package org.apache.storm.daemon.logviewer.utils;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.nio.file.FileSystems;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.Validate;
import org.apache.storm.security.auth.ClientAuthUtils;
import org.apache.storm.security.auth.IGroupMappingServiceProvider;
import org.apache.storm.security.auth.IPrincipalToLocal;
import org.apache.storm.utils.ObjectReader;
import org.apache.storm.utils.ServerConfigUtils;
import org.apache.storm.utils.Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/storm/daemon/logviewer/utils/ResourceAuthorizer.class */
public class ResourceAuthorizer {
    private static final Logger LOG = LoggerFactory.getLogger(ResourceAuthorizer.class);
    private final Map<String, Object> stormConf;
    private final IGroupMappingServiceProvider groupMappingServiceProvider;
    private final IPrincipalToLocal principalToLocal;

    /* loaded from: input_file:org/apache/storm/daemon/logviewer/utils/ResourceAuthorizer$LogUserGroupWhitelist.class */
    public static class LogUserGroupWhitelist {
        private Set<String> userWhitelist;
        private Set<String> groupWhitelist;

        public LogUserGroupWhitelist(Set<String> set, Set<String> set2) {
            this.userWhitelist = set;
            this.groupWhitelist = set2;
        }

        public Set<String> getUserWhitelist() {
            return this.userWhitelist;
        }

        public Set<String> getGroupWhitelist() {
            return this.groupWhitelist;
        }
    }

    public ResourceAuthorizer(Map<String, Object> map) {
        this.stormConf = map;
        this.groupMappingServiceProvider = ClientAuthUtils.getGroupMappingServiceProviderPlugin(map);
        this.principalToLocal = ClientAuthUtils.getPrincipalToLocalPlugin(map);
    }

    public boolean isUserAllowedToAccessFile(String str, String str2) {
        return !isLogviewerFilterConfigured() || isAuthorizedLogUser(str, str2);
    }

    public boolean isAuthorizedLogUser(String str, String str2) {
        Validate.isTrue(!str2.contains(".." + FileSystems.getDefault().getSeparator()));
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2)) {
            return false;
        }
        LogUserGroupWhitelist logUserGroupWhitelist = getLogUserGroupWhitelist(str2);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(ObjectReader.getStrings(this.stormConf.get("logs.users")));
        arrayList.addAll(ObjectReader.getStrings(this.stormConf.get("nimbus.admins")));
        if (logUserGroupWhitelist != null) {
            arrayList.addAll(logUserGroupWhitelist.getUserWhitelist());
        }
        ArrayList arrayList2 = new ArrayList();
        arrayList2.addAll(ObjectReader.getStrings(this.stormConf.get("logs.groups")));
        arrayList2.addAll(ObjectReader.getStrings(this.stormConf.get("nimbus.admins.groups")));
        if (logUserGroupWhitelist != null) {
            arrayList2.addAll(logUserGroupWhitelist.getGroupWhitelist());
        }
        String local = this.principalToLocal.toLocal(str);
        return arrayList.stream().anyMatch(str3 -> {
            return str3.equals(local);
        }) || Sets.intersection(getUserGroups(local), new HashSet(arrayList2)).size() > 0;
    }

    public LogUserGroupWhitelist getLogUserGroupWhitelist(String str) {
        Map map = (Map) Utils.readYamlFile(ServerConfigUtils.getLogMetaDataFile(str).getAbsolutePath());
        if (map == null) {
            return null;
        }
        List strings = ObjectReader.getStrings(map.get("logs.users"));
        List strings2 = ObjectReader.getStrings(map.get("logs.groups"));
        return new LogUserGroupWhitelist(strings.isEmpty() ? new HashSet() : new HashSet(strings), strings2.isEmpty() ? new HashSet() : new HashSet(strings2));
    }

    @VisibleForTesting
    Set<String> getUserGroups(String str) {
        try {
            return StringUtils.isEmpty(str) ? new HashSet() : this.groupMappingServiceProvider.getGroups(str);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private boolean isLogviewerFilterConfigured() {
        return StringUtils.isNotBlank(ObjectReader.getString(this.stormConf.get("logviewer.filter"), (String) null)) || StringUtils.isNotBlank(ObjectReader.getString(this.stormConf.get("ui.filter"), (String) null));
    }
}
