package org.apache.kylin.rest.service;

import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.JsonMappingException;
import java.io.IOException;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.persistence.JsonSerializer;
import org.apache.kylin.common.persistence.ResourceStore;
import org.apache.kylin.common.persistence.Serializer;
import org.apache.kylin.rest.exception.BadRequestException;
import org.apache.kylin.rest.exception.InternalErrorException;
import org.apache.kylin.rest.msg.Message;
import org.apache.kylin.rest.msg.MsgPicker;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.acls.domain.AccessControlEntryImpl;
import org.springframework.security.acls.domain.AclAuthorizationStrategy;
import org.springframework.security.acls.domain.AclImpl;
import org.springframework.security.acls.domain.AuditLogger;
import org.springframework.security.acls.domain.GrantedAuthoritySid;
import org.springframework.security.acls.domain.ObjectIdentityImpl;
import org.springframework.security.acls.domain.PermissionFactory;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.model.AccessControlEntry;
import org.springframework.security.acls.model.Acl;
import org.springframework.security.acls.model.AlreadyExistsException;
import org.springframework.security.acls.model.ChildrenExistException;
import org.springframework.security.acls.model.MutableAcl;
import org.springframework.security.acls.model.MutableAclService;
import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.security.acls.model.PermissionGrantingStrategy;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.util.FieldUtils;
import org.springframework.stereotype.Component;

@Component("aclService")
/* loaded from: input_file:WEB-INF/lib/kylin-server-base-2.1.0.jar:org/apache/kylin/rest/service/AclService.class */
public class AclService implements MutableAclService {
    private final Field fieldAces = FieldUtils.getField(AclImpl.class, "aces");
    private final Field fieldAcl = FieldUtils.getField(AccessControlEntryImpl.class, "acl");
    public static final String DIR_PREFIX = "/acl/";

    @Autowired
    protected PermissionGrantingStrategy permissionGrantingStrategy;

    @Autowired
    protected PermissionFactory aclPermissionFactory;

    @Autowired
    protected AclAuthorizationStrategy aclAuthorizationStrategy;

    @Autowired
    protected AuditLogger auditLogger;
    protected ResourceStore aclStore;

    @Autowired
    @Qualifier("userService")
    protected UserService userService;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AclService.class);
    public static final Serializer<AclRecord> SERIALIZER = new JsonSerializer(AclRecord.class);

    public AclService() throws IOException {
        this.fieldAces.setAccessible(true);
        this.fieldAcl.setAccessible(true);
        this.aclStore = ResourceStore.getStore(KylinConfig.getInstanceFromEnv());
    }

    @Override // org.springframework.security.acls.model.AclService
    public List<ObjectIdentity> findChildren(ObjectIdentity objectIdentity) {
        ArrayList arrayList = new ArrayList();
        try {
            for (AclRecord aclRecord : this.aclStore.getAllResources(String.valueOf(DIR_PREFIX), AclRecord.class, SERIALIZER)) {
                DomainObjectInfo parentDomainObjectInfo = aclRecord.getParentDomainObjectInfo();
                if (parentDomainObjectInfo != null && parentDomainObjectInfo.getId().equals(String.valueOf(objectIdentity.getIdentifier()))) {
                    DomainObjectInfo domainObjectInfo = aclRecord.getDomainObjectInfo();
                    arrayList.add(new ObjectIdentityImpl(domainObjectInfo.getType(), domainObjectInfo.getId()));
                }
            }
            return arrayList;
        } catch (IOException e) {
            throw new InternalErrorException(e);
        }
    }

    @Override // org.springframework.security.acls.model.AclService
    public Acl readAclById(ObjectIdentity objectIdentity) throws NotFoundException {
        return readAclsById(Arrays.asList(objectIdentity), null).get(objectIdentity);
    }

    @Override // org.springframework.security.acls.model.AclService
    public Acl readAclById(ObjectIdentity objectIdentity, List<Sid> list) throws NotFoundException {
        Message msg = MsgPicker.getMsg();
        Map<ObjectIdentity, Acl> readAclsById = readAclsById(Arrays.asList(objectIdentity), list);
        if (readAclsById.containsKey(objectIdentity)) {
            return readAclsById.get(objectIdentity);
        }
        throw new BadRequestException(String.format(msg.getNO_ACL_ENTRY(), objectIdentity));
    }

    @Override // org.springframework.security.acls.model.AclService
    public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> list) throws NotFoundException {
        return readAclsById(list, null);
    }

    @Override // org.springframework.security.acls.model.AclService
    public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> list, List<Sid> list2) throws NotFoundException {
        Message msg = MsgPicker.getMsg();
        HashMap hashMap = new HashMap();
        try {
            for (ObjectIdentity objectIdentity : list) {
                AclRecord aclRecord = (AclRecord) this.aclStore.getResource(getQueryKeyById(String.valueOf(objectIdentity.getIdentifier())), AclRecord.class, SERIALIZER);
                if (aclRecord == null || aclRecord.getOwnerInfo() == null) {
                    throw new NotFoundException(String.format(msg.getACL_INFO_NOT_FOUND(), objectIdentity));
                }
                SidInfo ownerInfo = aclRecord.getOwnerInfo();
                Sid principalSid = ownerInfo.isPrincipal() ? new PrincipalSid(ownerInfo.getSid()) : new GrantedAuthoritySid(ownerInfo.getSid());
                boolean isEntriesInheriting = aclRecord.isEntriesInheriting();
                DomainObjectInfo parentDomainObjectInfo = aclRecord.getParentDomainObjectInfo();
                AclImpl aclImpl = new AclImpl(objectIdentity, objectIdentity.getIdentifier(), this.aclAuthorizationStrategy, this.permissionGrantingStrategy, parentDomainObjectInfo != null ? readAclById(new ObjectIdentityImpl(parentDomainObjectInfo.getType(), parentDomainObjectInfo.getId()), null) : null, null, isEntriesInheriting, principalSid);
                genAces(list2, aclRecord, aclImpl);
                hashMap.put(objectIdentity, aclImpl);
            }
            return hashMap;
        } catch (IOException e) {
            throw new InternalErrorException(e);
        }
    }

    @Override // org.springframework.security.acls.model.MutableAclService
    public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
        Acl acl = null;
        try {
            acl = readAclById(objectIdentity);
        } catch (NotFoundException e) {
        }
        if (null != acl) {
            throw new AlreadyExistsException("ACL of " + objectIdentity + " exists!");
        }
        try {
            this.aclStore.putResource(getQueryKeyById(String.valueOf(objectIdentity.getIdentifier())), new AclRecord(new DomainObjectInfo(objectIdentity), null, new SidInfo(new PrincipalSid(SecurityContextHolder.getContext().getAuthentication())), true, null), 0L, SERIALIZER);
            logger.debug("ACL of " + objectIdentity + " created successfully.");
            return (MutableAcl) readAclById(objectIdentity);
        } catch (IOException e2) {
            throw new InternalErrorException(e2);
        }
    }

    @Override // org.springframework.security.acls.model.MutableAclService
    public void deleteAcl(ObjectIdentity objectIdentity, boolean z) throws ChildrenExistException {
        Message msg = MsgPicker.getMsg();
        try {
            List<ObjectIdentity> findChildren = findChildren(objectIdentity);
            if (!z && findChildren.size() > 0) {
                throw new BadRequestException(String.format(msg.getIDENTITY_EXIST_CHILDREN(), objectIdentity));
            }
            Iterator<ObjectIdentity> it = findChildren.iterator();
            while (it.hasNext()) {
                deleteAcl(it.next(), z);
            }
            this.aclStore.deleteResource(getQueryKeyById(String.valueOf(objectIdentity.getIdentifier())));
            logger.debug("ACL of " + objectIdentity + " deleted successfully.");
        } catch (IOException e) {
            throw new InternalErrorException(e);
        }
    }

    @Override // org.springframework.security.acls.model.MutableAclService
    public MutableAcl updateAcl(MutableAcl mutableAcl) throws NotFoundException {
        Message msg = MsgPicker.getMsg();
        try {
            readAclById(mutableAcl.getObjectIdentity());
            try {
                String queryKeyById = getQueryKeyById(String.valueOf(mutableAcl.getObjectIdentity().getIdentifier()));
                AclRecord aclRecord = (AclRecord) this.aclStore.getResource(queryKeyById, AclRecord.class, SERIALIZER);
                if (mutableAcl.getParentAcl() != null) {
                    aclRecord.setParentDomainObjectInfo(new DomainObjectInfo(mutableAcl.getParentAcl().getObjectIdentity()));
                }
                if (aclRecord.getAllAceInfo() == null) {
                    aclRecord.setAllAceInfo(new HashMap());
                }
                Map<String, AceInfo> allAceInfo = aclRecord.getAllAceInfo();
                allAceInfo.clear();
                for (AccessControlEntry accessControlEntry : mutableAcl.getEntries()) {
                    if (accessControlEntry.getSid() instanceof PrincipalSid) {
                        String principal = ((PrincipalSid) accessControlEntry.getSid()).getPrincipal();
                        if (!this.userService.userExists(principal)) {
                            throw new BadRequestException(String.format(msg.getUSER_NOT_EXIST(), principal));
                        }
                    }
                    AceInfo aceInfo = new AceInfo(accessControlEntry);
                    allAceInfo.put(String.valueOf(aceInfo.getSidInfo().getSid()), aceInfo);
                }
                this.aclStore.putResourceWithoutCheck(queryKeyById, aclRecord, System.currentTimeMillis(), SERIALIZER);
                logger.debug("ACL of " + mutableAcl.getObjectIdentity() + " updated successfully.");
                return (MutableAcl) readAclById(mutableAcl.getObjectIdentity());
            } catch (IOException e) {
                throw new InternalErrorException(e);
            }
        } catch (NotFoundException e2) {
            throw e2;
        }
    }

    protected void genAces(List<Sid> list, AclRecord aclRecord, AclImpl aclImpl) throws JsonParseException, JsonMappingException, IOException {
        ArrayList arrayList = new ArrayList();
        Map<String, AceInfo> allAceInfo = aclRecord.getAllAceInfo();
        if (allAceInfo != null) {
            if (list != null) {
                for (Sid sid : list) {
                    String str = null;
                    if (sid instanceof PrincipalSid) {
                        str = ((PrincipalSid) sid).getPrincipal();
                    } else if (sid instanceof GrantedAuthoritySid) {
                        str = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                    }
                    AceInfo aceInfo = allAceInfo.get(str);
                    if (aceInfo != null) {
                        arrayList.add(aceInfo);
                    }
                }
            } else {
                arrayList.addAll(allAceInfo.values());
            }
        }
        ArrayList arrayList2 = new ArrayList();
        for (int i = 0; i < arrayList.size(); i++) {
            AceInfo aceInfo2 = (AceInfo) arrayList.get(i);
            if (null != aceInfo2) {
                arrayList2.add(new AccessControlEntryImpl(Long.valueOf(i), aclImpl, aceInfo2.getSidInfo().isPrincipal() ? new PrincipalSid(aceInfo2.getSidInfo().getSid()) : new GrantedAuthoritySid(aceInfo2.getSidInfo().getSid()), this.aclPermissionFactory.buildFromMask(aceInfo2.getPermissionMask()), true, false, false));
            }
        }
        setAces(aclImpl, arrayList2);
    }

    private void setAces(AclImpl aclImpl, List<AccessControlEntry> list) {
        try {
            this.fieldAces.set(aclImpl, list);
        } catch (IllegalAccessException e) {
            throw new IllegalStateException("Could not set AclImpl entries", e);
        }
    }

    public static String getQueryKeyById(String str) {
        return DIR_PREFIX + str;
    }
}
