package org.apache.sentry.api.tools;

import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.apache.sentry.api.generic.thrift.TAuthorizable;
import org.apache.sentry.api.generic.thrift.TSentryGrantOption;
import org.apache.sentry.api.generic.thrift.TSentryPrivilege;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.exception.SentryUserException;
import org.apache.sentry.core.common.utils.KeyValue;
import org.apache.sentry.core.common.utils.SentryConstants;
import org.apache.sentry.core.common.validator.PrivilegeValidator;
import org.apache.sentry.core.common.validator.PrivilegeValidatorContext;
import org.apache.sentry.core.model.indexer.IndexerModelAuthorizables;
import org.apache.sentry.core.model.indexer.IndexerPrivilegeModel;
import org.apache.sentry.core.model.kafka.KafkaAuthorizable;
import org.apache.sentry.core.model.kafka.KafkaModelAuthorizables;
import org.apache.sentry.core.model.kafka.KafkaPrivilegeModel;
import org.apache.sentry.core.model.solr.SolrModelAuthorizables;
import org.apache.sentry.core.model.solr.SolrPrivilegeModel;
import org.apache.sentry.core.model.sqoop.SqoopModelAuthorizables;
import org.apache.sentry.core.model.sqoop.SqoopPrivilegeModel;
import org.apache.shiro.config.ConfigurationException;

/* loaded from: input_file:org/apache/sentry/api/tools/GenericPrivilegeConverter.class */
public class GenericPrivilegeConverter implements TSentryPrivilegeConverter {
    private String component;
    private String service;
    private boolean validate;

    public GenericPrivilegeConverter(String str, String str2) {
        this(str, str2, true);
    }

    public GenericPrivilegeConverter(String str, String str2, boolean z) {
        this.component = str;
        this.service = str2;
        this.validate = z;
    }

    @Override // org.apache.sentry.api.tools.TSentryPrivilegeConverter
    public TSentryPrivilege fromString(String str) throws SentryUserException {
        String parsePrivilegeString = parsePrivilegeString(str);
        if (this.validate) {
            validatePrivilegeHierarchy(parsePrivilegeString);
        }
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        LinkedList linkedList = new LinkedList();
        Iterator it = SentryConstants.AUTHORIZABLE_SPLITTER.split(parsePrivilegeString).iterator();
        while (it.hasNext()) {
            KeyValue keyValue = new KeyValue((String) it.next());
            String key = keyValue.getKey();
            String value = keyValue.getValue();
            Authorizable authorizable = getAuthorizable(keyValue);
            if (authorizable != null) {
                linkedList.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName()));
            } else {
                if (!"action".equalsIgnoreCase(key)) {
                    throw new IllegalArgumentException("Unknown key: " + key);
                }
                tSentryPrivilege.setAction(value);
            }
        }
        if (tSentryPrivilege.getAction() == null) {
            throw new IllegalArgumentException("Privilege is invalid: action required but not specified.");
        }
        tSentryPrivilege.setComponent(this.component);
        tSentryPrivilege.setServiceName(this.service);
        tSentryPrivilege.setAuthorizables(linkedList);
        return tSentryPrivilege;
    }

    @Override // org.apache.sentry.api.tools.TSentryPrivilegeConverter
    public String toString(TSentryPrivilege tSentryPrivilege) {
        ArrayList newArrayList = Lists.newArrayList();
        if (tSentryPrivilege != null) {
            List<TAuthorizable> authorizables = tSentryPrivilege.getAuthorizables();
            String action = tSentryPrivilege.getAction();
            String str = tSentryPrivilege.getGrantOption() == TSentryGrantOption.TRUE ? "true" : "false";
            Iterator<TAuthorizable> it = authorizables.iterator();
            if (it != null) {
                while (it.hasNext()) {
                    TAuthorizable next = it.next();
                    newArrayList.add(SentryConstants.KV_JOINER.join(next.getType(), next.getName(), new Object[0]));
                }
            }
            if (!authorizables.isEmpty()) {
                newArrayList.add(SentryConstants.KV_JOINER.join("action", action, new Object[0]));
            }
            if ("true".equals(str)) {
                newArrayList.add(SentryConstants.KV_JOINER.join("grantoption", str, new Object[0]));
            }
        }
        return SentryConstants.AUTHORIZABLE_JOINER.join(newArrayList);
    }

    private String parsePrivilegeString(String str) {
        if ("kafka".equals(this.component)) {
            String str2 = KafkaAuthorizable.AuthorizableType.HOST.name() + "=";
            if (!str.toLowerCase().startsWith(str2.toLowerCase())) {
                return str2 + "*->" + str;
            }
        }
        return str;
    }

    private void validatePrivilegeHierarchy(String str) throws SentryUserException {
        List<PrivilegeValidator> privilegeValidators = getPrivilegeValidators();
        PrivilegeValidatorContext privilegeValidatorContext = new PrivilegeValidatorContext((String) null, str);
        Iterator<PrivilegeValidator> it = privilegeValidators.iterator();
        while (it.hasNext()) {
            try {
                it.next().validate(privilegeValidatorContext);
            } catch (ConfigurationException e) {
                throw new IllegalArgumentException((Throwable) e);
            }
        }
    }

    protected List<PrivilegeValidator> getPrivilegeValidators() throws SentryUserException {
        if ("kafka".equals(this.component)) {
            return KafkaPrivilegeModel.getInstance().getPrivilegeValidators();
        }
        if ("SOLR".equals(this.component)) {
            return SolrPrivilegeModel.getInstance().getPrivilegeValidators();
        }
        if ("sqoop".equals(this.component)) {
            return SqoopPrivilegeModel.getInstance().getPrivilegeValidators(this.service);
        }
        if ("hbaseindexer".equals(this.component)) {
            return IndexerPrivilegeModel.getInstance().getPrivilegeValidators();
        }
        throw new SentryUserException("Invalid component specified for GenericPrivilegeCoverter: " + this.component);
    }

    protected Authorizable getAuthorizable(KeyValue keyValue) throws SentryUserException {
        if ("kafka".equals(this.component)) {
            return KafkaModelAuthorizables.from(keyValue);
        }
        if ("SOLR".equals(this.component)) {
            return SolrModelAuthorizables.from(keyValue);
        }
        if ("sqoop".equals(this.component)) {
            return SqoopModelAuthorizables.from(keyValue);
        }
        if ("hbaseindexer".equals(this.component)) {
            return IndexerModelAuthorizables.from(keyValue);
        }
        throw new SentryUserException("Invalid component specified for GenericPrivilegeCoverter: " + this.component);
    }
}
