package org.apache.ranger.authorization.atlas.authorizer;

import java.util.Set;
import org.apache.atlas.authorize.AtlasAccessRequest;
import org.apache.atlas.authorize.AtlasAuthorizationException;
import org.apache.atlas.authorize.AtlasAuthorizer;
import org.apache.atlas.authorize.AtlasResourceTypes;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.class */
public class RangerAtlasAuthorizer implements AtlasAuthorizer {
    private static final Logger LOG = LoggerFactory.getLogger(RangerAtlasAuthorizer.class);
    private static boolean isDebugEnabled = LOG.isDebugEnabled();
    private static volatile RangerBasePlugin atlasPlugin = null;

    /* loaded from: input_file:org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer$RangerAtlasPlugin.class */
    class RangerAtlasPlugin extends RangerBasePlugin {
        RangerAtlasPlugin() {
            super("atlas", "atlas");
        }
    }

    public void init() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerAtlasPlugin.init()");
        }
        if (atlasPlugin == null) {
            synchronized (RangerAtlasPlugin.class) {
                if (atlasPlugin == null) {
                    RangerAtlasPlugin rangerAtlasPlugin = new RangerAtlasPlugin();
                    rangerAtlasPlugin.init();
                    rangerAtlasPlugin.setResultProcessor(new RangerDefaultAuditHandler());
                    atlasPlugin = rangerAtlasPlugin;
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerAtlasPlugin.init()");
        }
    }

    public boolean isAccessAllowed(AtlasAccessRequest atlasAccessRequest) throws AtlasAuthorizationException {
        boolean z = true;
        if (isDebugEnabled) {
            LOG.debug("==> isAccessAllowed( " + atlasAccessRequest + " )");
        }
        String resource = atlasAccessRequest.getResource();
        String user = atlasAccessRequest.getUser();
        Set userGroups = atlasAccessRequest.getUserGroups();
        String name = atlasAccessRequest.getAction().name();
        Set<AtlasResourceTypes> resourceTypes = atlasAccessRequest.getResourceTypes();
        String clientIPAddress = atlasAccessRequest.getClientIPAddress();
        for (AtlasResourceTypes atlasResourceTypes : resourceTypes) {
            RangerAtlasAccessRequest rangerAtlasAccessRequest = new RangerAtlasAccessRequest(atlasResourceTypes, resource, name, user, userGroups, clientIPAddress);
            if (isDebugEnabled) {
                LOG.debug("Creating RangerAtlasAccessRequest with values [resource : " + resource + ", user : " + user + ", Groups : " + userGroups + ", action : " + name + ", resourceType : " + atlasResourceTypes + ", clientIP : " + clientIPAddress + "]");
            }
            z = checkAccess(rangerAtlasAccessRequest);
            if (!z) {
                break;
            }
        }
        if (isDebugEnabled) {
            LOG.debug("<== isAccessAllowed Returning value :: " + z);
        }
        return z;
    }

    private boolean checkAccess(RangerAtlasAccessRequest rangerAtlasAccessRequest) {
        boolean z;
        RangerBasePlugin rangerBasePlugin = atlasPlugin;
        if (rangerBasePlugin != null) {
            RangerAccessResult isAccessAllowed = rangerBasePlugin.isAccessAllowed(rangerAtlasAccessRequest);
            z = isAccessAllowed == null ? false : isAccessAllowed.getIsAllowed();
        } else {
            z = false;
            LOG.warn("AtlasPlugin not initialized properly : " + rangerBasePlugin + "... Access blocked!!!");
        }
        return z;
    }

    public void cleanUp() {
        if (isDebugEnabled) {
            LOG.debug("==> cleanUp ");
        }
    }
}
