package org.apache.kylin.rest.service;

import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.JsonMappingException;
import java.io.Closeable;
import java.io.IOException;
import java.io.Serializable;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NavigableMap;
import javax.annotation.PostConstruct;
import org.apache.commons.io.IOUtils;
import org.apache.hadoop.hbase.client.Delete;
import org.apache.hadoop.hbase.client.Get;
import org.apache.hadoop.hbase.client.HTableInterface;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.ResultScanner;
import org.apache.hadoop.hbase.client.Scan;
import org.apache.hadoop.hbase.filter.CompareFilter;
import org.apache.hadoop.hbase.filter.SingleColumnValueFilter;
import org.apache.kylin.common.util.Bytes;
import org.apache.kylin.rest.security.AclHBaseStorage;
import org.apache.kylin.rest.util.Serializer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.acls.domain.AccessControlEntryImpl;
import org.springframework.security.acls.domain.AclAuthorizationStrategy;
import org.springframework.security.acls.domain.AclImpl;
import org.springframework.security.acls.domain.AuditLogger;
import org.springframework.security.acls.domain.GrantedAuthoritySid;
import org.springframework.security.acls.domain.ObjectIdentityImpl;
import org.springframework.security.acls.domain.PermissionFactory;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.model.AccessControlEntry;
import org.springframework.security.acls.model.Acl;
import org.springframework.security.acls.model.AlreadyExistsException;
import org.springframework.security.acls.model.ChildrenExistException;
import org.springframework.security.acls.model.MutableAcl;
import org.springframework.security.acls.model.MutableAclService;
import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.security.acls.model.PermissionGrantingStrategy;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.util.FieldUtils;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;

@Component("aclService")
/* loaded from: input_file:WEB-INF/classes/org/apache/kylin/rest/service/AclService.class */
public class AclService implements MutableAclService {
    private static final Logger logger = LoggerFactory.getLogger(AclService.class);
    private static String ACL_INFO_FAMILY_TYPE_COLUMN = "t";
    private static String ACL_INFO_FAMILY_OWNER_COLUMN = "o";
    private static String ACL_INFO_FAMILY_PARENT_COLUMN = "p";
    private static String ACL_INFO_FAMILY_ENTRY_INHERIT_COLUMN = "i";
    private Serializer<SidInfo> sidSerializer = new Serializer<>(SidInfo.class);
    private Serializer<DomainObjectInfo> domainObjSerializer = new Serializer<>(DomainObjectInfo.class);
    private Serializer<AceInfo> aceSerializer = new Serializer<>(AceInfo.class);
    private String aclTableName = null;
    private final Field fieldAces = FieldUtils.getField(AclImpl.class, "aces");
    private final Field fieldAcl = FieldUtils.getField(AccessControlEntryImpl.class, "acl");

    @Autowired
    protected PermissionGrantingStrategy permissionGrantingStrategy;

    @Autowired
    protected PermissionFactory aclPermissionFactory;

    @Autowired
    protected AclAuthorizationStrategy aclAuthorizationStrategy;

    @Autowired
    protected AuditLogger auditLogger;

    @Autowired
    protected AclHBaseStorage aclHBaseStorage;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/classes/org/apache/kylin/rest/service/AclService$AceInfo.class */
    public static class AceInfo {
        private SidInfo sidInfo;
        private int permissionMask;

        public AceInfo() {
        }

        public AceInfo(AccessControlEntry accessControlEntry) {
            this.sidInfo = new SidInfo(accessControlEntry.getSid());
            this.permissionMask = accessControlEntry.getPermission().getMask();
        }

        public SidInfo getSidInfo() {
            return this.sidInfo;
        }

        public void setSidInfo(SidInfo sidInfo) {
            this.sidInfo = sidInfo;
        }

        public int getPermissionMask() {
            return this.permissionMask;
        }

        public void setPermissionMask(int i) {
            this.permissionMask = i;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/classes/org/apache/kylin/rest/service/AclService$DomainObjectInfo.class */
    public static class DomainObjectInfo {
        private String id;
        private String type;

        public DomainObjectInfo() {
        }

        public DomainObjectInfo(ObjectIdentity objectIdentity) {
            this.id = (String) objectIdentity.getIdentifier();
            this.type = objectIdentity.getType();
        }

        public Serializable getId() {
            return this.id;
        }

        public void setId(String str) {
            this.id = str;
        }

        public String getType() {
            return this.type;
        }

        public void setType(String str) {
            this.type = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/classes/org/apache/kylin/rest/service/AclService$SidInfo.class */
    public static class SidInfo {
        private String sid;
        private boolean isPrincipal;

        public SidInfo() {
        }

        public SidInfo(Sid sid) {
            if (sid instanceof PrincipalSid) {
                this.sid = ((PrincipalSid) sid).getPrincipal();
                this.isPrincipal = true;
            } else if (sid instanceof GrantedAuthoritySid) {
                this.sid = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                this.isPrincipal = false;
            }
        }

        public String getSid() {
            return this.sid;
        }

        public void setSid(String str) {
            this.sid = str;
        }

        public boolean isPrincipal() {
            return this.isPrincipal;
        }

        public void setPrincipal(boolean z) {
            this.isPrincipal = z;
        }
    }

    public AclService() throws IOException {
        this.fieldAces.setAccessible(true);
        this.fieldAcl.setAccessible(true);
    }

    @PostConstruct
    public void init() throws IOException {
        this.aclTableName = this.aclHBaseStorage.prepareHBaseTable(AclService.class);
    }

    @Override // org.springframework.security.acls.model.AclService
    public List<ObjectIdentity> findChildren(ObjectIdentity objectIdentity) {
        ArrayList arrayList = new ArrayList();
        HTableInterface hTableInterface = null;
        try {
            try {
                hTableInterface = this.aclHBaseStorage.getTable(this.aclTableName);
                Scan scan = new Scan();
                SingleColumnValueFilter singleColumnValueFilter = new SingleColumnValueFilter(Bytes.toBytes("i"), Bytes.toBytes(ACL_INFO_FAMILY_PARENT_COLUMN), CompareFilter.CompareOp.EQUAL, this.domainObjSerializer.serialize(new DomainObjectInfo(objectIdentity)));
                singleColumnValueFilter.setFilterIfMissing(true);
                scan.setFilter(singleColumnValueFilter);
                ResultScanner scanner = hTableInterface.getScanner(scan);
                for (Result next = scanner.next(); next != null; next = scanner.next()) {
                    arrayList.add(new ObjectIdentityImpl(Bytes.toString(next.getValue(Bytes.toBytes("i"), Bytes.toBytes(ACL_INFO_FAMILY_TYPE_COLUMN))), Bytes.toString(next.getRow())));
                }
                IOUtils.closeQuietly((Closeable) hTableInterface);
                return arrayList;
            } catch (IOException e) {
                throw new RuntimeException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((Closeable) hTableInterface);
            throw th;
        }
    }

    @Override // org.springframework.security.acls.model.AclService
    public Acl readAclById(ObjectIdentity objectIdentity) throws NotFoundException {
        return readAclsById(Arrays.asList(objectIdentity), null).get(objectIdentity);
    }

    @Override // org.springframework.security.acls.model.AclService
    public Acl readAclById(ObjectIdentity objectIdentity, List<Sid> list) throws NotFoundException {
        Map<ObjectIdentity, Acl> readAclsById = readAclsById(Arrays.asList(objectIdentity), list);
        Assert.isTrue(readAclsById.containsKey(objectIdentity), "There should have been an Acl entry for ObjectIdentity " + objectIdentity);
        return readAclsById.get(objectIdentity);
    }

    @Override // org.springframework.security.acls.model.AclService
    public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> list) throws NotFoundException {
        return readAclsById(list, null);
    }

    @Override // org.springframework.security.acls.model.AclService
    public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> list, List<Sid> list2) throws NotFoundException {
        HashMap hashMap = new HashMap();
        HTableInterface hTableInterface = null;
        try {
            try {
                hTableInterface = this.aclHBaseStorage.getTable(this.aclTableName);
                for (ObjectIdentity objectIdentity : list) {
                    Result result = hTableInterface.get(new Get(Bytes.toBytes(String.valueOf(objectIdentity.getIdentifier()))));
                    if (null == result || result.isEmpty()) {
                        throw new NotFoundException("Unable to find ACL information for object identity '" + objectIdentity + "'");
                    }
                    SidInfo deserialize = this.sidSerializer.deserialize(result.getValue(Bytes.toBytes("i"), Bytes.toBytes(ACL_INFO_FAMILY_OWNER_COLUMN)));
                    Sid principalSid = null == deserialize ? null : deserialize.isPrincipal() ? new PrincipalSid(deserialize.getSid()) : new GrantedAuthoritySid(deserialize.getSid());
                    boolean z = Bytes.toBoolean(result.getValue(Bytes.toBytes("i"), Bytes.toBytes(ACL_INFO_FAMILY_ENTRY_INHERIT_COLUMN)));
                    DomainObjectInfo deserialize2 = this.domainObjSerializer.deserialize(result.getValue(Bytes.toBytes("i"), Bytes.toBytes(ACL_INFO_FAMILY_PARENT_COLUMN)));
                    AclImpl aclImpl = new AclImpl(objectIdentity, objectIdentity.getIdentifier(), this.aclAuthorizationStrategy, this.permissionGrantingStrategy, null != deserialize2 ? readAclById(new ObjectIdentityImpl(deserialize2.getType(), deserialize2.getId()), null) : null, (List<Sid>) null, z, principalSid);
                    genAces(list2, result, aclImpl);
                    hashMap.put(objectIdentity, aclImpl);
                }
                IOUtils.closeQuietly((Closeable) hTableInterface);
                return hashMap;
            } catch (IOException e) {
                throw new RuntimeException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((Closeable) hTableInterface);
            throw th;
        }
    }

    @Override // org.springframework.security.acls.model.MutableAclService
    public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
        Acl acl = null;
        try {
            acl = readAclById(objectIdentity);
        } catch (NotFoundException e) {
        }
        if (null != acl) {
            throw new AlreadyExistsException("ACL of " + objectIdentity + " exists!");
        }
        PrincipalSid principalSid = new PrincipalSid(SecurityContextHolder.getContext().getAuthentication());
        HTableInterface hTableInterface = null;
        try {
            try {
                hTableInterface = this.aclHBaseStorage.getTable(this.aclTableName);
                Put put = new Put(Bytes.toBytes(String.valueOf(objectIdentity.getIdentifier())));
                put.add(Bytes.toBytes("i"), Bytes.toBytes(ACL_INFO_FAMILY_TYPE_COLUMN), Bytes.toBytes(objectIdentity.getType()));
                put.add(Bytes.toBytes("i"), Bytes.toBytes(ACL_INFO_FAMILY_OWNER_COLUMN), this.sidSerializer.serialize(new SidInfo(principalSid)));
                put.add(Bytes.toBytes("i"), Bytes.toBytes(ACL_INFO_FAMILY_ENTRY_INHERIT_COLUMN), Bytes.toBytes(true));
                hTableInterface.put(put);
                hTableInterface.flushCommits();
                logger.debug("ACL of " + objectIdentity + " created successfully.");
                IOUtils.closeQuietly((Closeable) hTableInterface);
                return (MutableAcl) readAclById(objectIdentity);
            } catch (IOException e2) {
                throw new RuntimeException(e2.getMessage(), e2);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((Closeable) hTableInterface);
            throw th;
        }
    }

    @Override // org.springframework.security.acls.model.MutableAclService
    public void deleteAcl(ObjectIdentity objectIdentity, boolean z) throws ChildrenExistException {
        try {
            try {
                HTableInterface table = this.aclHBaseStorage.getTable(this.aclTableName);
                Delete delete = new Delete(Bytes.toBytes(String.valueOf(objectIdentity.getIdentifier())));
                List<ObjectIdentity> findChildren = findChildren(objectIdentity);
                if (!z && findChildren.size() > 0) {
                    throw new ChildrenExistException("Children exists for " + objectIdentity);
                }
                Iterator<ObjectIdentity> it2 = findChildren.iterator();
                while (it2.hasNext()) {
                    deleteAcl(it2.next(), z);
                }
                table.delete(delete);
                table.flushCommits();
                logger.debug("ACL of " + objectIdentity + " deleted successfully.");
                IOUtils.closeQuietly((Closeable) table);
            } catch (IOException e) {
                throw new RuntimeException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((Closeable) null);
            throw th;
        }
    }

    @Override // org.springframework.security.acls.model.MutableAclService
    public MutableAcl updateAcl(MutableAcl mutableAcl) throws NotFoundException {
        try {
            readAclById(mutableAcl.getObjectIdentity());
            HTableInterface hTableInterface = null;
            try {
                try {
                    hTableInterface = this.aclHBaseStorage.getTable(this.aclTableName);
                    Delete delete = new Delete(Bytes.toBytes(String.valueOf(mutableAcl.getObjectIdentity().getIdentifier())));
                    delete.deleteFamily(Bytes.toBytes("a"));
                    hTableInterface.delete(delete);
                    Put put = new Put(Bytes.toBytes(String.valueOf(mutableAcl.getObjectIdentity().getIdentifier())));
                    if (null != mutableAcl.getParentAcl()) {
                        put.add(Bytes.toBytes("i"), Bytes.toBytes(ACL_INFO_FAMILY_PARENT_COLUMN), this.domainObjSerializer.serialize(new DomainObjectInfo(mutableAcl.getParentAcl().getObjectIdentity())));
                    }
                    Iterator<AccessControlEntry> it2 = mutableAcl.getEntries().iterator();
                    while (it2.hasNext()) {
                        AceInfo aceInfo = new AceInfo(it2.next());
                        put.add(Bytes.toBytes("a"), Bytes.toBytes(aceInfo.getSidInfo().getSid()), this.aceSerializer.serialize(aceInfo));
                    }
                    if (!put.isEmpty()) {
                        hTableInterface.put(put);
                        hTableInterface.flushCommits();
                        logger.debug("ACL of " + mutableAcl.getObjectIdentity() + " updated successfully.");
                    }
                    IOUtils.closeQuietly((Closeable) hTableInterface);
                    return (MutableAcl) readAclById(mutableAcl.getObjectIdentity());
                } catch (IOException e) {
                    throw new RuntimeException(e.getMessage(), e);
                }
            } catch (Throwable th) {
                IOUtils.closeQuietly((Closeable) hTableInterface);
                throw th;
            }
        } catch (NotFoundException e2) {
            throw e2;
        }
    }

    private void genAces(List<Sid> list, Result result, AclImpl aclImpl) throws JsonParseException, JsonMappingException, IOException {
        ArrayList arrayList = new ArrayList();
        if (null != list) {
            for (Sid sid : list) {
                String str = null;
                if (sid instanceof PrincipalSid) {
                    str = ((PrincipalSid) sid).getPrincipal();
                } else if (sid instanceof GrantedAuthoritySid) {
                    str = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                }
                AceInfo deserialize = this.aceSerializer.deserialize(result.getValue(Bytes.toBytes("a"), Bytes.toBytes(str)));
                if (null != deserialize) {
                    arrayList.add(deserialize);
                }
            }
        } else {
            NavigableMap familyMap = result.getFamilyMap(Bytes.toBytes("a"));
            Iterator it2 = familyMap.keySet().iterator();
            while (it2.hasNext()) {
                AceInfo deserialize2 = this.aceSerializer.deserialize((byte[]) familyMap.get((byte[]) it2.next()));
                if (null != deserialize2) {
                    arrayList.add(deserialize2);
                }
            }
        }
        ArrayList arrayList2 = new ArrayList();
        for (int i = 0; i < arrayList.size(); i++) {
            AceInfo aceInfo = (AceInfo) arrayList.get(i);
            if (null != aceInfo) {
                arrayList2.add(new AccessControlEntryImpl(Long.valueOf(i), aclImpl, aceInfo.getSidInfo().isPrincipal() ? new PrincipalSid(aceInfo.getSidInfo().getSid()) : new GrantedAuthoritySid(aceInfo.getSidInfo().getSid()), this.aclPermissionFactory.buildFromMask(aceInfo.getPermissionMask()), true, false, false));
            }
        }
        setAces(aclImpl, arrayList2);
    }

    private void setAces(AclImpl aclImpl, List<AccessControlEntry> list) {
        try {
            this.fieldAces.set(aclImpl, list);
        } catch (IllegalAccessException e) {
            throw new IllegalStateException("Could not set AclImpl entries", e);
        }
    }
}
