package org.apache.flink.fs.shaded.hadoop3.org.apache.hadoop.fs;

import java.io.IOException;
import java.util.Arrays;
import org.apache.flink.fs.coshadoop.shaded.com.qcloud.chdfs.permission.RangerAccessType;
import org.apache.flink.fs.shaded.hadoop3.org.apache.hadoop.conf.Configuration;
import org.apache.flink.fs.shaded.hadoop3.org.apache.hadoop.fs.auth.RangerCredentialsProvider;
import org.apache.flink.fs.shaded.hadoop3.org.apache.hadoop.fs.cosn.Constants;
import org.apache.flink.fs.shaded.hadoop3.org.apache.hadoop.fs.cosn.ranger.client.RangerQcloudObjectStorageClient;
import org.apache.flink.fs.shaded.hadoop3.org.apache.hadoop.fs.cosn.ranger.security.authorization.AccessType;
import org.apache.flink.fs.shaded.hadoop3.org.apache.hadoop.fs.cosn.ranger.security.authorization.PermissionRequest;
import org.apache.flink.fs.shaded.hadoop3.org.apache.hadoop.fs.cosn.ranger.security.authorization.PermissionResponse;
import org.apache.flink.fs.shaded.hadoop3.org.apache.hadoop.fs.cosn.ranger.security.authorization.ServiceType;
import org.apache.flink.fs.shaded.hadoop3.org.apache.hadoop.security.token.Token;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/flink/fs/shaded/hadoop3/org/apache/hadoop/fs/RangerCredentialsClient.class */
public class RangerCredentialsClient {
    private Configuration conf;
    private String bucket;
    private boolean enableRangerPluginPermissionCheck = false;
    private static final Logger log = LoggerFactory.getLogger(RangerCredentialsClient.class);
    public static RangerQcloudObjectStorageClient rangerQcloudObjectStorageStorageClient = null;

    public void doInitialize(Configuration configuration, String str) throws IOException {
        this.conf = configuration;
        this.bucket = str;
        initRangerClientImpl(configuration);
    }

    public RangerCredentialsClient withBucket(String str) {
        this.bucket = str;
        return this;
    }

    public void doCheckPermission(Path path, RangerAccessType rangerAccessType, String str, Path path2) throws IOException {
        AccessType accessType;
        if (this.enableRangerPluginPermissionCheck) {
            switch (rangerAccessType) {
                case LIST:
                    accessType = AccessType.LIST;
                    break;
                case WRITE:
                    accessType = AccessType.WRITE;
                    break;
                case READ:
                    accessType = AccessType.READ;
                    break;
                case DELETE:
                    accessType = AccessType.DELETE;
                    break;
                default:
                    throw new IOException(String.format("unknown access type %s", rangerAccessType.toString()));
            }
            String pathToKey = CosNFileSystem.pathToKey(makeAbsolute(path, path2));
            if (pathToKey.startsWith("/")) {
                pathToKey = pathToKey.substring(1);
            }
            boolean z = false;
            String str2 = str;
            PermissionResponse checkPermission = rangerQcloudObjectStorageStorageClient.checkPermission(new PermissionRequest(ServiceType.COS, accessType, CosNUtils.getBucketNameWithoutAppid(this.bucket, this.conf.get(CosNConfigKeys.COSN_APPID_KEY)), pathToKey, "", ""));
            if (checkPermission != null) {
                z = checkPermission.isAllowed();
                if (checkPermission.getRealUserName() != null && !checkPermission.getRealUserName().isEmpty()) {
                    str2 = checkPermission.getRealUserName();
                }
            }
            if (!z) {
                throw new IOException(String.format("Permission denied, [key: %s], [user: %s], [operation: %s]", pathToKey, str2, rangerAccessType.name()));
            }
        }
    }

    public void doCheckCustomAuth(Configuration configuration) throws IOException {
        if (this.enableRangerPluginPermissionCheck) {
            String str = configuration.get(CosNConfigKeys.COSN_REGION_KEY);
            if (str == null || str.isEmpty()) {
                str = configuration.get(CosNConfigKeys.COSN_REGION_PREV_KEY);
            }
            if (!rangerQcloudObjectStorageStorageClient.getSTS(str, this.bucket).isCheckAuthPass()) {
                throw new IOException(String.format("Permission denied, [operation: %s], please check user and password", Constants.CUSTOM_AUTHENTICATION));
            }
        }
    }

    public Token<?> doGetDelegationToken(String str) throws IOException {
        log.info("getDelegationToken, renewer: {}, stack: {}", str, Arrays.toString(Thread.currentThread().getStackTrace()).replace(',', '\n'));
        if (rangerQcloudObjectStorageStorageClient != null) {
            return rangerQcloudObjectStorageStorageClient.getDelegationToken(str);
        }
        return null;
    }

    public String doGetCanonicalServiceName() {
        if (rangerQcloudObjectStorageStorageClient != null) {
            return rangerQcloudObjectStorageStorageClient.getCanonicalServiceName();
        }
        return null;
    }

    private Path makeAbsolute(Path path, Path path2) {
        return path.isAbsolute() ? path : new Path(path2, path);
    }

    private void initRangerClientImpl(Configuration configuration) throws IOException {
        Class<?>[] loadCosProviderClasses = CosNUtils.loadCosProviderClasses(configuration, CosNConfigKeys.COSN_CREDENTIALS_PROVIDER, new Class[0]);
        if (loadCosProviderClasses.length == 0) {
            this.enableRangerPluginPermissionCheck = false;
            return;
        }
        int length = loadCosProviderClasses.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (loadCosProviderClasses[i].getName().contains(RangerCredentialsProvider.class.getName())) {
                this.enableRangerPluginPermissionCheck = true;
                break;
            }
            i++;
        }
        if (this.enableRangerPluginPermissionCheck) {
            Class<?> cls = configuration.getClass(CosNConfigKeys.COSN_RANGER_PLUGIN_CLIENT_IMPL, null);
            if (cls == null) {
                try {
                    cls = configuration.getClassByName(CosNConfigKeys.DEFAULT_COSN_RANGER_PLUGIN_CLIENT_IMPL);
                } catch (ClassNotFoundException e) {
                    throw new RuntimeException(e);
                }
            }
            if (rangerQcloudObjectStorageStorageClient == null) {
                synchronized (RangerCredentialsClient.class) {
                    if (rangerQcloudObjectStorageStorageClient == null) {
                        try {
                            RangerQcloudObjectStorageClient rangerQcloudObjectStorageClient = (RangerQcloudObjectStorageClient) cls.newInstance();
                            rangerQcloudObjectStorageClient.init(configuration);
                            rangerQcloudObjectStorageStorageClient = rangerQcloudObjectStorageClient;
                        } catch (Exception e2) {
                            log.error(String.format("init %s failed", CosNConfigKeys.COSN_RANGER_PLUGIN_CLIENT_IMPL), e2);
                            throw new IOException(String.format("init %s failed", CosNConfigKeys.COSN_RANGER_PLUGIN_CLIENT_IMPL), e2);
                        }
                    }
                }
            }
        }
    }
}
