package org.apache.ranger.plugin.util;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator;
import org.apache.ranger.plugin.contextenricher.RangerUserStoreEnricher;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerPolicyDelta;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.policyengine.RangerPluginContext;
import org.apache.ranger.plugin.policyengine.RangerRequestScriptEvaluator;
import org.apache.ranger.plugin.store.AbstractServiceStore;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/plugin/util/ServiceDefUtil.class */
public class ServiceDefUtil {
    public static final String IMPLICIT_CONDITION_EXPRESSION_NAME = "_expression";
    public static final String IMPLICIT_CONDITION_EXPRESSION_LABEL = "Enter boolean expression";
    public static final String IMPLICIT_CONDITION_EXPRESSION_DESC = "Boolean expression";
    public static final String ACCESS_TYPE_MARKER_CREATE = "_CREATE";
    public static final String ACCESS_TYPE_MARKER_READ = "_READ";
    public static final String ACCESS_TYPE_MARKER_UPDATE = "_UPDATE";
    public static final String ACCESS_TYPE_MARKER_DELETE = "_DELETE";
    public static final String ACCESS_TYPE_MARKER_MANAGE = "_MANAGE";
    public static final String ACCESS_TYPE_MARKER_ALL = "_ALL";
    public static final Set<String> ACCESS_TYPE_MARKERS;
    private static final Logger LOG = LoggerFactory.getLogger(ServiceDefUtil.class);
    public static final String IMPLICIT_CONDITION_EXPRESSION_EVALUATOR = RangerScriptConditionEvaluator.class.getCanonicalName();
    private static final String USER_STORE_ENRICHER = RangerUserStoreEnricher.class.getCanonicalName();

    public static boolean getOption_enableDenyAndExceptionsInPolicies(RangerServiceDef rangerServiceDef, RangerPluginContext rangerPluginContext) {
        boolean z = false;
        if (rangerServiceDef != null) {
            RangerPluginConfig config = rangerPluginContext != null ? rangerPluginContext.getConfig() : null;
            z = getBooleanValue(rangerServiceDef.getOptions(), RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, (config == null || config.getBoolean("ranger.servicedef.enableDenyAndExceptionsInPolicies", true)) || StringUtils.equalsIgnoreCase(rangerServiceDef.getName(), "tag"));
        }
        return z;
    }

    public static boolean getOption_enableTagBasedPolicies(RangerServiceDef rangerServiceDef, Configuration configuration) {
        boolean z = false;
        if (rangerServiceDef != null) {
            z = getBooleanValue(rangerServiceDef.getOptions(), RangerServiceDef.OPTION_ENABLE_TAG_BASED_POLICIES, configuration == null || configuration.getBoolean("ranger.servicedef.enableTagBasedPolicies", true));
        }
        return z;
    }

    public static RangerServiceDef.RangerDataMaskTypeDef getDataMaskType(RangerServiceDef rangerServiceDef, String str) {
        RangerServiceDef.RangerDataMaskTypeDef rangerDataMaskTypeDef = null;
        if (rangerServiceDef != null && rangerServiceDef.getDataMaskDef() != null) {
            List<RangerServiceDef.RangerDataMaskTypeDef> maskTypes = rangerServiceDef.getDataMaskDef().getMaskTypes();
            if (CollectionUtils.isNotEmpty(maskTypes)) {
                Iterator<RangerServiceDef.RangerDataMaskTypeDef> it = maskTypes.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    RangerServiceDef.RangerDataMaskTypeDef next = it.next();
                    if (StringUtils.equals(next.getName(), str)) {
                        rangerDataMaskTypeDef = next;
                        break;
                    }
                }
            }
        }
        return rangerDataMaskTypeDef;
    }

    public static RangerServiceDef normalize(RangerServiceDef rangerServiceDef) {
        normalizeDataMaskDef(rangerServiceDef);
        normalizeRowFilterDef(rangerServiceDef);
        return rangerServiceDef;
    }

    public static RangerServiceDef.RangerPolicyConditionDef getConditionDef(RangerServiceDef rangerServiceDef, String str) {
        RangerServiceDef.RangerPolicyConditionDef rangerPolicyConditionDef = null;
        if (rangerServiceDef != null && rangerServiceDef.getPolicyConditions() != null) {
            Iterator<RangerServiceDef.RangerPolicyConditionDef> it = rangerServiceDef.getPolicyConditions().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RangerServiceDef.RangerPolicyConditionDef next = it.next();
                if (StringUtils.equals(next.getName(), str)) {
                    rangerPolicyConditionDef = next;
                    break;
                }
            }
        }
        return rangerPolicyConditionDef;
    }

    public static RangerServiceDef.RangerResourceDef getResourceDef(RangerServiceDef rangerServiceDef, String str) {
        RangerServiceDef.RangerResourceDef rangerResourceDef = null;
        if (rangerServiceDef != null && str != null && CollectionUtils.isNotEmpty(rangerServiceDef.getResources())) {
            Iterator<RangerServiceDef.RangerResourceDef> it = rangerServiceDef.getResources().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RangerServiceDef.RangerResourceDef next = it.next();
                if (StringUtils.equalsIgnoreCase(next.getName(), str)) {
                    rangerResourceDef = next;
                    break;
                }
            }
        }
        return rangerResourceDef;
    }

    public static Integer getLeafResourceLevel(RangerServiceDef rangerServiceDef, Map<String, RangerPolicy.RangerPolicyResource> map) {
        Integer num = null;
        RangerServiceDef.RangerResourceDef leafResourceDef = getLeafResourceDef(rangerServiceDef, map);
        if (leafResourceDef != null) {
            num = leafResourceDef.getLevel();
        }
        return num;
    }

    public static RangerServiceDef.RangerResourceDef getLeafResourceDef(RangerServiceDef rangerServiceDef, Map<String, RangerPolicy.RangerPolicyResource> map) {
        return getLeafResourceDef(rangerServiceDef, map, false);
    }

    public static RangerServiceDef.RangerResourceDef getLeafResourceDef(RangerServiceDef rangerServiceDef, Map<String, RangerPolicy.RangerPolicyResource> map, boolean z) {
        RangerServiceDef.RangerResourceDef resourceDef;
        RangerServiceDef.RangerResourceDef rangerResourceDef = null;
        if (rangerServiceDef != null && map != null) {
            for (Map.Entry<String, RangerPolicy.RangerPolicyResource> entry : map.entrySet()) {
                if (!isEmpty(entry.getValue()) && (resourceDef = getResourceDef(rangerServiceDef, entry.getKey())) != null && resourceDef.getLevel() != null && (rangerResourceDef == null || rangerResourceDef.getLevel().intValue() < resourceDef.getLevel().intValue())) {
                    if (StringUtils.isEmpty(resourceDef.getParent())) {
                        rangerResourceDef = resourceDef;
                    } else if (!z || !hasWildcardValue(entry.getValue().getValues())) {
                        rangerResourceDef = resourceDef;
                    }
                }
            }
        }
        return rangerResourceDef;
    }

    private static boolean hasWildcardValue(List<String> list) {
        boolean z = false;
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            z = StringUtils.equals(it.next(), "*");
            if (z) {
                break;
            }
        }
        return z;
    }

    public static boolean isAncestorOf(RangerServiceDef rangerServiceDef, RangerServiceDef.RangerResourceDef rangerResourceDef, RangerServiceDef.RangerResourceDef rangerResourceDef2) {
        boolean z = false;
        if (rangerResourceDef != null && rangerResourceDef2 != null) {
            String name = rangerResourceDef.getName();
            RangerServiceDef.RangerResourceDef rangerResourceDef3 = rangerResourceDef2;
            while (true) {
                RangerServiceDef.RangerResourceDef rangerResourceDef4 = rangerResourceDef3;
                if (rangerResourceDef4 == null) {
                    break;
                }
                if (StringUtils.equalsIgnoreCase(name, rangerResourceDef4.getParent())) {
                    z = true;
                    break;
                }
                rangerResourceDef3 = getResourceDef(rangerServiceDef, rangerResourceDef4.getParent());
            }
        }
        return z;
    }

    public static boolean isEmpty(RangerPolicy.RangerPolicyResource rangerPolicyResource) {
        boolean z = true;
        if (rangerPolicyResource != null) {
            List<String> values = rangerPolicyResource.getValues();
            if (CollectionUtils.isNotEmpty(values)) {
                Iterator<String> it = values.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (StringUtils.isNotBlank(it.next())) {
                        z = false;
                        break;
                    }
                }
            }
        }
        return z;
    }

    public static String getOption(Map<String, String> map, String str, String str2) {
        String str3 = (map == null || str == null) ? null : map.get(str);
        if (str3 == null) {
            str3 = str2;
        }
        return str3;
    }

    public static boolean getBooleanOption(Map<String, String> map, String str, boolean z) {
        String option = getOption(map, str, null);
        return option == null ? z : Boolean.parseBoolean(option);
    }

    public static char getCharOption(Map<String, String> map, String str, char c) {
        String option = getOption(map, str, null);
        return StringUtils.isEmpty(option) ? c : option.charAt(0);
    }

    public static RangerServiceDef normalizeAccessTypeDefs(RangerServiceDef rangerServiceDef, String str) {
        if (rangerServiceDef != null && StringUtils.isNotBlank(str)) {
            normalizeAccessTypeDefs(rangerServiceDef.getAccessTypes(), str);
            normalizeAccessTypeDefs(rangerServiceDef.getMarkerAccessTypes(), str);
            if (rangerServiceDef.getDataMaskDef() != null) {
                normalizeAccessTypeDefs(rangerServiceDef.getDataMaskDef().getAccessTypes(), str);
            }
            if (rangerServiceDef.getRowFilterDef() != null) {
                normalizeAccessTypeDefs(rangerServiceDef.getRowFilterDef().getAccessTypes(), str);
            }
        }
        return rangerServiceDef;
    }

    private static void normalizeAccessTypeDefs(List<RangerServiceDef.RangerAccessTypeDef> list, String str) {
        if (CollectionUtils.isNotEmpty(list)) {
            String str2 = str + AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR;
            ArrayList arrayList = null;
            for (RangerServiceDef.RangerAccessTypeDef rangerAccessTypeDef : list) {
                String name = rangerAccessTypeDef.getName();
                if (StringUtils.startsWith(name, str2)) {
                    rangerAccessTypeDef.setName(StringUtils.removeStart(name, str2));
                } else if (StringUtils.contains(name, AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR)) {
                    if (arrayList == null) {
                        arrayList = new ArrayList();
                    }
                    arrayList.add(rangerAccessTypeDef);
                }
                Collection<String> impliedGrants = rangerAccessTypeDef.getImpliedGrants();
                if (CollectionUtils.isNotEmpty(impliedGrants)) {
                    HashSet hashSet = new HashSet();
                    for (String str3 : impliedGrants) {
                        if (StringUtils.startsWith(str3, str2)) {
                            hashSet.add(StringUtils.removeStart(str3, str2));
                        } else if (!StringUtils.contains(str3, AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR)) {
                            hashSet.add(str3);
                        }
                    }
                    rangerAccessTypeDef.setImpliedGrants(hashSet);
                }
            }
            if (arrayList != null) {
                list.removeAll(arrayList);
            }
        }
    }

    private static void normalizeDataMaskDef(RangerServiceDef rangerServiceDef) {
        if (rangerServiceDef == null || rangerServiceDef.getDataMaskDef() == null) {
            return;
        }
        List<RangerServiceDef.RangerResourceDef> resources = rangerServiceDef.getDataMaskDef().getResources();
        List<RangerServiceDef.RangerAccessTypeDef> accessTypes = rangerServiceDef.getDataMaskDef().getAccessTypes();
        if (CollectionUtils.isNotEmpty(resources)) {
            List<RangerServiceDef.RangerResourceDef> resources2 = rangerServiceDef.getResources();
            ArrayList arrayList = new ArrayList(resources.size());
            for (RangerServiceDef.RangerResourceDef rangerResourceDef : resources) {
                RangerServiceDef.RangerResourceDef rangerResourceDef2 = rangerResourceDef;
                Iterator<RangerServiceDef.RangerResourceDef> it = resources2.iterator();
                while (true) {
                    if (it.hasNext()) {
                        RangerServiceDef.RangerResourceDef next = it.next();
                        if (StringUtils.equals(next.getName(), rangerResourceDef.getName())) {
                            rangerResourceDef2 = mergeResourceDef(next, rangerResourceDef);
                            break;
                        }
                    }
                }
                arrayList.add(rangerResourceDef2);
            }
            rangerServiceDef.getDataMaskDef().setResources(arrayList);
        }
        if (CollectionUtils.isNotEmpty(accessTypes)) {
            List<RangerServiceDef.RangerAccessTypeDef> accessTypes2 = rangerServiceDef.getAccessTypes();
            ArrayList arrayList2 = new ArrayList(accessTypes2.size());
            for (RangerServiceDef.RangerAccessTypeDef rangerAccessTypeDef : accessTypes) {
                RangerServiceDef.RangerAccessTypeDef rangerAccessTypeDef2 = rangerAccessTypeDef;
                Iterator<RangerServiceDef.RangerAccessTypeDef> it2 = accessTypes2.iterator();
                while (true) {
                    if (it2.hasNext()) {
                        RangerServiceDef.RangerAccessTypeDef next2 = it2.next();
                        if (StringUtils.equals(next2.getName(), rangerAccessTypeDef.getName())) {
                            rangerAccessTypeDef2 = mergeAccessTypeDef(next2, rangerAccessTypeDef);
                            break;
                        }
                    }
                }
                arrayList2.add(rangerAccessTypeDef2);
            }
            rangerServiceDef.getDataMaskDef().setAccessTypes(arrayList2);
        }
    }

    private static void normalizeRowFilterDef(RangerServiceDef rangerServiceDef) {
        if (rangerServiceDef == null || rangerServiceDef.getRowFilterDef() == null) {
            return;
        }
        List<RangerServiceDef.RangerResourceDef> resources = rangerServiceDef.getRowFilterDef().getResources();
        List<RangerServiceDef.RangerAccessTypeDef> accessTypes = rangerServiceDef.getRowFilterDef().getAccessTypes();
        if (CollectionUtils.isNotEmpty(resources)) {
            List<RangerServiceDef.RangerResourceDef> resources2 = rangerServiceDef.getResources();
            ArrayList arrayList = new ArrayList(resources.size());
            for (RangerServiceDef.RangerResourceDef rangerResourceDef : resources) {
                RangerServiceDef.RangerResourceDef rangerResourceDef2 = rangerResourceDef;
                Iterator<RangerServiceDef.RangerResourceDef> it = resources2.iterator();
                while (true) {
                    if (it.hasNext()) {
                        RangerServiceDef.RangerResourceDef next = it.next();
                        if (StringUtils.equals(next.getName(), rangerResourceDef.getName())) {
                            rangerResourceDef2 = mergeResourceDef(next, rangerResourceDef);
                            break;
                        }
                    }
                }
                arrayList.add(rangerResourceDef2);
            }
            rangerServiceDef.getRowFilterDef().setResources(arrayList);
        }
        if (CollectionUtils.isNotEmpty(accessTypes)) {
            List<RangerServiceDef.RangerAccessTypeDef> accessTypes2 = rangerServiceDef.getAccessTypes();
            ArrayList arrayList2 = new ArrayList(accessTypes2.size());
            for (RangerServiceDef.RangerAccessTypeDef rangerAccessTypeDef : accessTypes) {
                RangerServiceDef.RangerAccessTypeDef rangerAccessTypeDef2 = rangerAccessTypeDef;
                Iterator<RangerServiceDef.RangerAccessTypeDef> it2 = accessTypes2.iterator();
                while (true) {
                    if (it2.hasNext()) {
                        RangerServiceDef.RangerAccessTypeDef next2 = it2.next();
                        if (StringUtils.equals(next2.getName(), rangerAccessTypeDef.getName())) {
                            rangerAccessTypeDef2 = mergeAccessTypeDef(next2, rangerAccessTypeDef);
                            break;
                        }
                    }
                }
                arrayList2.add(rangerAccessTypeDef2);
            }
            rangerServiceDef.getRowFilterDef().setAccessTypes(arrayList2);
        }
    }

    private static RangerServiceDef.RangerResourceDef mergeResourceDef(RangerServiceDef.RangerResourceDef rangerResourceDef, RangerServiceDef.RangerResourceDef rangerResourceDef2) {
        RangerServiceDef.RangerResourceDef rangerResourceDef3 = new RangerServiceDef.RangerResourceDef(rangerResourceDef);
        if (Boolean.TRUE.equals(rangerResourceDef2.getMandatory())) {
            rangerResourceDef3.setMandatory(rangerResourceDef2.getMandatory());
        }
        if (rangerResourceDef2.getRecursiveSupported() != null) {
            rangerResourceDef3.setRecursiveSupported(rangerResourceDef2.getRecursiveSupported());
        }
        if (rangerResourceDef2.getExcludesSupported() != null) {
            rangerResourceDef3.setExcludesSupported(rangerResourceDef2.getExcludesSupported());
        }
        if (StringUtils.isNotEmpty(rangerResourceDef2.getMatcher())) {
            rangerResourceDef3.setMatcher(rangerResourceDef2.getMatcher());
        }
        if (MapUtils.isNotEmpty(rangerResourceDef2.getMatcherOptions())) {
            if (rangerResourceDef3.getMatcherOptions() == null) {
                rangerResourceDef3.setMatcherOptions(new HashMap());
            }
            for (Map.Entry<String, String> entry : rangerResourceDef2.getMatcherOptions().entrySet()) {
                rangerResourceDef3.getMatcherOptions().put(entry.getKey(), entry.getValue());
            }
        }
        if (StringUtils.isNotEmpty(rangerResourceDef2.getValidationRegEx())) {
            rangerResourceDef3.setValidationRegEx(rangerResourceDef2.getValidationRegEx());
        }
        if (StringUtils.isNotEmpty(rangerResourceDef2.getValidationMessage())) {
            rangerResourceDef3.setValidationMessage(rangerResourceDef2.getValidationMessage());
        }
        rangerResourceDef3.setUiHint(rangerResourceDef2.getUiHint());
        if (StringUtils.isNotEmpty(rangerResourceDef2.getLabel())) {
            rangerResourceDef3.setLabel(rangerResourceDef2.getLabel());
        }
        if (StringUtils.isNotEmpty(rangerResourceDef2.getDescription())) {
            rangerResourceDef3.setDescription(rangerResourceDef2.getDescription());
        }
        if (StringUtils.isNotEmpty(rangerResourceDef2.getRbKeyLabel())) {
            rangerResourceDef3.setRbKeyLabel(rangerResourceDef2.getRbKeyLabel());
        }
        if (StringUtils.isNotEmpty(rangerResourceDef2.getRbKeyDescription())) {
            rangerResourceDef3.setRbKeyDescription(rangerResourceDef2.getRbKeyDescription());
        }
        if (StringUtils.isNotEmpty(rangerResourceDef2.getRbKeyValidationMessage())) {
            rangerResourceDef3.setRbKeyValidationMessage(rangerResourceDef2.getRbKeyValidationMessage());
        }
        if (CollectionUtils.isNotEmpty(rangerResourceDef2.getAccessTypeRestrictions())) {
            rangerResourceDef3.setAccessTypeRestrictions(rangerResourceDef2.getAccessTypeRestrictions());
        }
        boolean z = false;
        if (rangerResourceDef3.getIsValidLeaf() != null) {
            if (!rangerResourceDef3.getIsValidLeaf().equals(rangerResourceDef2.getIsValidLeaf())) {
                z = true;
            }
        } else if (rangerResourceDef2.getIsValidLeaf() != null) {
            z = true;
        }
        if (z) {
            rangerResourceDef3.setIsValidLeaf(rangerResourceDef2.getIsValidLeaf());
        }
        return rangerResourceDef3;
    }

    private static RangerServiceDef.RangerAccessTypeDef mergeAccessTypeDef(RangerServiceDef.RangerAccessTypeDef rangerAccessTypeDef, RangerServiceDef.RangerAccessTypeDef rangerAccessTypeDef2) {
        RangerServiceDef.RangerAccessTypeDef rangerAccessTypeDef3 = new RangerServiceDef.RangerAccessTypeDef(rangerAccessTypeDef);
        if (StringUtils.isNotEmpty(rangerAccessTypeDef2.getLabel())) {
            rangerAccessTypeDef3.setLabel(rangerAccessTypeDef2.getLabel());
        }
        if (StringUtils.isNotEmpty(rangerAccessTypeDef2.getRbKeyLabel())) {
            rangerAccessTypeDef3.setRbKeyLabel(rangerAccessTypeDef2.getRbKeyLabel());
        }
        return rangerAccessTypeDef3;
    }

    public static boolean getBooleanValue(Map<String, String> map, String str, boolean z) {
        boolean z2 = z;
        if (MapUtils.isNotEmpty(map) && map.containsKey(str)) {
            String str2 = map.get(str);
            if (StringUtils.isNotEmpty(str2)) {
                z2 = Boolean.valueOf(str2.toString()).booleanValue();
            }
        }
        return z2;
    }

    public static Map<String, Collection<String>> getExpandedImpliedGrants(RangerServiceDef rangerServiceDef) {
        HashMap hashMap = new HashMap();
        if (rangerServiceDef != null && !CollectionUtils.isEmpty(rangerServiceDef.getAccessTypes())) {
            for (RangerServiceDef.RangerAccessTypeDef rangerAccessTypeDef : rangerServiceDef.getAccessTypes()) {
                if (CollectionUtils.isEmpty(rangerAccessTypeDef.getImpliedGrants())) {
                    hashMap.put(rangerAccessTypeDef.getName(), new HashSet(Collections.singleton(rangerAccessTypeDef.getName())));
                } else {
                    Collection collection = (Collection) hashMap.get(rangerAccessTypeDef.getName());
                    if (collection == null) {
                        collection = new HashSet();
                        hashMap.put(rangerAccessTypeDef.getName(), collection);
                    }
                    collection.addAll(rangerAccessTypeDef.getImpliedGrants());
                    collection.add(rangerAccessTypeDef.getName());
                }
            }
        }
        return hashMap;
    }

    public static boolean isUserStoreEnricherPresent(ServicePolicies servicePolicies) {
        boolean z = false;
        RangerServiceDef serviceDef = servicePolicies != null ? servicePolicies.getServiceDef() : null;
        List<RangerServiceDef.RangerContextEnricherDef> contextEnrichers = serviceDef != null ? serviceDef.getContextEnrichers() : null;
        if (contextEnrichers != null) {
            Iterator<RangerServiceDef.RangerContextEnricherDef> it = contextEnrichers.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (StringUtils.equals(it.next().getEnricher(), USER_STORE_ENRICHER)) {
                    z = true;
                    break;
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("isUserStoreEnricherPresent(service={}): ret={}", servicePolicies.getServiceName(), Boolean.valueOf(z));
        }
        return z;
    }

    public static boolean addUserStoreEnricher(ServicePolicies servicePolicies, String str, String str2) {
        boolean z = false;
        RangerServiceDef serviceDef = servicePolicies != null ? servicePolicies.getServiceDef() : null;
        if (serviceDef != null && !isUserStoreEnricherPresent(servicePolicies)) {
            List<RangerServiceDef.RangerContextEnricherDef> contextEnrichers = serviceDef.getContextEnrichers();
            if (contextEnrichers == null) {
                contextEnrichers = new ArrayList();
            }
            long size = contextEnrichers.size() + 1;
            for (RangerServiceDef.RangerContextEnricherDef rangerContextEnricherDef : contextEnrichers) {
                if (rangerContextEnricherDef.getItemId().longValue() >= size) {
                    size = rangerContextEnricherDef.getItemId().longValue() + 1;
                }
            }
            HashMap hashMap = new HashMap();
            hashMap.put(RangerUserStoreEnricher.USERSTORE_RETRIEVER_CLASSNAME_OPTION, str);
            hashMap.put(RangerUserStoreEnricher.USERSTORE_REFRESHER_POLLINGINTERVAL_OPTION, str2);
            RangerServiceDef.RangerContextEnricherDef rangerContextEnricherDef2 = new RangerServiceDef.RangerContextEnricherDef(Long.valueOf(size), "userStoreEnricher", USER_STORE_ENRICHER, hashMap);
            contextEnrichers.add(rangerContextEnricherDef2);
            serviceDef.setContextEnrichers(contextEnrichers);
            z = true;
            LOG.info("addUserStoreEnricher(serviceName={}): added userStoreEnricher {}", servicePolicies.getServiceName(), rangerContextEnricherDef2);
        }
        return z;
    }

    public static boolean addUserStoreEnricherIfNeeded(ServicePolicies servicePolicies, String str, String str2) {
        Map<String, ServicePolicies.SecurityZoneInfo> securityZones;
        boolean z = false;
        if ((servicePolicies != null ? servicePolicies.getServiceDef() : null) != null && !isUserStoreEnricherPresent(servicePolicies)) {
            boolean anyPolicyHasUserGroupAttributeExpression = anyPolicyHasUserGroupAttributeExpression(servicePolicies.getPolicies());
            if (!anyPolicyHasUserGroupAttributeExpression) {
                anyPolicyHasUserGroupAttributeExpression = anyPolicyHasUserGroupAttributeExpression(servicePolicies.getTagPolicies() != null ? servicePolicies.getTagPolicies().getPolicies() : null);
            }
            if (!anyPolicyHasUserGroupAttributeExpression) {
                anyPolicyHasUserGroupAttributeExpression = anyPolicyDeltaHasUserGroupAttributeExpression(servicePolicies.getPolicyDeltas());
            }
            if (!anyPolicyHasUserGroupAttributeExpression && (securityZones = servicePolicies.getSecurityZones()) != null) {
                for (ServicePolicies.SecurityZoneInfo securityZoneInfo : securityZones.values()) {
                    anyPolicyHasUserGroupAttributeExpression = anyPolicyHasUserGroupAttributeExpression(securityZoneInfo.getPolicies());
                    if (!anyPolicyHasUserGroupAttributeExpression) {
                        anyPolicyHasUserGroupAttributeExpression = anyPolicyDeltaHasUserGroupAttributeExpression(securityZoneInfo.getPolicyDeltas());
                    }
                    if (anyPolicyHasUserGroupAttributeExpression) {
                        break;
                    }
                }
            }
            if (anyPolicyHasUserGroupAttributeExpression) {
                addUserStoreEnricher(servicePolicies, str, str2);
                z = true;
            }
        }
        return z;
    }

    /* JADX WARN: Type inference failed for: r0v13, types: [org.apache.ranger.plugin.model.RangerServiceDef$RangerAccessTypeDef, java.lang.Object] */
    public static List<RangerServiceDef.RangerAccessTypeDef> getMarkerAccessTypes(List<RangerServiceDef.RangerAccessTypeDef> list) {
        ArrayList arrayList = new ArrayList();
        Map<String, Set<String>> markerAccessTypeGrants = getMarkerAccessTypeGrants(list);
        long maxItemId = getMaxItemId(list);
        for (String str : ACCESS_TYPE_MARKERS) {
            long j = maxItemId + 1;
            maxItemId = r0;
            ?? rangerAccessTypeDef = new RangerServiceDef.RangerAccessTypeDef(Long.valueOf(j), str, str, null, markerAccessTypeGrants.get(str));
            arrayList.add(rangerAccessTypeDef);
        }
        return arrayList;
    }

    public static RangerServiceDef.RangerPolicyConditionDef createImplicitExpressionConditionDef(Long l) {
        RangerServiceDef.RangerPolicyConditionDef rangerPolicyConditionDef = new RangerServiceDef.RangerPolicyConditionDef(l, IMPLICIT_CONDITION_EXPRESSION_NAME, IMPLICIT_CONDITION_EXPRESSION_EVALUATOR, new HashMap());
        rangerPolicyConditionDef.getEvaluatorOptions().put("engineName", "JavaScript");
        rangerPolicyConditionDef.getEvaluatorOptions().put("ui.isMultiline", "true");
        rangerPolicyConditionDef.setLabel(IMPLICIT_CONDITION_EXPRESSION_LABEL);
        rangerPolicyConditionDef.setDescription(IMPLICIT_CONDITION_EXPRESSION_DESC);
        rangerPolicyConditionDef.setUiHint("{ \"isMultiline\":true }");
        return rangerPolicyConditionDef;
    }

    private static Map<String, Set<String>> getMarkerAccessTypeGrants(List<RangerServiceDef.RangerAccessTypeDef> list) {
        HashMap hashMap = new HashMap();
        Iterator<String> it = ACCESS_TYPE_MARKERS.iterator();
        while (it.hasNext()) {
            hashMap.put(it.next(), new HashSet());
        }
        if (CollectionUtils.isNotEmpty(list)) {
            for (RangerServiceDef.RangerAccessTypeDef rangerAccessTypeDef : list) {
                if (rangerAccessTypeDef != null && !StringUtils.isBlank(rangerAccessTypeDef.getName()) && !ACCESS_TYPE_MARKERS.contains(rangerAccessTypeDef.getName())) {
                    addToMarkerGrants(rangerAccessTypeDef, (Set) hashMap.get(ACCESS_TYPE_MARKER_ALL));
                    if (rangerAccessTypeDef.getCategory() != null) {
                        if (rangerAccessTypeDef.getCategory() == RangerServiceDef.RangerAccessTypeDef.AccessTypeCategory.CREATE) {
                            addToMarkerGrants(rangerAccessTypeDef, (Set) hashMap.get(ACCESS_TYPE_MARKER_CREATE));
                        } else if (rangerAccessTypeDef.getCategory() == RangerServiceDef.RangerAccessTypeDef.AccessTypeCategory.READ) {
                            addToMarkerGrants(rangerAccessTypeDef, (Set) hashMap.get(ACCESS_TYPE_MARKER_READ));
                        } else if (rangerAccessTypeDef.getCategory() == RangerServiceDef.RangerAccessTypeDef.AccessTypeCategory.UPDATE) {
                            addToMarkerGrants(rangerAccessTypeDef, (Set) hashMap.get(ACCESS_TYPE_MARKER_UPDATE));
                        } else if (rangerAccessTypeDef.getCategory() == RangerServiceDef.RangerAccessTypeDef.AccessTypeCategory.DELETE) {
                            addToMarkerGrants(rangerAccessTypeDef, (Set) hashMap.get(ACCESS_TYPE_MARKER_DELETE));
                        } else if (rangerAccessTypeDef.getCategory() == RangerServiceDef.RangerAccessTypeDef.AccessTypeCategory.MANAGE) {
                            addToMarkerGrants(rangerAccessTypeDef, (Set) hashMap.get(ACCESS_TYPE_MARKER_MANAGE));
                        }
                    }
                }
            }
        }
        return hashMap;
    }

    private static void addToMarkerGrants(RangerServiceDef.RangerAccessTypeDef rangerAccessTypeDef, Set<String> set) {
        set.add(rangerAccessTypeDef.getName());
        if (CollectionUtils.isNotEmpty(rangerAccessTypeDef.getImpliedGrants())) {
            set.addAll(rangerAccessTypeDef.getImpliedGrants());
        }
    }

    private static long getMaxItemId(List<RangerServiceDef.RangerAccessTypeDef> list) {
        long j = -1;
        if (CollectionUtils.isNotEmpty(list)) {
            for (RangerServiceDef.RangerAccessTypeDef rangerAccessTypeDef : list) {
                if (rangerAccessTypeDef.getItemId() != null && j < rangerAccessTypeDef.getItemId().longValue()) {
                    j = rangerAccessTypeDef.getItemId().longValue();
                }
            }
        }
        return j;
    }

    public static long getConditionsMaxItemId(List<RangerServiceDef.RangerPolicyConditionDef> list) {
        long j = 0;
        if (list != null) {
            for (RangerServiceDef.RangerPolicyConditionDef rangerPolicyConditionDef : list) {
                if (rangerPolicyConditionDef != null && rangerPolicyConditionDef.getItemId() != null && j < rangerPolicyConditionDef.getItemId().longValue()) {
                    j = rangerPolicyConditionDef.getItemId().longValue();
                }
            }
        }
        return j;
    }

    private static boolean anyPolicyHasUserGroupAttributeExpression(List<RangerPolicy> list) {
        boolean z = false;
        if (list != null) {
            Iterator<RangerPolicy> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RangerPolicy next = it.next();
                if (policyHasUserGroupAttributeExpression(next)) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("addUserStoreEnricherIfNeeded(service={}): policy(id={}, name={}) has reference to user/group attribute. Adding enricher", new Object[]{next.getService(), next.getId(), next.getName()});
                    }
                    z = true;
                }
            }
        }
        return z;
    }

    private static boolean anyPolicyDeltaHasUserGroupAttributeExpression(List<RangerPolicyDelta> list) {
        boolean z = false;
        if (list != null) {
            Iterator<RangerPolicyDelta> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RangerPolicy policy = it.next().getPolicy();
                if (policyHasUserGroupAttributeExpression(policy)) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("addUserStoreEnricherIfNeeded(service={}): policy(id={}, name={}) has reference to user/group attribute. Adding enricher", new Object[]{policy.getService(), policy.getId(), policy.getName()});
                    }
                    z = true;
                }
            }
        }
        return z;
    }

    private static boolean policyHasUserGroupAttributeExpression(RangerPolicy rangerPolicy) {
        boolean z = false;
        if (rangerPolicy != null) {
            if (MapUtils.isNotEmpty(rangerPolicy.getResources())) {
                Iterator<RangerPolicy.RangerPolicyResource> it = rangerPolicy.getResources().values().iterator();
                while (it.hasNext()) {
                    z = RangerRequestExprResolver.hasUserGroupAttributeInExpression(it.next().getValues());
                    if (z) {
                        break;
                    }
                }
            }
            if (!z) {
                z = anyPolicyConditionHasUserGroupAttributeReference(rangerPolicy.getConditions());
            }
            if (!z) {
                z = anyPolicyItemHasUserGroupAttributeExpression(rangerPolicy.getPolicyItems()) || anyPolicyItemHasUserGroupAttributeExpression(rangerPolicy.getDenyPolicyItems()) || anyPolicyItemHasUserGroupAttributeExpression(rangerPolicy.getAllowExceptions()) || anyPolicyItemHasUserGroupAttributeExpression(rangerPolicy.getDenyExceptions()) || anyPolicyItemHasUserGroupAttributeExpression(rangerPolicy.getDataMaskPolicyItems()) || anyPolicyItemHasUserGroupAttributeExpression(rangerPolicy.getRowFilterPolicyItems());
            }
        }
        return z;
    }

    private static boolean anyPolicyItemHasUserGroupAttributeExpression(List<? extends RangerPolicy.RangerPolicyItem> list) {
        boolean z = false;
        if (list != null) {
            Iterator<? extends RangerPolicy.RangerPolicyItem> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (policyItemHasUserGroupAttributeExpression(it.next())) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }

    private static boolean policyItemHasUserGroupAttributeExpression(RangerPolicy.RangerPolicyItem rangerPolicyItem) {
        boolean z = false;
        if (rangerPolicyItem != null) {
            z = anyPolicyConditionHasUserGroupAttributeReference(rangerPolicyItem.getConditions());
            if (!z && (rangerPolicyItem instanceof RangerPolicy.RangerRowFilterPolicyItem)) {
                RangerPolicy.RangerPolicyItemRowFilterInfo rowFilterInfo = ((RangerPolicy.RangerRowFilterPolicyItem) rangerPolicyItem).getRowFilterInfo();
                z = RangerRequestExprResolver.hasUserGroupAttributeInExpression(rowFilterInfo != null ? rowFilterInfo.getFilterExpr() : "");
            }
            if (!z && (rangerPolicyItem instanceof RangerPolicy.RangerDataMaskPolicyItem)) {
                RangerPolicy.RangerPolicyItemDataMaskInfo dataMaskInfo = ((RangerPolicy.RangerDataMaskPolicyItem) rangerPolicyItem).getDataMaskInfo();
                z = RangerRequestExprResolver.hasUserGroupAttributeInExpression(dataMaskInfo != null ? dataMaskInfo.getValueExpr() : null);
                if (!z) {
                    z = RangerRequestExprResolver.hasUserGroupAttributeInExpression(dataMaskInfo != null ? dataMaskInfo.getConditionExpr() : null);
                }
            }
        }
        return z;
    }

    private static boolean anyPolicyConditionHasUserGroupAttributeReference(List<RangerPolicy.RangerPolicyItemCondition> list) {
        boolean z = false;
        if (list != null) {
            Iterator<RangerPolicy.RangerPolicyItemCondition> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (RangerRequestScriptEvaluator.hasUserGroupAttributeReference(it.next().getValues())) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }

    static {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add(ACCESS_TYPE_MARKER_CREATE);
        linkedHashSet.add(ACCESS_TYPE_MARKER_READ);
        linkedHashSet.add(ACCESS_TYPE_MARKER_UPDATE);
        linkedHashSet.add(ACCESS_TYPE_MARKER_DELETE);
        linkedHashSet.add(ACCESS_TYPE_MARKER_MANAGE);
        linkedHashSet.add(ACCESS_TYPE_MARKER_ALL);
        ACCESS_TYPE_MARKERS = Collections.unmodifiableSet(linkedHashSet);
    }
}
