package org.apache.storm.security.auth.authorizer;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.storm.Config;
import org.apache.storm.security.auth.AuthUtils;
import org.apache.storm.security.auth.IAuthorizer;
import org.apache.storm.security.auth.IGroupMappingServiceProvider;
import org.apache.storm.security.auth.IPrincipalToLocal;
import org.apache.storm.security.auth.ReqContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/storm/security/auth/authorizer/SimpleACLAuthorizer.class */
public class SimpleACLAuthorizer implements IAuthorizer {
    private static final Logger LOG = LoggerFactory.getLogger(SimpleACLAuthorizer.class);
    protected Set<String> _userCommands = new HashSet(Arrays.asList("submitTopology", "fileUpload", "getNimbusConf", "getClusterInfo", "getSupervisorPageInfo"));
    protected Set<String> _supervisorCommands = new HashSet(Arrays.asList("fileDownload"));
    protected Set<String> _topoCommands = new HashSet(Arrays.asList("killTopology", "rebalance", "activate", "deactivate", "getTopologyConf", "getTopology", "getUserTopology", "getTopologyInfo", "getTopologyPageInfo", "getComponentPageInfo", "uploadNewCredentials", "setLogConfig", "setWorkerProfiler", "getWorkerProfileActionExpiry", "getComponentPendingProfileActions", "startProfiling", "stopProfiling", "dumpProfile", "dumpJstack", "dumpHeap", "debug", "getLogConfig"));
    protected Set<String> _admins;
    protected Set<String> _supervisors;
    protected Set<String> _nimbusUsers;
    protected Set<String> _nimbusGroups;
    protected IPrincipalToLocal _ptol;
    protected IGroupMappingServiceProvider _groupMappingProvider;

    @Override // org.apache.storm.security.auth.IAuthorizer
    public void prepare(Map map) {
        this._admins = new HashSet();
        this._supervisors = new HashSet();
        this._nimbusUsers = new HashSet();
        this._nimbusGroups = new HashSet();
        if (map.containsKey(Config.NIMBUS_ADMINS)) {
            this._admins.addAll((Collection) map.get(Config.NIMBUS_ADMINS));
        }
        if (map.containsKey(Config.NIMBUS_SUPERVISOR_USERS)) {
            this._supervisors.addAll((Collection) map.get(Config.NIMBUS_SUPERVISOR_USERS));
        }
        if (map.containsKey(Config.NIMBUS_USERS)) {
            this._nimbusUsers.addAll((Collection) map.get(Config.NIMBUS_USERS));
        }
        if (map.containsKey(Config.NIMBUS_GROUPS)) {
            this._nimbusGroups.addAll((Collection) map.get(Config.NIMBUS_GROUPS));
        }
        this._ptol = AuthUtils.GetPrincipalToLocalPlugin(map);
        this._groupMappingProvider = AuthUtils.GetGroupMappingServiceProviderPlugin(map);
    }

    @Override // org.apache.storm.security.auth.IAuthorizer
    public boolean permit(ReqContext reqContext, String str, Map map) {
        String name = reqContext.principal().getName();
        String local = this._ptol.toLocal(reqContext.principal());
        Set<String> hashSet = new HashSet();
        if (this._groupMappingProvider != null) {
            try {
                hashSet = this._groupMappingProvider.getGroups(local);
            } catch (IOException e) {
                LOG.warn("Error while trying to fetch user groups", e);
            }
        }
        if (this._admins.contains(name) || this._admins.contains(local)) {
            return true;
        }
        if (this._supervisors.contains(name) || this._supervisors.contains(local)) {
            return this._supervisorCommands.contains(str);
        }
        if (this._userCommands.contains(str)) {
            return this._nimbusUsers.size() == 0 || this._nimbusUsers.contains(local) || checkUserGroupAllowed(hashSet, this._nimbusGroups).booleanValue();
        }
        if (!this._topoCommands.contains(str)) {
            return false;
        }
        HashSet hashSet2 = new HashSet();
        if (map.containsKey(Config.TOPOLOGY_USERS)) {
            hashSet2.addAll((Collection) map.get(Config.TOPOLOGY_USERS));
        }
        if (hashSet2.contains(name) || hashSet2.contains(local)) {
            return true;
        }
        HashSet hashSet3 = new HashSet();
        if (map.containsKey(Config.TOPOLOGY_GROUPS) && map.get(Config.TOPOLOGY_GROUPS) != null) {
            hashSet3.addAll((Collection) map.get(Config.TOPOLOGY_GROUPS));
        }
        return checkUserGroupAllowed(hashSet, hashSet3).booleanValue();
    }

    private Boolean checkUserGroupAllowed(Set<String> set, Set<String> set2) {
        if (set.size() > 0 && set2.size() > 0) {
            Iterator<String> it = set2.iterator();
            while (it.hasNext()) {
                if (set.contains(it.next())) {
                    return true;
                }
            }
        }
        return false;
    }
}
