package org.apache.sentry.policy.common;

import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import com.google.common.collect.UnmodifiableIterator;
import java.util.ArrayList;
import java.util.List;
import org.apache.sentry.core.common.BitFieldAction;
import org.apache.sentry.core.common.BitFieldActionFactory;
import org.apache.sentry.core.common.ImplyMethodType;
import org.apache.sentry.core.common.Model;
import org.apache.sentry.core.common.exception.SentryUserException;
import org.apache.sentry.core.common.utils.KeyValue;
import org.apache.sentry.core.common.utils.PathUtils;
import org.apache.sentry.core.common.utils.SentryConstants;

/* loaded from: input_file:org/apache/sentry/policy/common/CommonPrivilege.class */
public class CommonPrivilege implements Privilege {
    private ImmutableList<KeyValue> parts;
    private boolean grantOption;

    public CommonPrivilege(String str) {
        this.grantOption = false;
        String trim = Strings.nullToEmpty(str).trim();
        if (trim.isEmpty()) {
            throw new IllegalArgumentException("Privilege string cannot be null or empty.");
        }
        ArrayList newArrayList = Lists.newArrayList();
        for (String str2 : SentryConstants.AUTHORIZABLE_SPLITTER.trimResults().split(trim)) {
            if (str2.isEmpty()) {
                throw new IllegalArgumentException("Privilege '" + trim + "' has an empty section");
            }
            newArrayList.add(new KeyValue(str2));
        }
        if (newArrayList.isEmpty()) {
            throw new AssertionError("Should never occur: " + trim);
        }
        KeyValue keyValue = (KeyValue) newArrayList.get(newArrayList.size() - 1);
        if (keyValue.getKey().equalsIgnoreCase("grantOption")) {
            this.grantOption = keyValue.getValue().equalsIgnoreCase("true");
            newArrayList.remove(newArrayList.size() - 1);
        }
        this.parts = ImmutableList.copyOf(newArrayList);
    }

    @Override // org.apache.sentry.policy.common.Privilege
    public boolean implies(Privilege privilege, Model model) {
        if (!(privilege instanceof CommonPrivilege)) {
            return false;
        }
        CommonPrivilege commonPrivilege = (CommonPrivilege) privilege;
        if (commonPrivilege.grantOption && !this.grantOption) {
            return false;
        }
        List<KeyValue> parts = commonPrivilege.getParts();
        if (this.parts.equals(parts)) {
            return true;
        }
        int i = 0;
        for (KeyValue keyValue : parts) {
            if (this.parts.size() - 1 < i) {
                return true;
            }
            KeyValue keyValue2 = (KeyValue) this.parts.get(i);
            String key = keyValue2.getKey();
            if (key.equalsIgnoreCase(keyValue.getKey())) {
                if ("action".equalsIgnoreCase(key)) {
                    if (!impliesAction(keyValue2.getValue(), keyValue.getValue(), model.getBitFieldActionFactory())) {
                        return false;
                    }
                } else if (!impliesResource((ImplyMethodType) model.getImplyMethodMap().get(key.toLowerCase()), keyValue2.getValue(), keyValue.getValue())) {
                    return false;
                }
                i++;
            } else if (!"action".equalsIgnoreCase(key)) {
                return false;
            }
        }
        while (i < this.parts.size()) {
            if (!isPrivilegeActionAll((KeyValue) this.parts.get(i), model.getBitFieldActionFactory())) {
                return false;
            }
            i++;
        }
        return true;
    }

    private boolean isPrivilegeActionAll(KeyValue keyValue, BitFieldActionFactory bitFieldActionFactory) {
        return impliesAction(keyValue.getValue(), "*", bitFieldActionFactory);
    }

    @Override // org.apache.sentry.policy.common.Privilege
    public List<KeyValue> getAuthorizable() {
        ArrayList arrayList = new ArrayList();
        UnmodifiableIterator it = this.parts.iterator();
        while (it.hasNext()) {
            KeyValue keyValue = (KeyValue) it.next();
            if (!"action".equalsIgnoreCase(keyValue.getKey())) {
                arrayList.add(new KeyValue(keyValue.getKey().toLowerCase(), keyValue.getValue().toLowerCase()));
            }
        }
        return arrayList;
    }

    private boolean impliesResource(ImplyMethodType implyMethodType, String str, String str2) {
        if ("*".equals(str) || "*".equals(str2) || "ALL".equalsIgnoreCase(str) || "ALL".equalsIgnoreCase(str2) || "+".equals(str2)) {
            return true;
        }
        return ImplyMethodType.URL == implyMethodType ? PathUtils.impliesURI(str, str2) : ImplyMethodType.STRING_CASE_SENSITIVE == implyMethodType ? str.equals(str2) : str.equalsIgnoreCase(str2);
    }

    private boolean impliesAction(String str, String str2, BitFieldActionFactory bitFieldActionFactory) {
        try {
            BitFieldAction actionByName = bitFieldActionFactory.getActionByName(str);
            BitFieldAction actionByName2 = bitFieldActionFactory.getActionByName(str2);
            if (actionByName == null || actionByName2 == null) {
                return false;
            }
            return actionByName.implies(actionByName2);
        } catch (SentryUserException e) {
            return false;
        }
    }

    public String toString() {
        return SentryConstants.AUTHORIZABLE_JOINER.join(this.parts);
    }

    public List<KeyValue> getParts() {
        return this.parts;
    }

    public boolean equals(Object obj) {
        if (obj instanceof CommonPrivilege) {
            return this.parts.equals(((CommonPrivilege) obj).parts);
        }
        return false;
    }

    public int hashCode() {
        return this.parts.hashCode();
    }
}
