package org.apache.falcon.service;

import java.io.IOException;
import java.net.InetAddress;
import java.security.AccessControlException;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.falcon.FalconException;
import org.apache.falcon.util.RuntimeProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/falcon-common-0.9.jar:org/apache/falcon/service/ProxyUserService.class */
public class ProxyUserService implements FalconService {
    private Map<String, Set<String>> proxyUserHosts = new HashMap();
    private Map<String, Set<String>> proxyUserGroups = new HashMap();
    private static final String CONF_PREFIX = "falcon.service.ProxyUserService.proxyuser.";
    private static final String GROUPS = ".groups";
    private static final String HOSTS = ".hosts";
    private static final Logger LOG = LoggerFactory.getLogger(ProxyUserService.class);
    public static final String SERVICE_NAME = ProxyUserService.class.getSimpleName();

    @Override // org.apache.falcon.service.FalconService
    public String getName() {
        return SERVICE_NAME;
    }

    @Override // org.apache.falcon.service.FalconService
    public void init() throws FalconException {
        for (Map.Entry entry : RuntimeProperties.get().entrySet()) {
            String str = (String) entry.getKey();
            if (str.startsWith(CONF_PREFIX) && str.endsWith(GROUPS)) {
                String substring = str.substring(0, str.lastIndexOf(GROUPS));
                if (RuntimeProperties.get().getProperty(substring + HOSTS) == null) {
                    throw new FalconException(substring + HOSTS + " property not set in runtime properties. Please add it.");
                }
                String substring2 = substring.substring(CONF_PREFIX.length());
                String trim = ((String) entry.getValue()).trim();
                LOG.info("Loading proxyuser settings [{}]=[{}]", str, trim);
                this.proxyUserGroups.put(substring2, trim.equals("*") ? null : new HashSet(Arrays.asList(trim.split(","))));
            }
            if (str.startsWith(CONF_PREFIX) && str.endsWith(HOSTS)) {
                String substring3 = str.substring(0, str.lastIndexOf(HOSTS));
                if (RuntimeProperties.get().getProperty(substring3 + GROUPS) == null) {
                    throw new FalconException(substring3 + GROUPS + " property not set in runtime properties. Please add it.");
                }
                String substring4 = substring3.substring(CONF_PREFIX.length());
                String trim2 = ((String) entry.getValue()).trim();
                LOG.info("Loading proxyuser settings [{}]=[{}]", str, trim2);
                HashSet hashSet = null;
                if (!trim2.equals("*")) {
                    String[] split = trim2.split(",");
                    for (int i = 0; i < split.length; i++) {
                        String str2 = split[i];
                        try {
                            split[i] = normalizeHostname(str2);
                            LOG.info("Hostname, original [{}], normalized [{}]", str2, split[i]);
                        } catch (Exception e) {
                            throw new FalconException("Exception normalizing host name: " + str2 + "." + e.getMessage(), e);
                        }
                    }
                    hashSet = new HashSet(Arrays.asList(split));
                }
                this.proxyUserHosts.put(substring4, hashSet);
            }
        }
    }

    public void validate(String str, String str2, String str3) throws IOException {
        validateNotEmpty(str, "proxyUser", "If you're attempting to use user-impersonation via a proxy user, please make sure that falcon.service.ProxyUserService.proxyuser.#USER#.hosts and falcon.service.ProxyUserService.proxyuser.#USER#.groups are configured correctly");
        validateNotEmpty(str2, "proxyHost", "If you're attempting to use user-impersonation via a proxy user, please make sure that falcon.service.ProxyUserService.proxyuser." + str + ".hosts and " + CONF_PREFIX + str + ".groups are configured correctly");
        validateNotEmpty(str3, "doAsUser", null);
        LOG.debug("Authorization check proxyuser [{}] host [{}] doAs [{}]", str, str2, str3);
        if (!this.proxyUserHosts.containsKey(str)) {
            throw new AccessControlException(MessageFormat.format("User [{0}] not defined as proxyuser. Please add it to runtime properties.", str));
        }
        validateRequestorHost(str, str2, this.proxyUserHosts.get(str));
        validateGroup(str, str3, this.proxyUserGroups.get(str));
    }

    private void validateRequestorHost(String str, String str2, Set<String> set) throws IOException {
        if (set != null && !set.contains(str2) && !set.contains(normalizeHostname(str2))) {
            throw new AccessControlException(MessageFormat.format("Unauthorized host [{0}] for proxyuser [{1}]", str2, str));
        }
    }

    private void validateGroup(String str, String str2, Set<String> set) throws IOException {
        if (set != null) {
            List<String> groups = ((GroupsService) Services.get().getService(GroupsService.SERVICE_NAME)).getGroups(str2);
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                if (groups.contains(it.next())) {
                    return;
                }
            }
            throw new AccessControlException(MessageFormat.format("Unauthorized proxyuser [{0}] for user [{1}], not in proxyuser groups", str, str2));
        }
    }

    private String normalizeHostname(String str) {
        try {
            return InetAddress.getByName(str).getCanonicalHostName();
        } catch (IOException e) {
            throw new AccessControlException(MessageFormat.format("Could not resolve host [{0}], [{1}]", str, e.getMessage()));
        }
    }

    private static void validateNotEmpty(String str, String str2, String str3) {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException(str2 + " cannot be null or empty" + (str3 == null ? "" : ", " + str3));
        }
    }

    @Override // org.apache.falcon.service.FalconService
    public void destroy() {
    }
}
