package org.apache.ranger.services.kms;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.service.RangerBaseService;
import org.apache.ranger.plugin.service.ResourceLookupContext;
import org.apache.ranger.services.kms.client.KMSResourceMgr;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/services/kms/RangerServiceKMS.class */
public class RangerServiceKMS extends RangerBaseService {
    private static final Logger LOG = LoggerFactory.getLogger(RangerServiceKMS.class);
    public static final String ACCESS_TYPE_DECRYPT_EEK = "decrypteek";
    public static final String ACCESS_TYPE_GENERATE_EEK = "generateeek";
    public static final String ACCESS_TYPE_GET_METADATA = "getmetadata";
    public static final String ACCESS_TYPE_GET = "get";

    public void init(RangerServiceDef rangerServiceDef, RangerService rangerService) {
        super.init(rangerServiceDef, rangerService);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public Map<String, Object> validateConfig() throws Exception {
        Map hashMap = new HashMap();
        String serviceName = getServiceName();
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerServiceKMS.validateConfig Service: (" + serviceName + " )");
        }
        if (this.configs != null) {
            try {
                hashMap = KMSResourceMgr.validateConfig(serviceName, this.configs);
            } catch (Exception e) {
                LOG.error("<== RangerServiceKMS.validateConfig Error:" + e);
                throw e;
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerServiceKMS.validateConfig Response : (" + hashMap + " )");
        }
        return hashMap;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public List<String> lookupResource(ResourceLookupContext resourceLookupContext) throws Exception {
        List arrayList = new ArrayList();
        String serviceName = getServiceName();
        Map configs = getConfigs();
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerServiceKMS.lookupResource Context: (" + resourceLookupContext + ")");
        }
        if (resourceLookupContext != null) {
            try {
                arrayList = KMSResourceMgr.getKMSResources(serviceName, configs, resourceLookupContext);
            } catch (Exception e) {
                LOG.error("<==RangerServiceKMS.lookupResource Error : " + e);
                throw e;
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerServiceKMS.lookupResource Response: (" + arrayList + ")");
        }
        return arrayList;
    }

    public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerServiceKMS.getDefaultRangerPolicies() ");
        }
        List<RangerPolicy> defaultRangerPolicies = super.getDefaultRangerPolicies();
        String lookupUser = getLookupUser(getConfig().get("hadoop.security.authentication", "simple"), getConfig().get("ranger.admin.kerberos.principal"), getConfig().get("ranger.admin.kerberos.keytab"));
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        for (RangerServiceDef.RangerAccessTypeDef rangerAccessTypeDef : this.serviceDef.getAccessTypes()) {
            if (rangerAccessTypeDef.getName().equalsIgnoreCase("getmetadata")) {
                arrayList.add(rangerAccessTypeDef);
                arrayList2.add(rangerAccessTypeDef);
                arrayList3.add(rangerAccessTypeDef);
            } else if (rangerAccessTypeDef.getName().equalsIgnoreCase("generateeek")) {
                arrayList.add(rangerAccessTypeDef);
                arrayList2.add(rangerAccessTypeDef);
            } else if (rangerAccessTypeDef.getName().equalsIgnoreCase("decrypteek")) {
                arrayList3.add(rangerAccessTypeDef);
                arrayList4.add(rangerAccessTypeDef);
            }
        }
        for (RangerPolicy rangerPolicy : defaultRangerPolicies) {
            if (rangerPolicy.getName().contains("all") && StringUtils.isNotBlank(this.lookUpUser)) {
                RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
                rangerPolicyItem.setUsers(Collections.singletonList(this.lookUpUser));
                rangerPolicyItem.setAccesses(Collections.singletonList(new RangerPolicy.RangerPolicyItemAccess("get")));
                rangerPolicyItem.setDelegateAdmin(false);
                rangerPolicy.addPolicyItem(rangerPolicyItem);
            }
            for (RangerPolicy.RangerPolicyItem rangerPolicyItem2 : rangerPolicy.getPolicyItems()) {
                if (StringUtils.isNotBlank(lookupUser)) {
                    rangerPolicyItem2.addUser(lookupUser);
                }
            }
            String str = getConfig().get("ranger.kms.service.user.hdfs", "hdfs");
            if (str != null && !str.isEmpty()) {
                LOG.info("Creating default KMS policy item for " + str);
                ArrayList arrayList5 = new ArrayList();
                arrayList5.add(str);
                rangerPolicy.addPolicyItem(createDefaultPolicyItem(arrayList, arrayList5));
            }
            String str2 = getConfig().get("ranger.kms.service.user.om", "om");
            if (StringUtils.isNotEmpty(str2)) {
                LOG.info("Creating default KMS policy item for " + str2);
                ArrayList arrayList6 = new ArrayList();
                arrayList6.add(str2);
                rangerPolicy.addPolicyItem(createDefaultPolicyItem(arrayList2, arrayList6));
            }
            String str3 = getConfig().get("ranger.kms.service.user.hive", "hive");
            if (str3 != null && !str3.isEmpty()) {
                LOG.info("Creating default KMS policy item for " + str3);
                ArrayList arrayList7 = new ArrayList();
                arrayList7.add(str3);
                rangerPolicy.addPolicyItem(createDefaultPolicyItem(arrayList3, arrayList7));
            }
            String str4 = getConfig().get("ranger.kms.service.user.hbase", "hbase");
            if (str4 != null && !str4.isEmpty()) {
                LOG.info("Creating default KMS policy item for " + str4);
                ArrayList arrayList8 = new ArrayList();
                arrayList8.add(str4);
                rangerPolicy.addPolicyItem(createDefaultPolicyItem(arrayList4, arrayList8));
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerServiceKMS.getDefaultRangerPolicies() : " + defaultRangerPolicies);
        }
        return defaultRangerPolicies;
    }

    private RangerPolicy.RangerPolicyItem createDefaultPolicyItem(List<RangerServiceDef.RangerAccessTypeDef> list, List<String> list2) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerServiceTag.createDefaultPolicyItem()");
        }
        RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
        rangerPolicyItem.setUsers(list2);
        ArrayList arrayList = new ArrayList();
        for (RangerServiceDef.RangerAccessTypeDef rangerAccessTypeDef : list) {
            RangerPolicy.RangerPolicyItemAccess rangerPolicyItemAccess = new RangerPolicy.RangerPolicyItemAccess();
            rangerPolicyItemAccess.setType(rangerAccessTypeDef.getName());
            rangerPolicyItemAccess.setIsAllowed(true);
            arrayList.add(rangerPolicyItemAccess);
        }
        rangerPolicyItem.setAccesses(arrayList);
        rangerPolicyItem.setDelegateAdmin(true);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerServiceTag.createDefaultPolicyItem(): " + rangerPolicyItem);
        }
        return rangerPolicyItem;
    }
}
