package org.apache.sqoop.security.authorization;

import com.beust.jcommander.internal.Lists;
import com.google.common.base.Predicate;
import com.google.common.collect.Collections2;
import java.util.ArrayList;
import java.util.List;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
import org.apache.log4j.Logger;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.model.MPersistableEntity;
import org.apache.sqoop.model.MPrincipal;
import org.apache.sqoop.model.MPrivilege;
import org.apache.sqoop.model.MResource;
import org.apache.sqoop.model.MSubmission;
import org.apache.sqoop.repository.Repository;
import org.apache.sqoop.repository.RepositoryManager;
import org.apache.sqoop.security.AuthorizationHandler;
import org.apache.sqoop.security.AuthorizationManager;

/* loaded from: input_file:WEB-INF/lib/sqoop-security-1.99.6.jar:org/apache/sqoop/security/authorization/AuthorizationEngine.class */
public class AuthorizationEngine {
    private static final Logger LOG = Logger.getLogger(AuthorizationEngine.class);

    public static <T extends MPersistableEntity> List<T> filterResource(final MResource.TYPE type, List<T> list) throws SqoopException {
        return Lists.newArrayList(Collections2.filter(list, new Predicate<T>() { // from class: org.apache.sqoop.security.authorization.AuthorizationEngine.1
            /* JADX WARN: Incorrect types in method signature: (TT;)Z */
            @Override // com.google.common.base.Predicate
            public boolean apply(MPersistableEntity mPersistableEntity) {
                try {
                    AuthorizationEngine.checkPrivilege(AuthorizationEngine.getPrivilege(MResource.TYPE.this, String.valueOf(mPersistableEntity.getPersistenceId()), MPrivilege.ACTION.READ));
                    return true;
                } catch (Exception e) {
                    return false;
                }
            }
        }));
    }

    public static void readConnector(String str) throws SqoopException {
        checkPrivilege(getPrivilege(MResource.TYPE.CONNECTOR, str, MPrivilege.ACTION.READ));
    }

    public static void readLink(String str) throws SqoopException {
        checkPrivilege(getPrivilege(MResource.TYPE.LINK, str, MPrivilege.ACTION.READ));
    }

    public static void createLink(String str) throws SqoopException {
        checkPrivilege(getPrivilege(MResource.TYPE.CONNECTOR, str, MPrivilege.ACTION.READ));
    }

    public static void updateLink(String str, String str2) throws SqoopException {
        checkPrivilege(getPrivilege(MResource.TYPE.CONNECTOR, str, MPrivilege.ACTION.READ), getPrivilege(MResource.TYPE.LINK, str2, MPrivilege.ACTION.WRITE));
    }

    public static void deleteLink(String str) throws SqoopException {
        checkPrivilege(getPrivilege(MResource.TYPE.LINK, str, MPrivilege.ACTION.WRITE));
    }

    public static void enableDisableLink(String str) throws SqoopException {
        checkPrivilege(getPrivilege(MResource.TYPE.LINK, str, MPrivilege.ACTION.WRITE));
    }

    public static void readJob(String str) throws SqoopException {
        checkPrivilege(getPrivilege(MResource.TYPE.JOB, str, MPrivilege.ACTION.READ));
    }

    public static void createJob(String str, String str2) throws SqoopException {
        checkPrivilege(getPrivilege(MResource.TYPE.LINK, str, MPrivilege.ACTION.READ), getPrivilege(MResource.TYPE.LINK, str2, MPrivilege.ACTION.READ));
    }

    public static void updateJob(String str, String str2, String str3) throws SqoopException {
        checkPrivilege(getPrivilege(MResource.TYPE.LINK, str, MPrivilege.ACTION.READ), getPrivilege(MResource.TYPE.LINK, str2, MPrivilege.ACTION.READ), getPrivilege(MResource.TYPE.JOB, str3, MPrivilege.ACTION.WRITE));
    }

    public static void deleteJob(String str) throws SqoopException {
        checkPrivilege(getPrivilege(MResource.TYPE.JOB, str, MPrivilege.ACTION.WRITE));
    }

    public static void enableDisableJob(String str) throws SqoopException {
        checkPrivilege(getPrivilege(MResource.TYPE.JOB, str, MPrivilege.ACTION.WRITE));
    }

    public static void startJob(String str) throws SqoopException {
        checkPrivilege(getPrivilege(MResource.TYPE.JOB, str, MPrivilege.ACTION.WRITE));
    }

    public static void stopJob(String str) throws SqoopException {
        checkPrivilege(getPrivilege(MResource.TYPE.JOB, str, MPrivilege.ACTION.WRITE));
    }

    public static void statusJob(String str) throws SqoopException {
        checkPrivilege(getPrivilege(MResource.TYPE.JOB, str, MPrivilege.ACTION.READ));
    }

    public static List<MSubmission> filterSubmission(List<MSubmission> list) throws SqoopException {
        return Lists.newArrayList(Collections2.filter(list, new Predicate<MSubmission>() { // from class: org.apache.sqoop.security.authorization.AuthorizationEngine.2
            @Override // com.google.common.base.Predicate
            public boolean apply(MSubmission mSubmission) {
                try {
                    AuthorizationEngine.checkPrivilege(AuthorizationEngine.getPrivilege(MResource.TYPE.JOB, String.valueOf(mSubmission.getJobId()), MPrivilege.ACTION.READ));
                    return true;
                } catch (Exception e) {
                    return false;
                }
            }
        }));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static MPrivilege getPrivilege(MResource.TYPE type, String str, MPrivilege.ACTION action) {
        return new MPrivilege(new MResource(str, type), action, false);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkPrivilege(MPrivilege... mPrivilegeArr) {
        AuthorizationHandler authorizationHandler = AuthorizationManager.getAuthorizationHandler();
        UserGroupInformation userGroupInformation = HttpUserGroupInformation.get();
        String shortUserName = userGroupInformation == null ? "" : userGroupInformation.getShortUserName();
        MPrincipal mPrincipal = new MPrincipal(shortUserName, MPrincipal.TYPE.USER);
        ArrayList arrayList = new ArrayList();
        for (MPrivilege mPrivilege : mPrivilegeArr) {
            Repository repository = RepositoryManager.getInstance().getRepository();
            if (MResource.TYPE.LINK.name().equalsIgnoreCase(mPrivilege.getResource().getType())) {
                if (!shortUserName.equals(repository.findLink(Long.valueOf(mPrivilege.getResource().getName()).longValue()).getCreationUser())) {
                    arrayList.add(mPrivilege);
                }
            } else if (!MResource.TYPE.JOB.name().equalsIgnoreCase(mPrivilege.getResource().getType())) {
                arrayList.add(mPrivilege);
            } else if (!shortUserName.equals(repository.findJob(Long.valueOf(mPrivilege.getResource().getName()).longValue()).getCreationUser())) {
                arrayList.add(mPrivilege);
            }
        }
        authorizationHandler.checkPrivileges(mPrincipal, arrayList);
    }
}
