package org.apache.ranger.rest;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.configuration2.tree.DefaultExpressionEngineSymbols;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.util.GrantRevokeRequest;

/* loaded from: input_file:WEB-INF/classes/org/apache/ranger/rest/ServiceRESTUtil.class */
public class ServiceRESTUtil {
    private static final Log LOG = LogFactory.getLog(ServiceRESTUtil.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/org/apache/ranger/rest/ServiceRESTUtil$POLICYITEM_TYPE.class */
    public enum POLICYITEM_TYPE {
        ALLOW,
        DENY,
        ALLOW_EXCEPTIONS,
        DENY_EXCEPTIONS
    }

    public static boolean processGrantRequest(RangerPolicy rangerPolicy, GrantRevokeRequest grantRevokeRequest) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.processGrantRequest()");
        }
        if (grantRevokeRequest.getReplaceExistingPermissions().booleanValue()) {
            removeUsersGroupsAndRolesFromPolicy(rangerPolicy, grantRevokeRequest.getUsers(), grantRevokeRequest.getGroups(), grantRevokeRequest.getRoles());
        }
        RangerPolicy rangerPolicy2 = new RangerPolicy();
        RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
        rangerPolicyItem.setDelegateAdmin(grantRevokeRequest.getDelegateAdmin());
        rangerPolicyItem.getUsers().addAll(grantRevokeRequest.getUsers());
        rangerPolicyItem.getGroups().addAll(grantRevokeRequest.getGroups());
        rangerPolicyItem.getRoles().addAll(grantRevokeRequest.getRoles());
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = grantRevokeRequest.getAccessTypes().iterator();
        while (it.hasNext()) {
            arrayList.add(new RangerPolicy.RangerPolicyItemAccess(it.next(), true));
        }
        rangerPolicyItem.setAccesses(arrayList);
        rangerPolicy2.getPolicyItems().add(rangerPolicyItem);
        processApplyPolicy(rangerPolicy, rangerPolicy2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.processGrantRequest() : true");
        }
        return true;
    }

    public static boolean processRevokeRequest(RangerPolicy rangerPolicy, GrantRevokeRequest grantRevokeRequest) {
        boolean z;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.processRevokeRequest()");
        }
        if (grantRevokeRequest.getReplaceExistingPermissions().booleanValue()) {
            z = removeUsersGroupsAndRolesFromPolicy(rangerPolicy, grantRevokeRequest.getUsers(), grantRevokeRequest.getGroups(), grantRevokeRequest.getRoles());
        } else {
            RangerPolicy rangerPolicy2 = new RangerPolicy();
            RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
            rangerPolicyItem.setDelegateAdmin(grantRevokeRequest.getDelegateAdmin());
            rangerPolicyItem.getUsers().addAll(grantRevokeRequest.getUsers());
            rangerPolicyItem.getGroups().addAll(grantRevokeRequest.getGroups());
            rangerPolicyItem.getRoles().addAll(grantRevokeRequest.getRoles());
            ArrayList arrayList = new ArrayList();
            Iterator<String> it = grantRevokeRequest.getAccessTypes().iterator();
            while (it.hasNext()) {
                arrayList.add(new RangerPolicy.RangerPolicyItemAccess(it.next(), false));
            }
            rangerPolicyItem.setAccesses(arrayList);
            rangerPolicy2.getPolicyItems().add(rangerPolicyItem);
            List<RangerPolicy.RangerPolicyItem> policyItems = rangerPolicy2.getPolicyItems();
            if (CollectionUtils.isNotEmpty(policyItems)) {
                HashSet hashSet = new HashSet();
                HashSet hashSet2 = new HashSet();
                HashSet hashSet3 = new HashSet();
                HashMap hashMap = new HashMap();
                HashMap hashMap2 = new HashMap();
                HashMap hashMap3 = new HashMap();
                extractUsersGroupsAndRoles(policyItems, hashSet, hashSet2, hashSet3);
                splitExistingPolicyItems(rangerPolicy, hashSet, hashMap, hashSet2, hashMap2, hashSet3, hashMap3);
                for (RangerPolicy.RangerPolicyItem rangerPolicyItem2 : policyItems) {
                    Iterator<String> it2 = rangerPolicyItem2.getUsers().iterator();
                    while (it2.hasNext()) {
                        RangerPolicy.RangerPolicyItem[] rangerPolicyItemArr = (RangerPolicy.RangerPolicyItem[]) hashMap.get(it2.next());
                        if (rangerPolicyItemArr != null && rangerPolicyItemArr.length > 0) {
                            if (rangerPolicyItemArr[POLICYITEM_TYPE.ALLOW.ordinal()] != null) {
                                removeAccesses(rangerPolicyItemArr[POLICYITEM_TYPE.ALLOW.ordinal()], rangerPolicyItem2.getAccesses());
                                if (CollectionUtils.isEmpty(rangerPolicyItemArr[POLICYITEM_TYPE.ALLOW.ordinal()].getAccesses())) {
                                    rangerPolicyItemArr[POLICYITEM_TYPE.ALLOW.ordinal()].setDelegateAdmin(Boolean.FALSE);
                                } else {
                                    rangerPolicyItemArr[POLICYITEM_TYPE.ALLOW.ordinal()].setDelegateAdmin(grantRevokeRequest.getDelegateAdmin());
                                }
                            }
                            if (rangerPolicyItemArr[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()] != null) {
                                removeAccesses(rangerPolicyItemArr[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()], rangerPolicyItem2.getAccesses());
                                rangerPolicyItemArr[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()].setDelegateAdmin(Boolean.FALSE);
                            }
                        }
                    }
                }
                for (RangerPolicy.RangerPolicyItem rangerPolicyItem3 : policyItems) {
                    Iterator<String> it3 = rangerPolicyItem3.getGroups().iterator();
                    while (it3.hasNext()) {
                        RangerPolicy.RangerPolicyItem[] rangerPolicyItemArr2 = (RangerPolicy.RangerPolicyItem[]) hashMap2.get(it3.next());
                        if (rangerPolicyItemArr2 != null && rangerPolicyItemArr2.length > 0) {
                            if (rangerPolicyItemArr2[POLICYITEM_TYPE.ALLOW.ordinal()] != null) {
                                removeAccesses(rangerPolicyItemArr2[POLICYITEM_TYPE.ALLOW.ordinal()], rangerPolicyItem3.getAccesses());
                                if (CollectionUtils.isEmpty(rangerPolicyItemArr2[POLICYITEM_TYPE.ALLOW.ordinal()].getAccesses())) {
                                    rangerPolicyItemArr2[POLICYITEM_TYPE.ALLOW.ordinal()].setDelegateAdmin(Boolean.FALSE);
                                } else {
                                    rangerPolicyItemArr2[POLICYITEM_TYPE.ALLOW.ordinal()].setDelegateAdmin(grantRevokeRequest.getDelegateAdmin());
                                }
                            }
                            if (rangerPolicyItemArr2[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()] != null) {
                                removeAccesses(rangerPolicyItemArr2[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()], rangerPolicyItem3.getAccesses());
                                rangerPolicyItemArr2[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()].setDelegateAdmin(Boolean.FALSE);
                            }
                        }
                    }
                }
                for (RangerPolicy.RangerPolicyItem rangerPolicyItem4 : policyItems) {
                    Iterator<String> it4 = rangerPolicyItem4.getRoles().iterator();
                    while (it4.hasNext()) {
                        RangerPolicy.RangerPolicyItem[] rangerPolicyItemArr3 = (RangerPolicy.RangerPolicyItem[]) hashMap3.get(it4.next());
                        if (rangerPolicyItemArr3 != null && rangerPolicyItemArr3.length > 0) {
                            if (rangerPolicyItemArr3[POLICYITEM_TYPE.ALLOW.ordinal()] != null) {
                                removeAccesses(rangerPolicyItemArr3[POLICYITEM_TYPE.ALLOW.ordinal()], rangerPolicyItem4.getAccesses());
                                if (CollectionUtils.isEmpty(rangerPolicyItemArr3[POLICYITEM_TYPE.ALLOW.ordinal()].getAccesses())) {
                                    rangerPolicyItemArr3[POLICYITEM_TYPE.ALLOW.ordinal()].setDelegateAdmin(Boolean.FALSE);
                                } else {
                                    rangerPolicyItemArr3[POLICYITEM_TYPE.ALLOW.ordinal()].setDelegateAdmin(grantRevokeRequest.getDelegateAdmin());
                                }
                            }
                            if (rangerPolicyItemArr3[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()] != null) {
                                removeAccesses(rangerPolicyItemArr3[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()], rangerPolicyItem4.getAccesses());
                                rangerPolicyItemArr3[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()].setDelegateAdmin(Boolean.FALSE);
                            }
                        }
                    }
                }
                mergeProcessedPolicyItems(rangerPolicy, hashMap, hashMap2, hashMap3);
                compactPolicy(rangerPolicy);
            }
            z = true;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.processRevokeRequest() : " + z);
        }
        return z;
    }

    public static void processApplyPolicy(RangerPolicy rangerPolicy, RangerPolicy rangerPolicy2) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.processApplyPolicy()");
        }
        processApplyPolicyForItemType(rangerPolicy, rangerPolicy2, POLICYITEM_TYPE.ALLOW);
        processApplyPolicyForItemType(rangerPolicy, rangerPolicy2, POLICYITEM_TYPE.DENY);
        processApplyPolicyForItemType(rangerPolicy, rangerPolicy2, POLICYITEM_TYPE.ALLOW_EXCEPTIONS);
        processApplyPolicyForItemType(rangerPolicy, rangerPolicy2, POLICYITEM_TYPE.DENY_EXCEPTIONS);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.processApplyPolicy()");
        }
    }

    private static void processApplyPolicyForItemType(RangerPolicy rangerPolicy, RangerPolicy rangerPolicy2, POLICYITEM_TYPE policyitem_type) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.processApplyPolicyForItemType()");
        }
        List<RangerPolicy.RangerPolicyItem> list = null;
        switch (policyitem_type) {
            case ALLOW:
                list = rangerPolicy2.getPolicyItems();
                break;
            case DENY:
                list = rangerPolicy2.getDenyPolicyItems();
                break;
            case ALLOW_EXCEPTIONS:
                list = rangerPolicy2.getAllowExceptions();
                break;
            case DENY_EXCEPTIONS:
                list = rangerPolicy2.getDenyExceptions();
                break;
            default:
                LOG.warn("processApplyPolicyForItemType(): invalid policyItemType=" + policyitem_type);
                break;
        }
        if (CollectionUtils.isNotEmpty(list)) {
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            HashSet hashSet3 = new HashSet();
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            HashMap hashMap3 = new HashMap();
            extractUsersGroupsAndRoles(list, hashSet, hashSet2, hashSet3);
            splitExistingPolicyItems(rangerPolicy, hashSet, hashMap, hashSet2, hashMap2, hashSet3, hashMap3);
            applyPolicyItems(list, policyitem_type, hashMap, hashMap2, hashMap3);
            mergeProcessedPolicyItems(rangerPolicy, hashMap, hashMap2, hashMap3);
            compactPolicy(rangerPolicy);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.processApplyPolicyForItemType()");
        }
    }

    public static void mergeExactMatchPolicyForResource(RangerPolicy rangerPolicy, RangerPolicy rangerPolicy2) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.mergeExactMatchPolicyForResource()");
        }
        mergeExactMatchPolicyForItemType(rangerPolicy, rangerPolicy2, POLICYITEM_TYPE.ALLOW);
        mergeExactMatchPolicyForItemType(rangerPolicy, rangerPolicy2, POLICYITEM_TYPE.DENY);
        mergeExactMatchPolicyForItemType(rangerPolicy, rangerPolicy2, POLICYITEM_TYPE.ALLOW_EXCEPTIONS);
        mergeExactMatchPolicyForItemType(rangerPolicy, rangerPolicy2, POLICYITEM_TYPE.DENY_EXCEPTIONS);
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.mergeExactMatchPolicyForResource()");
        }
    }

    private static void mergeExactMatchPolicyForItemType(RangerPolicy rangerPolicy, RangerPolicy rangerPolicy2, POLICYITEM_TYPE policyitem_type) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.mergeExactMatchPolicyForItemType()");
        }
        List<RangerPolicy.RangerPolicyItem> list = null;
        switch (policyitem_type) {
            case ALLOW:
                list = rangerPolicy2.getPolicyItems();
                break;
            case DENY:
                list = rangerPolicy2.getDenyPolicyItems();
                break;
            case ALLOW_EXCEPTIONS:
                list = rangerPolicy2.getAllowExceptions();
                break;
            case DENY_EXCEPTIONS:
                list = rangerPolicy2.getDenyExceptions();
                break;
            default:
                LOG.warn("mergeExactMatchPolicyForItemType(): invalid policyItemType=" + policyitem_type);
                break;
        }
        if (CollectionUtils.isNotEmpty(list)) {
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            HashSet hashSet3 = new HashSet();
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            HashMap hashMap3 = new HashMap();
            extractUsersGroupsAndRoles(list, hashSet, hashSet2, hashSet3);
            splitExistingPolicyItems(rangerPolicy, hashSet, hashMap, hashSet2, hashMap2, hashSet3, hashMap3);
            mergePolicyItems(list, policyitem_type, hashMap, hashMap2);
            mergeProcessedPolicyItems(rangerPolicy, hashMap, hashMap2, hashMap3);
            compactPolicy(rangerPolicy);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.mergeExactMatchPolicyForItemType()");
        }
    }

    private static void extractUsersGroupsAndRoles(List<RangerPolicy.RangerPolicyItem> list, Set<String> set, Set<String> set2, Set<String> set3) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.extractUsersGroupsAndRoles()");
        }
        if (CollectionUtils.isNotEmpty(list)) {
            for (RangerPolicy.RangerPolicyItem rangerPolicyItem : list) {
                if (CollectionUtils.isNotEmpty(rangerPolicyItem.getUsers())) {
                    set.addAll(rangerPolicyItem.getUsers());
                }
                if (CollectionUtils.isNotEmpty(rangerPolicyItem.getGroups())) {
                    set2.addAll(rangerPolicyItem.getGroups());
                }
                if (CollectionUtils.isNotEmpty(rangerPolicyItem.getRoles())) {
                    set3.addAll(rangerPolicyItem.getRoles());
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.extractUsersGroupsAndRoles()");
        }
    }

    private static void splitExistingPolicyItems(RangerPolicy rangerPolicy, Set<String> set, Map<String, RangerPolicy.RangerPolicyItem[]> map, Set<String> set2, Map<String, RangerPolicy.RangerPolicyItem[]> map2, Set<String> set3, Map<String, RangerPolicy.RangerPolicyItem[]> map3) {
        if (rangerPolicy == null || set == null || map == null || set2 == null || map2 == null || set3 == null || map3 == null) {
            return;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.splitExistingPolicyItems()");
        }
        List<RangerPolicy.RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
        List<RangerPolicy.RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
        List<RangerPolicy.RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
        List<RangerPolicy.RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
        for (String str : set) {
            RangerPolicy.RangerPolicyItem[] rangerPolicyItemArr = map.get(str);
            if (rangerPolicyItemArr == null) {
                rangerPolicyItemArr = new RangerPolicy.RangerPolicyItem[4];
                map.put(str, rangerPolicyItemArr);
            }
            rangerPolicyItemArr[POLICYITEM_TYPE.ALLOW.ordinal()] = splitAndGetConsolidatedPolicyItemForUser(policyItems, str);
            rangerPolicyItemArr[POLICYITEM_TYPE.DENY.ordinal()] = splitAndGetConsolidatedPolicyItemForUser(denyPolicyItems, str);
            rangerPolicyItemArr[POLICYITEM_TYPE.ALLOW_EXCEPTIONS.ordinal()] = splitAndGetConsolidatedPolicyItemForUser(allowExceptions, str);
            rangerPolicyItemArr[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()] = splitAndGetConsolidatedPolicyItemForUser(denyExceptions, str);
        }
        for (String str2 : set2) {
            RangerPolicy.RangerPolicyItem[] rangerPolicyItemArr2 = map2.get(str2);
            if (rangerPolicyItemArr2 == null) {
                rangerPolicyItemArr2 = new RangerPolicy.RangerPolicyItem[4];
                map2.put(str2, rangerPolicyItemArr2);
            }
            rangerPolicyItemArr2[POLICYITEM_TYPE.ALLOW.ordinal()] = splitAndGetConsolidatedPolicyItemForGroup(policyItems, str2);
            rangerPolicyItemArr2[POLICYITEM_TYPE.DENY.ordinal()] = splitAndGetConsolidatedPolicyItemForGroup(denyPolicyItems, str2);
            rangerPolicyItemArr2[POLICYITEM_TYPE.ALLOW_EXCEPTIONS.ordinal()] = splitAndGetConsolidatedPolicyItemForGroup(allowExceptions, str2);
            rangerPolicyItemArr2[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()] = splitAndGetConsolidatedPolicyItemForGroup(denyExceptions, str2);
        }
        for (String str3 : set3) {
            RangerPolicy.RangerPolicyItem[] rangerPolicyItemArr3 = map3.get(str3);
            if (rangerPolicyItemArr3 == null) {
                rangerPolicyItemArr3 = new RangerPolicy.RangerPolicyItem[4];
                map3.put(str3, rangerPolicyItemArr3);
            }
            rangerPolicyItemArr3[POLICYITEM_TYPE.ALLOW.ordinal()] = splitAndGetConsolidatedPolicyItemForRole(policyItems, str3);
            rangerPolicyItemArr3[POLICYITEM_TYPE.DENY.ordinal()] = splitAndGetConsolidatedPolicyItemForRole(denyPolicyItems, str3);
            rangerPolicyItemArr3[POLICYITEM_TYPE.ALLOW_EXCEPTIONS.ordinal()] = splitAndGetConsolidatedPolicyItemForRole(allowExceptions, str3);
            rangerPolicyItemArr3[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()] = splitAndGetConsolidatedPolicyItemForRole(denyExceptions, str3);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.splitExistingPolicyItems()");
        }
    }

    private static RangerPolicy.RangerPolicyItem splitAndGetConsolidatedPolicyItemForUser(List<RangerPolicy.RangerPolicyItem> list, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.splitAndGetConsolidatedPolicyItemForUser()");
        }
        RangerPolicy.RangerPolicyItem rangerPolicyItem = null;
        if (CollectionUtils.isNotEmpty(list)) {
            for (RangerPolicy.RangerPolicyItem rangerPolicyItem2 : list) {
                List<String> users = rangerPolicyItem2.getUsers();
                if (users.contains(str)) {
                    if (rangerPolicyItem == null) {
                        rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
                    }
                    rangerPolicyItem.getUsers().add(str);
                    if (rangerPolicyItem2.getDelegateAdmin().booleanValue()) {
                        rangerPolicyItem.setDelegateAdmin(Boolean.TRUE);
                    }
                    addAccesses(rangerPolicyItem, rangerPolicyItem2.getAccesses());
                    users.remove(str);
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.splitAndGetConsolidatedPolicyItemForUser()");
        }
        return rangerPolicyItem;
    }

    private static RangerPolicy.RangerPolicyItem splitAndGetConsolidatedPolicyItemForGroup(List<RangerPolicy.RangerPolicyItem> list, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.splitAndGetConsolidatedPolicyItemForGroup()");
        }
        RangerPolicy.RangerPolicyItem rangerPolicyItem = null;
        if (CollectionUtils.isNotEmpty(list)) {
            for (RangerPolicy.RangerPolicyItem rangerPolicyItem2 : list) {
                List<String> groups = rangerPolicyItem2.getGroups();
                if (groups.contains(str)) {
                    if (rangerPolicyItem == null) {
                        rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
                    }
                    rangerPolicyItem.getGroups().add(str);
                    if (rangerPolicyItem2.getDelegateAdmin().booleanValue()) {
                        rangerPolicyItem.setDelegateAdmin(Boolean.TRUE);
                    }
                    addAccesses(rangerPolicyItem, rangerPolicyItem2.getAccesses());
                    groups.remove(str);
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.splitAndGetConsolidatedPolicyItemForGroup()");
        }
        return rangerPolicyItem;
    }

    private static RangerPolicy.RangerPolicyItem splitAndGetConsolidatedPolicyItemForRole(List<RangerPolicy.RangerPolicyItem> list, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.splitAndGetConsolidatedPolicyItemForGroup()");
        }
        RangerPolicy.RangerPolicyItem rangerPolicyItem = null;
        if (CollectionUtils.isNotEmpty(list)) {
            for (RangerPolicy.RangerPolicyItem rangerPolicyItem2 : list) {
                List<String> roles = rangerPolicyItem2.getRoles();
                if (roles.contains(str)) {
                    if (rangerPolicyItem == null) {
                        rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
                    }
                    rangerPolicyItem.getRoles().add(str);
                    if (rangerPolicyItem2.getDelegateAdmin().booleanValue()) {
                        rangerPolicyItem.setDelegateAdmin(Boolean.TRUE);
                    }
                    addAccesses(rangerPolicyItem, rangerPolicyItem2.getAccesses());
                    roles.remove(str);
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.splitAndGetConsolidatedPolicyItemForGroup()");
        }
        return rangerPolicyItem;
    }

    private static void applyPolicyItems(List<RangerPolicy.RangerPolicyItem> list, POLICYITEM_TYPE policyitem_type, Map<String, RangerPolicy.RangerPolicyItem[]> map, Map<String, RangerPolicy.RangerPolicyItem[]> map2, Map<String, RangerPolicy.RangerPolicyItem[]> map3) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.applyPolicyItems()");
        }
        for (RangerPolicy.RangerPolicyItem rangerPolicyItem : list) {
            for (String str : rangerPolicyItem.getUsers()) {
                RangerPolicy.RangerPolicyItem[] rangerPolicyItemArr = map.get(str);
                if (rangerPolicyItemArr == null) {
                    LOG.warn("Should not have come here..");
                    rangerPolicyItemArr = new RangerPolicy.RangerPolicyItem[4];
                    map.put(str, rangerPolicyItemArr);
                }
                addPolicyItemForUser(rangerPolicyItemArr, policyitem_type.ordinal(), str, rangerPolicyItem);
                switch (policyitem_type) {
                    case ALLOW:
                        removeAccesses(rangerPolicyItemArr[POLICYITEM_TYPE.DENY.ordinal()], rangerPolicyItem.getAccesses());
                        removeAccesses(rangerPolicyItemArr[POLICYITEM_TYPE.ALLOW_EXCEPTIONS.ordinal()], rangerPolicyItem.getAccesses());
                        addPolicyItemForUser(rangerPolicyItemArr, POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal(), str, rangerPolicyItem);
                        break;
                    case DENY:
                        removeAccesses(rangerPolicyItemArr[POLICYITEM_TYPE.ALLOW.ordinal()], rangerPolicyItem.getAccesses());
                        addPolicyItemForUser(rangerPolicyItemArr, POLICYITEM_TYPE.ALLOW_EXCEPTIONS.ordinal(), str, rangerPolicyItem);
                        removeAccesses(rangerPolicyItemArr[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()], rangerPolicyItem.getAccesses());
                        break;
                    case ALLOW_EXCEPTIONS:
                        removeAccesses(rangerPolicyItemArr[POLICYITEM_TYPE.ALLOW.ordinal()], rangerPolicyItem.getAccesses());
                        break;
                    case DENY_EXCEPTIONS:
                        break;
                    default:
                        LOG.warn("Should not have come here..");
                        break;
                }
            }
        }
        for (RangerPolicy.RangerPolicyItem rangerPolicyItem2 : list) {
            for (String str2 : rangerPolicyItem2.getGroups()) {
                RangerPolicy.RangerPolicyItem[] rangerPolicyItemArr2 = map2.get(str2);
                if (rangerPolicyItemArr2 == null) {
                    rangerPolicyItemArr2 = new RangerPolicy.RangerPolicyItem[4];
                    map2.put(str2, rangerPolicyItemArr2);
                }
                addPolicyItemForGroup(rangerPolicyItemArr2, policyitem_type.ordinal(), str2, rangerPolicyItem2);
                switch (policyitem_type) {
                    case ALLOW:
                        removeAccesses(rangerPolicyItemArr2[POLICYITEM_TYPE.DENY.ordinal()], rangerPolicyItem2.getAccesses());
                        removeAccesses(rangerPolicyItemArr2[POLICYITEM_TYPE.ALLOW_EXCEPTIONS.ordinal()], rangerPolicyItem2.getAccesses());
                        addPolicyItemForGroup(rangerPolicyItemArr2, POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal(), str2, rangerPolicyItem2);
                        break;
                    case DENY:
                        removeAccesses(rangerPolicyItemArr2[POLICYITEM_TYPE.ALLOW.ordinal()], rangerPolicyItem2.getAccesses());
                        addPolicyItemForGroup(rangerPolicyItemArr2, POLICYITEM_TYPE.ALLOW_EXCEPTIONS.ordinal(), str2, rangerPolicyItem2);
                        removeAccesses(rangerPolicyItemArr2[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()], rangerPolicyItem2.getAccesses());
                        break;
                    case ALLOW_EXCEPTIONS:
                        removeAccesses(rangerPolicyItemArr2[POLICYITEM_TYPE.ALLOW.ordinal()], rangerPolicyItem2.getAccesses());
                        break;
                }
            }
        }
        for (RangerPolicy.RangerPolicyItem rangerPolicyItem3 : list) {
            for (String str3 : rangerPolicyItem3.getRoles()) {
                RangerPolicy.RangerPolicyItem[] rangerPolicyItemArr3 = map3.get(str3);
                if (rangerPolicyItemArr3 == null) {
                    rangerPolicyItemArr3 = new RangerPolicy.RangerPolicyItem[4];
                    map3.put(str3, rangerPolicyItemArr3);
                }
                addPolicyItemForRole(rangerPolicyItemArr3, policyitem_type.ordinal(), str3, rangerPolicyItem3);
                switch (policyitem_type) {
                    case ALLOW:
                        removeAccesses(rangerPolicyItemArr3[POLICYITEM_TYPE.DENY.ordinal()], rangerPolicyItem3.getAccesses());
                        removeAccesses(rangerPolicyItemArr3[POLICYITEM_TYPE.ALLOW_EXCEPTIONS.ordinal()], rangerPolicyItem3.getAccesses());
                        addPolicyItemForRole(rangerPolicyItemArr3, POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal(), str3, rangerPolicyItem3);
                        break;
                    case DENY:
                        removeAccesses(rangerPolicyItemArr3[POLICYITEM_TYPE.ALLOW.ordinal()], rangerPolicyItem3.getAccesses());
                        addPolicyItemForRole(rangerPolicyItemArr3, POLICYITEM_TYPE.ALLOW_EXCEPTIONS.ordinal(), str3, rangerPolicyItem3);
                        removeAccesses(rangerPolicyItemArr3[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()], rangerPolicyItem3.getAccesses());
                        break;
                    case ALLOW_EXCEPTIONS:
                        removeAccesses(rangerPolicyItemArr3[POLICYITEM_TYPE.ALLOW.ordinal()], rangerPolicyItem3.getAccesses());
                        break;
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.applyPolicyItems()");
        }
    }

    private static void mergePolicyItems(List<RangerPolicy.RangerPolicyItem> list, POLICYITEM_TYPE policyitem_type, Map<String, RangerPolicy.RangerPolicyItem[]> map, Map<String, RangerPolicy.RangerPolicyItem[]> map2) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.mergePolicyItems()");
        }
        for (RangerPolicy.RangerPolicyItem rangerPolicyItem : list) {
            for (String str : rangerPolicyItem.getUsers()) {
                RangerPolicy.RangerPolicyItem[] rangerPolicyItemArr = map.get(str);
                if (rangerPolicyItemArr == null) {
                    LOG.warn("Should not have come here..");
                    rangerPolicyItemArr = new RangerPolicy.RangerPolicyItem[4];
                    map.put(str, rangerPolicyItemArr);
                }
                addPolicyItemForUser(rangerPolicyItemArr, policyitem_type.ordinal(), str, rangerPolicyItem);
            }
        }
        for (RangerPolicy.RangerPolicyItem rangerPolicyItem2 : list) {
            for (String str2 : rangerPolicyItem2.getGroups()) {
                RangerPolicy.RangerPolicyItem[] rangerPolicyItemArr2 = map2.get(str2);
                if (rangerPolicyItemArr2 == null) {
                    rangerPolicyItemArr2 = new RangerPolicy.RangerPolicyItem[4];
                    map2.put(str2, rangerPolicyItemArr2);
                }
                addPolicyItemForGroup(rangerPolicyItemArr2, policyitem_type.ordinal(), str2, rangerPolicyItem2);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.mergePolicyItems()");
        }
    }

    private static void mergeProcessedPolicyItems(RangerPolicy rangerPolicy, Map<String, RangerPolicy.RangerPolicyItem[]> map, Map<String, RangerPolicy.RangerPolicyItem[]> map2, Map<String, RangerPolicy.RangerPolicyItem[]> map3) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.mergeProcessedPolicyItems()");
        }
        Iterator<Map.Entry<String, RangerPolicy.RangerPolicyItem[]>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            RangerPolicy.RangerPolicyItem[] value = it.next().getValue();
            RangerPolicy.RangerPolicyItem rangerPolicyItem = value[POLICYITEM_TYPE.ALLOW.ordinal()];
            if (rangerPolicyItem != null) {
                rangerPolicy.getPolicyItems().add(rangerPolicyItem);
            }
            RangerPolicy.RangerPolicyItem rangerPolicyItem2 = value[POLICYITEM_TYPE.DENY.ordinal()];
            if (rangerPolicyItem2 != null) {
                rangerPolicy.getDenyPolicyItems().add(rangerPolicyItem2);
            }
            RangerPolicy.RangerPolicyItem rangerPolicyItem3 = value[POLICYITEM_TYPE.ALLOW_EXCEPTIONS.ordinal()];
            if (rangerPolicyItem3 != null) {
                rangerPolicy.getAllowExceptions().add(rangerPolicyItem3);
            }
            RangerPolicy.RangerPolicyItem rangerPolicyItem4 = value[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()];
            if (rangerPolicyItem4 != null) {
                rangerPolicy.getDenyExceptions().add(rangerPolicyItem4);
            }
        }
        Iterator<Map.Entry<String, RangerPolicy.RangerPolicyItem[]>> it2 = map2.entrySet().iterator();
        while (it2.hasNext()) {
            RangerPolicy.RangerPolicyItem[] value2 = it2.next().getValue();
            RangerPolicy.RangerPolicyItem rangerPolicyItem5 = value2[POLICYITEM_TYPE.ALLOW.ordinal()];
            if (rangerPolicyItem5 != null) {
                rangerPolicy.getPolicyItems().add(rangerPolicyItem5);
            }
            RangerPolicy.RangerPolicyItem rangerPolicyItem6 = value2[POLICYITEM_TYPE.DENY.ordinal()];
            if (rangerPolicyItem6 != null) {
                rangerPolicy.getDenyPolicyItems().add(rangerPolicyItem6);
            }
            RangerPolicy.RangerPolicyItem rangerPolicyItem7 = value2[POLICYITEM_TYPE.ALLOW_EXCEPTIONS.ordinal()];
            if (rangerPolicyItem7 != null) {
                rangerPolicy.getAllowExceptions().add(rangerPolicyItem7);
            }
            RangerPolicy.RangerPolicyItem rangerPolicyItem8 = value2[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()];
            if (rangerPolicyItem8 != null) {
                rangerPolicy.getDenyExceptions().add(rangerPolicyItem8);
            }
        }
        Iterator<Map.Entry<String, RangerPolicy.RangerPolicyItem[]>> it3 = map3.entrySet().iterator();
        while (it3.hasNext()) {
            RangerPolicy.RangerPolicyItem[] value3 = it3.next().getValue();
            RangerPolicy.RangerPolicyItem rangerPolicyItem9 = value3[POLICYITEM_TYPE.ALLOW.ordinal()];
            if (rangerPolicyItem9 != null) {
                rangerPolicy.getPolicyItems().add(rangerPolicyItem9);
            }
            RangerPolicy.RangerPolicyItem rangerPolicyItem10 = value3[POLICYITEM_TYPE.DENY.ordinal()];
            if (rangerPolicyItem10 != null) {
                rangerPolicy.getDenyPolicyItems().add(rangerPolicyItem10);
            }
            RangerPolicy.RangerPolicyItem rangerPolicyItem11 = value3[POLICYITEM_TYPE.ALLOW_EXCEPTIONS.ordinal()];
            if (rangerPolicyItem11 != null) {
                rangerPolicy.getAllowExceptions().add(rangerPolicyItem11);
            }
            RangerPolicy.RangerPolicyItem rangerPolicyItem12 = value3[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()];
            if (rangerPolicyItem12 != null) {
                rangerPolicy.getDenyExceptions().add(rangerPolicyItem12);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.mergeProcessedPolicyItems()");
        }
    }

    private static boolean addAccesses(RangerPolicy.RangerPolicyItem rangerPolicyItem, List<RangerPolicy.RangerPolicyItemAccess> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.addAccesses()");
        }
        boolean z = false;
        Iterator<RangerPolicy.RangerPolicyItemAccess> it = list.iterator();
        while (it.hasNext()) {
            RangerPolicy.RangerPolicyItemAccess rangerPolicyItemAccess = null;
            String type = it.next().getType();
            Iterator<RangerPolicy.RangerPolicyItemAccess> it2 = rangerPolicyItem.getAccesses().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                RangerPolicy.RangerPolicyItemAccess next = it2.next();
                if (StringUtils.equals(next.getType(), type)) {
                    rangerPolicyItemAccess = next;
                    break;
                }
            }
            if (rangerPolicyItemAccess == null) {
                rangerPolicyItem.getAccesses().add(new RangerPolicy.RangerPolicyItemAccess(type, Boolean.TRUE));
                z = true;
            } else if (!rangerPolicyItemAccess.getIsAllowed().booleanValue()) {
                rangerPolicyItemAccess.setIsAllowed(Boolean.TRUE);
                z = true;
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.addAccesses() " + z);
        }
        return z;
    }

    private static boolean removeAccesses(RangerPolicy.RangerPolicyItem rangerPolicyItem, List<RangerPolicy.RangerPolicyItemAccess> list) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.removeAccesses()");
        }
        boolean z = false;
        if (rangerPolicyItem != null) {
            Iterator<RangerPolicy.RangerPolicyItemAccess> it = list.iterator();
            while (it.hasNext()) {
                String type = it.next().getType();
                int size = rangerPolicyItem.getAccesses().size();
                int i = 0;
                while (i < size) {
                    if (StringUtils.equals(rangerPolicyItem.getAccesses().get(i).getType(), type)) {
                        rangerPolicyItem.getAccesses().remove(i);
                        size--;
                        i--;
                        z = true;
                    }
                    i++;
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.removeAccesses() " + z);
        }
        return z;
    }

    private static void compactPolicy(RangerPolicy rangerPolicy) {
        rangerPolicy.setPolicyItems(mergePolicyItems(rangerPolicy.getPolicyItems()));
        rangerPolicy.setDenyPolicyItems(mergePolicyItems(rangerPolicy.getDenyPolicyItems()));
        rangerPolicy.setAllowExceptions(mergePolicyItems(rangerPolicy.getAllowExceptions()));
        rangerPolicy.setDenyExceptions(mergePolicyItems(rangerPolicy.getDenyExceptions()));
    }

    private static List<RangerPolicy.RangerPolicyItem> mergePolicyItems(List<RangerPolicy.RangerPolicyItem> list) {
        ArrayList arrayList = new ArrayList();
        if (CollectionUtils.isNotEmpty(list)) {
            HashMap hashMap = new HashMap();
            for (RangerPolicy.RangerPolicyItem rangerPolicyItem : list) {
                if (!CollectionUtils.isEmpty(rangerPolicyItem.getUsers()) || !CollectionUtils.isEmpty(rangerPolicyItem.getGroups()) || !CollectionUtils.isEmpty(rangerPolicyItem.getRoles())) {
                    if (!CollectionUtils.isEmpty(rangerPolicyItem.getAccesses()) || rangerPolicyItem.getDelegateAdmin().booleanValue()) {
                        if (rangerPolicyItem.getConditions().size() > 1) {
                            arrayList.add(rangerPolicyItem);
                        } else {
                            TreeSet treeSet = new TreeSet();
                            Iterator<RangerPolicy.RangerPolicyItemAccess> it = rangerPolicyItem.getAccesses().iterator();
                            while (it.hasNext()) {
                                treeSet.add(it.next().getType());
                            }
                            if (rangerPolicyItem.getDelegateAdmin().booleanValue()) {
                                treeSet.add("delegateAdmin");
                            }
                            String treeSet2 = treeSet.toString();
                            RangerPolicy.RangerPolicyItem rangerPolicyItem2 = (RangerPolicy.RangerPolicyItem) hashMap.get(treeSet2);
                            if (rangerPolicyItem2 != null) {
                                addDistinctItems(rangerPolicyItem.getUsers(), rangerPolicyItem2.getUsers());
                                addDistinctItems(rangerPolicyItem.getGroups(), rangerPolicyItem2.getGroups());
                                addDistinctItems(rangerPolicyItem.getRoles(), rangerPolicyItem2.getRoles());
                            } else {
                                hashMap.put(treeSet2, rangerPolicyItem);
                            }
                        }
                    }
                }
            }
            Iterator it2 = hashMap.entrySet().iterator();
            while (it2.hasNext()) {
                arrayList.add(((Map.Entry) it2.next()).getValue());
            }
        }
        return arrayList;
    }

    static void addPolicyItemForUser(RangerPolicy.RangerPolicyItem[] rangerPolicyItemArr, int i, String str, RangerPolicy.RangerPolicyItem rangerPolicyItem) {
        if (rangerPolicyItemArr[i] == null) {
            RangerPolicy.RangerPolicyItem rangerPolicyItem2 = new RangerPolicy.RangerPolicyItem();
            rangerPolicyItem2.getUsers().add(str);
            rangerPolicyItemArr[i] = rangerPolicyItem2;
        }
        addAccesses(rangerPolicyItemArr[i], rangerPolicyItem.getAccesses());
        if (rangerPolicyItem.getDelegateAdmin().booleanValue()) {
            rangerPolicyItemArr[i].setDelegateAdmin(Boolean.TRUE);
        }
    }

    static void addPolicyItemForGroup(RangerPolicy.RangerPolicyItem[] rangerPolicyItemArr, int i, String str, RangerPolicy.RangerPolicyItem rangerPolicyItem) {
        if (rangerPolicyItemArr[i] == null) {
            RangerPolicy.RangerPolicyItem rangerPolicyItem2 = new RangerPolicy.RangerPolicyItem();
            rangerPolicyItem2.getGroups().add(str);
            rangerPolicyItemArr[i] = rangerPolicyItem2;
        }
        addAccesses(rangerPolicyItemArr[i], rangerPolicyItem.getAccesses());
        if (rangerPolicyItem.getDelegateAdmin().booleanValue()) {
            rangerPolicyItemArr[i].setDelegateAdmin(Boolean.TRUE);
        }
    }

    static void addPolicyItemForRole(RangerPolicy.RangerPolicyItem[] rangerPolicyItemArr, int i, String str, RangerPolicy.RangerPolicyItem rangerPolicyItem) {
        if (rangerPolicyItemArr[i] == null) {
            RangerPolicy.RangerPolicyItem rangerPolicyItem2 = new RangerPolicy.RangerPolicyItem();
            rangerPolicyItem2.getRoles().add(str);
            rangerPolicyItemArr[i] = rangerPolicyItem2;
        }
        addAccesses(rangerPolicyItemArr[i], rangerPolicyItem.getAccesses());
        if (rangerPolicyItem.getDelegateAdmin().booleanValue()) {
            rangerPolicyItemArr[i].setDelegateAdmin(Boolean.TRUE);
        }
    }

    private static void addDistinctItems(List<String> list, List<String> list2) {
        for (String str : list) {
            if (!list2.contains(str)) {
                list2.add(str);
            }
        }
    }

    private static boolean removeUsersGroupsAndRolesFromPolicy(RangerPolicy rangerPolicy, Set<String> set, Set<String> set2, Set<String> set3) {
        boolean z = false;
        List<RangerPolicy.RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
        int size = policyItems.size();
        int i = 0;
        while (i < size) {
            RangerPolicy.RangerPolicyItem rangerPolicyItem = policyItems.get(i);
            if (CollectionUtils.containsAny(rangerPolicyItem.getUsers(), set)) {
                rangerPolicyItem.getUsers().removeAll(set);
                z = true;
            }
            if (CollectionUtils.containsAny(rangerPolicyItem.getGroups(), set2)) {
                rangerPolicyItem.getGroups().removeAll(set2);
                z = true;
            }
            if (CollectionUtils.containsAny(rangerPolicyItem.getRoles(), set3)) {
                rangerPolicyItem.getRoles().removeAll(set3);
                z = true;
            }
            if (CollectionUtils.isEmpty(rangerPolicyItem.getUsers()) && CollectionUtils.isEmpty(rangerPolicyItem.getGroups()) && CollectionUtils.isEmpty(rangerPolicyItem.getRoles())) {
                policyItems.remove(i);
                size--;
                i--;
                z = true;
            }
            i++;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean containsRangerCondition(RangerPolicy rangerPolicy) {
        boolean z = false;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ServiceRESTUtil.containsRangerCondition(" + rangerPolicy + DefaultExpressionEngineSymbols.DEFAULT_INDEX_END);
        }
        if (rangerPolicy != null) {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(rangerPolicy.getPolicyItems());
            arrayList.addAll(rangerPolicy.getDenyPolicyItems());
            arrayList.addAll(rangerPolicy.getAllowExceptions());
            arrayList.addAll(rangerPolicy.getDenyExceptions());
            Iterator it = arrayList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (!((RangerPolicy.RangerPolicyItem) it.next()).getConditions().isEmpty()) {
                    z = true;
                    break;
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== ServiceRESTUtil.containsRangerCondition(" + rangerPolicy + "): " + z);
        }
        return z;
    }
}
