package com.ge.research.semtk.auth;

import com.arangodb.internal.ArangoDBConstants;
import com.ge.research.semtk.sparqlX.SparqlEndpointInterface;
import com.ge.research.semtk.utility.LocalLogger;
import com.ge.research.semtk.utility.Utility;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.apache.hadoop.hive.serde2.thrift.TReflectionUtils;
import org.apache.hadoop.yarn.server.timeline.TimelineDataManager;
import org.apache.jena.Jena;
import org.apache.tomcat.jni.Time;
import org.hibernate.validator.internal.metadata.core.ConstraintHelper;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;

/* loaded from: input_file:BOOT-INF/lib/sparqlGraphLibrary-2.2.2.jar:com/ge/research/semtk/auth/AuthorizationManager.class */
public class AuthorizationManager {
    private static final String AUTH_UNSET_MESSAGE = "Authorization setup failed: auth.authFilePath must be set to an auth_file.json, or NO_AUTH";
    private static long lastUpdate = 0;
    public static String AUTH_FILE_NO_AUTH = "NO_AUTH";
    private static String AUTH_FILE_UNSET = Jena.UNSET;
    private static String DEFAULT_GROUP = "ALL_USERS";
    private static String DEFAULT_GRAPH = TimelineDataManager.DEFAULT_DOMAIN_ID;
    private static int refreshFreqSeconds = 301;
    private static String authFilePath = AUTH_FILE_UNSET;
    private static boolean nextQuerySuper = false;
    private static boolean modeSuper = false;
    private static HashMap<String, ArrayList<String>> userGroups = new HashMap<>();
    private static HashMap<String, ArrayList<String>> graphReaders = new HashMap<>();
    private static HashMap<String, ArrayList<String>> graphWriters = new HashMap<>();
    private static HashMap<String, ArrayList<String>> graphIDMReaders = new HashMap<>();
    private static HashMap<String, ArrayList<String>> graphIDMWriters = new HashMap<>();

    public static void clear() {
        lastUpdate = 0L;
        refreshFreqSeconds = 301;
        authFilePath = AUTH_FILE_UNSET;
        AuthorizationException.setAuthLogPath(null);
        userGroups.clear();
        graphReaders.clear();
        graphWriters.clear();
        nextQuerySuper = false;
        modeSuper = false;
    }

    public static boolean authorize(AuthorizationProperties authorizationProperties) throws AuthorizationException {
        clear();
        if (authorizationProperties.getSettingsFilePath().equals("NO_AUTH")) {
            LocalLogger.logToStdErr("NOTICE: Running with no authorization auth.authFilePath=NO_AUTH");
            authFilePath = AUTH_FILE_NO_AUTH;
            return false;
        }
        try {
            if (authorizationProperties.getSettingsFilePath().isEmpty()) {
                authFilePath = AUTH_FILE_UNSET;
                throw new AuthorizationException(AUTH_UNSET_MESSAGE);
            }
            refreshFreqSeconds = authorizationProperties.getRefreshFreqSeconds();
            authFilePath = authorizationProperties.getSettingsFilePath();
            ThreadAuthenticator.setUsernameKey(authorizationProperties.getUsernameKey());
            ThreadAuthenticator.setGroupKey(authorizationProperties.getGroupKey());
            AuthorizationException.setAuthLogPath(authorizationProperties.getLogPath());
            updateAuthorization();
            return true;
        } catch (Exception e) {
            clear();
            authFilePath = null;
            throw new AuthorizationException("Authorization setup failed", e);
        }
    }

    public static void authorizeWithExit(AuthorizationProperties authorizationProperties) {
        try {
            authorize(authorizationProperties);
        } catch (Exception e) {
            LocalLogger.printStackTrace(e);
            System.exit(1);
        }
    }

    private static boolean authProperlyDisabled() {
        return authFilePath.equals(AUTH_FILE_NO_AUTH) || authFilePath.equals(AUTH_FILE_UNSET);
    }

    public static boolean authFileDisabled(String str) {
        return str == null || str.isEmpty() || str.equals(AUTH_FILE_NO_AUTH) || str.equals(AUTH_FILE_UNSET);
    }

    private static void updateAuthorization() throws AuthorizationException {
        if (authProperlyDisabled()) {
            return;
        }
        long time = Calendar.getInstance().getTime().getTime();
        if (time - lastUpdate >= refreshFreqSeconds * 1000) {
            LocalLogger.logToStdOut("Authorization Manager: refreshing authorization.");
            lastUpdate = time;
            try {
                JSONObject jSONObjectFromFilePath = Utility.getJSONObjectFromFilePath(authFilePath);
                updateUserGroups(jSONObjectFromFilePath);
                updateGraphAuthorization(jSONObjectFromFilePath);
            } catch (Exception e) {
                String str = authFilePath;
                clear();
                throw new AuthorizationException("Error reading authorization file: " + str, e);
            }
        }
    }

    private static void updateUserGroups(JSONObject jSONObject) throws Exception {
        userGroups.clear();
        JSONArray jSONArray = (JSONArray) jSONObject.get(ConstraintHelper.GROUPS);
        if (jSONArray != null) {
            for (int i = 0; i < jSONArray.size(); i++) {
                JSONObject jSONObject2 = (JSONObject) jSONArray.get(i);
                JSONArray jSONArray2 = (JSONArray) jSONObject2.get("members");
                String str = (String) jSONObject2.get("name");
                ArrayList<String> arrayList = new ArrayList<>();
                for (int i2 = 0; i2 < jSONArray2.size(); i2++) {
                    arrayList.add((String) jSONArray2.get(i2));
                }
                userGroups.put(str, arrayList);
            }
        }
    }

    private static void updateGraphAuthorization(JSONObject jSONObject) throws Exception {
        graphReaders.clear();
        graphWriters.clear();
        JSONArray jSONArray = (JSONArray) jSONObject.get(ArangoDBConstants.GRAPHS);
        for (int i = 0; i < jSONArray.size(); i++) {
            JSONObject jSONObject2 = (JSONObject) jSONArray.get(i);
            String str = (String) jSONObject2.get("name");
            JSONArray jSONArray2 = (JSONArray) jSONObject2.get("readGroups");
            ArrayList<String> arrayList = new ArrayList<>();
            if (jSONArray2 != null) {
                for (int i2 = 0; i2 < jSONArray2.size(); i2++) {
                    String str2 = (String) jSONArray2.get(i2);
                    if (!userGroups.containsKey(str2) && !str2.equals(DEFAULT_GROUP)) {
                        throw new AuthorizationException("Authorization setup failed.  Unknown group: " + str2);
                    }
                    arrayList.add(str2);
                }
            }
            graphReaders.put(str, arrayList);
            JSONArray jSONArray3 = (JSONArray) jSONObject2.get("writeGroups");
            ArrayList<String> arrayList2 = new ArrayList<>();
            if (jSONArray3 != null) {
                for (int i3 = 0; i3 < jSONArray3.size(); i3++) {
                    String str3 = (String) jSONArray3.get(i3);
                    if (!userGroups.containsKey(str3) && !str3.equals(DEFAULT_GROUP)) {
                        throw new AuthorizationException("Authorization setup failed.  Unknown group: " + str3);
                    }
                    arrayList2.add(str3);
                }
            }
            graphWriters.put(str, arrayList2);
            JSONArray jSONArray4 = (JSONArray) jSONObject2.get("writeIDMGroups");
            ArrayList<String> arrayList3 = new ArrayList<>();
            if (jSONArray4 != null) {
                for (int i4 = 0; i4 < jSONArray4.size(); i4++) {
                    arrayList3.add((String) jSONArray4.get(i4));
                }
            }
            graphIDMWriters.put(str, arrayList3);
            JSONArray jSONArray5 = (JSONArray) jSONObject2.get("readIDMGroups");
            ArrayList<String> arrayList4 = new ArrayList<>();
            if (jSONArray5 != null) {
                for (int i5 = 0; i5 < jSONArray5.size(); i5++) {
                    arrayList4.add((String) jSONArray5.get(i5));
                }
            }
            graphIDMReaders.put(str, arrayList4);
        }
    }

    public static void throwExceptionIfNotJobOwner(String str, String str2) throws AuthorizationException, Exception {
        String threadUserName = ThreadAuthenticator.getThreadUserName();
        if (authProperlyDisabled() || isSemtkSuper()) {
            return;
        }
        updateAuthorization();
        if (!threadUserName.equals(str) && !isSemtkSuper()) {
            throw new AuthorizationException("Permission denied on thread" + Thread.currentThread().getName() + ": " + threadUserName + " may not access " + str2 + " owned by " + str);
        }
    }

    public static void nextQuerySemtkSuper() {
        nextQuerySuper = true;
    }

    public static void setSemtkSuper() {
        modeSuper = true;
    }

    public static void clearSemtkSuper() {
        modeSuper = false;
        nextQuerySuper = false;
    }

    public static boolean isSemtkSuper() {
        return nextQuerySuper || modeSuper;
    }

    public static void authorizeQuery(SparqlEndpointInterface sparqlEndpointInterface, String str) throws AuthorizationException {
        if (nextQuerySuper) {
            nextQuerySuper = false;
            return;
        }
        if (modeSuper || authProperlyDisabled()) {
            return;
        }
        long nanoTime = System.nanoTime();
        String threadUserName = ThreadAuthenticator.getThreadUserName();
        AuthorizationException.logAuthEvent("Query:    " + str);
        AuthorizationException.logAuthEvent("User:     " + threadUserName);
        SparqlQueryInterrogator sparqlQueryInterrogator = new SparqlQueryInterrogator(str);
        boolean isReadOnly = sparqlQueryInterrogator.isReadOnly();
        ArrayList<String> graphNames = sparqlQueryInterrogator.getGraphNames();
        if (!graphNames.contains(sparqlEndpointInterface.getGraph())) {
            graphNames.add(sparqlEndpointInterface.getGraph());
        }
        AuthorizationException.logAuthEvent("Graphs:   " + graphNames);
        AuthorizationException.logAuthEvent("Endpoint: " + sparqlEndpointInterface.getServerAndPort() + " " + sparqlEndpointInterface.getGraph());
        AuthorizationException.logAuthEvent("Type:     " + (isReadOnly ? TReflectionUtils.thriftReaderFname : TReflectionUtils.thriftWriterFname));
        AuthorizationException.logAuthEvent("Time:     " + ((System.nanoTime() - nanoTime) / Time.APR_USEC_PER_SEC) + " msec\n");
        Iterator<String> it = graphNames.iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (isReadOnly) {
                throwExceptionIfNotGraphReader(next);
            } else {
                throwExceptionIfNotGraphReader(next);
            }
        }
    }

    public static void throwExceptionIfNotGraphReader(String str) throws AuthorizationException {
        if (authProperlyDisabled() || isSemtkSuper()) {
            return;
        }
        updateAuthorization();
        String threadUserName = ThreadAuthenticator.getThreadUserName();
        List<String> threadGroups = ThreadAuthenticator.getThreadGroups();
        Iterator<String> it = (graphReaders.containsKey(str) ? graphReaders.get(str) : graphReaders.containsKey(DEFAULT_GRAPH) ? graphReaders.get(DEFAULT_GRAPH) : new ArrayList<>()).iterator();
        while (it.hasNext()) {
            String next = it.next();
            ArrayList<String> arrayList = userGroups.get(next);
            if (next.equals(DEFAULT_GROUP) || (arrayList != null && arrayList.contains(threadUserName))) {
                AuthorizationException.logAuthEvent("User " + threadUserName + " granted read permission on graph " + str);
                return;
            }
        }
        Iterator<String> it2 = (graphIDMReaders.containsKey(str) ? graphIDMReaders.get(str) : graphIDMReaders.containsKey(DEFAULT_GRAPH) ? graphIDMReaders.get(DEFAULT_GRAPH) : new ArrayList<>()).iterator();
        while (it2.hasNext()) {
            String next2 = it2.next();
            if (threadGroups.contains(next2)) {
                AuthorizationException.logAuthEvent("User " + threadUserName + " member of " + next2 + " granted read permission on graph " + str);
                return;
            }
        }
        throw new AuthorizationException("Read Access Denied.  graph=" + str + " user=" + threadUserName);
    }

    public static void throwExceptionIfNotGraphWriter(String str) throws AuthorizationException {
        if (authProperlyDisabled() || isSemtkSuper()) {
            return;
        }
        updateAuthorization();
        String threadUserName = ThreadAuthenticator.getThreadUserName();
        List<String> threadGroups = ThreadAuthenticator.getThreadGroups();
        Iterator<String> it = (graphWriters.containsKey(str) ? graphWriters.get(str) : graphWriters.containsKey(DEFAULT_GRAPH) ? graphWriters.get(DEFAULT_GRAPH) : new ArrayList<>()).iterator();
        while (it.hasNext()) {
            String next = it.next();
            ArrayList<String> arrayList = userGroups.get(next);
            if (next.equals(DEFAULT_GROUP) || (arrayList != null && arrayList.contains(threadUserName))) {
                AuthorizationException.logAuthEvent("User " + threadUserName + " granted write permission on graph " + str);
                return;
            }
        }
        Iterator<String> it2 = (graphIDMWriters.containsKey(str) ? graphIDMWriters.get(str) : graphIDMWriters.containsKey(DEFAULT_GRAPH) ? graphIDMWriters.get(DEFAULT_GRAPH) : new ArrayList<>()).iterator();
        while (it2.hasNext()) {
            String next2 = it2.next();
            if (threadGroups.contains(next2)) {
                AuthorizationException.logAuthEvent("User " + threadUserName + " member of " + next2 + " granted write permission on graph " + str);
                return;
            }
        }
        throw new AuthorizationException("Write Access Denied.  graph=" + str + " user=" + threadUserName);
    }
}
