package org.pentaho.di.repository.pur;

import java.io.Serializable;
import java.util.List;
import org.pentaho.di.core.exception.KettleException;
import org.pentaho.di.i18n.BaseMessages;
import org.pentaho.di.repository.IUser;
import org.pentaho.di.repository.RepositoryOperation;
import org.pentaho.di.ui.repository.pur.repositoryexplorer.controller.EESecurityController;
import org.pentaho.di.ui.repository.pur.services.IAbsSecurityProvider;
import org.pentaho.platform.security.policy.rolebased.ws.IAuthorizationPolicyWebService;

/* loaded from: input_file:org/pentaho/di/repository/pur/AbsSecurityProvider.class */
public class AbsSecurityProvider extends PurRepositorySecurityProvider implements IAbsSecurityProvider, Serializable {
    private static final long FIVE_MINUTES = 300000;
    private static final long serialVersionUID = -41954375242408881L;
    private IAuthorizationPolicyWebService authorizationPolicyWebService;
    private final ActiveCache<String, List<String>> allowedActionsActiveCache;
    private final ActiveCache<String, Boolean> isAllowedActiveCache;

    /* renamed from: org.pentaho.di.repository.pur.AbsSecurityProvider$3, reason: invalid class name */
    /* loaded from: input_file:org/pentaho/di/repository/pur/AbsSecurityProvider$3.class */
    static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$org$pentaho$di$repository$RepositoryOperation = new int[RepositoryOperation.values().length];

        static {
            try {
                $SwitchMap$org$pentaho$di$repository$RepositoryOperation[RepositoryOperation.EXECUTE_TRANSFORMATION.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$pentaho$di$repository$RepositoryOperation[RepositoryOperation.EXECUTE_JOB.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$pentaho$di$repository$RepositoryOperation[RepositoryOperation.MODIFY_TRANSFORMATION.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$pentaho$di$repository$RepositoryOperation[RepositoryOperation.MODIFY_JOB.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$pentaho$di$repository$RepositoryOperation[RepositoryOperation.SCHEDULE_TRANSFORMATION.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$pentaho$di$repository$RepositoryOperation[RepositoryOperation.SCHEDULE_JOB.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$pentaho$di$repository$RepositoryOperation[RepositoryOperation.MODIFY_DATABASE.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    public AbsSecurityProvider(PurRepository purRepository, PurRepositoryMeta purRepositoryMeta, IUser iUser, ServiceManager serviceManager) {
        super(purRepository, purRepositoryMeta, iUser, serviceManager);
        this.authorizationPolicyWebService = null;
        this.allowedActionsActiveCache = new ActiveCache<>(new ActiveCacheLoader<String, List<String>>() { // from class: org.pentaho.di.repository.pur.AbsSecurityProvider.1
            @Override // org.pentaho.di.repository.pur.ActiveCacheLoader
            public List<String> load(String str) throws Exception {
                return AbsSecurityProvider.this.authorizationPolicyWebService.getAllowedActions(str);
            }
        }, FIVE_MINUTES);
        this.isAllowedActiveCache = new ActiveCache<>(new ActiveCacheLoader<String, Boolean>() { // from class: org.pentaho.di.repository.pur.AbsSecurityProvider.2
            @Override // org.pentaho.di.repository.pur.ActiveCacheLoader
            public Boolean load(String str) throws Exception {
                return Boolean.valueOf(AbsSecurityProvider.this.authorizationPolicyWebService.isAllowed(str));
            }
        }, FIVE_MINUTES);
        try {
            this.authorizationPolicyWebService = (IAuthorizationPolicyWebService) serviceManager.createService(iUser.getLogin(), iUser.getPassword(), IAuthorizationPolicyWebService.class);
            if (this.authorizationPolicyWebService == null) {
                getLogger().error(BaseMessages.getString(AbsSecurityProvider.class, "AbsSecurityProvider.ERROR_0001_UNABLE_TO_INITIALIZE_AUTH_POLICY_WEBSVC", new String[0]));
            }
        } catch (Exception e) {
            getLogger().error(BaseMessages.getString(AbsSecurityProvider.class, "AbsSecurityProvider.ERROR_0001_UNABLE_TO_INITIALIZE_AUTH_POLICY_WEBSVC", new String[0]), e);
        }
    }

    @Override // org.pentaho.di.ui.repository.pur.services.IAbsSecurityProvider
    public List<String> getAllowedActions(String str) throws KettleException {
        try {
            return this.allowedActionsActiveCache.get(str);
        } catch (Exception e) {
            throw new KettleException(BaseMessages.getString(AbsSecurityProvider.class, "AbsSecurityProvider.ERROR_0003_UNABLE_TO_ACCESS_GET_ALLOWED_ACTIONS", new String[0]), e);
        }
    }

    @Override // org.pentaho.di.ui.repository.pur.services.IAbsSecurityProvider
    public boolean isAllowed(String str) throws KettleException {
        try {
            return this.isAllowedActiveCache.get(str).booleanValue();
        } catch (Exception e) {
            throw new KettleException(BaseMessages.getString(AbsSecurityProvider.class, "AbsSecurityProvider.ERROR_0002_UNABLE_TO_ACCESS_IS_ALLOWED", new String[0]), e);
        }
    }

    public void validateAction(RepositoryOperation... repositoryOperationArr) throws KettleException {
        for (RepositoryOperation repositoryOperation : repositoryOperationArr) {
            switch (AnonymousClass3.$SwitchMap$org$pentaho$di$repository$RepositoryOperation[repositoryOperation.ordinal()]) {
                case EESecurityController.ROLE_DECK /* 1 */:
                case 2:
                    checkOperationAllowed("org.pentaho.repository.execute");
                    break;
                case 3:
                case 4:
                    checkOperationAllowed("org.pentaho.repository.create");
                    break;
                case 5:
                case 6:
                    checkOperationAllowed("org.pentaho.scheduler.manage");
                    break;
                case 7:
                    checkOperationAllowed("org.pentaho.platform.dataaccess.datasource.security.manage");
                    break;
            }
        }
    }

    private void checkOperationAllowed(String str) throws KettleException {
        if (!isAllowed(str)) {
            throw new KettleException(str + " : permission not allowed");
        }
    }
}
