package org.apache.ranger.plugin.policyengine;

import io.juicefs.shaded.org.apache.commons.lang.StringUtils;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import java.util.regex.Pattern;
import javax.script.Bindings;
import javax.script.ScriptEngine;
import javax.script.ScriptException;
import org.apache.commons.collections.CollectionUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.authorization.utils.JsonUtils;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.contextenricher.RangerTagForEval;
import org.apache.ranger.plugin.util.MacroProcessor;
import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
import org.apache.ranger.plugin.util.RangerCommonConstants;
import org.apache.ranger.plugin.util.RangerPerfTracer;
import org.apache.ranger.plugin.util.RangerUserStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.class */
public final class RangerRequestScriptEvaluator {
    private static final String TAG_ATTR_DATE_FORMAT_PROP = "ranger.plugin.tag.attr.additional.date.formats";
    private static final String TAG_ATTR_DATE_FORMAT_SEPARATOR = "||";
    private static final String TAG_ATTR_DATE_FORMAT_SEPARATOR_REGEX = "\\|\\|";
    private static final String DEFAULT_RANGER_TAG_ATTRIBUTE_DATE_FORMAT = "yyyy/MM/dd";
    private static final String DEFAULT_ATLAS_TAG_ATTRIBUTE_DATE_FORMAT_NAME = "ATLAS_DATE_FORMAT";
    private static final String DEFAULT_ATLAS_TAG_ATTRIBUTE_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'";
    private static final String SCRIPT_PREEXEC = "_ctx=JSON.parse(_ctx_json); J=JSON.stringify;REQ=_ctx.request;RES=REQ.resource;USER=REQ.userAttributes;UGNAMES=REQ.userGroups;UG=REQ.userGroupAttributes;UGA=REQ.uga;URNAMES=REQ.userRoles;TAG=_ctx.tag;TAGS=_ctx.tags;TAGNAMES=_ctx.tagNames;";
    private final RangerAccessRequest accessRequest;
    private boolean initDone = false;
    private Map<String, String> userAttrs = Collections.emptyMap();
    private Map<String, Map<String, String>> groupAttrs = Collections.emptyMap();
    private Map<String, Map<String, Object>> tags = Collections.emptyMap();
    private Map<String, Object> tag = Collections.emptyMap();
    private Collection<String> userGroups = Collections.emptySet();
    private Collection<String> userRoles = Collections.emptySet();
    private Collection<String> tagNames = Collections.emptySet();
    private Boolean result = false;
    private static final ThreadLocal<List<SimpleDateFormat>> THREADLOCAL_DATE_FORMATS;
    private static final Logger LOG = LoggerFactory.getLogger(RangerRequestScriptEvaluator.class);
    private static final Logger PERF_POLICY_CONDITION_SCRIPT_TOJSON = RangerPerfTracer.getPerfLogger("policy.condition.script.tojson");
    private static final Logger PERF_POLICY_CONDITION_SCRIPT_EVAL = RangerPerfTracer.getPerfLogger("policy.condition.script.eval");
    private static final Pattern JSON_VAR_NAMES_PATTERN = Pattern.compile(getJsonVarNamesPattern());
    private static final Pattern USER_ATTRIBUTES_PATTERN = Pattern.compile(getUserAttributesPattern());
    private static final Pattern GROUP_ATTRIBUTES_PATTERN = Pattern.compile(getGroupAttributesPattern());
    private static final Character CHAR_QUOTE = '\'';
    private static final Character CHAR_COMMA = ',';
    private static final MacroProcessor MACRO_PROCESSOR = new MacroProcessor(getMacrosMap());
    private static String[] dateFormatStrings = null;

    /* loaded from: input_file:org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator$UserGroupsAttributes.class */
    public static class UserGroupsAttributes {
        private final Collection<String> groupNames;
        private final Map<String, Map<String, String>> groupAttributes;

        public UserGroupsAttributes(Collection<String> collection, Map<String, Map<String, String>> map) {
            this.groupNames = collection;
            this.groupAttributes = map;
        }

        public Map<String, Map<String, Object>> getAttributes() {
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            HashMap hashMap3 = new HashMap();
            hashMap.put("sVal", hashMap2);
            hashMap.put("mVal", hashMap3);
            if (this.groupNames != null && this.groupAttributes != null) {
                Iterator<String> it = this.groupNames.iterator();
                while (it.hasNext()) {
                    Map<String, String> map = this.groupAttributes.get(it.next());
                    if (map != null) {
                        for (Map.Entry<String, String> entry : map.entrySet()) {
                            String key = entry.getKey();
                            String value = entry.getValue();
                            if (!hashMap2.containsKey(key)) {
                                hashMap2.put(key, value);
                            }
                            List list = (List) hashMap3.get(key);
                            if (list == null) {
                                list = new ArrayList();
                                hashMap3.put(key, list);
                            }
                            list.add(value);
                        }
                    }
                }
            }
            return hashMap;
        }
    }

    public static boolean needsJsonCtxEnabled(String str) {
        return JSON_VAR_NAMES_PATTERN.matcher(str).find();
    }

    public static boolean hasUserAttributeReference(String str) {
        return USER_ATTRIBUTES_PATTERN.matcher(str).find();
    }

    public static boolean hasGroupAttributeReference(String str) {
        return GROUP_ATTRIBUTES_PATTERN.matcher(str).find();
    }

    public static boolean hasUserGroupAttributeReference(String str) {
        return hasUserAttributeReference(str) || hasGroupAttributeReference(str);
    }

    public static boolean hasUserGroupAttributeReference(Collection<String> collection) {
        boolean z = false;
        if (collection != null) {
            Iterator<String> it = collection.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (hasUserGroupAttributeReference(it.next())) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }

    public static String expandMacros(String str) {
        return MACRO_PROCESSOR.expandMacros(str);
    }

    public RangerRequestScriptEvaluator(RangerAccessRequest rangerAccessRequest) {
        this.accessRequest = rangerAccessRequest.getReadOnlyCopy();
    }

    public Object evaluateScript(ScriptEngine scriptEngine, String str) {
        String expandMacros = expandMacros(str);
        return evaluateScript(scriptEngine, expandMacros, needsJsonCtxEnabled(expandMacros));
    }

    public Object evaluateConditionScript(ScriptEngine scriptEngine, String str, boolean z) {
        Object evaluateScript = evaluateScript(scriptEngine, expandMacros(str), z);
        if (evaluateScript == null) {
            evaluateScript = Boolean.valueOf(getResult());
        }
        if (evaluateScript instanceof Boolean) {
            this.result = (Boolean) evaluateScript;
        }
        return evaluateScript;
    }

    private Object evaluateScript(ScriptEngine scriptEngine, String str, boolean z) {
        Object obj = null;
        Bindings createBindings = scriptEngine.createBindings();
        RangerTagForEval currentTag = getCurrentTag();
        Map<String, String> attributes = currentTag != null ? currentTag.getAttributes() : Collections.emptyMap();
        createBindings.put(RangerCommonConstants.SCRIPT_VAR_ctx, this);
        createBindings.put("tag", currentTag);
        createBindings.put(RangerCommonConstants.SCRIPT_VAR_tagAttr, attributes);
        if (z) {
            createBindings.put(RangerCommonConstants.SCRIPT_VAR__CTX_JSON, toJson());
            str = SCRIPT_PREEXEC + str;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("RangerRequestScriptEvaluator.evaluateScript(): script={" + str + "}");
        }
        RangerPerfTracer rangerPerfTracer = null;
        try {
            try {
                try {
                    long hashCode = this.accessRequest.hashCode();
                    if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICY_CONDITION_SCRIPT_EVAL)) {
                        rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_POLICY_CONDITION_SCRIPT_EVAL, "RangerRequestScriptEvaluator.evaluateScript(requestHash=" + hashCode + ")");
                    }
                    obj = scriptEngine.eval(str, createBindings);
                    RangerPerfTracer.log(rangerPerfTracer);
                } catch (NullPointerException e) {
                    LOG.error("RangerRequestScriptEvaluator.evaluateScript(): eval called with NULL argument(s)", e);
                    RangerPerfTracer.log(rangerPerfTracer);
                }
            } catch (ScriptException e2) {
                LOG.error("RangerRequestScriptEvaluator.evaluateScript(): failed to evaluate script, exception=" + e2);
                RangerPerfTracer.log(rangerPerfTracer);
            }
            return obj;
        } catch (Throwable th) {
            RangerPerfTracer.log(rangerPerfTracer);
            throw th;
        }
    }

    private String toJson() {
        RangerPerfTracer rangerPerfTracer = null;
        long hashCode = this.accessRequest.hashCode();
        if (RangerPerfTracer.isPerfTraceEnabled(PERF_POLICY_CONDITION_SCRIPT_TOJSON)) {
            rangerPerfTracer = RangerPerfTracer.getPerfTracer(PERF_POLICY_CONDITION_SCRIPT_TOJSON, "RangerRequestScriptEvaluator.toJson(requestHash=" + hashCode + ")");
        }
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        Date accessTime = this.accessRequest.getAccessTime();
        init();
        if (accessTime != null) {
            hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_ACCESS_TIME, Long.valueOf(accessTime.getTime()));
        }
        hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_ACCESS_TYPE, this.accessRequest.getAccessType());
        hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_ACTION, this.accessRequest.getAction());
        hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_CLIENT_IP_ADDRESS, this.accessRequest.getClientIPAddress());
        hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_CLIENT_TYPE, this.accessRequest.getClientType());
        hashMap2.put("clusterName", this.accessRequest.getClusterName());
        hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_CLUSTER_TYPE, this.accessRequest.getClusterType());
        hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_FORWARDED_ADDRESSES, this.accessRequest.getForwardedAddresses());
        hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_REMOTE_IP_ADDRESS, this.accessRequest.getRemoteIPAddress());
        hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_REQUEST_DATA, this.accessRequest.getRequestData());
        if (this.accessRequest.getResource() != null) {
            HashMap hashMap3 = new HashMap(this.accessRequest.getResource().getAsMap());
            hashMap3.put(RangerCommonConstants.SCRIPT_FIELD__OWNER_USER, this.accessRequest.getResource().getOwnerUser());
            hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_RESOURCE, hashMap3);
        }
        hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_RESOURCE_MATCHING_SCOPE, this.accessRequest.getResourceMatchingScope());
        hashMap2.put("user", getUser());
        hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_USER_GROUPS, this.userGroups);
        hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_USER_ROLES, this.userRoles);
        hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_USER_ATTRIBUTES, this.userAttrs);
        hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_USER_GROUP_ATTRIBUTES, this.groupAttrs);
        hashMap2.put(RangerCommonConstants.SCRIPT_FIELD_UGA, new UserGroupsAttributes(this.userGroups, this.groupAttrs).getAttributes());
        hashMap.put(RangerCommonConstants.SCRIPT_FIELD_REQUEST, hashMap2);
        hashMap.put(RangerCommonConstants.SCRIPT_FIELD_TAGS, this.tags);
        hashMap.put(RangerCommonConstants.SCRIPT_FIELD_TAG_NAMES, this.tagNames);
        hashMap.put("tag", this.tag);
        String objectToJson = JsonUtils.objectToJson(hashMap);
        RangerPerfTracer.log(rangerPerfTracer);
        return objectToJson;
    }

    public static void init(Configuration configuration) {
        StringBuilder sb = new StringBuilder(DEFAULT_RANGER_TAG_ATTRIBUTE_DATE_FORMAT);
        sb.append(TAG_ATTR_DATE_FORMAT_SEPARATOR).append(DEFAULT_ATLAS_TAG_ATTRIBUTE_DATE_FORMAT_NAME);
        String str = configuration != null ? configuration.get(TAG_ATTR_DATE_FORMAT_PROP) : null;
        if (StringUtils.isNotBlank(str)) {
            sb.append(TAG_ATTR_DATE_FORMAT_SEPARATOR).append(str);
        }
        String[] split = sb.toString().split(TAG_ATTR_DATE_FORMAT_SEPARATOR_REGEX);
        Arrays.sort(split, new Comparator<String>() { // from class: org.apache.ranger.plugin.policyengine.RangerRequestScriptEvaluator.2
            @Override // java.util.Comparator
            public int compare(String str2, String str3) {
                return Integer.compare(str3.length(), str2.length());
            }
        });
        dateFormatStrings = split;
    }

    public String getResource() {
        String str = null;
        RangerAccessResource currentResourceFromContext = RangerAccessRequestUtil.getCurrentResourceFromContext(getRequestContext());
        if (currentResourceFromContext != null) {
            str = currentResourceFromContext.getAsString();
        }
        return str;
    }

    public String getRequestContextAttribute(String str) {
        Object obj;
        String str2 = null;
        if (StringUtils.isNotBlank(str) && (obj = getRequestContext().get(str)) != null) {
            str2 = obj.toString();
        }
        return str2;
    }

    public boolean isAccessTypeAny() {
        return this.accessRequest.isAccessTypeAny();
    }

    public boolean isAccessTypeDelegatedAdmin() {
        return this.accessRequest.isAccessTypeDelegatedAdmin();
    }

    public String getUser() {
        return this.accessRequest.getUser();
    }

    public Set<String> getUserGroups() {
        return this.accessRequest.getUserGroups();
    }

    public Set<String> getUserRoles() {
        return this.accessRequest.getUserRoles();
    }

    public Date getAccessTime() {
        return this.accessRequest.getAccessTime() != null ? this.accessRequest.getAccessTime() : new Date();
    }

    public String getClientIPAddress() {
        return this.accessRequest.getClientIPAddress();
    }

    public String getClientType() {
        return this.accessRequest.getClientType();
    }

    public String getAction() {
        return this.accessRequest.getAction();
    }

    public String getRequestData() {
        return this.accessRequest.getRequestData();
    }

    public String getSessionId() {
        return this.accessRequest.getSessionId();
    }

    public RangerTagForEval getCurrentTag() {
        RangerTagForEval currentTagFromContext = RangerAccessRequestUtil.getCurrentTagFromContext(getRequestContext());
        if (currentTagFromContext == null && LOG.isDebugEnabled()) {
            logDebug("RangerRequestScriptEvaluator.getCurrentTag() - No current TAG object. Script execution must be for resource-based policy.");
        }
        return currentTagFromContext;
    }

    public String getCurrentTagType() {
        RangerTagForEval currentTag = getCurrentTag();
        if (currentTag != null) {
            return currentTag.getType();
        }
        return null;
    }

    public Set<String> getAllTagTypes() {
        HashSet hashSet = null;
        Set<RangerTagForEval> allTags = getAllTags();
        if (CollectionUtils.isNotEmpty(allTags)) {
            Iterator<RangerTagForEval> it = allTags.iterator();
            while (it.hasNext()) {
                String type = it.next().getType();
                if (hashSet == null) {
                    hashSet = new HashSet();
                }
                hashSet.add(type);
            }
        }
        return hashSet;
    }

    public Map<String, String> getTagAttributes(String str) {
        Map<String, String> map = null;
        if (StringUtils.isNotBlank(str)) {
            Set<RangerTagForEval> allTags = getAllTags();
            if (CollectionUtils.isNotEmpty(allTags)) {
                Iterator<RangerTagForEval> it = allTags.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    RangerTagForEval next = it.next();
                    if (next.getType().equals(str)) {
                        map = next.getAttributes();
                        break;
                    }
                }
            }
        }
        return map;
    }

    public List<Map<String, String>> getTagAttributesForAllMatchingTags(String str) {
        ArrayList arrayList = null;
        if (StringUtils.isNotBlank(str)) {
            Set<RangerTagForEval> allTags = getAllTags();
            if (CollectionUtils.isNotEmpty(allTags)) {
                Iterator<RangerTagForEval> it = allTags.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    RangerTagForEval next = it.next();
                    if (next.getType().equals(str)) {
                        Map<String, String> attributes = next.getAttributes();
                        if (attributes != null) {
                            if (0 == 0) {
                                arrayList = new ArrayList();
                            }
                            arrayList.add(attributes);
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    public Set<String> getAttributeNames(String str) {
        Set<String> set = null;
        Map<String, String> tagAttributes = getTagAttributes(str);
        if (tagAttributes != null) {
            set = tagAttributes.keySet();
        }
        return set;
    }

    public String getAttributeValue(String str, String str2) {
        Map<String, String> tagAttributes;
        String str3 = null;
        if ((StringUtils.isNotBlank(str) || StringUtils.isNotBlank(str2)) && (tagAttributes = getTagAttributes(str)) != null) {
            str3 = tagAttributes.get(str2);
        }
        return str3;
    }

    public List<String> getAttributeValueForAllMatchingTags(String str, String str2) {
        Map<String, String> tagAttributes;
        ArrayList arrayList = null;
        if ((StringUtils.isNotBlank(str) || StringUtils.isNotBlank(str2)) && (tagAttributes = getTagAttributes(str)) != null && tagAttributes.get(str2) != null) {
            if (0 == 0) {
                arrayList = new ArrayList();
            }
            arrayList.add(tagAttributes.get(str2));
        }
        return arrayList;
    }

    public String getAttributeValue(String str) {
        String str2 = null;
        if (StringUtils.isNotBlank(str)) {
            RangerTagForEval currentTag = getCurrentTag();
            Map<String, String> map = null;
            if (currentTag != null) {
                map = currentTag.getAttributes();
            }
            if (map != null) {
                str2 = map.get(str);
            }
        }
        return str2;
    }

    public boolean getResult() {
        return this.result.booleanValue();
    }

    public void setResult(boolean z) {
        this.result = Boolean.valueOf(z);
    }

    private Date getAsDate(String str, SimpleDateFormat simpleDateFormat) {
        Date date = null;
        TimeZone timeZone = simpleDateFormat.getTimeZone();
        try {
            date = simpleDateFormat.parse(str);
            simpleDateFormat.setTimeZone(timeZone);
        } catch (ParseException e) {
            simpleDateFormat.setTimeZone(timeZone);
        } catch (Throwable th) {
            simpleDateFormat.setTimeZone(timeZone);
            throw th;
        }
        return date;
    }

    public Date getAsDate(String str) {
        Date date = null;
        if (StringUtils.isNotBlank(str)) {
            Iterator<SimpleDateFormat> it = THREADLOCAL_DATE_FORMATS.get().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SimpleDateFormat next = it.next();
                date = getAsDate(str, next);
                if (date != null) {
                    if (LOG.isDebugEnabled()) {
                        logDebug("RangerRequestScriptEvaluator.getAsDate() -The best match found for Format-String:[" + next.toPattern() + "], date:[" + date + "]");
                    }
                }
            }
        }
        if (date == null) {
            logError("RangerRequestScriptEvaluator.getAsDate() - Could not convert [" + str + "] to Date using any of the Format-Strings: " + Arrays.toString(dateFormatStrings));
        } else {
            date = StringUtil.getUTCDateForLocalDate(date);
        }
        return date;
    }

    public Date getTagAttributeAsDate(String str, String str2) {
        return getAsDate(getAttributeValue(str, str2));
    }

    public boolean isAccessedAfter(String str, String str2) {
        boolean z = false;
        Date accessTime = getAccessTime();
        Date tagAttributeAsDate = getTagAttributeAsDate(str, str2);
        if (tagAttributeAsDate == null || accessTime.after(tagAttributeAsDate) || accessTime.equals(tagAttributeAsDate)) {
            z = true;
        }
        return z;
    }

    public boolean isAccessedAfter(String str) {
        boolean z = false;
        Date accessTime = getAccessTime();
        Date asDate = getAsDate(getAttributeValue(str));
        if (asDate == null || accessTime.after(asDate) || accessTime.equals(asDate)) {
            z = true;
        }
        return z;
    }

    public boolean isAccessedBefore(String str, String str2) {
        boolean z = true;
        Date accessTime = getAccessTime();
        Date tagAttributeAsDate = getTagAttributeAsDate(str, str2);
        if (tagAttributeAsDate == null || accessTime.after(tagAttributeAsDate)) {
            z = false;
        }
        return z;
    }

    public boolean isAccessedBefore(String str) {
        boolean z = true;
        Date accessTime = getAccessTime();
        Date asDate = getAsDate(getAttributeValue(str));
        if (asDate == null || accessTime.after(asDate)) {
            z = false;
        }
        return z;
    }

    public String ugNamesCsv() {
        init();
        return toCsv(this.userGroups);
    }

    public String ugNamesCsvQ() {
        init();
        return toCsvQ(this.userGroups);
    }

    public String urNamesCsv() {
        init();
        return toCsv(this.userRoles);
    }

    public String urNamesCsvQ() {
        init();
        return toCsvQ(this.userRoles);
    }

    public String tagNamesCsv() {
        init();
        return toCsv(this.tagNames);
    }

    public String tagNamesCsvQ() {
        init();
        return toCsvQ(this.tagNames);
    }

    public String userAttrNamesCsv() {
        init();
        return toCsv(getUserAttrNames());
    }

    public String userAttrNamesCsvQ() {
        init();
        return toCsvQ(getUserAttrNames());
    }

    public String ugAttrNamesCsv() {
        init();
        return toCsv(getUgAttrNames());
    }

    public String ugAttrNamesCsvQ() {
        return toCsvQ(getUgAttrNames());
    }

    public String tagAttrNamesCsv() {
        init();
        return toCsv(getTagAttrNames());
    }

    public String tagAttrNamesCsvQ() {
        init();
        return toCsvQ(getTagAttrNames());
    }

    public String ugAttrCsv(String str) {
        init();
        return toCsv(getUgAttr(str));
    }

    public String ugAttrCsvQ(String str) {
        init();
        return toCsvQ(getUgAttr(str));
    }

    public String tagAttrCsv(String str) {
        init();
        return toCsv(getTagAttr(str));
    }

    public String tagAttrCsvQ(String str) {
        init();
        return toCsvQ(getTagAttr(str));
    }

    public boolean hasTag(String str) {
        init();
        return this.tags.containsKey(str);
    }

    public boolean hasAnyTag() {
        init();
        return !this.tags.isEmpty();
    }

    public boolean hasUserAttr(String str) {
        init();
        return this.userAttrs.containsKey(str);
    }

    public boolean hasUgAttr(String str) {
        init();
        boolean z = false;
        Iterator<Map<String, String>> it = this.groupAttrs.values().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (it.next().containsKey(str)) {
                z = true;
                break;
            }
        }
        return z;
    }

    public boolean hasTagAttr(String str) {
        init();
        boolean z = false;
        Set<RangerTagForEval> requestTagsFromContext = RangerAccessRequestUtil.getRequestTagsFromContext(this.accessRequest.getContext());
        if (requestTagsFromContext != null) {
            Iterator<RangerTagForEval> it = requestTagsFromContext.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (it.next().getAttributes().containsKey(str)) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }

    public boolean isInGroup(String str) {
        init();
        return this.userGroups.contains(str);
    }

    public boolean isInRole(String str) {
        init();
        return this.userRoles.contains(str);
    }

    public boolean isInAnyGroup() {
        init();
        return !this.userGroups.isEmpty();
    }

    public boolean isInAnyRole() {
        init();
        return !this.userRoles.isEmpty();
    }

    private void init() {
        if (this.initDone) {
            return;
        }
        RangerUserStore requestUserStoreFromContext = RangerAccessRequestUtil.getRequestUserStoreFromContext(this.accessRequest.getContext());
        Map<String, Map<String, String>> userAttrMapping = requestUserStoreFromContext != null ? requestUserStoreFromContext.getUserAttrMapping() : Collections.emptyMap();
        Map<String, Map<String, String>> groupAttrMapping = requestUserStoreFromContext != null ? requestUserStoreFromContext.getGroupAttrMapping() : Collections.emptyMap();
        this.userGroups = getSorted(getUserGroups());
        this.userRoles = getSorted(getUserRoles());
        this.userAttrs = copyMap(userAttrMapping.get(this.accessRequest.getUser()));
        this.groupAttrs = new HashMap();
        this.userAttrs.put(RangerCommonConstants.SCRIPT_FIELD__NAME, getUser());
        for (String str : this.userGroups) {
            Map<String, String> map = groupAttrMapping.get(str);
            HashMap hashMap = map != null ? new HashMap(map) : new HashMap();
            hashMap.put(RangerCommonConstants.SCRIPT_FIELD__NAME, str);
            this.groupAttrs.put(str, hashMap);
        }
        Set<RangerTagForEval> requestTagsFromContext = RangerAccessRequestUtil.getRequestTagsFromContext(getRequestContext());
        if (CollectionUtils.isNotEmpty(requestTagsFromContext)) {
            RangerTagForEval currentTagFromContext = RangerAccessRequestUtil.getCurrentTagFromContext(getRequestContext());
            this.tags = new HashMap();
            this.tag = currentTagFromContext != null ? toMap(currentTagFromContext) : Collections.emptyMap();
            for (RangerTagForEval rangerTagForEval : requestTagsFromContext) {
                this.tags.put(rangerTagForEval.getType(), toMap(rangerTagForEval));
            }
            this.tagNames = getSorted(this.tags.keySet());
        } else {
            this.tags = Collections.emptyMap();
            this.tagNames = Collections.emptySet();
            this.tag = Collections.emptyMap();
        }
        this.initDone = true;
    }

    private Map<String, Object> getRequestContext() {
        return this.accessRequest.getContext();
    }

    private Set<RangerTagForEval> getAllTags() {
        Set<RangerTagForEval> requestTagsFromContext = RangerAccessRequestUtil.getRequestTagsFromContext(this.accessRequest.getContext());
        if (requestTagsFromContext == null && LOG.isDebugEnabled()) {
            logDebug("RangerRequestScriptEvaluator.getAllTags() - No TAGS. No TAGS for the RangerAccessResource=" + this.accessRequest.getResource().getAsString());
        }
        return requestTagsFromContext;
    }

    private static Map<String, Object> toMap(RangerTagForEval rangerTagForEval) {
        HashMap hashMap = new HashMap();
        if (rangerTagForEval.getAttributes() != null) {
            hashMap.putAll(rangerTagForEval.getAttributes());
        }
        hashMap.put(RangerCommonConstants.SCRIPT_FIELD__TYPE, rangerTagForEval.getType());
        hashMap.put(RangerCommonConstants.SCRIPT_FIELD__MATCH_TYPE, rangerTagForEval.getMatchType());
        return hashMap;
    }

    private Collection<String> getSorted(Collection<String> collection) {
        Collection<String> collection2;
        if (collection == null) {
            collection2 = Collections.emptyList();
        } else if (collection.size() > 1) {
            ArrayList arrayList = new ArrayList(collection);
            Collections.sort(arrayList);
            collection2 = arrayList;
        } else {
            collection2 = collection;
        }
        return collection2;
    }

    private Map<String, String> copyMap(Map<String, String> map) {
        return map == null ? new HashMap() : new HashMap(map);
    }

    private List<Object> getUgAttr(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = this.userGroups.iterator();
        while (it.hasNext()) {
            Map<String, String> map = this.groupAttrs.get(it.next());
            String str2 = map != null ? map.get(str) : null;
            if (str2 != null) {
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    private List<Object> getTagAttr(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = this.tagNames.iterator();
        while (it.hasNext()) {
            Map<String, Object> map = this.tags.get(it.next());
            Object obj = map != null ? map.get(str) : null;
            if (obj != null) {
                arrayList.add(obj);
            }
        }
        return arrayList;
    }

    private Collection<String> getUserAttrNames() {
        Collection<String> sorted = getSorted(this.userAttrs.keySet());
        if (sorted.contains(RangerCommonConstants.SCRIPT_FIELD__NAME)) {
            sorted.remove(RangerCommonConstants.SCRIPT_FIELD__NAME);
        }
        return sorted;
    }

    private Collection<String> getUgAttrNames() {
        HashSet hashSet = new HashSet();
        Iterator<Map<String, String>> it = this.groupAttrs.values().iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().keySet());
        }
        hashSet.remove(RangerCommonConstants.SCRIPT_FIELD__NAME);
        return getSorted(hashSet);
    }

    private Collection<String> getTagAttrNames() {
        HashSet hashSet = new HashSet();
        Iterator<Map<String, Object>> it = this.tags.values().iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().keySet());
        }
        hashSet.remove(RangerCommonConstants.SCRIPT_FIELD__TYPE);
        hashSet.remove(RangerCommonConstants.SCRIPT_FIELD__MATCH_TYPE);
        return getSorted(hashSet);
    }

    private String toCsv(Collection<? extends Object> collection) {
        StringBuilder sb = new StringBuilder();
        for (Object obj : collection) {
            if (obj != null) {
                if (sb.length() > 0) {
                    sb.append(CHAR_COMMA);
                }
                sb.append(obj);
            }
        }
        return sb.toString();
    }

    private String toCsvQ(Collection<? extends Object> collection) {
        StringBuilder sb = new StringBuilder();
        for (Object obj : collection) {
            if (obj != null) {
                if (sb.length() > 0) {
                    sb.append(CHAR_COMMA);
                }
                sb.append(CHAR_QUOTE).append(obj).append(CHAR_QUOTE);
            }
        }
        return sb.toString();
    }

    private static String getJsonVarNamesPattern() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(RangerCommonConstants.SCRIPT_VAR__CTX);
        arrayList.add(RangerCommonConstants.SCRIPT_VAR_REQ);
        arrayList.add(RangerCommonConstants.SCRIPT_VAR_RES);
        arrayList.add(RangerCommonConstants.SCRIPT_VAR_TAG);
        arrayList.add(RangerCommonConstants.SCRIPT_VAR_TAGNAMES);
        arrayList.add("TAGS");
        arrayList.add(RangerCommonConstants.SCRIPT_VAR_UGA);
        arrayList.add(RangerCommonConstants.SCRIPT_VAR_UG);
        arrayList.add(RangerCommonConstants.SCRIPT_VAR_UGNAMES);
        arrayList.add(RangerCommonConstants.SCRIPT_VAR_URNAMES);
        arrayList.add("USER");
        return "\\b(" + StringUtils.join((Collection) arrayList, '|') + ")\\b";
    }

    private static String getUserAttributesPattern() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("USER");
        arrayList.add(RangerCommonConstants.SCRIPT_MACRO_USER_ATTR_NAMES_CSV);
        arrayList.add(RangerCommonConstants.SCRIPT_MACRO_USER_ATTR_NAMES_Q_CSV);
        arrayList.add(RangerCommonConstants.SCRIPT_MACRO_HAS_USER_ATTR);
        arrayList.add("userAttrNamesCsv");
        arrayList.add("userAttrNamesCsvQ");
        arrayList.add("hasUserAttr");
        return "\\b(" + StringUtils.join((Collection) arrayList, '|') + ")\\b";
    }

    private static String getGroupAttributesPattern() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(RangerCommonConstants.SCRIPT_VAR_UG);
        arrayList.add(RangerCommonConstants.SCRIPT_VAR_UGA);
        arrayList.add(RangerCommonConstants.SCRIPT_MACRO_GET_UG_ATTR_CSV);
        arrayList.add(RangerCommonConstants.SCRIPT_MACRO_GET_UG_ATTR_Q_CSV);
        arrayList.add(RangerCommonConstants.SCRIPT_MACRO_UG_ATTR_NAMES_CSV);
        arrayList.add(RangerCommonConstants.SCRIPT_MACRO_UG_ATTR_NAMES_Q_CSV);
        arrayList.add(RangerCommonConstants.SCRIPT_MACRO_HAS_UG_ATTR);
        arrayList.add("ugAttrCsv");
        arrayList.add("ugAttrCsvQ");
        arrayList.add("ugAttrNamesCsv");
        arrayList.add("ugAttrNamesCsvQ");
        arrayList.add("hasUgAttr");
        return "\\b(" + StringUtils.join((Collection) arrayList, '|') + ")\\b";
    }

    private static Map<String, String> getMacrosMap() {
        HashMap hashMap = new HashMap();
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_GET_TAG_ATTR_CSV, "ctx.tagAttrCsv");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_GET_TAG_ATTR_Q_CSV, "ctx.tagAttrCsvQ");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_GET_UG_ATTR_CSV, "ctx.ugAttrCsv");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_GET_UG_ATTR_Q_CSV, "ctx.ugAttrCsvQ");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_TAG_ATTR_NAMES_CSV, "ctx.tagAttrNamesCsv()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_TAG_ATTR_NAMES_Q_CSV, "ctx.tagAttrNamesCsvQ()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_TAG_NAMES_CSV, "ctx.tagNamesCsv()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_TAG_NAMES_Q_CSV, "ctx.tagNamesCsvQ()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_UG_ATTR_NAMES_CSV, "ctx.ugAttrNamesCsv()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_UG_ATTR_NAMES_Q_CSV, "ctx.ugAttrNamesCsvQ()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_UG_NAMES_CSV, "ctx.ugNamesCsv()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_UG_NAMES_Q_CSV, "ctx.ugNamesCsvQ()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_UR_NAMES_CSV, "ctx.urNamesCsv()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_UR_NAMES_Q_CSV, "ctx.urNamesCsvQ()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_USER_ATTR_NAMES_CSV, "ctx.userAttrNamesCsv()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_USER_ATTR_NAMES_Q_CSV, "ctx.userAttrNamesCsvQ()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_HAS_TAG, "ctx.hasTag");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_HAS_ANY_TAG, "ctx.hasAnyTag()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_HAS_NO_TAG, "!ctx.hasAnyTag()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_HAS_USER_ATTR, "ctx.hasUserAttr");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_HAS_UG_ATTR, "ctx.hasUgAttr");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_HAS_TAG_ATTR, "ctx.hasTagAttr");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_IS_IN_GROUP, "ctx.isInGroup");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_IS_IN_ROLE, "ctx.isInRole");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_IS_IN_ANY_GROUP, "ctx.isInAnyGroup()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_IS_IN_ANY_ROLE, "ctx.isInAnyRole()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_IS_NOT_IN_ANY_GROUP, "!ctx.isInAnyGroup()");
        hashMap.put(RangerCommonConstants.SCRIPT_MACRO_IS_NOT_IN_ANY_ROLE, "!ctx.isInAnyRole()");
        return hashMap;
    }

    public void logDebug(Object obj) {
        LOG.debug("", obj);
    }

    public void logInfo(Object obj) {
        LOG.info("", obj);
    }

    public void logWarn(Object obj) {
        LOG.warn("", obj);
    }

    public void logError(Object obj) {
        LOG.error("", obj);
    }

    public void logFatal(Object obj) {
        LOG.error("", obj);
    }

    static {
        init(null);
        THREADLOCAL_DATE_FORMATS = new ThreadLocal<List<SimpleDateFormat>>() { // from class: org.apache.ranger.plugin.policyengine.RangerRequestScriptEvaluator.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.lang.ThreadLocal
            public List<SimpleDateFormat> initialValue() {
                ArrayList arrayList = new ArrayList();
                for (String str : RangerRequestScriptEvaluator.dateFormatStrings) {
                    try {
                        if (StringUtils.isNotBlank(str)) {
                            if (StringUtils.equalsIgnoreCase(str, RangerRequestScriptEvaluator.DEFAULT_ATLAS_TAG_ATTRIBUTE_DATE_FORMAT_NAME)) {
                                str = RangerRequestScriptEvaluator.DEFAULT_ATLAS_TAG_ATTRIBUTE_DATE_FORMAT;
                            }
                            SimpleDateFormat simpleDateFormat = new SimpleDateFormat(str);
                            simpleDateFormat.setLenient(false);
                            arrayList.add(simpleDateFormat);
                        }
                    } catch (Exception e) {
                    }
                }
                return arrayList;
            }
        };
    }
}
