package co.cask.cdap.security.authorization;

import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.io.Locations;
import co.cask.cdap.common.lang.ClassLoaders;
import co.cask.cdap.common.lang.InstantiatorFactory;
import co.cask.cdap.common.lang.jar.BundleJarUtil;
import co.cask.cdap.common.utils.DirUtils;
import co.cask.cdap.security.spi.authorization.Authorizer;
import co.cask.cdap.security.spi.authorization.NoOpAuthorizer;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import com.google.common.base.Supplier;
import com.google.common.base.Throwables;
import com.google.common.reflect.TypeToken;
import com.google.inject.Inject;
import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.jar.Attributes;
import java.util.jar.Manifest;
import java.util.zip.ZipException;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/cask/cdap/security/authorization/AuthorizerInstantiator.class */
public class AuthorizerInstantiator implements Closeable, Supplier<Authorizer> {
    private static final Logger LOG = LoggerFactory.getLogger(AuthorizerInstantiator.class);
    private final CConfiguration cConf;
    private final boolean authenticationEnabled;
    private final boolean authorizationEnabled;
    private final InstantiatorFactory instantiatorFactory = new InstantiatorFactory(false);
    private final AuthorizationContextFactory authorizationContextFactory;
    private File tmpDir;
    private AuthorizerClassLoader authorizerClassLoader;
    private Authorizer authorizer;

    @VisibleForTesting
    @Inject
    public AuthorizerInstantiator(CConfiguration cConfiguration, AuthorizationContextFactory authorizationContextFactory) {
        this.cConf = cConfiguration;
        this.authenticationEnabled = cConfiguration.getBoolean("security.enabled");
        this.authorizationEnabled = cConfiguration.getBoolean("security.authorization.enabled");
        this.authorizationContextFactory = authorizationContextFactory;
    }

    /* renamed from: get, reason: merged with bridge method [inline-methods] */
    public synchronized Authorizer m17get() {
        if (this.authorizer != null) {
            return this.authorizer;
        }
        if (!this.authorizationEnabled) {
            LOG.debug("Authorization is disabled. Authorization can be enabled  by setting security.authorization.enabled to true.");
            this.authorizer = new NoOpAuthorizer();
            return this.authorizer;
        }
        if (!this.authenticationEnabled) {
            LOG.info("Authorization is enabled. However, authentication is disabled. Authorization policies will not be enforced. To enforce authorization policies please enable both authorization, by setting security.authorization.enabled to true and authentication, by setting security.enabledto true.");
            this.authorizer = new NoOpAuthorizer();
            return this.authorizer;
        }
        String str = this.cConf.get("security.authorization.extension.jar.path");
        String str2 = this.cConf.get("security.authorization.extension.extra.classpath");
        if (Strings.isNullOrEmpty(str)) {
            throw new IllegalArgumentException(String.format("Authorizer extension jar path not found in configuration. Please set %s in cdap-site.xml to the fully qualified path of the jar file to use as the authorization backend.", "security.authorization.extension.jar.path"));
        }
        try {
            File file = new File(str);
            ensureValidAuthExtensionJar(file);
            this.tmpDir = DirUtils.createTempDir(new File(this.cConf.get("local.data.dir"), this.cConf.get("app.temp.dir")).getAbsoluteFile());
            this.authorizerClassLoader = createAuthorizerClassLoader(file, str2);
            this.authorizer = createAndInitializeAuthorizerInstance(file);
        } catch (Exception e) {
            Throwables.propagate(e);
        }
        return this.authorizer;
    }

    private Authorizer createAndInitializeAuthorizerInstance(File file) throws IOException, InvalidAuthorizerException {
        Class<? extends Authorizer> loadAuthorizerClass = loadAuthorizerClass(file);
        ClassLoader contextClassLoader = ClassLoaders.setContextClassLoader(this.authorizerClassLoader);
        LOG.debug("Setting context classloader to {}. Old classloader was {}.", this.authorizerClassLoader, contextClassLoader);
        try {
            try {
                Authorizer authorizer = (Authorizer) this.instantiatorFactory.get(TypeToken.of(loadAuthorizerClass)).create();
                try {
                    authorizer.initialize(this.authorizationContextFactory.create(createExtensionProperties()));
                    return authorizer;
                } catch (Exception e) {
                    throw new InvalidAuthorizerException(String.format("Error while initializing authorizer extension %s.", loadAuthorizerClass.getName()), e);
                }
            } catch (Exception e2) {
                throw new InvalidAuthorizerException(String.format("Error while instantiating for authorizer extension %s. Please make sure that the extension is a public class with a default constructor.", loadAuthorizerClass.getName()), e2);
            }
        } finally {
            ClassLoaders.setContextClassLoader(contextClassLoader);
            LOG.debug("Resetting context classloader to {} from {}.", contextClassLoader, this.authorizerClassLoader);
        }
    }

    private Properties createExtensionProperties() {
        Properties properties = new Properties();
        Iterator it = this.cConf.iterator();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            if (((String) entry.getKey()).startsWith("security.authorization.extension.config.")) {
                properties.put(((String) entry.getKey()).substring("security.authorization.extension.config.".length()), entry.getValue());
            }
        }
        return properties;
    }

    private AuthorizerClassLoader createAuthorizerClassLoader(File file, @Nullable String str) throws IOException, InvalidAuthorizerException {
        LOG.info("Creating authorization extension using jar {}.", file);
        try {
            BundleJarUtil.unJar(Locations.toLocation(file), this.tmpDir);
            return new AuthorizerClassLoader(this.tmpDir, str);
        } catch (ZipException e) {
            throw new InvalidAuthorizerException(String.format("Authorization extension jar %s specified as %s must be a jar file.", file, "security.authorization.extension.jar.path"), e);
        }
    }

    private Class<? extends Authorizer> loadAuthorizerClass(File file) throws IOException, InvalidAuthorizerException {
        String authorizerClassName = getAuthorizerClassName(file);
        try {
            Class<? extends Authorizer> loadClass = this.authorizerClassLoader.loadClass(authorizerClassName);
            if (Authorizer.class.isAssignableFrom(loadClass)) {
                return loadClass;
            }
            throw new InvalidAuthorizerException(String.format("Class %s defined as %s in the authorization extension's manifest at %s must implement %s", loadClass.getName(), Attributes.Name.MAIN_CLASS, file, Authorizer.class.getName()));
        } catch (ClassNotFoundException e) {
            throw new InvalidAuthorizerException(String.format("Authorizer extension class %s not found. Please make sure that the right class is specified in the extension jar's manifest located at %s.", authorizerClassName, file), e);
        }
    }

    private String getAuthorizerClassName(File file) throws IOException, InvalidAuthorizerException {
        File file2 = new File(this.tmpDir, "META-INF/MANIFEST.MF");
        if (!file2.isFile() && !file2.exists()) {
            throw new InvalidAuthorizerException(String.format("No Manifest found in authorizer extension jar '%s'.", file));
        }
        FileInputStream fileInputStream = new FileInputStream(file2);
        Throwable th = null;
        try {
            Attributes mainAttributes = new Manifest(fileInputStream).getMainAttributes();
            if (mainAttributes == null) {
                throw new InvalidAuthorizerException(String.format("No attributes found in authorizer extension jar '%s'.", file));
            }
            if (!mainAttributes.containsKey(Attributes.Name.MAIN_CLASS)) {
                throw new InvalidAuthorizerException(String.format("Authorizer class not set in the manifest of the authorizer extension jar located at %s. Please set the attribute %s to the fully qualified class name of the class that implements %s in the extension jar's manifest.", file, Attributes.Name.MAIN_CLASS, Authorizer.class.getName()));
            }
            String value = mainAttributes.getValue(Attributes.Name.MAIN_CLASS);
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            return value;
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    private void ensureValidAuthExtensionJar(File file) throws InvalidAuthorizerException {
        if (!file.exists()) {
            throw new InvalidAuthorizerException(String.format("Authorization extension jar %s specified as %s does not exist.", file, "security.authorization.extension.jar.path"));
        }
        if (!file.isFile()) {
            throw new InvalidAuthorizerException(String.format("Authorization extension jar %s specified as %s must be a file.", file, "security.authorization.extension.jar.path"));
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.authorizer != null) {
            try {
                this.authorizer.destroy();
            } catch (Throwable th) {
                LOG.warn("Failed to destroy authorizer.", th);
            }
        }
        if (this.authorizationEnabled && this.authenticationEnabled) {
            if (this.authorizerClassLoader != null) {
                try {
                    this.authorizerClassLoader.close();
                } catch (Throwable th2) {
                    LOG.warn("Failed to close authorizer class loader", th2);
                }
            }
            if (this.tmpDir != null) {
                try {
                    DirUtils.deleteDirectoryContents(this.tmpDir);
                } catch (Throwable th3) {
                    LOG.warn("Failed to delete directory {}", this.tmpDir, th3);
                }
            }
        }
    }
}
