package org.apache.kylin.rest.service;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.annotation.Nullable;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.persistence.JsonSerializer;
import org.apache.kylin.common.persistence.ResourceStore;
import org.apache.kylin.common.persistence.Serializer;
import org.apache.kylin.common.persistence.WriteConflictException;
import org.apache.kylin.common.util.AutoReadWriteLock;
import org.apache.kylin.metadata.cachesync.Broadcaster;
import org.apache.kylin.metadata.cachesync.CachedCrudAssist;
import org.apache.kylin.metadata.cachesync.CaseInsensitiveStringCache;
import org.apache.kylin.rest.exception.BadRequestException;
import org.apache.kylin.rest.exception.InternalErrorException;
import org.apache.kylin.rest.msg.Message;
import org.apache.kylin.rest.msg.MsgPicker;
import org.apache.kylin.rest.security.springacl.AclRecord;
import org.apache.kylin.rest.security.springacl.MutableAclRecord;
import org.apache.kylin.rest.security.springacl.ObjectIdentityImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.acls.domain.PermissionFactory;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.model.Acl;
import org.springframework.security.acls.model.AlreadyExistsException;
import org.springframework.security.acls.model.ChildrenExistException;
import org.springframework.security.acls.model.MutableAcl;
import org.springframework.security.acls.model.MutableAclService;
import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.model.PermissionGrantingStrategy;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component("aclService")
/* loaded from: input_file:WEB-INF/lib/kylin-server-base-3.0.0.jar:org/apache/kylin/rest/service/AclService.class */
public class AclService implements MutableAclService, InitializingBean {
    public static final String DIR_PREFIX = "/acl/";

    @Autowired
    protected PermissionGrantingStrategy permissionGrantingStrategy;

    @Autowired
    protected PermissionFactory aclPermissionFactory;
    private CaseInsensitiveStringCache<AclRecord> aclMap;
    private CachedCrudAssist<AclRecord> crud;
    private AutoReadWriteLock lock = new AutoReadWriteLock();
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AclService.class);
    public static final Serializer<AclRecord> SERIALIZER = new JsonSerializer(AclRecord.class, true);

    /* loaded from: input_file:WEB-INF/lib/kylin-server-base-3.0.0.jar:org/apache/kylin/rest/service/AclService$AclRecordSyncListener.class */
    private class AclRecordSyncListener extends Broadcaster.Listener {
        private AclRecordSyncListener() {
        }

        @Override // org.apache.kylin.metadata.cachesync.Broadcaster.Listener
        public void onEntityChange(Broadcaster broadcaster, String str, Broadcaster.Event event, String str2) throws IOException {
            AutoReadWriteLock.AutoLock lockForWrite = AclService.this.lock.lockForWrite();
            Throwable th = null;
            try {
                if (event == Broadcaster.Event.DROP) {
                    AclService.this.aclMap.removeLocal(str2);
                } else {
                    AclService.this.crud.reloadQuietly(str2);
                }
                broadcaster.notifyProjectACLUpdate(str2);
            } finally {
                if (lockForWrite != null) {
                    if (0 != 0) {
                        try {
                            lockForWrite.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        lockForWrite.close();
                    }
                }
            }
        }

        @Override // org.apache.kylin.metadata.cachesync.Broadcaster.Listener
        public void onClearAll(Broadcaster broadcaster) throws IOException {
            AutoReadWriteLock.AutoLock lockForWrite = AclService.this.lock.lockForWrite();
            Throwable th = null;
            try {
                try {
                    AclService.this.aclMap.clear();
                    if (lockForWrite != null) {
                        if (0 == 0) {
                            lockForWrite.close();
                            return;
                        }
                        try {
                            lockForWrite.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (lockForWrite != null) {
                    if (th != null) {
                        try {
                            lockForWrite.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        lockForWrite.close();
                    }
                }
                throw th4;
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/kylin-server-base-3.0.0.jar:org/apache/kylin/rest/service/AclService$AclRecordUpdater.class */
    public interface AclRecordUpdater {
        void update(AclRecord aclRecord);
    }

    public AclService() throws IOException {
        KylinConfig instanceFromEnv = KylinConfig.getInstanceFromEnv();
        ResourceStore store = ResourceStore.getStore(instanceFromEnv);
        this.aclMap = new CaseInsensitiveStringCache<>(instanceFromEnv, "acl");
        this.crud = new CachedCrudAssist<AclRecord>(store, "/acl", "", AclRecord.class, this.aclMap, true) { // from class: org.apache.kylin.rest.service.AclService.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.kylin.metadata.cachesync.CachedCrudAssist
            public AclRecord initEntityAfterReload(AclRecord aclRecord, String str) {
                aclRecord.init(null, AclService.this.aclPermissionFactory, AclService.this.permissionGrantingStrategy);
                return aclRecord;
            }
        };
        this.crud.reloadAll();
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Broadcaster.getInstance(KylinConfig.getInstanceFromEnv()).registerStaticListener(new AclRecordSyncListener(), "acl");
    }

    @Override // org.springframework.security.acls.model.AclService
    public List<ObjectIdentity> findChildren(ObjectIdentity objectIdentity) {
        ArrayList arrayList = new ArrayList();
        AutoReadWriteLock.AutoLock lockForRead = this.lock.lockForRead();
        Throwable th = null;
        try {
            try {
                ArrayList<AclRecord> arrayList2 = new ArrayList(this.aclMap.values());
                if (lockForRead != null) {
                    if (0 != 0) {
                        try {
                            lockForRead.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        lockForRead.close();
                    }
                }
                for (AclRecord aclRecord : arrayList2) {
                    ObjectIdentityImpl parentDomainObjectInfo = aclRecord.getParentDomainObjectInfo();
                    if (parentDomainObjectInfo != null && parentDomainObjectInfo.equals(objectIdentity)) {
                        arrayList.add(aclRecord.getDomainObjectInfo());
                    }
                }
                return arrayList;
            } finally {
            }
        } catch (Throwable th3) {
            if (lockForRead != null) {
                if (th != null) {
                    try {
                        lockForRead.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    lockForRead.close();
                }
            }
            throw th3;
        }
    }

    public MutableAclRecord readAcl(ObjectIdentity objectIdentity) throws NotFoundException {
        return (MutableAclRecord) readAclById(objectIdentity);
    }

    @Override // org.springframework.security.acls.model.AclService
    public Acl readAclById(ObjectIdentity objectIdentity) throws NotFoundException {
        return readAclsById(Arrays.asList(objectIdentity), null).get(objectIdentity);
    }

    @Override // org.springframework.security.acls.model.AclService
    public Acl readAclById(ObjectIdentity objectIdentity, List<Sid> list) throws NotFoundException {
        Message msg = MsgPicker.getMsg();
        Map<ObjectIdentity, Acl> readAclsById = readAclsById(Arrays.asList(objectIdentity), list);
        if (readAclsById.containsKey(objectIdentity)) {
            return readAclsById.get(objectIdentity);
        }
        throw new BadRequestException(String.format(Locale.ROOT, msg.getNO_ACL_ENTRY(), objectIdentity));
    }

    @Override // org.springframework.security.acls.model.AclService
    public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> list) throws NotFoundException {
        return readAclsById(list, null);
    }

    @Override // org.springframework.security.acls.model.AclService
    public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> list, List<Sid> list2) throws NotFoundException {
        HashMap hashMap = new HashMap();
        for (ObjectIdentity objectIdentity : list) {
            AclRecord aclRecordByCache = getAclRecordByCache(objID(objectIdentity));
            if (aclRecordByCache == null) {
                throw new NotFoundException(String.format(Locale.ROOT, MsgPicker.getMsg().getACL_INFO_NOT_FOUND(), objectIdentity));
            }
            Acl acl = null;
            if (aclRecordByCache.isEntriesInheriting() && aclRecordByCache.getParentDomainObjectInfo() != null) {
                acl = readAclById(aclRecordByCache.getParentDomainObjectInfo());
            }
            aclRecordByCache.init(acl, this.aclPermissionFactory, this.permissionGrantingStrategy);
            hashMap.put(objectIdentity, new MutableAclRecord(aclRecordByCache));
        }
        return hashMap;
    }

    /* JADX WARN: Failed to calculate best type for var: r7v1 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 7, insn: 0x0099: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r7 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:26:0x0099 */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x009d: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:28:0x009d */
    /* JADX WARN: Type inference failed for: r7v1, types: [org.apache.kylin.common.util.AutoReadWriteLock$AutoLock] */
    /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable] */
    @Override // org.springframework.security.acls.model.MutableAclService
    public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
        try {
            try {
                AutoReadWriteLock.AutoLock lockForWrite = this.lock.lockForWrite();
                Throwable th = null;
                if (getAclRecordByCache(objID(objectIdentity)) != null) {
                    throw new AlreadyExistsException("ACL of " + objectIdentity + " exists!");
                }
                this.crud.save(newPrjACL(objectIdentity));
                logger.debug("ACL of " + objectIdentity + " created successfully.");
                if (lockForWrite != null) {
                    if (0 != 0) {
                        try {
                            lockForWrite.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        lockForWrite.close();
                    }
                }
                return (MutableAcl) readAclById(objectIdentity);
            } finally {
            }
        } catch (IOException e) {
            throw new InternalErrorException(e);
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r12v1 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r13v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 12, insn: 0x00c6: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r12 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:32:0x00c6 */
    /* JADX WARN: Not initialized variable reg: 13, insn: 0x00ca: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r13 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:34:0x00ca */
    /* JADX WARN: Type inference failed for: r12v1, types: [org.apache.kylin.common.util.AutoReadWriteLock$AutoLock] */
    /* JADX WARN: Type inference failed for: r13v0, types: [java.lang.Throwable] */
    @Override // org.springframework.security.acls.model.MutableAclService
    public void deleteAcl(ObjectIdentity objectIdentity, boolean z) throws ChildrenExistException {
        try {
            try {
                AutoReadWriteLock.AutoLock lockForWrite = this.lock.lockForWrite();
                Throwable th = null;
                List<ObjectIdentity> findChildren = findChildren(objectIdentity);
                if (!z && findChildren.size() > 0) {
                    throw new BadRequestException(String.format(Locale.ROOT, MsgPicker.getMsg().getIDENTITY_EXIST_CHILDREN(), objectIdentity));
                }
                Iterator<ObjectIdentity> it = findChildren.iterator();
                while (it.hasNext()) {
                    deleteAcl(it.next(), z);
                }
                this.crud.delete(objID(objectIdentity));
                logger.debug("ACL of " + objectIdentity + " deleted successfully.");
                if (lockForWrite != null) {
                    if (0 != 0) {
                        try {
                            lockForWrite.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        lockForWrite.close();
                    }
                }
            } finally {
            }
        } catch (IOException e) {
            throw new InternalErrorException(e);
        }
    }

    @Override // org.springframework.security.acls.model.MutableAclService
    public MutableAcl updateAcl(MutableAcl mutableAcl) throws NotFoundException {
        try {
            AutoReadWriteLock.AutoLock lockForWrite = this.lock.lockForWrite();
            Throwable th = null;
            try {
                try {
                    this.crud.save(((MutableAclRecord) mutableAcl).getAclRecord());
                    logger.debug("ACL of " + mutableAcl.getObjectIdentity() + " updated successfully.");
                    if (lockForWrite != null) {
                        if (0 != 0) {
                            try {
                                lockForWrite.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            lockForWrite.close();
                        }
                    }
                    return mutableAcl;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new InternalErrorException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MutableAclRecord upsertAce(MutableAclRecord mutableAclRecord, final Sid sid, final Permission permission) {
        return updateAclWithRetry(mutableAclRecord, new AclRecordUpdater() { // from class: org.apache.kylin.rest.service.AclService.2
            @Override // org.apache.kylin.rest.service.AclService.AclRecordUpdater
            public void update(AclRecord aclRecord) {
                aclRecord.upsertAce(permission, sid);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void batchUpsertAce(MutableAclRecord mutableAclRecord, final Map<Sid, Permission> map) {
        updateAclWithRetry(mutableAclRecord, new AclRecordUpdater() { // from class: org.apache.kylin.rest.service.AclService.3
            @Override // org.apache.kylin.rest.service.AclService.AclRecordUpdater
            public void update(AclRecord aclRecord) {
                for (Sid sid : map.keySet()) {
                    aclRecord.upsertAce((Permission) map.get(sid), sid);
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MutableAclRecord inherit(MutableAclRecord mutableAclRecord, final MutableAclRecord mutableAclRecord2) {
        return updateAclWithRetry(mutableAclRecord, new AclRecordUpdater() { // from class: org.apache.kylin.rest.service.AclService.4
            @Override // org.apache.kylin.rest.service.AclService.AclRecordUpdater
            public void update(AclRecord aclRecord) {
                aclRecord.setEntriesInheriting(true);
                aclRecord.setParent(mutableAclRecord2);
            }
        });
    }

    @Nullable
    private AclRecord getAclRecordByCache(String str) {
        AutoReadWriteLock.AutoLock lockForRead = this.lock.lockForRead();
        Throwable th = null;
        try {
            try {
                if (this.aclMap.size() > 0) {
                    AclRecord aclRecord = this.aclMap.get(str);
                    if (lockForRead != null) {
                        if (0 != 0) {
                            try {
                                lockForRead.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            lockForRead.close();
                        }
                    }
                    return aclRecord;
                }
                if (lockForRead != null) {
                    if (0 != 0) {
                        try {
                            lockForRead.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        lockForRead.close();
                    }
                }
                try {
                    AutoReadWriteLock.AutoLock lockForWrite = this.lock.lockForWrite();
                    Throwable th4 = null;
                    try {
                        try {
                            this.crud.reloadAll();
                            AclRecord aclRecord2 = this.aclMap.get(str);
                            if (lockForWrite != null) {
                                if (0 != 0) {
                                    try {
                                        lockForWrite.close();
                                    } catch (Throwable th5) {
                                        th4.addSuppressed(th5);
                                    }
                                } else {
                                    lockForWrite.close();
                                }
                            }
                            return aclRecord2;
                        } finally {
                        }
                    } finally {
                    }
                } catch (IOException e) {
                    throw new RuntimeException("Can not get ACL record from cache.", e);
                }
            } finally {
            }
        } catch (Throwable th6) {
            if (lockForRead != null) {
                if (th != null) {
                    try {
                        lockForRead.close();
                    } catch (Throwable th7) {
                        th.addSuppressed(th7);
                    }
                } else {
                    lockForRead.close();
                }
            }
            throw th6;
        }
    }

    private AclRecord newPrjACL(ObjectIdentity objectIdentity) {
        AclRecord aclRecord = new AclRecord(objectIdentity, getCurrentSid());
        aclRecord.init(null, this.aclPermissionFactory, this.permissionGrantingStrategy);
        aclRecord.updateRandomUuid();
        return aclRecord;
    }

    private Sid getCurrentSid() {
        return new PrincipalSid(SecurityContextHolder.getContext().getAuthentication());
    }

    private MutableAclRecord updateAclWithRetry(MutableAclRecord mutableAclRecord, AclRecordUpdater aclRecordUpdater) {
        int i = 7;
        while (true) {
            int i2 = i;
            i--;
            if (i2 <= 0) {
                throw new RuntimeException("should not reach here");
            }
            AclRecord aclRecord = mutableAclRecord.getAclRecord();
            aclRecordUpdater.update(aclRecord);
            try {
                this.crud.save(aclRecord);
                return mutableAclRecord;
            } catch (IOException e) {
                throw new InternalErrorException(e);
            } catch (WriteConflictException e2) {
                if (i <= 0) {
                    logger.error("Retry is out, till got error, abandoning...", (Throwable) e2);
                    throw e2;
                }
                logger.warn("Write conflict to update ACL " + resourceKey(aclRecord.getObjectIdentity()) + " retry remaining " + i + ", will retry...");
                mutableAclRecord = readAcl(mutableAclRecord.getObjectIdentity());
            }
        }
    }

    private static String resourceKey(ObjectIdentity objectIdentity) {
        return resourceKey(objID(objectIdentity));
    }

    private static String objID(ObjectIdentity objectIdentity) {
        return String.valueOf(objectIdentity.getIdentifier());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String resourceKey(String str) {
        return DIR_PREFIX + str;
    }
}
