package org.apache.hadoop.fs.s3a.auth;

import com.amazonaws.auth.policy.internal.JsonDocumentFields;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.google.common.base.Preconditions;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.atomic.AtomicLong;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.util.JsonSerialization;

@InterfaceAudience.LimitedPrivate({"Tests"})
@InterfaceStability.Unstable
/* loaded from: input_file:org/apache/hadoop/fs/s3a/auth/RoleModel.class */
public class RoleModel {
    public static final String VERSION = "2012-10-17";
    public static final String BUCKET_RESOURCE_F = "arn:aws:s3:::%s/%s";
    private static final AtomicLong SID_COUNTER = new AtomicLong(0);
    private final JsonSerialization<Policy> serialization = new JsonSerialization<>(Policy.class, false, true);

    /* loaded from: input_file:org/apache/hadoop/fs/s3a/auth/RoleModel$Effects.class */
    public enum Effects {
        Allow,
        Deny
    }

    /* loaded from: input_file:org/apache/hadoop/fs/s3a/auth/RoleModel$Policy.class */
    public static class Policy extends RoleElt {

        @JsonProperty("Version")
        public String version = RoleModel.VERSION;

        @JsonProperty(JsonDocumentFields.STATEMENT)
        public List<Statement> statement;

        public Policy(List<Statement> list) {
            this.statement = list;
        }

        public Policy(Statement... statementArr) {
            this.statement = Arrays.asList(statementArr);
        }

        @Override // org.apache.hadoop.fs.s3a.auth.RoleModel.RoleElt
        public void validate() {
            Preconditions.checkNotNull(this.statement, JsonDocumentFields.STATEMENT);
            Preconditions.checkState(RoleModel.VERSION.equals(this.version), String.format("Invalid Version: %s", this.version));
            this.statement.stream().forEach(statement -> {
                statement.validate();
            });
        }
    }

    /* loaded from: input_file:org/apache/hadoop/fs/s3a/auth/RoleModel$RoleElt.class */
    public static abstract class RoleElt {
        protected RoleElt() {
        }

        public void validate() {
        }
    }

    /* loaded from: input_file:org/apache/hadoop/fs/s3a/auth/RoleModel$Statement.class */
    public static class Statement extends RoleElt {

        @JsonProperty(JsonDocumentFields.STATEMENT_EFFECT)
        public Effects effect;

        @JsonProperty(JsonDocumentFields.STATEMENT_ID)
        public String sid = RoleModel.newSid();

        @JsonProperty(JsonDocumentFields.ACTION)
        public List<String> action = new ArrayList(1);

        @JsonProperty(JsonDocumentFields.RESOURCE)
        public List<String> resource = new ArrayList(1);

        public Statement(Effects effects) {
            this.effect = effects;
        }

        @Override // org.apache.hadoop.fs.s3a.auth.RoleModel.RoleElt
        public void validate() {
            Preconditions.checkNotNull(this.sid, JsonDocumentFields.STATEMENT_ID);
            Preconditions.checkNotNull(this.effect, JsonDocumentFields.STATEMENT_EFFECT);
            Preconditions.checkState(!this.action.isEmpty(), "Empty Action");
            Preconditions.checkState(!this.resource.isEmpty(), "Empty Resource");
        }

        public Statement setAllowed(boolean z) {
            this.effect = RoleModel.effect(z);
            return this;
        }

        public Statement addActions(String... strArr) {
            Collections.addAll(this.action, strArr);
            return this;
        }

        public Statement addResources(String... strArr) {
            Collections.addAll(this.resource, strArr);
            return this;
        }
    }

    public RoleModel() {
        this.serialization.getMapper().enable(SerializationFeature.WRITE_SINGLE_ELEM_ARRAYS_UNWRAPPED);
    }

    public String toJson(Policy policy) throws JsonProcessingException {
        return this.serialization.toJson(policy);
    }

    public static String newSid() {
        SID_COUNTER.incrementAndGet();
        return SID_COUNTER.toString();
    }

    public static Effects effect(boolean z) {
        return z ? Effects.Allow : Effects.Deny;
    }

    public static String resource(String str, String str2, boolean z) {
        Object[] objArr = new Object[2];
        objArr[0] = str;
        objArr[1] = str2 + (z ? "*" : "");
        return String.format(BUCKET_RESOURCE_F, objArr);
    }

    public static String resource(Path path, boolean z, boolean z2) {
        String pathToKey = pathToKey(path);
        if (z && !pathToKey.isEmpty()) {
            pathToKey = pathToKey + "/";
        }
        return resource(path.toUri().getHost(), pathToKey, z2);
    }

    public static String[] directory(Path path) {
        String host = path.toUri().getHost();
        String pathToKey = pathToKey(path);
        return !pathToKey.isEmpty() ? new String[]{resource(host, pathToKey + "/", true), resource(host, pathToKey, false), resource(host, pathToKey + "/", false)} : new String[]{resource(host, pathToKey, true)};
    }

    public static String pathToKey(Path path) {
        return (path.toUri().getScheme() == null || !path.toUri().getPath().isEmpty()) ? path.toUri().getPath().substring(1) : "";
    }

    public static Statement statement(boolean z, String str, String... strArr) {
        return new Statement(effect(z)).addActions(strArr).addResources(str);
    }

    public static Statement statement(boolean z, Path path, boolean z2, boolean z3, String... strArr) {
        return new Statement(effect(z)).addActions(strArr).addResources(resource(path, z2, z3));
    }

    public static Policy policy(Statement... statementArr) {
        return new Policy(statementArr);
    }

    public static Policy policy(List<Statement> list) {
        return new Policy(list);
    }
}
