package org.apache.sqoop.security.Authorization;

import com.beust.jcommander.internal.Lists;
import com.google.common.base.Predicate;
import com.google.common.collect.Collections2;
import java.util.Arrays;
import java.util.List;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
import org.apache.log4j.Logger;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.model.MPersistableEntity;
import org.apache.sqoop.model.MPrincipal;
import org.apache.sqoop.model.MPrivilege;
import org.apache.sqoop.model.MResource;
import org.apache.sqoop.model.MSubmission;
import org.apache.sqoop.security.AuthorizationHandler;
import org.apache.sqoop.security.AuthorizationManager;

/* loaded from: input_file:WEB-INF/lib/sqoop-security-1.99.5.jar:org/apache/sqoop/security/Authorization/AuthorizationEngine.class */
public class AuthorizationEngine {
    private static final Logger LOG = Logger.getLogger(AuthorizationEngine.class);

    /* loaded from: input_file:WEB-INF/lib/sqoop-security-1.99.5.jar:org/apache/sqoop/security/Authorization/AuthorizationEngine$PrivilegeActionType.class */
    public enum PrivilegeActionType {
        VIEW,
        USE,
        CREATE,
        UPDATE,
        DELETE,
        ENABlE_DISABLE,
        START_STOP,
        STATUS
    }

    /* loaded from: input_file:WEB-INF/lib/sqoop-security-1.99.5.jar:org/apache/sqoop/security/Authorization/AuthorizationEngine$ResourceType.class */
    public enum ResourceType {
        CONNECTOR,
        LINK,
        JOB
    }

    /* loaded from: input_file:WEB-INF/lib/sqoop-security-1.99.5.jar:org/apache/sqoop/security/Authorization/AuthorizationEngine$RoleType.class */
    public enum RoleType {
        USER,
        GROUP,
        ROLE
    }

    public static <T extends MPersistableEntity> List<T> filterResource(final ResourceType resourceType, List<T> list) throws SqoopException {
        return Lists.newArrayList(Collections2.filter(list, new Predicate<T>() { // from class: org.apache.sqoop.security.Authorization.AuthorizationEngine.1
            /* JADX WARN: Incorrect types in method signature: (TT;)Z */
            @Override // com.google.common.base.Predicate
            public boolean apply(MPersistableEntity mPersistableEntity) {
                try {
                    AuthorizationEngine.checkPrivilege(AuthorizationEngine.getPrivilege(ResourceType.this, String.valueOf(mPersistableEntity.getPersistenceId()), PrivilegeActionType.VIEW));
                    return true;
                } catch (Exception e) {
                    return false;
                }
            }
        }));
    }

    public static void createLink(String str) throws SqoopException {
        checkPrivilege(getPrivilege(ResourceType.CONNECTOR, str, PrivilegeActionType.USE), getPrivilege(ResourceType.LINK, "", PrivilegeActionType.CREATE));
    }

    public static void updateLink(String str, String str2) throws SqoopException {
        checkPrivilege(getPrivilege(ResourceType.CONNECTOR, str, PrivilegeActionType.USE), getPrivilege(ResourceType.LINK, str2, PrivilegeActionType.UPDATE));
    }

    public static void deleteLink(String str) throws SqoopException {
        checkPrivilege(getPrivilege(ResourceType.LINK, str, PrivilegeActionType.DELETE));
    }

    public static void enableDisableLink(String str) throws SqoopException {
        checkPrivilege(getPrivilege(ResourceType.LINK, str, PrivilegeActionType.ENABlE_DISABLE));
    }

    public static void createJob(String str, String str2) throws SqoopException {
        checkPrivilege(getPrivilege(ResourceType.LINK, str, PrivilegeActionType.USE), getPrivilege(ResourceType.LINK, str2, PrivilegeActionType.USE), getPrivilege(ResourceType.JOB, "", PrivilegeActionType.CREATE));
    }

    public static void updateJob(String str, String str2, String str3) throws SqoopException {
        checkPrivilege(getPrivilege(ResourceType.LINK, str, PrivilegeActionType.USE), getPrivilege(ResourceType.LINK, str2, PrivilegeActionType.USE), getPrivilege(ResourceType.JOB, str3, PrivilegeActionType.UPDATE));
    }

    public static void deleteJob(String str) throws SqoopException {
        checkPrivilege(getPrivilege(ResourceType.JOB, str, PrivilegeActionType.DELETE));
    }

    public static void enableDisableJob(String str) throws SqoopException {
        checkPrivilege(getPrivilege(ResourceType.JOB, str, PrivilegeActionType.ENABlE_DISABLE));
    }

    public static void startJob(String str) throws SqoopException {
        checkPrivilege(getPrivilege(ResourceType.JOB, str, PrivilegeActionType.START_STOP));
    }

    public static void stopJob(String str) throws SqoopException {
        checkPrivilege(getPrivilege(ResourceType.JOB, str, PrivilegeActionType.START_STOP));
    }

    public static void statusJob(String str) throws SqoopException {
        checkPrivilege(getPrivilege(ResourceType.JOB, str, PrivilegeActionType.STATUS));
    }

    public static List<MSubmission> filterSubmission(List<MSubmission> list) throws SqoopException {
        return Lists.newArrayList(Collections2.filter(list, new Predicate<MSubmission>() { // from class: org.apache.sqoop.security.Authorization.AuthorizationEngine.2
            @Override // com.google.common.base.Predicate
            public boolean apply(MSubmission mSubmission) {
                try {
                    AuthorizationEngine.checkPrivilege(AuthorizationEngine.getPrivilege(ResourceType.JOB, String.valueOf(mSubmission.getJobId()), PrivilegeActionType.STATUS));
                    return true;
                } catch (Exception e) {
                    return false;
                }
            }
        }));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static MPrivilege getPrivilege(ResourceType resourceType, String str, PrivilegeActionType privilegeActionType) {
        return new MPrivilege(new MResource((str == null || str.equals("all")) ? "" : str, resourceType.name()), privilegeActionType.name(), false);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkPrivilege(MPrivilege... mPrivilegeArr) {
        AuthorizationHandler authorizationHandler = AuthorizationManager.getAuthorizationHandler();
        UserGroupInformation userGroupInformation = HttpUserGroupInformation.get();
        authorizationHandler.checkPrivileges(new MPrincipal(userGroupInformation == null ? "" : userGroupInformation.getUserName(), RoleType.USER.name()), Arrays.asList(mPrivilegeArr));
    }
}
