package org.apache.ranger.plugin.policyresourcematcher;

import com.google.common.collect.Sets;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.validation.RangerServiceDefHelper;
import org.apache.ranger.plugin.policyengine.RangerAccessResource;
import org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher;
import org.apache.ranger.plugin.resourcematcher.RangerResourceMatcher;

/* loaded from: input_file:org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.class */
public class RangerDefaultPolicyResourceMatcher implements RangerPolicyResourceMatcher {
    private static final Log LOG = LogFactory.getLog(RangerDefaultPolicyResourceMatcher.class);
    protected RangerServiceDef serviceDef = null;
    protected RangerPolicy policy = null;
    protected Map<String, RangerPolicy.RangerPolicyResource> policyResources = null;
    private Map<String, RangerResourceMatcher> matchers = null;
    private List<RangerServiceDef.RangerResourceDef> firstValidResourceDefHierarchy;

    @Override // org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher
    public void setServiceDef(RangerServiceDef rangerServiceDef) {
        this.serviceDef = rangerServiceDef;
    }

    @Override // org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher
    public void setPolicy(RangerPolicy rangerPolicy) {
        this.policy = rangerPolicy;
        setPolicyResources(rangerPolicy == null ? null : rangerPolicy.getResources());
    }

    @Override // org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher
    public void setPolicyResources(Map<String, RangerPolicy.RangerPolicyResource> map) {
        this.policyResources = map;
    }

    @Override // org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher
    public void init() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultPolicyResourceMatcher.init()");
        }
        String str = "";
        if (this.policyResources == null || this.policyResources.size() <= 0 || this.serviceDef == null) {
            str = " policyResources is null or empty, or serviceDef is null.";
        } else {
            Set<String> keySet = this.policyResources.keySet();
            RangerServiceDefHelper rangerServiceDefHelper = new RangerServiceDefHelper(this.serviceDef, false);
            Iterator<List<RangerServiceDef.RangerResourceDef>> it = rangerServiceDefHelper.getResourceHierarchies(Integer.valueOf((this.policy == null || this.policy.getPolicyType() == null) ? 0 : this.policy.getPolicyType().intValue())).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                List<RangerServiceDef.RangerResourceDef> next = it.next();
                if (Sets.difference(keySet, rangerServiceDefHelper.getAllResourceNames(next)).isEmpty()) {
                    this.firstValidResourceDefHierarchy = next;
                    break;
                }
            }
            if (this.firstValidResourceDefHierarchy != null) {
                boolean z = false;
                boolean z2 = false;
                Iterator<String> it2 = rangerServiceDefHelper.getAllResourceNamesOrdered(this.firstValidResourceDefHierarchy).iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    if (this.policyResources.get(it2.next()) != null) {
                        if (z2) {
                            z = true;
                            break;
                        }
                    } else {
                        z2 = true;
                    }
                }
                if (z) {
                    str = "policyResources does not specify contiguous sequence in any valid resourcedef hiearchy.";
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("RangerDefaultPolicyResourceMatcher.init() failed: Gaps found in policyResources, internal error, skipping..");
                    }
                    this.firstValidResourceDefHierarchy = null;
                } else {
                    this.matchers = new HashMap();
                    for (RangerServiceDef.RangerResourceDef rangerResourceDef : this.firstValidResourceDefHierarchy) {
                        String name = rangerResourceDef.getName();
                        RangerPolicy.RangerPolicyResource rangerPolicyResource = this.policyResources.get(name);
                        if (rangerPolicyResource != null) {
                            RangerResourceMatcher createResourceMatcher = createResourceMatcher(rangerResourceDef, rangerPolicyResource);
                            if (createResourceMatcher != null) {
                                this.matchers.put(name, createResourceMatcher);
                            } else {
                                LOG.error("failed to find matcher for resource " + name);
                            }
                        } else if (LOG.isDebugEnabled()) {
                            LOG.debug("RangerDefaultPolicyResourceMatcher.init() - no matcher created for " + name + ". Continuing ...");
                        }
                    }
                }
            } else {
                str = "policyResources elements are not part of any valid resourcedef hierarchy.";
            }
        }
        if (this.matchers == null) {
            Set<String> keySet2 = this.policyResources == null ? null : this.policyResources.keySet();
            StringBuilder sb = new StringBuilder();
            if (CollectionUtils.isNotEmpty(keySet2)) {
                Iterator<String> it3 = keySet2.iterator();
                while (it3.hasNext()) {
                    sb.append(" ").append(it3.next()).append(" ");
                }
            }
            String sb2 = sb.toString();
            String name2 = this.serviceDef == null ? "" : this.serviceDef.getName();
            String str2 = "";
            if (CollectionUtils.isNotEmpty(this.firstValidResourceDefHierarchy)) {
                Iterator<String> it4 = new RangerServiceDefHelper(this.serviceDef, false).getAllResourceNamesOrdered(this.firstValidResourceDefHierarchy).iterator();
                while (it4.hasNext()) {
                    str2 = str2 + " " + it4.next() + " ";
                }
            }
            LOG.warn("RangerDefaultPolicyResourceMatcher.init() failed: " + str + " (serviceDef=" + name2 + ", policyResourceKeys=" + sb2 + ", validHierarchy=" + str2 + ")");
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultPolicyResourceMatcher.init()");
        }
    }

    @Override // org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher
    public boolean isMatch(RangerAccessResource rangerAccessResource) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultPolicyResourceMatcher.isMatch(" + rangerAccessResource + ")");
        }
        boolean z = false;
        if (this.serviceDef != null && this.serviceDef.getResources() != null) {
            Set<String> keys = rangerAccessResource == null ? null : rangerAccessResource.getKeys();
            Set<String> keySet = this.matchers == null ? null : this.matchers.keySet();
            if (CollectionUtils.isEmpty(keys) || (keySet != null && keySet.containsAll(keys))) {
                Iterator<RangerServiceDef.RangerResourceDef> it = this.serviceDef.getResources().iterator();
                while (it.hasNext()) {
                    String name = it.next().getName();
                    String value = rangerAccessResource == null ? null : rangerAccessResource.getValue(name);
                    RangerResourceMatcher rangerResourceMatcher = this.matchers == null ? null : this.matchers.get(name);
                    if (StringUtils.isEmpty(value)) {
                        z = rangerResourceMatcher == null || rangerResourceMatcher.isMatch(value);
                    } else {
                        z = rangerResourceMatcher != null && rangerResourceMatcher.isMatch(value);
                    }
                    if (!z) {
                        break;
                    }
                }
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("isMatch(): keysMatch=false. isMatch=" + keys + "; policyKeys=" + keySet);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultPolicyResourceMatcher.isMatch(" + rangerAccessResource + "): " + z);
        }
        return z;
    }

    @Override // org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher
    public boolean isMatch(Map<String, RangerPolicy.RangerPolicyResource> map) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultPolicyResourceMatcher.isMatch(" + map + ")");
        }
        boolean z = false;
        if (this.serviceDef != null && this.serviceDef.getResources() != null) {
            Set<String> keySet = map == null ? null : map.keySet();
            Set<String> keySet2 = this.matchers == null ? null : this.matchers.keySet();
            if (CollectionUtils.isEmpty(keySet) || (keySet2 != null && keySet2.containsAll(keySet))) {
                Iterator<RangerServiceDef.RangerResourceDef> it = this.serviceDef.getResources().iterator();
                while (it.hasNext()) {
                    String name = it.next().getName();
                    RangerPolicy.RangerPolicyResource rangerPolicyResource = map == null ? null : map.get(name);
                    RangerResourceMatcher rangerResourceMatcher = this.matchers == null ? null : this.matchers.get(name);
                    if (rangerPolicyResource == null || CollectionUtils.isEmpty(rangerPolicyResource.getValues())) {
                        z = rangerResourceMatcher == null || rangerResourceMatcher.isMatch(null);
                    } else if (rangerResourceMatcher != null) {
                        Iterator<String> it2 = rangerPolicyResource.getValues().iterator();
                        while (it2.hasNext()) {
                            z = rangerResourceMatcher.isMatch(it2.next());
                            if (!z) {
                                break;
                            }
                        }
                    }
                    if (!z) {
                        break;
                    }
                }
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("isMatch(): keysMatch=false. resourceKeys=" + keySet + "; policyKeys=" + keySet2);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultPolicyResourceMatcher.isMatch(" + map + "): " + z);
        }
        return z;
    }

    @Override // org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher
    public boolean isCompleteMatch(RangerAccessResource rangerAccessResource) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultPolicyResourceMatcher.isCompleteMatch(" + rangerAccessResource + ")");
        }
        boolean z = false;
        if (this.serviceDef != null && this.serviceDef.getResources() != null) {
            Set<String> keys = rangerAccessResource == null ? null : rangerAccessResource.getKeys();
            Set<String> keySet = this.matchers == null ? null : this.matchers.keySet();
            boolean z2 = false;
            if (keys != null && keySet != null) {
                z2 = CollectionUtils.isEqualCollection(keys, keySet);
            }
            if (z2) {
                Iterator<RangerServiceDef.RangerResourceDef> it = this.serviceDef.getResources().iterator();
                while (it.hasNext()) {
                    String name = it.next().getName();
                    String value = rangerAccessResource == null ? null : rangerAccessResource.getValue(name);
                    RangerResourceMatcher rangerResourceMatcher = this.matchers == null ? null : this.matchers.get(name);
                    if (StringUtils.isEmpty(value)) {
                        z = rangerResourceMatcher == null || rangerResourceMatcher.isCompleteMatch(value);
                    } else {
                        z = rangerResourceMatcher != null && rangerResourceMatcher.isCompleteMatch(value);
                    }
                    if (!z) {
                        break;
                    }
                }
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("isCompleteMatch(): keysMatch=false. resourceKeys=" + keys + "; policyKeys=" + keySet);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultPolicyResourceMatcher.isCompleteMatch(" + rangerAccessResource + "): " + z);
        }
        return z;
    }

    @Override // org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher
    public boolean isHeadMatch(RangerAccessResource rangerAccessResource) {
        boolean z;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultPolicyResourceMatcher.isHeadMatch(" + rangerAccessResource + ")");
        }
        if (this.matchers == null) {
            LOG.debug("RangerDefaultPolicyResourceMatcher.isHeadMatch(): PolicyResourceMatcher not initialized correctly!!!");
            z = false;
        } else if (rangerAccessResource == null || CollectionUtils.isEmpty(rangerAccessResource.getKeys())) {
            LOG.debug("RangerDefaultPolicyResourceMatcher.isHeadMatch: resource was null/empty!");
            z = true;
        } else {
            z = newIsHeadMatch(rangerAccessResource);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultPolicyResourceMatcher.matchResourceHead(" + rangerAccessResource + "): " + z);
        }
        return z;
    }

    @Override // org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher
    public boolean isExactHeadMatch(RangerAccessResource rangerAccessResource) {
        boolean z;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultPolicyResourceMatcher.isExactHeadMatch(" + rangerAccessResource + ")");
        }
        if (this.matchers == null) {
            LOG.debug("RangerDefaultPolicyResourceMatcher.isExactHeadMatch(): PolicyResourceMatcher not initialized correctly!!!");
            z = false;
        } else if (rangerAccessResource == null || CollectionUtils.isEmpty(rangerAccessResource.getKeys())) {
            LOG.debug("RangerDefaultPolicyResourceMatcher.isExactHeadMatch: resource was null/empty!");
            z = false;
        } else if (this.matchers.size() > rangerAccessResource.getKeys().size()) {
            LOG.debug("RangerDefaultPolicyResourceMatcher.isExactHeadMatch: more levels specified in PolicyResourceMatcher than in resource being matched!!");
            z = false;
        } else {
            z = newIsHeadMatch(rangerAccessResource);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultPolicyResourceMatcher.isExactHeadMatch(" + rangerAccessResource + ")" + z);
        }
        return z;
    }

    private boolean newIsHeadMatch(RangerAccessResource rangerAccessResource) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultPolicyResourceMatcher.newIsHeadMatch(" + rangerAccessResource + ")");
        }
        boolean z = false;
        boolean z2 = true;
        Iterator<RangerServiceDef.RangerResourceDef> it = this.firstValidResourceDefHierarchy.iterator();
        while (it.hasNext()) {
            String name = it.next().getName();
            String value = rangerAccessResource.getValue(name);
            RangerResourceMatcher rangerResourceMatcher = this.matchers.get(name);
            if (rangerResourceMatcher != null) {
                if (StringUtils.isNotBlank(value)) {
                    z2 = !z ? rangerResourceMatcher.isMatch(value) : false;
                } else {
                    z = true;
                }
            }
            if (!z2) {
                break;
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultPolicyResourceMatcher.newIsHeadMatch(" + rangerAccessResource + "): " + z2);
        }
        return z2;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        toString(sb);
        return sb.toString();
    }

    @Override // org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher
    public StringBuilder toString(StringBuilder sb) {
        sb.append("RangerDefaultPolicyResourceMatcher={");
        sb.append("matchers={");
        if (this.matchers != null) {
            Iterator<RangerResourceMatcher> it = this.matchers.values().iterator();
            while (it.hasNext()) {
                sb.append("{").append(it.next()).append("} ");
            }
        }
        sb.append("} ");
        sb.append("}");
        return sb;
    }

    protected static RangerResourceMatcher createResourceMatcher(RangerServiceDef.RangerResourceDef rangerResourceDef, RangerPolicy.RangerPolicyResource rangerPolicyResource) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultPolicyResourceMatcher.createResourceMatcher(" + rangerResourceDef + ", " + rangerPolicyResource + ")");
        }
        RangerResourceMatcher rangerResourceMatcher = null;
        if (rangerResourceDef != null) {
            String name = rangerResourceDef.getName();
            String matcher = rangerResourceDef.getMatcher();
            if (!StringUtils.isEmpty(matcher)) {
                try {
                    rangerResourceMatcher = (RangerResourceMatcher) Class.forName(matcher).newInstance();
                } catch (Exception e) {
                    LOG.error("failed to instantiate resource matcher '" + matcher + "' for '" + name + "'. Default resource matcher will be used", e);
                }
            }
            if (rangerResourceMatcher == null) {
                rangerResourceMatcher = new RangerDefaultResourceMatcher();
            }
            if (rangerResourceMatcher != null) {
                rangerResourceMatcher.setResourceDef(rangerResourceDef);
                rangerResourceMatcher.setPolicyResource(rangerPolicyResource);
                rangerResourceMatcher.init();
            }
        } else {
            LOG.error("RangerDefaultPolicyResourceMatcher: RangerResourceDef is null");
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultPolicyResourceMatcher.createResourceMatcher(" + rangerResourceDef + ", " + rangerPolicyResource + "): " + rangerResourceMatcher);
        }
        return rangerResourceMatcher;
    }

    @Override // org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher
    public boolean isCompleteMatch(Map<String, RangerPolicy.RangerPolicyResource> map) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultPolicyResourceMatcher.isCompleteMatch(" + map + ")");
        }
        boolean z = false;
        if (this.serviceDef != null && this.serviceDef.getResources() != null) {
            Set<String> keySet = map == null ? null : map.keySet();
            Set<String> keySet2 = this.matchers == null ? null : this.matchers.keySet();
            boolean z2 = false;
            if (keySet != null && keySet2 != null) {
                z2 = CollectionUtils.isEqualCollection(keySet, keySet2);
            }
            if (z2) {
                Iterator<RangerServiceDef.RangerResourceDef> it = this.serviceDef.getResources().iterator();
                while (it.hasNext()) {
                    String name = it.next().getName();
                    RangerPolicy.RangerPolicyResource rangerPolicyResource = map == null ? null : map.get(name);
                    RangerPolicy.RangerPolicyResource rangerPolicyResource2 = this.policyResources == null ? null : this.policyResources.get(name);
                    if (rangerPolicyResource == null || CollectionUtils.isEmpty(rangerPolicyResource.getValues())) {
                        z = rangerPolicyResource2 == null || CollectionUtils.isEmpty(rangerPolicyResource2.getValues());
                    } else if (rangerPolicyResource2 != null && CollectionUtils.isNotEmpty(rangerPolicyResource2.getValues())) {
                        z = CollectionUtils.isEqualCollection(rangerPolicyResource.getValues(), rangerPolicyResource2.getValues());
                    }
                    if (!z) {
                        break;
                    }
                }
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("isCompleteMatch(): keysMatch=false. resourceKeys=" + keySet + "; policyKeys=" + keySet2);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultPolicyResourceMatcher.isCompleteMatch(" + map + "): " + z);
        }
        return z;
    }
}
