package org.apache.ranger.plugin.service;

import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.plugin.contextenricher.RangerContextEnricher;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResource;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor;
import org.apache.ranger.plugin.policyengine.RangerMutableResource;
import org.apache.ranger.plugin.policyengine.RangerPluginContext;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
import org.apache.ranger.plugin.policyengine.RangerResourceACLs;
import org.apache.ranger.plugin.policyengine.RangerResourceAccessInfo;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
import org.apache.ranger.plugin.util.ServicePolicies;

/* loaded from: input_file:org/apache/ranger/plugin/service/RangerAuthContext.class */
public class RangerAuthContext implements RangerPolicyEngine {
    private static final Log LOG = LogFactory.getLog(RangerAuthContext.class);
    private final RangerPluginContext rangerPluginContext;
    private RangerPolicyEngine policyEngine;
    private Map<RangerContextEnricher, Object> requestContextEnrichers;

    protected RangerAuthContext() {
        this(null, null, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RangerAuthContext(RangerPluginContext rangerPluginContext) {
        this(null, null, rangerPluginContext);
    }

    RangerAuthContext(RangerPolicyEngine rangerPolicyEngine, Map<RangerContextEnricher, Object> map, RangerPluginContext rangerPluginContext) {
        this.policyEngine = rangerPolicyEngine;
        this.requestContextEnrichers = map;
        this.rangerPluginContext = rangerPluginContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RangerAuthContext(RangerAuthContext rangerAuthContext) {
        this(rangerAuthContext, null);
    }

    RangerAuthContext(RangerAuthContext rangerAuthContext, RangerPluginContext rangerPluginContext) {
        if (rangerAuthContext != null) {
            this.policyEngine = rangerAuthContext.getPolicyEngine();
            Map<RangerContextEnricher, Object> map = rangerAuthContext.requestContextEnrichers;
            if (MapUtils.isNotEmpty(map)) {
                this.requestContextEnrichers = new ConcurrentHashMap(map);
            }
        }
        this.rangerPluginContext = rangerPluginContext;
    }

    public RangerPolicyEngine getPolicyEngine() {
        return this.policyEngine;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPolicyEngine(RangerPolicyEngine rangerPolicyEngine) {
        this.policyEngine = rangerPolicyEngine;
    }

    public Map<RangerContextEnricher, Object> getRequestContextEnrichers() {
        return this.requestContextEnrichers;
    }

    public void addOrReplaceRequestContextEnricher(RangerContextEnricher rangerContextEnricher, Object obj) {
        if (this.requestContextEnrichers == null) {
            this.requestContextEnrichers = new ConcurrentHashMap();
        }
        this.requestContextEnrichers.put(rangerContextEnricher, obj != null ? obj : rangerContextEnricher);
    }

    public void cleanupRequestContextEnricher(RangerContextEnricher rangerContextEnricher) {
        if (this.requestContextEnrichers != null) {
            this.requestContextEnrichers.remove(rangerContextEnricher);
        }
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public void setUseForwardedIPAddress(boolean z) {
        this.policyEngine.setUseForwardedIPAddress(z);
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public void setTrustedProxyAddresses(String[] strArr) {
        this.policyEngine.setTrustedProxyAddresses(strArr);
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public boolean getUseForwardedIPAddress() {
        return this.policyEngine.getUseForwardedIPAddress();
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public String[] getTrustedProxyAddresses() {
        return this.policyEngine.getTrustedProxyAddresses();
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public RangerServiceDef getServiceDef() {
        return this.policyEngine.getServiceDef();
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public long getPolicyVersion() {
        return this.policyEngine.getPolicyVersion();
    }

    public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> collection, RangerAccessResultProcessor rangerAccessResultProcessor) {
        preProcess(collection);
        return this.policyEngine.evaluatePolicies(collection, 0, rangerAccessResultProcessor);
    }

    public RangerAccessResult isAccessAllowed(RangerAccessRequest rangerAccessRequest, RangerAccessResultProcessor rangerAccessResultProcessor) {
        preProcess(rangerAccessRequest);
        return this.policyEngine.evaluatePolicies(rangerAccessRequest, 0, rangerAccessResultProcessor);
    }

    public RangerAccessResult evalDataMaskPolicies(RangerAccessRequest rangerAccessRequest, RangerAccessResultProcessor rangerAccessResultProcessor) {
        preProcess(rangerAccessRequest);
        return this.policyEngine.evaluatePolicies(rangerAccessRequest, 1, rangerAccessResultProcessor);
    }

    public RangerAccessResult evalRowFilterPolicies(RangerAccessRequest rangerAccessRequest, RangerAccessResultProcessor rangerAccessResultProcessor) {
        preProcess(rangerAccessRequest);
        return this.policyEngine.evaluatePolicies(rangerAccessRequest, 2, rangerAccessResultProcessor);
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public void preProcess(RangerAccessRequest rangerAccessRequest) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAuthContext.preProcess");
        }
        RangerAccessResource resource = rangerAccessRequest.getResource();
        if (resource.getServiceDef() == null && (resource instanceof RangerMutableResource)) {
            ((RangerMutableResource) resource).setServiceDef(getServiceDef());
        }
        if (rangerAccessRequest instanceof RangerAccessRequestImpl) {
            RangerAccessRequestImpl rangerAccessRequestImpl = (RangerAccessRequestImpl) rangerAccessRequest;
            rangerAccessRequestImpl.extractAndSetClientIPAddress(getUseForwardedIPAddress(), getTrustedProxyAddresses());
            if (this.rangerPluginContext != null) {
                rangerAccessRequestImpl.setClusterName(this.rangerPluginContext.getClusterName());
                rangerAccessRequestImpl.setClusterType(this.rangerPluginContext.getClusterType());
            }
        }
        RangerAccessRequestUtil.setCurrentUserInContext(rangerAccessRequest.getContext(), rangerAccessRequest.getUser());
        Set<String> rolesFromUserAndGroups = getRolesFromUserAndGroups(rangerAccessRequest.getUser(), rangerAccessRequest.getUserGroups());
        if (CollectionUtils.isNotEmpty(rolesFromUserAndGroups)) {
            RangerAccessRequestUtil.setCurrentUserRolesInContext(rangerAccessRequest.getContext(), rolesFromUserAndGroups);
        }
        if (MapUtils.isNotEmpty(this.requestContextEnrichers)) {
            for (Map.Entry<RangerContextEnricher, Object> entry : this.requestContextEnrichers.entrySet()) {
                if ((entry.getValue() instanceof RangerContextEnricher) && entry.getKey().equals(entry.getValue())) {
                    entry.getKey().enrich(rangerAccessRequest, null);
                } else {
                    entry.getKey().enrich(rangerAccessRequest, entry.getValue());
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAuthContext.preProcess");
        }
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public void preProcess(Collection<RangerAccessRequest> collection) {
        if (CollectionUtils.isNotEmpty(collection)) {
            Iterator<RangerAccessRequest> it = collection.iterator();
            while (it.hasNext()) {
                preProcess(it.next());
            }
        }
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public RangerAccessResult evaluatePolicies(RangerAccessRequest rangerAccessRequest, int i, RangerAccessResultProcessor rangerAccessResultProcessor) {
        return this.policyEngine.evaluatePolicies(rangerAccessRequest, i, rangerAccessResultProcessor);
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public Collection<RangerAccessResult> evaluatePolicies(Collection<RangerAccessRequest> collection, int i, RangerAccessResultProcessor rangerAccessResultProcessor) {
        return this.policyEngine.evaluatePolicies(collection, i, rangerAccessResultProcessor);
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public RangerResourceACLs getResourceACLs(RangerAccessRequest rangerAccessRequest) {
        preProcess(rangerAccessRequest);
        return this.policyEngine.getResourceACLs(rangerAccessRequest);
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public String getMatchedZoneName(GrantRevokeRequest grantRevokeRequest) {
        return this.policyEngine.getMatchedZoneName(grantRevokeRequest);
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public boolean preCleanup() {
        return this.policyEngine.preCleanup();
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public void cleanup() {
        this.policyEngine.cleanup();
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public RangerResourceAccessInfo getResourceAccessInfo(RangerAccessRequest rangerAccessRequest) {
        preProcess(rangerAccessRequest);
        return this.policyEngine.getResourceAccessInfo(rangerAccessRequest);
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public List<RangerPolicy> getMatchingPolicies(RangerAccessResource rangerAccessResource) {
        RangerAccessRequestImpl rangerAccessRequestImpl = new RangerAccessRequestImpl(rangerAccessResource, RangerPolicyEngine.ANY_ACCESS, null, null);
        preProcess(rangerAccessRequestImpl);
        return getMatchingPolicies(rangerAccessRequestImpl);
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public List<RangerPolicy> getMatchingPolicies(RangerAccessRequest rangerAccessRequest) {
        return this.policyEngine.getMatchingPolicies(rangerAccessRequest);
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public void reorderPolicyEvaluators() {
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public boolean isAccessAllowed(RangerAccessResource rangerAccessResource, String str, Set<String> set, String str2) {
        return false;
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public boolean isAccessAllowed(RangerPolicy rangerPolicy, String str, Set<String> set, String str2) {
        return false;
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public boolean isAccessAllowed(RangerPolicy rangerPolicy, String str, Set<String> set, Set<String> set2, String str2) {
        return false;
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public boolean isAccessAllowed(Map<String, RangerPolicy.RangerPolicyResource> map, String str, Set<String> set, String str2) {
        return false;
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public List<RangerPolicy> getExactMatchPolicies(RangerPolicy rangerPolicy, Map<String, Object> map) {
        return null;
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public List<RangerPolicy> getExactMatchPolicies(RangerAccessResource rangerAccessResource, Map<String, Object> map) {
        return null;
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public List<RangerPolicy> getAllowedPolicies(String str, Set<String> set, String str2) {
        return null;
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public RangerPolicyEngine cloneWithDelta(ServicePolicies servicePolicies) {
        return this.policyEngine.cloneWithDelta(servicePolicies);
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerPolicyEngine
    public Set<String> getRolesFromUserAndGroups(String str, Set<String> set) {
        return this.policyEngine.getRolesFromUserAndGroups(str, set);
    }
}
