package org.apache.storm.security.auth.authorizer;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.storm.Config;
import org.apache.storm.security.auth.ClientAuthUtils;
import org.apache.storm.security.auth.IAuthorizer;
import org.apache.storm.security.auth.IGroupMappingServiceProvider;
import org.apache.storm.security.auth.IPrincipalToLocal;
import org.apache.storm.security.auth.ReqContext;
import org.apache.storm.utils.ObjectReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/storm/security/auth/authorizer/SupervisorSimpleACLAuthorizer.class */
public class SupervisorSimpleACLAuthorizer implements IAuthorizer {
    private static final Logger LOG = LoggerFactory.getLogger(SupervisorSimpleACLAuthorizer.class);
    protected Set<String> topoCommands = new HashSet(Arrays.asList("getLocalAssignmentForStorm", "sendSupervisorWorkerHeartbeat"));
    protected Set<String> nimbusCommands = new HashSet(Arrays.asList("sendSupervisorAssignments"));
    protected Set<String> admins;
    protected Set<String> adminsGroups;
    protected Set<String> nimbus;
    protected IPrincipalToLocal ptol;
    protected IGroupMappingServiceProvider groupMappingServiceProvider;

    @Override // org.apache.storm.security.auth.IAuthorizer
    public void prepare(Map<String, Object> map) {
        this.admins = new HashSet();
        this.adminsGroups = new HashSet();
        this.nimbus = new HashSet();
        if (map.containsKey(Config.NIMBUS_ADMINS)) {
            this.admins.addAll((Collection) map.get(Config.NIMBUS_ADMINS));
        }
        if (map.containsKey(Config.NIMBUS_ADMINS_GROUPS)) {
            this.adminsGroups.addAll((Collection) map.get(Config.NIMBUS_ADMINS_GROUPS));
        }
        if (map.containsKey(Config.NIMBUS_DAEMON_USERS)) {
            this.nimbus.addAll((Collection) map.get(Config.NIMBUS_DAEMON_USERS));
        } else if (map.containsKey(Config.NIMBUS_SUPERVISOR_USERS)) {
            LOG.warn("{} is not set falling back to using {}.", Config.NIMBUS_DAEMON_USERS, Config.NIMBUS_SUPERVISOR_USERS);
            this.nimbus.addAll((Collection) map.get(Config.NIMBUS_SUPERVISOR_USERS));
        } else {
            LOG.error("Could not find {} things might now work correctly...", Config.NIMBUS_DAEMON_USERS);
        }
        this.ptol = ClientAuthUtils.getPrincipalToLocalPlugin(map);
        this.groupMappingServiceProvider = ClientAuthUtils.getGroupMappingServiceProviderPlugin(map);
    }

    @Override // org.apache.storm.security.auth.IAuthorizer
    public boolean permit(ReqContext reqContext, String str, Map<String, Object> map) {
        String name = reqContext.principal().getName();
        String local = this.ptol.toLocal(reqContext.principal());
        Set<String> hashSet = new HashSet();
        if (this.groupMappingServiceProvider != null) {
            try {
                hashSet = this.groupMappingServiceProvider.getGroups(local);
            } catch (IOException e) {
                LOG.warn("Error while trying to fetch user groups", e);
            }
        }
        if (this.admins.contains(name) || this.admins.contains(local) || checkUserGroupAllowed(hashSet, this.adminsGroups).booleanValue()) {
            return true;
        }
        return (this.nimbus.contains(name) || this.nimbus.contains(local)) ? this.nimbusCommands.contains(str) : this.topoCommands.contains(str) && map != null && checkTopoPermission(name, local, hashSet, map, Config.TOPOLOGY_USERS, Config.TOPOLOGY_GROUPS).booleanValue();
    }

    private Boolean checkTopoPermission(String str, String str2, Set<String> set, Map<String, Object> map, String str3, String str4) {
        HashSet hashSet = new HashSet();
        if (map.containsKey(str3)) {
            hashSet.addAll(ObjectReader.getStrings(map.get(str3)));
        }
        if (hashSet.contains(str) || hashSet.contains(str2)) {
            return true;
        }
        HashSet hashSet2 = new HashSet();
        if (map.containsKey(str4)) {
            hashSet2.addAll(ObjectReader.getStrings(map.get(str4)));
        }
        return checkUserGroupAllowed(set, hashSet2);
    }

    private Boolean checkUserGroupAllowed(Set<String> set, Set<String> set2) {
        if (set.size() > 0 && set2.size() > 0) {
            Iterator<String> it = set2.iterator();
            while (it.hasNext()) {
                if (set.contains(it.next())) {
                    return true;
                }
            }
        }
        return false;
    }
}
