package org.apache.ranger.rest;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.cookie.ClientCookie;
import org.apache.ranger.admin.client.datatype.RESTResponse;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.biz.AssetMgr;
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.biz.ServiceMgr;
import org.apache.ranger.biz.TagDBStore;
import org.apache.ranger.biz.XUserMgr;
import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerSearchUtil;
import org.apache.ranger.common.RangerValidatorFactory;
import org.apache.ranger.common.ServiceUtil;
import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXPolicyExportAudit;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.validation.RangerValidator;
import org.apache.ranger.plugin.policyengine.RangerAccessResource;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngineCache;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
import org.apache.ranger.plugin.service.ResourceLookupContext;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.store.PList;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.RangerPerfTracer;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.security.web.filter.RangerCSRFPreventionFilter;
import org.apache.ranger.service.RangerPolicyService;
import org.apache.ranger.service.RangerServiceDefService;
import org.apache.ranger.service.RangerServiceService;
import org.apache.ranger.view.RangerPolicyList;
import org.apache.ranger.view.RangerServiceDefList;
import org.apache.ranger.view.RangerServiceList;
import org.apache.ranger.view.VXResponse;
import org.apache.ranger.view.VXString;
import org.eclipse.persistence.internal.xr.Util;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@Path("plugins")
@Scope("request")
@Transactional(propagation = Propagation.REQUIRES_NEW)
@Component
/* loaded from: input_file:WEB-INF/classes/org/apache/ranger/rest/ServiceREST.class */
public class ServiceREST {
    private static final Log LOG = LogFactory.getLog(ServiceREST.class);
    private static final Log PERF_LOG = RangerPerfTracer.getPerfLogger("rest.ServiceREST");
    public static final String PARAM_SERVICE_NAME = "serviceName";
    public static final String PARAM_POLICY_NAME = "policyName";
    public static final String PARAM_UPDATE_IF_EXISTS = "updateIfExists";
    public static final String Allowed_User_List_For_Download = "policy.download.auth.users";
    public static final String Allowed_User_List_For_Grant_Revoke = "policy.grantrevoke.auth.users";
    public static final String isCSRF_ENABLED = "ranger.rest-csrf.enabled";
    public static final String BROWSER_USER_AGENT_PARAM = "ranger.rest-csrf.browser-useragents-regex";
    public static final String CUSTOM_METHODS_TO_IGNORE_PARAM = "ranger.rest-csrf.methods-to-ignore";
    public static final String CUSTOM_HEADER_PARAM = "ranger.rest-csrf.custom-header";

    @Autowired
    RESTErrorUtil restErrorUtil;

    @Autowired
    ServiceMgr serviceMgr;

    @Autowired
    AssetMgr assetMgr;

    @Autowired
    XUserMgr userMgr;

    @Autowired
    ServiceDBStore svcStore;

    @Autowired
    ServiceUtil serviceUtil;

    @Autowired
    RangerPolicyService policyService;

    @Autowired
    RangerServiceService svcService;

    @Autowired
    RangerServiceDefService serviceDefService;

    @Autowired
    RangerSearchUtil searchUtil;

    @Autowired
    RangerBizUtil bizUtil;

    @Autowired
    GUIDUtil guidUtil;

    @Autowired
    RangerValidatorFactory validatorFactory;

    @Autowired
    RangerDaoManager daoManager;

    @Autowired
    TagDBStore tagStore;

    @Path("/definitions")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.createServiceDef\")")
    @POST
    @Produces({"application/json", "application/xml"})
    public RangerServiceDef createServiceDef(RangerServiceDef rangerServiceDef) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.createServiceDef(" + rangerServiceDef + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.createServiceDef(serviceDefName=" + rangerServiceDef.getName() + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
                this.validatorFactory.getServiceDefValidator(this.svcStore).validate(rangerServiceDef, RangerValidator.Action.CREATE);
                this.bizUtil.hasAdminPermissions("Service-Def");
                this.bizUtil.hasKMSPermissions("Service-Def", rangerServiceDef.getImplClass());
                RangerServiceDef createServiceDef = this.svcStore.createServiceDef(rangerServiceDef);
                RangerPerfTracer.log(rangerPerfTracer);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.createServiceDef(" + rangerServiceDef + "): " + createServiceDef);
                }
                return createServiceDef;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("createServiceDef(" + rangerServiceDef + ") failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @Path("/definitions/{id}")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.updateServiceDef\")")
    @Produces({"application/json", "application/xml"})
    @PUT
    public RangerServiceDef updateServiceDef(RangerServiceDef rangerServiceDef) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.updateServiceDef(serviceDefName=" + rangerServiceDef.getName() + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.updateServiceDef(" + rangerServiceDef.getName() + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
                this.validatorFactory.getServiceDefValidator(this.svcStore).validate(rangerServiceDef, RangerValidator.Action.UPDATE);
                this.bizUtil.hasAdminPermissions("Service-Def");
                this.bizUtil.hasKMSPermissions("Service-Def", rangerServiceDef.getImplClass());
                RangerServiceDef updateServiceDef = this.svcStore.updateServiceDef(rangerServiceDef);
                RangerPerfTracer.log(rangerPerfTracer);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.updateServiceDef(" + rangerServiceDef + "): " + updateServiceDef);
                }
                return updateServiceDef;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("updateServiceDef(" + rangerServiceDef + ") failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @Path("/definitions/{id}")
    @DELETE
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.deleteServiceDef\")")
    @Produces({"application/json", "application/xml"})
    public void deleteServiceDef(@PathParam("id") Long l, @Context HttpServletRequest httpServletRequest) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.deleteServiceDef(" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deleteServiceDef(serviceDefId=" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
                this.validatorFactory.getServiceDefValidator(this.svcStore).validate(l, RangerValidator.Action.DELETE);
                this.bizUtil.hasAdminPermissions("Service-Def");
                this.bizUtil.hasKMSPermissions("Service-Def", this.daoManager.getXXServiceDef().getById(l).getImplclassname());
                String parameter = httpServletRequest.getParameter("forceDelete");
                boolean z = false;
                if (!StringUtils.isEmpty(parameter) && parameter.equalsIgnoreCase("true")) {
                    z = true;
                }
                this.svcStore.deleteServiceDef(l, Boolean.valueOf(z));
                RangerPerfTracer.log(rangerPerfTracer);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.deleteServiceDef(" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("deleteServiceDef(" + l + ") failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @GET
    @Path("/definitions/{id}")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.getServiceDef\")")
    @Produces({"application/json", "application/xml"})
    public RangerServiceDef getServiceDef(@PathParam("id") Long l) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getServiceDef(" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServiceDef(serviceDefId=" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
                XXServiceDef byId = this.daoManager.getXXServiceDef().getById(l);
                if (!this.bizUtil.hasAccess(byId, null).booleanValue()) {
                    throw this.restErrorUtil.createRESTException("User is not allowed to access service-def, id: " + byId.getId(), MessageEnums.OPER_NO_PERMISSION);
                }
                RangerServiceDef serviceDef = this.svcStore.getServiceDef(l);
                RangerPerfTracer.log(rangerPerfTracer);
                if (serviceDef == null) {
                    throw this.restErrorUtil.createRESTException(404, "Not found", true);
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.getServiceDef(" + l + "): " + serviceDef);
                }
                return serviceDef;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("getServiceDef(" + l + ") failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(null);
            throw th2;
        }
    }

    @GET
    @Path("/definitions/name/{name}")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.getServiceDefByName\")")
    @Produces({"application/json", "application/xml"})
    public RangerServiceDef getServiceDefByName(@PathParam("name") String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getServiceDefByName(serviceDefName=" + str + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                try {
                    if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                        rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServiceDefByName(" + str + DefaultExpressionEngine.DEFAULT_INDEX_END);
                    }
                    XXServiceDef findByName = this.daoManager.getXXServiceDef().findByName(str);
                    if (findByName != null && !this.bizUtil.hasAccess(findByName, null).booleanValue()) {
                        throw this.restErrorUtil.createRESTException("User is not allowed to access service-def: " + findByName.getName(), MessageEnums.OPER_NO_PERMISSION);
                    }
                    RangerServiceDef serviceDefByName = this.svcStore.getServiceDefByName(str);
                    RangerPerfTracer.log(rangerPerfTracer);
                    if (serviceDefByName == null) {
                        throw this.restErrorUtil.createRESTException(404, "Not found", true);
                    }
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("<== ServiceREST.getServiceDefByName(" + str + "): " + serviceDefByName);
                    }
                    return serviceDefByName;
                } catch (Throwable th) {
                    LOG.error("getServiceDefByName(" + str + ") failed", th);
                    throw this.restErrorUtil.createRESTException(th.getMessage());
                }
            } catch (WebApplicationException e) {
                throw e;
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(null);
            throw th2;
        }
    }

    @GET
    @Path("/definitions")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.getServiceDefs\")")
    @Produces({"application/json", "application/xml"})
    public RangerServiceDefList getServiceDefs(@Context HttpServletRequest httpServletRequest) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getServiceDefs()");
        }
        RangerServiceDefList rangerServiceDefList = null;
        RangerPerfTracer rangerPerfTracer = null;
        SearchFilter searchFilter = this.searchUtil.getSearchFilter(httpServletRequest, this.serviceDefService.sortFields);
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServiceDefs()");
                }
                PList<RangerServiceDef> paginatedServiceDefs = this.svcStore.getPaginatedServiceDefs(searchFilter);
                if (paginatedServiceDefs != null) {
                    rangerServiceDefList = new RangerServiceDefList();
                    rangerServiceDefList.setServiceDefs(paginatedServiceDefs.getList());
                    rangerServiceDefList.setPageSize(paginatedServiceDefs.getPageSize());
                    rangerServiceDefList.setResultSize(paginatedServiceDefs.getResultSize());
                    rangerServiceDefList.setStartIndex(paginatedServiceDefs.getStartIndex());
                    rangerServiceDefList.setTotalCount(paginatedServiceDefs.getTotalCount());
                    rangerServiceDefList.setSortBy(paginatedServiceDefs.getSortBy());
                    rangerServiceDefList.setSortType(paginatedServiceDefs.getSortType());
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.getServiceDefs(): count=" + (rangerServiceDefList == null ? 0 : rangerServiceDefList.getListSize()));
                }
                return rangerServiceDefList;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("getServiceDefs() failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } finally {
            RangerPerfTracer.log(rangerPerfTracer);
        }
    }

    @Path("/services")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.createService\")")
    @POST
    @Produces({"application/json", "application/xml"})
    public RangerService createService(RangerService rangerService) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.createService(" + rangerService + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                try {
                    if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                        rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.createService(serviceName=" + rangerService.getName() + DefaultExpressionEngine.DEFAULT_INDEX_END);
                    }
                    this.validatorFactory.getServiceValidator(this.svcStore).validate(rangerService, RangerValidator.Action.CREATE);
                    UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
                    if (currentUserSession != null && !currentUserSession.isSpnegoEnabled().booleanValue()) {
                        this.bizUtil.hasAdminPermissions("Services");
                        this.bizUtil.hasKMSPermissions(Util.SERVICE_SUFFIX, this.daoManager.getXXServiceDef().findByName(rangerService.getType()).getImplclassname());
                    }
                    RangerService createService = this.svcStore.createService(rangerService);
                    RangerPerfTracer.log(rangerPerfTracer);
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("<== ServiceREST.createService(" + rangerService + "): " + createService);
                    }
                    return createService;
                } catch (Throwable th) {
                    LOG.error("createService(" + rangerService + ") failed", th);
                    throw this.restErrorUtil.createRESTException(th.getMessage());
                }
            } catch (WebApplicationException e) {
                throw e;
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @Path("/services/{id}")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.updateService\")")
    @Produces({"application/json", "application/xml"})
    @PUT
    public RangerService updateService(RangerService rangerService) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.updateService(): " + rangerService);
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.updateService(serviceName=" + rangerService.getName() + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
                this.validatorFactory.getServiceValidator(this.svcStore).validate(rangerService, RangerValidator.Action.UPDATE);
                this.bizUtil.hasAdminPermissions("Services");
                this.bizUtil.hasKMSPermissions(Util.SERVICE_SUFFIX, this.daoManager.getXXServiceDef().findByName(rangerService.getType()).getImplclassname());
                RangerService updateService = this.svcStore.updateService(rangerService);
                RangerPerfTracer.log(rangerPerfTracer);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.updateService(" + rangerService + "): " + updateService);
                }
                return updateService;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("updateService(" + rangerService + ") failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @Path("/services/{id}")
    @DELETE
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.deleteService\")")
    @Produces({"application/json", "application/xml"})
    public void deleteService(@PathParam("id") Long l) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.deleteService(" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deleteService(serviceId=" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
                this.validatorFactory.getServiceValidator(this.svcStore).validate(l, RangerValidator.Action.DELETE);
                this.bizUtil.hasAdminPermissions("Services");
                XXService byId = this.daoManager.getXXService().getById(l);
                if (byId.getType().equals(Long.valueOf(EmbeddedServiceDefsUtil.instance().getTagServiceDefId()))) {
                    List<XXService> findByTagServiceId = this.daoManager.getXXService().findByTagServiceId(l);
                    if (!CollectionUtils.isEmpty(findByTagServiceId)) {
                        HashSet hashSet = new HashSet();
                        Iterator<XXService> it = findByTagServiceId.iterator();
                        while (it.hasNext()) {
                            hashSet.add(it.next().getName());
                            if (hashSet.size() >= 10) {
                                break;
                            }
                        }
                        if (findByTagServiceId.size() > 10) {
                            throw this.restErrorUtil.createRESTException("Tag service '" + byId.getName() + "' is being referenced by " + findByTagServiceId.size() + " services: " + hashSet + " and more..", MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
                        }
                        throw this.restErrorUtil.createRESTException("Tag service '" + byId.getName() + "' is being referenced by " + findByTagServiceId.size() + " services: " + hashSet, MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
                    }
                }
                this.bizUtil.hasKMSPermissions(Util.SERVICE_SUFFIX, this.daoManager.getXXServiceDef().getById(byId.getType()).getImplclassname());
                this.tagStore.deleteAllTagObjectsForService(byId.getName());
                this.svcStore.deleteService(l);
                RangerPerfTracer.log(rangerPerfTracer);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.deleteService(" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("deleteService(" + l + ") failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(null);
            throw th2;
        }
    }

    @GET
    @Path("/services/{id}")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.getService\")")
    @Produces({"application/json", "application/xml"})
    public RangerService getService(@PathParam("id") Long l) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getService(" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getService(serviceId=" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
                RangerService service = this.svcStore.getService(l);
                RangerPerfTracer.log(rangerPerfTracer);
                if (service == null) {
                    throw this.restErrorUtil.createRESTException(404, "Not found", true);
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.getService(" + l + "): " + service);
                }
                return service;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("getService(" + l + ") failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @GET
    @Path("/services/name/{name}")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.getServiceByName\")")
    @Produces({"application/json", "application/xml"})
    public RangerService getServiceByName(@PathParam("name") String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getServiceByName(" + str + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getService(serviceName=" + str + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
                RangerService serviceByName = this.svcStore.getServiceByName(str);
                RangerPerfTracer.log(rangerPerfTracer);
                if (serviceByName == null) {
                    throw this.restErrorUtil.createRESTException(404, "Not found", true);
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.getServiceByName(" + str + "): " + serviceByName);
                }
                return serviceByName;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("getServiceByName(" + str + ") failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @GET
    @Path("/services")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.getServices\")")
    @Produces({"application/json", "application/xml"})
    public RangerServiceList getServices(@Context HttpServletRequest httpServletRequest) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getServices()");
        }
        RangerServiceList rangerServiceList = null;
        RangerPerfTracer rangerPerfTracer = null;
        SearchFilter searchFilter = this.searchUtil.getSearchFilter(httpServletRequest, this.svcService.sortFields);
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServices()");
                }
                PList<RangerService> paginatedServices = this.svcStore.getPaginatedServices(searchFilter);
                if (paginatedServices != null) {
                    rangerServiceList = new RangerServiceList();
                    rangerServiceList.setServices(paginatedServices.getList());
                    rangerServiceList.setPageSize(paginatedServices.getPageSize());
                    rangerServiceList.setResultSize(paginatedServices.getResultSize());
                    rangerServiceList.setStartIndex(paginatedServices.getStartIndex());
                    rangerServiceList.setTotalCount(paginatedServices.getTotalCount());
                    rangerServiceList.setSortBy(paginatedServices.getSortBy());
                    rangerServiceList.setSortType(paginatedServices.getSortType());
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.getServices(): count=" + (rangerServiceList == null ? 0 : rangerServiceList.getListSize()));
                }
                return rangerServiceList;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("getServices() failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } finally {
            RangerPerfTracer.log(rangerPerfTracer);
        }
    }

    public List<RangerService> getServices(SearchFilter searchFilter) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getServices():");
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServices()");
                }
                List<RangerService> services = this.svcStore.getServices(searchFilter);
                RangerPerfTracer.log(rangerPerfTracer);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.getServices(): count=" + (services == null ? 0 : services.size()));
                }
                return services;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("getServices() failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @GET
    @Path("/services/count")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.countServices\")")
    @Produces({"application/json", "application/xml"})
    public Long countServices(@Context HttpServletRequest httpServletRequest) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.countServices():");
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                try {
                    if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                        rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.countService()");
                    }
                    Long valueOf = Long.valueOf(getServices(httpServletRequest).getServices() == null ? 0L : r0.size());
                    RangerPerfTracer.log(rangerPerfTracer);
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("<== ServiceREST.countServices(): " + valueOf);
                    }
                    return valueOf;
                } catch (WebApplicationException e) {
                    throw e;
                }
            } catch (Throwable th) {
                LOG.error("countServices() failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @Path("/services/validateConfig")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.validateConfig\")")
    @POST
    @Produces({"application/json", "application/xml"})
    public VXResponse validateConfig(RangerService rangerService) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.validateConfig(" + rangerService + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        new VXResponse();
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.validateConfig(serviceName=" + rangerService.getName() + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
                VXResponse validateConfig = this.serviceMgr.validateConfig(rangerService, this.svcStore);
                RangerPerfTracer.log(rangerPerfTracer);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.validateConfig(" + rangerService + "): " + validateConfig);
                }
                return validateConfig;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("validateConfig(" + rangerService + ") failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @Path("/services/lookupResource/{serviceName}")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.lookupResource\")")
    @POST
    @Produces({"application/json", "application/xml"})
    public List<String> lookupResource(@PathParam("serviceName") String str, ResourceLookupContext resourceLookupContext) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.lookupResource(" + str + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        new ArrayList();
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.lookupResource(serviceName=" + str + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
                List<String> lookupResource = this.serviceMgr.lookupResource(str, resourceLookupContext, this.svcStore);
                RangerPerfTracer.log(rangerPerfTracer);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.lookupResource(" + str + "): " + lookupResource);
                }
                return lookupResource;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("lookupResource(" + str + ", " + resourceLookupContext + ") failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @POST
    @Produces({"application/json", "application/xml"})
    @Path("/services/grant/{serviceName}")
    public RESTResponse grantAccess(@PathParam("serviceName") String str, GrantRevokeRequest grantRevokeRequest, @Context HttpServletRequest httpServletRequest) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.grantAccess(" + str + ", " + grantRevokeRequest + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RESTResponse rESTResponse = new RESTResponse();
        try {
            if (this.serviceUtil.isValidateHttpsAuthentication(str, httpServletRequest)) {
                try {
                    RangerPerfTracer perfTracer = RangerPerfTracer.isPerfTraceEnabled(PERF_LOG) ? RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.grantAccess(serviceName=" + str + DefaultExpressionEngine.DEFAULT_INDEX_END) : null;
                    String grantor = grantRevokeRequest.getGrantor();
                    Set<String> groupsForUser = this.userMgr.getGroupsForUser(grantor);
                    RangerAccessResourceImpl rangerAccessResourceImpl = new RangerAccessResourceImpl(grantRevokeRequest.getResource());
                    if (!hasAdminAccess(str, grantor, groupsForUser, rangerAccessResourceImpl)) {
                        throw this.restErrorUtil.createGrantRevokeRESTException("User doesn't have necessary permission to grant access");
                    }
                    RangerPolicy exactMatchPolicyForResource = getExactMatchPolicyForResource(str, rangerAccessResourceImpl);
                    if (exactMatchPolicyForResource == null) {
                        RangerPolicy rangerPolicy = new RangerPolicy();
                        rangerPolicy.setService(str);
                        rangerPolicy.setName("grant-" + System.currentTimeMillis());
                        rangerPolicy.setDescription("created by grant");
                        rangerPolicy.setIsAuditEnabled(grantRevokeRequest.getEnableAudit());
                        rangerPolicy.setCreatedBy(grantor);
                        HashMap hashMap = new HashMap();
                        Set<String> keys = rangerAccessResourceImpl.getKeys();
                        if (!CollectionUtils.isEmpty(keys)) {
                            for (String str2 : keys) {
                                RangerPolicy.RangerPolicyResource rangerPolicyResource = new RangerPolicy.RangerPolicyResource(rangerAccessResourceImpl.getValue(str2));
                                rangerPolicyResource.setIsRecursive(grantRevokeRequest.getIsRecursive());
                                hashMap.put(str2, rangerPolicyResource);
                            }
                        }
                        rangerPolicy.setResources(hashMap);
                        RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
                        rangerPolicyItem.setDelegateAdmin(grantRevokeRequest.getDelegateAdmin());
                        rangerPolicyItem.getUsers().addAll(grantRevokeRequest.getUsers());
                        rangerPolicyItem.getGroups().addAll(grantRevokeRequest.getGroups());
                        Iterator<String> it = grantRevokeRequest.getAccessTypes().iterator();
                        while (it.hasNext()) {
                            rangerPolicyItem.getAccesses().add(new RangerPolicy.RangerPolicyItemAccess(it.next(), Boolean.TRUE));
                        }
                        rangerPolicy.getPolicyItems().add(rangerPolicyItem);
                        this.svcStore.createPolicy(rangerPolicy);
                    } else {
                        if (!ServiceRESTUtil.processGrantRequest(exactMatchPolicyForResource, grantRevokeRequest)) {
                            LOG.error("processGrantRequest processing failed");
                            throw new Exception("processGrantRequest processing failed");
                        }
                        this.svcStore.updatePolicy(exactMatchPolicyForResource);
                    }
                    perfTracer = perfTracer;
                    rESTResponse.setStatusCode(0);
                } catch (WebApplicationException e) {
                    throw e;
                } catch (Throwable th) {
                    LOG.error("grantAccess(" + str + ", " + grantRevokeRequest + ") failed", th);
                    throw this.restErrorUtil.createRESTException(th.getMessage());
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== ServiceREST.grantAccess(" + str + ", " + grantRevokeRequest + "): " + rESTResponse);
            }
            return rESTResponse;
        } finally {
            RangerPerfTracer.log(null);
        }
    }

    @POST
    @Produces({"application/json", "application/xml"})
    @Path("/secure/services/grant/{serviceName}")
    public RESTResponse secureGrantAccess(@PathParam("serviceName") String str, GrantRevokeRequest grantRevokeRequest, @Context HttpServletRequest httpServletRequest) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.secureGrantAccess(" + str + ", " + grantRevokeRequest + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RESTResponse rESTResponse = new RESTResponse();
        boolean isKeyAdmin = this.bizUtil.isKeyAdmin();
        try {
            if (this.serviceUtil.isValidateHttpsAuthentication(str, httpServletRequest)) {
                try {
                    RangerPerfTracer perfTracer = RangerPerfTracer.isPerfTraceEnabled(PERF_LOG) ? RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.scureGrantAccess(serviceName=" + str + DefaultExpressionEngine.DEFAULT_INDEX_END) : null;
                    String grantor = grantRevokeRequest.getGrantor();
                    Set<String> groupsForUser = this.userMgr.getGroupsForUser(grantor);
                    RangerAccessResourceImpl rangerAccessResourceImpl = new RangerAccessResourceImpl(grantRevokeRequest.getResource());
                    boolean hasAdminAccess = hasAdminAccess(str, grantor, groupsForUser, rangerAccessResourceImpl);
                    XXServiceDef byId = this.daoManager.getXXServiceDef().getById(this.daoManager.getXXService().findByName(str).getType());
                    RangerService serviceByName = this.svcStore.getServiceByName(str);
                    if (!(StringUtils.equals(byId.getImplclassname(), EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME) ? isKeyAdmin ? true : this.bizUtil.isUserAllowedForGrantRevoke(serviceByName, Allowed_User_List_For_Grant_Revoke, grantor) : hasAdminAccess ? true : this.bizUtil.isUserAllowedForGrantRevoke(serviceByName, Allowed_User_List_For_Grant_Revoke, grantor))) {
                        LOG.error("secureGrantAccess(" + str + ", " + grantRevokeRequest + ") failed as User doesn't have permission to grant Policy");
                        throw this.restErrorUtil.createGrantRevokeRESTException("User doesn't have necessary permission to grant access");
                    }
                    RangerPolicy exactMatchPolicyForResource = getExactMatchPolicyForResource(str, rangerAccessResourceImpl);
                    if (exactMatchPolicyForResource == null) {
                        RangerPolicy rangerPolicy = new RangerPolicy();
                        rangerPolicy.setService(str);
                        rangerPolicy.setName("grant-" + System.currentTimeMillis());
                        rangerPolicy.setDescription("created by grant");
                        rangerPolicy.setIsAuditEnabled(grantRevokeRequest.getEnableAudit());
                        rangerPolicy.setCreatedBy(grantor);
                        HashMap hashMap = new HashMap();
                        Set<String> keys = rangerAccessResourceImpl.getKeys();
                        if (!CollectionUtils.isEmpty(keys)) {
                            for (String str2 : keys) {
                                RangerPolicy.RangerPolicyResource rangerPolicyResource = new RangerPolicy.RangerPolicyResource(rangerAccessResourceImpl.getValue(str2));
                                rangerPolicyResource.setIsRecursive(grantRevokeRequest.getIsRecursive());
                                hashMap.put(str2, rangerPolicyResource);
                            }
                        }
                        rangerPolicy.setResources(hashMap);
                        RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
                        rangerPolicyItem.setDelegateAdmin(grantRevokeRequest.getDelegateAdmin());
                        rangerPolicyItem.getUsers().addAll(grantRevokeRequest.getUsers());
                        rangerPolicyItem.getGroups().addAll(grantRevokeRequest.getGroups());
                        Iterator<String> it = grantRevokeRequest.getAccessTypes().iterator();
                        while (it.hasNext()) {
                            rangerPolicyItem.getAccesses().add(new RangerPolicy.RangerPolicyItemAccess(it.next(), Boolean.TRUE));
                        }
                        rangerPolicy.getPolicyItems().add(rangerPolicyItem);
                        this.svcStore.createPolicy(rangerPolicy);
                    } else {
                        if (!ServiceRESTUtil.processGrantRequest(exactMatchPolicyForResource, grantRevokeRequest)) {
                            LOG.error("processSecureGrantRequest processing failed");
                            throw new Exception("processSecureGrantRequest processing failed");
                        }
                        this.svcStore.updatePolicy(exactMatchPolicyForResource);
                    }
                    perfTracer = perfTracer;
                    rESTResponse.setStatusCode(0);
                } catch (WebApplicationException e) {
                    throw e;
                } catch (Throwable th) {
                    LOG.error("secureGrantAccess(" + str + ", " + grantRevokeRequest + ") failed", th);
                    throw this.restErrorUtil.createRESTException(th.getMessage());
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== ServiceREST.secureGrantAccess(" + str + ", " + grantRevokeRequest + "): " + rESTResponse);
            }
            return rESTResponse;
        } finally {
            RangerPerfTracer.log(null);
        }
    }

    @POST
    @Produces({"application/json", "application/xml"})
    @Path("/services/revoke/{serviceName}")
    public RESTResponse revokeAccess(@PathParam("serviceName") String str, GrantRevokeRequest grantRevokeRequest, @Context HttpServletRequest httpServletRequest) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.revokeAccess(" + str + ", " + grantRevokeRequest + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RESTResponse rESTResponse = new RESTResponse();
        RangerPerfTracer rangerPerfTracer = null;
        try {
            if (this.serviceUtil.isValidateHttpsAuthentication(str, httpServletRequest)) {
                try {
                    if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                        rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.revokeAccess(serviceName=" + str + DefaultExpressionEngine.DEFAULT_INDEX_END);
                    }
                    String grantor = grantRevokeRequest.getGrantor();
                    Set<String> groupsForUser = this.userMgr.getGroupsForUser(grantor);
                    RangerAccessResourceImpl rangerAccessResourceImpl = new RangerAccessResourceImpl(grantRevokeRequest.getResource());
                    if (!hasAdminAccess(str, grantor, groupsForUser, rangerAccessResourceImpl)) {
                        throw this.restErrorUtil.createGrantRevokeRESTException("User doesn't have necessary permission to revoke access");
                    }
                    RangerPolicy exactMatchPolicyForResource = getExactMatchPolicyForResource(str, rangerAccessResourceImpl);
                    if (exactMatchPolicyForResource != null) {
                        if (!ServiceRESTUtil.processRevokeRequest(exactMatchPolicyForResource, grantRevokeRequest)) {
                            LOG.error("processRevokeRequest processing failed");
                            throw new Exception("processRevokeRequest processing failed");
                        }
                        this.svcStore.updatePolicy(exactMatchPolicyForResource);
                    }
                    rangerPerfTracer = rangerPerfTracer;
                    rESTResponse.setStatusCode(0);
                } catch (WebApplicationException e) {
                    throw e;
                } catch (Throwable th) {
                    LOG.error("revokeAccess(" + str + ", " + grantRevokeRequest + ") failed", th);
                    throw this.restErrorUtil.createRESTException(th.getMessage());
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== ServiceREST.revokeAccess(" + str + ", " + grantRevokeRequest + "): " + rESTResponse);
            }
            return rESTResponse;
        } finally {
            RangerPerfTracer.log(null);
        }
    }

    @POST
    @Produces({"application/json", "application/xml"})
    @Path("/secure/services/revoke/{serviceName}")
    public RESTResponse secureRevokeAccess(@PathParam("serviceName") String str, GrantRevokeRequest grantRevokeRequest, @Context HttpServletRequest httpServletRequest) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.secureRevokeAccess(" + str + ", " + grantRevokeRequest + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RESTResponse rESTResponse = new RESTResponse();
        RangerPerfTracer rangerPerfTracer = null;
        try {
            if (this.serviceUtil.isValidateHttpsAuthentication(str, httpServletRequest)) {
                try {
                    if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                        rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.secureRevokeAccess(serviceName=" + str + DefaultExpressionEngine.DEFAULT_INDEX_END);
                    }
                    String grantor = grantRevokeRequest.getGrantor();
                    Set<String> groupsForUser = this.userMgr.getGroupsForUser(grantor);
                    RangerAccessResourceImpl rangerAccessResourceImpl = new RangerAccessResourceImpl(grantRevokeRequest.getResource());
                    boolean hasAdminAccess = hasAdminAccess(str, grantor, groupsForUser, rangerAccessResourceImpl);
                    boolean isKeyAdmin = this.bizUtil.isKeyAdmin();
                    XXServiceDef byId = this.daoManager.getXXServiceDef().getById(this.daoManager.getXXService().findByName(str).getType());
                    RangerService serviceByName = this.svcStore.getServiceByName(str);
                    if (!(StringUtils.equals(byId.getImplclassname(), EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME) ? isKeyAdmin ? true : this.bizUtil.isUserAllowedForGrantRevoke(serviceByName, Allowed_User_List_For_Grant_Revoke, grantor) : hasAdminAccess ? true : this.bizUtil.isUserAllowedForGrantRevoke(serviceByName, Allowed_User_List_For_Grant_Revoke, grantor))) {
                        LOG.error("secureRevokeAccess(" + str + ", " + grantRevokeRequest + ") failed as User doesn't have permission to revoke Policy");
                        throw this.restErrorUtil.createGrantRevokeRESTException("User doesn't have necessary permission to revoke access");
                    }
                    RangerPolicy exactMatchPolicyForResource = getExactMatchPolicyForResource(str, rangerAccessResourceImpl);
                    if (exactMatchPolicyForResource != null) {
                        if (!ServiceRESTUtil.processRevokeRequest(exactMatchPolicyForResource, grantRevokeRequest)) {
                            LOG.error("processSecureRevokeRequest processing failed");
                            throw new Exception("processSecureRevokeRequest processing failed");
                        }
                        this.svcStore.updatePolicy(exactMatchPolicyForResource);
                    }
                    rangerPerfTracer = rangerPerfTracer;
                    rESTResponse.setStatusCode(0);
                } catch (WebApplicationException e) {
                    throw e;
                } catch (Throwable th) {
                    LOG.error("secureRevokeAccess(" + str + ", " + grantRevokeRequest + ") failed", th);
                    throw this.restErrorUtil.createRESTException(th.getMessage());
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== ServiceREST.secureRevokeAccess(" + str + ", " + grantRevokeRequest + "): " + rESTResponse);
            }
            return rESTResponse;
        } finally {
            RangerPerfTracer.log(null);
        }
    }

    /* JADX WARN: Finally extract failed */
    @POST
    @Produces({"application/json", "application/xml"})
    @Path("/policies")
    public RangerPolicy createPolicy(RangerPolicy rangerPolicy, @Context HttpServletRequest httpServletRequest) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.createPolicy(" + rangerPolicy + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RangerPolicy rangerPolicy2 = null;
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                try {
                    if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                        rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.createPolicy(policyName=" + rangerPolicy.getName() + DefaultExpressionEngine.DEFAULT_INDEX_END);
                    }
                    if (httpServletRequest != null) {
                        String parameter = httpServletRequest.getParameter("serviceName");
                        String parameter2 = httpServletRequest.getParameter("policyName");
                        String parameter3 = httpServletRequest.getParameter(PARAM_UPDATE_IF_EXISTS);
                        if (StringUtils.isNotEmpty(parameter)) {
                            rangerPolicy.setService(parameter);
                        }
                        if (StringUtils.isNotEmpty(parameter2)) {
                            rangerPolicy.setName(StringUtils.trim(parameter2));
                        }
                        if (Boolean.valueOf(parameter3).booleanValue()) {
                            RangerPolicy rangerPolicy3 = null;
                            try {
                                if (StringUtils.isNotEmpty(rangerPolicy.getGuid())) {
                                    rangerPolicy3 = getPolicyByGuid(rangerPolicy.getGuid());
                                }
                                if (rangerPolicy3 == null && StringUtils.isNotEmpty(parameter) && StringUtils.isNotEmpty(parameter2)) {
                                    rangerPolicy3 = getPolicyByName(rangerPolicy.getService(), rangerPolicy.getName());
                                }
                                if (rangerPolicy3 != null) {
                                    rangerPolicy2 = updatePolicy(rangerPolicy);
                                }
                            } catch (Exception e) {
                                LOG.info("ServiceREST.createPolicy(): Failed to find/update exising policy, will attempt to create the policy", e);
                            }
                        }
                    }
                    if (rangerPolicy2 == null) {
                        if (StringUtils.isBlank(rangerPolicy.getName())) {
                            String guid = rangerPolicy.getGuid();
                            if (StringUtils.isBlank(guid)) {
                                guid = this.guidUtil.genGUID();
                                rangerPolicy.setGuid(guid);
                                if (LOG.isDebugEnabled()) {
                                    LOG.debug("No GUID supplied on the policy!  Ok, setting GUID to [" + guid + "].");
                                }
                            }
                            String str = rangerPolicy.getService() + "-" + guid;
                            rangerPolicy.setName(str);
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("Policy did not have its name set!  Ok, setting name to [" + str + "]");
                            }
                        }
                        this.validatorFactory.getPolicyValidator(this.svcStore).validate(rangerPolicy, RangerValidator.Action.CREATE, this.bizUtil.isAdmin());
                        ensureAdminAccess(rangerPolicy.getService(), rangerPolicy.getResources());
                        rangerPolicy2 = this.svcStore.createPolicy(rangerPolicy);
                    }
                    RangerPerfTracer.log(rangerPerfTracer);
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("<== ServiceREST.createPolicy(" + rangerPolicy + "): " + rangerPolicy2);
                    }
                    return rangerPolicy2;
                } catch (Throwable th) {
                    LOG.error("createPolicy(" + rangerPolicy + ") failed", th);
                    throw this.restErrorUtil.createRESTException(th.getMessage());
                }
            } catch (WebApplicationException e2) {
                throw e2;
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @POST
    @Produces({"application/json", "application/xml"})
    @Path("/policies/apply")
    public RangerPolicy applyPolicy(RangerPolicy rangerPolicy) {
        RangerPolicy updatePolicy;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.applyPolicy(" + rangerPolicy + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        if (rangerPolicy == null || !StringUtils.isNotBlank(rangerPolicy.getService())) {
            throw this.restErrorUtil.createRESTException("Non-existing service specified:");
        }
        try {
            if (ServiceRESTUtil.containsRangerCondition(rangerPolicy)) {
                LOG.error("Applied policy contains condition(s); not supported:" + rangerPolicy);
                throw new Exception("Applied policy contains condition(s); not supported:" + rangerPolicy);
            }
            RangerPolicy exactMatchPolicyForResource = getExactMatchPolicyForResource(rangerPolicy.getService(), rangerPolicy.getResources());
            if (exactMatchPolicyForResource == null) {
                updatePolicy = createPolicy(rangerPolicy, null);
            } else {
                ServiceRESTUtil.processApplyPolicy(exactMatchPolicyForResource, rangerPolicy);
                updatePolicy = updatePolicy(exactMatchPolicyForResource);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== ServiceREST.applyPolicy(" + rangerPolicy + ") : " + updatePolicy);
            }
            return updatePolicy;
        } catch (WebApplicationException e) {
            throw e;
        } catch (Exception e2) {
            LOG.error("Failed to apply policy:", e2);
            throw this.restErrorUtil.createRESTException(e2.getMessage());
        }
    }

    @Produces({"application/json", "application/xml"})
    @Path("/policies/{id}")
    @PUT
    public RangerPolicy updatePolicy(RangerPolicy rangerPolicy) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.updatePolicy(" + rangerPolicy + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.updatePolicy(policyId=" + rangerPolicy.getId() + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
                this.validatorFactory.getPolicyValidator(this.svcStore).validate(rangerPolicy, RangerValidator.Action.UPDATE, this.bizUtil.isAdmin());
                ensureAdminAccess(rangerPolicy.getService(), rangerPolicy.getResources());
                RangerPolicy updatePolicy = this.svcStore.updatePolicy(rangerPolicy);
                RangerPerfTracer.log(rangerPerfTracer);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.updatePolicy(" + rangerPolicy + "): " + updatePolicy);
                }
                return updatePolicy;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("updatePolicy(" + rangerPolicy + ") failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @Produces({"application/json", "application/xml"})
    @Path("/policies/{id}")
    @DELETE
    public void deletePolicy(@PathParam("id") Long l) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.deletePolicy(" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                try {
                    if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                        rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deletePolicy(policyId=" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
                    }
                    this.validatorFactory.getPolicyValidator(this.svcStore).validate(l, RangerValidator.Action.DELETE);
                    RangerPolicy policy = this.svcStore.getPolicy(l);
                    ensureAdminAccess(policy.getService(), policy.getResources());
                    this.svcStore.deletePolicy(l);
                    RangerPerfTracer.log(rangerPerfTracer);
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("<== ServiceREST.deletePolicy(" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
                    }
                } catch (WebApplicationException e) {
                    throw e;
                }
            } catch (Throwable th) {
                LOG.error("deletePolicy(" + l + ") failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @GET
    @Produces({"application/json", "application/xml"})
    @Path("/policies/{id}")
    public RangerPolicy getPolicy(@PathParam("id") Long l) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getPolicy(" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                try {
                    if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                        rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicy(policyId=" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
                    }
                    RangerPolicy policy = this.svcStore.getPolicy(l);
                    if (policy != null) {
                        ensureAdminAccess(policy.getService(), policy.getResources());
                    }
                    if (policy == null) {
                        throw this.restErrorUtil.createRESTException(404, "Not found", true);
                    }
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("<== ServiceREST.getPolicy(" + l + "): " + policy);
                    }
                    return policy;
                } catch (Throwable th) {
                    LOG.error("getPolicy(" + l + ") failed", th);
                    throw this.restErrorUtil.createRESTException(th.getMessage());
                }
            } catch (WebApplicationException e) {
                throw e;
            }
        } finally {
            RangerPerfTracer.log(rangerPerfTracer);
        }
    }

    @GET
    @Produces({"application/json", "application/xml"})
    @Path("/policies")
    public RangerPolicyList getPolicies(@Context HttpServletRequest httpServletRequest) {
        RangerPolicyList rangerPolicyList;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getPolicies()");
        }
        new RangerPolicyList();
        RangerPerfTracer rangerPerfTracer = null;
        SearchFilter searchFilter = this.searchUtil.getSearchFilter(httpServletRequest, this.policyService.sortFields);
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicies()");
                }
                if (isAdminUserWithNoFilterParams(searchFilter)) {
                    rangerPolicyList = toRangerPolicyList(this.svcStore.getPaginatedPolicies(searchFilter));
                } else {
                    int startIndex = searchFilter == null ? 0 : searchFilter.getStartIndex();
                    int maxRows = searchFilter == null ? Integer.MAX_VALUE : searchFilter.getMaxRows();
                    if (searchFilter != null) {
                        searchFilter.setStartIndex(0);
                        searchFilter.setMaxRows(Integer.MAX_VALUE);
                    }
                    List<RangerPolicy> policies = this.svcStore.getPolicies(searchFilter);
                    if (searchFilter != null) {
                        searchFilter.setStartIndex(startIndex);
                        searchFilter.setMaxRows(maxRows);
                    }
                    rangerPolicyList = toRangerPolicyList(applyAdminAccessFilter(policies), searchFilter);
                }
                rangerPerfTracer = rangerPerfTracer;
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.getPolicies(): count=" + (rangerPolicyList == null ? 0 : rangerPolicyList.getListSize()));
                }
                return rangerPolicyList;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("getPolicies() failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } finally {
            RangerPerfTracer.log(null);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @GET
    @Produces({"application/ms-excel"})
    @Path("/policies/downloadExcel")
    public void getPoliciesInExcel(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getPoliciesInExcel()");
        }
        RangerPerfTracer rangerPerfTracer = null;
        SearchFilter searchFilter = this.searchUtil.getSearchFilter(httpServletRequest, this.policyService.sortFields);
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPoliciesInExcel()");
                }
                List arrayList = new ArrayList();
                if (searchFilter != null) {
                    searchFilter.setStartIndex(0);
                    searchFilter.setMaxRows(Integer.MAX_VALUE);
                    arrayList = this.svcStore.getPoliciesForReports(searchFilter);
                }
                this.svcStore.getPoliciesInExcel(arrayList, httpServletResponse);
                RangerPerfTracer.log(rangerPerfTracer);
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("Error while downloading policy report", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @GET
    @Produces({"text/csv"})
    @Path("/policies/csv")
    public void getPoliciesInCsv(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getPoliciesInCsv()");
        }
        RangerPerfTracer rangerPerfTracer = null;
        SearchFilter searchFilter = this.searchUtil.getSearchFilter(httpServletRequest, this.policyService.sortFields);
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPoliciesInCsv()");
                }
                List arrayList = new ArrayList();
                if (searchFilter != null) {
                    searchFilter.setStartIndex(0);
                    searchFilter.setMaxRows(Integer.MAX_VALUE);
                    arrayList = this.svcStore.getPoliciesForReports(searchFilter);
                }
                this.svcStore.getPoliciesInCSV(arrayList, httpServletResponse);
                RangerPerfTracer.log(rangerPerfTracer);
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("Error while downloading policy report", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    public List<RangerPolicy> getPolicies(SearchFilter searchFilter) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getPolicies(filter)");
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                try {
                    if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                        rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicies()");
                    }
                    List<RangerPolicy> applyAdminAccessFilter = applyAdminAccessFilter(this.svcStore.getPolicies(searchFilter));
                    RangerPerfTracer.log(rangerPerfTracer);
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("<== ServiceREST.getPolicies(filter): count=" + (applyAdminAccessFilter == null ? 0 : applyAdminAccessFilter.size()));
                    }
                    return applyAdminAccessFilter;
                } catch (WebApplicationException e) {
                    throw e;
                }
            } catch (Throwable th) {
                LOG.error("getPolicies() failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @GET
    @Produces({"application/json", "application/xml"})
    @Path("/policies/count")
    public Long countPolicies(@Context HttpServletRequest httpServletRequest) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.countPolicies():");
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.countPolicies()");
                }
                Long valueOf = Long.valueOf(applyAdminAccessFilter(getPolicies(httpServletRequest).getPolicies()) == null ? 0L : r0.size());
                RangerPerfTracer.log(rangerPerfTracer);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.countPolicies(): " + valueOf);
                }
                return valueOf;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("countPolicies() failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } catch (Throwable th2) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th2;
        }
    }

    @GET
    @Produces({"application/json", "application/xml"})
    @Path("/policies/service/{id}")
    public RangerPolicyList getServicePolicies(@PathParam("id") Long l, @Context HttpServletRequest httpServletRequest) {
        RangerPolicyList rangerPolicyList;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getServicePolicies(" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        new RangerPolicyList();
        RangerPerfTracer rangerPerfTracer = null;
        SearchFilter searchFilter = this.searchUtil.getSearchFilter(httpServletRequest, this.policyService.sortFields);
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePolicies(serviceId=" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
                if (isAdminUserWithNoFilterParams(searchFilter)) {
                    rangerPolicyList = toRangerPolicyList(this.svcStore.getPaginatedServicePolicies(l, searchFilter));
                } else {
                    int startIndex = searchFilter == null ? 0 : searchFilter.getStartIndex();
                    int maxRows = searchFilter == null ? Integer.MAX_VALUE : searchFilter.getMaxRows();
                    if (searchFilter != null) {
                        searchFilter.setStartIndex(0);
                        searchFilter.setMaxRows(Integer.MAX_VALUE);
                    }
                    List<RangerPolicy> servicePolicies = this.svcStore.getServicePolicies(l, searchFilter);
                    if (searchFilter != null) {
                        searchFilter.setStartIndex(startIndex);
                        searchFilter.setMaxRows(maxRows);
                    }
                    rangerPolicyList = toRangerPolicyList(applyAdminAccessFilter(servicePolicies), searchFilter);
                }
                rangerPerfTracer = rangerPerfTracer;
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.getServicePolicies(" + l + "): count=" + (rangerPolicyList == null ? 0 : rangerPolicyList.getListSize()));
                }
                return rangerPolicyList;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("getServicePolicies(" + l + ") failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } finally {
            RangerPerfTracer.log(null);
        }
    }

    @GET
    @Produces({"application/json", "application/xml"})
    @Path("/policies/service/name/{name}")
    public RangerPolicyList getServicePoliciesByName(@PathParam("name") String str, @Context HttpServletRequest httpServletRequest) {
        RangerPolicyList rangerPolicyList;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getServicePolicies(" + str + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        new RangerPolicyList();
        RangerPerfTracer rangerPerfTracer = null;
        SearchFilter searchFilter = this.searchUtil.getSearchFilter(httpServletRequest, this.policyService.sortFields);
        try {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePolicies(serviceName=" + str + DefaultExpressionEngine.DEFAULT_INDEX_END);
                }
                if (isAdminUserWithNoFilterParams(searchFilter)) {
                    rangerPolicyList = toRangerPolicyList(this.svcStore.getPaginatedServicePolicies(str, searchFilter));
                } else {
                    int startIndex = searchFilter == null ? 0 : searchFilter.getStartIndex();
                    int maxRows = searchFilter == null ? Integer.MAX_VALUE : searchFilter.getMaxRows();
                    if (searchFilter != null) {
                        searchFilter.setStartIndex(0);
                        searchFilter.setMaxRows(Integer.MAX_VALUE);
                    }
                    List<RangerPolicy> servicePolicies = this.svcStore.getServicePolicies(str, searchFilter);
                    if (searchFilter != null) {
                        searchFilter.setStartIndex(startIndex);
                        searchFilter.setMaxRows(maxRows);
                    }
                    rangerPolicyList = toRangerPolicyList(applyAdminAccessFilter(servicePolicies), searchFilter);
                }
                rangerPerfTracer = rangerPerfTracer;
                if (LOG.isDebugEnabled()) {
                    LOG.debug("<== ServiceREST.getServicePolicies(" + str + "): count=" + (rangerPolicyList == null ? 0 : rangerPolicyList.getListSize()));
                }
                return rangerPolicyList;
            } catch (WebApplicationException e) {
                throw e;
            } catch (Throwable th) {
                LOG.error("getServicePolicies(" + str + ") failed", th);
                throw this.restErrorUtil.createRESTException(th.getMessage());
            }
        } finally {
            RangerPerfTracer.log(null);
        }
    }

    @GET
    @Produces({"application/json", "application/xml"})
    @Path("/policies/download/{serviceName}")
    public ServicePolicies getServicePoliciesIfUpdated(@PathParam("serviceName") String str, @QueryParam("lastKnownVersion") Long l, @QueryParam("pluginId") String str2, @Context HttpServletRequest httpServletRequest) throws Exception {
        String message;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getServicePoliciesIfUpdated(" + str + ", " + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        ServicePolicies servicePolicies = null;
        int i = 200;
        RangerPerfTracer rangerPerfTracer = null;
        if (this.serviceUtil.isValidateHttpsAuthentication(str, httpServletRequest)) {
            if (l == null) {
                l = -1L;
            }
            try {
                try {
                    if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                        rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePoliciesIfUpdated(serviceName=" + str + ",lastKnownVersion=" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
                    }
                    ServicePolicies servicePoliciesIfUpdated = this.svcStore.getServicePoliciesIfUpdated(str, l);
                    if (servicePoliciesIfUpdated == null) {
                        i = 304;
                        message = "No change since last update";
                    } else {
                        servicePolicies = filterServicePolicies(servicePoliciesIfUpdated);
                        i = 200;
                        message = "Returning " + (servicePolicies.getPolicies() != null ? servicePolicies.getPolicies().size() : 0) + " policies. Policy version=" + servicePolicies.getPolicyVersion();
                    }
                } catch (Throwable th) {
                    LOG.error("getServicePoliciesIfUpdated(" + str + ", " + l + ") failed", th);
                    i = 400;
                    message = th.getMessage();
                    createPolicyDownloadAudit(str, l, str2, 400, httpServletRequest);
                    RangerPerfTracer.log(rangerPerfTracer);
                }
                if (i != 200) {
                    throw this.restErrorUtil.createRESTException(i, message, i != 304);
                }
            } finally {
                createPolicyDownloadAudit(str, l, str2, i, httpServletRequest);
                RangerPerfTracer.log(rangerPerfTracer);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceREST.getServicePoliciesIfUpdated(" + str + ", " + l + "): count=" + ((servicePolicies == null || servicePolicies.getPolicies() == null) ? 0 : servicePolicies.getPolicies().size()));
        }
        return servicePolicies;
    }

    @GET
    @Produces({"application/json", "application/xml"})
    @Path("/secure/policies/download/{serviceName}")
    public ServicePolicies getSecureServicePoliciesIfUpdated(@PathParam("serviceName") String str, @QueryParam("lastKnownVersion") Long l, @QueryParam("pluginId") String str2, @Context HttpServletRequest httpServletRequest) throws Exception {
        int i;
        String message;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getSecureServicePoliciesIfUpdated(" + str + ", " + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        ServicePolicies servicePolicies = null;
        RangerPerfTracer rangerPerfTracer = null;
        boolean z = false;
        boolean isAdmin = this.bizUtil.isAdmin();
        boolean isKeyAdmin = this.bizUtil.isKeyAdmin();
        httpServletRequest.setAttribute("downloadPolicy", ClientCookie.SECURE_ATTR);
        if (this.serviceUtil.isValidateHttpsAuthentication(str, httpServletRequest)) {
            if (l == null) {
                l = -1L;
            }
            try {
                try {
                    if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                        rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getSecureServicePoliciesIfUpdated(serviceName=" + str + ",lastKnownVersion=" + l + DefaultExpressionEngine.DEFAULT_INDEX_END);
                    }
                    if (StringUtils.equals(this.daoManager.getXXServiceDef().getById(this.daoManager.getXXService().findByName(str).getType()).getImplclassname(), EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME)) {
                        RangerService serviceByNameForDP = this.svcStore.getServiceByNameForDP(str);
                        if (isKeyAdmin) {
                            z = true;
                        } else if (serviceByNameForDP != null) {
                            z = this.bizUtil.isUserAllowed(serviceByNameForDP, Allowed_User_List_For_Download);
                            if (!z) {
                                z = this.bizUtil.isUserAllowed(serviceByNameForDP, Allowed_User_List_For_Grant_Revoke);
                            }
                        }
                    } else {
                        RangerService serviceByName = this.svcStore.getServiceByName(str);
                        if (isAdmin) {
                            z = true;
                        } else if (serviceByName != null) {
                            z = this.bizUtil.isUserAllowed(serviceByName, Allowed_User_List_For_Download);
                            if (!z) {
                                z = this.bizUtil.isUserAllowed(serviceByName, Allowed_User_List_For_Grant_Revoke);
                            }
                        }
                    }
                    if (z) {
                        ServicePolicies servicePoliciesIfUpdated = this.svcStore.getServicePoliciesIfUpdated(str, l);
                        if (servicePoliciesIfUpdated == null) {
                            i = 304;
                            message = "No change since last update";
                        } else {
                            servicePolicies = filterServicePolicies(servicePoliciesIfUpdated);
                            i = 200;
                            message = "Returning " + (servicePolicies.getPolicies() != null ? servicePolicies.getPolicies().size() : 0) + " policies. Policy version=" + servicePolicies.getPolicyVersion();
                        }
                    } else {
                        LOG.error("getSecureServicePoliciesIfUpdated(" + str + ", " + l + ") failed as User doesn't have permission to download Policy");
                        i = 401;
                        message = "User doesn't have permission to download policy";
                    }
                    createPolicyDownloadAudit(str, l, str2, i, httpServletRequest);
                    RangerPerfTracer.log(rangerPerfTracer);
                } catch (Throwable th) {
                    LOG.error("getSecureServicePoliciesIfUpdated(" + str + ", " + l + ") failed", th);
                    i = 400;
                    message = th.getMessage();
                    createPolicyDownloadAudit(str, l, str2, 400, httpServletRequest);
                    RangerPerfTracer.log(null);
                }
                if (i != 200) {
                    throw this.restErrorUtil.createRESTException(i, message, i != 304);
                }
            } catch (Throwable th2) {
                createPolicyDownloadAudit(str, l, str2, 200, httpServletRequest);
                RangerPerfTracer.log(null);
                throw th2;
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceREST.getSecureServicePoliciesIfUpdated(" + str + ", " + l + "): count=" + ((servicePolicies == null || servicePolicies.getPolicies() == null) ? 0 : servicePolicies.getPolicies().size()));
        }
        return servicePolicies;
    }

    private void createPolicyDownloadAudit(String str, Long l, String str2, int i, HttpServletRequest httpServletRequest) {
        try {
            String header = httpServletRequest.getHeader("X-FORWARDED-FOR");
            if (header == null) {
                header = httpServletRequest.getRemoteAddr();
            }
            XXPolicyExportAudit xXPolicyExportAudit = new XXPolicyExportAudit();
            xXPolicyExportAudit.setRepositoryName(str);
            xXPolicyExportAudit.setAgentId(str2);
            xXPolicyExportAudit.setClientIP(header);
            xXPolicyExportAudit.setRequestedEpoch(l);
            xXPolicyExportAudit.setHttpRetCode(i);
            this.assetMgr.createPolicyAudit(xXPolicyExportAudit);
        } catch (Exception e) {
            LOG.error("error while creating policy download audit", e);
        }
    }

    private RangerPolicy getExactMatchPolicyForResource(String str, RangerAccessResource rangerAccessResource) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getExactMatchPolicyForResource(" + rangerAccessResource + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RangerPolicy rangerPolicy = null;
        RangerPolicyEngine policyEngine = getPolicyEngine(str);
        List<RangerPolicy> exactMatchPolicies = policyEngine != null ? policyEngine.getExactMatchPolicies(rangerAccessResource) : null;
        if (CollectionUtils.isNotEmpty(exactMatchPolicies)) {
            rangerPolicy = this.svcStore.getPolicy(exactMatchPolicies.get(0).getId());
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceREST.getExactMatchPolicyForResource(" + rangerAccessResource + "): " + rangerPolicy);
        }
        return rangerPolicy;
    }

    private RangerPolicy getExactMatchPolicyForResource(String str, Map<String, RangerPolicy.RangerPolicyResource> map) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getExactMatchPolicyForResource(" + map + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        RangerPolicy rangerPolicy = null;
        RangerPolicyEngine policyEngine = getPolicyEngine(str);
        List<RangerPolicy> exactMatchPolicies = policyEngine != null ? policyEngine.getExactMatchPolicies(map) : null;
        if (CollectionUtils.isNotEmpty(exactMatchPolicies)) {
            rangerPolicy = this.svcStore.getPolicy(exactMatchPolicies.get(0).getId());
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceREST.getExactMatchPolicyForResource(" + map + "): " + rangerPolicy);
        }
        return rangerPolicy;
    }

    @GET
    @Path("/policies/eventTime")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.getPolicyFromEventTime\")")
    @Produces({"application/json", "application/xml"})
    public RangerPolicy getPolicyFromEventTime(@Context HttpServletRequest httpServletRequest) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getPolicyFromEventTime()");
        }
        String parameter = httpServletRequest.getParameter("eventTime");
        String parameter2 = httpServletRequest.getParameter(SearchFilter.POLICY_ID);
        if (StringUtils.isEmpty(parameter) || StringUtils.isEmpty(parameter2)) {
            throw this.restErrorUtil.createRESTException("EventTime or policyId cannot be null or empty string.", MessageEnums.INVALID_INPUT_DATA);
        }
        Long valueOf = Long.valueOf(Long.parseLong(parameter2));
        try {
            RangerPolicy policyFromEventTime = this.svcStore.getPolicyFromEventTime(parameter, valueOf);
            if (policyFromEventTime != null) {
                ensureAdminAccess(policyFromEventTime.getService(), policyFromEventTime.getResources());
            }
            if (policyFromEventTime == null) {
                throw this.restErrorUtil.createRESTException(404, "Not found", true);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== ServiceREST.getPolicy(" + valueOf + "): " + policyFromEventTime);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== ServiceREST.getPolicyFromEventTime()");
            }
            return policyFromEventTime;
        } catch (WebApplicationException e) {
            throw e;
        } catch (Throwable th) {
            LOG.error("getPolicy(" + valueOf + ") failed", th);
            throw this.restErrorUtil.createRESTException(th.getMessage());
        }
    }

    @GET
    @Path("/policy/{policyId}/versionList")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.getPolicyVersionList\")")
    public VXString getPolicyVersionList(@PathParam("policyId") Long l) {
        return this.svcStore.getPolicyVersionList(l);
    }

    @GET
    @Path("/policy/{policyId}/version/{versionNo}")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"ServiceREST.getPolicyForVersionNumber\")")
    @Produces({"application/json", "application/xml"})
    public RangerPolicy getPolicyForVersionNumber(@PathParam("policyId") Long l, @PathParam("versionNo") int i) {
        return this.svcStore.getPolicyForVersionNumber(l, i);
    }

    private RangerPolicy getPolicyByGuid(String str) {
        RangerPolicy rangerPolicy = null;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getPolicyByGuid(" + str + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        SearchFilter searchFilter = new SearchFilter();
        searchFilter.setParam(SearchFilter.GUID, str);
        List<RangerPolicy> policies = getPolicies(searchFilter);
        if (CollectionUtils.isNotEmpty(policies)) {
            rangerPolicy = policies.get(0);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceREST.getPolicyByGuid(" + str + DefaultExpressionEngine.DEFAULT_INDEX_END + rangerPolicy);
        }
        return rangerPolicy;
    }

    private RangerPolicy getPolicyByName(String str, String str2) {
        RangerPolicy rangerPolicy = null;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceREST.getPolicyByName(" + str + "," + str2 + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        SearchFilter searchFilter = new SearchFilter();
        searchFilter.setParam("serviceName", str);
        searchFilter.setParam("policyName", str2);
        List<RangerPolicy> policies = getPolicies(searchFilter);
        if (CollectionUtils.isNotEmpty(policies)) {
            rangerPolicy = policies.get(0);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceREST.getPolicyByName(" + str + "," + str2 + DefaultExpressionEngine.DEFAULT_INDEX_END + rangerPolicy);
        }
        return rangerPolicy;
    }

    private List<RangerPolicy> applyAdminAccessFilter(List<RangerPolicy> list) {
        ArrayList arrayList = new ArrayList();
        RangerPerfTracer perfTracer = RangerPerfTracer.isPerfTraceEnabled(PERF_LOG) ? RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.applyAdminAccessFilter(policyCount=" + (list == null ? 0 : list.size()) + DefaultExpressionEngine.DEFAULT_INDEX_END) : null;
        if (CollectionUtils.isNotEmpty(list)) {
            boolean isAdmin = this.bizUtil.isAdmin();
            boolean isKeyAdmin = this.bizUtil.isKeyAdmin();
            String currentUserLoginId = this.bizUtil.getCurrentUserLoginId();
            Set<String> set = null;
            HashMap hashMap = new HashMap();
            for (int i = 0; i < list.size(); i++) {
                RangerPolicy rangerPolicy = list.get(i);
                String service = rangerPolicy.getService();
                List list2 = (List) hashMap.get(service);
                if (list2 == null) {
                    list2 = new ArrayList();
                    hashMap.put(service, list2);
                }
                list2.add(rangerPolicy);
            }
            for (Map.Entry entry : hashMap.entrySet()) {
                String str = (String) entry.getKey();
                List<RangerPolicy> list3 = (List) entry.getValue();
                if (CollectionUtils.isNotEmpty(list3)) {
                    if (isAdmin || isKeyAdmin) {
                        boolean equals = this.daoManager.getXXService().findByName(str).getType().equals(Long.valueOf(EmbeddedServiceDefsUtil.instance().getKmsServiceDefId()));
                        if (isAdmin) {
                            if (!equals) {
                                arrayList.addAll(list3);
                            }
                        } else if (equals) {
                            arrayList.addAll(list3);
                        }
                    } else {
                        RangerPolicyEngine delegatedAdminPolicyEngine = getDelegatedAdminPolicyEngine(str);
                        if (delegatedAdminPolicyEngine != null) {
                            if (set == null) {
                                set = this.daoManager.getXXGroupUser().findGroupNamesByUserName(currentUserLoginId);
                            }
                            for (RangerPolicy rangerPolicy2 : list3) {
                                if (delegatedAdminPolicyEngine.isAccessAllowed(rangerPolicy2.getResources(), currentUserLoginId, set, RangerPolicyEngine.ADMIN_ACCESS)) {
                                    arrayList.add(rangerPolicy2);
                                }
                            }
                        }
                    }
                }
            }
        }
        RangerPerfTracer.log(perfTracer);
        return arrayList;
    }

    void ensureAdminAccess(String str, Map<String, RangerPolicy.RangerPolicyResource> map) {
        boolean isAdmin = this.bizUtil.isAdmin();
        boolean isKeyAdmin = this.bizUtil.isKeyAdmin();
        String currentUserLoginId = this.bizUtil.getCurrentUserLoginId();
        if (!isAdmin && !isKeyAdmin) {
            boolean z = false;
            if (getDelegatedAdminPolicyEngine(str) != null) {
                z = hasAdminAccess(str, currentUserLoginId, this.userMgr.getGroupsForUser(currentUserLoginId), map);
            }
            if (!z) {
                throw this.restErrorUtil.createRESTException(401, "User '" + currentUserLoginId + "' does not have delegated-admin privilege on given resources", true);
            }
            return;
        }
        XXServiceDef byId = this.daoManager.getXXServiceDef().getById(this.daoManager.getXXService().findByName(str).getType());
        if (isAdmin) {
            if (byId.getImplclassname().equals(EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME)) {
                throw this.restErrorUtil.createRESTException("KMS Policies/Services/Service-Defs are not accessible for user '" + currentUserLoginId + "'.", MessageEnums.OPER_NO_PERMISSION);
            }
        } else if (isKeyAdmin && !byId.getImplclassname().equals(EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME)) {
            throw this.restErrorUtil.createRESTException("Only KMS Policies/Services/Service-Defs are accessible for user '" + currentUserLoginId + "'.", MessageEnums.OPER_NO_PERMISSION);
        }
    }

    private boolean hasAdminAccess(String str, String str2, Set<String> set, Map<String, RangerPolicy.RangerPolicyResource> map) {
        boolean z = false;
        RangerPolicyEngine delegatedAdminPolicyEngine = getDelegatedAdminPolicyEngine(str);
        if (delegatedAdminPolicyEngine != null) {
            z = delegatedAdminPolicyEngine.isAccessAllowed(map, str2, set, RangerPolicyEngine.ADMIN_ACCESS);
        }
        return z;
    }

    private boolean hasAdminAccess(String str, String str2, Set<String> set, RangerAccessResource rangerAccessResource) {
        boolean z = false;
        RangerPolicyEngine delegatedAdminPolicyEngine = getDelegatedAdminPolicyEngine(str);
        if (delegatedAdminPolicyEngine != null) {
            z = delegatedAdminPolicyEngine.isAccessAllowed(rangerAccessResource, str2, set, RangerPolicyEngine.ADMIN_ACCESS);
        }
        return z;
    }

    private RangerPolicyEngine getDelegatedAdminPolicyEngine(String str) {
        if (RangerPolicyEngineCache.getInstance().getPolicyEngineOptions() == null) {
            RangerPolicyEngineOptions rangerPolicyEngineOptions = new RangerPolicyEngineOptions();
            rangerPolicyEngineOptions.evaluatorType = RangerPolicyEvaluator.EVALUATOR_TYPE_OPTIMIZED;
            rangerPolicyEngineOptions.cacheAuditResults = RangerConfiguration.getInstance().getBoolean("ranger.admin.policyengine.option.cache.audit.results", false);
            rangerPolicyEngineOptions.disableContextEnrichers = RangerConfiguration.getInstance().getBoolean("ranger.admin.policyengine.option.disable.context.enrichers", true);
            rangerPolicyEngineOptions.disableCustomConditions = RangerConfiguration.getInstance().getBoolean("ranger.admin.policyengine.option.disable.custom.conditions", true);
            rangerPolicyEngineOptions.evaluateDelegateAdminOnly = RangerConfiguration.getInstance().getBoolean("ranger.admin.policyengine.option.evaluate.delegateadmin.only", true);
            RangerPolicyEngineCache.getInstance().setPolicyEngineOptions(rangerPolicyEngineOptions);
        }
        return RangerPolicyEngineCache.getInstance().getPolicyEngine(str, this.svcStore);
    }

    private RangerPolicyEngine getPolicyEngine(String str) throws Exception {
        RangerPolicyEngineOptions rangerPolicyEngineOptions = new RangerPolicyEngineOptions();
        rangerPolicyEngineOptions.evaluatorType = RangerPolicyEvaluator.EVALUATOR_TYPE_OPTIMIZED;
        rangerPolicyEngineOptions.cacheAuditResults = RangerConfiguration.getInstance().getBoolean("ranger.admin.policyengine.option.cache.audit.results", false);
        rangerPolicyEngineOptions.disableContextEnrichers = RangerConfiguration.getInstance().getBoolean("ranger.admin.policyengine.option.disable.context.enrichers", true);
        rangerPolicyEngineOptions.disableCustomConditions = RangerConfiguration.getInstance().getBoolean("ranger.admin.policyengine.option.disable.custom.conditions", true);
        rangerPolicyEngineOptions.evaluateDelegateAdminOnly = false;
        rangerPolicyEngineOptions.disableTrieLookupPrefilter = RangerConfiguration.getInstance().getBoolean("ranger.admin.policyengine.option.disable.trie.lookup.prefilter", false);
        return new RangerPolicyEngineImpl("ranger-admin", this.svcStore.getServicePoliciesIfUpdated(str, -1L), rangerPolicyEngineOptions);
    }

    @GET
    @Produces({"text/plain"})
    @Path("/checksso")
    public String checkSSO() {
        return String.valueOf(this.bizUtil.isSSOEnabled());
    }

    @GET
    @Produces({"application/json"})
    @Path("/csrfconf")
    public HashMap<String, Object> getCSRFProperties() {
        return getCSRFPropertiesMap();
    }

    private HashMap<String, Object> getCSRFPropertiesMap() {
        HashMap<String, Object> hashMap = new HashMap<>();
        hashMap.put(isCSRF_ENABLED, Boolean.valueOf(PropertiesUtil.getBooleanProperty(isCSRF_ENABLED, true)));
        hashMap.put("ranger.rest-csrf.custom-header", PropertiesUtil.getProperty("ranger.rest-csrf.custom-header", RangerCSRFPreventionFilter.HEADER_DEFAULT));
        hashMap.put("ranger.rest-csrf.browser-useragents-regex", PropertiesUtil.getProperty("ranger.rest-csrf.browser-useragents-regex", RangerCSRFPreventionFilter.BROWSER_USER_AGENTS_DEFAULT));
        hashMap.put("ranger.rest-csrf.methods-to-ignore", PropertiesUtil.getProperty("ranger.rest-csrf.methods-to-ignore", RangerCSRFPreventionFilter.METHODS_TO_IGNORE_DEFAULT));
        return hashMap;
    }

    boolean isAdminUserWithNoFilterParams(SearchFilter searchFilter) {
        return (searchFilter == null || MapUtils.isEmpty(searchFilter.getParams())) && (this.bizUtil.isAdmin() || this.bizUtil.isKeyAdmin());
    }

    private RangerPolicyList toRangerPolicyList(PList<RangerPolicy> pList) {
        RangerPolicyList rangerPolicyList = new RangerPolicyList();
        if (pList != null) {
            rangerPolicyList.setPolicies(pList.getList());
            rangerPolicyList.setPageSize(pList.getPageSize());
            rangerPolicyList.setResultSize(pList.getResultSize());
            rangerPolicyList.setStartIndex(pList.getStartIndex());
            rangerPolicyList.setTotalCount(pList.getTotalCount());
            rangerPolicyList.setSortBy(pList.getSortBy());
            rangerPolicyList.setSortType(pList.getSortType());
        }
        return rangerPolicyList;
    }

    private RangerPolicyList toRangerPolicyList(List<RangerPolicy> list, SearchFilter searchFilter) {
        RangerPolicyList rangerPolicyList = new RangerPolicyList();
        if (CollectionUtils.isNotEmpty(list)) {
            int size = list.size();
            int startIndex = searchFilter == null ? 0 : searchFilter.getStartIndex();
            int maxRows = searchFilter == null ? size : searchFilter.getMaxRows();
            int min = Math.min(startIndex + maxRows, size);
            String sortType = searchFilter == null ? null : searchFilter.getSortType();
            String sortBy = searchFilter == null ? null : searchFilter.getSortBy();
            ArrayList arrayList = new ArrayList();
            for (int i = startIndex; i < min; i++) {
                arrayList.add(list.get(i));
            }
            rangerPolicyList.setPolicies(arrayList);
            rangerPolicyList.setPageSize(maxRows);
            rangerPolicyList.setResultSize(arrayList.size());
            rangerPolicyList.setStartIndex(startIndex);
            rangerPolicyList.setTotalCount(size);
            rangerPolicyList.setSortBy(sortBy);
            rangerPolicyList.setSortType(sortType);
        }
        return rangerPolicyList;
    }

    private ServicePolicies filterServicePolicies(ServicePolicies servicePolicies) {
        ServicePolicies servicePolicies2 = null;
        boolean z = false;
        boolean z2 = false;
        if (servicePolicies != null) {
            List<RangerPolicy> policies = servicePolicies.getPolicies();
            if (CollectionUtils.isNotEmpty(policies)) {
                Iterator<RangerPolicy> it = policies.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (!it.next().getIsEnabled().booleanValue()) {
                        z = true;
                        break;
                    }
                }
            }
            if (servicePolicies.getTagPolicies() != null) {
                List<RangerPolicy> policies2 = servicePolicies.getTagPolicies().getPolicies();
                if (CollectionUtils.isNotEmpty(policies2)) {
                    Iterator<RangerPolicy> it2 = policies2.iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            break;
                        }
                        if (!it2.next().getIsEnabled().booleanValue()) {
                            z2 = true;
                            break;
                        }
                    }
                }
            }
            if (z || z2) {
                servicePolicies2 = new ServicePolicies();
                servicePolicies2.setServiceDef(servicePolicies.getServiceDef());
                servicePolicies2.setServiceId(servicePolicies.getServiceId());
                servicePolicies2.setServiceName(servicePolicies.getServiceName());
                servicePolicies2.setPolicyVersion(servicePolicies.getPolicyVersion());
                servicePolicies2.setPolicyUpdateTime(servicePolicies.getPolicyUpdateTime());
                servicePolicies2.setPolicies(servicePolicies.getPolicies());
                servicePolicies2.setTagPolicies(servicePolicies.getTagPolicies());
                if (z) {
                    ArrayList arrayList = new ArrayList();
                    for (RangerPolicy rangerPolicy : servicePolicies.getPolicies()) {
                        if (rangerPolicy.getIsEnabled().booleanValue()) {
                            arrayList.add(rangerPolicy);
                        }
                    }
                    servicePolicies2.setPolicies(arrayList);
                }
                if (z2) {
                    ServicePolicies.TagPolicies tagPolicies = new ServicePolicies.TagPolicies();
                    tagPolicies.setServiceDef(servicePolicies.getTagPolicies().getServiceDef());
                    tagPolicies.setServiceId(servicePolicies.getTagPolicies().getServiceId());
                    tagPolicies.setServiceName(servicePolicies.getTagPolicies().getServiceName());
                    tagPolicies.setPolicyVersion(servicePolicies.getTagPolicies().getPolicyVersion());
                    tagPolicies.setPolicyUpdateTime(servicePolicies.getTagPolicies().getPolicyUpdateTime());
                    ArrayList arrayList2 = new ArrayList();
                    for (RangerPolicy rangerPolicy2 : servicePolicies.getTagPolicies().getPolicies()) {
                        if (rangerPolicy2.getIsEnabled().booleanValue()) {
                            arrayList2.add(rangerPolicy2);
                        }
                    }
                    tagPolicies.setPolicies(arrayList2);
                    servicePolicies2.setTagPolicies(tagPolicies);
                }
            } else {
                servicePolicies2 = servicePolicies;
            }
        }
        return servicePolicies2;
    }
}
