package com.aliyun.odps.security;

import com.aliyun.odps.OdpsException;
import com.aliyun.odps.commons.transport.Headers;
import com.aliyun.odps.commons.transport.Params;
import com.aliyun.odps.commons.transport.Response;
import com.aliyun.odps.rest.ResourceBuilder;
import com.aliyun.odps.rest.RestClient;
import com.aliyun.odps.rest.SimpleXmlUtils;
import com.aliyun.odps.security.CheckPermissionConstants;
import com.aliyun.odps.security.Role;
import com.aliyun.odps.security.User;
import com.aliyun.odps.simpleframework.xml.Element;
import com.aliyun.odps.simpleframework.xml.ElementList;
import com.aliyun.odps.simpleframework.xml.Root;
import com.aliyun.odps.simpleframework.xml.convert.Convert;
import com.aliyun.odps.tunnel.TunnelConstants;
import com.aliyun.odps.utils.GsonObjectBuilder;
import com.aliyun.odps.utils.OdpsConstants;
import com.aliyun.odps.utils.StringUtils;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import io.netty.handler.codec.http.HttpHeaders;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;

/* loaded from: input_file:com/aliyun/odps/security/SecurityManager.class */
public class SecurityManager {
    private String project;
    private RestClient client;
    private SecurityConfiguration securityConfigration = null;

    /* loaded from: input_file:com/aliyun/odps/security/SecurityManager$AuthorizationQueryInstance.class */
    public static class AuthorizationQueryInstance {
        private String queryResult;
        private String instanceId;
        private String projectName;
        private RestClient client;
        private boolean isSync;

        public AuthorizationQueryInstance(String str) {
            this.queryResult = str;
            this.isSync = true;
        }

        public AuthorizationQueryInstance(String str, String str2, SecurityManager securityManager) {
            if (StringUtils.isNullOrEmpty(str) || StringUtils.isNullOrEmpty(str2)) {
                throw new IllegalArgumentException("Arguments: project and instance id cannot be null or empty.");
            }
            this.projectName = str;
            this.instanceId = str2;
            this.client = securityManager.client;
            this.isSync = false;
        }

        public String getId() {
            if (this.isSync) {
                return null;
            }
            return this.instanceId;
        }

        public boolean isSync() {
            return this.isSync;
        }

        public String waitForSuccess() throws OdpsException {
            return waitForSuccess(1000L);
        }

        public String waitForSuccess(long j) throws OdpsException {
            if (this.isSync) {
                return this.queryResult;
            }
            while (!isTerminated()) {
                try {
                    Thread.sleep(j);
                } catch (InterruptedException e) {
                    throw new OdpsException(e);
                }
            }
            AuthorizationQueryStatusModel model = getModel();
            if (model.getStatus() == AuthorizationQueryStatus.TERMINATED) {
                return model.getResult();
            }
            throw new OdpsException("Authorization query failed: " + model.getResult());
        }

        private AuthorizationQueryStatusModel getModel() throws OdpsException {
            return (AuthorizationQueryStatusModel) this.client.request(AuthorizationQueryStatusModel.class, ResourceBuilder.buildProjectAuthorizationInstanceResource(this.projectName, this.instanceId), "GET", (Map<String, String>) null, (Map<String, String>) null, (byte[]) null);
        }

        public boolean isTerminated() throws OdpsException {
            return getStatus() != AuthorizationQueryStatus.RUNNING;
        }

        public AuthorizationQueryStatus getStatus() throws OdpsException {
            return !this.isSync ? getModel().getStatus() : AuthorizationQueryStatus.TERMINATED;
        }

        public String getResult() throws OdpsException {
            if (!this.isSync) {
                this.queryResult = getModel().getResult();
            }
            return this.queryResult;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Root(name = "Authorization", strict = false)
    /* loaded from: input_file:com/aliyun/odps/security/SecurityManager$AuthorizationQueryRequest.class */
    public static class AuthorizationQueryRequest {

        @Convert(SimpleXmlUtils.EmptyStringConverter.class)
        @Element(name = "Query", required = false)
        private String query;

        @Element(name = "ResponseInJsonFormat", required = false)
        private boolean responseInJsonFormat;

        @Element(name = "Settings", required = false)
        private String settings;

        public AuthorizationQueryRequest() {
            this.query = "";
            this.responseInJsonFormat = true;
        }

        public AuthorizationQueryRequest(String str, boolean z) {
            this.query = str;
            this.responseInJsonFormat = z;
        }

        public AuthorizationQueryRequest(String str, boolean z, String str2) {
            this.query = str;
            this.responseInJsonFormat = z;
            this.settings = str2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Root(name = "Authorization", strict = false)
    /* loaded from: input_file:com/aliyun/odps/security/SecurityManager$AuthorizationQueryResponse.class */
    public static class AuthorizationQueryResponse {

        @Convert(SimpleXmlUtils.EmptyStringConverter.class)
        @Element(name = "Result", required = false)
        private String result;

        AuthorizationQueryResponse() {
        }

        public static AuthorizationQueryResponse from(byte[] bArr) {
            if (bArr == null) {
                return null;
            }
            return fromXml(bArr);
        }

        private static AuthorizationQueryResponse fromXml(byte[] bArr) {
            try {
                return (AuthorizationQueryResponse) SimpleXmlUtils.unmarshal(bArr, AuthorizationQueryResponse.class);
            } catch (Exception e) {
                return null;
            }
        }

        public String getResult() {
            return this.result;
        }
    }

    /* loaded from: input_file:com/aliyun/odps/security/SecurityManager$AuthorizationQueryStatus.class */
    public enum AuthorizationQueryStatus {
        TERMINATED,
        RUNNING,
        FAILED
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Root(name = "AuthorizationQuery", strict = false)
    /* loaded from: input_file:com/aliyun/odps/security/SecurityManager$AuthorizationQueryStatusModel.class */
    public static class AuthorizationQueryStatusModel {

        @Convert(SimpleXmlUtils.EmptyStringConverter.class)
        @Element(name = "Result", required = false)
        private String result;

        @Convert(SimpleXmlUtils.EmptyStringConverter.class)
        @Element(name = "Status", required = false)
        private String status;

        private AuthorizationQueryStatusModel() {
        }

        public String getResult() {
            return this.result;
        }

        public AuthorizationQueryStatus getStatus() throws OdpsException {
            if (StringUtils.isNullOrEmpty(this.status)) {
                throw new IllegalArgumentException("Cannot get authorization query status.");
            }
            try {
                return AuthorizationQueryStatus.valueOf(this.status.toUpperCase());
            } catch (IllegalArgumentException e) {
                throw new OdpsException("Unknown authorization query status: " + this.status);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Root(name = "Auth", strict = false)
    /* loaded from: input_file:com/aliyun/odps/security/SecurityManager$CheckPermissionResponse.class */
    public static class CheckPermissionResponse {

        @Convert(SimpleXmlUtils.EmptyStringConverter.class)
        @Element(name = "Result", required = false)
        private String result;

        @Convert(SimpleXmlUtils.EmptyStringConverter.class)
        @Element(name = "Message", required = false)
        private String message;

        private CheckPermissionResponse() {
        }

        public String getResult() {
            return this.result;
        }

        public String getMessage() {
            return this.message;
        }
    }

    /* loaded from: input_file:com/aliyun/odps/security/SecurityManager$CheckPermissionResultInfo.class */
    public static class CheckPermissionResultInfo {
        public CheckPermissionConstants.CheckPermissionResult result;
        public String message;

        public CheckPermissionResultInfo(CheckPermissionConstants.CheckPermissionResult checkPermissionResult, String str) {
            this.result = (CheckPermissionConstants.CheckPermissionResult) Objects.requireNonNull(checkPermissionResult);
            this.message = str;
        }

        public CheckPermissionConstants.CheckPermissionResult getResult() {
            return this.result;
        }

        public String getMessage() {
            return this.message;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Root(name = "Roles", strict = false)
    /* loaded from: input_file:com/aliyun/odps/security/SecurityManager$ListRolesResponse.class */
    public static class ListRolesResponse {

        @ElementList(entry = "Role", inline = true, required = false)
        private List<Role.RoleModel> roles = new ArrayList();

        private ListRolesResponse() {
        }
    }

    @Root(name = "Users", strict = false)
    /* loaded from: input_file:com/aliyun/odps/security/SecurityManager$ListUsersResponse.class */
    private static class ListUsersResponse {

        @ElementList(entry = "User", inline = true, required = false)
        private List<User.UserModel> users = new ArrayList();

        private ListUsersResponse() {
        }
    }

    /* loaded from: input_file:com/aliyun/odps/security/SecurityManager$PermissionDesc.class */
    public static class PermissionDesc {
        private String projectName;
        private String schemaName;
        private CheckPermissionConstants.ObjectType objectType;
        private String objectName;
        private CheckPermissionConstants.ActionType actionType;
        private Map<String, String> params;

        public PermissionDesc(String str, CheckPermissionConstants.ObjectType objectType, String str2, CheckPermissionConstants.ActionType actionType) {
            this(str, null, objectType, str2, actionType);
        }

        public PermissionDesc(String str, String str2, CheckPermissionConstants.ObjectType objectType, String str3, CheckPermissionConstants.ActionType actionType) {
            this.projectName = (String) Objects.requireNonNull(str);
            this.schemaName = str2;
            this.objectType = (CheckPermissionConstants.ObjectType) Objects.requireNonNull(objectType);
            this.objectName = (String) Objects.requireNonNull(str3);
            this.actionType = (CheckPermissionConstants.ActionType) Objects.requireNonNull(actionType);
            this.params = new HashMap();
        }

        public String getProjectName() {
            return this.projectName;
        }

        public String getSchemaName() {
            return this.schemaName;
        }

        public CheckPermissionConstants.ObjectType getObjectType() {
            return this.objectType;
        }

        public String getObjectName() {
            return this.objectName;
        }

        public CheckPermissionConstants.ActionType getActionType() {
            return this.actionType;
        }

        public Map<String, String> getParams() {
            return new HashMap(this.params);
        }

        public void setPrincipal(String str) {
            this.params.put("Principal", str);
        }

        public void setColumns(List<String> list) {
            this.params.put("odps:SelectColumns", GsonObjectBuilder.get().toJson(list));
        }

        public void addParam(String str, String str2) {
            this.params.put(str, str2);
        }

        private String buildResourceString(CheckPermissionConstants.ObjectType objectType, String str) {
            switch (objectType) {
                case Project:
                    return ResourceBuilder.buildProjectResource(this.projectName);
                case Table:
                    return ResourceBuilder.buildTableResource(this.projectName, str);
                case Function:
                    return ResourceBuilder.buildFunctionResource(this.projectName, str);
                case Instance:
                    return ResourceBuilder.buildInstanceResource(this.projectName, str);
                case Resource:
                    return ResourceBuilder.buildResourceResource(this.projectName, str);
                default:
                    throw new IllegalArgumentException("Unsupported object type");
            }
        }

        public String toJson() {
            JsonArray jsonArray = new JsonArray();
            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty("Action", this.actionType.name());
            String buildResourceString = buildResourceString(this.objectType, this.objectName);
            if (getSchemaName() != null) {
                buildResourceString = buildResourceString.substring(1);
            }
            jsonObject.addProperty("Resource", buildResourceString);
            for (Map.Entry<String, String> entry : this.params.entrySet()) {
                jsonObject.addProperty(entry.getKey(), entry.getValue());
            }
            jsonArray.add(jsonObject);
            return GsonObjectBuilder.get().toJson((JsonElement) jsonArray);
        }
    }

    public SecurityManager(String str, RestClient restClient) {
        this.project = str;
        this.client = restClient;
    }

    public SecurityConfiguration getSecurityConfiguration() {
        return getSecurityConfiguration(false);
    }

    public SecurityConfiguration getSecurityConfiguration(boolean z) {
        SecurityConfiguration securityConfiguration;
        if (z) {
            securityConfiguration = this.securityConfigration == null ? new SecurityConfiguration(this.project, this.client, true) : this.securityConfigration;
        } else {
            if (this.securityConfigration == null) {
                this.securityConfigration = new SecurityConfiguration(this.project, this.client, false);
            }
            securityConfiguration = this.securityConfigration;
        }
        return securityConfiguration;
    }

    public void setSecurityConfiguration(SecurityConfiguration securityConfiguration) throws OdpsException {
        securityConfiguration.update(null);
    }

    public void setSecurityConfiguration(SecurityConfiguration securityConfiguration, String str) throws OdpsException {
        securityConfiguration.update(str);
    }

    public String getProjectPolicy() throws OdpsException {
        String buildProjectResource = ResourceBuilder.buildProjectResource(this.project);
        HashMap hashMap = new HashMap();
        hashMap.put("policy", null);
        try {
            return new String(this.client.request(buildProjectResource, "GET", hashMap, null, null).getBody(), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new OdpsException("Can't parse response!", e);
        }
    }

    public void putProjectPolicy(String str) throws OdpsException {
        String buildProjectResource = ResourceBuilder.buildProjectResource(this.project);
        HashMap hashMap = new HashMap();
        hashMap.put("policy", null);
        this.client.stringRequest(buildProjectResource, "PUT", hashMap, null, str);
    }

    public String getSecurityPolicy() throws OdpsException {
        String buildProjectResource = ResourceBuilder.buildProjectResource(this.project);
        HashMap hashMap = new HashMap();
        hashMap.put("security_policy", null);
        try {
            return new String(this.client.request(buildProjectResource, "GET", hashMap, null, null).getBody(), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new OdpsException("Can't parse response!", e);
        }
    }

    public void putSecurityPolicy(String str) throws OdpsException {
        String buildProjectResource = ResourceBuilder.buildProjectResource(this.project);
        HashMap hashMap = new HashMap();
        hashMap.put("security_policy", null);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("Content-Type", HttpHeaders.Values.APPLICATION_JSON);
        this.client.stringRequest(buildProjectResource, "PUT", hashMap, hashMap2, str);
    }

    public String getRolePolicy(String str) throws OdpsException {
        String buildRoleResource = ResourceBuilder.buildRoleResource(this.project, str);
        HashMap hashMap = new HashMap();
        hashMap.put("policy", null);
        try {
            return new String(this.client.request(buildRoleResource, "GET", hashMap, null, null).getBody(), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new OdpsException("Can't parse response!", e);
        }
    }

    public void putRolePolicy(String str, String str2) throws OdpsException {
        String buildRoleResource = ResourceBuilder.buildRoleResource(this.project, str);
        HashMap hashMap = new HashMap();
        hashMap.put("policy", null);
        this.client.stringRequest(buildRoleResource, "PUT", hashMap, null, str2);
    }

    public User getUserById(String str) throws OdpsException {
        return new User((User.UserModel) this.client.request(User.UserModel.class, ResourceBuilder.buildUserResource(this.project, str), "GET"), this.project, this.client);
    }

    public User getUserByName(String str) throws OdpsException {
        String buildUserResource = ResourceBuilder.buildUserResource(this.project, str);
        HashMap hashMap = new HashMap();
        hashMap.put(TunnelConstants.TYPE, "displayname");
        return new User((User.UserModel) this.client.request(User.UserModel.class, buildUserResource, "GET", hashMap), this.project, this.client);
    }

    public List<User> listUsers() throws OdpsException {
        ListUsersResponse listUsersResponse = (ListUsersResponse) this.client.request(ListUsersResponse.class, ResourceBuilder.buildUsersResource(this.project), "GET");
        ArrayList arrayList = new ArrayList();
        Iterator it = listUsersResponse.users.iterator();
        while (it.hasNext()) {
            arrayList.add(new User((User.UserModel) it.next(), this.project, this.client));
        }
        return arrayList;
    }

    public List<Role> listRoles() throws OdpsException {
        ListRolesResponse listRolesResponse = (ListRolesResponse) this.client.request(ListRolesResponse.class, ResourceBuilder.buildRolesResource(this.project), "GET");
        ArrayList arrayList = new ArrayList();
        Iterator it = listRolesResponse.roles.iterator();
        while (it.hasNext()) {
            arrayList.add(new Role((Role.RoleModel) it.next(), this.project, this.client));
        }
        return arrayList;
    }

    @Deprecated
    public List<Role> listRolesForUser(String str) throws OdpsException {
        return listRolesForUserID(str);
    }

    public List<Role> listRolesForUserID(String str) throws OdpsException {
        return listRolesForUserInternal(str, null);
    }

    public List<Role> listRolesForUserName(String str) throws OdpsException {
        return listRolesForUserInternal(str, "displayname");
    }

    private List<Role> listRolesForUserInternal(String str, String str2) throws OdpsException {
        String buildUserResource = ResourceBuilder.buildUserResource(this.project, str);
        HashMap hashMap = new HashMap();
        hashMap.put("roles", null);
        if (!StringUtils.isNullOrEmpty(str2)) {
            hashMap.put(TunnelConstants.TYPE, str2);
        }
        ListRolesResponse listRolesResponse = (ListRolesResponse) this.client.request(ListRolesResponse.class, buildUserResource, "GET", hashMap, (Map<String, String>) null, (byte[]) null);
        ArrayList arrayList = new ArrayList();
        Iterator it = listRolesResponse.roles.iterator();
        while (it.hasNext()) {
            arrayList.add(new Role((Role.RoleModel) it.next(), this.project, this.client));
        }
        return arrayList;
    }

    public List<User> listUsersForRole(String str) throws OdpsException {
        String buildRoleResource = ResourceBuilder.buildRoleResource(this.project, str);
        HashMap hashMap = new HashMap();
        hashMap.put("users", null);
        ListUsersResponse listUsersResponse = (ListUsersResponse) this.client.request(ListUsersResponse.class, buildRoleResource, "GET", hashMap, (Map<String, String>) null, (byte[]) null);
        ArrayList arrayList = new ArrayList();
        Iterator it = listUsersResponse.users.iterator();
        while (it.hasNext()) {
            arrayList.add(new User((User.UserModel) it.next(), this.project, this.client));
        }
        return arrayList;
    }

    public CheckPermissionResultInfo checkPermission(PermissionDesc permissionDesc) throws OdpsException {
        String str = "/projects/" + ResourceBuilder.encodeObjectName(permissionDesc.projectName) + "/auth/";
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        if (permissionDesc.getSchemaName() != null) {
            hashMap2.put(Params.ODPS_SCHEMA_NAME, permissionDesc.getSchemaName());
        }
        hashMap.put("Content-Type", HttpHeaders.Values.APPLICATION_JSON);
        CheckPermissionResponse checkPermissionResponse = (CheckPermissionResponse) this.client.stringRequest(CheckPermissionResponse.class, str, "POST", hashMap2, hashMap, permissionDesc.toJson());
        return new CheckPermissionResultInfo(CheckPermissionConstants.CheckPermissionResult.valueOf(checkPermissionResponse.result), checkPermissionResponse.message);
    }

    @Deprecated
    public CheckPermissionConstants.CheckPermissionResult checkPermission(CheckPermissionConstants.ObjectType objectType, String str, CheckPermissionConstants.ActionType actionType, String str2, List<String> list) throws OdpsException {
        HashMap hashMap = new HashMap();
        hashMap.put(TunnelConstants.TYPE, objectType.toString());
        hashMap.put("name", str);
        hashMap.put("grantee", actionType.toString());
        if (list != null && !list.isEmpty()) {
            hashMap.put(TunnelConstants.RES_COLUMNS, StringUtils.join(list.toArray(), StringUtils.COMMA_STR));
        }
        return ((CheckPermissionResponse) this.client.request(CheckPermissionResponse.class, new StringBuilder().append("/projects/").append(ResourceBuilder.encodeObjectName(str2)).append("/auth/").toString(), "GET", hashMap, (Map<String, String>) null, (byte[]) null)).getResult().toUpperCase().equals("ALLOW") ? CheckPermissionConstants.CheckPermissionResult.Allow : CheckPermissionConstants.CheckPermissionResult.Deny;
    }

    @Deprecated
    public CheckPermissionConstants.CheckPermissionResult checkPermission(CheckPermissionConstants.ObjectType objectType, String str, CheckPermissionConstants.ActionType actionType, List<String> list) throws OdpsException {
        return checkPermission(objectType, str, actionType, this.project, list);
    }

    @Deprecated
    public CheckPermissionConstants.CheckPermissionResult checkPermission(CheckPermissionConstants.ObjectType objectType, String str, CheckPermissionConstants.ActionType actionType) throws OdpsException {
        return checkPermission(objectType, str, actionType, this.project);
    }

    @Deprecated
    public CheckPermissionConstants.CheckPermissionResult checkPermission(CheckPermissionConstants.ObjectType objectType, String str, CheckPermissionConstants.ActionType actionType, String str2) throws OdpsException {
        return checkPermission(objectType, str, actionType, str2, null);
    }

    public AuthorizationQueryInstance run(String str, Boolean bool) throws OdpsException {
        return run(str, bool, null);
    }

    public AuthorizationQueryInstance run(String str, Boolean bool, String str2) throws OdpsException {
        return run(str, bool, str2, null);
    }

    public AuthorizationQueryInstance run(String str, Boolean bool, String str2, Map<String, String> map) throws OdpsException {
        AuthorizationQueryRequest authorizationQueryRequest;
        String buildProjectSecurityManagerResource = ResourceBuilder.buildProjectSecurityManagerResource(this.project);
        if (map == null) {
            authorizationQueryRequest = new AuthorizationQueryRequest(str, bool.booleanValue());
        } else {
            if (!map.containsKey(OdpsConstants.ODPS_DEFAULT_SCHEMA)) {
                map.put(OdpsConstants.ODPS_DEFAULT_SCHEMA, this.client.getCurrentSchema());
            }
            authorizationQueryRequest = new AuthorizationQueryRequest(str, bool.booleanValue(), new GsonBuilder().create().toJson(map));
        }
        try {
            String marshal = SimpleXmlUtils.marshal(authorizationQueryRequest);
            HashMap hashMap = new HashMap();
            if (str2 != null) {
                hashMap.put(Headers.ODPS_SUPERVISION_TOKEN, str2);
            }
            hashMap.put("Content-Type", "application/xml");
            Response stringRequest = this.client.stringRequest(buildProjectSecurityManagerResource, "POST", null, hashMap, marshal);
            try {
                AuthorizationQueryResponse from = AuthorizationQueryResponse.from(stringRequest.getBody());
                return stringRequest.getStatus() == 200 ? new AuthorizationQueryInstance(from.getResult()) : new AuthorizationQueryInstance(this.project, from.getResult(), this);
            } catch (Exception e) {
                throw new OdpsException(e.getMessage(), e);
            }
        } catch (Exception e2) {
            throw new OdpsException(e2.getMessage(), e2);
        }
    }

    public String runQuery(String str, Boolean bool) throws OdpsException {
        return runQuery(str, bool, null);
    }

    public String runQuery(String str, Boolean bool, String str2) throws OdpsException {
        return run(str, bool, str2).waitForSuccess();
    }

    public String runQuery(String str, Boolean bool, String str2, Map<String, String> map) throws OdpsException {
        return run(str, bool, str2, map).waitForSuccess();
    }

    public String generateAuthorizationToken(String str, String str2) throws OdpsException {
        if (!"Bearer".equalsIgnoreCase(str2)) {
            throw new OdpsException("Unsupport token type" + str2);
        }
        String buildProjectSecurityManagerResource = ResourceBuilder.buildProjectSecurityManagerResource(this.project);
        HashMap hashMap = new HashMap();
        hashMap.put("Content-Type", HttpHeaders.Values.APPLICATION_JSON);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("sign_bearer_token", null);
        return ((AuthorizationQueryResponse) this.client.stringRequest(AuthorizationQueryResponse.class, buildProjectSecurityManagerResource, "POST", hashMap2, hashMap, str)).getResult();
    }
}
