package org.apache.sentry.cli.tools;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Sets;
import com.google.common.collect.Table;
import com.google.common.collect.UnmodifiableIterator;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import org.apache.commons.cli.GnuParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.sentry.api.generic.thrift.SentryGenericServiceClient;
import org.apache.sentry.api.generic.thrift.SentryGenericServiceClientFactory;
import org.apache.sentry.api.generic.thrift.TSentryPrivilege;
import org.apache.sentry.api.generic.thrift.TSentryRole;
import org.apache.sentry.api.tools.GenericPrivilegeConverter;
import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.utils.PolicyFiles;
import org.apache.sentry.core.common.utils.Version;
import org.apache.sentry.policy.common.PrivilegeUtils;
import org.apache.sentry.provider.common.ProviderBackendContext;
import org.apache.sentry.provider.file.SimpleFileProviderBackend;
import org.apache.shiro.config.Ini;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/cli/tools/PermissionsMigrationToolCommon.class */
public abstract class PermissionsMigrationToolCommon {
    private static final Logger LOGGER = LoggerFactory.getLogger(PermissionsMigrationToolCommon.class);
    public static final String SOLR_SERVICE_NAME = "sentry.service.client.solr.service.name";
    private Version sourceVersion;
    private Optional<String> confPath = Optional.empty();
    private Optional<String> policyFile = Optional.empty();
    private Optional<String> outputFile = Optional.empty();
    private boolean dryRun = false;

    public final Version getSourceVersion() {
        return this.sourceVersion;
    }

    protected abstract String getComponent(Configuration configuration);

    protected abstract String getServiceName(Configuration configuration);

    protected abstract Collection<String> transformPrivileges(Collection<String> collection);

    protected boolean parseArgs(String[] strArr) {
        Options options = new Options();
        Option option = new Option("s", "source", true, "Source Sentry version");
        option.setRequired(true);
        options.addOption(option);
        Option option2 = new Option("c", "sentry_conf", true, "sentry-site.xml file path (only required in case of Sentry service)");
        option2.setRequired(false);
        options.addOption(option2);
        Option option3 = new Option("p", "policy_file", true, "sentry (source) policy file path (only in case of file based Sentry configuration)");
        option3.setRequired(false);
        options.addOption(option3);
        Option option4 = new Option("o", "output", true, "sentry (target) policy file path (only in case of file based Sentry configuration)");
        option4.setRequired(false);
        options.addOption(option4);
        Option option5 = new Option("d", "dry_run", false, "provides the output the migration for inspection without making actual configuration changes");
        option5.setRequired(false);
        options.addOption(option5);
        Option option6 = new Option("h", "help", false, SentryShellCommon.OPTION_DESC_HELP);
        option6.setRequired(false);
        options.addOption(option6);
        Options options2 = new Options();
        options2.addOption(option6);
        try {
            GnuParser gnuParser = new GnuParser();
            for (Option option7 : gnuParser.parse(options2, strArr, true).getOptions()) {
                if (option7.getOpt().equals("h")) {
                    usage(options);
                    return false;
                }
            }
            String str = null;
            for (Option option8 : gnuParser.parse(options, strArr).getOptions()) {
                if (option8.getOpt().equals("s")) {
                    str = option8.getValue();
                } else if (option8.getOpt().equals("c")) {
                    this.confPath = Optional.of(option8.getValue());
                } else if (option8.getOpt().equals("p")) {
                    this.policyFile = Optional.of(option8.getValue());
                } else if (option8.getOpt().equals("o")) {
                    this.outputFile = Optional.of(option8.getValue());
                } else if (option8.getOpt().equals("d")) {
                    this.dryRun = true;
                }
            }
            this.sourceVersion = Version.parse(str);
            if (!this.confPath.isPresent() && !this.policyFile.isPresent()) {
                System.out.println("Please select either file-based Sentry configuration (-p and -o flags) or Sentry service (-c flag) for migration.");
                usage(options);
                return false;
            }
            if (this.confPath.isPresent() && (this.policyFile.isPresent() || this.outputFile.isPresent())) {
                System.out.println("In order to migrate service based Sentry configuration, do not specify either -p or -o parameters");
                usage(options);
                return false;
            }
            if (this.confPath.isPresent() || !(this.policyFile.isPresent() ^ this.outputFile.isPresent())) {
                return true;
            }
            System.out.println("In order to migrate file based Sentry configuration, please make sure to specify both -p and -o parameters.");
            usage(options);
            return false;
        } catch (ParseException | java.text.ParseException e) {
            System.out.println(e.getMessage());
            usage(options);
            return false;
        }
    }

    private void usage(Options options) {
        new HelpFormatter().printHelp("sentryMigrationTool", options);
    }

    public void run() throws Exception {
        if (this.policyFile.isPresent()) {
            migratePolicyFile();
        } else {
            migrateSentryServiceConfig();
        }
    }

    private void migrateSentryServiceConfig() throws Exception {
        Configuration sentryConf = getSentryConf();
        String component = getComponent(sentryConf);
        String serviceName = getServiceName(sentryConf);
        GenericPrivilegeConverter genericPrivilegeConverter = new GenericPrivilegeConverter(component, serviceName, false);
        SentryGenericServiceClient create = SentryGenericServiceClientFactory.create(getSentryConf());
        Throwable th = null;
        try {
            try {
                String shortUserName = UserGroupInformation.getLoginUser().getShortUserName();
                for (TSentryRole tSentryRole : create.listAllRoles(shortUserName, component)) {
                    for (TSentryPrivilege tSentryPrivilege : create.listAllPrivilegesByRoleName(shortUserName, tSentryRole.getRoleName(), component, serviceName)) {
                        String genericPrivilegeConverter2 = genericPrivilegeConverter.toString(tSentryPrivilege);
                        Set singleton = Collections.singleton(genericPrivilegeConverter2);
                        Collection<String> transformPrivileges = transformPrivileges(singleton);
                        if (!transformPrivileges.isEmpty()) {
                            LOGGER.info("{} For role {} migrating privileges from {} to {}", new Object[]{getDryRunMessage(), tSentryRole.getRoleName(), singleton, transformPrivileges});
                            boolean z = false;
                            for (String str : transformPrivileges) {
                                if (str.equalsIgnoreCase(genericPrivilegeConverter2)) {
                                    z = true;
                                } else {
                                    TSentryPrivilege fromString = genericPrivilegeConverter.fromString(str);
                                    LOGGER.info("{} GRANT permission {}", getDryRunMessage(), str);
                                    if (!this.dryRun) {
                                        create.grantPrivilege(shortUserName, tSentryRole.getRoleName(), component, fromString);
                                    }
                                }
                            }
                            if (!z) {
                                LOGGER.info("{} REVOKE permission {}", getDryRunMessage(), genericPrivilegeConverter2);
                                if (!this.dryRun) {
                                    create.revokePrivilege(shortUserName, tSentryRole.getRoleName(), component, tSentryPrivilege);
                                }
                            }
                        }
                    }
                }
                if (create != null) {
                    if (0 == 0) {
                        create.close();
                        return;
                    }
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (create != null) {
                if (th != null) {
                    try {
                        create.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    create.close();
                }
            }
            throw th4;
        }
    }

    private void migratePolicyFile() throws Exception {
        Configuration sentryConf = getSentryConf();
        Path path = new Path(this.policyFile.get());
        SimpleFileProviderBackend simpleFileProviderBackend = new SimpleFileProviderBackend(sentryConf, path);
        simpleFileProviderBackend.initialize(new ProviderBackendContext());
        HashSet newHashSet = Sets.newHashSet();
        Table groupRolePrivilegeTable = simpleFileProviderBackend.getGroupRolePrivilegeTable();
        Ini loadFromPath = PolicyFiles.loadFromPath(path.getFileSystem(sentryConf), path);
        Ini.Section section = loadFromPath.get("roles");
        for (String str : groupRolePrivilegeTable.rowKeySet()) {
            UnmodifiableIterator it = simpleFileProviderBackend.getRoles(Collections.singleton(str), ActiveRoleSet.ALL).iterator();
            while (it.hasNext()) {
                String str2 = (String) it.next();
                if (!newHashSet.contains(str2)) {
                    Set set = (Set) groupRolePrivilegeTable.get(str, str2);
                    Collection<String> transformPrivileges = transformPrivileges(set);
                    if (!transformPrivileges.isEmpty()) {
                        LOGGER.info("{} For role {} migrating privileges from {} to {}", new Object[]{getDryRunMessage(), str2, set, transformPrivileges});
                        if (!this.dryRun) {
                            section.put(str2, PrivilegeUtils.fromPrivilegeStrings(transformPrivileges));
                        }
                    }
                    newHashSet.add(str2);
                }
            }
        }
        if (this.dryRun) {
            return;
        }
        Path path2 = new Path(this.outputFile.get());
        PolicyFiles.writeToPath(loadFromPath, path2.getFileSystem(sentryConf), path2);
        LOGGER.info("Successfully saved migrated Sentry policy file at {}", this.outputFile.get());
    }

    private String getDryRunMessage() {
        return this.dryRun ? "[Dry Run]" : "";
    }

    private Configuration getSentryConf() {
        Configuration configuration = new Configuration();
        if (this.confPath.isPresent()) {
            configuration.addResource(new Path(this.confPath.get()), true);
        }
        return configuration;
    }

    @VisibleForTesting
    public boolean executeConfigTool(String[] strArr) throws Exception {
        boolean z = true;
        if (parseArgs(strArr)) {
            run();
        } else {
            z = false;
        }
        return z;
    }
}
