package co.cask.cdap.data2.datafabric.dataset.service;

import co.cask.cdap.api.Predicate;
import co.cask.cdap.api.dataset.DatasetProperties;
import co.cask.cdap.api.dataset.module.DatasetModule;
import co.cask.cdap.common.ConflictException;
import co.cask.cdap.common.DatasetModuleCannotBeDeletedException;
import co.cask.cdap.common.DatasetModuleNotFoundException;
import co.cask.cdap.common.DatasetTypeNotFoundException;
import co.cask.cdap.common.NamespaceNotFoundException;
import co.cask.cdap.common.NotFoundException;
import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.http.AbstractBodyConsumer;
import co.cask.cdap.common.io.Locations;
import co.cask.cdap.common.namespace.NamespaceQueryAdmin;
import co.cask.cdap.common.namespace.NamespacedLocationFactory;
import co.cask.cdap.common.security.Impersonator;
import co.cask.cdap.common.utils.DirUtils;
import co.cask.cdap.data.dataset.SystemDatasetInstantiator;
import co.cask.cdap.data2.datafabric.dataset.DatasetMetaTableUtil;
import co.cask.cdap.data2.datafabric.dataset.DatasetsUtil;
import co.cask.cdap.data2.datafabric.dataset.service.mds.DatasetInstanceMDS;
import co.cask.cdap.data2.datafabric.dataset.service.mds.DatasetTypeMDS;
import co.cask.cdap.data2.datafabric.dataset.type.DatasetModuleConflictException;
import co.cask.cdap.data2.datafabric.dataset.type.DatasetTypeManager;
import co.cask.cdap.data2.dataset2.DatasetFramework;
import co.cask.cdap.data2.dataset2.DynamicDatasetCache;
import co.cask.cdap.data2.dataset2.MultiThreadDatasetCache;
import co.cask.cdap.data2.transaction.MultiThreadTransactionAware;
import co.cask.cdap.data2.transaction.TransactionExecutorFactory;
import co.cask.cdap.data2.transaction.TransactionSystemClientService;
import co.cask.cdap.proto.DatasetModuleMeta;
import co.cask.cdap.proto.DatasetTypeMeta;
import co.cask.cdap.proto.id.DatasetModuleId;
import co.cask.cdap.proto.id.DatasetTypeId;
import co.cask.cdap.proto.id.NamespaceId;
import co.cask.cdap.proto.security.Action;
import co.cask.cdap.proto.security.Principal;
import co.cask.cdap.security.spi.authentication.AuthenticationContext;
import co.cask.cdap.security.spi.authorization.AuthorizationEnforcer;
import co.cask.cdap.security.spi.authorization.PrivilegesManager;
import co.cask.cdap.security.spi.authorization.UnauthorizedException;
import co.cask.http.BodyConsumer;
import co.cask.http.HttpResponder;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Splitter;
import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.common.io.Files;
import com.google.common.util.concurrent.AbstractIdleService;
import com.google.inject.Inject;
import com.google.inject.name.Named;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Callable;
import javax.annotation.Nullable;
import org.apache.tephra.TransactionExecutor;
import org.apache.tephra.TransactionFailureException;
import org.apache.twill.filesystem.Location;
import org.jboss.netty.handler.codec.http.HttpResponseStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/cask/cdap/data2/datafabric/dataset/service/DatasetTypeService.class */
public class DatasetTypeService extends AbstractIdleService {
    private static final Logger LOG = LoggerFactory.getLogger(DatasetTypeService.class);
    private final DatasetTypeManager typeManager;
    private final NamespaceQueryAdmin namespaceQueryAdmin;
    private final NamespacedLocationFactory namespacedLocationFactory;
    private final AuthorizationEnforcer authorizationEnforcer;
    private final PrivilegesManager privilegesManager;
    private final AuthenticationContext authenticationContext;
    private final CConfiguration cConf;
    private final Impersonator impersonator;
    private final TransactionSystemClientService txClientService;
    private final DatasetFramework datasetFramework;
    private final TransactionExecutorFactory txExecutorFactory;
    private final DynamicDatasetCache datasetCache;
    private final Map<String, DatasetModule> defaultModules;
    private final Map<String, DatasetModule> extensionModules;

    @VisibleForTesting
    @Inject
    public DatasetTypeService(DatasetTypeManager datasetTypeManager, NamespaceQueryAdmin namespaceQueryAdmin, NamespacedLocationFactory namespacedLocationFactory, AuthorizationEnforcer authorizationEnforcer, PrivilegesManager privilegesManager, AuthenticationContext authenticationContext, CConfiguration cConfiguration, Impersonator impersonator, TransactionSystemClientService transactionSystemClientService, @Named("datasetMDS") DatasetFramework datasetFramework, TransactionExecutorFactory transactionExecutorFactory, @Named("defaultDatasetModules") Map<String, DatasetModule> map) {
        this.typeManager = datasetTypeManager;
        this.namespaceQueryAdmin = namespaceQueryAdmin;
        this.namespacedLocationFactory = namespacedLocationFactory;
        this.authorizationEnforcer = authorizationEnforcer;
        this.privilegesManager = privilegesManager;
        this.authenticationContext = authenticationContext;
        this.cConf = cConfiguration;
        this.impersonator = impersonator;
        this.txClientService = transactionSystemClientService;
        this.datasetFramework = datasetFramework;
        this.txExecutorFactory = transactionExecutorFactory;
        Map emptyMap = Collections.emptyMap();
        this.datasetCache = new MultiThreadDatasetCache(new SystemDatasetInstantiator(datasetFramework), transactionSystemClientService, NamespaceId.SYSTEM, emptyMap, null, ImmutableMap.of(DatasetMetaTableUtil.META_TABLE_NAME, emptyMap, DatasetMetaTableUtil.INSTANCE_TABLE_NAME, emptyMap), new MultiThreadTransactionAware[0]);
        this.defaultModules = new LinkedHashMap(map);
        this.extensionModules = getExtensionModules(cConfiguration);
    }

    protected void startUp() throws Exception {
        this.txClientService.startAndWait();
        DatasetsUtil.createIfNotExists(this.datasetFramework, DatasetMetaTableUtil.META_TABLE_INSTANCE_ID, DatasetTypeMDS.class.getName(), DatasetProperties.EMPTY);
        DatasetsUtil.createIfNotExists(this.datasetFramework, DatasetMetaTableUtil.INSTANCE_TABLE_INSTANCE_ID, DatasetInstanceMDS.class.getName(), DatasetProperties.EMPTY);
        deleteSystemModules();
        deployDefaultModules();
        if (this.extensionModules.isEmpty()) {
            return;
        }
        deployExtensionModules();
    }

    protected void shutDown() throws Exception {
        this.txClientService.stopAndWait();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<DatasetModuleMeta> listModules(final NamespaceId namespaceId) throws Exception {
        ensureNamespaceExists(namespaceId);
        ArrayList newArrayList = Lists.newArrayList(this.typeManager.getModules(namespaceId));
        Collections.sort(newArrayList, new Comparator<DatasetModuleMeta>() { // from class: co.cask.cdap.data2.datafabric.dataset.service.DatasetTypeService.1
            @Override // java.util.Comparator
            public int compare(DatasetModuleMeta datasetModuleMeta, DatasetModuleMeta datasetModuleMeta2) {
                return datasetModuleMeta.getName().compareTo(datasetModuleMeta2.getName());
            }
        });
        final Predicate createFilter = this.authorizationEnforcer.createFilter(this.authenticationContext.getPrincipal());
        return Lists.newArrayList(Iterables.filter(newArrayList, new com.google.common.base.Predicate<DatasetModuleMeta>() { // from class: co.cask.cdap.data2.datafabric.dataset.service.DatasetTypeService.2
            public boolean apply(DatasetModuleMeta datasetModuleMeta) {
                return createFilter.apply(namespaceId.datasetModule(datasetModuleMeta.getName()));
            }
        }));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DatasetModuleMeta getModule(DatasetModuleId datasetModuleId) throws Exception {
        ensureNamespaceExists(datasetModuleId.getParent());
        DatasetModuleMeta module = this.typeManager.getModule(datasetModuleId);
        if (module == null) {
            throw new DatasetModuleNotFoundException(datasetModuleId);
        }
        Principal principal = this.authenticationContext.getPrincipal();
        if (this.authorizationEnforcer.createFilter(principal).apply(datasetModuleId)) {
            return module;
        }
        throw new UnauthorizedException(principal, datasetModuleId);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BodyConsumer addModule(DatasetModuleId datasetModuleId, String str, boolean z) throws Exception {
        NamespaceId parent = datasetModuleId.getParent();
        Principal principal = this.authenticationContext.getPrincipal();
        this.authorizationEnforcer.enforce(parent, principal, Action.WRITE);
        if (NamespaceId.SYSTEM.equals(parent)) {
            throw new UnauthorizedException(String.format("Cannot add module '%s' to '%s' namespace.", datasetModuleId.getModule(), datasetModuleId.getNamespace()));
        }
        ensureNamespaceExists(parent);
        revokeAllPrivilegesOnModule(datasetModuleId);
        grantAllPrivilegesOnModule(datasetModuleId, principal);
        try {
            return createModuleConsumer(datasetModuleId, str, z, principal);
        } catch (Exception e) {
            revokeAllPrivilegesOnModule(datasetModuleId);
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void delete(DatasetModuleId datasetModuleId) throws Exception {
        NamespaceId parent = datasetModuleId.getParent();
        if (NamespaceId.SYSTEM.equals(parent)) {
            throw new UnauthorizedException(String.format("Cannot delete module '%s' from '%s' namespace.", datasetModuleId.getModule(), datasetModuleId.getNamespace()));
        }
        ensureNamespaceExists(parent);
        DatasetModuleMeta module = this.typeManager.getModule(datasetModuleId);
        if (module == null) {
            throw new DatasetModuleNotFoundException(datasetModuleId);
        }
        this.authorizationEnforcer.enforce(datasetModuleId, this.authenticationContext.getPrincipal(), Action.ADMIN);
        try {
            this.typeManager.deleteModule(datasetModuleId);
            revokeAllPrivilegesOnModule(datasetModuleId, module);
        } catch (DatasetModuleConflictException e) {
            throw new DatasetModuleCannotBeDeletedException(datasetModuleId, e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteAll(NamespaceId namespaceId) throws Exception {
        this.authorizationEnforcer.enforce(namespaceId, this.authenticationContext.getPrincipal(), Action.ADMIN);
        if (NamespaceId.SYSTEM.equals(namespaceId)) {
            throw new UnauthorizedException(String.format("Cannot delete modules from '%s' namespace.", namespaceId));
        }
        ensureNamespaceExists(namespaceId);
        Iterator<DatasetModuleMeta> it = this.typeManager.getModules(namespaceId).iterator();
        while (it.hasNext()) {
            this.privilegesManager.revoke(namespaceId.datasetModule(it.next().getName()));
        }
        try {
            this.typeManager.deleteModules(namespaceId);
        } catch (DatasetModuleConflictException e) {
            throw new ConflictException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<DatasetTypeMeta> listTypes(final NamespaceId namespaceId) throws Exception {
        ensureNamespaceExists(namespaceId);
        ArrayList newArrayList = Lists.newArrayList(this.typeManager.getTypes(namespaceId));
        Collections.sort(newArrayList, new Comparator<DatasetTypeMeta>() { // from class: co.cask.cdap.data2.datafabric.dataset.service.DatasetTypeService.3
            @Override // java.util.Comparator
            public int compare(DatasetTypeMeta datasetTypeMeta, DatasetTypeMeta datasetTypeMeta2) {
                return datasetTypeMeta.getName().compareTo(datasetTypeMeta2.getName());
            }
        });
        final Predicate createFilter = this.authorizationEnforcer.createFilter(this.authenticationContext.getPrincipal());
        return Lists.newArrayList(Iterables.filter(newArrayList, new com.google.common.base.Predicate<DatasetTypeMeta>() { // from class: co.cask.cdap.data2.datafabric.dataset.service.DatasetTypeService.4
            public boolean apply(DatasetTypeMeta datasetTypeMeta) {
                return createFilter.apply(namespaceId.datasetType(datasetTypeMeta.getName()));
            }
        }));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DatasetTypeMeta getType(DatasetTypeId datasetTypeId) throws Exception {
        ensureNamespaceExists(datasetTypeId.getParent());
        DatasetTypeMeta typeInfo = this.typeManager.getTypeInfo(datasetTypeId);
        if (typeInfo == null) {
            throw new DatasetTypeNotFoundException(datasetTypeId);
        }
        if (NamespaceId.SYSTEM.equals(datasetTypeId.getParent())) {
            return typeInfo;
        }
        Principal principal = this.authenticationContext.getPrincipal();
        if (this.authorizationEnforcer.createFilter(principal).apply(datasetTypeId)) {
            return typeInfo;
        }
        throw new UnauthorizedException(principal, datasetTypeId);
    }

    private AbstractBodyConsumer createModuleConsumer(final DatasetModuleId datasetModuleId, final String str, final boolean z, final Principal principal) throws IOException, NotFoundException {
        final NamespaceId parent = datasetModuleId.getParent();
        try {
            final Location location = (Location) this.impersonator.doAs(parent, new Callable<Location>() { // from class: co.cask.cdap.data2.datafabric.dataset.service.DatasetTypeService.5
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Location call() throws Exception {
                    return DatasetTypeService.this.namespacedLocationFactory.get(parent.toId());
                }
            });
            if (!location.exists()) {
                String format = String.format("Home directory %s for namespace %s not found", location, parent);
                LOG.debug(format);
                throw new NotFoundException(format);
            }
            File absoluteFile = new File(new File(new File(new File(this.cConf.get("local.data.dir")), this.cConf.get("namespaces.dir")), datasetModuleId.getNamespace()), this.cConf.get("app.temp.dir")).getAbsoluteFile();
            if (DirUtils.mkdirs(absoluteFile)) {
                return new AbstractBodyConsumer(File.createTempFile("dataset-", ".jar", absoluteFile)) { // from class: co.cask.cdap.data2.datafabric.dataset.service.DatasetTypeService.6
                    protected void onFinish(HttpResponder httpResponder, File file) throws Exception {
                        if (str == null) {
                            httpResponder.sendString(HttpResponseStatus.BAD_REQUEST, "Required header 'class-name' is absent.");
                            return;
                        }
                        DatasetTypeService.LOG.debug("Adding module {}, class name: {}", datasetModuleId, str);
                        String str2 = DatasetTypeService.this.cConf.get("dataset.service.output.dir");
                        String module = datasetModuleId.getModule();
                        Location append = location.append(str2).append(module).append("archive");
                        Location append2 = append.append(module + ".jar");
                        Location tempFile = append2.getTempFile(".tmp");
                        try {
                            Locations.mkdirsIfNotExists(append);
                            DatasetTypeService.LOG.debug("Copy from {} to {}", file, tempFile);
                            Files.copy(file, Locations.newOutputSupplier(tempFile));
                            DatasetTypeService.LOG.debug("Storing module {} jar at {}", datasetModuleId, append2);
                            if (tempFile.renameTo(append2) == null) {
                                throw new IOException(String.format("Could not move archive from location: %s, to location: %s", tempFile, append2));
                            }
                            DatasetTypeService.this.typeManager.addModule(datasetModuleId, str, append2, z);
                            DatasetTypeService.this.revokeAllPrivilegesOnModule(datasetModuleId);
                            DatasetTypeService.this.grantAllPrivilegesOnModule(datasetModuleId, principal);
                            DatasetTypeService.LOG.info("Added module {}", datasetModuleId);
                            httpResponder.sendStatus(HttpResponseStatus.OK);
                        } catch (Exception e) {
                            DatasetTypeService.this.revokeAllPrivilegesOnModule(datasetModuleId);
                            try {
                                tempFile.delete();
                            } catch (IOException e2) {
                                DatasetTypeService.LOG.warn("Failed to cleanup temporary location {}", tempFile);
                            }
                            if (!(e instanceof DatasetModuleConflictException)) {
                                throw e;
                            }
                            httpResponder.sendString(HttpResponseStatus.CONFLICT, e.getMessage());
                        }
                    }
                };
            }
            throw new IOException("Could not create temporary directory at: " + absoluteFile);
        } catch (Exception e) {
            Throwables.propagateIfInstanceOf(e, IOException.class);
            throw Throwables.propagate(e);
        }
    }

    private void deleteSystemModules() throws InterruptedException, TransactionFailureException {
        final DatasetTypeMDS dataset = this.datasetCache.getDataset(DatasetMetaTableUtil.META_TABLE_NAME);
        this.txExecutorFactory.createExecutor(this.datasetCache).execute(new TransactionExecutor.Subroutine() { // from class: co.cask.cdap.data2.datafabric.dataset.service.DatasetTypeService.7
            public void apply() throws Exception {
                for (DatasetModuleMeta datasetModuleMeta : dataset.getModules(NamespaceId.SYSTEM)) {
                    if (datasetModuleMeta.getJarLocation() == null) {
                        DatasetTypeService.LOG.debug("Deleting system dataset module: {}", datasetModuleMeta.toString());
                        DatasetModuleId datasetModule = NamespaceId.SYSTEM.datasetModule(datasetModuleMeta.getName());
                        dataset.deleteModule(datasetModule);
                        DatasetTypeService.this.revokeAllPrivilegesOnModule(datasetModule, datasetModuleMeta);
                    }
                }
            }
        });
    }

    private void deployDefaultModules() {
        for (Map.Entry<String, DatasetModule> entry : this.defaultModules.entrySet()) {
            try {
                DatasetModuleId datasetModule = NamespaceId.SYSTEM.datasetModule(entry.getKey());
                this.typeManager.addModule(datasetModule, entry.getValue().getClass().getName(), null, false);
                grantAllPrivilegesOnModule(datasetModule, this.authenticationContext.getPrincipal());
            } catch (DatasetModuleConflictException e) {
                LOG.debug("Not adding {} module: it already exists", entry.getKey());
            } catch (Throwable th) {
                LOG.error("Failed to add {} module. Aborting.", entry.getKey(), th);
                throw Throwables.propagate(th);
            }
        }
    }

    private Map<String, DatasetModule> getExtensionModules(CConfiguration cConfiguration) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        String str = cConfiguration.get("dataset.extensions.modules");
        if (str != null) {
            for (String str2 : Splitter.on(',').omitEmptyStrings().split(str)) {
                try {
                    linkedHashMap.put(str2, (DatasetModule) Class.forName(str2).newInstance());
                } catch (ClassCastException | ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                    LOG.error("Failed to add {} extension module: {}", str2, e.toString());
                }
            }
        }
        return linkedHashMap;
    }

    private void deployExtensionModules() {
        for (Map.Entry<String, DatasetModule> entry : this.extensionModules.entrySet()) {
            try {
                DatasetModuleId datasetModule = NamespaceId.SYSTEM.datasetModule(entry.getKey());
                this.typeManager.addModule(datasetModule, entry.getValue().getClass().getName(), null, false);
                grantAllPrivilegesOnModule(datasetModule, this.authenticationContext.getPrincipal());
            } catch (DatasetModuleConflictException e) {
                LOG.debug("Not adding {} extension module: it already exists", entry.getKey());
            } catch (Throwable th) {
                LOG.error("Failed to add {} extension module. Aborting.", entry.getKey(), th);
                throw Throwables.propagate(th);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void grantAllPrivilegesOnModule(DatasetModuleId datasetModuleId, Principal principal) throws Exception {
        grantAllPrivilegesOnModule(datasetModuleId, principal, null);
    }

    private void grantAllPrivilegesOnModule(DatasetModuleId datasetModuleId, Principal principal, @Nullable DatasetModuleMeta datasetModuleMeta) throws Exception {
        this.privilegesManager.grant(datasetModuleId, principal, EnumSet.allOf(Action.class));
        if (datasetModuleMeta == null) {
            datasetModuleMeta = this.typeManager.getModule(datasetModuleId);
        }
        if (datasetModuleMeta == null) {
            LOG.debug("Could not find metadata for module {}. Not granting privileges for its types.", datasetModuleId);
            return;
        }
        Iterator it = datasetModuleMeta.getTypes().iterator();
        while (it.hasNext()) {
            this.privilegesManager.grant(datasetModuleId.getParent().datasetType((String) it.next()), principal, EnumSet.allOf(Action.class));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void revokeAllPrivilegesOnModule(DatasetModuleId datasetModuleId) throws Exception {
        revokeAllPrivilegesOnModule(datasetModuleId, null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void revokeAllPrivilegesOnModule(DatasetModuleId datasetModuleId, @Nullable DatasetModuleMeta datasetModuleMeta) throws Exception {
        this.privilegesManager.revoke(datasetModuleId);
        DatasetModuleMeta module = datasetModuleMeta == null ? this.typeManager.getModule(datasetModuleId) : datasetModuleMeta;
        if (module == null) {
            LOG.debug("Could not find metadata for module {}. Will not revoke privileges for its types.", datasetModuleId);
            return;
        }
        Iterator it = module.getTypes().iterator();
        while (it.hasNext()) {
            this.privilegesManager.revoke(datasetModuleId.getParent().datasetType((String) it.next()));
        }
    }

    private void ensureNamespaceExists(NamespaceId namespaceId) throws Exception {
        if (!NamespaceId.SYSTEM.equals(namespaceId) && !this.namespaceQueryAdmin.exists(namespaceId)) {
            throw new NamespaceNotFoundException(namespaceId);
        }
    }
}
