package org.apache.sentry.hdfs;

import com.google.common.collect.ImmutableMap;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.locks.ReadWriteLock;
import org.apache.hadoop.fs.permission.AclEntry;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.sentry.hdfs.SentryPermissions;
import org.apache.sentry.hdfs.service.thrift.TPrivilegeChanges;
import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipal;
import org.apache.sentry.hdfs.service.thrift.TPrivilegePrincipalType;
import org.apache.sentry.hdfs.service.thrift.TRoleChanges;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/hdfs/UpdateableAuthzPermissions.class */
public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable<PermissionsUpdate> {
    private static final int MAX_UPDATES_PER_LOCK_USE = 99;
    private static final String UPDATABLE_TYPE_NAME = "perm_authz_update";
    private final SentryPermissions perms = new SentryPermissions();
    private final AtomicLong seqNum = new AtomicLong(-1);
    private static final ImmutableMap<String, FsAction> ACTION_MAPPING = ImmutableMap.builder().put("ALL", FsAction.ALL).put("*", FsAction.ALL).put("SELECT", FsAction.READ_EXECUTE).put("INSERT", FsAction.WRITE_EXECUTE).build();
    private static final Logger LOG = LoggerFactory.getLogger(UpdateableAuthzPermissions.class);

    public List<AclEntry> getAcls(String str) {
        return this.perms.getAcls(str);
    }

    public UpdateableAuthzPermissions updateFull(PermissionsUpdate permissionsUpdate) {
        UpdateableAuthzPermissions updateableAuthzPermissions = new UpdateableAuthzPermissions();
        updateableAuthzPermissions.applyPartialUpdate(permissionsUpdate);
        updateableAuthzPermissions.seqNum.set(permissionsUpdate.getSeqNum());
        return updateableAuthzPermissions;
    }

    public void updatePartial(Iterable<PermissionsUpdate> iterable, ReadWriteLock readWriteLock) {
        readWriteLock.writeLock().lock();
        try {
            int i = 0;
            for (PermissionsUpdate permissionsUpdate : iterable) {
                applyPartialUpdate(permissionsUpdate);
                i++;
                if (i > MAX_UPDATES_PER_LOCK_USE) {
                    i = 0;
                    readWriteLock.writeLock().unlock();
                    readWriteLock.writeLock().lock();
                }
                this.seqNum.set(permissionsUpdate.getSeqNum());
                LOG.debug("##### Updated perms seq Num [" + this.seqNum.get() + "]");
            }
        } finally {
            readWriteLock.writeLock().unlock();
        }
    }

    private void applyPartialUpdate(PermissionsUpdate permissionsUpdate) {
        applyPrivilegeUpdates(permissionsUpdate);
        applyRoleUpdates(permissionsUpdate);
    }

    private void applyRoleUpdates(PermissionsUpdate permissionsUpdate) {
        for (TRoleChanges tRoleChanges : permissionsUpdate.getRoleUpdates()) {
            if (tRoleChanges.getRole().equals("__ALL_ROLES__")) {
                String str = (String) tRoleChanges.getDelGroups().iterator().next();
                Iterator<SentryPermissions.RoleInfo> it = this.perms.getAllRoles().iterator();
                while (it.hasNext()) {
                    it.next().delGroup(str);
                }
            }
            SentryPermissions.RoleInfo roleInfo = this.perms.getRoleInfo(tRoleChanges.getRole());
            for (String str2 : tRoleChanges.getAddGroups()) {
                if (roleInfo == null) {
                    roleInfo = new SentryPermissions.RoleInfo(tRoleChanges.getRole());
                }
                roleInfo.addGroup(str2);
            }
            if (roleInfo != null) {
                this.perms.addRoleInfo(roleInfo);
                Iterator it2 = tRoleChanges.getDelGroups().iterator();
                while (true) {
                    if (it2.hasNext()) {
                        String str3 = (String) it2.next();
                        if (str3.equals("__ALL_GROUPS__")) {
                            this.perms.delRoleInfo(roleInfo.getRole());
                            break;
                        }
                        roleInfo.delGroup(str3);
                    }
                }
            }
        }
    }

    private void applyPrivilegeUpdates(PermissionsUpdate permissionsUpdate) {
        for (TPrivilegeChanges tPrivilegeChanges : permissionsUpdate.getPrivilegeUpdates()) {
            if (tPrivilegeChanges.getAuthzObj().equals("__RENAME_PRIV__")) {
                TPrivilegePrincipal tPrivilegePrincipal = (TPrivilegePrincipal) tPrivilegeChanges.getAddPrivileges().keySet().iterator().next();
                TPrivilegePrincipal tPrivilegePrincipal2 = (TPrivilegePrincipal) tPrivilegeChanges.getDelPrivileges().keySet().iterator().next();
                if (tPrivilegePrincipal.getType() == TPrivilegePrincipalType.AUTHZ_OBJ && tPrivilegePrincipal2.getType() == TPrivilegePrincipalType.AUTHZ_OBJ) {
                    String value = tPrivilegePrincipal.getValue();
                    String value2 = tPrivilegePrincipal2.getValue();
                    SentryPermissions.PrivilegeInfo privilegeInfo = this.perms.getPrivilegeInfo(value2);
                    if (privilegeInfo != null) {
                        Map<TPrivilegePrincipal, FsAction> allPermissions = privilegeInfo.getAllPermissions();
                        this.perms.delPrivilegeInfo(value2);
                        this.perms.removeParentChildMappings(value2);
                        SentryPermissions.PrivilegeInfo privilegeInfo2 = new SentryPermissions.PrivilegeInfo(value);
                        for (Map.Entry<TPrivilegePrincipal, FsAction> entry : allPermissions.entrySet()) {
                            privilegeInfo2.setPermission(entry.getKey(), entry.getValue());
                        }
                        this.perms.addPrivilegeInfo(privilegeInfo2);
                        this.perms.addParentChildMappings(value);
                        return;
                    }
                    return;
                }
                LOG.warn("Invalid Permission Update, Received Rename update with wrong data, (Add) Type: {}, Value:{} (Del) Type: {}, Value:{}", new Object[]{tPrivilegePrincipal.getType(), tPrivilegePrincipal.getValue(), tPrivilegePrincipal2.getType(), tPrivilegePrincipal2.getValue()});
            } else {
                if (tPrivilegeChanges.getAuthzObj().equals("__ALL_AUTHZ_OBJ__")) {
                    TPrivilegePrincipal tPrivilegePrincipal3 = (TPrivilegePrincipal) tPrivilegeChanges.getDelPrivileges().keySet().iterator().next();
                    Iterator<SentryPermissions.PrivilegeInfo> it = this.perms.getAllPrivileges().iterator();
                    while (it.hasNext()) {
                        it.next().removePermission(tPrivilegePrincipal3);
                    }
                }
                SentryPermissions.PrivilegeInfo privilegeInfo3 = this.perms.getPrivilegeInfo(tPrivilegeChanges.getAuthzObj());
                for (Map.Entry entry2 : tPrivilegeChanges.getAddPrivileges().entrySet()) {
                    if (privilegeInfo3 == null) {
                        privilegeInfo3 = new SentryPermissions.PrivilegeInfo(tPrivilegeChanges.getAuthzObj());
                    }
                    FsAction permission = privilegeInfo3.getPermission((TPrivilegePrincipal) entry2.getKey());
                    privilegeInfo3.setPermission((TPrivilegePrincipal) entry2.getKey(), permission == null ? getFAction((String) entry2.getValue()) : permission.or(getFAction((String) entry2.getValue())));
                }
                if (privilegeInfo3 != null) {
                    this.perms.addPrivilegeInfo(privilegeInfo3);
                    this.perms.addParentChildMappings(tPrivilegeChanges.getAuthzObj());
                    Iterator it2 = tPrivilegeChanges.getDelPrivileges().entrySet().iterator();
                    while (true) {
                        if (it2.hasNext()) {
                            Map.Entry entry3 = (Map.Entry) it2.next();
                            if (((TPrivilegePrincipal) entry3.getKey()).getValue().equals("__ALL_ROLES__")) {
                                this.perms.delPrivilegeInfo(tPrivilegeChanges.getAuthzObj());
                                this.perms.removeParentChildMappings(tPrivilegeChanges.getAuthzObj());
                                break;
                            }
                            ArrayList<SentryPermissions.PrivilegeInfo> arrayList = new ArrayList();
                            arrayList.add(privilegeInfo3);
                            Set<String> children = this.perms.getChildren(privilegeInfo3.getAuthzObj());
                            if (children != null) {
                                Iterator<String> it3 = children.iterator();
                                while (it3.hasNext()) {
                                    arrayList.add(this.perms.getPrivilegeInfo(it3.next()));
                                }
                            }
                            for (SentryPermissions.PrivilegeInfo privilegeInfo4 : arrayList) {
                                FsAction permission2 = privilegeInfo4.getPermission((TPrivilegePrincipal) entry3.getKey());
                                if (permission2 != null) {
                                    FsAction and = permission2.and(getFAction((String) entry3.getValue()).not());
                                    if (FsAction.NONE == and) {
                                        privilegeInfo4.removePermission((TPrivilegePrincipal) entry3.getKey());
                                    } else {
                                        privilegeInfo4.setPermission((TPrivilegePrincipal) entry3.getKey(), and);
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }

    private static FsAction getFAction(String str) {
        String[] split = str.trim().split(",");
        FsAction fsAction = FsAction.NONE;
        for (String str2 : split) {
            FsAction fsAction2 = (FsAction) ACTION_MAPPING.get(str2.toUpperCase());
            if (fsAction2 == null) {
                LOG.warn("Unsupported privilege {}, disabling all access", str2);
                fsAction2 = FsAction.NONE;
            }
            fsAction = fsAction.or(fsAction2);
        }
        return fsAction;
    }

    public long getLastUpdatedSeqNum() {
        return this.seqNum.get();
    }

    public long getLastUpdatedImgNum() {
        return -1L;
    }

    /* renamed from: createFullImageUpdate, reason: merged with bridge method [inline-methods] */
    public PermissionsUpdate m6createFullImageUpdate(long j) {
        PermissionsUpdate permissionsUpdate = new PermissionsUpdate(j, true);
        for (SentryPermissions.PrivilegeInfo privilegeInfo : this.perms.getAllPrivileges()) {
            TPrivilegeChanges addPrivilegeUpdate = permissionsUpdate.addPrivilegeUpdate(privilegeInfo.getAuthzObj());
            for (Map.Entry<TPrivilegePrincipal, FsAction> entry : privilegeInfo.getAllPermissions().entrySet()) {
                addPrivilegeUpdate.putToAddPrivileges(new TPrivilegePrincipal(entry.getKey()), entry.getValue().SYMBOL);
            }
        }
        for (SentryPermissions.RoleInfo roleInfo : this.perms.getAllRoles()) {
            TRoleChanges addRoleUpdate = permissionsUpdate.addRoleUpdate(roleInfo.getRole());
            Iterator<String> it = roleInfo.getAllGroups().iterator();
            while (it.hasNext()) {
                addRoleUpdate.addToAddGroups(it.next());
            }
        }
        return permissionsUpdate;
    }

    public String getUpdateableTypeName() {
        return UPDATABLE_TYPE_NAME;
    }

    public String toString() {
        return String.format("%s(%s, %s)", getClass().getSimpleName(), this.seqNum, this.perms);
    }

    public String dumpContent() {
        return String.format("%s(%s) ", getClass().getSimpleName(), this.seqNum) + this.perms.dumpContent();
    }
}
