package co.cask.cdap.security.authorization.sentry.policy;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.apache.sentry.policy.common.KeyValue;
import org.apache.sentry.policy.common.PolicyConstants;
import org.apache.sentry.policy.common.Privilege;

/* loaded from: input_file:lib/cdap-sentry-policy-0.7.0.jar:co/cask/cdap/security/authorization/sentry/policy/WildcardPrivilege.class */
public class WildcardPrivilege implements Privilege {
    private final List<KeyValue> privilegeParts;

    public WildcardPrivilege(String str) {
        if (Strings.isNullOrEmpty(str)) {
            throw new IllegalArgumentException("Permission string cannot be null or empty.");
        }
        ArrayList arrayList = new ArrayList();
        for (String str2 : PolicyConstants.AUTHORIZABLE_SPLITTER.trimResults().split(str)) {
            if (str2.isEmpty()) {
                throw new IllegalArgumentException("Privilege '" + str + "' has an empty section");
            }
            arrayList.add(new KeyValue(str2));
        }
        Preconditions.checkState(!arrayList.isEmpty(), "Failed to split the permission string %s into a list of Authorizables separated by %s", str, PolicyConstants.AUTHORIZABLE_SPLITTER);
        this.privilegeParts = Collections.unmodifiableList(arrayList);
    }

    @Override // org.apache.sentry.policy.common.Privilege
    public boolean implies(Privilege privilege) {
        if (!(privilege instanceof WildcardPrivilege)) {
            return false;
        }
        WildcardPrivilege wildcardPrivilege = (WildcardPrivilege) privilege;
        List<KeyValue> list = wildcardPrivilege.privilegeParts;
        if (this == wildcardPrivilege || equals(wildcardPrivilege)) {
            return true;
        }
        int i = 0;
        for (KeyValue keyValue : list) {
            if (this.privilegeParts.size() - 1 < i) {
                return true;
            }
            KeyValue keyValue2 = this.privilegeParts.get(i);
            if (!keyValue2.getKey().equalsIgnoreCase("action") || keyValue.getKey().equalsIgnoreCase("action")) {
                if (!keyValue2.getKey().equalsIgnoreCase(keyValue.getKey()) || !impliesKeyValue(keyValue2, keyValue)) {
                    return false;
                }
                i++;
            }
        }
        while (i < this.privilegeParts.size()) {
            if (!this.privilegeParts.get(i).getValue().equals("all")) {
                return false;
            }
            i++;
        }
        return true;
    }

    private boolean impliesKeyValue(KeyValue keyValue, KeyValue keyValue2) {
        Preconditions.checkState(keyValue.getKey().equalsIgnoreCase(keyValue2.getKey()), String.format("Privilege Key Mismatch: Key %s and %s does not match.", keyValue.getKey(), keyValue2.getKey()));
        if ("action".equalsIgnoreCase(keyValue.getKey()) && keyValue.getValue().equalsIgnoreCase("all")) {
            return true;
        }
        return keyValue.equals(keyValue2);
    }
}
