package org.apache.ranger.authorization.hadoop;

import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.ranger.audit.model.AuthzAuditEvent;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResource;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;

/* compiled from: RangerHdfsAuthorizer.java */
/* loaded from: input_file:org/apache/ranger/authorization/hadoop/RangerHdfsAuditHandler.class */
class RangerHdfsAuditHandler extends RangerDefaultAuditHandler {
    private boolean isAuditEnabled = false;
    private AuthzAuditEvent auditEvent = null;
    private final String pathToBeValidated;
    private final boolean auditOnlyIfDenied;
    private static HashSet<String> excludeUsers;
    private static final Log LOG = LogFactory.getLog(RangerHdfsAuditHandler.class);
    private static final String HadoopModuleName = RangerConfiguration.getInstance().get("xasecure.auditlog.hadoopAcl.name", "hadoop-acl");
    private static final String excludeUserList = RangerConfiguration.getInstance().get("xasecure.auditlog.hdfs.excludeusers", "");

    public RangerHdfsAuditHandler(String str, boolean z) {
        this.pathToBeValidated = str;
        this.auditOnlyIfDenied = z;
    }

    public void processResult(RangerAccessResult rangerAccessResult) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerHdfsAuditHandler.logAudit(" + rangerAccessResult + ")");
        }
        if (!this.isAuditEnabled && rangerAccessResult.getIsAudited()) {
            this.isAuditEnabled = true;
        }
        if (this.auditEvent == null) {
            this.auditEvent = super.getAuthzEvents(rangerAccessResult);
        }
        if (this.auditEvent != null) {
            RangerAccessRequest accessRequest = rangerAccessResult.getAccessRequest();
            RangerAccessResource resource = accessRequest.getResource();
            String asString = resource != null ? resource.getAsString() : null;
            this.auditEvent.setEventTime(accessRequest.getAccessTime() != null ? accessRequest.getAccessTime() : new Date());
            this.auditEvent.setAccessType(accessRequest.getAction());
            this.auditEvent.setResourcePath(this.pathToBeValidated);
            this.auditEvent.setResultReason(asString);
            this.auditEvent.setAccessResult((short) (rangerAccessResult.getIsAllowed() ? 1 : 0));
            this.auditEvent.setPolicyId(rangerAccessResult.getPolicyId());
            Set tags = getTags(accessRequest);
            if (tags != null) {
                this.auditEvent.setTags(tags);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerHdfsAuditHandler.logAudit(" + rangerAccessResult + "): " + this.auditEvent);
        }
    }

    public void logHadoopEvent(String str, FsAction fsAction, boolean z) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerHdfsAuditHandler.logHadoopEvent(" + str + ", " + fsAction + ", " + z + ")");
        }
        if (this.auditEvent != null) {
            this.auditEvent.setResultReason(str);
            this.auditEvent.setAccessResult((short) (z ? 1 : 0));
            this.auditEvent.setAccessType(fsAction == null ? null : fsAction.toString());
            this.auditEvent.setAclEnforcer(HadoopModuleName);
            this.auditEvent.setPolicyId(-1L);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerHdfsAuditHandler.logHadoopEvent(" + str + ", " + fsAction + ", " + z + "): " + this.auditEvent);
        }
    }

    public void flushAudit() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerHdfsAuditHandler.flushAudit(" + this.isAuditEnabled + ", " + this.auditEvent + ")");
        }
        if (this.isAuditEnabled && this.auditEvent != null && !StringUtils.isEmpty(this.auditEvent.getAccessType())) {
            String user = this.auditEvent.getUser();
            if (!(!(user == null || excludeUsers == null || !excludeUsers.contains(user)) || (this.auditOnlyIfDenied && this.auditEvent.getAccessResult() != 0))) {
                super.logAuthzAudit(this.auditEvent);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerHdfsAuditHandler.flushAudit(" + this.isAuditEnabled + ", " + this.auditEvent + ")");
        }
    }

    static {
        excludeUsers = null;
        if (excludeUserList == null || excludeUserList.trim().length() <= 0) {
            return;
        }
        excludeUsers = new HashSet<>();
        for (String str : excludeUserList.trim().split(",")) {
            String trim = str.trim();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Adding exclude user [" + trim + "]");
            }
            excludeUsers.add(trim);
        }
    }
}
