package org.apache.sentry.provider.db.generic.tools;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.google.common.collect.Table;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.sentry.core.common.exception.SentryConfigurationException;
import org.apache.sentry.core.common.utils.KeyValue;
import org.apache.sentry.core.common.utils.SentryConstants;
import org.apache.sentry.core.model.search.SearchPrivilegeModel;
import org.apache.sentry.provider.common.ProviderBackend;
import org.apache.sentry.provider.common.ProviderBackendContext;
import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory;
import org.apache.sentry.provider.file.SimpleFileProviderBackend;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.class */
public class SentryConfigToolSolr extends SentryConfigToolCommon {
    private static final Logger LOGGER = LoggerFactory.getLogger(SentryConfigToolSolr.class);
    public static final String SOLR_SERVICE_NAME = "sentry.service.client.solr.service.name";

    @Override // org.apache.sentry.provider.db.generic.tools.SentryConfigToolCommon
    public void run() throws Exception {
        Configuration sentryConf = getSentryConf();
        convertINIToSentryServiceCmds("SOLR", sentryConf.get("sentry.service.client.solr.service.name", "service1"), UserGroupInformation.getLoginUser().getShortUserName(), sentryConf, SentryGenericServiceClientFactory.create(sentryConf), getPolicyFile(), getValidate(), getImportPolicy(), getCheckCompat());
    }

    private Configuration getSentryConf() {
        Configuration configuration = new Configuration();
        configuration.addResource(new Path(getConfPath()));
        return configuration;
    }

    private void convertINIToSentryServiceCmds(String str, String str2, String str3, Configuration configuration, SentryGenericServiceClient sentryGenericServiceClient, String str4, boolean z, boolean z2, boolean z3) throws Exception {
        LOGGER.info("Reading policy file at: " + str4);
        SimpleFileProviderBackend simpleFileProviderBackend = new SimpleFileProviderBackend(configuration, str4);
        ProviderBackendContext providerBackendContext = new ProviderBackendContext();
        providerBackendContext.setValidators(SearchPrivilegeModel.getInstance().getPrivilegeValidators());
        simpleFileProviderBackend.initialize(providerBackendContext);
        if (z) {
            validatePolicy(simpleFileProviderBackend);
        }
        if (z3) {
            checkCompat(simpleFileProviderBackend);
        }
        HashSet newHashSet = Sets.newHashSet();
        Table groupRolePrivilegeTable = simpleFileProviderBackend.getGroupRolePrivilegeTable();
        SolrTSentryPrivilegeConverter solrTSentryPrivilegeConverter = new SolrTSentryPrivilegeConverter(str, str2, false);
        for (String str5 : groupRolePrivilegeTable.rowKeySet()) {
            for (String str6 : groupRolePrivilegeTable.columnKeySet()) {
                if (!newHashSet.contains(str6)) {
                    LOGGER.info(dryRunMessage(z2) + "Creating role: " + str6.toLowerCase(Locale.US));
                    if (z2) {
                        sentryGenericServiceClient.createRoleIfNotExist(str3, str6, str);
                    }
                    newHashSet.add(str6);
                }
                Set<String> set = (Set) groupRolePrivilegeTable.get(str5, str6);
                if (set != null) {
                    LOGGER.info(dryRunMessage(z2) + "Adding role: " + str6.toLowerCase(Locale.US) + " to group: " + str5);
                    if (z2) {
                        sentryGenericServiceClient.addRoleToGroups(str3, str6, str, Sets.newHashSet(new String[]{str5}));
                    }
                    for (String str7 : set) {
                        String str8 = null;
                        Iterator it = SentryConstants.AUTHORIZABLE_SPLITTER.trimResults().split(str7).iterator();
                        while (it.hasNext()) {
                            KeyValue keyValue = new KeyValue((String) it.next());
                            String key = keyValue.getKey();
                            String value = keyValue.getValue();
                            if ("action".equalsIgnoreCase(key)) {
                                str8 = value;
                            }
                        }
                        if (str8 == null) {
                            str7 = str7 + "->action=*";
                        }
                        LOGGER.info(dryRunMessage(z2) + "Adding permission: " + str7 + " to role: " + str6.toLowerCase(Locale.US));
                        if (z2) {
                            sentryGenericServiceClient.grantPrivilege(str3, str6, str, solrTSentryPrivilegeConverter.fromString(str7));
                        }
                    }
                }
            }
        }
    }

    private void validatePolicy(ProviderBackend providerBackend) throws Exception {
        try {
            providerBackend.validatePolicy(true);
        } catch (SentryConfigurationException e) {
            printConfigErrorsWarnings(e);
            throw e;
        }
    }

    private void printConfigErrorsWarnings(SentryConfigurationException sentryConfigurationException) {
        System.out.println(" *** Found configuration problems *** ");
        Iterator it = sentryConfigurationException.getConfigErrors().iterator();
        while (it.hasNext()) {
            System.out.println("ERROR: " + ((String) it.next()));
        }
        Iterator it2 = sentryConfigurationException.getConfigWarnings().iterator();
        while (it2.hasNext()) {
            System.out.println("Warning: " + ((String) it2.next()));
        }
    }

    private void checkCompat(SimpleFileProviderBackend simpleFileProviderBackend) throws Exception {
        HashMap hashMap = new HashMap();
        for (String str : simpleFileProviderBackend.getGroupRolePrivilegeTable().columnKeySet()) {
            String lowerCase = str.toLowerCase(Locale.US);
            if (!str.equals(lowerCase)) {
                if (hashMap.containsKey(lowerCase)) {
                    ((Set) hashMap.get(lowerCase)).add(str);
                } else {
                    hashMap.put(lowerCase, Sets.newHashSet(new String[]{str}));
                }
            }
        }
        LinkedList linkedList = new LinkedList();
        StringBuilder sb = new StringBuilder();
        if (!hashMap.isEmpty()) {
            sb.append("The following roles names will be lower cased when added to the Sentry Service.\n");
            sb.append("This will cause document-level security to fail to match the role tokens.\n");
            sb.append("Role names: ");
        }
        boolean z = true;
        for (Map.Entry entry : hashMap.entrySet()) {
            Set<String> set = (Set) entry.getValue();
            if (set.size() > 1) {
                StringBuilder sb2 = new StringBuilder();
                sb2.append("The following (cased) roles map to the same role in the sentry service: ");
                boolean z2 = true;
                for (String str2 : set) {
                    sb2.append(z2 ? "" : ", ");
                    sb2.append(str2);
                    z2 = false;
                }
                sb2.append(".  Role in service: ").append((String) entry.getKey());
                linkedList.add(sb2.toString());
            }
            for (String str3 : set) {
                sb.append(z ? "" : ", ");
                sb.append(str3);
                z = false;
            }
        }
        Iterator it = linkedList.iterator();
        while (it.hasNext()) {
            System.out.println("ERROR: " + ((String) it.next()));
        }
        System.out.println("\n");
        System.out.println("Warning: " + sb.toString());
        if (linkedList.size() > 0) {
            SentryConfigurationException sentryConfigurationException = new SentryConfigurationException("Compatibility check failure");
            sentryConfigurationException.setConfigErrors(linkedList);
            sentryConfigurationException.setConfigWarnings(Lists.asList(sb.toString(), new String[0]));
            throw sentryConfigurationException;
        }
    }

    private String dryRunMessage(boolean z) {
        return z ? "" : "[Dry Run] ";
    }

    public static void main(String[] strArr) throws Exception {
        Throwable th;
        try {
            new SentryConfigToolSolr().executeConfigTool(strArr);
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            Throwable th2 = e;
            while (true) {
                th = th2;
                if (th == null || th.getMessage() != null) {
                    break;
                } else {
                    th2 = th.getCause();
                }
            }
            String str = "";
            if (th != null && th.getMessage() != null) {
                str = "Message: " + th.getMessage();
            }
            System.out.println("The operation failed. " + str);
            System.exit(1);
        }
    }
}
