package org.apache.ranger.authorization.hadoop.config;

import java.net.URL;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.log4j.Logger;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions;

/* loaded from: input_file:org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.class */
public class RangerPluginConfig extends RangerConfiguration {
    private static final Logger LOG = Logger.getLogger(RangerPluginConfig.class);
    private static final char RANGER_TRUSTED_PROXY_IPADDRESSES_SEPARATOR_CHAR = ',';
    private final String serviceType;
    private final String serviceName;
    private final String appId;
    private final String clusterName;
    private final String clusterType;
    private final RangerPolicyEngineOptions policyEngineOptions;
    private final boolean useForwardedIPAddress;
    private final String[] trustedProxyAddresses;
    private final String propertyPrefix;
    private Set<String> auditExcludedUsers = Collections.emptySet();
    private Set<String> auditExcludedGroups = Collections.emptySet();
    private Set<String> auditExcludedRoles = Collections.emptySet();
    private Set<String> superUsers = Collections.emptySet();
    private Set<String> superGroups = Collections.emptySet();

    public RangerPluginConfig(String str, String str2, String str3, String str4, String str5, RangerPolicyEngineOptions rangerPolicyEngineOptions) {
        addResourcesForServiceType(str);
        this.serviceType = str;
        this.appId = StringUtils.isEmpty(str3) ? str : str3;
        this.propertyPrefix = "ranger.plugin." + str;
        this.serviceName = StringUtils.isEmpty(str2) ? get(this.propertyPrefix + ".service.name") : str2;
        addResourcesForServiceName(this.serviceType, this.serviceName);
        String str6 = get(this.propertyPrefix + ".trusted.proxy.ipaddresses");
        if (StringUtil.isEmpty(str4)) {
            str4 = get(this.propertyPrefix + ".access.cluster.name", "");
            if (StringUtil.isEmpty(str4)) {
                str4 = get(this.propertyPrefix + ".ambari.cluster.name", "");
            }
        }
        if (StringUtil.isEmpty(str5)) {
            str5 = get(this.propertyPrefix + ".access.cluster.type", "");
            if (StringUtil.isEmpty(str5)) {
                str5 = get(this.propertyPrefix + ".ambari.cluster.type", "");
            }
        }
        this.clusterName = str4;
        this.clusterType = str5;
        this.useForwardedIPAddress = getBoolean(this.propertyPrefix + ".use.x-forwarded-for.ipaddress", false);
        this.trustedProxyAddresses = StringUtils.split(str6, ',');
        if (this.trustedProxyAddresses != null) {
            for (int i = 0; i < this.trustedProxyAddresses.length; i++) {
                this.trustedProxyAddresses[i] = this.trustedProxyAddresses[i].trim();
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug(this.propertyPrefix + ".use.x-forwarded-for.ipaddress:" + this.useForwardedIPAddress);
            LOG.debug(this.propertyPrefix + ".trusted.proxy.ipaddresses:[" + StringUtils.join(this.trustedProxyAddresses, ", ") + "]");
        }
        if (this.useForwardedIPAddress && StringUtils.isBlank(str6)) {
            LOG.warn("Property " + this.propertyPrefix + ".use.x-forwarded-for.ipaddress is set to true, and Property " + this.propertyPrefix + ".trusted.proxy.ipaddresses is not set");
            LOG.warn("Ranger plugin will trust RemoteIPAddress and treat first X-Forwarded-Address in the access-request as the clientIPAddress");
        }
        if (rangerPolicyEngineOptions == null) {
            rangerPolicyEngineOptions = new RangerPolicyEngineOptions();
            rangerPolicyEngineOptions.configureForPlugin(this, this.propertyPrefix);
        }
        this.policyEngineOptions = rangerPolicyEngineOptions;
        LOG.info(rangerPolicyEngineOptions);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RangerPluginConfig(String str, String str2, String str3, RangerPluginConfig rangerPluginConfig) {
        this.serviceType = str;
        this.appId = StringUtils.isEmpty(str3) ? str : str3;
        this.propertyPrefix = "ranger.plugin." + str;
        this.serviceName = str2;
        this.clusterName = rangerPluginConfig.getClusterName();
        this.clusterType = rangerPluginConfig.getClusterType();
        this.useForwardedIPAddress = rangerPluginConfig.isUseForwardedIPAddress();
        this.trustedProxyAddresses = rangerPluginConfig.getTrustedProxyAddresses();
        this.policyEngineOptions = rangerPluginConfig.getPolicyEngineOptions();
    }

    public String getServiceType() {
        return this.serviceType;
    }

    public String getAppId() {
        return this.appId;
    }

    public String getServiceName() {
        return this.serviceName;
    }

    public String getClusterName() {
        return this.clusterName;
    }

    public String getClusterType() {
        return this.clusterType;
    }

    public boolean isUseForwardedIPAddress() {
        return this.useForwardedIPAddress;
    }

    public String[] getTrustedProxyAddresses() {
        return this.trustedProxyAddresses;
    }

    public String getPropertyPrefix() {
        return this.propertyPrefix;
    }

    public RangerPolicyEngineOptions getPolicyEngineOptions() {
        return this.policyEngineOptions;
    }

    public void setAuditExcludedUsersGroupsRoles(Set<String> set, Set<String> set2, Set<String> set3) {
        this.auditExcludedUsers = CollectionUtils.isEmpty(set) ? Collections.emptySet() : new HashSet<>(set);
        this.auditExcludedGroups = CollectionUtils.isEmpty(set2) ? Collections.emptySet() : new HashSet<>(set2);
        this.auditExcludedRoles = CollectionUtils.isEmpty(set2) ? Collections.emptySet() : new HashSet<>(set3);
        if (LOG.isDebugEnabled()) {
            LOG.debug("auditExcludedUsers=" + this.auditExcludedUsers + ", auditExcludedGroups=" + this.auditExcludedGroups + ", auditExcludedRoles=" + this.auditExcludedRoles);
        }
    }

    public void setSuperUsersGroups(Set<String> set, Set<String> set2) {
        this.superUsers = CollectionUtils.isEmpty(set) ? Collections.emptySet() : new HashSet<>(set);
        this.superGroups = CollectionUtils.isEmpty(set2) ? Collections.emptySet() : new HashSet<>(set2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("superUsers=" + this.superUsers + ", superGroups=" + this.superGroups);
        }
    }

    public boolean isAuditExcludedUser(String str) {
        return this.auditExcludedUsers.contains(str);
    }

    public boolean hasAuditExcludedGroup(Set<String> set) {
        return set != null && set.size() > 0 && this.auditExcludedGroups.size() > 0 && CollectionUtils.containsAny(set, this.auditExcludedGroups);
    }

    public boolean hasAuditExcludedRole(Set<String> set) {
        return set != null && set.size() > 0 && this.auditExcludedRoles.size() > 0 && CollectionUtils.containsAny(set, this.auditExcludedRoles);
    }

    public boolean isSuperUser(String str) {
        return this.superUsers.contains(str);
    }

    public boolean hasSuperGroup(Set<String> set) {
        return set != null && set.size() > 0 && this.superGroups.size() > 0 && CollectionUtils.containsAny(set, this.superGroups);
    }

    private void addResourcesForServiceType(String str) {
        String str2 = "ranger-" + str + "-security.xml";
        String str3 = "ranger-" + str + "-policymgr-ssl.xml";
        if (!addResourceIfReadable("ranger-" + str + "-audit.xml")) {
            addAuditResource(str);
        }
        if (!addResourceIfReadable(str2)) {
            addSecurityResource(str);
        }
        if (addResourceIfReadable(str3)) {
            return;
        }
        addSslConfigResource(str);
    }

    private void addResourcesForServiceName(String str, String str2) {
        if (StringUtils.isNotBlank(str) && StringUtils.isNotBlank(str2)) {
            addResourceIfReadable("ranger-" + str + "-" + str2 + "-audit.xml");
            addResourceIfReadable("ranger-" + str + "-" + str2 + "-security.xml");
            addResourceIfReadable("ranger-" + str + "-" + str2 + "-policymgr-ssl.xml");
        }
    }

    private void addSecurityResource(String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> addSecurityResource(Service Type: " + str);
        }
        Configuration securityConfig = RangerLegacyConfigBuilder.getSecurityConfig(str);
        if (securityConfig != null) {
            addResource(securityConfig);
        } else if (LOG.isDebugEnabled()) {
            LOG.debug("Unable to add the Security Config for " + str + ". Plugin won't be enabled!");
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<= addSecurityResource(Service Type: " + str);
        }
    }

    private void addAuditResource(String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> addAuditResource(Service Type: " + str);
        }
        try {
            URL auditConfig = RangerLegacyConfigBuilder.getAuditConfig(str);
            if (auditConfig != null) {
                addResource(auditConfig);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("==> addAuditResource() URL" + auditConfig.getPath());
                }
            }
        } catch (Throwable th) {
            LOG.warn("Unable to find Audit Config for " + str + " Auditing not enabled !");
            if (LOG.isDebugEnabled()) {
                LOG.debug("Unable to find Audit Config for " + str + " Auditing not enabled !" + th);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== addAuditResource(Service Type: " + str + ")");
        }
    }

    private void addSslConfigResource(String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> addSslConfigResource(Service Type: " + str);
        }
        try {
            URL sSLConfig = RangerLegacyConfigBuilder.getSSLConfig(str);
            if (sSLConfig != null) {
                addResource(sSLConfig);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("==> addSslConfigResource() URL" + sSLConfig.getPath());
                }
            }
        } catch (Throwable th) {
            LOG.warn("Unable to find SSL Config for " + str + " SSL not enabled !");
            if (LOG.isDebugEnabled()) {
                LOG.debug("Unable to find SSL Config for " + str + " Auditing not enabled !" + th);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== addSslConfigResource(Service Type: " + str + ")");
        }
    }
}
