } else if (StringUtils.isBlank(str2)) {
                str2 = "org.apache.ranger.plugin.util.RangerMappingRESTRetriever";
            }
        } else if (!StringUtils.equals(str, "file")) {
            LOG.error("Unknown mappingRetrieverType:[" + str + "]");
        } else if (StringUtils.isEmpty(str4)) {
            LOG.error("No Mapping provider File");
        } else if (StringUtils.isBlank(str2)) {
            LOG.error("No class provided for retrieving resource mappings");
        }
        RangerMappingRetriever rangerMappingRetriever = StringUtils.isNotEmpty(str2) ? (RangerMappingRetriever) getMapper(str2, RangerMappingRetriever.class) : null;
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerChainedMapperPlugin.getMappingRetriever(mappingRetrieverType=" + str + ", mappingRetrieverClassName=" + str2 + ", mappingProviderUrl=" + str3 + ", mappingProviderFileName=" + str4 + ") : ret:[" + rangerMappingRetriever + "]");
        }
        return rangerMappingRetriever;
    }

    private Object getMapper(String str, Class<?> cls) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerChainedMapperPlugin.getMapper(className=" + str + ", clazz=" + cls.getCanonicalName() + ")");
        }
        Object obj = null;
        try {
            Class<?> cls2 = Class.forName(str);
            if (cls.isAssignableFrom(cls2)) {
                obj = cls2.newInstance();
            } else {
                LOG.error("Class " + cls.getCanonicalName() + " is not assignable from " + cls2.getCanonicalName());
            }
        } catch (ClassNotFoundException e) {
            LOG.error("Class " + str + " not found, exception=" + e);
        } catch (IllegalAccessException e2) {
            LOG.error("Class " + str + " illegally accessed, exception=" + e2);
        } catch (InstantiationException e3) {
            LOG.error("Class " + str + " could not be instantiated, exception=" + e3);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerChainedMapperPlugin.getMapper(className=" + str + ", clazz=" + cls.getCanonicalName() + ") : mapper:[" + obj + "]");
        }
        return obj;
    }

    private Set<String> buildSet(String str) {
        HashSet hashSet = new HashSet();
        if (StringUtils.isNotBlank(str)) {
            Collections.addAll(hashSet, StringUtils.split(str, ", "));
        }
        return hashSet;
    }
}
