package org.apache.ambari.server.security.authorization;

import com.google.common.collect.Lists;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.util.ArrayList;
import java.util.Collection;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.ambari.server.orm.dao.PrivilegeDAO;
import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.ResourceEntity;
import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
import org.apache.ambari.server.security.authentication.AmbariProxiedUserDetailsImpl;
import org.apache.ambari.server.security.authentication.AmbariUserDetails;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

@Singleton
/* loaded from: input_file:org/apache/ambari/server/security/authorization/AuthorizationHelper.class */
public class AuthorizationHelper {
    private static final Logger LOG = LoggerFactory.getLogger(AuthorizationHelper.class);

    @Inject
    static Provider<PrivilegeDAO> privilegeDAOProvider;

    @Inject
    static Provider<ViewInstanceDAO> viewInstanceDAOProvider;

    public static String getProxyUserName(Authentication authentication) {
        if (authentication == null) {
            return null;
        }
        Object principal = authentication.getPrincipal();
        if (principal instanceof AmbariProxiedUserDetailsImpl) {
            return ((AmbariProxiedUserDetailsImpl) principal).getProxyUserDetails().getUsername();
        }
        return null;
    }

    public static String getProxyUserName() {
        return getProxyUserName(SecurityContextHolder.getContext().getAuthentication());
    }

    public Collection<GrantedAuthority> convertPrivilegesToAuthorities(Collection<PrivilegeEntity> collection) {
        HashSet hashSet = new HashSet(collection.size());
        Iterator<PrivilegeEntity> it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(new AmbariGrantedAuthority(it.next()));
        }
        return hashSet;
    }

    public static String getAuthenticatedName() {
        return getAuthenticatedName(null);
    }

    public static String getAuthenticatedName(String str) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return null == authentication ? str : authentication.getName();
    }

    public static int getAuthenticatedId() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Object principal = authentication == null ? null : authentication.getPrincipal();
        if (principal instanceof AmbariUserDetails) {
            return ((AmbariUserDetails) principal).getUserId().intValue();
        }
        return -1;
    }

    public static boolean isAuthorized(ResourceType resourceType, Long l, RoleAuthorization roleAuthorization) {
        return isAuthorized(getAuthentication(), resourceType, l, EnumSet.of(roleAuthorization));
    }

    public static boolean isAuthorized(ResourceType resourceType, Long l, Set<RoleAuthorization> set) {
        return isAuthorized(getAuthentication(), resourceType, l, set);
    }

    public static boolean isAuthorized(Authentication authentication, ResourceType resourceType, Long l, RoleAuthorization roleAuthorization) {
        return isAuthorized(authentication, resourceType, l, EnumSet.of(roleAuthorization));
    }

    public static boolean isAuthorized(Authentication authentication, ResourceType resourceType, Long l, Set<RoleAuthorization> set) {
        boolean z;
        if (set == null || set.isEmpty()) {
            return true;
        }
        if (authentication == null) {
            return false;
        }
        Iterator it = authentication.getAuthorities().iterator();
        while (it.hasNext()) {
            PrivilegeEntity privilegeEntity = ((AmbariGrantedAuthority) ((GrantedAuthority) it.next())).getPrivilegeEntity();
            ResourceEntity resource = privilegeEntity.getResource();
            ResourceType translate = ResourceType.translate(resource.getResourceType().getName());
            if (ResourceType.AMBARI == translate) {
                z = true;
            } else if (resourceType == null || resourceType == translate) {
                z = l == null || l.equals(resource.getId());
            } else {
                z = false;
            }
            if (z) {
                PermissionEntity permission = privilegeEntity.getPermission();
                Collection<RoleAuthorizationEntity> authorizations = permission == null ? null : permission.getAuthorizations();
                if (authorizations != null) {
                    for (RoleAuthorizationEntity roleAuthorizationEntity : authorizations) {
                        try {
                        } catch (IllegalArgumentException e) {
                            LOG.warn("Invalid authorization name, '{}'... ignoring.", roleAuthorizationEntity.getAuthorizationId());
                        }
                        if (set.contains(RoleAuthorization.translate(roleAuthorizationEntity.getAuthorizationId()))) {
                            return true;
                        }
                    }
                } else {
                    continue;
                }
            }
        }
        return false;
    }

    public static void verifyAuthorization(ResourceType resourceType, Long l, Set<RoleAuthorization> set) throws AuthorizationException {
        if (!isAuthorized(resourceType, l, set)) {
            throw new AuthorizationException();
        }
    }

    public static void verifyAuthorization(Authentication authentication, ResourceType resourceType, Long l, Set<RoleAuthorization> set) throws AuthorizationException {
        if (!isAuthorized(authentication, resourceType, l, set)) {
            throw new AuthorizationException();
        }
    }

    public static Authentication getAuthentication() {
        SecurityContext context = SecurityContextHolder.getContext();
        if (context == null) {
            return null;
        }
        return context.getAuthentication();
    }

    public static void addLoginNameAlias(String str, String str2) {
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (requestAttributes != null) {
            LOG.info("Adding login alias '{}' for user name '{}'", str2, str);
            requestAttributes.setAttribute(str2, str, 1);
            requestAttributes.setAttribute(str, str2, 1);
        }
    }

    public static String resolveLoginAliasToUserName(String str) {
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        return (requestAttributes == null || requestAttributes.getAttribute(str, 1) == null) ? str : (String) requestAttributes.getAttribute(str, 1);
    }

    public static List<String> getAuthorizationNames(Authentication authentication) {
        ArrayList newArrayList = Lists.newArrayList();
        if (authentication.getAuthorities() != null) {
            Iterator it = authentication.getAuthorities().iterator();
            while (it.hasNext()) {
                Iterator<RoleAuthorizationEntity> it2 = ((AmbariGrantedAuthority) ((GrantedAuthority) it.next())).getPrivilegeEntity().getPermission().getAuthorizations().iterator();
                while (it2.hasNext()) {
                    newArrayList.add(it2.next().getAuthorizationName());
                }
            }
        }
        return newArrayList;
    }
}
