package com.cloudera.server.cmf.components;

import com.cloudera.api.fiql.FIQLParser;
import com.cloudera.api.model.ApiAuthRoleRef;
import com.cloudera.api.model.ApiDataContext;
import com.cloudera.api.model.ApiHostNameList;
import com.cloudera.api.model.ApiHostRecommissionType;
import com.cloudera.api.model.ApiRole;
import com.cloudera.api.model.ApiRoleConfigGroup;
import com.cloudera.api.model.ApiRoleConfigGroupList;
import com.cloudera.api.model.ApiRoleList;
import com.cloudera.api.model.ApiRoleNameList;
import com.cloudera.api.model.ApiServiceRef;
import com.cloudera.api.model.ApiUser;
import com.cloudera.api.model.ApiUser2;
import com.cloudera.api.model.ApiUser2List;
import com.cloudera.api.model.ApiUserList;
import com.cloudera.cmf.command.ClusterCommandHandler;
import com.cloudera.cmf.command.CmdArgs;
import com.cloudera.cmf.command.CommandHandler;
import com.cloudera.cmf.command.HostCommandHandler;
import com.cloudera.cmf.command.RoleCommandHandler;
import com.cloudera.cmf.command.ServiceCommandHandler;
import com.cloudera.cmf.command.SvcCmdArgs;
import com.cloudera.cmf.command.flow.JsonDbProcess;
import com.cloudera.cmf.externalAccounts.ExternalAccountTypeHandler;
import com.cloudera.cmf.model.DbAuthRole;
import com.cloudera.cmf.model.DbClientConfig;
import com.cloudera.cmf.model.DbCluster;
import com.cloudera.cmf.model.DbCommand;
import com.cloudera.cmf.model.DbCommandSchedule;
import com.cloudera.cmf.model.DbConfig;
import com.cloudera.cmf.model.DbDataContext;
import com.cloudera.cmf.model.DbExternalAccount;
import com.cloudera.cmf.model.DbHost;
import com.cloudera.cmf.model.DbProcess;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbRoleConfigGroup;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.model.DbUser;
import com.cloudera.cmf.model.EntityType;
import com.cloudera.cmf.model.TypedDbBase;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.persist.DatabaseExecutor;
import com.cloudera.cmf.persist.DatabaseTask;
import com.cloudera.cmf.service.ClusterHandler;
import com.cloudera.cmf.service.HostsBringDownCommand;
import com.cloudera.cmf.service.HostsBringUpCommand;
import com.cloudera.cmf.service.RoleHandler;
import com.cloudera.cmf.service.ServiceHandler;
import com.cloudera.cmf.service.ServiceHandlerRegistry;
import com.cloudera.cmf.service.mgmt.MgmtServiceHandler;
import com.cloudera.cmf.service.scm.ScmParamTrackerStore;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.user.UserRole;
import com.cloudera.server.cmf.CurrentUserManager;
import com.cloudera.server.web.cmf.AuthScope;
import com.cloudera.server.web.cmf.AuthScopeContext;
import com.cloudera.server.web.common.Humanize;
import com.google.common.base.Function;
import com.google.common.base.Joiner;
import com.google.common.base.Objects;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.BiFunction;
import javax.annotation.Nullable;
import javax.persistence.EntityManagerFactory;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

@Component(Authorizer.BEAN_NAME)
/* loaded from: input_file:com/cloudera/server/cmf/components/Authorizer.class */
public class Authorizer {
    private static final String DECOMMISSION = "Decommission";
    public static final String BEAN_NAME = "authorizer";
    private final ServiceHandlerRegistry shr;
    private final DatabaseExecutor de;
    private final ScmParamTrackerStore spts;
    private final CurrentUserManager currentUserMgr;
    private static final Logger LOG = LoggerFactory.getLogger(Authorizer.class);
    private static final Map<String, String> buttonValueToAuthority = ImmutableMap.builder().put(Humanize.ButtonValues.ADD, "AUTH_CREATE_CLUSTER").put(Humanize.ButtonValues.APPLY_HOST_TEMPLATE, "ROLE_ADMIN").put(Humanize.ButtonValues.ASSIGN_RACKS, "ROLE_ADMIN").put(Humanize.ButtonValues.ASSIGN_UPGRADE_DOMAIN, "ROLE_ADMIN").put(Humanize.ButtonValues.REMOVE_FROM_CLUSTER, "ROLE_ADMIN").put("HostsRegenerateKeytab", "ROLE_ADMIN").put(Humanize.ButtonValues.ROLLING_RESTART, "AUTH_POWER_OPS").put(HostsBringUpCommand.COMMAND_NAME, "AUTH_POWER_OPS").put(HostsBringDownCommand.COMMAND_NAME, "AUTH_POWER_OPS").put(Humanize.ButtonValues.MAINTENANCE_MODE_ENTER, "AUTH_MAINTENANCE_MODE").put(Humanize.ButtonValues.MAINTENANCE_MODE_EXIT, "AUTH_MAINTENANCE_MODE").build();
    public static final Function<DbCluster, AuthScope> CLUSTER_TO_AUTHSCOPE = new Function<DbCluster, AuthScope>() { // from class: com.cloudera.server.cmf.components.Authorizer.1
        public AuthScope apply(DbCluster dbCluster) {
            return AuthScope.cluster(dbCluster.getName());
        }
    };
    public static final Function<DbService, AuthScope> SERVICE_TO_AUTHSCOPE = new Function<DbService, AuthScope>() { // from class: com.cloudera.server.cmf.components.Authorizer.2
        public AuthScope apply(DbService dbService) {
            return dbService.getCluster() == null ? AuthScope.global() : (AuthScope) Authorizer.CLUSTER_TO_AUTHSCOPE.apply(dbService.getCluster());
        }
    };
    public static final Function<DbRole, AuthScope> ROLE_TO_AUTHSCOPE = new Function<DbRole, AuthScope>() { // from class: com.cloudera.server.cmf.components.Authorizer.3
        public AuthScope apply(DbRole dbRole) {
            return dbRole.getService() == null ? AuthScope.global() : Objects.equal(MgmtServiceHandler.SERVICE_TYPE, dbRole.getService().getServiceType()) ? (AuthScope) Authorizer.HOST_TO_AUTHSCOPE.apply(dbRole.getHost()) : (AuthScope) Authorizer.SERVICE_TO_AUTHSCOPE.apply(dbRole.getService());
        }
    };
    public static final Function<DbRoleConfigGroup, AuthScope> ROLE_CONFIG_GROUP_TO_AUTHSCOPE = new Function<DbRoleConfigGroup, AuthScope>() { // from class: com.cloudera.server.cmf.components.Authorizer.4
        public AuthScope apply(DbRoleConfigGroup dbRoleConfigGroup) {
            return dbRoleConfigGroup.getService() == null ? AuthScope.global() : (AuthScope) Authorizer.SERVICE_TO_AUTHSCOPE.apply(dbRoleConfigGroup.getService());
        }
    };
    public static final BiFunction<DbCommand, ServiceHandlerRegistry, AuthScope> COMMAND_TO_AUTHSCOPE = new BiFunction<DbCommand, ServiceHandlerRegistry, AuthScope>() { // from class: com.cloudera.server.cmf.components.Authorizer.5
        @Override // java.util.function.BiFunction
        public AuthScope apply(DbCommand dbCommand, ServiceHandlerRegistry serviceHandlerRegistry) {
            return Authorizer.getCmdAuthScope(dbCommand, serviceHandlerRegistry);
        }
    };
    public static final Function<DbCommandSchedule, AuthScope> COMMAND_SCHEDULE_TO_AUTHSCOPE = new Function<DbCommandSchedule, AuthScope>() { // from class: com.cloudera.server.cmf.components.Authorizer.6
        public AuthScope apply(DbCommandSchedule dbCommandSchedule) {
            return dbCommandSchedule.getCluster() != null ? (AuthScope) Authorizer.CLUSTER_TO_AUTHSCOPE.apply(dbCommandSchedule.getCluster()) : dbCommandSchedule.getService() != null ? (AuthScope) Authorizer.SERVICE_TO_AUTHSCOPE.apply(dbCommandSchedule.getService()) : dbCommandSchedule.getRole() != null ? (AuthScope) Authorizer.ROLE_TO_AUTHSCOPE.apply(dbCommandSchedule.getRole()) : AuthScope.global();
        }
    };
    public static final Function<DbHost, AuthScope> HOST_TO_AUTHSCOPE = new Function<DbHost, AuthScope>() { // from class: com.cloudera.server.cmf.components.Authorizer.7
        public AuthScope apply(DbHost dbHost) {
            return (dbHost == null || dbHost.getCluster() == null) ? AuthScope.global() : (AuthScope) Authorizer.CLUSTER_TO_AUTHSCOPE.apply(dbHost.getCluster());
        }
    };
    public static final Function<DbConfig, AuthScope> CONFIG_TO_AUTHSCOPE = new Function<DbConfig, AuthScope>() { // from class: com.cloudera.server.cmf.components.Authorizer.8
        public AuthScope apply(DbConfig dbConfig) {
            return dbConfig.getService() != null ? (AuthScope) Authorizer.SERVICE_TO_AUTHSCOPE.apply(dbConfig.getService()) : dbConfig.getRole() != null ? (AuthScope) Authorizer.ROLE_TO_AUTHSCOPE.apply(dbConfig.getRole()) : dbConfig.getRoleConfigGroup() != null ? dbConfig.getRoleConfigGroup().getService() == null ? AuthScope.global() : (AuthScope) Authorizer.SERVICE_TO_AUTHSCOPE.apply(dbConfig.getRoleConfigGroup().getService()) : dbConfig.getHost() != null ? (AuthScope) Authorizer.HOST_TO_AUTHSCOPE.apply(dbConfig.getHost()) : AuthScope.global();
        }
    };
    public static final Function<DbClientConfig, AuthScope> CLIENT_CONFIG_TO_AUTHSCOPE = new Function<DbClientConfig, AuthScope>() { // from class: com.cloudera.server.cmf.components.Authorizer.9
        public AuthScope apply(DbClientConfig dbClientConfig) {
            return dbClientConfig.getService() != null ? (AuthScope) Authorizer.SERVICE_TO_AUTHSCOPE.apply(dbClientConfig.getService()) : dbClientConfig.getCluster() != null ? (AuthScope) Authorizer.CLUSTER_TO_AUTHSCOPE.apply(dbClientConfig.getCluster()) : AuthScope.global();
        }
    };
    public static final Function<DbProcess, AuthScope> PROCESS_TO_AUTHSCOPE = new Function<DbProcess, AuthScope>() { // from class: com.cloudera.server.cmf.components.Authorizer.10
        public AuthScope apply(DbProcess dbProcess) {
            return dbProcess.getRole() != null ? (AuthScope) Authorizer.ROLE_TO_AUTHSCOPE.apply(dbProcess.getRole()) : AuthScope.global();
        }
    };

    @Autowired
    public Authorizer(ServiceHandlerRegistry serviceHandlerRegistry, EntityManagerFactory entityManagerFactory, ScmParamTrackerStore scmParamTrackerStore, CurrentUserManager currentUserManager) {
        this.shr = serviceHandlerRegistry;
        this.de = new DatabaseExecutor(entityManagerFactory);
        this.spts = scmParamTrackerStore;
        this.currentUserMgr = currentUserManager;
    }

    public boolean hostCmd(Authentication authentication, String str, List<Long> list) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(list);
        HostCommandHandler<? extends CmdArgs> hostCommand = this.shr.getHostHandler().getHostCommand(str);
        if (hostCommand != null) {
            return allRolesOnHost(authentication, list, hostCommand);
        }
        LOG.warn("Couldn't find command handler for: {}", str);
        return false;
    }

    public boolean hostRecommissionWithStartCmd(final Authentication authentication, final String str, final String str2, String str3, final ApiHostNameList apiHostNameList) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(str2);
        Preconditions.checkNotNull(str3);
        Preconditions.checkNotNull(apiHostNameList);
        final ApiHostRecommissionType valueOf = ApiHostRecommissionType.valueOf(str3);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.11
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1651run(CmfEntityManager cmfEntityManager) {
                ArrayList newArrayList = Lists.newArrayList();
                for (DbHost dbHost : cmfEntityManager.findHostsByHostNames(apiHostNameList.getHostNames())) {
                    newArrayList.add(dbHost.getId());
                    if (!Authorizer.this.isFullyAuthorized(authentication, ImmutableSet.of(str, "AUTH_DECOMMISSION_OTHER"), str2, (AuthScope) Authorizer.HOST_TO_AUTHSCOPE.apply(dbHost))) {
                        return false;
                    }
                }
                if (valueOf == ApiHostRecommissionType.RECOMMISSION) {
                    return true;
                }
                Preconditions.checkArgument(valueOf == ApiHostRecommissionType.RECOMMISSION_WITH_START);
                return Boolean.valueOf(Authorizer.this.hostCmd(authentication, HostsBringUpCommand.COMMAND_NAME, newArrayList));
            }
        })).booleanValue();
    }

    public boolean hostCmd(final Authentication authentication, final String str, final ApiHostNameList apiHostNameList) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(apiHostNameList);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.12
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1652run(CmfEntityManager cmfEntityManager) {
                ArrayList newArrayList = Lists.newArrayList();
                Iterator it = cmfEntityManager.findHostsByHostNames(apiHostNameList.getHostNames()).iterator();
                while (it.hasNext()) {
                    newArrayList.add(((DbHost) it.next()).getId());
                }
                return Boolean.valueOf(Authorizer.this.hostCmd(authentication, str, newArrayList));
            }
        })).booleanValue();
    }

    private boolean allRolesOnHost(final Authentication authentication, final List<Long> list, final CommandHandler commandHandler) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(list);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.13
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1653run(CmfEntityManager cmfEntityManager) {
                if (commandHandler.getName().equals(HostsBringDownCommand.COMMAND_NAME) || commandHandler.getName().equals(HostsBringUpCommand.COMMAND_NAME)) {
                    for (DbRole dbRole : cmfEntityManager.findRolesOnHostsById((String) null, list)) {
                        RoleHandler roleHandler = Authorizer.this.shr.getRoleHandler(dbRole);
                        if (roleHandler == null) {
                            Authorizer.LOG.warn("Couldn't find role handler for: {}", dbRole.getName());
                        } else if (!Authorizer.this.isAuthorized(authentication, roleHandler.getAuthorityForPowerState(), dbRole.getName(), Authorizer.getServiceAuthScope(dbRole.getService()))) {
                            return false;
                        }
                    }
                    String authority = commandHandler.getAuthority();
                    Iterator it = cmfEntityManager.findHosts(list).iterator();
                    while (it.hasNext()) {
                        if (!Authorizer.this.isAuthorized(authentication, authority, commandHandler.getName(), Authorizer.getClusterAuthScope(((DbHost) it.next()).getCluster()))) {
                            return false;
                        }
                    }
                }
                return true;
            }
        })).booleanValue();
    }

    public boolean hasAuthorityOnHosts(Authentication authentication, String str, ApiHostNameList apiHostNameList) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(apiHostNameList);
        Preconditions.checkNotNull(str);
        return hasAllAuthsOnHosts(authentication, apiHostNameList, Sets.newHashSet(new String[]{str}), DECOMMISSION);
    }

    public boolean hasAuthorityOnHostIds(Authentication authentication, String str, List<Long> list) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(list);
        Preconditions.checkNotNull(str);
        return hasAllAuthsOnHostIds(authentication, list, Sets.newHashSet(new String[]{str}), DECOMMISSION);
    }

    public boolean clusterCmd(final Authentication authentication, final String str, final Long l) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(l);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.14
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1654run(CmfEntityManager cmfEntityManager) {
                DbCluster findCluster = cmfEntityManager.findCluster(l.longValue());
                if (findCluster == null) {
                    Authorizer.LOG.warn("Couldn't find cluster for: {}", l);
                    return false;
                }
                ClusterHandler clusterHandler = Authorizer.this.shr.get(findCluster);
                if (clusterHandler == null) {
                    Authorizer.LOG.warn("Couldn't find cluster handler for: {}", findCluster.getName());
                    return false;
                }
                ClusterCommandHandler<? extends CmdArgs> clusterCommand = clusterHandler.getClusterCommand(str);
                if (clusterCommand != null) {
                    return Boolean.valueOf(Authorizer.this.isAuthorized(authentication, clusterCommand.getAuthority(), str, AuthScope.cluster(findCluster.getName())));
                }
                Authorizer.LOG.warn("Couldn't find command handler for: {}", str);
                return false;
            }
        })).booleanValue();
    }

    public boolean serviceCmdWithArgs(Authentication authentication, String str, Long l, String str2) {
        return serviceCmd(authentication, str, l, ImmutableList.of());
    }

    public boolean serviceCmd(final Authentication authentication, final String str, final Long l, final List<Long> list) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(l);
        Preconditions.checkNotNull(list);
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.15
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1655run(CmfEntityManager cmfEntityManager) {
                DbService findService = cmfEntityManager.findService(l.longValue());
                if (findService == null) {
                    Authorizer.LOG.warn("Couldn't find service for: {}", l);
                    return false;
                }
                ServiceHandler serviceHandler = Authorizer.this.shr.get(findService);
                if (serviceHandler == null) {
                    Authorizer.LOG.warn("Couldn't find service handler for: {}", findService.getName());
                    return false;
                }
                ServiceCommandHandler<? extends SvcCmdArgs> serviceCommand = serviceHandler.getServiceCommand(str);
                if (serviceCommand == null) {
                    Authorizer.LOG.warn("Couldn't find command handler for: {}", str);
                    return false;
                }
                AuthScope serviceAuthScope = Authorizer.getServiceAuthScope(findService);
                if (serviceCommand.changesRoleState()) {
                    for (Long l2 : list) {
                        DbRole findRole = cmfEntityManager.findRole(l2.longValue());
                        if (findRole == null) {
                            Authorizer.LOG.warn("Couldn't find role for : {}", l2);
                        } else {
                            RoleHandler roleHandler = Authorizer.this.shr.getRoleHandler(findRole);
                            if (roleHandler == null) {
                                Authorizer.LOG.warn("Couldn't find role handler for: {}", findRole.getName());
                            } else if (!Authorizer.this.isAuthorized(authentication, roleHandler.getAuthorityForPowerState(), findRole.getName(), serviceAuthScope)) {
                                return false;
                            }
                        }
                    }
                }
                return Boolean.valueOf(Authorizer.this.isAuthorized(authentication, serviceCommand.getAuthority(), str, serviceAuthScope));
            }
        })).booleanValue();
    }

    public boolean serviceCmdWithNames(final Authentication authentication, final String str, final String str2, final ApiRoleNameList apiRoleNameList) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(apiRoleNameList);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.16
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1656run(CmfEntityManager cmfEntityManager) {
                ArrayList newArrayList = Lists.newArrayList();
                DbService dbService = null;
                boolean isEmpty = StringUtils.isEmpty(str2);
                if (!isEmpty) {
                    dbService = cmfEntityManager.findServiceByName(str2);
                    if (dbService == null) {
                        return true;
                    }
                }
                for (DbRole dbRole : cmfEntityManager.findRolesByNames(apiRoleNameList.getRoleNames())) {
                    newArrayList.add(dbRole.getId());
                    if (dbService == null && isEmpty) {
                        dbService = dbRole.getService();
                    }
                }
                if (dbService != null) {
                    return Boolean.valueOf(Authorizer.this.serviceCmd(authentication, str, dbService.getId(), newArrayList));
                }
                Authorizer.LOG.warn("Couldn't find service for: {}", str2);
                return false;
            }
        })).booleanValue();
    }

    public boolean roleCmd(final Authentication authentication, final String str, final Long l) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(l);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.17
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1657run(CmfEntityManager cmfEntityManager) {
                DbRole findRole = cmfEntityManager.findRole(l.longValue());
                if (findRole == null) {
                    Authorizer.LOG.warn("Couldn't find role for: {}", l);
                    return false;
                }
                RoleHandler roleHandler = Authorizer.this.shr.getRoleHandler(findRole);
                if (roleHandler == null) {
                    Authorizer.LOG.warn("Couldn't find role handler for: {}", findRole.getName());
                    return false;
                }
                RoleCommandHandler<? extends CmdArgs> roleCommand = roleHandler.getRoleCommand(str);
                if (roleCommand != null) {
                    return Boolean.valueOf(Authorizer.this.isAuthorized(authentication, roleCommand.getAuthority(), str, Authorizer.getServiceAuthScope(findRole.getService())));
                }
                Authorizer.LOG.warn("Couldn't find command handler for: {}", str);
                return false;
            }
        })).booleanValue();
    }

    public boolean cmd(final Authentication authentication, final Long l) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(l);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.18
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1658run(CmfEntityManager cmfEntityManager) {
                DbCommand findCommand = cmfEntityManager.findCommand(l);
                if (findCommand == null) {
                    Authorizer.LOG.warn("Couldn't find command for: {}", l);
                    return false;
                }
                AuthScope cmdAuthScope = Authorizer.getCmdAuthScope(findCommand, Authorizer.this.shr);
                CommandHandler commandHandler = Authorizer.this.shr.getCommandHandler(findCommand);
                if (commandHandler != null) {
                    return Boolean.valueOf(Authorizer.this.isAuthorized(authentication, commandHandler.getAuthority(), findCommand.getName(), cmdAuthScope));
                }
                Authorizer.LOG.debug("Command lacks a handler. Assuming ADMIN privilege is required: {}", findCommand.getName());
                return Boolean.valueOf(Authorizer.this.isAuthorized(authentication, "ROLE_ADMIN", findCommand.getName(), cmdAuthScope));
            }
        })).booleanValue();
    }

    @Deprecated
    public boolean buttonValue(Authentication authentication, String str) {
        String str2;
        Preconditions.checkNotNull(authentication);
        if (str == null || (str2 = buttonValueToAuthority.get(str)) == null) {
            return false;
        }
        return isAuthorized(authentication, str2, str, AuthScopeContext.get());
    }

    @Nullable
    public String getAuthority(String str) {
        if (str == null) {
            return null;
        }
        return buttonValueToAuthority.get(str);
    }

    public boolean buttonValue(Authentication authentication, AuthScope authScope, String str) {
        String str2;
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(authScope);
        if (str == null || (str2 = buttonValueToAuthority.get(str)) == null) {
            return false;
        }
        return isAuthorized(authentication, str2, str, authScope);
    }

    public boolean serviceTypeForConfigEdits(final Authentication authentication, final Long l) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(l);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.19
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1659run(CmfEntityManager cmfEntityManager) {
                DbService findService = cmfEntityManager.findService(l.longValue());
                if (findService == null) {
                    Authorizer.LOG.warn("Couldn't find service for: {}", l);
                    return false;
                }
                ServiceHandler serviceHandler = Authorizer.this.shr.get(findService);
                if (serviceHandler != null) {
                    return Boolean.valueOf(Authorizer.this.isAuthorized(authentication, serviceHandler.getAuthoritiesForConfigs(), serviceHandler.getServiceType(), Authorizer.getServiceAuthScope(findService)));
                }
                Authorizer.LOG.warn("Couldn't find service handler for: {}", findService.getName());
                return false;
            }
        })).booleanValue();
    }

    public boolean serviceTypeForConfigEdits(final Authentication authentication, final String str) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(str);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.20
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1660run(CmfEntityManager cmfEntityManager) {
                DbService findServiceByName;
                String str2;
                if (str.isEmpty()) {
                    findServiceByName = (DbService) Iterables.getOnlyElement(cmfEntityManager.findServicesByType(MgmtServiceHandler.SERVICE_TYPE), (Object) null);
                    str2 = MgmtServiceHandler.SERVICE_TYPE;
                } else {
                    findServiceByName = cmfEntityManager.findServiceByName(str);
                    str2 = str;
                    if (findServiceByName == null) {
                        return true;
                    }
                }
                if (findServiceByName == null) {
                    Authorizer.LOG.warn("Couldn't find service for: {}", str2);
                    return false;
                }
                ServiceHandler serviceHandler = Authorizer.this.shr.get(findServiceByName);
                if (serviceHandler != null) {
                    return Boolean.valueOf(Authorizer.this.isAuthorized(authentication, serviceHandler.getAuthoritiesForConfigs(), serviceHandler.getServiceType(), Authorizer.getServiceAuthScope(findServiceByName)));
                }
                Authorizer.LOG.warn("Couldn't find service handler for: {}", findServiceByName.getName());
                return false;
            }
        })).booleanValue();
    }

    public boolean externalAccountTypeForConfigEdits(final Authentication authentication, final String str) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(str);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.21
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1661run(CmfEntityManager cmfEntityManager) {
                DbExternalAccount findExternalAccountByName = cmfEntityManager.findExternalAccountByName(str);
                if (findExternalAccountByName == null) {
                    return true;
                }
                ExternalAccountTypeHandler externalAccountTypeHandler = Authorizer.this.shr.getExternalAccountTypeHandler(findExternalAccountByName.getType());
                if (externalAccountTypeHandler != null) {
                    return Boolean.valueOf(Authorizer.this.isAuthorized(authentication, externalAccountTypeHandler.getConfigSpec().getAuthorities(), findExternalAccountByName.getType().name(), AuthScope.global()));
                }
                Authorizer.LOG.warn("Couldn't find external account handler for: {}", str);
                return false;
            }
        })).booleanValue();
    }

    public boolean roleTypeForConfigEdits(final Authentication authentication, final Long l) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(l);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.22
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1662run(CmfEntityManager cmfEntityManager) {
                DbRole findRole = cmfEntityManager.findRole(l.longValue());
                if (findRole == null) {
                    Authorizer.LOG.warn("Couldn't find role for: {}", l);
                    return false;
                }
                RoleHandler roleHandler = Authorizer.this.shr.getRoleHandler(findRole);
                if (roleHandler != null) {
                    return Boolean.valueOf(Authorizer.this.isAuthorized(authentication, roleHandler.getConfigSpec().getAuthorities(), roleHandler.getRoleName(), Authorizer.getServiceAuthScope(findRole.getService())));
                }
                Authorizer.LOG.warn("Couldn't find role handler for: {}", findRole.getName());
                return false;
            }
        })).booleanValue();
    }

    public boolean roleTypeForConfigEdits(final Authentication authentication, final String str) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(str);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.23
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1663run(CmfEntityManager cmfEntityManager) {
                DbRole findRoleByName = cmfEntityManager.findRoleByName(str);
                if (findRoleByName == null) {
                    return true;
                }
                RoleHandler roleHandler = Authorizer.this.shr.getRoleHandler(findRoleByName);
                if (roleHandler != null) {
                    return Boolean.valueOf(Authorizer.this.isAuthorized(authentication, roleHandler.getConfigSpec().getAuthorities(), roleHandler.getRoleName(), Authorizer.getServiceAuthScope(findRoleByName.getService())));
                }
                Authorizer.LOG.warn("Couldn't find role handler for: {}", findRoleByName.getName());
                return false;
            }
        })).booleanValue();
    }

    public boolean roleTypeForConfigEdits(final Authentication authentication, final Long l, final String str) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(l);
        Preconditions.checkNotNull(str);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.24
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1664run(CmfEntityManager cmfEntityManager) {
                DbService findService = cmfEntityManager.findService(l.longValue());
                if (findService == null) {
                    Authorizer.LOG.warn("Couldn't find service for: {}", l);
                    return false;
                }
                RoleHandler roleHandler = Authorizer.this.shr.getRoleHandler(findService, str);
                if (roleHandler != null) {
                    return Boolean.valueOf(Authorizer.this.isAuthorized(authentication, roleHandler.getConfigSpec().getAuthorities(), roleHandler.getRoleName(), Authorizer.getServiceAuthScope(findService)));
                }
                Authorizer.LOG.warn("Couldn't find role handler for: {}", str);
                return false;
            }
        })).booleanValue();
    }

    public boolean roleTypeForConfigEdits(final Authentication authentication, final ApiRoleNameList apiRoleNameList) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(apiRoleNameList);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.25
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1665run(CmfEntityManager cmfEntityManager) {
                for (DbRole dbRole : cmfEntityManager.findRolesByNames(apiRoleNameList.getRoleNames())) {
                    RoleHandler roleHandler = Authorizer.this.shr.getRoleHandler(dbRole);
                    if (roleHandler != null && !Authorizer.this.isAuthorized(authentication, roleHandler.getConfigSpec().getAuthorities(), roleHandler.getRoleName(), Authorizer.getServiceAuthScope(dbRole.getService()))) {
                        return false;
                    }
                }
                return true;
            }
        })).booleanValue();
    }

    public boolean roleTypeForConfigEdits(final Authentication authentication, final String str, final ApiRoleConfigGroupList apiRoleConfigGroupList) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(apiRoleConfigGroupList);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.26
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1666run(CmfEntityManager cmfEntityManager) {
                DbService findServiceByName = cmfEntityManager.findServiceByName(str);
                if (findServiceByName == null) {
                    return true;
                }
                Iterator it = apiRoleConfigGroupList.getGroups().iterator();
                while (it.hasNext()) {
                    if (!Authorizer.this.roleTypeForConfigEdits(authentication, findServiceByName.getId(), ((ApiRoleConfigGroup) it.next()).getRoleType())) {
                        return false;
                    }
                }
                return true;
            }
        })).booleanValue();
    }

    public boolean deleteService(final Authentication authentication, final Long l) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(l);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.27
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1667run(CmfEntityManager cmfEntityManager) {
                DbService findService = cmfEntityManager.findService(l.longValue());
                if (findService == null) {
                    Authorizer.LOG.warn("Couldn't find service for: {}", l);
                    return false;
                }
                ServiceHandler serviceHandler = Authorizer.this.shr.get(findService);
                if (serviceHandler == null) {
                    Authorizer.LOG.warn("Couldn't find service handler for: {}", findService.getName());
                    return false;
                }
                if (!Authorizer.this.isAuthorized(authentication, serviceHandler.getAuthorityForAddRemove(), findService.getName(), Authorizer.getServiceAuthScope(findService))) {
                    return false;
                }
                ArrayList newArrayList = Lists.newArrayList();
                Iterator it = findService.getRoles().iterator();
                while (it.hasNext()) {
                    newArrayList.add(((DbRole) it.next()).getId());
                }
                return Boolean.valueOf(Authorizer.this.deleteRoles(authentication, newArrayList));
            }
        })).booleanValue();
    }

    public boolean deleteService(final Authentication authentication, final String str) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(str);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.28
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1668run(CmfEntityManager cmfEntityManager) {
                DbService findServiceByName = cmfEntityManager.findServiceByName(str);
                if (findServiceByName == null) {
                    return true;
                }
                return Boolean.valueOf(Authorizer.this.deleteService(authentication, findServiceByName.getId()));
            }
        })).booleanValue();
    }

    public boolean deleteRoles(final Authentication authentication, final List<Long> list) {
        Preconditions.checkNotNull(authentication);
        if (list == null || list.isEmpty()) {
            return true;
        }
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.29
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1669run(CmfEntityManager cmfEntityManager) {
                RoleHandler roleHandler;
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    DbRole findRole = cmfEntityManager.findRole(((Long) it.next()).longValue());
                    if (findRole != null && (roleHandler = Authorizer.this.shr.getRoleHandler(findRole)) != null && !Authorizer.this.isAuthorized(authentication, roleHandler.getAuthorityForAddRemove(), findRole.getName(), Authorizer.getServiceAuthScope(findRole.getService()))) {
                        return false;
                    }
                }
                return true;
            }
        })).booleanValue();
    }

    public boolean deleteRolesByName(final Authentication authentication, final List<String> list) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(list);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.30
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1670run(CmfEntityManager cmfEntityManager) {
                ArrayList newArrayList = Lists.newArrayList();
                Iterator it = cmfEntityManager.findRolesByNames(list).iterator();
                while (it.hasNext()) {
                    newArrayList.add(((DbRole) it.next()).getId());
                }
                return Boolean.valueOf(Authorizer.this.deleteRoles(authentication, newArrayList));
            }
        })).booleanValue();
    }

    public boolean deleteRole(Authentication authentication, Long l) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(l);
        return deleteRoles(authentication, ImmutableList.of(l));
    }

    public boolean deleteRole(final Authentication authentication, final String str) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(str);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.31
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1671run(CmfEntityManager cmfEntityManager) {
                DbRole findRoleByName = cmfEntityManager.findRoleByName(str);
                if (findRoleByName == null) {
                    return true;
                }
                return Boolean.valueOf(Authorizer.this.deleteRole(authentication, findRoleByName.getId()));
            }
        })).booleanValue();
    }

    public boolean deleteHosts(final Authentication authentication, final List<Long> list) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(list);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.32
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1672run(CmfEntityManager cmfEntityManager) {
                for (DbRole dbRole : cmfEntityManager.findRolesOnHostsById((String) null, list)) {
                    RoleHandler roleHandler = Authorizer.this.shr.getRoleHandler(dbRole);
                    if (roleHandler == null) {
                        Authorizer.LOG.warn("Couldn't find role handler for: {}", dbRole.getName());
                    } else if (!Authorizer.this.isAuthorized(authentication, roleHandler.getAuthorityForAddRemove(), dbRole.getName(), Authorizer.getServiceAuthScope(dbRole.getService()))) {
                        return false;
                    }
                }
                for (DbHost dbHost : cmfEntityManager.findHosts(list)) {
                    if (!Authorizer.this.isAuthorized(authentication, "ROLE_ADMIN", Humanize.ButtonValues.DELETE, dbHost.getCluster() == null ? AuthScope.global() : AuthScope.cluster(dbHost.getCluster().getName()))) {
                        return false;
                    }
                }
                return true;
            }
        })).booleanValue();
    }

    public boolean addAnyService(final Authentication authentication, final Long l) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(l);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.33
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1673run(CmfEntityManager cmfEntityManager) {
                if (0 == l.longValue()) {
                    return Boolean.valueOf(Authorizer.this.isAuthorized(authentication, Authorizer.this.shr.getMgmtHandler().getAuthorityForAddRemove(), Authorizer.this.shr.getMgmtHandler().getServiceType(), AuthScope.global()));
                }
                DbCluster findCluster = cmfEntityManager.findCluster(l.longValue());
                if (findCluster == null) {
                    Authorizer.LOG.warn("Couldn't find cluster for: {}", l);
                    return false;
                }
                List<ServiceHandler> allByVersion = Authorizer.this.shr.getAllByVersion(findCluster.getCdhVersion());
                AuthScope cluster = AuthScope.cluster(findCluster.getName());
                for (ServiceHandler serviceHandler : allByVersion) {
                    if (Authorizer.this.isAuthorized(authentication, serviceHandler.getAuthorityForAddRemove(), serviceHandler.getServiceType(), cluster)) {
                        return true;
                    }
                }
                return false;
            }
        })).booleanValue();
    }

    public boolean renameService(final Authentication authentication, final Long l) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(l);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.34
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1674run(CmfEntityManager cmfEntityManager) {
                DbService findService = cmfEntityManager.findService(l.longValue());
                if (findService == null) {
                    Authorizer.LOG.warn("Couldn't find service for: {}", l);
                    return false;
                }
                ServiceHandler serviceHandler = Authorizer.this.shr.get(findService);
                if (serviceHandler != null) {
                    return Boolean.valueOf(Authorizer.this.isAuthorized(authentication, serviceHandler.getAuthorityForAddRemove(), findService.getName(), Authorizer.getServiceAuthScope(findService)));
                }
                Authorizer.LOG.warn("Couldn't find service handler for: {}", findService.getName());
                return false;
            }
        })).booleanValue();
    }

    public boolean addAnyRolesToService(final Authentication authentication, final Long l) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(l);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.35
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1675run(CmfEntityManager cmfEntityManager) {
                DbService findService = cmfEntityManager.findService(l.longValue());
                if (findService == null) {
                    Authorizer.LOG.warn("Couldn't find service for: {}", l);
                    return false;
                }
                ServiceHandler serviceHandler = Authorizer.this.shr.get(findService);
                if (serviceHandler == null) {
                    Authorizer.LOG.warn("Couldn't find service handler for: {}", findService.getName());
                    return false;
                }
                for (RoleHandler roleHandler : serviceHandler.getRoleHandlers()) {
                    if (Authorizer.this.isAuthorized(authentication, roleHandler.getAuthorityForAddRemove(), roleHandler.getRoleName(), Authorizer.getServiceAuthScope(findService))) {
                        return true;
                    }
                }
                return false;
            }
        })).booleanValue();
    }

    public boolean addRolesToService(final Authentication authentication, final String str, final ApiRoleList apiRoleList) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(apiRoleList);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.36
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1676run(CmfEntityManager cmfEntityManager) {
                DbService findServiceByName;
                String str2;
                if (str.isEmpty()) {
                    findServiceByName = (DbService) Iterables.getOnlyElement(cmfEntityManager.findServicesByType(MgmtServiceHandler.SERVICE_TYPE), (Object) null);
                    str2 = MgmtServiceHandler.SERVICE_TYPE;
                } else {
                    findServiceByName = cmfEntityManager.findServiceByName(str);
                    str2 = str;
                    if (findServiceByName == null) {
                        return true;
                    }
                }
                if (findServiceByName == null) {
                    Authorizer.LOG.warn("Couldn't find service for: {}", str2);
                    return false;
                }
                AuthScope serviceAuthScope = Authorizer.getServiceAuthScope(findServiceByName);
                Iterator it = apiRoleList.getRoles().iterator();
                while (it.hasNext()) {
                    RoleHandler roleHandler = Authorizer.this.shr.getRoleHandler(findServiceByName, ((ApiRole) it.next()).getType());
                    if (!Authorizer.this.isAuthorized(authentication, roleHandler.getAuthorityForAddRemove(), roleHandler.getRoleName(), serviceAuthScope)) {
                        return false;
                    }
                }
                return true;
            }
        })).booleanValue();
    }

    public boolean process(final Authentication authentication, final Long l) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(l);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.37
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1677run(CmfEntityManager cmfEntityManager) {
                Set<String> of;
                DbProcess findProcess = cmfEntityManager.findProcess(l);
                if (findProcess == null) {
                    Authorizer.LOG.warn("Couldn't find process for: {}", l);
                    return false;
                }
                DbRole role = findProcess.getRole();
                if (role != null) {
                    RoleHandler roleHandler = Authorizer.this.shr.getRoleHandler(role);
                    if (roleHandler == null) {
                        Authorizer.LOG.warn("Couldn't find role handler for: {}", role.getName());
                        return false;
                    }
                    of = roleHandler.getConfigSpec().getAuthorities();
                } else {
                    DbCommand command = findProcess.getCommand();
                    if (command == null) {
                        Authorizer.LOG.warn("Couldn't find command for: {}", findProcess.getName());
                        return false;
                    }
                    CommandHandler commandHandler = Authorizer.this.shr.getCommandHandler(command);
                    if (commandHandler == null) {
                        Authorizer.LOG.warn("Couldn't find command handler for: {}", command.getName());
                        return false;
                    }
                    of = ImmutableSet.of(commandHandler.getAuthority());
                }
                return Boolean.valueOf(Authorizer.this.isFullyAuthorized(authentication, of, findProcess.getName(), Authorizer.getServiceAuthScope(role.getService())));
            }
        })).booleanValue();
    }

    public boolean configGroup(final Authentication authentication, final String str) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(str);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.38
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1678run(CmfEntityManager cmfEntityManager) {
                DbRoleConfigGroup findRoleConfigGroupByName = cmfEntityManager.findRoleConfigGroupByName(str);
                if (findRoleConfigGroupByName == null) {
                    return true;
                }
                RoleHandler roleHandler = Authorizer.this.shr.getRoleHandler(findRoleConfigGroupByName);
                if (roleHandler != null) {
                    return Boolean.valueOf(Authorizer.this.isAuthorized(authentication, roleHandler.getConfigSpec().getAuthorities(), roleHandler.getRoleName(), Authorizer.getServiceAuthScope(findRoleConfigGroupByName.getService())));
                }
                Authorizer.LOG.warn("Couldn't find role handler for: {}", findRoleConfigGroupByName.getName());
                return false;
            }
        })).booleanValue();
    }

    public boolean createUsers(Authentication authentication, Collection<String> collection) {
        Preconditions.checkNotNull(authentication);
        if (collection == null || collection.isEmpty()) {
            return true;
        }
        return isFullyAuthorized(authentication, getRequiredAuthoritiesForRoles(collection), collection.toString(), AuthScope.global());
    }

    public boolean createUsers(Authentication authentication, ApiUserList apiUserList) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(apiUserList);
        Set<String> newHashSet = Sets.newHashSet();
        Iterator it = apiUserList.getUsers().iterator();
        while (it.hasNext()) {
            Set roles = ((ApiUser) it.next()).getRoles();
            if (roles == null || roles.isEmpty()) {
                newHashSet.add(UserRole.ROLE_USER.getModifyAuth());
            } else {
                newHashSet.addAll(getRequiredAuthoritiesForRoles(roles));
            }
        }
        return isFullyAuthorized(authentication, newHashSet, apiUserList.toString(), AuthScope.global());
    }

    public boolean createUsers2(final Authentication authentication, final ApiUser2List apiUser2List) {
        Preconditions.checkNotNull(authentication);
        Preconditions.checkNotNull(apiUser2List);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.39
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1679run(CmfEntityManager cmfEntityManager) {
                HashSet newHashSet = Sets.newHashSet();
                for (ApiUser2 apiUser2 : apiUser2List.getUsers2()) {
                    HashSet newHashSet2 = Sets.newHashSet();
                    for (ApiAuthRoleRef apiAuthRoleRef : apiUser2.getAuthRoles()) {
                        DbAuthRole findAuthRoleByName = apiAuthRoleRef.getName() != null ? cmfEntityManager.findAuthRoleByName(apiAuthRoleRef.getName()) : cmfEntityManager.findAuthRole(apiAuthRoleRef.getUuid());
                        if (findAuthRoleByName == null) {
                            Authorizer.LOG.warn("Couldn't find auth role for: uuid {} or name {}.", apiAuthRoleRef.getUuid(), apiAuthRoleRef.getName());
                            return false;
                        }
                        newHashSet2.add(findAuthRoleByName.getEffectiveUserRoleName());
                    }
                    if (newHashSet2 == null || newHashSet2.isEmpty()) {
                        newHashSet.add(UserRole.ROLE_USER.getModifyAuth());
                    } else {
                        newHashSet.addAll(Authorizer.this.getRequiredAuthoritiesForRoles(newHashSet2));
                    }
                }
                return Boolean.valueOf(Authorizer.this.isFullyAuthorized(authentication, newHashSet, apiUser2List.toString(), AuthScope.global()));
            }
        })).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Set<String> getRequiredAuthoritiesForRoles(Collection<String> collection) {
        HashSet newHashSet = Sets.newHashSet();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            try {
                newHashSet.add(UserRole.valueOf(it.next()).getModifyAuth());
            } catch (IllegalArgumentException e) {
            }
        }
        return newHashSet;
    }

    public boolean modifyUsers(final Authentication authentication, final List<String> list) {
        Preconditions.checkNotNull(authentication);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.40
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1680run(CmfEntityManager cmfEntityManager) {
                HashSet newHashSet = Sets.newHashSet();
                if (list == null || list.isEmpty()) {
                    Authorizer.LOG.debug("User modification request for empty/null users.");
                    newHashSet.add("ROLE_ADMIN");
                    return Boolean.valueOf(Authorizer.this.isFullyAuthorizedNoUsers(authentication, newHashSet, AuthScope.global()));
                }
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    DbUser findUserByName = cmfEntityManager.findUserByName((String) it.next());
                    if (findUserByName == null) {
                        Authorizer.LOG.debug("User modification request for an invalid user.");
                        newHashSet.add("ROLE_ADMIN");
                    } else {
                        Iterator it2 = findUserByName.getImmutableAuthRole().iterator();
                        while (it2.hasNext()) {
                            newHashSet.add(UserRole.valueOf(((DbAuthRole) it2.next()).getEffectiveUserRoleName()).getModifyAuth());
                        }
                    }
                }
                return Boolean.valueOf(Authorizer.this.isFullyAuthorized(authentication, newHashSet, list.toString(), AuthScope.global()));
            }
        })).booleanValue();
    }

    public boolean applyRolesToUsers(Authentication authentication, List<String> list, List<String> list2) {
        return modifyUsers(authentication, list) && createUsers(authentication, list2);
    }

    public boolean createDataContext(final Authentication authentication, final ApiDataContext apiDataContext) {
        Preconditions.checkNotNull(authentication);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.41
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1681run(CmfEntityManager cmfEntityManager) {
                DbService findServiceByName;
                if (apiDataContext.getServices().isEmpty() || (findServiceByName = cmfEntityManager.findServiceByName(((ApiServiceRef) apiDataContext.getServices().get(0)).getServiceName())) == null) {
                    return true;
                }
                return Boolean.valueOf(Authorizer.this.isFullyAuthorizedNoUsers(authentication, Sets.newHashSet(new String[]{"ROLE_ADMIN"}), AuthScope.cluster(findServiceByName.getCluster().getName())));
            }
        })).booleanValue();
    }

    public boolean deleteDataContext(final Authentication authentication, final String str) {
        Preconditions.checkNotNull(authentication);
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.42
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1682run(CmfEntityManager cmfEntityManager) {
                DbDataContext findDataContextByName = cmfEntityManager.findDataContextByName(str);
                if (findDataContextByName == null) {
                    return true;
                }
                return Boolean.valueOf(Authorizer.this.isFullyAuthorizedNoUsers(authentication, Sets.newHashSet(new String[]{"ROLE_ADMIN"}), AuthScope.cluster(((DbCluster) Iterables.getOnlyElement(findDataContextByName.getBaseClusters())).getName())));
            }
        })).booleanValue();
    }

    public boolean serverSettings(Authentication authentication) {
        Preconditions.checkNotNull(authentication);
        return isAuthorized(authentication, this.shr.getScmHandler().getConfigSpec().getAuthorities(), "Server Settings", AuthScope.global());
    }

    public boolean clientConfig(Authentication authentication) {
        Preconditions.checkNotNull(authentication);
        if (((Boolean) this.spts.get(ScmParams.CLIENT_CONFIG_AUTH)).booleanValue()) {
            return isAuthorized(authentication, "ROLE_USER", "Client Config", AuthScopeContext.get());
        }
        return true;
    }

    public boolean isAuthorized(Authentication authentication, String str, AuthScope authScope) {
        return isAuthorized(authentication, str, authScope.toString(), authScope);
    }

    public boolean hasRole(Authentication authentication, AuthScope authScope, UserRole userRole) {
        return isFullyAuthorized(authentication, userRole.getAuthorities(), authScope.toString(), authScope);
    }

    public boolean hasClusterCreateAuthority(Authentication authentication) {
        return isAuthorized(authentication, "AUTH_CREATE_CLUSTER", AuthScope.global().toString(), AuthScope.global());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isAuthorized(Authentication authentication, String str, String str2, AuthScope authScope) {
        boolean hasAuthority = this.currentUserMgr.hasAuthority(authScope, str);
        logIt(authScope, hasAuthority, str);
        return hasAuthority;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isAuthorized(Authentication authentication, Set<String> set, String str, AuthScope authScope) {
        boolean hasAnyAuthority = this.currentUserMgr.hasAnyAuthority(authScope, set);
        logIt(authScope, hasAnyAuthority, set);
        return hasAnyAuthority;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isFullyAuthorized(Authentication authentication, Set<String> set, String str, AuthScope authScope) {
        boolean hasAllAuthorities = this.currentUserMgr.hasAllAuthorities(authScope, set);
        logIt(authScope, hasAllAuthorities, set);
        return hasAllAuthorities;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isFullyAuthorizedNoUsers(Authentication authentication, Set<String> set, AuthScope authScope) {
        boolean hasAllAuthorities = this.currentUserMgr.hasAllAuthorities(authScope, set);
        logIt(authScope, hasAllAuthorities, set);
        return hasAllAuthorities;
    }

    public static AuthScope getCmdAuthScope(DbCommand dbCommand, ServiceHandlerRegistry serviceHandlerRegistry) {
        CommandHandler commandHandler = serviceHandlerRegistry.getCommandHandler(dbCommand);
        return commandHandler == null ? AuthScope.global() : commandHandler.getAuthScope(dbCommand);
    }

    public static String value() {
        return "value";
    }

    public static AuthScope getServiceAuthScope(DbService dbService) {
        return dbService == null ? AuthScope.global() : getClusterAuthScope(dbService.getCluster());
    }

    public static AuthScope getClusterAuthScope(DbCluster dbCluster) {
        return dbCluster == null ? AuthScope.global() : AuthScope.cluster(dbCluster.getName());
    }

    public static AuthScope getEntityAuthScope(TypedDbBase typedDbBase) {
        EntityType entityType = typedDbBase.getEntityType();
        if (entityType == EntityType.CLUSTER) {
            return getClusterAuthScope((DbCluster) typedDbBase);
        }
        if (entityType == EntityType.SERVICE) {
            return getServiceAuthScope((DbService) typedDbBase);
        }
        if (entityType == EntityType.ROLE) {
            return getServiceAuthScope(((DbRole) typedDbBase).getService());
        }
        if (entityType == EntityType.HOST) {
            return getClusterAuthScope(((DbHost) typedDbBase).getCluster());
        }
        if (typedDbBase instanceof DbProcess) {
            DbRole role = ((DbProcess) typedDbBase).getRole();
            if (role != null) {
                return getServiceAuthScope(role.getService());
            }
        } else if (typedDbBase instanceof DbClientConfig) {
            DbClientConfig dbClientConfig = (DbClientConfig) typedDbBase;
            if (dbClientConfig.getService() != null) {
                return getServiceAuthScope(dbClientConfig.getService());
            }
            if (dbClientConfig.getCluster() != null) {
                return getClusterAuthScope(dbClientConfig.getCluster());
            }
        } else if (typedDbBase instanceof JsonDbProcess) {
            JsonDbProcess jsonDbProcess = (JsonDbProcess) typedDbBase;
            if (jsonDbProcess.getService() != null) {
                return getServiceAuthScope(jsonDbProcess.getService());
            }
            if (jsonDbProcess.getHost() != null) {
                return getClusterAuthScope(jsonDbProcess.getHost().getCluster());
            }
        }
        return AuthScope.global();
    }

    private void logIt(AuthScope authScope, boolean z, Collection<String> collection) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("%s: %s | %s | %s: %s: %s", Thread.currentThread().getStackTrace()[1].getMethodName(), authScope.toString(), Joiner.on(',').join(collection), authScope, this.currentUserMgr.getAuthorities(authScope), Boolean.valueOf(z)));
        }
    }

    private void logIt(AuthScope authScope, boolean z, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("%s: %s | %s | %s: %s: %s", Thread.currentThread().getStackTrace()[1].getMethodName(), authScope.toString(), str, authScope, this.currentUserMgr.getAuthorities(authScope), Boolean.valueOf(z)));
        }
    }

    private boolean hasAllAuthsOnHosts(final Authentication authentication, final ApiHostNameList apiHostNameList, final HashSet<String> hashSet, final String str) {
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.43
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1683run(CmfEntityManager cmfEntityManager) {
                return Authorizer.this.hasOnAllHosts(authentication, hashSet, str, Sets.newHashSet(apiHostNameList.getHostNames()), cmfEntityManager.findHostsByHostNames(apiHostNameList.getHostNames()));
            }
        })).booleanValue();
    }

    private boolean hasAllAuthsOnHostIds(final Authentication authentication, final List<Long> list, final HashSet<String> hashSet, final String str) {
        return ((Boolean) this.de.execReadonlyTaskNE(new DatabaseTask<Boolean>() { // from class: com.cloudera.server.cmf.components.Authorizer.44
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Boolean m1684run(CmfEntityManager cmfEntityManager) {
                return Authorizer.this.hasOnAllHosts(authentication, hashSet, str, Sets.newHashSet(list), cmfEntityManager.findHosts(list));
            }
        })).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Boolean hasOnAllHosts(Authentication authentication, HashSet<String> hashSet, String str, Set<?> set, List<DbHost> list) {
        LOG.debug("Checking auths: {}", Joiner.on(FIQLParser.OR).join(hashSet));
        if (list.size() != set.size()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(String.format("SrcList and hosts visible mismatch: SrcList: %s", Joiner.on(FIQLParser.OR).join(set)));
                LOG.debug(String.format("Hosts in DB: %s", Joiner.on(FIQLParser.OR).join(list.stream().map(dbHost -> {
                    return String.format("id:%s, name:%s, cluster:%s", dbHost.getId(), dbHost.getName(), dbHost.getCluster());
                }).iterator())));
            }
            return false;
        }
        for (DbHost dbHost2 : list) {
            if (!isFullyAuthorized(authentication, hashSet, str, (AuthScope) HOST_TO_AUTHSCOPE.apply(dbHost2))) {
                LOG.debug("Not authorized on host: {}({}).", dbHost2.getName(), dbHost2.getId());
                return false;
            }
        }
        return true;
    }
}
